Private cloud forefront identity manager 2010 (adam bresson)
Download as PPTX, PDF1 like1,173 views
This document discusses using Forefront Identity Manager (FIM) 2010 to manage identity and access for a private cloud. It notes that security is the top concern for cloud adoption. FIM can help by providing a common identity platform across the private cloud, enabling single sign-on and managing access at the group level. FIM centralizes identity management and synchronization to Active Directory. This allows for self-service access management, delegation of administration, and integration of on-premises and cloud-based applications and resources using a single identity store.
Private cloud forefront identity manager 2010 (adam bresson)
- 1. JOURNEY TO THE CLOUD FIM 2010 Used for Management of AD the core of your Identity in the Private Cloud
- 2. Cloud Security Concerns • Security is the number 1 concern for cloud adoption • 75% responded 4 or 5 (on 1 to 5 scale) * • Key security issues: • Isolation of tenants from each other & hosting infrastructure • Compute and network layers • Authentication / Authorization / Auditing of access to cloud services • Unauthorized access / DoS due to weak (or mis)configuration * Source: IDC Enterprise Panel
- 3. Three Pillars Authentication Authorization Attributes Identity Management Platform
- 5. Typical Cloud ID Journey Authentication Authorization Attributes Federated Islands of Silos Identity (Islands of Identity)
- 6. A Better Journey Authentication Authorization Attributes Federated Islands of Silos Identity Identity Management Platform (Islands of Identity)
- 7. What is Forefront Identity Manager Self-Service integration Windows Log On FIM Portal Manages Active Directory LOB - secure delegation Applications of administration AD FS login across clouds - enable access to private cloud Databases Integrated login to applications Directories Secure the Private Cloud
- 8. Common Identity across clouds Private Cloud HR System FirstName Terry LastName Adams Title Sales Manager FirstName Terry Exchange Dept Sales LastName Adams SharePoint Mgr: Melissa Meyers Title Sales Manager Web EmplID 123 Dept Sales Sites Line of Group membership and user Mgr: Melissa Meyers Business attributes generated Apps File / Print LoginID Tadams Integrated Workflow Phone 555-1212 and federated Email Tadams@litware.com common FIM 2010 identity Public Cloud Groups Melissa’s Directs All in Sales PaaS Phone Sales App Owners SaaS Firstname Terry LastName Adams AD Windows Azure Office 36 Phone 555-1234 Email LoginID Tadams Email tadams@litware.com
- 9. Private Cloud Enabled Identity All Microsoft solutions for private cloud leverage a single identity store to authenticate users with Microsoft® Active Directory® across physical and virtual systems. Active Directory System Center Virtual Forefront Identity Machine Manager Manager o Single identity store to authenticate users Forefront™ Security Solutions o Support across physical and Active Directory virtual systems Virtualization o Federated Identity Hardware Presentation Application Forefront Identity Manager Hyper-V™ Terminal Microsoft o Easy user provisioning Services App. Virt. o Identity synchronization o Simplified management of Network Access Protection cloud resources Server and Domain Isolation
- 10. Solution Example – Enhancing Private Cloud with Identity • Hyper-V and SC Virtual Machine Manager uses roles • Roles can contain users or groups from AD • Delegation of datacenter management • Forefront Identity Manager securely manages membership in AD groups Private Cloud Roles in Leverage AD Manage AD Self Service Hyper-V and Groups in Groups in FIM secure and System Center roles compliant
- 11. Solution Example- Enhancing Private Cloud with Identity Hyper-V Authorization Manager + Common identity in Private Cloud • Default role allows access to all operations • Additional roles with desired rights can be created • 33 different operations OOB grouped under • Hyper-V Service Operations • Hyper-V Networks Operations • Hyper-V Virtual Machine Operations
- 12. Solution Example - Enhancing Private Cloud with Identity Virtual Machine Manager + Common identity in Private Cloud • The Administrator profile • Complete administrative access to all the hosts, virtual machines, and library servers in VMM 2008 • The Delegated Administrator profile • Grants administrative access to a defined set of host groups and library servers • The Self-Service User profile • Administrative access to a defined set of virtual machines through the Web-based Virtual Machine Manager Self-Service Portal • Additional delegation capabilities in Self service portal
- 13. FIM (Helping) with The Cloud Oh, alright then Can I have Admin access to the cloud app? Request Approve User
- 14. EVERY JOURNEY NEEDS A HISTORY Authentication Authorization Attributes Audit Federated Islands of Silos Identity Identity Management Platform (Islands of Identity)
- 15. TO THE CLOUD! • Using Hyper-V as an infrastructure for Private Cloud is great for server optimization but, without an IAM architecture in place, this is just moving around the administrative problems. • FIM provides a compliant and well managed AD. Compliance here is about automation of changing access permissions, making sure users have the right access, reporting. • Active Directory provides the common identity platform for classic datacenter hosted systems, to private cloud and also paves the way to enabling use of public cloud resources.
- 16. QUESTIONS ?