Microsoft Management Seminar Series

1
Microsoft Management Seminar Series

2
Session Goals

• Introduce you to Identity Management and the
  tools / techniques that can be used in the
  identity lifecycle
• Demonstrate how you can perform effective Asset
  Management within your organization.
• Introduce you to a number of tools, best
  practices, Tips tricks to help you for Identity
  and Asset Management in your systems.

3
Agenda

• Identity Management Overview
• Demos
• Asset Management Overview
• demos
• Next Sessions
• Patch Management and Change Control with SMS
• Operations Management with MOM 2005

4
Managing Digital Identities What Are the
Challenges?
Challenges to managing digital identities include

• Multiple identity stores
• Intranet access management
• Extranet access management
• The number of Digital Identities is increasing

5
What Is Identity Management?
Repositories for storing and managing accounts,
identity information, and security credentials
The process of authenticating credentials and
controlling access to networked resources based
on trust and identity
The processes used to create and delete accounts,
manage account and entitlement changes, and track
policy compliance
6
The Identity Lifecycle

• Retire User
• Delete/Freeze Accounts
• Delete/Freeze Entitlements

• New User
• User ID Creation
• Credential Issuance
• Access Rights

• Password Mgmt
• Strong Passwords
• Lost Password
• Password Reset

• Account Changes
• Promotions
• Transfers
• New Privileges
• Attribute Changes

7
Why is Identity Management Important?

• Whether you know it or not, you are doing it
• Proliferation of identities and manual identity
  management result in increased costs and security
  risks

8
Application proliferation results in Identity
Overload
of Digital IDs
Applications
Time
Pre 1980s
1980s
1990s
2000s
9
Business impact of Identity Overload

• 24 lower productivity
• End user spends 16 minutes a day logging in to
  various system
• Provisioning new users take 28 hours longer than
  business requirements
• Increased IT Operational Costs
• Roughly 48 of help desk calls are password
  resets (45-153 each)
• User management consumers 5.25 of all IT
  productivity
• Most admin tasks (moves, adds, changes) take 10x
  longer than necessary
• 23 additional security risks
• Only 70 of users deleted on departure
• New users provisioned to 16 apps, on departure
  deleted from 10
• A survey of over 600 organizations concluded that
  the average cost impact of security breaches on
  each organization alone is over 972K

Source Metagroup/PwC Survey 2002, CSI/FBI
Survey
10
Microsoft Identity Integration Server (MIIS)

• Key capabilities
• Directory Synchronization
• Provisioning and Deprovisioning
• Password Management
• Agentless connection to heterogeneous systems
• Key benefits
• Easy to deploy
• Easy to translate business rules into MIIS
• Easy to build solution over time

LOB Apps
11
Easy To Deploy And Manage

• Easy to deploy
• No agents to deploy on connected systems
• MIIS can stand-alone or share clustered SQL
• Migrate configuration from test to production via
  XML files
• Easy to extend existing deployment
• System is designed so that its easy to
  incrementally add capabilities
• Easily add more systems or expand business rules
• Easy to troubleshoot and Manage
• Preview Mode
• Data Lineage
• No log files to grep through - All error
  information stored in the database
• MOM Management Pack available for download

12
System Reach

• Connectivity Included with MIIS 2003
• Active Directory and Active Directory Application
  Mode
• SunONE, iPlanet and Netscape Directories
• Novell eDirectory
• Microsoft SQL 2000 SQL 7
• Oracle 9i/8i
• Lotus Notes 5.x/6.x
• Microsoft Exchange 5.5, 2000, 2003
• Microsoft NT 4.x
• Generic connectivity with files
• DSML, LDIF, CSV, Fixed Width, AVP
• IBM Informix, dBase, Access, Excel, OLEDB via SQL
  DTS
• Extensible Management Agent
• More

13
MIIS Deployment Scenarios

• Directory Synchronization
• Automatic Provisioning/Deprovisioning
• Password Management
• Data Cleansing
• Group and List Management
• Role Based Access Control

14
Directory Synchronization

• Synchronizes multiple repositories providing
  support for
• Identity data aggregation
• Identity data convergence
• Change management
• Identity data integrity enforcement
• Provides attribute-level control
• Manage global address lists (GAL)
• Automate group and DL management

iPlanet
SQL
Oracle
15
Provisioning And Workflow

• Provisioning
• Provision users as they appear in authoritative
  systems
• Set initial values for attributes including
  password
• De-provisioning
• Automatically disable or delete accounts
• Simple workflow
• Supports 1-step approval
• Complex Workflow
• Initiate workflow or provisioning system such
  asBizTalk
• 3rd party provisioning systems

16
Password Management

• Set initial password for provisioned accounts
• Centralized password control via a Web app
• Self-service password change
• Helpdesk password reset
• Decentralized password synchronization

Web app
SunONE Directory
17
Demo Setup
Client
18
Demo

• MIIS Based Identity Management System

19
Resources

• www.microsoft.com/miis
• MIIS 2003, Enterprise Edition Evaluation
• Identity Integration Feature Pack for Microsoft
  Windows Server Active Directory
• Technical Library
• Case studies
• Community Information
• www.microsoft.com/idm

20
Agenda

• Identity Management Overview
• Demos
• Asset Management Overview
• demos
• Next Sessions
• Patch Management and Change Control with SMS
• Operations Management with MOM 2005

21
What is IT asset management?

• A set of procedures and tools to
• Identify
• Track
• Enforce
• the IT infrastructure
• Items (hardware, software)
• Information (configuration, licenses, ownership)
• Policies (compliance, approvals, desktop configs,
  SLAs)
• Define the lifecycle of items in the IT
  infrastructure
• Provide business value
• Require policies, workflow processes, and tools

22
Challenges with Asset Management

• Centrally managing software distribution
• Updating of applications and operating systems
• Software costs / license compliancy.
• Tracking Hardware in your system.
• Management of the mobile workforce.

23
Systems Management Server (SMS) Addressing
Customers Needs Today

• Installs easily, gets results quickly
• Support for complex environments
• Multi domain support

Help me deliver value right away

• Deployment of applications to one or many
  machines
• Vulnerability Assessment and Patch Management
• Hardware and software management

Help me run operations more productively

• Automated collection creation using dynamic
  queries
• Software Update Services for SMS 2003 Feature Pack

Help me decrease my workload
24
Systems Management Server (SMS) 2003
SecurityPatchManagement
AssetManagement
Support forthe Mobile Workforce
Application Deployment
LeveragingWindows Management Services
25
Asset Management With SMS
Business Demands

• Software metering
• Product Compliance
• Reporting

• Maintain current state of hardware and software
  inventory
• Tracking and Discovery
• Active Directory Integration

Administrator Requirements
26
Software metering

• Increasing focus on license compliance and
  anti-piracy measures
• Several goals
• Provide data for compliance audits
• How many people are using licensed apps?
• Is it the right set of people?
• Are there licensed apps that people arent using?
• Are people using apps they arent supposed to?
• Incorrect versions
• Games
• Stuff downloaded off the Web

27
Use of inventory

• Hardware and Software
• Inventory extensions
• Non-Windows products
• Integrate data from other databases
• Read asset tags from BIOS
• Stamp registry with ownership info
• Additional architectures (DDRs, IDMIFs)
• Desktop standardization
• Provide inventory data to other systems

28
SMS Web Based Reporting

• Integrated setup through SMS setup
• Integrated in the SMS Administrator Console
• Can generate and run reports from SMS
• Viewed in Internet Explorer
• SMS object security provides granularity of
  security
• Report exporting/importing
• Reports can be customized to meet the business
  needs
• Scheduled reports
• Dashboards for viewing multiple reports on one
  web page

29
Software Asset ReportProducts on a Specific
Computer
30
SMS Customized Reports
31
SMS Customized Reports

32
SMS Customized Reports

33
Service Pack 1

• Infrastructure Improvements
• Tighten Security
• Enhanced Reliability
• Improved Scalability
• Increased Configuration Support
• Workgroups
• Support for Virtual Server/Virtual PC
• Localized Admin console based on OS
• Eliminated WINS specific calls in SMS

34
Device Management Feature Pack
The SMS 2003 Device Management Feature Pack
allows SMS 2003 to manage mobile devices running
Windows CE (3.0 or later) and Windows Mobile
software for Pocket PCs (2002 or later).

• Hardware inventory
• Software inventory
• File collection
• Software distribution
• Settings management
• Password policy management
•  Available only for Windows Mobile software for
  Pocket PCs.

35
OS Deployment Feature Pack
SMS inventory used to create a collection
machines are targeted for refresh
1
Compressed WIM OS image is downloaded installed
5
Target Machine
Existing Windows Client receives advertisement
for OS refresh
2
Image is personalized and boots to full OS with
SMS agent
6
SMS delivers bootable WinPE image using WIM to
existing OS partition
3
Auto login configures the SMS Advanced Client
agent
7
Boot files are modified, reboots to WinPE on
hard disk
4
SMS delivers role based applications and post OS
config
8
SMSServer
SMS Advanced Client Agent Windows-Present
Application Delivery
Logs all activity
WinPE Image Delivery
OS Image Delivery
36
Integration with other tools

• SMS
• IT plumbing
• Discovery
• Change and configuration mgmt
• Distribution
• Repository of inventory data
• Asset mgmt tool (e.g., Peregrine, PSSoft)
• Workflow process management
• Repository of financial, contractual and other
  data
• MOM
• Operations data
• Other databases
• HR data, other types of data

37
Demos

• SMS Based Asset Management

38
SMS 2003 Resources

• SMS 2003 Product Info
• www.microsoft.com/smserver/techinfo/productdoc/def
  ault.asp
• SMS 2003 Community
• www.microsoft.com/smserver/community/default.mspx
• SMS Patch Management Guide
• www.microsoft.com/business/reducecosts/efficiency/
  manageability/patch.mspx
• SMS 2003 Webcast Series
• www.microsoft.com/smserver/support/webcastseries/d
  efault.asp

39
Microsoft Management Seminar Series

• Next Sessions
• Patch Management and Change Control with SMS
• Operations Management with MOM 2005