Combining Corporate Trees with Identity Manager 2 Jamie Price Senior Network Consultant Bedrock Managed Services and Consulting Jeff Oler Senior Network Consultant Bedrock Managed Services and Consulting Frank Green Vice President – Network Administration Bank Mutual

© March 9, 2004 Novell Inc. 2 Agenda Bank Mutual Overview Solution Design Approach Solution Design Overview Solution Process Value, Considerations, and Pitfalls Project Benefit Summary Future Paths

Bank Mutual Overview

© March 9, 2004 Novell Inc. 4 Bank Mutual (pre-acquisition) Company Facts: Corporate Office 51 Branches 550 Users 52 Partitions Easy Lender Host – Critical App Nautilus – Critical App

© March 9, 2004 Novell Inc. 5 First Northern Savings Bank (pre-acquisition) Company Facts: Operations Center 19 Branches 250 Users 22 Partitions VIP Host at branches – Providing Internet access for Bank Mutual Hosting MLS - Critical App Hosting GroupWise for FNSB and BM users

© March 9, 2004 Novell Inc. 6 Bank Mutual - Today Company Facts: 72 branches 820 users Providing financial services for 120,000 households Marketing blurbs

7 Lay Of The Land - The Trees GREEN BAY MILWAUKEE FNSB SER CORP Server User Group BR001 Server User Group BR033 Server User Group NWR BR041 Server User Group BR064 Server User Group BR72 Server User Group BR71 Server User Group BR89 Server User Group OPER Server User Group Domain PO1 Mutual MSB01

© March 9, 2004 Novell Inc. 8 History Had spent time configuring trees to meet a common structure. Had duplicated Bank Mutual users in FNSB tree to accommodate GroupWise need. Was at pre-merge capability but: – Expertise in tree merging was low – WAN links increased risk to success

Solution Design Approach

© March 9, 2004 Novell Inc. 10 The Project Approach Back to the drawing board Eliminate all preconceived plans/ideas Generate a list of goals and desires Divide the list into 3 categories – Critical – the solution must support these – Important – the solution can support these – Desired – the solution may support these Focus the project on “critical” success factors Incorporate as many “important” and “desired” factors as possible

© March 9, 2004 Novell Inc. 11 The Goals Critical Success Factors Design and implement a unified directory structure that will support the following critical items: Consolidation/Integration of directory systems – Administer Active Directory accounts via NDS – Need to seamlessly map drives between Windows shares and Novell volumes – Desire common shared directories

© March 9, 2004 Novell Inc. 12 Plan… Critical Success Factors Design and implement a unified directory structure that will support the following critical items: – Future installation of ZenWorks/administering Zenworks ® under one tree – Flexibility for rapid branch addition and removal – Limiting of security breaches

© March 9, 2004 Novell Inc. 13 Plan… Critical Success Factors Design and implement a unified directory structure that will support the following critical items: Minimized downtime during merge – Avoid altering branch hours as much as possible, if at all. – Easy Lender (Bank Mutual tree) is a critical 24 hour online application. – While scheduled downtime is acceptable for the VIP application, unscheduled downtime CANNOT occur.

© March 9, 2004 Novell Inc. 14 Plan… Important Success Factors Design and implement a unified directory structure that can support the following important items: Reduction in helpdesk overhead Reduction in user administration overhead Selective password consolidation

Solution Design Overview

© March 9, 2004 Novell Inc. 16 Traditional Tree Merge Concerns Traditional Tree Merge: Too many branches. Need to drop to 1 partition/replica per tree. Replacement of replicas would be a lengthy process. Slow WAN links between bank branches – 56k in most cases. Heavily burdened WAN link between corporate offices. Risky process. Difficult recovery situation. Both trees at risk.

© March 9, 2004 Novell Inc. 17 The Solution High Level Overview: Implementation of eDirectory TM synchronization One way synchronization of OU’s, groups, and user accounts Migration of one branch/server at a time into the parallel OU in the new tree GroupWise/OPER OU move to new tree Elimination of old tree

18 High Level Overview: Implementation of eDirectory Synchronization MILWAUKEE SER CORP NWR BR041 NER MSB01 GREEN BAY FNSB BR72 BR71BR89 OPERMutual

19 High Level Overview: Implementation of eDirectory Synchronization MILWAUKEE SER CORP NWR BR041 NER MSB01 GREEN BAY FNSB BR72 BR71 BR89 OPER Mutual Masters

20 High Level Overview: Implementation of eDirectory Synchronization MILWAUKEE SERCORP NWRBR041 NER MSB01 GREEN BAY FNSB BR72BR71BR89OPERMutual Masters DirXML

21 High Level Overview: One way synch of OU’s, groups, and users MILWAUKEE SER CORPNWRBR041 NER MSB01 BR 71OPER GREEN BAY FNSB BR72 BR71 BR89OPERMutual Master s DirXML

22 High Level Overview: One way synch of OU’s, groups, and users MILWAUKEE SERCORP NWR BR041NER MSB01 BR071OPER GREEN BAY FNSB BR72 BR71 BR89 OPER Mutual Masters DirXML

23 High Level Overview: Migration of branches/servers to parallel OU’s in the new tree MILWAUKEE SER CORP NWR BR041 NER MSB01 BR071 OPER GREEN BAY FNSB BR72 BR71 BR89 OPER Mutual Masters DirXML

24 High Level Overview: Migration of branches/servers to parallel OU’s in the new tree MILWAUKEE SERCORPNWRBR041NER MSB01 BR071 OPER Master Replica GREEN BAY FNSB BR72BR71BR89OPERMutual Masters DirXM L

25 High Level Overview: Migration of branches/servers to parallel OU’s in the new tree MILWAUKEE SERCORPNWRBR041NER MSB01 BR071 OPER GREEN BAY FNSB BR72 BR71 BR89 OPER Mutual Masters DirXML

26 High Level Overview: GroupWise/OPER OU move to new tree MILWAUKEE SERCORPNWRBR041NER MSB01 BR071OPER GREEN BAY FNSB BR72BR71BR89OPERMutual Masters DirXML

27 High Level Overview: Elimination of old tree MILWAUKEE SERCORPNWRBR041NER MSB01 BR071OPER GREEN BAY FNSB BR72BR71BR89OPERMutual Masters DirXML

28 End Result…..From This…… GREEN BAY MILWAUKEE FNSB SERCORP Server User Group BR001 Server User Group BR033 Server User Group BR041 Server User Group BR064 Server User Group BR72 Server User Group BR71 Server User Group BR89 Server User Group OPER Server User Group Domain PO1 Mutual MSB01 NWR

29 GREEN BAY MILWAUKEE End Result…..To This…… SERCORPNWRBR041 MSB01 BR064 BR001 NER BR71 BR72BR89OPER BR033

Solution Process

© March 9, 2004 Novell Inc. 31 The Process Phase I - Pilot Create Environment Pilot Solution Build Synchronization Install/Execution Branch Move Pilot Phase II - Materials Acquisition Spec hardware/software needs Generate Quotes Order

© March 9, 2004 Novell Inc. 32 The Process Phase III - Production Environment Prep Health Checks Issue Resolution Phase IV - Pre-Migration Build Simulated Branch Server Build Master Replica Server Build DirXML Server - FNSB Build DirXML Server - MB Synchronization Partition Health Check

© March 9, 2004 Novell Inc. 33 The Process Phase V - Production Pilot Branch Move Pilot Phase VI - Implementation Branch Prep Branch Move Branch Prep Branch Move Operations/Groupwise Move

Value, Considerations, and Pitfalls

35 Now Welcome to the REAL WORLD

© March 9, 2004 Novell Inc. 36 Phase I Phase I – Pilot Ramped migration to NDPS – Queue based printing too much of an issue Identified need for reinstallation of backup and virus scan software Identified export/bulk load would not work – group membership issues Enabled granular script creation for branch migration Password management needs identified – unidirectional synch

© March 9, 2004 Novell Inc. 37 Phase III/IV Phase III - Production Environment Prep Health checks – WAN links Replication issues Timesync issues Phase IV - Pre-Migration DirXML Server – FNSB – slow build – required replicas Synchronization – Certificate server location Performance lag after creation of 2 MB-NER partitions

© March 9, 2004 Novell Inc. 38 Phase VI Phase VI – Implementation Branches – Branch moves averaging 2.5 hours – Multiple employee involvement – script benefits – Branch preps enabled distribution of Zen client – Dinner break at replica placement – Bandwidth, bandwidth, bandwidth

© March 9, 2004 Novell Inc. 39 Phase VI Phase VI – Implementation Operations – Making sure that CA was last to move – Q57 NIC driver issues Groupwise Move issues – Jeff list these out

Project Summary

© March 9, 2004 Novell Inc. 41 Project Summary Result Summary Employees able to use apps in both trees during entire migration Both banks able to retain individual identities No downtime for critical apps or and branch in MB tree Branch conversions spread over 1 month – average 2.5 hours per night. Final Operations Center conversion performed in one day GroupWise cutover, tested, and proven in less than 6 hours

Future Paths

© March 9, 2004 Novell Inc. 43 Future NSure Audit Points

© March 9, 2004 Novell Inc. 44 Future ZenWorks ® Points

© March 9, 2004 Novell Inc. 45 Future Identity Management Points

© March 9, 2004 Novell Inc. 47 General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.