combining corporate trees with identity manager 2 jamie price senior network consultant bedrock...
TRANSCRIPT
Combining Corporate Trees with Identity Manager 2
Jamie PriceSenior Network ConsultantBedrock Managed Services and [email protected]
Jeff OlerSenior Network ConsultantBedrock Managed Services and [email protected]
Frank GreenVice President – Network AdministrationBank [email protected]
© March 9, 2004 Novell Inc.2
Agenda
Bank Mutual Overview
Solution Design Approach
Solution Design Overview
Solution Process
Value, Considerations, and Pitfalls
Project Benefit Summary
Future Paths
Bank Mutual Overview
© March 9, 2004 Novell Inc.4
Bank Mutual (pre-acquisition)
Company Facts:
• Corporate Office
• 51 Branches
• 550 Users
• 52 Partitions
• Easy Lender Host – Critical App
• Nautilus – Critical App
© March 9, 2004 Novell Inc.5
First Northern Savings Bank (pre-acquisition)
Company Facts:
• Operations Center• 19 Branches• 250 Users• 22 Partitions• VIP Host at branches – • Providing Internet access for Bank Mutual• Hosting MLS - Critical App• Hosting GroupWise for FNSB and BM users
© March 9, 2004 Novell Inc.6
Bank Mutual - Today
Company Facts:
• 72 branches• 820 users• Providing financial services for 120,000 households• Marketing blurbs
7
Lay Of The Land - The TreesGREEN
BAYMILWAUKEE
FNSB SER CORP Server User Group
BR001 Server User Group
BR033 Server User Group
NWR BR041 Server User Group
BR064 Server User Group
BR72Server User Group
BR71Server User Group
BR89Server User Group
OPERServer User Group
Domain PO1 PO1Mutual
MSB01
© March 9, 2004 Novell Inc.8
History
• Had spent time configuring trees to meet a common structure.
• Had duplicated Bank Mutual users in FNSB tree to accommodate GroupWise need.
• Was at pre-merge capability but:– Expertise in tree merging was low– WAN links increased risk to success
Solution Design Approach
© March 9, 2004 Novell Inc.10
The Project Approach
Back to the drawing board
• Eliminate all preconceived plans/ideas• Generate a list of goals and desires• Divide the list into 3 categories
– Critical – the solution must support these– Important – the solution can support these– Desired – the solution may support these
• Focus the project on “critical” success factors• Incorporate as many “important” and “desired”
factors as possible
© March 9, 2004 Novell Inc.11
The Goals
Critical Success Factors
Design and implement a unified directory structure that will support the following critical items:
Consolidation/Integration of directory systems– Administer Active Directory accounts via
NDS– Need to seamlessly map drives between
Windows shares and Novell volumes– Desire common shared directories
© March 9, 2004 Novell Inc.12
Plan…
Critical Success Factors
Design and implement a unified directory structure that will support the following critical items:
– Future installation of ZenWorks/administering Zenworks® under one tree
– Flexibility for rapid branch addition and removal
– Limiting of security breaches
© March 9, 2004 Novell Inc.13
Plan…
Critical Success Factors
Design and implement a unified directory structure that will support the following critical items:
• Minimized downtime during merge– Avoid altering branch hours as much as
possible, if at all.– Easy Lender (Bank Mutual tree) is a critical 24
hour online application.– While scheduled downtime is acceptable for
the VIP application, unscheduled downtime CANNOT occur.
© March 9, 2004 Novell Inc.14
Plan…
Important Success Factors
Design and implement a unified directory structure that can support the following important items:
• Reduction in helpdesk overhead• Reduction in user administration overhead• Selective password consolidation
Solution Design Overview
© March 9, 2004 Novell Inc.16
Traditional Tree Merge Concerns
Traditional Tree Merge:
• Too many branches. Need to drop to 1 partition/replica per tree.
• Replacement of replicas would be a lengthy process.
• Slow WAN links between bank branches – 56k in most cases.
• Heavily burdened WAN link between corporate offices.
• Risky process.• Difficult recovery situation.• Both trees at risk.
© March 9, 2004 Novell Inc.17
The Solution
High Level Overview:
• Implementation of eDirectoryTM synchronization• One way synchronization of OU’s, groups, and user
accounts• Migration of one branch/server at a time into the
parallel OU in the new tree• GroupWise/OPER OU move to new tree • Elimination of old tree
18
High Level Overview:Implementation of eDirectory
SynchronizationMILWAUKEE
SER CORP
NWR BR041
NER
MSB01
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
Mutual
19
High Level Overview: Implementation of eDirectory
SynchronizationMILWAUKEE
SER CORP
NWR BR041
NER
MSB01
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
20
High Level Overview: Implementation of eDirectory
Synchronization
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
21
High Level Overview: One way synch of OU’s, groups, and
users
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR 71
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
22
High Level Overview: One way synch of OU’s, groups, and
usersMILWAUKE
E
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
23
High Level Overview:Migration of branches/servers to
parallel OU’s in the new tree
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
24
High Level Overview:Migration of branches/servers to
parallel OU’s in the new tree
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
Master Replica
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
25
High Level Overview:Migration of branches/servers to
parallel OU’s in the new tree
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
26
High Level Overview:GroupWise/OPER OU move to new
tree
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
27
High Level Overview:Elimination of old tree
MILWAUKEE
SER CORP
NWR BR041
NER
MSB01
BR071
OPER
GREEN BAY
FNSB
BR72
BR71
BR89
OPER
MutualMasters
DirXML
28
End Result…..From This……GREEN
BAYMILWAUKEE
FNSB SER
CORP Server User Group
BR001 Server User Group
BR033 Server User Group
BR041 Server User Group
BR064 Server User Group
BR72Server User Group
BR71Server User Group
BR89Server User Group
OPERServer User Group
Domain PO1 PO1Mutual
MSB01
NWR
29
GREEN BAY
MILWAUKEE
End Result…..To This……
SER
CORP
NWR
BR041
MSB01
BR064 BR001
NER
BR71 BR72 BR89 OPER BR033
Solution Process
© March 9, 2004 Novell Inc.31
The Process
Phase I - Pilot• Create Environment• Pilot Solution Build• Synchronization Install/Execution• Branch Move Pilot
Phase II - Materials Acquisition• Spec hardware/software needs• Generate Quotes• Order
© March 9, 2004 Novell Inc.32
The Process
Phase III - Production Environment Prep• Health Checks• Issue Resolution
Phase IV - Pre-Migration• Build Simulated Branch Server• Build Master Replica Server• Build DirXML Server - FNSB• Build DirXML Server - MB• Synchronization• Partition• Health Check
© March 9, 2004 Novell Inc.33
The Process
Phase V - Production Pilot• Branch Move Pilot
Phase VI - Implementation• Branch Prep• Branch Move• Branch Prep• Branch Move• Operations/Groupwise Move
Value, Considerations, and Pitfalls
35
NowWelcome to the
REAL WORLD
© March 9, 2004 Novell Inc.36
Phase I
Phase I – Pilot
• Ramped migration to NDPS – Queue based printing too much of an issue
• Identified need for reinstallation of backup and virus scan software
• Identified export/bulk load would not work – group membership issues
• Enabled granular script creation for branch migration
• Password management needs identified – unidirectional synch
© March 9, 2004 Novell Inc.37
Phase III/IV
Phase III - Production Environment Prep
• Health checks – WAN links• Replication issues• Timesync issues
Phase IV - Pre-Migration
• DirXML Server – FNSB – slow build – required replicas
• Synchronization – Certificate server location• Performance lag after creation of 2 MB-NER
partitions
© March 9, 2004 Novell Inc.38
Phase VI
Phase VI – Implementation
• Branches– Branch moves averaging 2.5 hours– Multiple employee involvement – script
benefits– Branch preps enabled distribution of Zen
client– Dinner break at replica placement– Bandwidth, bandwidth, bandwidth
© March 9, 2004 Novell Inc.39
Phase VI
Phase VI – Implementation
• Operations– Making sure that CA was last to move– Q57 NIC driver issues
• Groupwise Move issues– Jeff list these out
Project Summary
© March 9, 2004 Novell Inc.41
Project Summary
Result Summary
• Employees able to use apps in both trees during entire migration
• Both banks able to retain individual identities
• No downtime for critical apps or and branch in MB tree
• Branch conversions spread over 1 month – average 2.5 hours per night.
• Final Operations Center conversion performed in one day
• GroupWise cutover, tested, and proven in less than 6 hours
Future Paths
© March 9, 2004 Novell Inc.43
Future
NSure Audit
• Points
© March 9, 2004 Novell Inc.44
Future
ZenWorks®
• Points
© March 9, 2004 Novell Inc.45
Future
Identity Management
• Points
© March 9, 2004 Novell Inc.47
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.