Scribd Logo
Carica

Benvenuto in Scribd!

  • Exploring Identity and Access Solutions

    Caricato da

    Feijao Rb
    19 visualizzazioni28 pagine
    6426B_01

    Titolo originale

    6426B_01

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    6426B_01

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    19 visualizzazioni28 pagine

    Exploring Identity and Access Solutions

    Caricato da

    Feijao Rb
    6426B_01

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 28

    Module 1

    Exploring Identity and


    Access Solutions

    Module Overview
    The Business Case for Identity and Access Control
    Active Directory Server Roles in IDA Management
    Overview of Identity Lifecycle Manager 2007

    Lesson 1: The Business Case for Identity and


    Access Control
    The Directory Sprawl Phenomenon
    Business Reasons to Implement IDA Solutions
    IDA Management Solutions
    Enhancing Security by Using IDA Management

    The Directory Sprawl Phenomenon


    Directories provide a centralized repository for user

    identity and access control

    Many organizations have more than one directory


    Keeping directories in sync can lead to user confusion and

    unnecessary management overhead

    Business Reasons to Implement IDA Solutions


    Some of the Business Reasons to implement an IDA

    solution are:

    Reduce the information access workload

    Increase operational security

    Enable secure cross-organization collaboration

    Protect intellectual property

    IDA Management Solutions


    List a few data sources that store identity information.
    Suggest a few procedures to provision a new employee to be fully

    productive.

    What are the security issues that confront individual access to user-

    sensitive data?

    Discuss a few conventional methods to securely share information or

    collaborate with external partners.

    Enhancing Security by Using IDA Management

    Security and Access Policies

    Security Audit Policies

    Password Management

    Identity-Aware Applications

    Strong Authentication

    Reducing Information Leaks

    Lesson 2: Active Directory Server Roles in


    IDA Management
    What Is a Server Role?
    Demonstration: Configuring a Server Role in Windows

    Server 2008

    Active Directory Roles That Support IDA Solutions


    Directory Services in IDA Management
    Active Directory Certificate Services in IDA Management
    Active Directory Federation Services in IDA Management
    Active Directory Rights Management Services in IDA

    Management

    Overview of IDA Management Technologies

    What Is a Server Role?

    Set of Installed
    Applications

    Option to Perform
    Singular Function

    Server Role
    Option to Combine
    with Other Server
    Roles

    Demonstration: Configuring a Server Role in


    Windows Server 2008
    Configure a server role in Windows Server 2008 by using Server Manager

    Active Directory Roles That Support IDA Solutions


    Active Directory Domain Services (AD DS)

    Provides the foundation for all IDA solutions

    Active Directory Lightweight Directory Services (AD LDS)

    Provides a directory services infrastructure without the management


    overhead. It can be used to either isolate or extend the security boundary

    Active Directory Certificate Services (AD CS)

    Works with AD DS to provide a foundation for enhanced security and


    multi-factor authentication. Each Active Directory role will use digital
    certificates for identity control

    Active Directory Federation Services (AD FS)

    Provides the ability to connect disparate systems and organizations


    without combining security infrastructures. Allows organizations to share
    management responsibility without sharing too much information

    Active Directory Rights Management Services (AD RMS)

    Provides the ability to secure content, even when the content does not
    exist within an organizations security boundary

    Directory Services in IDA Management


    Branch

    Branch
    DCs

    Access

    Tools

    Users

    Branch

    Platform

    Replication

    AD DS
    AD LDS

    Hierarchical Network

    Authentication

    Multiple
    Instances
    of AD LDS

    Active Directory Certificate Services in IDA


    Management
    Root and
    Subordinate
    Enterprise
    CAs

    Public Key
    Authentication

    Switch
    AD CS

    Manual

    Group

    Web-Based

    Router

    Wireless Router

    Active Directory Federation Services in IDA


    Management
    Supplier

    Manufacturer

    Account Partner

    AD FS

    Resource Partner

    Role
    IDA
    Identity

    Access

    Secure Identity Access Solution

    Single Sign-on Access

    Business-to-Business Scenarios

    Active Directory Rights Management Services in IDA


    Management

    2008

    Usage Control

    Copy

    AD RMS
    Forward

    RMS-Enabled Applications

    Print

    Identity Federation

    Overview of IDA Management Technologies


    Applications

    IDA

    Access

    ILM

    Identity

    Tools

    Access

    Role

    Users
    Platform

    Access
    Replication

    DS

    IDA Management

    Integration

    AD LDS

    Identity Lifecycle
    Manager 2007
    Branch

    Branch
    DCs
    Supplier

    Manufacturer

    Branch

    AD RMS

    Account
    Partner

    Resource
    Partner

    AD FS

    AD DS

    Lesson 3: Overview of Identity Lifecycle Manager 2007


    Components of ILM 2007
    System Requirements for ILM 2007
    Identity Integration by Using ILM 2007
    Identity Management Process by Using ILM 2007
    The Smart Card and Certificate Life Cycle
    Smart Card and Certificate Management with ILM 2007

    Components of ILM 2007

    Metadirectory Services and User Provisioning

    Automated
    Provisioning

    Password
    Management

    Certificate and Smart Card Management

    Active
    SQL
    Server Directory

    IIS

    SMTP

    CLM Server

    Client
    Microsoft Identity
    Integration Server 2003

    Microsoft Certificate Lifecycle


    Manager 2007

    System Requirements for ILM 2007


    Hardware Requirements
    1 GHz or faster processor; Pentium 4

    recommended

    512 MB of RAM or higher; 1 GB or more

    recommended

    8 GB of available hard-disk space on an

    NTFS partition

    Software Requirements
    Windows Server 2003 32-bit Enterprise

    Edition or Windows Server 2008 32-bit


    Enterprise Edition

    .NET Framework 2.0


    CLM 2007 Requires Certificate Services
    SQL Server 2005 Standard or Enterprise

    Edition or later recommended

    Identity Integration by Using ILM 2007


    Intranet

    CD

    Active Directory

    MA
    CS
    Proprietary
    Directory
    CD

    Extranet
    MA

    CS

    MV

    CS

    MA

    CD

    Active Directory

    CS
    MA

    Legend:
    CS = Connector Space

    ILM 2007

    MA = Management Agent

    Messaging and
    Collaboration

    MV = Metaverse
    CD

    CD = Connected Data Source

    Identity Management Process by Using ILM 2007


    Connector Space
    Management Agent

    Updated data is
    written to the
    metaverse

    DataSource1
    DataSource1

    Management Agent

    Metaverse

    DataSource2
    DataSource2

    Management Agent

    DataSource3

    Updated data is
    propagated to other
    connected data
    sources

    DataSource3

    The Smart Card and Certificate Life Cycle


    Supported operations include:
    Re
    tir
    e

    Smart card and certificate enrollment


    Recovery / card replacement
    Temporary card issuance

    Mana
    ge

    Smart card PIN unblocking


    Manager approvals
    Smart card PIN change

    ro
    En

    ll

    Smart Card and Certificate Life


    Cycle

    Smart Card and Certificate Management with ILM 2007

    Mail Server

    Active
    Directory Server

    CA Server

    Certificate
    Lifecycle Manager

    End User

    SQL Server

    Lab: Exploring IDA Solutions


    Exercise 1: Exploring How Active Directory Server Roles Provide IDA

    Management Solutions

    Estimated time: 60 minutes

    Lab Scenario
    You will identify the server roles needed to satisfy the business

    requirements for Contoso Pharmaceuticals and Northwind Traders.


    Contoso has entered into a partnership with Northwind Traders. Contoso
    must provide secure access to a Web application and SharePoint hosted
    documents to specified individuals at Northwind Traders.
    Specific Details are available in the student workbook.

    Lab Review
    In this lab, you have:
    Created a functionality framework
    Taken decisions on creating server roles to achieve required IDA

    management solutions

    Identified identity synchronization and user provisioning


    Identified certificate management
    Identified secure access across organizational boundaries
    Identified secure access beyond user names and passwords

    Module Summary
    In this module, you have learned to:
    Identify and define IDA Solutions
    Identify Active Directory Server Roles in IDA Management
    Identify the uses and features of ILM 2007

    Module Review and Takeaways


    Review Questions
    Real World Scenarios
    Best Practice

    Potrebbero piacerti anche