Microsoft Management Seminar Series - PowerPoint PPT Presentation

1 / 37

About This Presentation

Title:

Microsoft Management Seminar Series

Description:

Introduce you to a number of tools, best practices, ... Only 70% of users deleted on departure. New users provisioned to 16 apps, on departure deleted from 10 ... – PowerPoint PPT presentation

Number of Views:37

Avg rating:3.0/5.0

Slides: 38

Provided by: downloadM

Category:

more less

Transcript and Presenter's Notes

Title: Microsoft Management Seminar Series

1
Microsoft Management Seminar Series

2
Session Goals

Introduce you to Identity Management and the
tools / techniques that can be used in the
identity lifecycle
Demonstrate how you can perform effective Asset
Management within your organization.
Introduce you to a number of tools, best
practices, Tips tricks to help you for Identity
and Asset Management in your systems.

3
Agenda

Identity Management Overview
Demos
Asset Management Overview
demos
Next Sessions
Patch Management and Change Control with SMS
Operations Management with MOM 2005

4
Managing Digital Identities What Are the
Challenges?
Challenges to managing digital identities include

Multiple identity stores
Intranet access management
Extranet access management
The number of Digital Identities is increasing

5
What Is Identity Management?
Repositories for storing and managing accounts,
identity information, and security credentials
The process of authenticating credentials and
controlling access to networked resources based
on trust and identity
The processes used to create and delete accounts,
manage account and entitlement changes, and track
policy compliance
6
The Identity Lifecycle

Retire User
Delete/Freeze Accounts
Delete/Freeze Entitlements

New User
User ID Creation
Credential Issuance
Access Rights

Password Mgmt
Strong Passwords
Lost Password
Password Reset

Account Changes
Promotions
Transfers
New Privileges
Attribute Changes

7
Why is Identity Management Important?

Whether you know it or not, you are doing it
Proliferation of identities and manual identity
management result in increased costs and security
risks

8
Application proliferation results in Identity
Overload
of Digital IDs
Applications
Time
Pre 1980s
1980s
1990s
2000s
9
Business impact of Identity Overload

24 lower productivity
End user spends 16 minutes a day logging in to
various system
Provisioning new users take 28 hours longer than
business requirements
Increased IT Operational Costs
Roughly 48 of help desk calls are password
resets (45-153 each)
User management consumers 5.25 of all IT
productivity
Most admin tasks (moves, adds, changes) take 10x
longer than necessary
23 additional security risks
Only 70 of users deleted on departure
New users provisioned to 16 apps, on departure
deleted from 10
A survey of over 600 organizations concluded that
the average cost impact of security breaches on
each organization alone is over 972K

Source Metagroup/PwC Survey 2002, CSI/FBI
Survey
10
Microsoft Identity Integration Server (MIIS)

Key capabilities
Directory Synchronization
Provisioning and Deprovisioning
Password Management
Agentless connection to heterogeneous systems
Key benefits
Easy to deploy
Easy to translate business rules into MIIS
Easy to build solution over time

LOB Apps
11
Easy To Deploy And Manage

Easy to deploy
No agents to deploy on connected systems
MIIS can stand-alone or share clustered SQL
Migrate configuration from test to production via
XML files
Easy to extend existing deployment
System is designed so that its easy to
incrementally add capabilities
Easily add more systems or expand business rules
Easy to troubleshoot and Manage
Preview Mode
Data Lineage
No log files to grep through - All error
information stored in the database
MOM Management Pack available for download

12
System Reach

Connectivity Included with MIIS 2003
Active Directory and Active Directory Application
Mode
SunONE, iPlanet and Netscape Directories
Novell eDirectory
Microsoft SQL 2000 SQL 7
Oracle 9i/8i
Lotus Notes 5.x/6.x
Microsoft Exchange 5.5, 2000, 2003
Microsoft NT 4.x
Generic connectivity with files
DSML, LDIF, CSV, Fixed Width, AVP
IBM Informix, dBase, Access, Excel, OLEDB via SQL
DTS
Extensible Management Agent
More

13
MIIS Deployment Scenarios

Directory Synchronization
Automatic Provisioning/Deprovisioning
Password Management
Data Cleansing
Group and List Management
Role Based Access Control

14
Directory Synchronization

Synchronizes multiple repositories providing
support for
Identity data aggregation
Identity data convergence
Change management
Identity data integrity enforcement
Provides attribute-level control
Manage global address lists (GAL)
Automate group and DL management

iPlanet
SQL
Oracle
15
Provisioning And Workflow

Provisioning
Provision users as they appear in authoritative
systems
Set initial values for attributes including
password
De-provisioning
Automatically disable or delete accounts
Simple workflow
Supports 1-step approval
Complex Workflow
Initiate workflow or provisioning system such
asBizTalk
3rd party provisioning systems

16
Password Management

Set initial password for provisioned accounts
Centralized password control via a Web app
Self-service password change
Helpdesk password reset
Decentralized password synchronization

Web app
SunONE Directory
17
Demo Setup
Client
18
Demo

MIIS Based Identity Management System

19
Resources

www.microsoft.com/miis
MIIS 2003, Enterprise Edition Evaluation
Identity Integration Feature Pack for Microsoft
Windows Server Active Directory
Technical Library
Case studies
Community Information
www.microsoft.com/idm

20
Agenda

Identity Management Overview
Demos
Asset Management Overview
demos
Next Sessions
Patch Management and Change Control with SMS
Operations Management with MOM 2005

21
What is IT asset management?

A set of procedures and tools to
Identify
Track
Enforce
the IT infrastructure
Items (hardware, software)
Information (configuration, licenses, ownership)
Policies (compliance, approvals, desktop configs,
SLAs)
Define the lifecycle of items in the IT
infrastructure
Provide business value
Require policies, workflow processes, and tools

22
Challenges with Asset Management

Centrally managing software distribution
Updating of applications and operating systems
Software costs / license compliancy.
Tracking Hardware in your system.
Management of the mobile workforce.

23
Systems Management Server (SMS) Addressing
Customers Needs Today

Installs easily, gets results quickly
Support for complex environments
Multi domain support

Help me deliver value right away

Deployment of applications to one or many
machines
Vulnerability Assessment and Patch Management
Hardware and software management

Help me run operations more productively

Automated collection creation using dynamic
queries
Software Update Services for SMS 2003 Feature Pack

Help me decrease my workload
24
Systems Management Server (SMS) 2003
SecurityPatchManagement
AssetManagement
Support forthe Mobile Workforce
Application Deployment
LeveragingWindows Management Services
25
Asset Management With SMS
Business Demands

Software metering
Product Compliance
Reporting

Maintain current state of hardware and software
inventory
Tracking and Discovery
Active Directory Integration

Administrator Requirements
26
Software metering

Increasing focus on license compliance and
anti-piracy measures
Several goals
Provide data for compliance audits
How many people are using licensed apps?
Is it the right set of people?
Are there licensed apps that people arent using?
Are people using apps they arent supposed to?
Incorrect versions
Games
Stuff downloaded off the Web

27
Use of inventory

Hardware and Software
Inventory extensions
Non-Windows products
Integrate data from other databases
Read asset tags from BIOS
Stamp registry with ownership info
Additional architectures (DDRs, IDMIFs)
Desktop standardization
Provide inventory data to other systems

28
SMS Web Based Reporting

Integrated setup through SMS setup
Integrated in the SMS Administrator Console
Can generate and run reports from SMS
Viewed in Internet Explorer
SMS object security provides granularity of
security
Report exporting/importing
Reports can be customized to meet the business
needs
Scheduled reports
Dashboards for viewing multiple reports on one
web page

29
Software Asset ReportProducts on a Specific
Computer
30
SMS Customized Reports
31
SMS Customized Reports

32
SMS Customized Reports

33
Service Pack 1

Infrastructure Improvements
Tighten Security
Enhanced Reliability
Improved Scalability
Increased Configuration Support
Workgroups
Support for Virtual Server/Virtual PC
Localized Admin console based on OS
Eliminated WINS specific calls in SMS

34
Device Management Feature Pack
The SMS 2003 Device Management Feature Pack
allows SMS 2003 to manage mobile devices running
Windows CE (3.0 or later) and Windows Mobile
software for Pocket PCs (2002 or later).

Hardware inventory
Software inventory
File collection
Software distribution
Settings management
Password policy management
Available only for Windows Mobile software for
Pocket PCs.

35
OS Deployment Feature Pack
SMS inventory used to create a collection
machines are targeted for refresh
1
Compressed WIM OS image is downloaded installed
5
Target Machine
Existing Windows Client receives advertisement
for OS refresh
2
Image is personalized and boots to full OS with
SMS agent
6
SMS delivers bootable WinPE image using WIM to
existing OS partition
3
Auto login configures the SMS Advanced Client
agent
7
Boot files are modified, reboots to WinPE on
hard disk
4
SMS delivers role based applications and post OS
config
8
SMSServer
SMS Advanced Client Agent Windows-Present
Application Delivery
Logs all activity
WinPE Image Delivery
OS Image Delivery
36
Integration with other tools