Identity & Infrastructure Applications Development & Release Plans Tim Purkiss.

Identity & Infrastructure ApplicationsDevelopment & Release Plans

Tim Purkiss

Outline

• Identity & Infrastructure Applications Services• Recent changes to UPI• Identity & Access Management (Vidit)• Live@UCL and Office 365 (Duncan)• IDINA Release 2.0• Spring and Summer 2013

IDINA Services

• UPI: UCL Person Identifier• Services System• Computer Reps Tool• Find UPI• Database account registrations

• Identity & Access Management• Live@UCL and Office 365

Recent changes to UPI

• Materialized Views• Restructuring core views• Main Source• Unicode• Project work

Use of Materialized Views

Person Data Key Records Associations

Person Data with preferences

Main TelephoneMain E-mailMain UserID

Main Source

Core views – Before

ResourceLink

SITSServices System

UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON

UPI_V_PERSON_ALL

UPI_V_PERSON

Core views – Now

UPI_V_PERSON_BASE

ResourceLink

SITSServices System

UPI_V_PERSON_SEARCH

UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON

UPI_V_PERSON_PREFPreferences

UPI_V_PERSONContact info

Main Source - Now

Resource Link1

SITS2

Services System3

Main Source

Current associations?1

Highest ranked association?2

Staff Hon PG UG Visitor

Casual Alumni Applicant

InvigilatorExt. Examiner

Identity and Access Management (IAM)

Components

• Microsoft Forefront Identity Manager (FIM)

• Synchronise data between different data sources

• Manage identities and groups, configure workflows and define rules and policies via a portal

• Online User Registration (OUR)

• Enable applicants to register personal credentials centrally

• Allow UCL student joiners to collect UCL userid and set a password electronically

• Role Account Registration and Management (RARM)

• Facilitate members of ISD Service Desk to request role accounts and track their provisioning

• Data store, procedures and jobs

• Consolidate identity and preference data

• Generate and maintain UCL userids

Value added so far

• Near real-time (replace legacy overnight batch process) userid provisioning in:

• UNIX• Active Directory (old and new)

• Live@UCL email service for UCL Alumni

• OUR integration with:

• Student pre-enrolment system• UCAS applicant portal• Student accommodation system (StarRez)

• RARM: Easy to use web application to request role accounts (e.g. administrator account)

• Prevent bad practice of manually creating these accounts without any tracking/auditing• Allow user to request multiple accounts in one go (batch feature)

IAM Developments

• User sID migration from the old domain to the new one

• Remove dependency on ADMT

• Group provisioning and management using FIM

• OUR integration with:

• Online Admissions system (direct applicants)

• Improvements in RARM

• Improvements in the userid generation process

Live@UCL / Office 365

• live@UCL: Project• Office 365: Project• live@UCL: The Service

ID Task Name Start Finish DurationQ4 13Q2 13Q1 13

JulJun OctDec Apr Sep Dec

1

2

3

4

5

6

7

8

9

10

11

4w08/02/201314/01/2013Staff batch mopups

4w01/03/201304/02/2013Central Aid4Mail Data migration

3w20/02/201331/01/2013Retrospective IMAP Disable

3w08/02/201321/01/2013Provisioning and migration of associated accounts

16w17/05/201328/01/2013Un-associated accounts

6w11/07/201331/05/2013Final Tidy up

12w29/03/201307/01/2013Distribution Lists (tactical phase 1)

16w23/05/201301/02/2013Decomm departmental servers (centrally routed & specialist)

13w29/11/201302/09/2013Decomm Central IMAP

3w25/01/201307/01/2013Decomm Oracle Calendar service

AV & Mail Routing switchover

28w29/11/201320/05/2013AV & Mail Routing switchover

De

co

mm

Pre

-De

co

mm

Po

st-

De

co

mm

12 14w06/12/201302/09/2013Project Deliverables

Mar

Q4 12 Q3 13AugJan Feb NovMay

Pro

jec

t D

eli

ve

rab

les

live@UCL: Stage Five - Workstreams

Transition to Office 365

• All Live@edu service subscribers are required to move to Office 365 by September 2013

Transition to Office 365

• All Live@edu service subscribers are required to move to Office 365 by September 2013

• Phase one Like-for-like Hosted Mail and Calendar Service–25GB mailbox –Minimal change to service wrap–Most preparatory work is behind the scenes and communications related:

• AD changes • Identity Lifecycle Manager (ILM)/Directory Synchronisation• Provisioning scripts• Management Tools• Comprehensive test plan to document end user experience

Transition to Office 365

• All Live@edu service subscribers are required to move to Office 365 by September 2013

• Phase one Like-for-like Hosted Mail and Calendar Service–25GB mailbox –Minimal change to service wrap–Most preparatory work is behind the scenes and communications related:

• AD changes • Identity Lifecycle Manager (ILM)/Directory Synchronisation• Provisioning scripts• Management Tools• Comprehensive test plan to document end user experience

• Phase two–Business requirements analysis with UCL community for future Office 365 enhancements (Sharepoint, Lync, WebApps)

Office 365 Schedule

Development: In progress

ADDEV -> EISD-DEV.ucl.ac.uk

Test : 29 April 2013

ADTEST -> EISD-TEST.ucl.ac.uk

Production: **12 July 2013 **

AD -> LIVE.ucl.ac.uk

live@UCL: support structure

3rd Line Support (CIA) SOM & Deputy SOM – (CIA)

SO – Maria Darmon

ADS Service Desk

User Query

SoP Service Desk ISD Service Desk AISC Service Desks

IDINA Release 2.0

• Main Source – phase III• Data cleansing• Service monitoring• IAM developments• Computer Reps Tools• Find UPI

Data Cleansing

• Add Archive data from UPIMGR• Remove records from Services System• Tidy up Services System users/permissions

Service Monitoring

• Fix Services System feedback• Rationalise multiple sync processes

IAM Developments

• Userid sID migration from the old domain to the new one• Improvements in RARM• Improvements in the userid generation process

Computer Reps Tools

• Include Role Accounts• Group membership look-up

Find UPI

• Move from as01• Re-platform to Java/Spring

Next Steps for Release 2.0

• UAT prepared by 18th Jan• Details of what data will change and how.

• Beta version of Comp Reps tool• Deploy Find UPI

Spring and Summer 2013

• CSO / Intranet groups• “Known As” names in searches• Improved Notifications• Interfaces• Decommission old UPI• Web Services?

CSO and Intranet

• Remove batch file transfer• Standardize CSO/Directory data

– Consistent results with other UPI data– Remove duplication

Notifications

• Some systems use this mechanism to get Person updates.

• Interfaces can benefit from only being notified for a change that interests that system.

Known As names in searches

• Reduce UPI duplication/misallocation

Interfaces

• SITS• RALIC• Telecoms• Remedy / ITSM• RPS

Old UPIMGR

• Continue decommissioning

Web Services…?

• Technology in need of application

Questions…?