Outsourcing IAM in North Carolina A Statewide IAM
- Slides: 15
Outsourcing IAM in North Carolina A Statewide IAM Managed Service for K-12 San Francisco, CA November 14 -15, 2013 Mark Scheible and Steve Thorpe, MCNC
Introduction “Managing Identity and Access in an Era of Distributed Services” – CAMP 2013 From the NCEd. Cloud IAM Project… Challenges (Problem Statement): 1. Too many accounts for current Services 2. Cumbersome manual process of updating account information from NC Student System to disparate local systems and services 3. Need solid foundation for K-12 cloud solutions growth 2
Background… • 2 years of learning, interviewing, planning (IAM Architecture Plan – 250 pages) • • • RFP (long drawn out process) Vendor Selection • Proposals • Face-to-Face Interviews & Proof of Concept IAM Service Contract Awarded - April, 2013 to i. DENTi. TY AUTOMATi. ON 5
Organizations involved NCDPI - NCEd. Cloud Sponsor (Rtt. T Funding) Friday Institute - NCEd. Cloud Program Manager MCNC - NCEd. Cloud Service Manager Identity Automation - NCEd. Cloud IAM Service Manager and Provider 6
Simple Goals Provide all K-12 staff, students, parents and guests with a single login to all NCEd. Cloud Target Applications and Services as well other cloud services that are utilized by numerous LEA's. Provide self-service capabilities to all end users and delegated management tools to all LEA administrators. 7
Numbers… Initial Scope: Employees: ~250, 000 Students: ~1. 5 Million LEAs (School Districts) – 115 (2, 500 schools) Charter Schools – 111+ (growing) 5 Target Applications Year 1 Future Scope: Guardians: ~3 Million Guests: Unknown 10 Target Applications per year 8
Core Components Person Registry: a component of the core infrastructure that provides an identity data warehouse for the NCEd. Cloud IAM Service. This registry is responsible for matching, merging and cleansing of data as it comes from the sources. Central Directory: a component of the core infrastructure that provides a directory service for the NCEd. Cloud IAM Service. The Central Directory is the authoritative source for the NCEd. Cloud Username and password. It is also the source of all target system integrations whether by SAML, LDAP or direct provisioning. 9
Core Services My NCEd. Cloud - The interface for end users and administrators that will provide self-service and delegated administration capabilities NCEd. Cloud SAML Id. P - The service that will provide sign-on capabilities to cloud systems that support the SAML protocol and implementation NCEd. Cloud Sync - The service responsible for managing the lifecycle of accounts across ALL systems (including the Target Applications) – provision, update, deprovision 10
Infrastructure The NCEd. Cloud IAM infrastructure will be hosted in Amazon's AWS environment. This service provides unlimited scaling as well as a world class high availability platform (across three east cost data centers) 11
Year 1 Target Services By March 2014: • Google Apps for Education • Central Directory Local Replica (CDLR) • Zscaler – cloud-hosted firewall, content filtering • Follet Destiny • Discovery Education 12
Schedule Assessment Phase - Completed April 30, 2013 Design Phase - Completed June 30, 2013 Build Phase - Completed July 31, 2013 (Development) Test Phase - Completed November 8, 2013 (Test) Deployment Phase (Production) November 11, 2013 - March 31, 2013 for early adopters Full Production Available April 1, 2014 for remaining LEAs and Charters 13
Challenges The RFP Process • Procurement was a lengthy process with many state procedural requirements • Funding came from Rtt. T, but was administered by the NCDPI • NCDPI was overseen by the State IT Agency • Bottom Line – you NEED a champion (with influence) The Data Sources – ALWAYS a challenge Communication with the Vendor 14
Current Focus LEA/Charter School Onboarding Process (for Early Adopters) - Currently working with 10 EAs • Application Form (online) • Onboarding Checklist (Readiness Review) • Planning Session (In Person or Remote) Creation of Governance Body (Oversight/Steering) Plan for Integrating “Home Base” Applications • Pearson Power. School, Open. Class, School. Net • True North Logic (TNL) – Teacher assessment, PD 15
Future Opportunities Federation of the NCEd. Cloud Id. P • Regional Federation (NCTrust) • In. Common Use of NCEd. Cloud (K-12) student credentials to access local Higher Education resources • Early College High School programs (piloting) • In State Admissions • Integration with Comm. IT ? 16
Information… NCEd. Cloud IAM Web Site • Overview videos of the IAM Service • Documents (slides, IAM Plan, Service Management Plan) • ncedcloud. mcnc. org Mark Scheible – mscheible@mcnc. org Steve Thorpe – thorpe@mcnc. org Sammie Carter (Friday Institute) – swcarter@ncsu. edu 17
- Map of north carolina and south carolina
- Virginia, maryland, north carolina, south carolina, georgia
- Virginia, maryland, north carolina, south carolina, georgia
- Virginia, maryland, north carolina, south carolina, georgia
- North carolina indian housing authority
- North carolina sunshine laws
- Local government investment pool services north carolina
- Nc residency determination service
- Family support network of north carolina
- Chapel hill computer science
- Nc state flower facts
- North carolina juvenile justice process
- North carolina medical examiner toxicology
- Chapter 13: north carolina state government
- Regions of south carolina
- Geography of north carolina