Is Your Enterprise Ready For A MetaDirectory??? Presented by Brian Picard CISSP

Is Your Enterprise Ready For A MetaDirectory???

Presented by Brian Picard CISSP

Personal Background Progressive Insurance – Security Architect

◦ 11 Long Years ( 6 years in Identity/Security )

◦ CISSP, GIAC – GSEC, Microsoft Server/Client Certified

◦ Wide range of background experience ( ie Server Administration, Networking, Development, Identity, and Security Architecture )

Private Consulting – Anything Technical◦ 10 Years ( 5 years in Identity/Security )

◦ Network Development

◦ Server Implementations

◦ Custom Development

◦ Security Consultations and Instruction

AgendaWhat is a MetaDirectory?TimeframesPre WorkImplementationPost Implementation

What is a Meta DirectoryDefinition: A system that

provides data flow between dissimilar data stores.

Timeframes

Pre Work◦Involved Teams◦Product

Selection◦Documentation

Pre WorkImplementati

onPost Work

Implementation◦Design◦Elevation

ProceduresPost Work

◦Care and Feeding◦Additional Uses

Involved Teams◦Human Resources◦Telecom◦Real Estate◦Network OS◦Corporate Directory◦Mainframe Access◦Email Systems◦External Compliance Vendors◦Employee DB History◦Physical Access◦Application Teams◦…


onPost Work

Product SelectionMy Magic Triangle

IBM Directory Integrator

(IDI)

Identity Lifecycle Manager

(ILM)

Sun Directory

Server Ent Edition(DSEE)


onPost Work

Microsoft’s ILM

Pros◦Good For High #’s of

Changes◦No remote agents

Cons– Slower– Lots of Custom Code

OverviewTelecomHR

ILM Server

Real Estate

Corp Director

y

Active Director

y

Application A

ReadWrite

Application B


onPost Work

IBM’s IDI

Pros◦Extremely Fast Changes◦Limited Coding

Cons– Limited Transformations– Remote Agents

Overview

HR Telecom Real Estate

Corp Director

y

Application A

Application B

Agent

Agent

Agent

Agent

ReadWrite


onPost Work

Sun’s DSEE

Pros◦Extremely Fast Changes◦Most Accurate Data

Cons– Slower Data Retrieval – Remote Agents

Overview

HR

TelecomReal

Estate

Agent

Agent

Agent

ReadWrite

Sun DSEE


onPost Work

Application A

DocumentationAttribute MappingElevation Work FlowCycle Processing MapsPrioritization matrix Customer/Provider Surveys


onPost Work

Attribute Mapping


onPost Work

Meta Verse HR RealEstate Phone Switch Corp DirectoryFirstName Fname first fnameLastName Lname last lnameLocation loc seat locsManager mgr manager

PhoneExtention pnum NetworkNumEmployeeNumber enum emplnum empl empl

Salary $$ WhatDoYouMakeEyeColor eyes

FavorateDrink drink WhatsInTheGlass WhatCanIBuyYou

Provider Consumer

Elevation Work FlowPre Work

Implementation

Post Work

Cycle Processing MapsPre Work

Implementation

Post Work

Batch Processing (12:00 AM -

6:00 AM)

Real Time Processing

Cycle (6:00 AM - 10:00 AM)

Real Time Processing Cycle (10:00

AM - 2:00 PM)


Cycle (2:00 PM - 6:00 PM)


Cycle (6:00 PM - 10:00 PM)

Non-Processing Time (10:00 PM

- 12:00 PM)

Daily Processing Cycle

Prioritization matrix Pre Work

Implementation

Post Work

Technical Level

Organizational Acceptance

Data Integrity Gain

Dollar Spend/Savings Totals

Weighting 2 4 1 3CustomerEmail 3 2 2 3 21Mainframe 4 4 3 4 27HR 7 5 6 2 35Corp Directory 7 2 5 8 37Active Directory 7 7 7 9 45

Technical Level is used to gauge the difficulty of moving this customer into the Meta Directory.

1-3 This is a high level of work involving multiple teams and a full project.

5-6 This is a medium level of difficulty requiring only a few teams and no project

9-10 This is a low level of difficulty and requires only a single team and very little time.

SurveysProvider

◦What attributes can you provide?◦What attributes are open for general

distribution?◦What attributes do you want to approve for

distribution?◦What level of SLA do you have?

Consumer◦What attributes do you need?◦What platform are they being moved to?◦How many server support this?◦What level of SLA do you have?


onPost Work

DesignBusiness and Technical RequirementsHardware/Physical LayoutProcessing CycleMetaverse Design (Attribute

Mapping)Custom Code Sub DesignsMonitoringTestingBackup and Restore


onPost Work

Elevation ProceduresDon’t forget about software

elevations best practicesFollow the elevation process flow,

that’s why you made itTake your time rolling out new

systems and verify things are working properly before moving on


onPost Work

Care and FeedingLog Review

◦Look for errors in the processing cycle◦Verify the correct cycles are running at

the correct times◦Verify non-prod systems are available as

described in your SLAPerformance Review

◦Verify your processing cycles aren’t running long

◦Verify your server doesn’t get inundated when new systems come on board


onPost Work

Additional UsesVersion Upgrades

◦Peoplesoft UpgradeProduct Changes

◦Directory Servers


onPost Work

Wrap-UpSpend the time to do the upfront

documentationThink through how this will fit into your

enterprise both technically and non-technically

Explain your SLAs, Designs, and Prioritization to everyone involved ahead of the actual implementation

Be sure that all implemented systems are meshing well together before moving onto the next system.

Brian Picard CISSP GSEC [email protected]

Documents

Is Your Enterprise Ready For A MetaDirectory??? Presented by Brian Picard CISSP