slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ADAM PowerPoint Presentation
Download Presentation
ADAM

Loading in 2 Seconds...

play fullscreen
1 / 22

ADAM - PowerPoint PPT Presentation


  • 171 Views
  • Uploaded on

ADAM. James Cowling Senior Technical Architect. Agenda. What is ADAM? Relevance to IAM Real-world Implementation Scenarios. What is ADAM?. LDAP Directory Based on AD technology Simple and clean to install and uninstall Without AD’s NOS and historical baggage Supports both

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ADAM' - Antony


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

ADAM

James Cowling

Senior Technical Architect

agenda
Agenda
  • What is ADAM?
  • Relevance to IAM
  • Real-world Implementation Scenarios
what is adam
What is ADAM?
  • LDAP Directory
  • Based on AD technology
  • Simple and clean to install and uninstall
  • Without AD’s NOS and historical baggage
  • Supports both
    • DC=Microsoft, DC=COM
    • O=Microsoft,C=US
  • Integrates tightly with AD authentication
  • Basically Free
technical matters of interest
Technical Matters of Interest
  • Installation
    • Simple to install
    • Wizard or Unattended
    • Multiple installs per server
    • XP install limited to 10000 objects
  • Password Policies
    • Complexity rules similar to AD
  • Backup and Restore
    • EDB and LOG files
replication
Replication
  • Replication between ADAM instances on different computers
    • using AD technology
    • Flexible replication models possible
administration
Administration
  • Technical Administration via command-line tools
    • DSMGMT
      • Manage partitions, FSMO roles, policies, ports
    • REPLADMIN
      • Troubleshoot Replication
    • DSDBUTIL
      • Manage and troubleshoot the database
    • DSACLS
      • Manage Access Control Lists
identity administration
Identity Administration
  • ADSIEdit and LDP supplied with ADAM
  • Many other tools exist
    • Web-based
    • Explorer-integrated
    • Build or Buy
  • Delegated Administration Permissions
    • Through ADAM ACLs in user context
    • Through 3rd Party tools in service account context
adam and iam
ADAM and IAM
  • Centralized Identity Storage
  • Flexible Authentication
  • Centralized Identity Management
  • Centralized Role Management
authentication
Authentication
  • Primary Authentication Methods is LDAP simple bind
  • Forwards Windows Integrated Authentication for unknown users, and
  • Proxies LDAP Binds for Known Users
    • to AD and NT4
    • in same or trusted domains
solutions
Solutions
  • Single Sign On
  • HR-Driven Provisioning
  • Centralized Web-based User Management
single sign on
Single Sign-On
  • Publishing Company
  • 5000 Users
  • Identities in AD and NT
  • Require SSO for a WebSphere application
solution
Solution
  • Central ADAM User Directory
    • Synchronize with AD and NT using MIIS
  • ADAM Proxies Authentication requests
    • Which are routed to AD and NT appropriately
hr driven provisioning
HR-Driven Provisioning
  • Large Retailer
  • 65,000 users across multiple companies
    • Growth partly through acquisition
  • SAP systems
    • HR
    • Location / Facility Management
    • Portal
    • Workflow
  • 34 AD Domains
goals
Goals
  • Improve Internal Communication
    • White Pages solution
    • Improve data quality
  • Improve Efficiency
    • Reduce human intervention during provisioning / deprovisioning
  • Maintain control
    • Approval workflows for account creation, assignment of portal roles
  • Increase Security
    • Identify and remove dormant accounts
    • Increase confidence in security group memberships
centralized user admin
Centralized User Admin
  • Reinsurance company
  • 5000 Users
  • Offices around the world
  • “Managed” Offices
    • Members of global domain
    • User management provided centrally
  • “Unmanaged” Offices
    • Stand-alone domains
    • Local user management
goals1
Goals
  • Provide global access to global applications
    • True Single Sign On
  • Minimize support costs
    • Centralize Administration
    • Reduced Sign On – Password Sync
  • Improve Security
    • Time-based deprovisioning
solution2
Solution
  • Centralized Web-based User Management
    • ASP.NET application
    • Identities in ADAM
    • Users, Contacts, Companies, incl. Inheritance
  • MIIS-based provisioning to other systems
    • Active Directory
    • Oracle-based LOB systems
    • HP/UX-based LOB systems
  • Password Synchronization
    • AD password is authoritative
    • Sync to ADAM & HP/UX
slide22

ADAM

James Cowling

Senior Technical Architect