Identity & Infrastructure Applications Development & Release Plans Tim Purkiss
Mar 28, 2015
Identity & Infrastructure ApplicationsDevelopment & Release Plans
Tim Purkiss
Outline
• Identity & Infrastructure Applications Services• Recent changes to UPI• Identity & Access Management (Vidit)• Live@UCL and Office 365 (Duncan)• IDINA Release 2.0• Spring and Summer 2013
IDINA Services
• UPI: UCL Person Identifier• Services System• Computer Reps Tool• Find UPI• Database account registrations
• Identity & Access Management• Live@UCL and Office 365
Recent changes to UPI
• Materialized Views• Restructuring core views• Main Source• Unicode• Project work
Use of Materialized Views
Person Data Key Records Associations
Person Data with preferences
Main TelephoneMain E-mailMain UserID
Main Source
Core views – Before
ResourceLink
SITSServices System
UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON
UPI_V_PERSON_ALL
UPI_V_PERSON
Core views – Now
UPI_V_PERSON_BASE
ResourceLink
SITSServices System
UPI_V_PERSON_SEARCH
UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON
UPI_V_PERSON_PREFPreferences
UPI_V_PERSONContact info
Main Source - Now
Resource Link1
SITS2
Services System3
Main Source
Current associations?1
Highest ranked association?2
Staff Hon PG UG Visitor
Casual Alumni Applicant
InvigilatorExt. Examiner
Identity and Access Management (IAM)
Components
• Microsoft Forefront Identity Manager (FIM)
• Synchronise data between different data sources
• Manage identities and groups, configure workflows and define rules and policies via a portal
• Online User Registration (OUR)
• Enable applicants to register personal credentials centrally
• Allow UCL student joiners to collect UCL userid and set a password electronically
• Role Account Registration and Management (RARM)
• Facilitate members of ISD Service Desk to request role accounts and track their provisioning
• Data store, procedures and jobs
• Consolidate identity and preference data
• Generate and maintain UCL userids
Value added so far
• Near real-time (replace legacy overnight batch process) userid provisioning in:
• UNIX• Active Directory (old and new)
• Live@UCL email service for UCL Alumni
• OUR integration with:
• Student pre-enrolment system• UCAS applicant portal• Student accommodation system (StarRez)
• RARM: Easy to use web application to request role accounts (e.g. administrator account)
• Prevent bad practice of manually creating these accounts without any tracking/auditing• Allow user to request multiple accounts in one go (batch feature)
IAM Developments
• User sID migration from the old domain to the new one
• Remove dependency on ADMT
• Group provisioning and management using FIM
• OUR integration with:
• Online Admissions system (direct applicants)
• Improvements in RARM
• Improvements in the userid generation process
Live@UCL / Office 365
• live@UCL: Project• Office 365: Project• live@UCL: The Service
ID Task Name Start Finish DurationQ4 13Q2 13Q1 13
JulJun OctDec Apr Sep Dec
1
2
3
4
5
6
7
8
9
10
11
4w08/02/201314/01/2013Staff batch mopups
4w01/03/201304/02/2013Central Aid4Mail Data migration
3w20/02/201331/01/2013Retrospective IMAP Disable
3w08/02/201321/01/2013Provisioning and migration of associated accounts
16w17/05/201328/01/2013Un-associated accounts
6w11/07/201331/05/2013Final Tidy up
12w29/03/201307/01/2013Distribution Lists (tactical phase 1)
16w23/05/201301/02/2013Decomm departmental servers (centrally routed & specialist)
13w29/11/201302/09/2013Decomm Central IMAP
3w25/01/201307/01/2013Decomm Oracle Calendar service
AV & Mail Routing switchover
28w29/11/201320/05/2013AV & Mail Routing switchover
De
co
mm
Pre
-De
co
mm
Po
st-
De
co
mm
12 14w06/12/201302/09/2013Project Deliverables
Mar
Q4 12 Q3 13AugJan Feb NovMay
Pro
jec
t D
eli
ve
rab
les
live@UCL: Stage Five - Workstreams
Transition to Office 365
• All Live@edu service subscribers are required to move to Office 365 by September 2013
Transition to Office 365
• All Live@edu service subscribers are required to move to Office 365 by September 2013
• Phase one Like-for-like Hosted Mail and Calendar Service–25GB mailbox –Minimal change to service wrap–Most preparatory work is behind the scenes and communications related:
• AD changes • Identity Lifecycle Manager (ILM)/Directory Synchronisation• Provisioning scripts• Management Tools• Comprehensive test plan to document end user experience
Transition to Office 365
• All Live@edu service subscribers are required to move to Office 365 by September 2013
• Phase one Like-for-like Hosted Mail and Calendar Service–25GB mailbox –Minimal change to service wrap–Most preparatory work is behind the scenes and communications related:
• AD changes • Identity Lifecycle Manager (ILM)/Directory Synchronisation• Provisioning scripts• Management Tools• Comprehensive test plan to document end user experience
• Phase two–Business requirements analysis with UCL community for future Office 365 enhancements (Sharepoint, Lync, WebApps)
Office 365 Schedule
Development: In progress
ADDEV -> EISD-DEV.ucl.ac.uk
Test : 29 April 2013
ADTEST -> EISD-TEST.ucl.ac.uk
Production: **12 July 2013 **
AD -> LIVE.ucl.ac.uk
live@UCL: support structure
3rd Line Support (CIA) SOM & Deputy SOM – (CIA)
SO – Maria Darmon
ADS Service Desk
User Query
SoP Service Desk ISD Service Desk AISC Service Desks
IDINA Release 2.0
• Main Source – phase III• Data cleansing• Service monitoring• IAM developments• Computer Reps Tools• Find UPI
Data Cleansing
• Add Archive data from UPIMGR• Remove records from Services System• Tidy up Services System users/permissions
Service Monitoring
• Fix Services System feedback• Rationalise multiple sync processes
IAM Developments
• Userid sID migration from the old domain to the new one• Improvements in RARM• Improvements in the userid generation process
Computer Reps Tools
• Include Role Accounts• Group membership look-up
Find UPI
• Move from as01• Re-platform to Java/Spring
Next Steps for Release 2.0
• UAT prepared by 18th Jan• Details of what data will change and how.
• Beta version of Comp Reps tool• Deploy Find UPI
Spring and Summer 2013
• CSO / Intranet groups• “Known As” names in searches• Improved Notifications• Interfaces• Decommission old UPI• Web Services?
CSO and Intranet
• Remove batch file transfer• Standardize CSO/Directory data
– Consistent results with other UPI data– Remove duplication
Notifications
• Some systems use this mechanism to get Person updates.
• Interfaces can benefit from only being notified for a change that interests that system.
Known As names in searches
• Reduce UPI duplication/misallocation
Interfaces
• SITS• RALIC• Telecoms• Remedy / ITSM• RPS
Old UPIMGR
• Continue decommissioning
Web Services…?
• Technology in need of application
Questions…?