Outsourcing IAM in North Carolina A Statewide IAM

  • Slides: 15
Download presentation
Outsourcing IAM in North Carolina A Statewide IAM Managed Service for K-12 San Francisco,

Outsourcing IAM in North Carolina A Statewide IAM Managed Service for K-12 San Francisco, CA November 14 -15, 2013 Mark Scheible and Steve Thorpe, MCNC

Introduction “Managing Identity and Access in an Era of Distributed Services” – CAMP 2013

Introduction “Managing Identity and Access in an Era of Distributed Services” – CAMP 2013 From the NCEd. Cloud IAM Project… Challenges (Problem Statement): 1. Too many accounts for current Services 2. Cumbersome manual process of updating account information from NC Student System to disparate local systems and services 3. Need solid foundation for K-12 cloud solutions growth 2

Background… • 2 years of learning, interviewing, planning (IAM Architecture Plan – 250 pages)

Background… • 2 years of learning, interviewing, planning (IAM Architecture Plan – 250 pages) • • • RFP (long drawn out process) Vendor Selection • Proposals • Face-to-Face Interviews & Proof of Concept IAM Service Contract Awarded - April, 2013 to i. DENTi. TY AUTOMATi. ON 5

Organizations involved NCDPI - NCEd. Cloud Sponsor (Rtt. T Funding) Friday Institute - NCEd.

Organizations involved NCDPI - NCEd. Cloud Sponsor (Rtt. T Funding) Friday Institute - NCEd. Cloud Program Manager MCNC - NCEd. Cloud Service Manager Identity Automation - NCEd. Cloud IAM Service Manager and Provider 6

Simple Goals Provide all K-12 staff, students, parents and guests with a single login

Simple Goals Provide all K-12 staff, students, parents and guests with a single login to all NCEd. Cloud Target Applications and Services as well other cloud services that are utilized by numerous LEA's. Provide self-service capabilities to all end users and delegated management tools to all LEA administrators. 7

Numbers… Initial Scope: Employees: ~250, 000 Students: ~1. 5 Million LEAs (School Districts) –

Numbers… Initial Scope: Employees: ~250, 000 Students: ~1. 5 Million LEAs (School Districts) – 115 (2, 500 schools) Charter Schools – 111+ (growing) 5 Target Applications Year 1 Future Scope: Guardians: ~3 Million Guests: Unknown 10 Target Applications per year 8

Core Components Person Registry: a component of the core infrastructure that provides an identity

Core Components Person Registry: a component of the core infrastructure that provides an identity data warehouse for the NCEd. Cloud IAM Service. This registry is responsible for matching, merging and cleansing of data as it comes from the sources. Central Directory: a component of the core infrastructure that provides a directory service for the NCEd. Cloud IAM Service. The Central Directory is the authoritative source for the NCEd. Cloud Username and password. It is also the source of all target system integrations whether by SAML, LDAP or direct provisioning. 9

Core Services My NCEd. Cloud - The interface for end users and administrators that

Core Services My NCEd. Cloud - The interface for end users and administrators that will provide self-service and delegated administration capabilities NCEd. Cloud SAML Id. P - The service that will provide sign-on capabilities to cloud systems that support the SAML protocol and implementation NCEd. Cloud Sync - The service responsible for managing the lifecycle of accounts across ALL systems (including the Target Applications) – provision, update, deprovision 10

Infrastructure The NCEd. Cloud IAM infrastructure will be hosted in Amazon's AWS environment. This

Infrastructure The NCEd. Cloud IAM infrastructure will be hosted in Amazon's AWS environment. This service provides unlimited scaling as well as a world class high availability platform (across three east cost data centers) 11

Year 1 Target Services By March 2014: • Google Apps for Education • Central

Year 1 Target Services By March 2014: • Google Apps for Education • Central Directory Local Replica (CDLR) • Zscaler – cloud-hosted firewall, content filtering • Follet Destiny • Discovery Education 12

Schedule Assessment Phase - Completed April 30, 2013 Design Phase - Completed June 30,

Schedule Assessment Phase - Completed April 30, 2013 Design Phase - Completed June 30, 2013 Build Phase - Completed July 31, 2013 (Development) Test Phase - Completed November 8, 2013 (Test) Deployment Phase (Production) November 11, 2013 - March 31, 2013 for early adopters Full Production Available April 1, 2014 for remaining LEAs and Charters 13

Challenges The RFP Process • Procurement was a lengthy process with many state procedural

Challenges The RFP Process • Procurement was a lengthy process with many state procedural requirements • Funding came from Rtt. T, but was administered by the NCDPI • NCDPI was overseen by the State IT Agency • Bottom Line – you NEED a champion (with influence) The Data Sources – ALWAYS a challenge Communication with the Vendor 14

Current Focus LEA/Charter School Onboarding Process (for Early Adopters) - Currently working with 10

Current Focus LEA/Charter School Onboarding Process (for Early Adopters) - Currently working with 10 EAs • Application Form (online) • Onboarding Checklist (Readiness Review) • Planning Session (In Person or Remote) Creation of Governance Body (Oversight/Steering) Plan for Integrating “Home Base” Applications • Pearson Power. School, Open. Class, School. Net • True North Logic (TNL) – Teacher assessment, PD 15

Future Opportunities Federation of the NCEd. Cloud Id. P • Regional Federation (NCTrust) •

Future Opportunities Federation of the NCEd. Cloud Id. P • Regional Federation (NCTrust) • In. Common Use of NCEd. Cloud (K-12) student credentials to access local Higher Education resources • Early College High School programs (piloting) • In State Admissions • Integration with Comm. IT ? 16

Information… NCEd. Cloud IAM Web Site • Overview videos of the IAM Service •

Information… NCEd. Cloud IAM Web Site • Overview videos of the IAM Service • Documents (slides, IAM Plan, Service Management Plan) • ncedcloud. mcnc. org Mark Scheible – mscheible@mcnc. org Steve Thorpe – thorpe@mcnc. org Sammie Carter (Friday Institute) – swcarter@ncsu. edu 17

Outsourcing IAM in North Carolina A Statewide IAMOutsourcing IAM in North Carolina A Statewide IAM
Outsourcing in General What is Outsourcing Outsourcing isOutsourcing in General What is Outsourcing Outsourcing is
Outsourcing WALT What is outsourcing Scope of outsourcingOutsourcing WALT What is outsourcing Scope of outsourcing
ACQUISTIONS OF OUTSOURCING AND LEASING OUTSOURCING Outsourcing isACQUISTIONS OF OUTSOURCING AND LEASING OUTSOURCING Outsourcing is
North Carolina Biotechnology Center North Carolina Pavilion BIONorth Carolina Biotechnology Center North Carolina Pavilion BIO
North Carolina BacktoWork Program Overview North Carolina BacktoWorkNorth Carolina BacktoWork Program Overview North Carolina BacktoWork
North Carolina Virtual Public School North Carolina ConnectionsNorth Carolina Virtual Public School North Carolina Connections
The North Carolina Agricultural Foundation Inc North CarolinaThe North Carolina Agricultural Foundation Inc North Carolina
Chapter 13 North Carolina State Government North CarolinaChapter 13 North Carolina State Government North Carolina
North Carolina Three Regions of North Carolina CoastalNorth Carolina Three Regions of North Carolina Coastal
North Carolina Biotechnology Center North Carolina Pavilion BIONorth Carolina Biotechnology Center North Carolina Pavilion BIO
The Security Officer in North Carolina NORTH CAROLINAThe Security Officer in North Carolina NORTH CAROLINA
NCET North Carolina State North Carolina County GreeneNCET North Carolina State North Carolina County Greene
POLI 203 North Carolina Reforms North Carolina wasPOLI 203 North Carolina Reforms North Carolina was