middleware implementation case studies n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Middleware Implementation Case Studies PowerPoint Presentation
Download Presentation
Middleware Implementation Case Studies

Loading in 2 Seconds...

play fullscreen
1 / 40

Middleware Implementation Case Studies - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Middleware Implementation Case Studies. Tom Barton, The University of Memphis Renee Woodten Frost, Internet2 & UMich Louise Miller-Finn, Johns Hopkins University. Outline of Presentation. Renee will introduce the concept of Core Middleware and the reasons for implementation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Middleware Implementation Case Studies' - zulema


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
middleware implementation case studies

Middleware Implementation Case Studies

Tom Barton, The University of Memphis

Renee Woodten Frost, Internet2 & UMich

Louise Miller-Finn, Johns Hopkins University

outline of presentation
Outline of Presentation
  • Renee will introduce the concept of Core Middleware and the reasons for implementation
  • Tom will give an overview of the structure of an Enterprise Directory Service and identify some issues currently facing the U of Memphis.
  • Louise will detail the Johns Hopkins model for an Enterprise Directory Service.
  • Renee will summarize some additional related Internet2 Middleware Initiative activities.
core middleware
Core Middleware

Identity - unique markers of who you (person, machine, service, group) are

Authentication - how you prove or establish that you are that identity

Directories - where an identity’s basic characteristics are kept

Authorization - what an identity is permitted to do

PKI - emerging tools for security services

organizational drivers
Organizational Drivers
  • Federal government
  • E-enterprise functions
  • Service expectations
  • Resource allocation pressures
  • Collaboration
benefits to the institution
Benefits to the Institution
  • Economies for central IT - reduced account management, better web site access controls, tighter network security...
  • Economies for distributed IT - reduced administration, access to better information feeds, easier integration of departmental applications into campus-wide use...
  • Improved services for students and faculty - access to scholarly information, control of personal data, reduced legal exposures...
  • Participation in future research environments - Grids, videoconferencing, etc.
  • Participation in new collaborative initiatives - DoD, Shibboleth, etc.
costs to the institution
Costs to the Institution
  • Modest increases in capital equipment and staffing requirements for central IT
  • Considerable time and effort to conduct campus wide planning and vetting processes
  • One-time costs to retrofit some applications to new central infrastructure
  • One-time costs to build feeds from legacy source systems to central directory services
  • The political wounds from the reduction of duchies in data and policies
nature of the work
Nature of the Work
  • Technology
    • Establish campus-wide services: name space, authentication
    • Build an enterprise directory service
    • Populate the directory from source systems
    • Enable applications to use the directory
nature of the work1
Nature of the Work
  • Policies and Politics
    • Clarify relationships between individuals and institution
    • Determine who manages, who can update and who can see common data
    • Structure information access and use rules between departments and central administrative units
    • Reconcile business rules and practices
enterprise directory service what is it
Enterprise Directory Service: What Is It?
  • Anti-stovepipe architecture that can provide authentication, attribute, & group services to applications.
  • Adds value by improving cost/benefit of online services and by improving security.
  • A new & visible flow of administrative data. When someone finally begins to understand what you’re talking about, they react to the prospect of change.
managed objects
Managed Objects
  • Objects that describe:
    • People
    • Groups
    • Aliases, Roles, Affiliations
    • Network devices
    • Security policies
    • Network services
    • Org structure
  • The object classes and source data to populate them are determined by the applications to be directory enabled.
enterprise directory service how to build one
Enterprise Directory Service:How To Build One
  • Determine application-driven requirements for authentication, attribute, and group services and then design these four stages to meet the requirements:
          • Data Sources
          • Metadirectory Processes
          • Directory Services
          • Applications
uom core middleware stages
UoM Core Middleware Stages

Data sources

Metadirectory processes

Directories

Applications

notes re uom core middleware stages
Notes re: UoM Core Middleware Stages
  • Data Sources: Attribute selection; negotiation for access; determination of data access policy; familiarity with semantics of desired data elements & business processes that maintain them.
  • Metadirectory Processes: Management of identity; transformational & business logic (resource provisioning); derived attributes & structures (eg, uid’s, email attributes, state variables, org structure groups & attributes, …).
  • Directory Services: Loading & replicating; access controls for directory information; schema extensions to support applications; indexing & performance management; synchronizing other consumers of directory info.
notes re uom core middleware stages1
Notes re: UoM Core Middleware Stages

Applications. Some boxes represent classes of apps. Tigerlan (800 seats of computer labs); white pages (people search); Library proxy access; postoffice & calendar account building; manage mail account (vacation, quota, …); various web-based utilities for LSPs; ResNet autoregistration; secure discussion groups; campus pipeline; UoM “address book” integrated into email clients; IMAP/POP/web accessible emailboxes; calendar; email routing; off-campus email relay provided only to authenticated users; mass email; dialup & wireless authentication & authorization; card swipe facilitated account self-maintenance; automated account & resource management (“misc actions” in the slide).

notes re uom core middleware stages2
Notes re: UoM Core Middleware Stages

Applications - upcoming: WebCT; data warehouse; suite of applications directly managed by AD; shell account, home directory & personal web page access; FASTLane (Faculty & Staff LAN); storage & distribution of digital certificates, a key element of PKI; PIN synchronization??; new UoM ID card based applications??; authentication of Library patrons??

issues with current data sources
HRS:

All accounts paid from, not just primary department.

SIS:

Select students from current, future, and previous term and add’l data elements to support 2nd generation group messaging.

Pull instructor data too.

ADS (Alumni): initiate

DRA (Library): initiate

Async (Clientele):

New web based account self-maintenance to replace card swipes.

“Challenge” Qs & As for identification in non face-to-face circumstances.

Issues With Current Data Sources
issues with the current metadirectory
Issues With the Current Metadirectory
  • NDS update channel is too slow
  • Ancient, frozen technology (especially Ph)
  • Anticipate new policy regarding account & resource management, especially to handle off-campus students & alumni.
  • 9 years of spaghetti
  • Tightly bound to particular source and directory technologies.
issues with current directories
Issues With Current Directories
  • Must bring Active Directory into this infrastructure.
  • Need better representations & procedures for non-people objects: static groups; dynamic groups; org structure related groups, roles, and people attributes; affiliations & other “correlated” info.
  • Need to include new types of metadirectory consumers such as list processors
metadirectory data flow overview
MetaDirectory Data Flow Overview
  • Provide complete SOR data-to-directory path;
  • Push the data through one cycle to kickoff development process; (prime the pump)
    • Review first iteration, and prepare next iteration with updates;
  • Each iteration flushes more detail to the requirements in a rapid application development process adding data, business rules and/or policy changes;
  • Document and store standard deployment procedure;
  • Each iteration provides intense unit testing followed by QC test cycle, then move to production
stage 1 analyze data sources
Stage 1 – Analyze Data Sources
  • Identify Data Sources
    • Where do the data feeds originate; what data fields are required; Provide Standard Data Collection Model
    • What is the frequency of the data feed; require fixed length fields and records;
  • Define database load procedure and produce audit log
stage 2 database requirements
Stage 2 – Database Requirements
  • Define the input tables to represent the clients’ data; define key fields to tie tables together;
  • Document and store common database procedures;
  • Provide data model using Entity Relationship tool (e.g. ERWin);
  • Provide standard database templates for reuse;
  • Provide audit log
stage 3 back end processing bep
Stage 3 – Back End Processing (BEP)
  • Develop procedures (PLSQL) to process high level business rules;
  • Create intermediate tables with directory records;
  • Implement ER diagrams that define table fields;
  • Store common procedure templates for reuse;
  • Provide audit log;
stage 4 database table export
Stage 4 – Database Table Export
  • Provide export file in fixed field, fixed record format;
  • Develop status field processing using eye catcher (e.g. ‘ADD’, ‘DELETE’, ‘UPDATE’, ‘NOCHANGE’)
  • Document export procedure and standard field values;
  • Create and store common export procedure template;
  • Produce activity log
stage 5 directory import
Stage 5 – Directory Import
  • Process export files using generic (PERL) script to import/update enterprise directory;
    • Keep code free of business rules;
  • Create and store common script template for reuse;
  • Provide web base report interface to track activity and status;
  • Provide audit log
stage 6 directory status
Stage 6 – Directory Status
  • Provide audit log of directory activity;
    • Create and store common report template;
    • Generate standard web based activity report;
  • Provide backup/recovery procedure;
  • Provide replication service;
stage 7 front end processing fep
Stage 7 – Front End Processing (FEP)
  • Define and deploy access control (ACL);
    • Define JHI policy for the global user, the person, and the administrator;
    • Develop and document scope and visibility to the directory attributes;
  • Develop and deploy common web enabled directory access (a common ‘look and feel’ to the front end);
    • Use a common set of development tools (e.g. ColdFusion);
  • Apply front end application level business rules (more specific rules than the back end process);
stage 8 directory updates
Stage 8 – Directory Updates
  • Provide a log dataset of directory activity (updates, deletes, etc.);
  • Provide standard procedure for data owners to pull the activity log;
  • Design and implement a standard record layout using a status field and a audit trailer record;
summary
Summary
  • Don’t underestimate the need to keep repeating the message
    • Support from the top is critical
  • Continual auditing: data feeds will disappear or show up corrupted
  • Hire the best, otherwise you will waste much time and $$$
  • Maintain KISS principle
related i2 directory activities
Related I2 Directory Activities
  • Early Harvest / Early Adopters -

http://middleware.internet2.edu/earlyharvest/

http://middleware.internet2.edu/earlyadopters/

  • LDAP Recipe - http://www.georgetown.edu/giia/internet2/ldap-recipe/
  • eduPerson –

http://www.educause.edu/eduperson

  • Directory of Directories – http://middleware.internet2.edu/dodhe
related i2 middleware activities
Related I2 Middleware Activities
  • Shibboleth –

http://middleware.internet2.edu/shibboleth/

  • PKI – HEPKI-PAG, HEPKI-TAG

http://www.educause.edu/hepki/

  • PKI Labs

http://middleware.internet2.edu/pkilabs/

  • Vidmid –

http://middleware.internet2.edu/video/

for more information
For More Information
  • Tom Barton

tbarton@memphis.edu

  • Renee Woodten Frost

rwfrost@internet2.edu

  • Louise Miller-Finn

lmiller@jhmi.edu