Group Management at Brown James Cramton Brown University April 24, 2007.

Slides:

Advertisements

Similar presentations

Omni eControl: Unified management console for multiple applications

Advertisements

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Useful directory information is not easily accessible End users can not update their own information Directory information becomes quickly out of date.

What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

Knowledge Management, Texas-style Session 508. Presented by: Belinda Perez Stephanie Moorer Knowledge Management, Texas-Style.

1 Collaborators at the Gates of Troy: Extending eServices at USC.

Office 365 Exchange Online Migration Adri Sanchez-Magdall & Mikal Herman UW Bothell IT.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

Enhancing Collaboration by Extending the Groups Directory Infrastructure James Cramton Brown University.

Brown University MACE Grouper at Brown University James Cramton March 12, 2008 Copyright © James Cramton 2008 This work is the intellectual property of.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Viral Client Services: IT Support in a Distributed Environment University of Waterloo Stephen MarkanStephen Markan, Lisa TomaltyLisa Tomalty.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Www. ScoutsOnline.co.uk On-Brand Websites for Scout Groups.

Understanding How to Improve IT Fluency in an Engineering Technology Department Alan Proffitt, PhD, PE The University of Memphis.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.

1 Early Adopters / Deployers Patterns and criteria for distinguishing roles and groups-based access control vs. privilege management. Why use one or the.

Communication & Web Presence David Eichmann, Heather Davis, Brian Finley & Jennifer Laskowski Background: Due to its inherently complex and interdisciplinary.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Penn Groups PennGroups Central Authorization System June 2009.

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Implementing MACE Grouper at Brown University James Cramton October 9, 2007 Internet2 Fall Member Meeting 2007 San Diego, CA.

Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.

UW Parkside Automated Distribution Lists Tutorial & Usage Guidelines C ampus T echnology S ervices.

Regional School District 10 Outlook Web Application (OWA)

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

Comprehensive e-Campuses: Academics and Commerce Trina Spaeth, e-Learning Specialist Nancy Lilleberg, Manager of Instructional Services.

Brown University Infrastructure Support for Teaching and Learning Applications at Brown University John Spadaro Sept. 24, 2008.

A Web-based System for Maintaining a Departmental Personnel List and Telephone Directory Patrick R. Michaud Department of Computing and Mathematical Sciences.

Policy Development at Georgetown: Directory Enabled Applications (and not) Charles F. Leonhardt CSG Winter Meeting Sanibel Harbour,

University of Michigan Directory Services Ellen Vaughan Mike La Haye

IPortal Bringing your company and your business partners together through customized WEB-based portal software. SanSueB Software Presents iPortal.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

Grouper at Duke Klara Jelinkova, Duke University Shilen Patel, Duke University Internet 2 Fall Meeting San Diego 2007.

Outlook 2013 & 2010 Lync Messanger. Outlook 2013 Ribbon Navigation Pane Message View Reading Pane Tabs Status Bar.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.

Institutional Data Flows at MIT Paul B. Hill CSG, May 1999.

Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

SharePoint Administrative Communications Planning: Dynamic User Notifications for Upgrades, Migrations, Testing, … PRESENTED BY ROBERT FREEMAN (

Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

GLOCO – Integrated Corporate Portal Final Presentation Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena Saltisky.

ATC Institutional Interface Conference Call February 5, 2008.

ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Apereo Grouper Seminar Part 3 – Hands on Grouper Chris Hyzer University of Pennsylvania and Internet2.

Moving Forward in Stages Tom Barton, University of Chicago.

Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.

Group Services CIO Council Update

Unifying Disparate Campus Systems

BIM 360 Glue Migration to BIM 360 Account Administration (HQ)

The Marshall University Experience with Implementing Project Server 2003 August 9, 2005 Presented by: Chuck Elliott, M.S. Associate Director, Customer.

Infrastructure Support for Teaching and Learning Applications at Brown University John Spadaro Sept. 24, 2008.

BCS Template Presentation February 22, 2018

Employee Task Management Software

MIT Case Study Notes Paul B. Hill

Presentation transcript:

Group Management at Brown James Cramton Brown University April 24, 2007

James Cramton2 Starting Point: Brown Grouper 1990s: Brown Grouper developed to manage groups Base groups provisioned nightly from SIS & HR systems Administrator includes or excludes members Dated web interface is difficult to search and understand Slimmed down web interface used by instructors to manage course groups 11,700 groups in Brown Grouper 18,000 users in SunOne LDAP registry No groups in SunOne registry—yet 1,000 AD & Novell groups manually provisioned Managed by very few IT personnel who know the data Background

James Cramton3 Current uses of groups at Brown Web authorization Licensed software access.htaccess file ACLs on various websites Bulk Morning Mail daily distribution Course lists Application Provisioning WebCT Group Usage

James Cramton4 Anticipated uses of groups at Brown Current uses, plus… Network Access Control Lists Wiki groups (Confluence) Improved iTunes U provisioning Centralized management of Exchange/AD groups Novell eDirectory groups (file/print services) Guest, alum IDs and ACLs Shibboleth Video on demand Campus calendars Personal groups Group Usage

James Cramton5 Brown’s group schema 11,700 groups 10,400 are course groups for 2,600 courses 1,300 are demographic groups Schema is 4 levels deep Half the course groups are 2 levels deep The rest are 3 levels deep Half the demographic groups are 3 levels deep The rest are 4 levels deep Number and complexity of groups expected to increase as capabilities and utilization grow Group Types

James Cramton6 Top level group schema at Brown SIS (5,200 base groups) Admin & membership groups for each of 2,600 courses Courses (5,200 effective groups) Admin & membership groups for each of 2,600 courses Electronic Address Book (750 base groups) Provisioned demographic groups Community (502 effective groups) Modifiable effective groups for demographic groups Most of administrative overhead is here Service (10 administrative groups) Admin users for Bulk Mail, WebAuth, Grouper, etc. Group Types

James Cramton7 Course groups at Brown 2 base groups provisioned per course SIS.XY123S01 SIS.Admin.XY123S01 2 effective groups maintained per course Course.XY123S01 Course.Admin.XY123S01 Expect to add subject and course number to schema Multiple groups per course Registrar’s official students, auditors, instructors Effective course list includes ‘vagabonds’ for , courseware Currently maintained in local applications, not registry—for now Longer retention will increase number of groups Current practice retains only current term Expect to retain course groups in future for ongoing access Group Types

James Cramton8 Community group stems at Brown Employee (270 groups) Payroll department Social department On campus or off campus Full time or part time Union or non-union Applicants (221 groups) Degree Major Students (84 groups) Undergraduate department UG Social year Graduate department Athletic teams Dorm (74 groups) Facility designation Social designations Affiliates (25 groups) Visiting Retired Guest Registrar (8 groups) Graduate Medical Undergraduate Official graduating year Gender 600 stems with fewer groups Group Types

James Cramton9 MACE Grouper migration Brown is evaluating MACE Grouper Currently loading 11,700 groups for performance testing 1 st rev on dev server ran out of memory after 11 hours/2,000 groups Primary problem: adding groups to stem with many groups (courses) Adding subject & number containers to schema, deploying to QA box Will publish final metrics to Major tasks include Provisioning changes to populate MACE Grouper from feeds Re-integration of 1,000 manually provisioned AD groups Provision groups into SunOne, AD, and Novell directories Provision groups into some applications MACE Grouper interface changes to suit Brown’s needs Disable application functionality that allows users to browse groups MACE Grouper

James Cramton10 Nested vs. flat group schema Delegation of management need nested groups Applications generally don’t support nested LDAP groups, although some try in different ways Lowest common denominator is flat LDAP schema Use MACE Grouper’s LDAP connector to map nested MG group schema to a flat LDAP schema Use MG display name for LDAP group names Community Groups : Staff : Full Time Staff Significant limitation in schema browsing in apps How to browse 12,000 groups? Don’t want users to browse anyway; need to disable in apps Schema Design

James Cramton11 Policy should lead practice Need to delegate management to data owners Delegation requires clear policy The need for policy easily recognized, but the challenge is finding an owner Analyst or director often defines de facto policy ‘Policies from practice’ are often sound, but poorly communicated across organization Adherence to informal policies is unlikely Policy Issues

James Cramton12 Concerns moving forward Functional differences between Brown Grouper & MACE Grouper Adjusting expectations Extending MACE Grouper Performance of MACE Grouper Deeply nested stem structure not previously tested Administration usage patterns unknown Merging manually provisioned AD groups into global groups Establishing and enforcing policy Naming conventions, stem structure Who has authority to request changes for whom Transition of ownership from IT staff to Helpdesk Learning new system Different administrator skill sets Loss of continuity Moving Forward

James Cramton13