Presentation is loading. Please wait.

Presentation is loading. Please wait.

Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007.

Published byLisa West Modified over 9 years ago

Similar presentations

Presentation on theme: "Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007."— Presentation transcript:

1 Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007

2 TAS TAS is a web-based system TAS ‘integrates’ RACF and Active Directory security TAS allows LDOE enterprise, local public school districts, and private school Security Coordinators (SC) to inquire and update existing users’ security permissions. TAS allows SC’s to create new users TAS ‘integrates’ our Data Transfer Management System (DTM) with its own application security

3 TAS TAS is a web-based system –TAS is written entirely in Microsoft ASP running on a Windows Server 2000 IBM Blade –TAS is not browser specific

4 TAS TAS ‘integrates’ RACF and Active Directory security –LDOE is migrating from the IBM mainframe to Windows servers ‘Parallelism’ was chosen for the RACF to AD migration – Users would keep same Userids and passwords »Existing userids were ‘copied’ from RACF to AD »P-Synch, a password synchronization product, was purchased and deployed –User security roles (RACF and AD group membership) would remain equivalent

5 TAS –First, small application systems were migrated to Windows and one new systems was written in Windows. Immediate confusion. LDOE’s Security architecture –Local SC’s and security forms –Non-public Schools entered the mix »New system written in Windows »Doubled number of school users »Non-Public School users do not need a RACF ID –New applications will require many more users “Where/What is the security problem?” “What security (Windows and RACF) does a user have?”

6 TAS TAS to the rescue? (or Necessity is the Mother of Invention) –Called lots of vendors: “Do you have a security product that will interface with RACF and AD”. Lots of silence. –Can I write something that would inquire on AD and be interactive and web-based?

7 TAS The evolution of TAS –Write it in PHP or ASP? More familiar with PHP PHP is stronger in Lightweight Directory Access Protocol (LDAP) ASP has native AD interfaces ASP will run with no IIS changes PHP must be installed and maintained Planned to place TAS inquiry (if it could be written) on the production IIS Web server. –PHP would have to be installed and maintained –Any IIS problem could be blamed on PHP –Hope that Applications Development will one day assume maintenance of TAS (no chance of this if written in PHP)

8 TAS The evolution of TAS (continued) –Discovered necessary function scripts on the web (Microsoft’s “Scripting Guys” were especially helpful) –Wrote the code for Windows inquiry for the Enterprise Security Coordinators (ESC) – it worked – they liked it and had a question “Could you integrate RACF also”? –Get Microsoft ASP to talk to and pull users and groups out of RACF? No way! Or maybe there was. –RACF does have LDAP capability (the ‘proc’ LDAPSRV). Does ASP have enough ‘open system’ LDAP functionality to read IBM’s version of ‘open system’ LDAP? –Do I have enough functionality to understand and decode command line LDAP?

9 TAS The evolution of TAS (continued) –The answer to both above questions was ‘yes’. TAS now displayed a given userid’s AD and RACF roles (group memberships) on a web page –The ESC’s then stated, “We are always asked by the Local Security Coordinators (LSC) “What security does this userid have”? “Who in my district has userid’s”? –Can the LSC’s use TAS”? –This required writing a ‘real’ front end and wrapping the reports with an user interface. TAS is going ‘Production’.

10 TAS The evolution of TAS (continued) –To allow LSC’s to inquire on their users some RACF and AD configuration changes were necessary: RACF required organizational changes with new groups and groupings (userids moved into the new groups) AD required new security groups

11 TAS The Eureka Moment –Reorganizing RACF and AD to allow LSC’s to inquire only on their own users are almost the exact steps needed to allow the LSC’s to update their own users in RACF and AD –Do we want to allow the LSC’s to do their own security maintenance? –Writing ASP scripts to update AD (adding user IDs, modifying group membership) is now with within our skill level.

12 TAS The Eureka Moment (continued) –The 80 – 20 rule TAS with update capability would be written to process only ordinary security request This encompasses 80% - 90% of the total security request received The 10% - 20% of extraordinary security request would continue to be handled manually with security forms

13 TAS The Eureka Moment (continued) –Could RACF be modified by ASP? Could not find any LDAP modification commands using ASP anywhere Is another mechanism available? –We ‘Webified’ our IBM mainframe around 1998 »Secure HTTP Server (HTTPS://) has been in production on the Internet since 1999 »FTP has been available ‘inside the firewall” for DOE internal use only since 1999

14 TAS The Eureka Moment (continued) –FTP There was something about FTP server and the ‘card reader’ Looked up the FTP server info The FTP command ‘SITE’ –Sending the command “quote site FILE=JES” will cause the Mainframe FTP server to ‘write’ the file being ‘put’ or sent to the server to the JES card reader

15 TAS The Eureka Moment (conclusion) –Will ASP FTP a file containing JCL to JES to modify RACF? –YES! TAS now updates AD and RACF –The ESC’s and Non-Public School SC came for a demo. Can TAS also interface with DTM our ‘home grown’ data transfer application system which stores its security data in DB/2? –YES, TAS now automates all ordinary Security request

16 TAS Conclusion –TAS was written out of absolute necessity Non-Public School reporting doubled the number of userid’s 5000 more userids are soon to be added (SER/IEP) –TAS evolved beyond any anyone’s expectations What began as a ‘quick and dirty’ AD inquiry program for two users quickly evolved into a enterprise-wide linchpin production system for LDOE Demonstration & Questions

Download ppt "Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007."

Similar presentations

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
E-commerce Web Site: Sales and Inventory Management System Markku Marjoneva.

E-commerce Web Site: Sales and Inventory Management System Markku Marjoneva.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Website Development with PHP and MySQL Introduction.

Website Development with PHP and MySQL Introduction.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.

E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.

1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Introduction to ASP.NET. Prehistory of ASP.NET Original Internet – text based WWW – static graphical content  HTML (client-side) Need for interactive.

Introduction to ASP.NET. Prehistory of ASP.NET Original Internet – text based WWW – static graphical content  HTML (client-side) Need for interactive.
1 Web Server Concepts Dr. Awad Khalil Computer Science Department AUC.

1 Web Server Concepts Dr. Awad Khalil Computer Science Department AUC.

Similar presentations

Ads by Google