Download presentation
Presentation is loading. Please wait.
1
James Cowling Senior Technical Architect
ADAM James Cowling Senior Technical Architect
2
Agenda What is ADAM? Relevance to IAM
Real-world Implementation Scenarios
3
What is ADAM? LDAP Directory Based on AD technology
Simple and clean to install and uninstall Without AD’s NOS and historical baggage Supports both DC=Microsoft, DC=COM O=Microsoft,C=US Integrates tightly with AD authentication Basically Free
4
Technical Matters of Interest
Installation Simple to install Wizard or Unattended Multiple installs per server XP install limited to objects Password Policies Complexity rules similar to AD Backup and Restore EDB and LOG files
5
Replication Replication between ADAM instances on different computers
using AD technology Flexible replication models possible
6
Administration Technical Administration via command-line tools DSMGMT
Manage partitions, FSMO roles, policies, ports REPLADMIN Troubleshoot Replication DSDBUTIL Manage and troubleshoot the database DSACLS Manage Access Control Lists
7
Identity Administration
ADSIEdit and LDP supplied with ADAM Many other tools exist Web-based Explorer-integrated Build or Buy Delegated Administration Permissions Through ADAM ACLs in user context Through 3rd Party tools in service account context
8
ADAM and IAM Centralized Identity Storage Flexible Authentication
Centralized Identity Management Centralized Role Management
9
Identity Storage Users Groups Roles
10
Authentication Primary Authentication Methods is LDAP simple bind
Forwards Windows Integrated Authentication for unknown users, and Proxies LDAP Binds for Known Users to AD and NT4 in same or trusted domains
11
Solutions Single Sign On HR-Driven Provisioning
Centralized Web-based User Management
12
Single Sign-On Publishing Company 5000 Users Identities in AD and NT
Require SSO for a WebSphere application
13
Solution Central ADAM User Directory
Synchronize with AD and NT using MIIS ADAM Proxies Authentication requests Which are routed to AD and NT appropriately
14
HR-Driven Provisioning
Large Retailer 65,000 users across multiple companies Growth partly through acquisition SAP systems HR Location / Facility Management Portal Workflow 34 AD Domains
15
Goals Improve Internal Communication Improve Efficiency
White Pages solution Improve data quality Improve Efficiency Reduce human intervention during provisioning / deprovisioning Maintain control Approval workflows for account creation, assignment of portal roles Increase Security Identify and remove dormant accounts Increase confidence in security group memberships
16
Solution
17
Centralized User Admin
Reinsurance company 5000 Users Offices around the world “Managed” Offices Members of global domain User management provided centrally “Unmanaged” Offices Stand-alone domains Local user management
18
Goals Provide global access to global applications
True Single Sign On Minimize support costs Centralize Administration Reduced Sign On – Password Sync Improve Security Time-based deprovisioning
19
Solution Centralized Web-based User Management
ASP.NET application Identities in ADAM Users, Contacts, Companies, incl. Inheritance MIIS-based provisioning to other systems Active Directory Oracle-based LOB systems HP/UX-based LOB systems Password Synchronization AD password is authoritative Sync to ADAM & HP/UX
20
Implementation
21
Questions?
22
James Cowling Senior Technical Architect
ADAM James Cowling Senior Technical Architect
Similar presentations
