Identity Management in the Environment of Mendel University in Brno Milan Šorm.

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.
© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.
File Server Organization and Best Practices IT Partners June, 02, 2010.
Active Directory: Final Solution to Enterprise System Integration
Presented by: Mark Hendricks
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Make your messaging reliable use it Messaging. A single and global solution Send, receive and process any type of message through the appropriate channel.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
TWSd Configuring Tivoli Workload Scheduler Security 1of3
Understanding Active Directory
Introduction IT Department at CEU Contribution to carry out CEU’s mission with appropriate: -Information technology tools and services -Hardware and software.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Working with Workgroups and Domains
Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
 Academic   Administrative ◦ Departments  Desktop Services  Networking & Telecommunications  Computer Center ◦ Office of Computer and Information.
BUCS / Department of Pharmacy & Pharmacology Pharmacy & Pharmacology Computing Services Pascal Loizeau Computing Services Supporter Dept. of Pharmacy &
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Kevin Dunford – Windows Support & Development What do I do.. Support, configuration, and development of - Windows servers, desktops, Laptops, printers,
Mehdi Ghayoumi Kent State University Computer Science Department Summer 2015 Exposition on Cyber Infrastructure and Big Data.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
RAL PPD Computing A tier 2, a tier 3 and a load of other stuff Rob Harper, June 2011.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Module 1: Introduction to Administering Accounts and Resources.
1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.
THE IDEAS ACTUALLY WORK! UI COLLEGE OF LAW Tim Evans| Sr. Director – Enterprise Services
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
CAIU Technology Essentials All Staff Day, 2016 Instructor: Stefan Moyer.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Managing Office 365 Identities and Requirements.
Central Network Management in the University Environment alias Ballad on One University Network Administration Milan Šorm, Petr Dadák, Hana Netrefová.
Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Secure Connected Infrastructure
Managed Desktops :SSD IT Services Ammar Khan, Desktop solutions team
Microsoft - Managing Office 365 Identities and Requirements
Module 1: Introduction to Administering Accounts and Resources
Control system network security issues and recommendations
Unit 27: Network Operating Systems
Getting Started.
Getting Started.
Miami-Dade County Public Schools
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
James Cowling Senior Technical Architect
(Authentication / Authorization)
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
PLANNING A SECURE BASELINE INSTALLATION
IT Management, Simplified
Microsoft Virtual Academy
Presentation transcript:

Identity Management in the Environment of Mendel University in Brno Milan Šorm

26. března 2007SDI 2007, ZČU v Plzni2 Contents University in numbers Historical identity management Ideal solution University information system Current implemented situation Known problems Results Future ideas

26. března 2007SDI 2007, ZČU v Plzni3 University in numbers Medium-sized university students employees other users in campus 4 faculties, 80 departments prepared network connections PCs 50 user servers

26. března 2007SDI 2007, ZČU v Plzni4 Historical identity management No centralized identity management No policy for building servers interconnecting department networks accessing network environment creating accounts connection information services to netword More than 20 admins Totally decentralized

26. března 2007SDI 2007, ZČU v Plzni5 Ideal solution One account credentials for one user Setup policy for connecting all PCs, servers and services to netword environment One place to define AAA for all services Minimize number of network admins Centralized storage for data and profiles Single sign on Maximum HA

26. března 2007SDI 2007, ZČU v Plzni6 University information system In last 7 year we reconstruct all small IT services and production ISs to one central complex information system with integrated data warehouse This information system can be source of all information about our users and their credentials, rights, roles etc. Unique source of informations

26. března 2007SDI 2007, ZČU v Plzni7 University information system Public information portal

26. března 2007SDI 2007, ZČU v Plzni8 University information General object qualify principle We can describe any group of objects (users, computers, departments, segments, roles, rights etc.) and identify them by IDs We can put these groups to relations and prepare source of all AAA informations All of these informations are dynamic Example: students and schedules

26. března 2007SDI 2007, ZČU v Plzni9 Current implemented situation Many meetings with server and service administrators and IT departments lead to setup one policy in creating account (UIS based, algorithmized) setting groups, rights, quotas through Technology subsystem in UIS by power users (owners, specialists) accessing network and creating new services is maintained through central IT department

26. března 2007SDI 2007, ZČU v Plzni10 Current implemented situation University IS Data warehouse Primary LDAP server LDAP replicas Services

26. března 2007SDI 2007, ZČU v Plzni11 Current implemented situation UIS prepare all data for identity management in central data warehouse (Oracle 10g) Application logic stored in DW (PL/SQL) create and update primary LDAP server (OpenLDAP) with all credentials LDAP push data to LDAP replicas All IT services are connected to one or more LDAP replicas for AAA services

26. března 2007SDI 2007, ZČU v Plzni12 Current implemented situation All faculty and university services are connected to this AAA infrastructure For accessing network you need: registered computer through computer authorization in UIS Technology subsystem account in AAA infrastructure for accessing network (eduroam connector, dormitories net connector, public network access during conferences etc.)

26. března 2007SDI 2007, ZČU v Plzni13 Current implemented situation Consolidation of IT services centralized distributing system centralized file server services systém standardization of classrooms installations UIS know for each user his personalized policy: where user read s desktop information fileserver connections …

26. března 2007SDI 2007, ZČU v Plzni14 Current implemented situation Classroom computers access central server farm for roaming Windows or Linux profile These profile has defined scripts for attaching other resources is passed through distribution server which run antispam and antivir and distribute s to user favourite server Samba or AD solution Linux PAM solution

26. března 2007SDI 2007, ZČU v Plzni15 Current implemented situation Information about allowed classrooms is stored in LDAP and Samba/Linux classroom servers or stations use them for managing login process All other information (home directory, roaming profile, other resources) is accessed through dynamically created profile and scripts called from this profile

26. března 2007SDI 2007, ZČU v Plzni16 Current implemented situation Many other IT services access central LDAP UIS web interface Catering service (Anete Kredit) Network accessing service (eduroam, Faro) VPN concentrator HelpDesk software Impromat copy centre Old e-learning services Services on faculties

26. března 2007SDI 2007, ZČU v Plzni17 Known problems Changing passwords (only through UIS) Two profiles (Linux, Windows) Absence of SAP connector Not all things are online (e.g. groups, destroying of accounts…) No implementation of single sign on Less security due to only one account credentials

26. března 2007SDI 2007, ZČU v Plzni18 Results One login, one password, one account system, no account administrator Only 2 central administrator on university Very popular for basic user Very popular for technology owners Many statistics information Only start point on long journey for mobile work at university

26. března 2007SDI 2007, ZČU v Plzni19 Other results Implemented also for our customers: Slovak Technical University ( users) Technical University in Zvolen (6 000 users) Škoda Auto University (1 000 users, in progress) Current situation: changed to central information systém activated primary LDAP generation first replicas installed some services connected

26. března 2007SDI 2007, ZČU v Plzni20 Future ideas Single sign on Mobile profile through VPN Adding printing profiles to LDAP User friendliness interface for administrators Using of virtual desktop infrastructure Using of some other identity tokens (cards, USB flash drives, tokens) Building PKI over this solution

26. března 2007SDI 2007, ZČU v Plzni21 Thank for your attention. Any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.