Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Management at Brown James Cramton Brown University April 24, 2007.

Published byBeverly Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Group Management at Brown James Cramton Brown University April 24, 2007."— Presentation transcript:

1 Group Management at Brown James Cramton Brown University April 24, 2007

2 James Cramton2 Starting Point: Brown Grouper 1990s: Brown Grouper developed to manage groups Base groups provisioned nightly from SIS & HR systems Administrator includes or excludes members Dated web interface is difficult to search and understand Slimmed down web interface used by instructors to manage course groups 11,700 groups in Brown Grouper 18,000 users in SunOne LDAP registry No groups in SunOne registry—yet 1,000 AD & Novell groups manually provisioned Managed by very few IT personnel who know the data Background

3 James Cramton3 Current uses of groups at Brown Web authorization Licensed software access.htaccess file ACLs on various websites Bulk Email Morning Mail daily email distribution Course email lists Application Provisioning WebCT Group Usage

4 James Cramton4 Anticipated uses of groups at Brown Current uses, plus… Network Access Control Lists Wiki groups (Confluence) Improved iTunes U provisioning Centralized management of Exchange/AD groups Novell eDirectory groups (file/print services) Guest, alum IDs and ACLs Shibboleth Video on demand Campus calendars Personal groups Group Usage

5 James Cramton5 Brown’s group schema 11,700 groups 10,400 are course groups for 2,600 courses 1,300 are demographic groups Schema is 4 levels deep Half the course groups are 2 levels deep The rest are 3 levels deep Half the demographic groups are 3 levels deep The rest are 4 levels deep Number and complexity of groups expected to increase as capabilities and utilization grow Group Types

6 James Cramton6 Top level group schema at Brown SIS (5,200 base groups) Admin & membership groups for each of 2,600 courses Courses (5,200 effective groups) Admin & membership groups for each of 2,600 courses Electronic Address Book (750 base groups) Provisioned demographic groups Community (502 effective groups) Modifiable effective groups for demographic groups Most of administrative overhead is here Service (10 administrative groups) Admin users for Bulk Mail, WebAuth, Grouper, etc. Group Types

7 James Cramton7 Course groups at Brown 2 base groups provisioned per course SIS.XY123S01 SIS.Admin.XY123S01 2 effective groups maintained per course Course.XY123S01 Course.Admin.XY123S01 Expect to add subject and course number to schema Multiple groups per course Registrar’s official students, auditors, instructors Effective course list includes ‘vagabonds’ for email, courseware Currently maintained in local applications, not registry—for now Longer retention will increase number of groups Current practice retains only current term Expect to retain course groups in future for ongoing access Group Types

8 James Cramton8 Community group stems at Brown Employee (270 groups) Payroll department Social department On campus or off campus Full time or part time Union or non-union Applicants (221 groups) Degree Major Students (84 groups) Undergraduate department UG Social year Graduate department Athletic teams Dorm (74 groups) Facility designation Social designations Affiliates (25 groups) Visiting Retired Guest Registrar (8 groups) Graduate Medical Undergraduate Official graduating year Gender 600 stems with fewer groups Group Types

9 James Cramton9 MACE Grouper migration Brown is evaluating MACE Grouper Currently loading 11,700 groups for performance testing 1 st rev on dev server ran out of memory after 11 hours/2,000 groups Primary problem: adding groups to stem with many groups (courses) Adding subject & number containers to schema, deploying to QA box Will publish final metrics to grouper-users@internet2.edu Major tasks include Provisioning changes to populate MACE Grouper from feeds Re-integration of 1,000 manually provisioned AD groups Provision groups into SunOne, AD, and Novell directories Provision groups into some applications MACE Grouper interface changes to suit Brown’s needs Disable application functionality that allows users to browse groups MACE Grouper

10 James Cramton10 Nested vs. flat group schema Delegation of management need nested groups Applications generally don’t support nested LDAP groups, although some try in different ways Lowest common denominator is flat LDAP schema Use MACE Grouper’s LDAP connector to map nested MG group schema to a flat LDAP schema Use MG display name for LDAP group names Community Groups : Staff : Full Time Staff Significant limitation in schema browsing in apps How to browse 12,000 groups? Don’t want users to browse anyway; need to disable in apps Schema Design

11 James Cramton11 Policy should lead practice Need to delegate management to data owners Delegation requires clear policy The need for policy easily recognized, but the challenge is finding an owner Analyst or director often defines de facto policy ‘Policies from practice’ are often sound, but poorly communicated across organization Adherence to informal policies is unlikely Policy Issues

12 James Cramton12 Concerns moving forward Functional differences between Brown Grouper & MACE Grouper Adjusting expectations Extending MACE Grouper Performance of MACE Grouper Deeply nested stem structure not previously tested Administration usage patterns unknown Merging manually provisioned AD groups into global groups Establishing and enforcing policy Naming conventions, stem structure Who has authority to request changes for whom Transition of ownership from IT staff to Helpdesk Learning new system Different administrator skill sets Loss of continuity Moving Forward

13 James Cramton13

Download ppt "Group Management at Brown James Cramton Brown University April 24, 2007."

Similar presentations

Omni eControl: Unified management console for multiple applications

Omni eControl: Unified management console for multiple applications
UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Useful directory information is not easily accessible End users can not update their own information Directory information becomes quickly out of date.

Useful directory information is not easily accessible End users can not update their own information Directory information becomes quickly out of date.
What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.

What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Knowledge Management, Texas-style Session 508. Presented by: Belinda Perez Stephanie Moorer Knowledge Management, Texas-Style.

Knowledge Management, Texas-style Session 508. Presented by: Belinda Perez Stephanie Moorer Knowledge Management, Texas-Style.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
Office 365 Exchange Online Email Migration Adri Sanchez-Magdall & Mikal Herman UW Bothell IT.

Office 365 Exchange Online Migration Adri Sanchez-Magdall & Mikal Herman UW Bothell IT.
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Enhancing Collaboration by Extending the Groups Directory Infrastructure James Cramton Brown University.

Enhancing Collaboration by Extending the Groups Directory Infrastructure James Cramton Brown University.
Brown University MACE Grouper at Brown University James Cramton March 12, 2008 Copyright © James Cramton 2008 This work is the intellectual property of.

Brown University MACE Grouper at Brown University James Cramton March 12, 2008 Copyright © James Cramton 2008 This work is the intellectual property of.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Similar presentations

Ads by Google