K 12 Secure Identity Management Identity Based Collaborative
K 12 Secure Identity Management Identity Based Collaborative Learning Solution
Agenda • • • Introduction to Condrey Consulting Corporation Introduction to No Child Left Behind (NCLB) Introduction to the Schools Interoperability Framework (SIF) Benefits and Solution Overview Components of SIF Provisioning Solution Phased Solution Approach • Identity Based Collaborative Learning • SIF Enabled Identity Management • Live Demo • Q&A
Condrey Consulting Corporation Company Overview • David Condrey – Owner and CEO • US Software Engineering Corporation based in Greenville, SC • Customers in 33 countries representing Commercial, Fortune 1000, State & Federal Government, Military, Healthcare, Higher-Ed and K 12 • Well known and respected by customers, especially in the academic market • Well known at Novell – Model Partner • Invested in the future of Novell
Condrey Consulting Products Overview • File System Factory™ – Novell Nsure - Novell Price List • Identity Based Storage Management • Ties Provisioning to the Net. Ware OS – Event Driven and Policy Based • Lifecycle Content and Data Management (e. Portfolio) • IUAdmin™ • Identity Based Personal and Collaborative Storage Access – Integrates with File System Factory™ – Integrates with exte. Nd Portal, Virtual Office and i. Chain • Web Based Access to Personal and Group Content • Web Based Help Desk Administration • Web Based User Self-Service and Password Reset • Audit. Login™ and Trust. Fun • Who’s Accessing Storage and What Rights Do They Have? - Login/Logout - Date, Time, Workstation - Trend Reports and Graphs - File and Directory Rights Analysis
File System Factory Education Customers • University of Kentucky – 43, 000 users • Northern Illinois University – 67, 000 users • Minnesota State Colleges and Universities – 93, 000 users • Charleston County Schools, SC – 42, 000 users • University of Georgia – 60, 000 users • Embry Riddle University – 12, 000 users • Hemet School District, Los Angeles • Grand Rapids Community College • Savannah Chatham County Schools, Georgia • Douglas County Schools, Georgia • Newton County Schools, Georgia
More File System Education Customers • Northwestern Michigan University • Old Dominion University • Madison Area Technical College • Waukesha County Technical College • Blackhawk PA School District • Marysville Village Schools • Spearfish School District • Maine Township High School District • Waubonsee Community College • Western Illinois Univeristy • Escondido Union High School District • Sutton Public Schools • Ramaz School • Augsburg College • Southwestern Community District No. 9 • Le Moyne College • Macon County R-1 • Grant Mac. Ewan College • Clemson University • Community Consolidated School District – Illinois • Ramaz School • Augsburg College
Sample of Education Customers Leveraging File System Factory, IUAdmin and Audit. Login
Introduction to NCLB No Child Left Behind
No Child Left Behind Program Summary NCLB requires schools to: • increase student access to technology • help students to achieve higher academic standards • improve teachers’ ability to use technology for instruction • increases technology implementation for schools, especially those serving disadvantaged children To receive much of the NCLB federal funding, local school districts must provide government agencies with strategic plans for implementing educational technology. Financial Allocation: In fiscal year 2002, Congress allocated $22. 2 billion for education and No Child Left Behind implementation nationwide.
NCLB and Digital Portfolio’s • The “Digital Portfolio" is a strategy that has gained widespread acceptance in the education field • Digital portfolios make it easier to track a student's progress and work over the years. • Allows students to store their material in digital format on a server to be reviewed by team members. • The portfolio contains samples of significant student work over time and should be available to the student throughout their school career, making it easier for teachers to access student work and thus track performance. • Digital portfolios are useful when applying to post-high school institutions or moving into careers in the private sector. • Digital Identity is key
NCLB and e. Portfolio Links • http: //www. kn. pacbell. com/news/CAschools/sas. html • http: //www. southalabama. edu/tomorrowsteachers/portfolios. html • http: //schools. nycenet. edu/d 75/instructionalservices/assessment/ altassessment/datafolio. html • http: //www. pupilpages. com/ • http: //www. mandia. com/kelly/portfolio. htm
Schools Interoperability Framework SIF • Not a product, but a technical blueprint • Designed for and by K-12 technology providers and educators • Manages data within the K-12 environment • Enables diverse applications to interact and share data • Works cross-platform, over a Webbased interface • Allows automated reporting
K-12 Identity Management Reality Library Automation Network Account e-Mail Transportation Grade Book Food Services Student Information Services Data Warehouse • Data Silo’s • Duplication of work • Inconsistent application of business policy • Time consuming – productivity delays • Little security confidence, significant exposure
SIF components Zone Integration Server (ZIS) Student Information Services Novell Network Account Library Automation SIF Agents Applications School Badge Food Services SIF Data Objects Instructional Software (Plato) Transportation Data Warehouse
SIF integration K-12 data model Federal Data Warehousing State Instructional Services Voice Telephony Transportation SIS Library HR / Finance Grade Book Food Service Accountibility, Reporting, Planning, etc. District School
SIF vendors (Cont. ) Student Information Systems • Pearson Education Technologies – SASIxp – Edustructures SIF Agent for SASIxp – www. edustructures. com • Sungard Pentamation – Open Series Student Management System – www. pentamotion. com • Central Susquehanna Intermediate Unit – CSIU Administrative Software Suite – www. csiu-technology. org
SIF vendors (Cont. ) • Library Automation • Follett Software Co – www. fsc. follett. com • SIRS Mandarin – www. mlasolutions. com • Sagebrush Spectrum • Telephony • Parlant Technology – www. parlant. com • Classroom Software • Renaissance Learning – www. renlearn. com • Transportation • Versa. Trans Solutions – www. versatrans. com • Food Service • School-Link Technologies – www. schoollinktechnologies. com
SIF vendors (Cont. ) • Novell • Data Warehouse • Microsoft • Tetra. Data • Apple • e. Scholar • IBM • Sun Microsystems • Edustructures -ZIS
SIF Government Members US Department of Education Virginia Department of Education Delaware Department of Education Idaho Dept of Education/Rich Mincer Maryland State Dept of Education National Center for Education Statistics (NCES) Ohio Department of Education Ohio School. Net Commission
SIF benefits Students IT Departments • Personalized Student Content • Reduced support costs • Improved timeliness of service • Reduced time needed to manage multiple data sources • Accurate School Data • Increased Efficiency • Save money using existing systems and infrastructure Teachers Administrators • Real-time access to critical information • Increased Efficiency • Better data analysis • Teachers time better spent • Reduced redundancy and errors • Reduced compatibility issues • NCLB
Additional Information on SIF http: //www. sifinfo. org http: //www. opengroup. org/sif/cert/ http: //www. sifinfo. org/vendors/sif_vendor_member. asp
Components of K 12 SIF Provisioning Solution
Components of K 12 SIF Identity Provisioning Solution • Novell e. Directory • Edustructures • SIFWorks™ Zone Integration Server (ZIS) • Nsure Identity Manager SIF User Agent • Life Cycle Student Account Management • Novell File System Factory • Lifecycle Content and Data Management (e. Portfolio) • File Rights and Trustee Analysis • IUAdmin • Web based access to personal and collaborative content • Self-Service Password Reset and Help Desk • Audit. Login and Trust. Fun • Who’s accessing storage and what rights do they have • Novell i. Chain • Secure Access to Web Applications
Digital Identities The key to student and faculty provisioning
Novell e. Directory Stores information about people, services, and resources Manages relationships between them Directs interactions and triggers events
Edustructures Zone Integration Server • Founding Member of SIF • Member of SIF Board of Directors • Strategic Partner Alliances – NCS Learn, Follett – School-Link, Versatran – Novell and others • SIFWorks Enterprise ZIS Server • Cross Platform Support – Netware, Windows, Linux, Solaris, Mac. OS X • SASIxp SIF Agent • www. edustructures. com
Nsure Identity Manager SIF User Agent (Dir. XML) • SIF Agent for Provisioning Students • Built on Award Winning Dir. XML Technology • Supports the Following SIF Object Types: • Student Personal • Staff Personal • Student School Enrollment
Novell File System Factory Automatic Disk Space for all Students or Staff!
Novell File System Factory Automatic Disk Space for each Class or Work Group!
Novell File System Factory Automated Home Directory Management: Create It, Manage It, and most importantly… Clean It Up!
Novell File System Factory Lifecycle Data and e. Portfolio Management: Create It Move It Manage It
Novell File System Factory All you have to do is create the users and groups… …Any way you want… …We’ll handle the rest!
Provision Storage as well as Accounts with Novell File System Factory and Identity Management ZENworks for Desktops ZIS Border. Manager Identity Mgr SIF Driver e. Directory Active Directory Identity Mgr AD Driver Net. Mail FSF LINUX • Policy-based • Event-driven Net. Ware • Load balancing High School 25 MB Net. Ware • Storage creation • Storage management • Storage cleanup • Personal user storage • Group storage Middle School 10 MB
FSF Methodology New workflow component allows employee’s manager to review, reassign, or vault user data prior to deletion. Algorithm: Random Balance Rights: RWCEMFA Quota: 150 MB Template: SERV 1/VOL 1: Policies Del. Wait: 90 Days SCSD ES MS • Create • Rename • Delete Policy HS BJones BSmith Copy SERV 1/VOL 1: POLICIES Target File Systems RWCEMFA BSmith BJones 150 MB
Policy Assignment & Data Migration Jefferson Employee Students Other Sunshine Elem Lincoln Middle Riverside High BSmith • Seamless BSmith • Fault-tolerant • Safe Scheduler – 9: 00 PM Policy BSmith 25 MB Policy BSmith 50 MB
Northern Illinois University Data Migration - Backfill NIU Faculty Students Other BSmith RJones KJackson Admin issues Backfill with “Enforce Policy Paths” option, which will move data. RJones KJackson RCroom NCS DWyatt Pentium Pro 200’s – Policy 0 Users 67, 672 Users RJones BSmith KJackson RCroom BSmith RCroom DWyatt
Education Group Policy Example Assign Policy to Courses Container Algorithm: Random Balance Rights: none Quota: 500 MB Template: SERV 1/VOL 1: Group. Sample Del. Wait: Never Jefferson Courses Create Course Group Object Employee Student Policy Target File Systems SPAN 340 -001 Automatically Create Group Storage and Assign Policies Copy Course Files for Each Student from Template Copy SERV 1/VOL 1: Group. Sample SPAN 340 -001 150 MB
Group Policy Templates Configuration Steps Create Group Object SPAN 340 -001. MS. COURSES. STATEU Create FSF Group Policy Using the FSF Management Interface Create e. Dir Objects Create Template Assign Rights to Directories Assign Members & Owners to the Group
Group Policy Templates Assign Students as Members and Instructors as Owners Members Owners JSmith. Students. STATEU ABelcher. Staff. STATEU MRoberts. Students. STATEU KAlesanto. Staff. STATEU NFrost. Students. STATEU PJones. Students. STATEU RBrooks. Students. STATEU SSmith. Students. STATEU STimms. Students. STATEU TJones. Students. STATEU TSmythe. Students. STATEU WClark. Students. STATEU
Group Policy Templates File System Factory Automatically Provisions Storage for Students and Instructors
Backfill - Apply or Reapply Policy to Existing Objects On Demand BSmith SCSD RCroom COURSES FACULTY STUDENTS DWyatt • Provision storage for pre-existing users according to policy. BSmith RJones KJackson • Begin managing pre -existing storage according to policy. RCroom RJones Admin issues Backfill with “Enforce Policy Paths” which Later, option, the same will move data. operation can be KJackson used to replace existing servers. BSmith DWyatt Policy RJones BSmith KJackson RCroom DWyatt
Where’s my stuff? Users need an easy way to find their storage …even if you need to move it. Personal Storage and Group Storage. Map a Drive? There’s only so many letters in the alphabet. Login Script Management is a headache for group storage.
URAccess End-User tool for dynamically building personalized access links to storage. Leverages Home_Directory user attribute for personal storage. Leverages ccc. FSFactory. Homedir group attribute for shared storage. Creates a local set of UNC paths and description presented to the user in a Windows UI. Like App-Launcher for ZENworks, except provides access to storage. List can be refreshed at any time. Supports multiple tree connections.
URAccess
Executive Storage Dashboard Storage Trends on User and Group Policies
Administrative Storage Dashboard Event Statistics Storage Health Check https: //your. server. name. or. ip. address: 8009/FSF/HTTP_FSFExecutive. Dashboard.
Web Based Quota Manager Policy Configuration
Quota Manager – Help Desk Interface https: //your. server. name. or. ip. address: 8009/FSF/HTTP_FSFQuota. Mgr
Quota Manager – Help Desk Interface Green = space available > 25% of quota Yellow = space available < 25% of quota Red = space available < 10% of quota
Quota Manager – Help Desk Interface
File System Rights Analysis
Rights Analysis OWNERS MEMBERS
Novell e. Guide Manager
Workflow Configuration
Employee Data Manager Interface
What are the requirements? NDS/e. Dir Any Novell supported version of NDS® or e. Directory (6. xx, 7. xx, 85. xx, 8. 6. x, 8. 7. x) FSF_Event Net. Ware 5. 1 SP 6 or later Net. Ware 6. 0 SP 4 or later Net. Ware 6. 5 or later FSF_Engine Net. Ware 6. 0 SP 4 or later Net. Ware 6. 5 or later Net. Ware 4. x SP 9 or later 5. 0 SP 6 a or later 5. 1 SP 6 or later 6. 0 SP 4 or later 6. 5 or later
Coming up Next File System Factory for: Microsoft Active Directory Linux
Provision and De-Provision Storage for Netware, Active Directory and Linux Based on Policy ZENworks for Desktops People. Soft Border. Manager Identity Mgr AD Driver Identity Mgr People. Soft Driver Active Directory e. Directory Net. Mail LINUX FSF Net. Ware FSF
IUAdmin™ User Self Service Personal And Group Storage Access Help Desk Personal Storage Group Storage e. Portfolio Managed By File System Factory Events & Policies
IUAdmin™ Intruder Lockout Grace Logins Login Disabled Account Expired • Web Based Access to Netware Personal Content and e. Portfolio Managed by File System Factory Policies • Web Based Access to Collaborative Group Content Based on File System Factory Policies • Integrate with Novell Extend Portal, Netware 6. 5 Virtual Office Portal and Novell i. Chain • User Self Service • Self-Service Password Reset • Let Users Optionally fix their own problems • Help Desk Administration • Location and Departmental based Help Desk • Help Desk Group Management • User Help Indicators Identify Account Problems
Help Desk Dashboard
IUAdmin™ Architecture • Built on top of Novell’s HTTPSTK. . no webserver to install or configure. • SSL connections for security. • Contextless Login. • No schema extensions. However optional extensions are provided for increased functionality. • Runs on Netware 5. 1 or above with any version of e. Directory. Other products provide Management Paks that plug in to the architecture. User Self Service File System Access File System Factory Help Desk IUAdmin Core Architecture File System Mgt Resource Mgt Audit. Login e. Portfolio Trustfun
Self Service and Password Reset
Self Service Password Reset
No More Floppy Drive Headaches • Virus’s • Limited Space • Drive Failures • Management Nightmare Solution File System Factory IUAdmin
Audit. Login Graph
Audit. Login - Log File Report
Novell i. Chain Securely Linking e. Education to Everything
What is i. Chain? i. Chain is Novell technology for web security • Reduces the complexities of implementing and managing secure web applications • Proxy based Architecture • Supports more HTTP services than any of it’s competitors • Provide single sign-on to web based resources • Supports Enterprise and Project based solutions
Why i. Chain? Firewall Web Servers and Applications Student Internet Parent SECURITY Internet SECURITY Teacher SECURITY Intranet IUAdmin Issues when creating Secure Web infrastructure: a • Direct Access to Web Servers (increase possibility of hacking) • Multiple User Identities (no single sign on) • Need to install SSL services on each web server IIS • Need to change links in HTML content from HTTP to HTTPS • Many different Web Server Technologies Linux/ Apache
i. Chain Solution Benefits of i. Chain: Firewall Teacher Student Web Servers and Applications i. Chain® SECURITY INFRASTRUCTURE One Net • Single Authentication Point IUAdmin IIS Linux/ Apache Parent • Provides Web Single Sign On (headers and Form Fill) Sends Personalized content to applications • Rewrites HTML data (completely hide internal DNS infrastructure) • Dynamically encrypts content as it passes through proxy • Single SSL Certificate can be used for all internal web sites (proxy based) • No change to HTML content • No change to applications authentication process • Secures all HTTP servers e. Directory™ • Remove Direct Access to Web Servers
Phased Approach – Phase 1 • Identity Based Collaborative Learning – Personal Content and Class Storage – Web Based Access for Teachers and Students – Student e. Portfolio - Cradle to Job – User Self Service and Web Based Help Desk – Faculty and IT Staff Training • SIF Readiness Assessment – Technology Infrastructure Assessment – High-Level SIF Design and Plan (Naming Standards) – Executive Level Presentation of Findings • Minimum Phase 1 Software Requirements – Novell File System Factory – IUAdmin and Audit. Login
Phase 1 Policy Based Collaborative Learning Group. Wise® e. Directory™ ZENWorks™ Net. Mail File System Factory™ UIMPORT LDAP IDM Console One Faculty Students Novell Border. Manager IUAdmin™ Audit. Login™ Policy Based Storage Home Directory Class Storage Student e. Portfolio Audit. Login Report & Graph Product Licenses Novell SLA • File System Factory™ Condrey Consulting • IUAdmin™ • Audit. Login™, Trust. Fun
K 12 Student Provisioning Grade Promotion Production Tree IUAdmin Novell Border. Manager HS 1 HD EP FSF MS 1 Student Locker Grade Promotion e. Directory Home Directory e. Portfolio IDM UIMPORT LDAP Custom or 3 rd Party Console One Class Storage
K 12 Student Provisioning Graduation Production Tree SCSD DIST Graduated HS 1 SMS IUAdmin™ STUDENTS HD Novell Border. Manager EP FSF Graduation Student Locker e. Directory IUAdmin™ e. Portfolio EP IDM UIMPORT LDAP Custom or 3 rd Party Console One
Phase 1 Benefits Students IT Departments • Personalized Student Content • Reduced help desk support costs • Improved timeliness of service • Reduced time needed to manage personal and group storage • Web Based Access to resources and lesson assignments • Leverage existing systems and infrastructure – No upgrades Teachers Administrators • Web based access to resources and data • Meet NCLB requirement for personalize content • Team Collaboration with students and teachers • Minimal cost with large return • Teacher e. Portfolio • Web based access to resources and data
Phase One Pilot Example # Students in District = 5000 * FTE for File System Factory # Faculty in District = 500 # Students in 12 th Grade = 400 FTE for IUAdmin = 900 Description Cost Maint Totals File System Factory – 5000 Students (SLA) $2, 500. 00 IUAdmin – 900 Faculty and 12 th Grade Students $700. 00 $140. 00 $840. 00 Audit. Login – Site District License $1, 000. 00 $350. 00 $1, 350. 00 $400. 00 $125. 00 $525. 00 Trust. Fun – Site District License Software Cost $5, 215. 00 * Hardware Cost $0. 00 Total Software and Hardware Cost $5, 215. 00 * Hardware costs depends on the clients current environment Recommend one server for IUAdmin Resource Portal
Current IUAdmin Educational Pricing Flexible Pricing Based on District Needs IUADMIN Government/Educational Pricing* New License Maintenance User Count SKU# Price 1000 IAV 101 KEDU $700 IAMT 01 KEDU $140 2000 IAV 102 KEDU $1, 000 IAMT 02 KEDU $200 4000 IAV 104 KEDU $1, 600 IAMT 04 KEDU $320 8000 IAV 108 KEDU $2, 400 IAMT 08 KEDU $480 16000 IAV 116 KEDU $3, 200 IAMT 16 KEDU $640 32000 IAV 132 KEDU $4, 800 IAMT 32 KEDU $960 Unlimited IAV 1 UNLEDU $6, 400 IAMTUNLEDU $1, 280
Current Audit. Login Educational Pricing Government and Education Pricing* Audit. Login Description SKU# Price V 3 Single Server ALV 3 NSSEDU $100 V 3 Three Server Pack (save 25%) ALV 3 N 3 PEDU $225 ALV 3 NSTEDU $1, 000 ALMAINTEDU $350 V 3 Three Server Pack Upgrade** ALV 3 USSEDU $50 V 3 Site License Upgrade ** ALV 3 USTEDU $500 Gov/Education New Licenses V 3 Site License Gov/Education Maintenance V 3 Yearly Upgrade Protection and Maintenance Option*** Gov/Education Upgrade from Version 2
Phased Approach – Phase 2 – SIF-Enabled Identity Management • Detailed SIF Identity Management Design and Plan • SIF Production Pilot – Two Schools and District Office – Knowledge Transfer and Training • Full SIF Deployment Phase - Remaining Schools • Minimum Software Requirements – Edustructures SIFWorks - SLA – SIS SIF Agent – Specific to vendor – NSure Identity Manager SIF Driver (Dir. XML) - SLA – Novell i. Chain – SLA – Hardware Requirements – Depends on Size of District
SIF-Enabled Identity Management Phases Phase 2 SIF Provisioning User Provisioning / De-Provisioning Nsure Identity Mgr SIFWorks User Access Management Novell i. Chain Audit. Login Trust. Fun File System Factory Phase 1 Collaborative Learning Content Management & Personalization IUAdmin NW 6. 5 Virtual Office e. Xtend Portal
Student Provisioning Phase 2 Student Information Services Net. Mail® e. Directory™ Library Automation Dir. XML Faculty Students ZENWorks Novell i. Chain File System Factory H. R. & Finance Food Services Extend Portal / Virtual Office IUAdmin Audit. Login Policy Based Storage Home Directory Class Storage Student e. Portfolio Audit. Login Report & Graph Transportation Voice Telephony Instructional Services
Q&A
Trust. Fun Rights Analysis
Trust. Fun Report
Trustee Assignment Detail
- Slides: 86