Microsoft Metadirectory Services Scott Gosling B Bus Comp
Microsoft Metadirectory Services Scott Gosling (B. Bus (Comp), MCSE, MCT, Compaq ASE) Infrastructure Services Consultant Powerlan (Qld) sgosling@powerlan. com. au July 2001
Agenda § § Business Issues Introduction § § § MMS Technology overview Demo Who is using MMS? Getting Involved with MMS Product Roadmap Q&A § What is Identity Management?
Business Issues § Shrinking budgets, fiscal tightening § With increasing pressures on IT budgets, technologies that actually reduce your workload should warrant serious consideration Directory (or identity) management for user information is a source of expense that increases with every directory § § IT Budgets under scrutiny § We all have to do more with less
Identity Management Windows Users n Account info n Privileges n Profiles n Policy E-Mail Servers n Mailbox info n Address book Windows Clients n Mgmt profile n Network info n Policy Identity Applications n Server config n Single Sign-On n App-specific directory info n Policy Windows Servers n Mgmt profile n Network info n Services n Printers n File shares n Policy Network Devices n Configuration n Qo. S policy n Security policy Firewall Services n Configuration n Security Policy n VPN policy Internet
Enterprise Today APP User ? Directory APP User ry o t ec r i D al n tio es a l Re abas t Da Mes sagi ng Syst ems
We Exist Everywhere § § § Identity information is scattered throughout most enterprises Organisations will always have multiple sources of information Organisations need an integrated view of people and resources in the enterprise
Need An Integrated View Directory se a b a t Da User Mes sagi ng
Why Consolidate Directories? § Common scenarios include; § Maintaining many different repositories equals cost complexity § E-Mail address book synchronisation § HR Managing User Status § E-Commerce applications § Inter-Forestructuring § Burton Group: A company with seven directories could save up to $312, 500/year
Identity Management Human Resources ERP Database NOS Directory Business Rules? Database Other Directory
How Metadirectory Works ‘Add User’ Oracle, db 2 Applications A Gra dd Us nt R er Database igh ts E-Mail Directory te a e ox r C ilb a M Active Directory MMS • • • Business Rules Transformation Data integrity HR App er s d U nt d A ve E Database RAS Qo. S Ad Pr d U ov se Windows 2000 is r io n AD
Example Street Market MMS Compass Browser Active Directory Meta-Directory Lotus Notes Directory Remove Scott ve o m Re cott S X NWAdmin MMS NDS
Remove User Street Market MMS Compass Browser X Meta-Directory Lotus Notes Directory X Remove Scott ve o m Re cott S MMS Active Directory ve o m Re cott S Re mo Sc ve ott X NWAdmin NDS X
Add User Add Craig Street Market MMS Compass Browser Active Directory Meta-Directory d Ad ig Cra Lotus Notes Directory NWAdmin MMS Fire Business Rules: • Add Craig to Meta-Directory • Add Craig to Notes • Add Craig to NDS
User Added Street Market MMS Compass Browser Active Directory d Ad ig Cra Meta-Directory Lotus Notes Directory Add Brian NWAdmin d Ad ig Cra MMS Ad Cra d ig NDS
Change Details MMS Compass Browser Business Rules: Street Market • Notes ‘Owns’ Phone # • NDS ‘Owns’ Title • AD Get All Updates Active Directory Meta. Verse Lotus Notes Directory ge & n a Ch one ph le e l Te Tit • Correct Phone • Incorrect Title MMS C Te han lep g ho e Tit ne & le NWAdmin NDS • Incorrect Phone • Correct Title
Process Change Street Market MMS Compass Browser Active Directory Meta. Verse Lotus Notes Directory • Correct Phone • Incorrect Title NWAdmin ate d Up tle Ti MMS Up d Ph ate on e NDS • Incorrect Phone • Correct Title
Change Processed Street Market MMS Compass Browser Active Directory Meta. Verse Lotus Notes Directory • Correct Phone • Correct Title NWAdmin ate d Up tle Ti MMS Up d Ph ate on e NDS • Good Phone • Good Title
Update AD Street Market MMS Compass Browser Active Directory Meta. Verse Lotus Notes Directory • Good Phone • Good Title ate d Up tle Ti MMS ate ne d Up Pho & e l t Ti NWAdmin Up d Ph ate on e NDS • Good Phone • Good Title
What Should A Metadirectory Do For You? § § Create a joined namespace Apply business rules: § Ensure data integrity through convergence § Merge information from many sources § Route information to other systems § Organize and manage structure
MMS Architecture § Connectivity § Brokering § Integrity § Supports standards-based directory via LDAP v 3 § Databases via SQL or OLE/DB § Applications via API interfaces § Detects and processes changes § Aggregates data from multiple directory services § Tracks objects as they move § Preserves ownership relationships § Handles common failure scenarios § Maintains referential integrity
Connectivity § Synchronisation of heterogeneous directories § No additional software required ‘on’ the connected directory systems § Bi-directional attribute flow § Full and delta synchronisation support § Flexible scheduled synchronisation
MMS Management Agents § Available MMS Agents § Novell Netware 3. x, NDS via LDAP § Lotus Notes, Domino and cc: Mail § Exchange, MS Mail, NT Domains § Active Directories § Netscape Directory Server via LDAP § Novell Group. Wise 4. x/5. x § Banyan VINES § Report – for creating flat file reports § Generic – allows you to build your own
Connectivity - Other § § § ISOCOR, ICL, Control Data and other X. 500 directories via LDAP Other ‘metadirectory’ products such as Netscape, Control Data, Siemens & ISOCOR ODBC/SQL Provisioning Tutorial Management Agents § HR via LDIF § Telephone System § E-Mail System Management Agent Toolkit to assist building your own management agents
Brokering § § § The Management Agent (MA) determines what information (objects or attributes) have changed The MA can aggregate data from different connected directories to create the ‘holistic’ view of a person Changes within the directory structure (i. e. reorganisation) of a connected directory are easily handled by the MA
Integrity § § § The MA maintains identity data ownership relationships Maintains referential integrity between different sources of identity data Provides failure management to ensure that updates are successful and transactions are processed properly
MMS Benefits § Simplified Data Access § Administrative Cost Reduction § Business Process Integration § Single authoritative point of access & admin § Anchors users & namespaces § Improves information reliability § Ensure consistency of identity data across repositories § Fewer e-mail delivery errors § Timely updates to identity data § Leverage MMS to automate directory-related tasks § Reduce administrative overhead § Improve system security
How it Pulls Together Web browser Compass The Metaverse LDAP-enabled apps Connector Namespace MA MA MA Connected Directory
Identity Information
Demo Compass MMS Browser Human Resources SQL 2000 Network Active Directory MMS 2. 2 Email Exchange 5. 5
MMS Customers • • AT&T Caterpillar Deere BAT Texas Instruments ALCAN Compaq Miller Brewing • • Exxon/Mobil Target Telstra ICL/Fujitsu Sprint Bell Siemens Volvo § Over 4 Million Seats Total
Customer Example ACF 2 HP Open. Mail Human Resources X. 500 Meta. Verse Banyan Vines MMS 2. 1 Self-Service Web Application Active Directory Read-Only Replicas Radius Server
Customer Example Contains ICL-only information All computers across the enterprise Microsoft NT >50, 000 accounts TRACS Exchange 5. 5 Enterprise E-Mail 26, 000 users Employees and contractors 18, 000 records MS SQL based NT Domains Human Resources X. 500 Metaverse Exchange 5. 5 MMS Active Directory >10, 000 records Self-Service Web Application
How ICL Joins HR System • Job Title • Location • Personnel Number • Org. Level 1 • Org. Level 2 • Org. Level 3 • First Name • Surname TRACS • Operating System • Computer Serial Number • Personnel Number • Processor • Memory MMS • Mail Address • NT Login(Domain/Username) • Job Title • Location • Personnel Number • Org. Level 1 • Org. Level 2 • Org. Level 3 • First Name • Surname • Operating System • Computer Serial Number • Processor • Memory Microsoft Exchange • Mail Address • NT Login (Domain/Username) Microsoft NT • Personnel Number (Full Name) • NT Login (Domain/Username) Join based on ‘personnel number’
How MMS Works at ICL TRACS Exchange 5. 5 Meta. Verse MMS Human Resources Active Directory Joe Bloggs Dept: Marketing Location: London, Bldg 6 Joe is promoted to Vice-President, Sales of the Australian subsidiary Title: Manager Joe Bloggs Dept: Sales Location: Sydney, Bldg 1 Title: Executive Member of Exchange DLs: • Marketing employees • London-based employees • Building 6 staff • Management staff Member of Exchange DLs: • Sales employees • Sydney-based employees • Building 1 staff • Executive staff • Ex-pat list
AD Inter-Forest Sync abc. com Active Directory xyz. com Active Directory
Inter-Forest Toolkit F. edu A. edu B. edu C. edu D. edu E. edu
How to Get Into MMS § Engage a partner who has completed the MMS requirements § Like Powerlan 8 -) § § § Runs only on Windows 2000 Advanced Server Appropriate training is recommended MMS is a free ‘toolkit’, but can only be licenced via a partner engagement
MMS Timeline First MS Release Windows integration 12/1999 3 Q 00 1 Q 02 4. 0 M M S 3. 0 M M S M A MS D M 2. 2 A 2. 1 M M S ZO OM IT VI A 2. 1 AD becomes the store Late 2002
More Information § http: //www. powerlan. com. au/qld § http: //www. microsoft. com/windows 2000/ mms § http: //www. microsoft. com/windows 2000/ server/evaluation/news/bulletins/mmsfaq. asp
- Slides: 41