Presentation is loading. Please wait.

Presentation is loading. Please wait.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Published byBlaze Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011."— Presentation transcript:

1 L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011

2 AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition Currently have several different web application that all have a different ID and Password No web applications have strong authentication Need to utilize current AD credentials Need to use RSA token server for external access (currently used for VPN) Need to federate authentication between Web application and cloud solutions like SF.com (SAML protocol) Has to function with our gateway infrastructure ◦ Solution Analysis ◦ Deployment Planning 2

3 AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 3 week design phase starting 3/21 1 week for review internal to L’oreal 4 Weeks on AxM (Access Manager) 3 Weeks on FIM (Federated Identify Manager) 3

4 Problem Definition Understanding the Business Problem ◦ This session is for the RSA consultant(s) to understand the problem to be rectified or the requirement to be satisfied. Areas of discussion are: Business Issues L’Oreal USA’s Strategic Goals Strategic Application Infrastructure Review Tactical Timeframes Organizational Considerations IT Organizational Structure, Roles, and Responsibilities Resources: ◦ RSA Consultants ◦ Project Sponsor / Lead ◦ Others as appropriate 4

5 Problem Definition (Continued) Business Issue ◦ What brought on the requirement? L’Oreal is trying to design applications to be Cloud Savvy Allow external access with the need for workstation to be part of the domain ◦ Identify business goals and objectives. Seamless authentication between different application hosted internal and external 5

6 Problem Definition (Continued) L’Oreal USA’s Strategic Goals ◦ Long term strategic and Security strategies? Continue to have one standard solution that is expandable without the need for additional point solution infrastructure Single security enforcement point outside of the application Secure links that could violate entry point security ◦ 6

7 Problem Definition (Continued) Strategic Application Infrastructure Review ◦ Number of applications ROE, AFS, SharePoint, OWA (growing) ◦ Number of users 1,000 and growing ◦ OS / Application Platforms Windows 2008 SF.com ◦ Web servers IIS ◦ Future planned platform support No change planned 7

8 Problem Definition (Continued) Implementation and Tactical Timeframes ◦ Expected timeframe to address immediate problem: During the next three weeks we will be developing a design that will go to the CIO and head of Infrastructure for approval to proceed Looking to tackle IIS web based application like ROE & SharePoint Looking to have internal staff learn the process to deploy on future servers ◦ Architecture will be designed and built as a required solution for all applications that require external access via the L’Oreal DMZ ◦ Internal user should not get prompted for token passcode 8

9 Problem Definition (Continued) Organizational Considerations ◦ project stakeholders (Names, titles, addresses, email and phone) ◦ Person responsible for solving the problem? ◦ Person(s) for implementing the solution? All infrastructure and application teams associated with applications mentioned ◦ Responsible Person(s) for maintaining the solution? Security team ◦ Technology areas that are affected by the implementing this solution? Security Application Network Operations 9

10 Problem Definition (Continued) IT Organizational Structure, Roles, and Responsibilities ◦ Technology Owners Security ◦ Data Owners Application team ◦ Application Owners (Applications integrating with) Different by application ◦ Enterprise & Network Architecture ◦ Enterprise Information Security 10

11 AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 11

12 Solution Analysis Understanding the Environment and Architecture ◦ This session is for the RSA to better understand the current environment and identify requirements for future Identity Management deployment. Topics of discussion: Technology Architecture Analysis Identity Management Technology Analysis Data Architecture Analysis Data Administration and Management Analysis Current Access Control Policies Application Architecture Analysis 12

13 Solution Analysis (Continued) Understanding the Environment and Architecture (Continued) ◦ Resources: RSA Consultants Project Lead Network Architect Enterprise Architect Data Owners Enterprise Information Security Application Owners Others As Needed 13

14 Solution Analysis (Continued) Technology Architecture Analysis ◦ Conceptual Architecture Number of domains, applications, sites – primary and backup. ◦ Network Architecture Firewalls, load balancers, NAT’ed, etc... ◦ Current IT Operational Policies Policies, including administration, as they relate to security. ◦ Current and Proposed Web Application Requirements Architecture and design, if available. 14

15 Solution Analysis (Continued) Identity Management Technology Analysis ◦ Authentication Mechanisms Current infrastructure in place to support authentication in all environments, ◦ Federated Identity Architecture Username mapping among participating environments Attribute exchange and mapping among participating environments ◦ Network Architecture Network changes needed for Identity Management support (firewall and port openings). ◦ Technology Architecture Web server and application server changes. 15

16 Solution Analysis (Continued) Data Architecture Analysis ◦ Enterprise Data Architecture Sources of directory information, logon information, shared application data repositories. ◦ Identity and Authentication Architecture How are user identities currently managed within each environment? How do users currently authenticate themselves within each environment? ◦ Data Migration What repositories will be used to populate Identity Management with user information? How will the data leveraged? For example, will there be bulk migration to Identity Management store, or will Identity Management be able to use existing data store). 16

17 Solution Analysis (Continued) Data Architecture Analysis (Continued) ◦ Data Maintenance What type of ongoing updates will be required (onetime or reoccurring)? ◦ 17

18 Solution Analysis (Continued) Data Administration and Management Analysis ◦ Identity and Authentication Mechanisms How are user accounts managed (creation/deletion/modification) How are users currently registered and enrolled into applications What authentication mechanisms are going to be used (Basic User ID & Password, SecurID, Certificate, Custom Auth – e.g. RACF)? If SecurID authentication, what will be the token distribution strategy ◦ Operational and Administrative Model 18

19 Solution Analysis (Continued) Current Access Control Policies ◦ How are access control privileges administered? ◦ What policies exist today for user and data management? Application Architecture Analysis ◦ Tactical Application(s) Application(s) initially deployed using Identity Management Number of users Data repositories Current authentication and authorization mechanisms by platform 19

20 Solution Analysis (Continued) Application Architecture Analysis (Continued) ◦ Delegated Administration What type of administrators and who is responsible for web servers, users, applications, etc.? Are administrator’s customer administrators, helpdesk, application owners, or operational owners? Will they have cross functional duties (e.g. setup web servers and manage users)? 20

21 Solution Analysis (Continued) Application Architecture Analysis (Continued) ◦ Authorization and Policy Administration How will application authorization be administered, URL, granular (method level), or in something in between? How will users be given entitlements; group role membership, smart rules, hybrid? Identify password policies. How will user entitlement be managed and by who? ◦ Security Analysis Auditing and logging needs. Level of data privacy of transactions between systems. Authentication requirements for varying levels of data. 21

22 AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 22

23 Deployment Planning To determine the feasibility of meeting the objectives stated above and adjust the schedule or prioritize application integration if necessary and appropriate. Specific tasks may include: Business Objectives ◦ High-level Initial Technology Architecture ◦ Data Migration and Integration Planning ◦ Application Migration and Integration Planning ◦ Rollout and Operational Management Issues/Planning 23

24 Deployment Planning (Continued) Resources: ◦ RSA Consultants ◦ Project Lead ◦ Others as appropriate 24

25 Deployment Planning (Continued) Business Objectives ◦ Review business objectives to ensure that proposed solution meet stated goals. High-level Initial Technology Architecture ◦ Identify critical milestones for deployment. ◦ Create a high level plan for implementing recommendations and the deployment of Identity Management. ◦ Physical environment considerations (i.e. hardware, consulting support). ◦ Making recommendations on Identity Management implementation and support plans for production level services. 25

26 Deployment Planning (Continued) Data Migration and Integration Planning ◦ Identity and Authentication data repository migration and/or integration plan. ◦ Authentication Strategy. ◦ Authorization, Policy, and Administrative data management approach. ◦ Enrollment of end users and setting up administrators and their roles. 26

27 Deployment Planning (Continued) Application Migration and Integration Plannin ◦ Recommendations for processes and procedures required for success of the deployment, including any future development work for automation of user attribute information gathering. ◦ Create a high level plan for target application integration. ◦ Custom application and/or Identity Management development that may be needed. 27

28 Deployment Planning (Continued) Rollout and Operational Management Issues/Planning ◦ Identifying potential rollout and deployment obstacles. ◦ Requirements for integration into external database(s) and other resources. ◦ Integration of products/services and integration with 3 rd party products (i.e., email, other I&A systems, core Identity Management protected applications). 28

Download ppt "L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Understanding Active Directory

Understanding Active Directory
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.

Similar presentations

Ads by Google