Presentation is loading. Please wait.

Presentation is loading. Please wait.

IdM Projects: Business Case, Planning, and Resources A. Michael Berman VP for Instructional & Information Technology Cal Poly Pomona Bret Ingerman VP for.

Published byReynold Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "IdM Projects: Business Case, Planning, and Resources A. Michael Berman VP for Instructional & Information Technology Cal Poly Pomona Bret Ingerman VP for."— Presentation transcript:

1 IdM Projects: Business Case, Planning, and Resources A. Michael Berman VP for Instructional & Information Technology Cal Poly Pomona Bret Ingerman VP for Computing and Information Services Vassar College Copyright Bret Ingerman and A. Michael Berman 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

3 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

4 When to start Right away… …why else would you be here? Unique to institution Unique to IT staff –Technical skills –Interpersonal skills Unique to you

5 When to start “I’ll know it when I see it” –“You’ll know it when you need it” Knowing when to start… …depends a lot on what you want to do You may have already begun!

6 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

7 What are the drivers? Technology Drivers Positive Drivers Negative Drivers

8 Drivers for IdM Implementation Technology Drivers –Improved service –Reduced costs Positive business drivers –Enable new applications –Support better collaboration, sharing resources Negative business drivers –Improved security and protection of confidential information

9 Technology Drivers – Improved services Account provision – speed, accuracy Providing identity information to non-central “customers” Customer self-service WebISO –Risks of SSO w/o IdM Better integration for portals, ERP systems

10 Technology Drivers – reduced costs Server consolidation Reduce help-desk calls Simplify implementation of new applications Reduce/eliminate proxy servers Reduce number of shadow ID databases

11 Positive Business Drivers Enterprise course management Collaboration tools – calendaring, email lists based on roles, video conferencing Resource sharing, distribution Workflow PKI

12 Negative Business Drivers Use directory to consolidate, control access to sensitive information Tie to SSN access control Reduce risk –Auditing risk – e.g. password control –Compliance risk –Liability risk

13 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

14 Who to involve Seems obvious… …Involve those that need to be involved: –IT staff –Data custodians –Stakeholders –Executive level If appropriate

15 Who to involve Include those who are necessary Involve those who can help insure success –Technical skills –Ownership –Political skills / clout Inform those who can derail the project –Naysayers –People who want (need) to be (feel) included –Those key people who always need to be involved

16 Who to involve Include –Implementation committee Involve –Steering committee –Executive committee Inform –Existing committee structure –Private briefings

17 Who to involve Don’t over-involve –Too many cooks… –Management / technical efficiency Local culture / politics / practices are key –“The Enterprise Directory Implementation Roadmap”

18 The Enterprise Directory Implementation Roadmap Project methodology –Campus strategic project –Application requirement –Stealth Stealth –Probably where most small schools operate

19 Many implementations are done without campus buy-in and instead the business case is made and the project is done inside central IT. This approach requires the necessary data, systems, and network infrastructure groups to be cooperative and a degree of trust to be present between the technical staff and data custodians. The drawback to this method is the lack of concurrent policy development, which is important strategically when inter- institutional collaboration applications require similar trust levels.

20 Many implementations are done without campus buy-in and instead the business case is made and the project is done inside central IT. This approach requires the necessary data, systems, and network infrastructure groups to be cooperative and a degree of trust to be present between the technical staff and data custodians. The drawback to this method is the lack of concurrent policy development, which is important strategically when inter- institutional collaboration applications require similar trust levels.

21 Many implementations are done without campus buy-in and instead the business case is made and the project is done inside central IT. This approach requires the necessary data, systems, and network infrastructure groups to be cooperative and a degree of trust to be present between the technical staff and data custodians. The drawback to this method is the lack of concurrent policy development, which is important strategically when inter- institutional collaboration applications require similar trust levels.

22 Can you do a “stealth” directories project? May be possible for the first pass or as a prototype Current focus on protection of confidential information increases risk of stealth project Good strategy in some cases – embed within a larger project, e.g. ERP In some environments, only practical choice!

23 From: “The Enterprise Directory Implementation Roadmap” “Like ERP systems, middleware cuts across divisions and requires broad support and needs a champion and a shared vision, support from the executive levels.” Not necessarily…

24 Middleware vs. ERP Small schools may be (are) different –Perhaps so are (some) big schools? ERP systems –Affect lots of people –Change the way many people work –Highly visible Middleware –Affect significantly fewer people –Happens mostly behind the scenes –Done right, mostly transparent

25 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

26 Planning Assessing your readiness to develop an Identity Management Infrastructure Understanding the likely potholes in the road

27 Assess Strengths, Weaknesses, and Critical Success Factors Do key campus and IT leaders have a good understanding of purpose and role of Enterprise Directory? Do key technical staff members have good understanding of core middleware and directory technologies? Have you identified campus business drivers that are compelling & linked to strategic needs of the campus?

28 Assessing… Have you identified an executive sponsor or champion with enough clout? Do you know who are the stakeholders outside the IT organization? Do you know who the “data owners” are, and can you get their support? Do you have project management expertise available?

29 Assessing… Does your campus have appropriate policies for ownership and management of the information you will put in your directory? Can you make changes in policies if necessary? Have potential roadblocks – organizational, political, legal, procedural – been identified?

30 Assessing… Is the core campus IT infrastructure in a stable configuration that can support the directory? Is there continuity in IT and campus leadership sufficient to sustain the effort required by the project? Do you have communications expertise available to you?

31 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

32 Developing a Business Case Depending on the size, complexity, and cost of project and campus environment, may need to develop a more-or-less formal business case Purposes: –To focus your own thinking –To gain executive buy-in –To rally campus support

33 Potential elements of a directory project business case Most important – explain the need or drivers for the directory project, and how the project will address the need If possible, explicitly tie to the strategic objectives of the institution Typically includes a rough cut of project timeline and budget – address funding strategy Most important: executive summary

34 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

35 What to do What needs to be done? Entire project? Smaller pieces? –Together add up to an entire project What can people handle technologically? What can people handle emotionally? Local culture / politics / practices are key

36 What I have done Huge projects hard to rally behind –Seem daunting –Seem never-ending –Rewards too far in the future –“Didn’t we just do a major implementation??” Focused on smaller steps –On path leading to consolidation

37 What I have done Leveraged frustrations –“Has to be a better way” –“Have to make better use of this” –“If only we did, then we could do ” Encouraged creative approaches Some examples…

38 Lewis & Clark College - Portland, OR Catalyst: –“There has to be a better way” Projects: –Online directory –Course email lists Manually done –Yet data existed centrally Give people more control over their data Better utilize existing sources

39 Lewis & Clark College - Online Directory Easy to use and fault tolerant Simple to control/configure FERPA-compliant, secure Automatically updated Consolidate sources of information –Feed from authoritative sources User control over view – not data

40 Screen Shots Web Directory

41 Search Page

42 Results

43 Authentication

44 Set Privacy Preferences

45 Confirmation

46 Lewis & Clark College - Email Lists Staff tired of manually creating/updating lists Wanted something completely flexible –Initially for courses –Subsequently for most email lists Dealing with reality –T.A.s, labs, e-mail prefs., faculty ownership Fundamental architectural changes Consolidate data from authoritative sources Utilize same tables as directory prefs

47 Screen Shots Mailing Lists

48 Mailing List Administration

49 Additional Access

50 Scalability

51 Skidmore College - Saratoga Springs, NY Catalyst: –“If only we did, then we could do ” Project(s): –Consolidate sources of authentication –Implement new technology (ColdFusion) –Make better use of existing data –Overtly create a platform for future growth Create a Data Repository

52 Skidmore College - Saratoga Springs, NY Data spread across many systems –Not readily linked (except by us) –Not readily accessible (except by us) –Seldom used beyond initial application But the data: Could be much better used –By us and by campus Should be much better used –By us and by campus

53 Skidmore College - Data Repository What was the problem with the data? We had the course data –Currently:AIMS –Soon:Oracle We had the authentication –Currently:LDAP (Netscape) –Soon:LDAP (Oracle or Microsoft) We were changing other apps as well –Blackboard to WebCT –Phorum to Fusetalk

54 Skidmore College - Data Repository Mitigate effects of upcoming data source changes –New student system, Misc. AIMS systems LDAP server changes –New LDAP server, potential scheme changes Work around primary data source downtime –Application upgrades, cold backups Address growing security concerns –Web access and developer access

55 Skidmore College - Data Repository The Repository Consolidate authoritative data –Current student system –Oracle Human Resources –Housing system –Campus card system –Etc. (for present and future) Common development platform Common authentication for custom apps.

56 Skidmore College - Data Repository Availability and efficiency –Close to 24 X 7 uptime –Flat file indexed data for faster retrieval –Easier for developers Updated nightly from primary data sources Scalable

57 Skidmore College - Data Repository Common user authentication –One ColdFusion component –Provides common authentication and returns a common set of data regardless of the data source –Isolates developers from the underlying data structure and potential changes Better availability of administrative data Platform for future growth

58 Skidmore College - Data Repository Ability to support additional needs: –On-line campus directories –Health Services client information –Campus Safety ticketing system –On-line grades, course schedules –Portal (future) –E-Portfolio (future) –Face book (students now, staff future)

59 Skidmore College - Data Repository What did we learn? Large investment in existing data –Time, effort, and money Original databases are silos of information Most databases only use original apps Most “custom” apps are used to… –View same data (within one silo) –By same department / users

60 Skidmore College - Data Repository Repository cuts across the silos Once in repository, easy to use / access –By everyone Repository creates ready opportunities for new applications

61 Vassar College - Poughkeepsie, NY Catalyst: –“There must be a better way.” Project: –Web based “Control Panel” No centralized directory –No real use of LDAP No single authoritative source of person info –Consolidation will occur in time –But this is a great start

62 Vassar College - Poughkeepsie, NY Single web page to manage many user prefs –Email prefs, spam settings, password changes Password changes ripple across systems –Email (Unix), Windows domain, Blackboard Password resets now handled by form –Challenge / response –Checks for (relatively) strong passwords –Resets across all systems (email, domain, Bboard)

63 Vassar College - Poughkeepsie, NY Not an ideal design –Still feed back to many systems –No centralized, authoritative source of authentication But it is a step in the right direction –Lots of synchronization –Staff thinking about consolidation

64 Control Panel

65

66

67 Overview When to start What are the drivers Who to involve Assessing and planning The business case What to do Resources to do it

68 Resources Hardware Software Staff Consulting

69 Development Strategies Continuum “Roll your own”, open source based approach –Requires some breadth/depth of technical capability –Can adapt to complicated local environment “Commercial” approach –Typically a smaller, more-centralized, less complex environment – e.g. “everyone” is in one Microsoft or Novell domain –Off-the-shelf tools may work with little customization –Requires less range of technical capability

70 Hardware Primary components –Directory servers –Registry servers –Application servers – e.g. WebISO, Shibboleth Design as high-availability, scalable, enterprise service

71 Hardware Cost factors –Size of enterprise –Anticipated applications –Complexity of environment –Operating system

72 Software Server licenses Database management Directory Software –Microsoft, Sun, Novell, Open Source Meta-merge Self-Service

73 Staffing Communications, collaboration, documentation –On some campuses, endless meetings… Architect Systems management Database management Applications development

74 Consulting Consulting requirements sensitive both to overall strategy and local staff availability

75 Can you outsource your directory? Your campus has to own Identity Management, but may be able to outsource directory development and management NMI-EDIT- funded experiment in the CSU –Cal Poly SLO and CSU Stanislaus

76 There are never enough questions. There are no easy answers. There are no right (or wrong) answers. Small steps are OK.

77 Thank you!

78 Questions?

Download ppt "IdM Projects: Business Case, Planning, and Resources A. Michael Berman VP for Instructional & Information Technology Cal Poly Pomona Bret Ingerman VP for."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Knowledge Management at the Gordon – Staff Portal Project Presented by Deirdre Carmichael 12 September 2008.

Knowledge Management at the Gordon – Staff Portal Project Presented by Deirdre Carmichael 12 September 2008.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.

Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman 2004. This.

Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
TECH Project Company X Documentation Plan Champion/Define Phase

TECH Project Company X Documentation Plan Champion/Define Phase
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.

Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.
Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.

Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.
Enterprise Directory Services: Project Planning A. Michael Berman, VP, Instr. & Info Tech, Cal. Poly, Pomona Keith Hazelton, Sr. IT Architect University.

Enterprise Directory Services: Project Planning A. Michael Berman, VP, Instr. & Info Tech, Cal. Poly, Pomona Keith Hazelton, Sr. IT Architect University.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.

Similar presentations

Ads by Google