You are on page 1of 26

Configuring and

Troubleshooting Identity and


Access Solutions with
Windows Server® 2008
Active Directory®
Module 1: Exploring IDA Solutions
• Overview of IDA Management

• Active Directory® Server Roles in IDA Management

• Overview of ILM 2007


Lesson 1: Overview of IDA Management
• Need for IDA Management Solutions

• What Is IDA Management?

• Directory Management by Using IDA Solutions

• Enhancing Security with IDA Management

• IDA Management Technologies


Discussion: Need for IDA Management Solutions
• List a few data sources that store identity information.

• Suggest a few procedures to provision a new employee to be fully


productive.
• What are the security issues that confront individual access to user-
sensitive data?
• Discuss a few conventional methods to securely share information or
collaborate with external partners.
What Is IDA Management?

Role

IDA
Identity Access

Information Directory
Protection IDA Management Services

Identity Lifecycle Strong Authentication Federated Identity


Management
Directory Management by Using IDA Solutions

Automating,
Provisioning/
Deprovisioning of
Identity Information

Centralizing and
Synchronizing Identity
Information

Directory
Services
Establishing Directory
Service and Security
Standards
Enhancing Security by Using IDA Management

Security and Access Policies Password Management Strong Authentication

Security Audit Policies Identity Aware Applications Reducing Information Leaks


IDA Management Technologies

Applications Access Tools


Role

Users
ILM Access IDA
Identity Access Platform
Replication
DS

Integration
IDA Management
AD LDS
Identity Lifecycle
Manager 2007

Branch Branch

DCs

Manufacturer Supplier

Branch

AD RMS Account
Partner Resource AD DS
Partner

AD FS
Lesson 2: Active Directory® Server Roles in
IDA Management
• What Is a Server Role?

• Configuring a Server Role in Windows Server® 2008

• Directory Services Roles for IDA Management

• Strong Authentication Roles for IDA Management

• Federated Identity Roles for IDA Management

• Information Protection Roles for IDA Management


What Is a Server Role?

Set of Installed
Applications

Option to Perform
Singular Function

Server Role
Option to Combine
with Other Server
Roles
Demonstration: How To Configure a Server Role in
Windows Server® 2008

• To configure a server role in Windows Server® 2008 by using Server


Manager
Directory Service Roles for IDA Management

Branch
Branch
DCs
Multiple
Access Instances
Tools of AD LDS

Users
Branch Platform

Replication
AD DS

AD LDS

Hierarchical Network Authentication


Strong Authentication Roles for IDA Management

Root and
Subordinate
Public Key Enterprise
Authentication CAs

Switch Router Wireless Router

AD CS

Manual
Group Web-based
Federated Identity Roles for IDA Management
Manufacturer Supplier

Account Partner Resource Partner


AD FS

Role

IDA
Identity Access

Secure Identity Access Solution Single Sign-on Access Business-to-Business Scenarios


Information Protection Roles for IDA Management

2008
Usage Control

Copy

AD RMS

Forward Print

RMS-enabled Applications Identity Federation


Lesson 3: ILM/Identity Life Cycle Manager 2007
• Components of ILM 2007

• Infrastructure Requirements for ILM 2007

• Identity Integration by Using MIIS

• Identity Management Process by Using MIIS

• Working of CLM 2007

• The Smart Card and Certificate Life Cycle


Components of ILM 2007

Metadirectory Services and User Provisioning Certificate and Smart Card Management

SQL Active SMTP


Directory® IIS
Server™
Password
Automated
Management
Provisioning

CLM Server

Client

Microsoft® Identity Microsoft® Certificate Lifecycle


Integration Server 2003 Manager 2007
Infrastructure Requirements for ILM 2007

Hardware Requirements
• 1 GHZ or Faster Processor; Pentium IV
Recommended
• 512 MB of RAM or Higher; 1 GB or More
Recommended
• 8 GB of Available Hard-disk Space on an
NTFS Partition

Software Requirements
• Windows Server® 2003 Enterprise Edition
or later
• .NET Framework 2.0

• CLM 2007 Requires Certificate Services

• SQL Server™ 2005 Standard or Enterprise


Edition or Later Recommended
Identity Integration by Using MIIS
Intranet
CD
Active Directory®

MA

CS

Proprietary Extranet
Directory CD MA CS MV CS MA CD Active Directory®

CS

MA
Legend:
CS = Connector Space
MIIS 2003
MA = Management Agent
Messaging and MV = Metaverse
Collaboration
CD = Connected Data Source
CD
Identity Management Process by Using MIIS

Connector Space
Updated data is
Management Agent written to the
metaverse

DataSource1
DataSource1

Management Agent
Metaverse
DataSource2
DataSource2 Updated data is
propagated to other
connected data
sources
Management Agent DataSource3

DataSource3
Components of CLM 2007

Mail server Active CA server SQL Server™


Directory server

Certificate
Lifecycle Manager

End user
Smart Card and Certificate Life Cycle

Supported operations include:


• Smart card and certificate enrollment
Re
tir • Recovery / card replacement
e
• Temporary card issuance
ge

• Smart card PIN unblocking


Mana

• Manager approvals

• Smart card PIN change

ll
nro
E

Smart Card and Certificate Life


Cycle
Lab 1: Exploring IDA Solutions
• Exercise 1: Explore how Active Directory® Server Roles will provide IDA
Management solutions

Estimated time: 60 minutes


Lab Scenario
• The students will identify the server roles needed to satisfy the objectives
for NorthWind Traders and Contoso. NorthWind Traders has taken on a
new business client, Contoso. NorthWind Traders must provide secure
access to a web application and SharePoint®-hosted documents to
specified entities at Contoso.
Lab Review
Students have:
• Created a functionality framework.
• Taken decisions on creating server roles to achieve required identity
and access management solutions.
• Understood identity synchronization and user provisioning
• Understood certificate management
• Understood secure access across organizational boundaries
• Understood secure access beyond usernames and passwords
Module Summary
In this module, you have learned to:
• Identify IDA Solutions

• Identify Active Directory® Server Roles in IDA


Management
• Identify the ILM 2007

You might also like