SlideShare ist ein Scribd-Unternehmen logo

Case Study: University of California, Berkeley and San Francisco

Als PPT, PDF herunterladen
ForgeRock
ForgeRock

Presented by Dedra Chamberlin Deputy Director, Identity and Access Management University of California, Berkeley and San Francisco, Francesco Meschia IAM Engineer, UC Berkeley and Mukesh Yadav, IAM Engineer, UC San Francisco at ForgeRock Open Stack Identity Summit, June 2013 Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

TechnologieBildung
1 von 32
Open Identity SummitOpen Identity Summit ForgeRock and UCB/UCSF Next Gen IAM Strategy Dedra Chamberlin Deputy Director, Identity and Access Management University of California, Berkeley and San Francisco Francesco Meschia IAM Engineer, UC Berkeley Mukesh Yadav IAM Engineer, UC San Francisco
Open Identity Summit Change to Partner logo/presenter UCB IAM Then  ID Match and Registry – Homegrown, LDAP as registry  Credential management – Homegrown apps to MIT Kerberos and AD  WebSSO - CAS/Shibboleth  Directory - Oracle DSEE  Provisioning – Homegrown and some Waveset  Central Access Management – Homegrown Coldfusion app
Open Identity Summit Change to Partner logo/presenter UCSF IAM Then  ID Match and “Registry” – Mainframe  Credential Management – Custom Apps in ITAM  WebSSO - “MyAccess” (Shibboleth + ITAM, ITIM LDAP)  Directory – OpenDS  Provisioning – Very little IBM Tivoli  Central Access Management – One legacy app for managing mainframe-based permissions
Open Identity Summit Change to Partner logo/presenter Joint Strategy Development  Migrate away from “do-it-all” vendor solutions  Modular architecture – interoperable components  Reduce cost for implementation and support  Avoid vendor lock-in  Leverage efforts across the two campuses  Partner with other higher ed institutions – Community Framework for Educations and Research (CIFER) http://ciferproject.org
Open Identity Summit Change to Partner logo/presenter
Open Identity Summit Change to Partner logo/presenter
Open Identity Summit Change to Partner logo/presenter UCB/UCSF NextGen and ForgeRock  UCB  Current: Oracle DSEE > ForgeRock OpenDJ  Future: OpenIdM and AD, Activiti/OpenIdM for access control  UCSF  Recent: IBM Tivoli > OpenIdM and OpenDJ  Future OpenIdM and AD, Activiti/OpenIdM for access control
Open Identity SummitOpen Identity Summit CalNet goes OpenDJ Francesco Meschia CalNet Team University of California, Berkeley
Open Identity Summit Change to Partner logo/presenter LDAP @ UC Berkeley  The CalNet LDAP directory is the main user information repository in use at UC Berkeley  3.2M users, ~300 applications using it  Diversified population (faculty, students, staff, various other types of affiliates)  Used as authoritative source of information about campus affiliates  Very heavily used, high uptime required  Various privacy policies in force for different slices of the populations (e.g. FERPA policies for students)
Open Identity Summit Change to Partner logo/presenter LDAP @ UC Berkeley  Originally implemented on Sun Directory Server  Then on Oracle Directory Server Enterprise Edition  Started looking for an alternative in 2011  Easy migration of ACLs was important  Reliable replication equally important  Compatibility with standards and with some proprietary features (e.g. external changelog) was important as well  Vendor and community support highly desired  Generally better performance very important, too!
Open Identity Summit Change to Partner logo/presenter OpenDJ to the test  Functional validation (tests against a number of representative applications)  Replication and deployment options  Performance tests
Open Identity Summit Change to Partner logo/presenter From lab to campus  Technical features were just one part of the problem  The CalNet LDAP is very heavily used (~300 applications, ~1M binds per day incl. anonymous binds)  Migration downtime hardly an option  “Big Switch Day” also unrealistic
Open Identity Summit Change to Partner logo/presenter Migration strategy  Keep it simple: no major directory tree overhaul, almost plain 1:1 migration  No “Big-bang-style” rollout  6-month-long “parallel staging”  Both Oracle DSEE and OpenDJ available for production and for QA  OpenDJ synchronized with Oracle DSEE at all times  All applications have 6 months to test and migrate  At the end of the 6-month window, Oracle DSEE is decommissioned
Open Identity Summit Change to Partner logo/presenter Synchronization strategy Only 11 applications have write access to CalNet LDAP  And 5 of those are CalNet-managed applications  If we schedule the migration of the 11 “writers” at the beginning or at the end of the window, synchronization only needs to be unidirectional  Much easier… and provides a backup plan in case anything goes wrong
Open Identity Summit Change to Partner logo/presenter Migration DSEE ldap.b.e OpenDJ nds.b.eSync Process App 2 Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process R/O App n Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process App 2 Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n App 2 DSEE ldap.b.e OpenDJ nds.b.eSync Process Writer App 1 Writer App 2 R/W App n R/O App 1 App 2 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process Writer App 1 R/O App 1 App 2 R/O App n Writer App 2 R/W App n OpenDJ nds.b.e ldap.b.e Writer App 1 R/O App 1 App 2 R/O App n Writer App 2 R/W App n
Open Identity Summit Change to Partner logo/presenter How to synchronize?  Our first idea was to use OpenIDM  Initial reconciliation, then synchronization  Turned out CalNet LDAP structure is unsuitable  Too much information other than just users and groups  Hierarchical structure with subentries not really compatible with OpenIDM model
Open Identity Summit Change to Partner logo/presenter How to synchronize?  We ended up writing our own code  We frequently poll Oracle DSEE changelog and carry over changes to OpenDJ  Starting with a fresh LDIF backup  All user attributes  A few operational attributes are actually translated (e.g. resource limits)  We manually translate a few seldom-changed operational attributes (most of all, ACIs)  Closed-loop control with parallel watchdog process
Open Identity Summit Change to Partner logo/presenter Project status  Parallel window closes at the end of July  Applications are currently hitting the QA environment  Users report much better performance  Synchronization was flawless for the last 5 months  Excellent support from ForgeRock during these months  Two replication bugs were found thanks to the sync- and-watchdog feedback loop, and promptly fixed  Looking forward to complete migration!
Open Identity SummitOpen Identity Summit Migration from IBM to ForgeRock Mukesh Yadav UCSF
Project GoalProject Goal  Migrate from ITIM to OpenIDM  Migrate from ITDS to OpenDJ(Credential store)  Migrate from IBM Self Service to home grown Self Service ………..Achieve above all without any user impact ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator
New ToolsNew Tools  Development tools  Groovy on Grails  Twitter bootstrap  Directory Store  OpenDJ  Provisioning tool  OpenIDM
Migration ChallengesMigration Challenges  Get user passwords from old Directory Server to New(OpenDJ)  Continuous Sync’ing passwords until go live from old to new Directory Server  Get Security questions and answers from old Directory Server to new repository(MySQL)  This was big challenge because security answers were hashed with salt+MD5
Product features we usedProduct features we used  OpenDJ  Password policy  Virtual static group  OpenIDM  Custom module to generate MD4 password  Policy to remove user password from target if affiliation expires  LiveSync between  ITDS and OpenDJ  EDS to OpenIDM  OpenIDM to Credential Store(OpenDJ)
Product features not usedProduct features not used  Workflow  OOTB UI apps
Old System designOld System design LDAP Cred LDAP Cred DB2DB2 WebSEALWebSEAL SelfServiceSelfService ITIMITIM EAI AppEAI App ITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAPITIM LDAP VPNVPN SD AdminSD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator AppApp ShibShib
Move from old to New(Side by Side)Move from old to New(Side by Side) LDAP Cred LDAP CredDB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainfra me Feed file from mainfra me ITIM LDAP ITIM LDAP SD AdminSD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator LDAPLDAP OpenIDMOpenIDM MySQLMySQL ApacheApache Self ServiceSelf Service EDSEDS SD AdminSD Admin VPNVPNShibShib WebSEALWebSEAL AppApp EAI AppEAI App VPNVPNShibShib
The DayThe Day WebSEALWebSEAL ApacheApache EAI AppEAI App Self Service Self Service SD AdminSD Admin LDAP Cred LDAP Cred openIDMopenIDM MySQLMySQLEDSEDSLDAP Cred LDAP Cred DB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAP ITIM LDAP VPNVPN SD Admin SD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator ShibShib AppApp
The DayThe Day WebSEALWebSEAL ApacheApache EAI AppEAI App Self Service Self Service SD AdminSD Admin LDAP Cred LDAP Cred OpenIDMOpenIDM MySQLMySQLEDSEDSLDAP Cred LDAP Cred DB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAP ITIM LDAP VPNVPN SD Admin SD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator ShibShib AppApp
Current StateCurrent State LDAP Cred LDAP Cred OpenIDMOpenIDM MySQLMySQL ApacheApache Self ServiceSelf Service EDSEDS SD AdminSD Admin VPNVPN UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ShibShib
What I like about these productsWhat I like about these products  Installation  Ease of installation  No dependency on SA’s for installing any dependencies  Data Sync’ing is really easy  Support  If support engineers cannot reproduce a reported issue, I can zip my OpenIDM directory and ftp to them.
DemoDemo  Self service  Self register  Change Password  Reset security questions  Admin tool  Reset password  Suspend Account  Create temporary password
Q & AQ & A

Empfohlen

Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldForgeRock
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarOpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An IntroductionForgeRock
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureAidy Tificate
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An IntroductionForgeRock
 

Empfohlen

Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldForgeRock
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
OpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarOpenIDM - Flexible Provisioning Platform - April 28 Webinar
OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An IntroductionForgeRock
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureAidy Tificate
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An IntroductionForgeRock
 
OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?ForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTUREForgeRock
 
OpenDJ: An Introduction
OpenDJ: An IntroductionOpenDJ: An Introduction
OpenDJ: An IntroductionForgeRock
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceForgeRock
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An IntroductionForgeRock
 
Self Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivitySelf Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivityAtul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Vara Framework
Vara FrameworkVara Framework
Vara FrameworkMike Merchant
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 

Weitere ähnliche Inhalte

Was ist angesagt?

OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?ForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTUREForgeRock
 
OpenDJ: An Introduction
OpenDJ: An IntroductionOpenDJ: An Introduction
OpenDJ: An IntroductionForgeRock
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceForgeRock
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An IntroductionForgeRock
 
Self Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivitySelf Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivityAtul Goyal
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 

Was ist angesagt? (20)

OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
 
OpenDJ: An Introduction
OpenDJ: An IntroductionOpenDJ: An Introduction
OpenDJ: An Introduction
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
 
Case Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX InterfaceCase Study: Utilizing OpenIDM with an External AJAX Interface
Case Study: Utilizing OpenIDM with an External AJAX Interface
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity Management
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
 
Self Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivitySelf Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More Productivity
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 

Ähnlich wie Case Study: University of California, Berkeley and San Francisco

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
6.18.2013 System Development - Change/Configuration and Collaboration - RTC
6.18.2013 System Development - Change/Configuration and Collaboration - RTC6.18.2013 System Development - Change/Configuration and Collaboration - RTC
6.18.2013 System Development - Change/Configuration and Collaboration - RTCIBM Rational
 
Case Study: USDA Maximizing Collaboration with NetBeans and Codebeamer
Case Study: USDA Maximizing Collaboration with NetBeans and CodebeamerCase Study: USDA Maximizing Collaboration with NetBeans and Codebeamer
Case Study: USDA Maximizing Collaboration with NetBeans and Codebeamertabithascatena
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture Andrew Blades
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition3scale
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionSteven Willmott
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivotalOpenSourceHub
 
BCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtBCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtLeo de Sousa
 
Mdd Lcds
Mdd LcdsMdd Lcds
Mdd Lcdsravinxg
 
App Development Evolution: What has changed?
App Development Evolution: What has changed? App Development Evolution: What has changed?
App Development Evolution: What has changed? Dev_Events
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKSPhil Reay
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKSPhil Reay
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementationAspire Systems
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathon2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathonaaronwso2
 

Ähnlich wie Case Study: University of California, Berkeley and San Francisco (20)

Vara Framework
Vara FrameworkVara Framework
Vara Framework
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
6.18.2013 System Development - Change/Configuration and Collaboration - RTC
6.18.2013 System Development - Change/Configuration and Collaboration - RTC6.18.2013 System Development - Change/Configuration and Collaboration - RTC
6.18.2013 System Development - Change/Configuration and Collaboration - RTC
 
Case Study: USDA Maximizing Collaboration with NetBeans and Codebeamer
Case Study: USDA Maximizing Collaboration with NetBeans and CodebeamerCase Study: USDA Maximizing Collaboration with NetBeans and Codebeamer
Case Study: USDA Maximizing Collaboration with NetBeans and Codebeamer
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
kowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIMkowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIM
 
Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
 
Legacy Migration Overview
Legacy Migration OverviewLegacy Migration Overview
Legacy Migration Overview
 
Legacy Migration
Legacy MigrationLegacy Migration
Legacy Migration
 
BCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtBCIT Application Portfolio Mgmt
BCIT Application Portfolio Mgmt
 
Mdd Lcds
Mdd LcdsMdd Lcds
Mdd Lcds
 
App Development Evolution: What has changed?
App Development Evolution: What has changed? App Development Evolution: What has changed?
App Development Evolution: What has changed?
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKS
 
Application Modernisation with PKS
Application Modernisation with PKSApplication Modernisation with PKS
Application Modernisation with PKS
 
7 flavours of devops implementation
7 flavours of devops implementation7 flavours of devops implementation
7 flavours of devops implementation
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017
 
2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathon2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathon
 

Mehr von ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

Mehr von ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Kürzlich hochgeladen

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Case Study: University of California, Berkeley and San Francisco

  • 1. Open Identity SummitOpen Identity Summit ForgeRock and UCB/UCSF Next Gen IAM Strategy Dedra Chamberlin Deputy Director, Identity and Access Management University of California, Berkeley and San Francisco Francesco Meschia IAM Engineer, UC Berkeley Mukesh Yadav IAM Engineer, UC San Francisco
  • 2. Open Identity Summit Change to Partner logo/presenter UCB IAM Then  ID Match and Registry – Homegrown, LDAP as registry  Credential management – Homegrown apps to MIT Kerberos and AD  WebSSO - CAS/Shibboleth  Directory - Oracle DSEE  Provisioning – Homegrown and some Waveset  Central Access Management – Homegrown Coldfusion app
  • 3. Open Identity Summit Change to Partner logo/presenter UCSF IAM Then  ID Match and “Registry” – Mainframe  Credential Management – Custom Apps in ITAM  WebSSO - “MyAccess” (Shibboleth + ITAM, ITIM LDAP)  Directory – OpenDS  Provisioning – Very little IBM Tivoli  Central Access Management – One legacy app for managing mainframe-based permissions
  • 4. Open Identity Summit Change to Partner logo/presenter Joint Strategy Development  Migrate away from “do-it-all” vendor solutions  Modular architecture – interoperable components  Reduce cost for implementation and support  Avoid vendor lock-in  Leverage efforts across the two campuses  Partner with other higher ed institutions – Community Framework for Educations and Research (CIFER) http://ciferproject.org
  • 5. Open Identity Summit Change to Partner logo/presenter
  • 6. Open Identity Summit Change to Partner logo/presenter
  • 7. Open Identity Summit Change to Partner logo/presenter UCB/UCSF NextGen and ForgeRock  UCB  Current: Oracle DSEE > ForgeRock OpenDJ  Future: OpenIdM and AD, Activiti/OpenIdM for access control  UCSF  Recent: IBM Tivoli > OpenIdM and OpenDJ  Future OpenIdM and AD, Activiti/OpenIdM for access control
  • 8. Open Identity SummitOpen Identity Summit CalNet goes OpenDJ Francesco Meschia CalNet Team University of California, Berkeley
  • 9. Open Identity Summit Change to Partner logo/presenter LDAP @ UC Berkeley  The CalNet LDAP directory is the main user information repository in use at UC Berkeley  3.2M users, ~300 applications using it  Diversified population (faculty, students, staff, various other types of affiliates)  Used as authoritative source of information about campus affiliates  Very heavily used, high uptime required  Various privacy policies in force for different slices of the populations (e.g. FERPA policies for students)
  • 10. Open Identity Summit Change to Partner logo/presenter LDAP @ UC Berkeley  Originally implemented on Sun Directory Server  Then on Oracle Directory Server Enterprise Edition  Started looking for an alternative in 2011  Easy migration of ACLs was important  Reliable replication equally important  Compatibility with standards and with some proprietary features (e.g. external changelog) was important as well  Vendor and community support highly desired  Generally better performance very important, too!
  • 11. Open Identity Summit Change to Partner logo/presenter OpenDJ to the test  Functional validation (tests against a number of representative applications)  Replication and deployment options  Performance tests
  • 12. Open Identity Summit Change to Partner logo/presenter From lab to campus  Technical features were just one part of the problem  The CalNet LDAP is very heavily used (~300 applications, ~1M binds per day incl. anonymous binds)  Migration downtime hardly an option  “Big Switch Day” also unrealistic
  • 13. Open Identity Summit Change to Partner logo/presenter Migration strategy  Keep it simple: no major directory tree overhaul, almost plain 1:1 migration  No “Big-bang-style” rollout  6-month-long “parallel staging”  Both Oracle DSEE and OpenDJ available for production and for QA  OpenDJ synchronized with Oracle DSEE at all times  All applications have 6 months to test and migrate  At the end of the 6-month window, Oracle DSEE is decommissioned
  • 14. Open Identity Summit Change to Partner logo/presenter Synchronization strategy Only 11 applications have write access to CalNet LDAP  And 5 of those are CalNet-managed applications  If we schedule the migration of the 11 “writers” at the beginning or at the end of the window, synchronization only needs to be unidirectional  Much easier… and provides a backup plan in case anything goes wrong
  • 15. Open Identity Summit Change to Partner logo/presenter Migration DSEE ldap.b.e OpenDJ nds.b.eSync Process App 2 Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process R/O App n Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process App 2 Writer App 1 Writer App 2 R/W App n R/O App 1 R/O App n App 2 DSEE ldap.b.e OpenDJ nds.b.eSync Process Writer App 1 Writer App 2 R/W App n R/O App 1 App 2 R/O App n DSEE ldap.b.e OpenDJ nds.b.eSync Process Writer App 1 R/O App 1 App 2 R/O App n Writer App 2 R/W App n OpenDJ nds.b.e ldap.b.e Writer App 1 R/O App 1 App 2 R/O App n Writer App 2 R/W App n
  • 16. Open Identity Summit Change to Partner logo/presenter How to synchronize?  Our first idea was to use OpenIDM  Initial reconciliation, then synchronization  Turned out CalNet LDAP structure is unsuitable  Too much information other than just users and groups  Hierarchical structure with subentries not really compatible with OpenIDM model
  • 17. Open Identity Summit Change to Partner logo/presenter How to synchronize?  We ended up writing our own code  We frequently poll Oracle DSEE changelog and carry over changes to OpenDJ  Starting with a fresh LDIF backup  All user attributes  A few operational attributes are actually translated (e.g. resource limits)  We manually translate a few seldom-changed operational attributes (most of all, ACIs)  Closed-loop control with parallel watchdog process
  • 18. Open Identity Summit Change to Partner logo/presenter Project status  Parallel window closes at the end of July  Applications are currently hitting the QA environment  Users report much better performance  Synchronization was flawless for the last 5 months  Excellent support from ForgeRock during these months  Two replication bugs were found thanks to the sync- and-watchdog feedback loop, and promptly fixed  Looking forward to complete migration!
  • 19. Open Identity SummitOpen Identity Summit Migration from IBM to ForgeRock Mukesh Yadav UCSF
  • 20. Project GoalProject Goal  Migrate from ITIM to OpenIDM  Migrate from ITDS to OpenDJ(Credential store)  Migrate from IBM Self Service to home grown Self Service ………..Achieve above all without any user impact ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator
  • 21. New ToolsNew Tools  Development tools  Groovy on Grails  Twitter bootstrap  Directory Store  OpenDJ  Provisioning tool  OpenIDM
  • 22. Migration ChallengesMigration Challenges  Get user passwords from old Directory Server to New(OpenDJ)  Continuous Sync’ing passwords until go live from old to new Directory Server  Get Security questions and answers from old Directory Server to new repository(MySQL)  This was big challenge because security answers were hashed with salt+MD5
  • 23. Product features we usedProduct features we used  OpenDJ  Password policy  Virtual static group  OpenIDM  Custom module to generate MD4 password  Policy to remove user password from target if affiliation expires  LiveSync between  ITDS and OpenDJ  EDS to OpenIDM  OpenIDM to Credential Store(OpenDJ)
  • 24. Product features not usedProduct features not used  Workflow  OOTB UI apps
  • 25. Old System designOld System design LDAP Cred LDAP Cred DB2DB2 WebSEALWebSEAL SelfServiceSelfService ITIMITIM EAI AppEAI App ITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAPITIM LDAP VPNVPN SD AdminSD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator AppApp ShibShib
  • 26. Move from old to New(Side by Side)Move from old to New(Side by Side) LDAP Cred LDAP CredDB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainfra me Feed file from mainfra me ITIM LDAP ITIM LDAP SD AdminSD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator LDAPLDAP OpenIDMOpenIDM MySQLMySQL ApacheApache Self ServiceSelf Service EDSEDS SD AdminSD Admin VPNVPNShibShib WebSEALWebSEAL AppApp EAI AppEAI App VPNVPNShibShib
  • 27. The DayThe Day WebSEALWebSEAL ApacheApache EAI AppEAI App Self Service Self Service SD AdminSD Admin LDAP Cred LDAP Cred openIDMopenIDM MySQLMySQLEDSEDSLDAP Cred LDAP Cred DB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAP ITIM LDAP VPNVPN SD Admin SD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator ShibShib AppApp
  • 28. The DayThe Day WebSEALWebSEAL ApacheApache EAI AppEAI App Self Service Self Service SD AdminSD Admin LDAP Cred LDAP Cred OpenIDMOpenIDM MySQLMySQLEDSEDSLDAP Cred LDAP Cred DB2DB2 SelfServiceSelfService ITIMITIMITDIITDI Feed file from mainframe Feed file from mainframe ITIM LDAP ITIM LDAP VPNVPN SD Admin SD Admin UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ITIM – IBM Tivoli Identity Manager ITAM –IBM Tivoli Access Manager ITDS – IBM Tivoli Directory Server ITDI – IBM Tivoli Directory Integrator ShibShib AppApp
  • 29. Current StateCurrent State LDAP Cred LDAP Cred OpenIDMOpenIDM MySQLMySQL ApacheApache Self ServiceSelf Service EDSEDS SD AdminSD Admin VPNVPN UCSF Home grown UCSF Home grown ForgeRockForgeRock IBMIBM OthersOthers ShibShib
  • 30. What I like about these productsWhat I like about these products  Installation  Ease of installation  No dependency on SA’s for installing any dependencies  Data Sync’ing is really easy  Support  If support engineers cannot reproduce a reported issue, I can zip my OpenIDM directory and ftp to them.
  • 31. DemoDemo  Self service  Self register  Change Password  Reset security questions  Admin tool  Reset password  Suspend Account  Create temporary password
  • 32. Q & AQ & A