Provisioning Services
Collaborative
CSU, East Bay and
CSU, San Bernardino
Kent McKinney, Director, Information Systems,
Information & Computing Services, CSUEB
Lorraine Frost, Interim VP,
Information Resources and Technology, CSUSB
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
1
Agenda
• Overview of Collaborative
• Project Drivers
• Project Objectives
• Project Strategies
• Project Deliverables
• Project Status
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
2
Overview of Collaborative
Both East Bay and San Bernardino were interested in
exploring the potential of the SUN Java Enterprise
System (JES) toolset to address their needs for
supporting an Identity Management System (IdM). A
common desire to use these tools for provisioning
and de-provisioning access to campus resources
developed.
San Bernardino had been evaluating both Oracle and
SUN’s toolsets. Given the current knowledge and
expertise in SUN products on the campus, significant
price breaks on the product, and the common goals
between East Bay and San Bernardino, a
collaborative began to formulate.
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
3
Project Drivers – East Bay
• Desire to standardize home grown provisioning process
using a vendor supported tool
• Interest in sharing training opportunities and learning
experiences with other campuses
• Needed to expand support structure for provisioning
services on campus
• Current single sign-on capabilities needed to be
expanded to other applications; particularly to
departmental applications
• Synchronize the enterprise directory with Active Directory
• Historical skill set strengths in SUN products
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
4
Project Drivers – San Bernardino
• Recognized need to develop single sign-on strategy to
address upcoming campus portal implementation
• Need to clearly identify campus constituents, roles,
authentication, and authorization to campus resources
• Desire to enhance security surrounding access to
applications
• Interest in sharing strategies and approaches with other
campuses
• Synchronize the enterprise directory with Active
Directory
• Historical skill set strengths in SUN products
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
5
Project Objectives
• East Bay and San Bernardino participation in the review and
update of the Cal State eduPerson schema with adaptation
to campus Enterprise Directory services
• San Bernardino evaluation of the use of a network id, similar
to East Bay’s, to enable access to campus resources
• Identify project tasks to address two campuses, with separate
operations, common problems, and develop common
solutions to address IdM strategies
• Develop provisioning and de-provisioning policies and
procedures for campus enterprise systems
• Determine benefits and costs of working together
• Identity strengths and weaknesses of the SUN JES Identity
Management System toolset
• Publicize lessons learned and advantages of using a secure
Identity Management System toolset, such as Sun JES
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
6
Project Strategies
•
East Bay and San Bernardino had strong skill sets in use of SUN for email
systems, LDAP directories, and current licenses could easily be expanded
to include JES
•
San Bernardino was developing a portal strategy and needed to ensure it
would integrate effectively with future IdM directions
•
East Bay already used a network id and home grown provisioning tools to
provide access to campus resources, but wanted to move to a
standardized toolset and integration of departmental applications
•
Both campuses were moving in the same direction and felt a joint venture
would afford them opportunities to share training, expertise, consultant
hours, and JES application installation knowledge
•
Small project, email provisioning and Enterprise Directory/Active Directory
synchronization, was chosen to provide earlier results and opportunity to
test the toolset.
•
Alternating phases between campuses will provide each campus ability
to increase number of applications addressed by toolset while learning
from each others activities
•
Use of Project Management skills at East Bay to monitor joint project
•
Costs to be shared by East Bay, San Bernardino, Chancellor’s Office, SUN,
and systems integrators
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
7
Project Deliverables
•
San Bernardino – Phase I
•
East Bay – Phase II
• Establish and deploy use of network id, if appropriate
• Install, configure, and test SUN JES identity manager software
• Configure unidirectional transfer with Active Directories and
Enterprise Directory
• Provision accounts into CSUSB email system
• Integrate applications with single sign-on processes: Email,
PeopleSoft HCM 8.9, Blackboard
• Identify strengths and weakness of Sun JES
• Comparison of current provision toolset with capabilities of Sun
JES IdM toolset
• Based on lessons learned from San Bernardino, convert current
toolset to Sun JES
• Create single sign-on framework to integrate departmental
applications.
• Configure unidirectional transfer with Active Directories and
Enterprise Directory
• Provide Project Planning support to both phases
• Identify strengths and weakness of Sun JES
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
8
Project Status
• Project objectives and deliverables identified with
additional items to be considered
• Initial consulting contract for Phase I in review,
need to expand to include East Bay involvement
• Sun JES purchased by both campuses
• Developing Project proposal for CO consideration
• Team participants still to be fully identified
• Project tasks to be outlined
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
9
Questions or Suggestions
July 12, 2005
CSU SIMI Workshop - Melding Policy and Technology to
Manage Identity
10