k12 secure identity management
Download
Skip this Video
Download Presentation
K12 Secure Identity Management

Loading in 2 Seconds...

play fullscreen
1 / 86

K12 Secure Identity Management - PowerPoint PPT Presentation


  • 303 Views
  • Uploaded on

K12 Secure Identity Management. Identity Based Collaborative Learning Solution. Agenda . Introduction to Condrey Consulting Corporation Introduction to No Child Left Behind (NCLB) Introduction to the Schools Interoperability Framework (SIF) Benefits and Solution Overview

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'K12 Secure Identity Management' - oren


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
k12 secure identity management

K12 Secure Identity Management

Identity Based Collaborative Learning Solution

agenda
Agenda
  • Introduction to Condrey Consulting Corporation
  • Introduction to No Child Left Behind (NCLB)
  • Introduction to the Schools Interoperability Framework (SIF)
  • Benefits and Solution Overview
  • Components of SIF Provisioning Solution
  • Phased Solution Approach
    • Identity Based Collaborative Learning
    • SIF Enabled Identity Management
  • Live Demo
  • Q&A
condrey consulting corporation company overview
Condrey Consulting CorporationCompany Overview
  • David Condrey – Owner and CEO
  • US Software Engineering Corporation based in Greenville, SC
  • Customers in 33 countries representing Commercial, Fortune 1000, State & Federal Government, Military, Healthcare, Higher-Ed and K12
  • Well known and respected by customers, especially in the academic market
  • Well known at Novell – Model Partner
  • Invested in the future of Novell
condrey consulting products overview
Condrey Consulting Products Overview
  • File System Factory™ – Novell Nsure - Novell Price List
    • Identity Based Storage Management
    • Ties Provisioning to the NetWare OS – Event Driven and Policy Based
    • Lifecycle Content and Data Management (ePortfolio)
  • IUAdmin™
    • Identity Based Personal and Collaborative Storage Access
      • Integrates with File System Factory™
      • Integrates with exteNd Portal, Virtual Office and iChain
    • Web Based Access to Personal and Group Content
    • Web Based Help Desk Administration
    • Web Based User Self-Service and Password Reset
  • AuditLogin™ and TrustFun
    • Who’s Accessing Storage and What Rights Do They Have?
      • Login/Logout - Date, Time,Workstation
      • Trend Reports and Graphs
      • File and Directory Rights Analysis
file system factory education customers
File System Factory Education Customers
  • University of Kentucky – 43,000 users
  • Northern Illinois University – 67,000 users
  • Minnesota State Colleges and Universities – 93,000 users
  • Charleston County Schools, SC – 42,000 users
  • University of Georgia – 60,000 users
  • Embry Riddle University – 12,000 users
  • Hemet School District, Los Angeles
  • Grand Rapids Community College
  • Savannah Chatham County Schools, Georgia
  • Douglas County Schools, Georgia
  • Newton County Schools, Georgia
more file system education customers
More File System Education Customers
  • Escondido Union High School District
  • Sutton Public Schools
  • Ramaz School
  • Augsburg College
  • Southwestern Community District No. 9
  • Le Moyne College
  • Macon County R-1
  • Grant MacEwan College
  • Clemson University
  • Community Consolidated School
  • District – Illinois
  • Ramaz School
  • Augsburg College
  • Northwestern Michigan University
  • Old Dominion University
  • Madison Area Technical College
  • Waukesha County Technical College
  • Blackhawk PA School District
  • Marysville Village Schools
  • Spearfish School District
  • Maine Township High School District
  • Waubonsee Community College
  • Western Illinois Univeristy
  • Escondido Union High School District
  • Sutton Public Schools
sample of education customers leveraging
Sample of Education Customers Leveraging

File System Factory, IUAdmin and AuditLogin

introduction to nclb
Introduction to NCLB
  • No Child Left Behind
no child left behind program summary
No Child Left BehindProgram Summary
  • NCLB requires schools to:
  • increase student access to technology
  • help students to achieve higher academic standards
  • improve teachers’ ability to use technology for instruction
  • increases technology implementation for schools, especially those serving
  • disadvantaged children
  • To receive much of the NCLB federal funding, local school districts must provide government agencies with strategic plans for implementing educational technology.
  • Financial Allocation:In fiscal year 2002, Congress allocated $22.2 billion for education and No Child Left Behind implementation nationwide.
nclb and digital portfolio s
NCLB and Digital Portfolio’s
  • The “Digital Portfolio" is a strategy that has gained wide-spread acceptance in the education field
  • Digital portfolios make it easier to track a student\'s progress and work over the years.
  • Allows students to store their material in digital format on a server to be reviewed by team members.
  • The portfolio contains samples of significant student work over time and should be available to the student throughout their school career, making it easier for teachers to access student work and thus track performance.
  • Digital portfolios are useful when applying to post-high school institutions or moving into careers in the private sector.
  • Digital Identity is key
nclb and eportfolio links
NCLB and ePortfolio Links
  • http://www.kn.pacbell.com/news/CAschools/sas.html
  • http://www.southalabama.edu/tomorrowsteachers/portfolios.html
  • http://schools.nycenet.edu/d75/instructionalservices/assessment/altassessment/datafolio.html
  • http://www.pupilpages.com/
  • http://www.mandia.com/kelly/portfolio.htm
schools interoperability framework sif
Schools Interoperability FrameworkSIF
  • Not a product, but a technical blueprint
  • Designed for and by K-12 technology providers and educators
  • Manages data within the K-12 environment
  • Enables diverse applications to interact and share data
  • Works cross-platform, over a Web-based interface
  • Allows automated reporting
k 12 identity management reality
K-12 Identity Management Reality

Food

Services

e-Mail

Grade

Book

Library

Automation

Data

Warehouse

Student

Information

Services

Transportation

Network

Account

  • Data Silo’s
  • Duplication of work
  • Inconsistent application of business policy
  • Time consuming – productivity delays
  • Little security confidence, significant exposure
sif components
SIF components

Student

Information Services

Zone Integration Server (ZIS)

SIF Agents

Applications

SIF Data Objects

Novell

Network Account

Library

Automation

School Badge

Food

Services

Instructional Software (Plato)

Transportation

Data Warehouse

slide15

SIF integration

K-12 data model

Federal

Accountibility, Reporting,

Planning, etc.

State

Food Service

Grade Book

HR / Finance

Library

SIS

Transportation

Voice Telephony

Instructional Services

District

School

Data Warehousing

sif vendors cont
SIF vendors (Cont.)

Student Information Systems

  • Pearson Education Technologies
    • SASIxp
    • Edustructures SIF Agent for SASIxp
    • www.edustructures.com
  • Sungard Pentamation
    • Open Series Student Management System
    • www.pentamotion.com
  • Central Susquehanna Intermediate Unit
    • CSIU Administrative Software Suite
    • www.csiu-technology.org
sif vendors cont17
SIF vendors (Cont.)
  • Library Automation
      • Follett Software Co – www.fsc.follett.com
      • SIRS Mandarin – www.mlasolutions.com
      • Sagebrush Spectrum
  • Telephony
      • Parlant Technology – www.parlant.com
  • Classroom Software
      • Renaissance Learning – www.renlearn.com
  • Transportation
      • VersaTrans Solutions – www.versatrans.com
  • Food Service
      • School-Link Technologies – www.school-linktechnologies.com
sif vendors cont18
SIF vendors (Cont.)
  • Data Warehouse
    • TetraData
    • eScholar
  • Novell
  • Microsoft
  • Apple
  • IBM
  • Sun Microsystems
  • Edustructures -ZIS
sif government members
SIF Government Members

US Department of Education

Virginia Department of Education

Delaware Department of Education

Idaho Dept of Education/Rich Mincer

Maryland State Dept of Education

National Center for Education Statistics (NCES)

Ohio Department of Education

Ohio SchoolNet Commission

sif benefits
Administrators

Increased Efficiency

Reduced redundancy and errors

Reduced compatibility issues

NCLB

SIF benefits

Students

  • Personalized Student Content
  • Improved timeliness of service
  • Accurate School Data
  • Increased Efficiency

IT Departments

  • Reduced support costs
  • Reduced time needed to manage multiple data sources
  • Save money using existing systems and infrastructure

Teachers

  • Real-time access to critical information
  • Better data analysis
  • Teachers time better spent
additional information on sif
Additional Information on SIF
  • http://www.sifinfo.org
  • http://www.opengroup.org/sif/cert/
  • http://www.sifinfo.org/vendors/sif_vendor_member.asp
components of k12 sif identity provisioning solution
Components of K12 SIF Identity Provisioning Solution
  • Novell eDirectory
  • Edustructures
    • SIFWorks™ Zone Integration Server (ZIS)
  • Nsure Identity Manager SIF User Agent
    • Life Cycle Student Account Management
  • Novell File System Factory
    • Lifecycle Content and Data Management (ePortfolio)
    • File Rights and Trustee Analysis
  • IUAdmin
    • Web based access to personal and collaborative content
    • Self-Service Password Reset and Help Desk
  • AuditLogin and TrustFun
    • Who’s accessing storage and what rights do they have
  • Novell iChain
    • Secure Access to Web Applications
slide24

Digital Identities

The key to student and faculty provisioning

novell edirectory
Novell eDirectory
  • Stores information about people, services, and resources
  • Manages relationships between them
  • Directs interactions and triggers events
slide26

Edustructures

Zone Integration Server

  • Founding Member of SIF
  • Member of SIF Board of Directors
  • Strategic Partner Alliances
      • NCS Learn, Follett
      • School-Link, Versatran
      • Novell and others
  • SIFWorks Enterprise ZIS Server
    • Cross Platform Support
      • Netware, Windows, Linux, Solaris, MacOS X
  • SASIxp SIF Agent
  • www.edustructures.com
slide27

Nsure Identity Manager SIF User Agent (DirXML)

  • SIF Agent for Provisioning Students
  • Built on Award Winning DirXML Technology
  • Supports the Following SIF Object Types:
    • Student Personal
    • Staff Personal
    • Student School Enrollment
novell file system factory
Novell File System Factory

Automatic Disk Space

for all

Students

or Staff!

novell file system factory29
Novell File System Factory

Automatic Disk Space

for each Class or

Work Group!

novell file system factory30
Novell File System Factory

Automated

Home Directory Management:

Create It,

Manage It,

and most importantly…

Clean It Up!

novell file system factory31
Novell File System Factory

Lifecycle Data and

ePortfolio Management:

Create It

Move It

Manage It

novell file system factory32
Novell File System Factory

All you have to do is

create the users and groups…

…Any way you want…

…We’ll handle the rest!

provision storage as well as accounts with novell file system factory and identity management

Identity Mgr

Active

AD

Directory

ZENworks for Desktops

LINUX

BorderManager

FSF

ZIS

NetWare

NetWare

eDirectory

NetMail

Provision Storage as well as Accounts with Novell File System Factory and Identity Management

Identity Mgr

SIF

Driver

Driver

  • Policy-based
  • Event-driven
  • Load balancing
  • Storage creation
  • Storage management
  • Storage cleanup
  • Personal user storage
  • Group storage

High School

25MB

Middle School 10MB

fsf methodology
FSF Methodology

New workflow component allows employee’s manager to review, reassign, or vault user data prior to deletion.

Algorithm: Random Balance

Rights: RWCEMFA

Quota: 150 MB

Template: SERV1/VOL1:Policies

DelWait: 90 Days

Target File Systems

Policy

  • Create
  • Rename

BJones

  • Delete

BSmith

RWCEMFA

Copy

BSmith

BJones

150MB

SERV1/VOL1:POLICIES

policy assignment data migration

Policy

Policy

Policy

Policy Assignment & Data Migration
  • Seamless
  • Fault-tolerant
  • Safe

BSmith

BSmith

Scheduler – 9:00PM

BSmith

50MB

BSmith

25MB

northern illinois university data migration backfill

RJones

RJones

Admin issues Backfill with “Enforce Policy Paths” option, which will move data.

KJackson

KJackson

NCS

BSmith

BSmith

Policy

RCroom

RCroom

DWyatt

DWyatt

Northern Illinois UniversityData Migration - Backfill

BSmith

RJones

KJackson

RCroom

DWyatt

Pentium Pro 200’s –

0 Users

Pentium Pro 200’s –

67,672 Users

education group policy example
Education Group Policy Example

Algorithm: Random Balance

Rights: none

Quota: 500 MB

Template: SERV1/VOL1:GroupSample

DelWait: Never

Assign Policy to Courses Container

Target File Systems

Policy

Create Course Group Object

SPAN340-001

Automatically Create Group Storage and Assign Policies

SPAN340-001

Copy Course Files for Each Student from Template

Copy

150MB

SERV1/VOL1:GroupSample

group policy templates configuration steps
Group Policy TemplatesConfiguration Steps

Create Group Object

SPAN340-001.MS.COURSES.STATEU

Create FSF Group Policy Using the FSF Management Interface

Create eDir Objects

Assign Members & Owners to the Group

Create Template

Assign Rights to Directories

group policy templates
Group Policy Templates

Assign Students as Members and Instructors as Owners

Members

Owners

JSmith.Students.STATEU

MRoberts.Students.STATEU

NFrost.Students.STATEU

PJones.Students.STATEU

RBrooks.Students.STATEU

SSmith.Students.STATEU

STimms.Students.STATEU

TJones.Students.STATEU

TSmythe.Students.STATEU

WClark.Students.STATEU

ABelcher.Staff.STATEU

KAlesanto.Staff.STATEU

group policy templates40
Group Policy Templates

File System Factory Automatically Provisions Storage for Students and Instructors

backfill apply or reapply policy to existing objects on demand

RJones

RJones

Admin issues Backfill with “Enforce Policy Paths” option, which will move data.

Later, the same operation can be used to replace existing servers.

KJackson

KJackson

BSmith

BSmith

Policy

RCroom

RCroom

DWyatt

DWyatt

Backfill - Apply or Reapply Policy to Existing Objects On Demand

BSmith

RCroom

DWyatt

BSmith

  • Provision storage for pre-existing users according to policy.
  • Begin managing pre-existing storage according to policy.

RJones

KJackson

RCroom

DWyatt

where s my stuff
Where’s my stuff?
  • Users need an easy way to find their storage …even if you need to move it.
  • Personal Storage and Group Storage.
  • Map a Drive? There’s only so many letters in the alphabet.
  • Login Script Management is a headache for group storage.
uraccess
URAccess
  • End-User tool for dynamically building personalized access links to storage.
  • Leverages Home_Directory user attribute for personal storage.
  • Leverages cccFSFactoryHomedir group attribute for shared storage.
  • Creates a local set of UNC paths and description presented to the user in a Windows UI.
  • Like App-Launcher for ZENworks, except provides access to storage.
  • List can be refreshed at any time.
  • Supports multiple tree connections.
executive storage dashboard
Executive Storage Dashboard

Storage Trends on User and Group Policies

administrative storage dashboard
Administrative Storage Dashboard

Event Statistics

Storage Health Check

https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFExecutiveDashboard.

quota manager help desk interface
Quota Manager – Help Desk Interface

https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFQuotaMgr

quota manager help desk interface49

Green = space available > 25% of quota

Yellow = space available < 25% of quota

Red = space available < 10% of quota

Quota Manager – Help Desk Interface
rights analysis
Rights Analysis

OWNERS

MEMBERS

what are the requirements

NDS/eDir

FSF_Event

FSF_Engine

What are the requirements?

Any Novell supported version of NDS® or eDirectory

(6.xx, 7.xx, 8.xx, 85.xx, 8.6.x, 8.7.x)

NetWare 5.1 SP6 or later

NetWare 6.0 SP4 or later

NetWare 6.5 or later

NetWare 6.0 SP4 or later

NetWare 6.5 or later

NetWare 4.x SP9 or later

NetWare 5.0 SP6a or later

NetWare 5.1 SP6 or later

NetWare 6.0 SP4 or later

NetWare 6.5 or later

coming up next
Coming up Next

File System Factory for:

Microsoft

Active Directory

Linux

provision and de provision storage for netware active directory and linux based on policy

Identity Mgr

Active

PeopleSoft

AD

Directory

ZENworks for Desktops

BorderManager

FSF

NetWare

NetWare

eDirectory

NetMail

Provision and De-Provision Storage for Netware, Active Directory and Linux Based on Policy

Identity Mgr

PeopleSoft

Driver

Driver

LINUX

FSF

iuadmin

Managed By File System Factory Events & Policies

User Self Service

Personal

And Group

Storage Access

Help

Desk

IUAdmin™

Personal

Storage

Group

Storage

ePortfolio

iuadmin60
IUAdmin™
  • Web Based Access to Netware Personal Content and ePortfolio
  • Managed by File System Factory Policies
  • Web Based Access to Collaborative Group Content Based on
  • File System Factory Policies
  • Integrate with Novell Extend Portal, Netware 6.5 Virtual
  • Office Portal and Novell iChain
  • User Self Service
    • Self-Service Password Reset
    • Let Users Optionally fix their own problems
  • Help Desk Administration
    • Location and Departmental based Help Desk
    • Help Desk Group Management
    • User Help Indicators Identify Account Problems

Intruder Lockout

Grace Logins

Login Disabled

Account Expired

iuadmin architecture
IUAdmin™ Architecture
  • Built on top of Novell’s HTTPSTK..no webserver to install or configure.
  • SSL connections for security.
  • Contextless Login.
  • No schema extensions. However
  • optional extensions are provided
  • for increased functionality.
  • Runs on Netware 5.1 or above with
  • any version of eDirectory.

Help

Desk

User Self

Service

File

System

Access

File

System

Mgt

IUAdmin

Core

Architecture

File

System

Factory

Resource

Mgt

Other products provide

Management Paks that plug in

to the architecture.

AuditLogin Trustfun

ePortfolio

no more floppy drive headaches

IUAdmin

No More Floppy Drive Headaches
  • Virus’s
  • Limited Space
  • Drive Failures
  • Management
  • Nightmare

Solution

File System Factory

slide68

Novell iChain

Securely Linking

eEducation to Everything

what is ichain
What is iChain?
  • iChain is Novell technology for web security
    • Reduces the complexities of implementing and managing secure web applications
    • Proxy based Architecture
    • Supports more HTTP services than any of it’s competitors
    • Provide single sign-on to web based resources
    • Supports Enterprise and Project based solutions
why ichain
Why iChain?

Firewall

  • Issues when creating a Secure Web infrastructure:
    • Direct Access to Web Servers (increase possibility of hacking)
    • Multiple User Identities (no single sign on)
    • Need to install SSL services on each web server
    • Need to change links in HTML content from HTTP to HTTPS
    • Many different Web Server Technologies

Web Servers and Applications

Intranet

SECURITY

Teacher

IUAdmin

Internet

SECURITY

IIS

Student

Linux/

Apache

SECURITY

Internet

Parent

ichain solution
iChain Solution
  • Benefits of iChain:
  • Single Authentication Point
  • Provides Web Single Sign On (headers and Form Fill) Sends Personalized content to applications
  • Rewrites HTML data (completely hide internal DNS infrastructure)
  • Dynamically encrypts content as it passes through proxy
  • Single SSL Certificate can be used for all internal web sites (proxy based)
  • No change to HTML content
  • No change to applications authentication process
  • Secures all HTTP servers
  • Remove Direct Access to Web Servers

Firewall

Web Servers and

Applications

One Net

iChain®

IUAdmin

Teacher

IIS

SECURITY INFRASTRUCTURE

Student

Linux/

Apache

Parent

eDirectory™

phased approach phase 1
Phased Approach – Phase 1
  • Phase 1
    • Identity Based Collaborative Learning
      • Personal Content and Class Storage
      • Web Based Access for Teachers and Students
      • Student ePortfolio - Cradle to Job
      • User Self Service and Web Based Help Desk
      • Faculty and IT Staff Training
    • SIF Readiness Assessment
        • Technology Infrastructure Assessment
        • High-Level SIF Design and Plan (Naming Standards)
        • Executive Level Presentation of Findings
    • Minimum Phase 1 Software Requirements
      • Novell File System Factory
      • IUAdmin and AuditLogin
phase 1 policy based collaborative learning

ZENWorks™

LDAP

UIMPORT

IDM

Console

One

eDirectory™

Phase 1 Policy Based Collaborative Learning

GroupWise®

File System Factory™

NetMail

Faculty Students

  • Product Licenses
  • Novell SLA
    • File System Factory™
  • Condrey Consulting
    • IUAdmin™
    • AuditLogin™, TrustFun

Novell BorderManager

Policy Based Storage

Home Directory

Class Storage Student ePortfolio

IUAdmin™

AuditLogin Report

& Graph

AuditLogin™

slide74

HD

EP

LDAP

UIMPORT

IDM

Console

One

Custom or

3rd Party

eDirectory

FSF

K12 Student ProvisioningGrade Promotion

Production Tree

Novell BorderManager

IUAdmin

HS1

MS1

Grade Promotion

Student Locker

Home Directory

ePortfolio

Class Storage

slide75

EP

HD

EP

LDAP

UIMPORT

IDM

Console

One

Custom or

3rd Party

eDirectory

FSF

K12 Student ProvisioningGraduation

Production Tree

SCSD

DIST

Graduated

HS1

Novell BorderManager

IUAdmin™

SMS

STUDENTS

Graduation

Student Locker

IUAdmin™

ePortfolio

phase 1 benefits
Administrators

Meet NCLB requirement for personalize content

Minimal cost with large return

Web based access to resources and data

Phase 1 Benefits

Students

  • Personalized Student Content
  • Improved timeliness of service
  • Web Based Access to resources and lesson assignments

IT Departments

  • Reduced help desk support costs
  • Reduced time needed to manage personal and group storage
  • Leverage existing systems and infrastructure – No upgrades

Teachers

  • Web based access to resources and data
  • Team Collaboration with students and teachers
  • Teacher ePortfolio
phase one pilot example
Phase One Pilot Example

# Students in District = 5000

* FTE for File System Factory

# Faculty in District = 500

# Students in 12th Grade = 400

FTE for IUAdmin = 900

* Hardware costs depends on the clients current environment

Recommend one server for IUAdmin Resource Portal

phased approach phase 2
Phased Approach – Phase 2
  • Phase 2 – SIF-Enabled Identity Management
    • Detailed SIF Identity Management Design and Plan
    • SIF Production Pilot
      • Two Schools and District Office
      • Knowledge Transfer and Training
    • Full SIF Deployment Phase - Remaining Schools
    • Minimum Software Requirements
      • Edustructures SIFWorks - SLA
      • SIS SIF Agent – Specific to vendor
      • NSure Identity Manager SIF Driver (DirXML) - SLA
      • Novell iChain – SLA
      • Hardware Requirements – Depends on Size of District
sif enabled identity management phases
SIF-Enabled Identity Management Phases

Phase 2

User Access Management

User Provisioning

/ De-Provisioning

SIF Provisioning

Nsure Identity Mgr SIFWorks

Novell iChain

N

AuditLogin

TrustFun

File System

Factory

Content Management

& Personalization

Phase 1

Collaborative Learning

IUAdmin

NW 6.5 Virtual Office eXtend Portal

student provisioning phase 2

ZENWorks

Novell iChain

eDirectory™

Student Provisioning Phase 2

Student

Information Services

NetMail®

Library

Automation

DirXML

Faculty Students

File System Factory

H.R. &

Finance

Food

Services

Extend Portal / Virtual Office

Policy Based Storage

Home Directory

Class Storage Student ePortfolio

IUAdmin

Transportation

Voice

Telephony

AuditLogin Report

& Graph

AuditLogin

Instructional

Services

ad