Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008."— Presentation transcript:

1 EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008

2 IT Services HEIDELBERG 2 Outline  EMBL Overview  Identity & Access Management for EMBL –IT Requirements & Strategy –Project Goal and Features –Defining the scope –Integrated User Management –Benefits

3 IT Services HEIDELBERG 3 EMBL  European Molecular Biology Laboratory  Supported by 20 Member States (+1 associated: )  1500 staff & researchers from 60 nations

4 IT Services HEIDELBERG 4 Heidelberg, DE: Main Lab, Basic molecular biology research Hinxton, UK: EBI, Bioinformatics databases, research & services Grenoble, F & Hamburg, DE: Structural Biology Monterotondo, I: Mouse Biology EMBL Sites

5 IT Services HEIDELBERG 5  Flagship Lab for Basic Research in Molecular Biology  Instrumentation & Technology Development  Services  Advanced Training  Technology transfer EMBL’s Mission

6 IT Services HEIDELBERG 6 Systems Biology: From Molecules to Organisms GenomeEmbryoCell Fruitfly Protein/DNA MouseHuman Development, Ageing, Disease

7 IT Services HEIDELBERG 7 Systems Biology  Understand Cell Function as a dynamic biological system –Away from one gene – one function concept –Towards quantitative understanding of living systems  Involves –Interdisciplinary Research across scientific domains  Collaboration infrastructures  Data sharing & data integration –Quantitative studies & Integration of information –Technologically complex experimentation –Computational approaches  modeling and simulation  Highly compute and storage intensive (Grid technology)

8 IT Services HEIDELBERG 8 Instrumentation & Technology Development  NG Sequencing, microarrays, databases, screens…  Light Microscopy (4D confocal microscopy, cell assays screening, …)  Electron & Synchrotron tomography  High throughput proteomics and structure analysis  Modelling of biological processes  small animal imaging  Large amounts of heterogeneous data (PetaByte+ range)  Significant needs for Network, Compute & Storage Resources  Scalability of IT

9 IT Services HEIDELBERG 9 EMBL Services  More than 2000 Facility Users per year use the radiation sources for structural biology  More than 200,000 scientists per year from all life sciences branches use the EMBL bioinformatic data resources  More than 1000 visitors per year benefit from state-of-the-art equipment learn new techniques carry out collaborative projects

10 IT Services HEIDELBERG 10 EBI Services  Reference site for biological data –150 different databases –120+ different tools. –9 different data submission systems. –8 major query interfaces.  User base –Rapidly growing –> 100.000 different Users / Month –Scientific community –Pharma & Biotech Industry  Trends –Rapid growth of data –Faster than Moore’s law => Service oriented architecture  Web Service based access  Database Federation  Grid approach EBI web requests / day (millions) [ Source: Peter Stoehr, EBI ] Gbases EMBL-Bank Growth in Gbases 1982-2005

11 IT Services HEIDELBERG 11 Outline  EMBL Overview  Identity & Access Management for EMBL –IT Requirements & Strategy –Project Goal and Features –Defining the scope –Integrated User Management –Benefits

12 IT Services HEIDELBERG 12 IT Requirements & Strategy  IT Requirements –Collaboration IT Environment to support Interdisciplinary research –Scalability, Efficiency & Reliability of IT infrastructure and processes  Strategy –Institution-wide Collaboration Platform –Identity & Access management solution –Consolidation –IT Standards

13 IT Services HEIDELBERG 13 Project: Identity & Access Management for EMBL  Project goal –Provide an EMBL-wide user database – EMBL Network Passport  Key features –Based on an LDAP –Identity management and provisioning infrastructure –Unified Login and Single-Sign-On where reasonable –Automated fine-grained provisioning of resources to different user populations –Balanced implementation effort and cost –Future flexibility

14 IT Services HEIDELBERG 14 Defining the scope  Resources  User & Client populations  Access roles  IT Security domains

15 IT Services HEIDELBERG 15 IT Resource Landscape  HPC Clusters –Several 1000 CPU cores –mainly in Heidelberg and at the EBI –NIS  Storage Systems –> 700 TByte primary storage –on NetApp and BlueArc NAS –3 PB secondary storage –NIS, AD  Network –WLAN (Radius) –VPN (Radius) –Multiple VLANs –Inter-campus VPN  Applications –Small to enterprise level application server based –Web apps and native clients –Scientific and commercial line of business systems –LDAP, individual access silos  Database systems –Oracle –MySQL  Desktop and Server Systems –Operating systems (Windows, MacOS X and Linux)

16 IT Services HEIDELBERG 16 User / Client populations  Named users –Staff:  ~1500 across 5 different EMBL sites  9yr contracts max. –Visitors: >1000 / Year –Facility users: >2000 / Year –Contractors & Consultants –e-Collaborators: >500 –Alumni: >4000 –Industry: collaborations & programme  Public access: –Scientific tool and content DB user populations (200.000+) – High fluctuation – Even between populations

17 IT Services HEIDELBERG 17 Access Roles (selection)  VPN Access  Unix / NIS Account  Windows / Active Directory Account  Email Account  Access to Intranet  Access to shared workspaces  Access to resource booking system (Microscopes, Rooms, etc.)  SAP: can use online shopping module (SRM)  SAP Modules X, Y, Z: can manage data  Access to scientific application X,Y,Z  Oracle DB user / access roles

18 IT Services HEIDELBERG 18 IT Security domains  EMBL’s organization is distributed across 5 sites  Individual IT Services organizations –Responsible for local IT management (Site in Rome, managed from Heidelberg) –Local IT security –Inter-site security as a joint effort  Split user domains  Blocks efficient collaboration

19 IT Services HEIDELBERG 19 HRIT User Management  Until 2007 Oracle DBs EMBL Groups (Web), Visitors, PhD, EIPOD, Alumni, Consultants monthly export EMBL Web Pages & Web Applications Other IT resources IT resources Applications & Operating Systems HR System Payroll & Staff replace Unix, Windows, Mail, VPN etc. HR Data not linked

20 IT Services HEIDELBERG 20 User Management  Short comings  Many different identities in different systems  Huge efforts –to manage individual identities and access profiles –To achieve a reasonable level of consistency  No fine-grained assignment of access patterns  By default only access to IT infrastructure of users EMBL home site  Many existing (self developed) systems cannot be integrated with others

21 IT Services HEIDELBERG 21 Integrated User & Access Management  2008+ LDAP / Oracle IM EMBL User Directory & Identity Management Unix, Windows, Mail, VPN Web CMS, SAP, Oracle, etc. Master Data (one central resource) Payroll, Staff EMBL Groups (Web), EIPOD, PhD, Visitors, Alumni, Consultants Access Management SAP HR / OM sync IT resources Applications & Operating Systems Template based Provisioning User & Identity Management sync HRIT

22 IT Services HEIDELBERG 22 Integrated User Management  Benefits  One central user directory (LDAP) –for all people associated with EMBL –from all sites –not only staff  Automation of access rights management and provisioning to IT resources  Real time information displayed on the EMBL web  LDAP is a standard component –Easy Integration in future projects –Can also be used by any application developer within EMBL –Integration projects costs significantly lower

23 IT Services HEIDELBERG 23 Integrated User Management  Collaboration Benefits  EMBL-wide unified login (username & password) e.g. NIS, Windows, SAP, Storage systems,…  Ability to login while visiting another EMBL site  Access to remote (expensive) analysis tools e.g. via Terminal Server  Secure sharing of data with EMBL colleagues from remote sites  Resource booking and checking peoples availability across the organization

24 IT Services HEIDELBERG 24 Integrated User Management  Technical Benefits  Provisioning templates allow fine-grained access management –i.e. a user population could get access to many resources –Others only could be assigned email-only access  Why a commercial solution –Vendors like Oracle provide out-of-the-box connectors to other access infrastructures, e.g.  Active Directory  LDAP (various vendors)  UNIX, NIS  SAP (various modules) –Allows faster and cost effective integration of other infrastructures –Federations:  Supports Liberty alliance standard  Federations across organizations also to industry partners

25 IT Services HEIDELBERG 25 Summary  Systems biology at EMBL requires a collaborative, scalable and secure IT environment to enable research and to protect IP  The introduced an identity management and provisioning infrastructure is one of the key components to support this requirement  It allows automated fine-tuning of individual access scenarios  Allows fast and cost effective integration of other infrastructures

Download ppt "EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008."

Similar presentations

Distributed Data Processing

Distributed Data Processing
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
A university wide electronic research ethics review system?

A university wide electronic research ethics review system?
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
GETS Transformation Kick Off Active Directory eMail and Blackberry Migration Firewall and Network Changes 04/21/2010 1.

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/
The European Molecular Biology Laboratory (EMBL) is supported by sixteen countries. Consists of the main Laboratory in Heidelberg (Germany), Outstations.

The European Molecular Biology Laboratory (EMBL) is supported by sixteen countries. Consists of the main Laboratory in Heidelberg (Germany), Outstations.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
CNIL Report April 4 th, 2005. CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.
Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.

Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.
Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Chapter 1: Hierarchical Network Design

Chapter 1: Hierarchical Network Design

Similar presentations

Ads by Google