K12 Secure Identity Management

Identity Based Collaborative Learning Solution

Agenda

• Introduction to Condrey Consulting Corporation • Introduction to No Child Left Behind (NCLB)• Introduction to the Schools Interoperability

Framework (SIF)• Benefits and Solution Overview • Components of SIF Provisioning Solution• Phased Solution Approach

•Identity Based Collaborative Learning•SIF Enabled Identity Management

• Live Demo• Q&A

Condrey Consulting CorporationCompany Overview

• David Condrey – Owner and CEO• US Software Engineering Corporation based in

Greenville, SC • Customers in 33 countries representing

Commercial, Fortune 1000, State & Federal Government, Military, Healthcare, Higher-Ed and K12

• Well known and respected by customers, especially in the academic market

• Well known at Novell – Model Partner• Invested in the future of Novell

Condrey Consulting Products Overview

• File System Factory™ – Novell Nsure - Novell Price List• Identity Based Storage Management• Ties Provisioning to the NetWare OS – Event Driven and

Policy Based• Lifecycle Content and Data Management (ePortfolio)

•IUAdmin™ • Identity Based Personal and Collaborative Storage Access

– Integrates with File System Factory™ – Integrates with exteNd Portal, Virtual Office and iChain

• Web Based Access to Personal and Group Content• Web Based Help Desk Administration • Web Based User Self-Service and Password Reset

•AuditLogin™ and TrustFun• Who’s Accessing Storage and What Rights Do They Have?

- Login/Logout - Date, Time,Workstation- Trend Reports and Graphs- File and Directory Rights Analysis

File System Factory Education Customers• University of Kentucky – 43,000 users• Northern Illinois University – 67,000 users• Minnesota State Colleges and Universities – 93,000 users• Charleston County Schools, SC – 42,000 users• University of Georgia – 60,000 users• Embry Riddle University – 12,000 users• Hemet School District, Los Angeles• Grand Rapids Community College• Savannah Chatham County Schools, Georgia• Douglas County Schools, Georgia• Newton County Schools, Georgia

More File System Education Customers

•Northwestern Michigan University•Old Dominion University•Madison Area Technical College•Waukesha County Technical College•Blackhawk PA School District•Marysville Village Schools•Spearfish School District•Maine Township High School District•Waubonsee Community College•Western Illinois Univeristy•Escondido Union High School District•Sutton Public Schools

•Escondido Union High School District•Sutton Public Schools•Ramaz School•Augsburg College •Southwestern Community District No. 9•Le Moyne College•Macon County R-1 •Grant MacEwan College•Clemson University•Community Consolidated School District – Illinois•Ramaz School•Augsburg College

Sample of Education Customers Leveraging

File System Factory, IUAdmin and AuditLogin

Introduction to NCLB

No Child Left Behind

No Child Left BehindProgram Summary

NCLB requires schools to:

• increase student access to technology

• help students to achieve higher academic standards

• improve teachers’ ability to use technology for instruction

• increases technology implementation for schools, especially those serving

disadvantaged children

To receive much of the NCLB federal funding, local school districts must provide government agencies with strategic plans for implementing educational technology.

Financial Allocation: In fiscal year 2002, Congress allocated $22.2 billion for education and No Child Left Behind implementation nationwide.

• The “Digital Portfolio" is a strategy that has gained wide-spread acceptance in the education field

• Digital portfolios make it easier to track a student's progress and work over the years.

• Allows students to store their material in digital format on a server to be reviewed by team members.

• The portfolio contains samples of significant student work over time and should be available to the student throughout their school career, making it easier for teachers to access student work and thus track performance.

• Digital portfolios are useful when applying to post-high school institutions or moving into careers in the private sector.

• Digital Identity is key

NCLB and Digital Portfolio’s

• http://www.kn.pacbell.com/news/CAschools/sas.html

• http://www.southalabama.edu/tomorrowsteachers/portfolios.html

• http://schools.nycenet.edu/d75/instructionalservices/assessment/altassessment/datafolio.html

• http://www.pupilpages.com/

• http://www.mandia.com/kelly/portfolio.htm

NCLB and ePortfolio Links

Schools Interoperability FrameworkSIF

• Not a product, but a technical blueprint

• Designed for and by K-12 technology providers and educators

• Manages data within the K-12 environment

• Enables diverse applications to interact and share data

• Works cross-platform, over a Web-based interface

• Allows automated reporting

K-12 Identity Management Reality

•Data Silo’s•Duplication of work•Inconsistent application of business policy•Time consuming – productivity delays•Little security confidence, significant exposure

Library Automation

e-Mail GradeBook

NetworkAccount

Transportation

Student Information

Services

Data Warehouse

FoodServices

SIF components

Zone Integration Server (ZIS)

SIF Agents

Applications

SIF Data Objects

Novell Network Account

School Badge

Instructional Software

(Plato)

Transportation

Library Automation

Student Information

Services

Data Warehou

se

FoodServices

User

SIF integration

Food

Serv

ice

Gra

de B

ook

HR

/ F

inan

ce

Lib

rary

SIS

Tra

nsp

ort

ati

on

Instr

ucti

on

al S

erv

ices

Voic

e T

ele

ph

on

y

Data Warehousing

Accountibility, Reporting,

Planning, etc.

K-12 data model

School

District

State

Federal

SIF vendors (Cont.)

Student Information Systems• Pearson Education Technologies

– SASIxp

– Edustructures SIF Agent for SASIxp

– www.edustructures.com

• Sungard Pentamation– Open Series Student Management

System

– www.pentamotion.com

• Central Susquehanna Intermediate Unit– CSIU Administrative Software Suite

– www.csiu-technology.org

SIF vendors (Cont.)

•Library Automation•Follett Software Co – www.fsc.follett.com

•SIRS Mandarin – www.mlasolutions.com

•Sagebrush Spectrum

•Telephony•Parlant Technology – www.parlant.com

•Classroom Software•Renaissance Learning – www.renlearn.com

•Transportation •VersaTrans Solutions – www.versatrans.com

•Food Service•School-Link Technologies – www.school-

linktechnologies.com

SIF vendors (Cont.)

• Novell

• Microsoft

• Apple

• IBM

• Sun Microsystems

• Edustructures -ZIS

•Data Warehouse• TetraData

• eScholar

SIF Government Members

US Department of Education                              Virginia Department of Education

Delaware Department of Education                      Idaho Dept of Education/Rich Mincer

Maryland State Dept of Education                       National Center for Education Statistics (NCES)

Ohio Department of Education                             Ohio SchoolNet Commission

SIF benefits

Teachers

• Real-time access to critical information

• Better data analysis

• Teachers time better spent

Students

• Personalized Student Content

• Improved timeliness of service

• Accurate School Data

• Increased Efficiency

IT Departments

• Reduced support costs

• Reduced time needed to manage multiple data sources

• Save money using existing systems and infrastructure

Administrators

• Increased Efficiency

• Reduced redundancy and errors

• Reduced compatibility issues

• NCLB

Additional Information on SIF

http://www.sifinfo.org

http://www.opengroup.org/sif/cert/

http://www.sifinfo.org/vendors/sif_vendor_member.asp

Components of K12 SIF Provisioning Solution

• Novell eDirectory• Edustructures

• SIFWorks™ Zone Integration Server (ZIS)• Nsure Identity Manager SIF User Agent

• Life Cycle Student Account Management• Novell File System Factory

• Lifecycle Content and Data Management (ePortfolio)• File Rights and Trustee Analysis

•IUAdmin• Web based access to personal and collaborative content• Self-Service Password Reset and Help Desk

•AuditLogin and TrustFun• Who’s accessing storage and what rights do they have

•Novell iChain• Secure Access to Web Applications

Components of K12 SIF Identity Provisioning Solution

Digital IdentitiesThe key to student and faculty provisioning

Digital IdentitiesThe key to student and faculty provisioning

Novell eDirectory

Stores information about people, services, and resources

Manages relationships between them

Directs interactions and triggers events

Stores information about people, services, and resources

Manages relationships between them

Directs interactions and triggers events

• Founding Member of SIF• Member of SIF Board of Directors• Strategic Partner Alliances

– NCS Learn, Follett– School-Link, Versatran– Novell and others

• SIFWorks Enterprise ZIS Server• Cross Platform Support

– Netware, Windows, Linux, Solaris, MacOS X• SASIxp SIF Agent• www.edustructures.com

Edustructures Zone Integration Server

Nsure Identity Manager SIF User Agent (DirXML)

• SIF Agent for Provisioning Students

• Built on Award Winning DirXML Technology

• Supports the Following SIF Object Types:

• Student Personal

• Staff Personal

• Student School Enrollment

Novell File System Factory

Automatic Disk Space for all

Students or

Staff!

Novell File System Factory

Automatic Disk Space

for each Class or Work

Group!

Novell File System Factory

AutomatedHome Directory Management:

Create It,Manage It,

and most importantly…Clean It Up!

Novell File System Factory

Lifecycle Data andePortfolio Management:

Create ItMove It

Manage It

Novell File System Factory

All you have to do is create the users and groups…

…Any way you want…

…We’ll handle the rest!

FSF

NetWare

NetWare

Provision Storage as well as Accounts with Novell File System Factory and Identity Management

eDirectory

BorderManager

ZENworks for

Desktops

NetMail

Identity MgrSIF

Identity MgrAD

ActiveDirector

y

LINUX

• Policy-based

• Event-driven

• Load balancing

• Storage creation• Storage management• Storage cleanup

• Personal user storage• Group storage

Driver DriverZIS

High School25MB

Middle School 10MB

FSF Methodology

Target File

Systems

SERV1/VOL1:POLICIES

SCSD

ES MS HS

Algorithm: Random BalanceRights: RWCEMFAQuota: 150 MBTemplate: SERV1/VOL1:PoliciesDelWait: 90 Days

150MB

Copy

BSmith

BSmith

RWCEMFA

Policy

BJones

BJones

New workflow component allows employee’s manager to review, reassign, or vault user data prior to deletion.

•Create•Rename•Delete

Policy Assignment & Data Migration

BSmith 25MB

Jefferson

Employee Students Other

Sunshine Elem Lincoln Middle Riverside High

Policy

Policy

Policy

BSmith

BSmith

BSmith 50MB

• Seamless

• Fault-tolerant

• Safe

Scheduler – 9:00PM

Northern Illinois UniversityData Migration - Backfill

NIU

Faculty Students Other

Policy

BSmith

RJones

KJackson

RCroom

DWyatt

RJones

KJackson

BSmith

RCroom

DWyattBSmith

RCroom DWyatt

RJones

KJackson

Admin issues Backfill with “Enforce Policy Paths” option, which will move data.

Pentium Pro 200’s –

67,672 Users

Pentium Pro 200’s –

0 Users

NCS

Education Group Policy Example

Target File

Systems

SERV1/VOL1:GroupSample

Jefferson

Courses Employee Student

Algorithm: Random BalanceRights: noneQuota: 500 MBTemplate: SERV1/VOL1:GroupSampleDelWait: Never

150MB

Copy

SPAN340-001

SPAN340-001

Policy

Assign Policy to Courses Container

Automatically Create Group Storage and Assign Policies

Copy Course Files for Each Student from Template

Create Course Group

Object

Group Policy TemplatesConfiguration StepsSPAN340-001.MS.COURSES.STATEU

Create eDir

Objects

Assign Rights to Directories

Create Template

Create Group Object

Assign Members & Owners to the Group

Create FSF Group Policy Using the FSF Management

Interface

Group Policy Templates

JSmith.Students.STATEU

MRoberts.Students.STATEU

NFrost.Students.STATEU

PJones.Students.STATEU

RBrooks.Students.STATEU

SSmith.Students.STATEU

STimms.Students.STATEU

TJones.Students.STATEU

TSmythe.Students.STATEU

WClark.Students.STATEU

ABelcher.Staff.STATEU

KAlesanto.Staff.STATEU

Members Owners

Assign Students as Members and Instructors as Owners

Group Policy Templates

File System Factory Automatically Provisions Storage for Students and Instructors

Backfill - Apply or Reapply Policy to Existing Objects On Demand

SCSD

COURSES FACULTY STUDENTS

Policy

BSmith

RJones

KJackson

RCroom

DWyatt

RJones

KJackson

BSmith

RCroom

DWyatt

BSmith

RCroom

DWyatt

BSmith

RCroom DWyatt

RJones

KJackson

Admin issues Backfill with “Enforce Policy Paths” option, which will move data.

Later, the same operation can be used to replace existing servers.

• Provision storage for pre-existing users according to policy.

• Begin managing pre-existing storage according to policy.

Where’s my stuff?

Users need an easy way to find their storage …even if you need to move it.

Personal Storage and Group Storage.

Map a Drive? There’s only so many letters in the alphabet.

Login Script Management is a headache for group storage.

URAccess

End-User tool for dynamically building personalized access links to storage.

Leverages Home_Directory user attribute for personal storage.

Leverages cccFSFactoryHomedir group attribute for shared storage.

Creates a local set of UNC paths and description presented to the user in a Windows UI.

Like App-Launcher for ZENworks, except provides access to storage.

List can be refreshed at any time.

Supports multiple tree connections.

URAccess

Executive Storage DashboardStorage Trends on User and Group

Policies

Administrative Storage Dashboard

Storage Health Check

https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFExecutiveDashboard.

Event Statistics

Web Based Quota Manager Policy Configuration

Quota Manager – Help Desk Interface

https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFQuotaMgr

Quota Manager – Help Desk Interface

Green = space available > 25% of quota

Yellow = space available < 25% of quota Red = space available < 10% of quota

Quota Manager – Help Desk Interface

File System Rights Analysis

Rights Analysis

OWNERS

MEMBERS

Novell eGuide Manager

Workflow Configuration

Employee Data Manager Interface

What are the requirements?

Any Novell supported version of NDS® or eDirectory (6.xx, 7.xx, 8.xx, 85.xx, 8.6.x, 8.7.x)

NetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later

NetWare 4.x SP9 or laterNetWare 5.0 SP6a or laterNetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later

NetWare 6.0 SP4 or laterNetWare 6.5 or later

NDS/eDir

FSF_Event

FSF_Engine

File System Factory for:

Microsoft

Active Directory

Linux

Coming up Next

FSF

NetWare

NetWare

Provision and De-Provision Storage for Netware, Active Directory and Linux Based on Policy

eDirectory

BorderManager

ZENworks for

Desktops

NetMail

Identity MgrPeopleSoft

Identity MgrAD

ActiveDirector

y

LINUX

PeopleSoft Driver

Driver

FSF

IUAdmin™

User Self Service

PersonalAnd Group

Storage Access

Help Desk

Managed By File System

Factory Events & Policies

Personal Storage

Group Storage

ePortfolio

IUAdmin™

• Web Based Access to Netware Personal Content and ePortfolio Managed by File System Factory Policies• Web Based Access to Collaborative Group Content Based on File System Factory Policies• Integrate with Novell Extend Portal, Netware 6.5 Virtual Office Portal and Novell iChain• User Self Service

• Self-Service Password Reset• Let Users Optionally fix their own problems

• Help Desk Administration• Location and Departmental based Help Desk • Help Desk Group Management• User Help Indicators Identify Account Problems

Intruder Lockout Grace Logins

Login Disabled

Account Expired

Help Desk Dashboard

IUAdmin™ Architecture

IUAdminCore

Architecture

User SelfService

HelpDesk

FileSystem

Mgt

ResourceMgt

AuditLogin Trustfun

File SystemAccess

Other products provideManagement Paks that plug in

to the architecture.

FileSystemFactory

ePortfolio

• Built on top of Novell’s HTTPSTK..no Built on top of Novell’s HTTPSTK..no webserver to install or configure.webserver to install or configure.

• SSL connections for security.SSL connections for security.

• Contextless Login.Contextless Login.

• No schema extensions. However No schema extensions. However optional extensions are provided optional extensions are provided for increased functionality.for increased functionality.

• Runs on Netware 5.1 or above with Runs on Netware 5.1 or above with any version of eDirectory.any version of eDirectory.

Self Service and Password Reset

Self Service Password Reset

No More Floppy Drive Headaches

• Virus’s

• Limited Space

• Drive Failures

• Management Nightmare

IUAdmin

SolutionFile System Factory

AuditLogin Graph

AuditLogin - Log File Report

Securely Linking eEducation to Everything

Novell iChain

What is iChain?

iChain is Novell technology for web security• Reduces the complexities of implementing and

managing secure web applications• Proxy based Architecture• Supports more HTTP services than any of it’s

competitors• Provide single sign-on to web based resources• Supports Enterprise and Project based solutions

Why iChain?

Firewall

Intranet

Internet

Student

Internet

Parent

IUAdmin

IIS

SEC

UR

ITY

Web Servers and Applications

SEC

UR

ITY

Linux/Apache

SEC

UR

ITY

Issues when creating a Secure Web infrastructure:

• Direct Access to Web Servers (increase possibility of hacking)

• Multiple User Identities (no single sign on)

• Need to install SSL services on each web server

• Need to change links in HTML content from HTTP to HTTPS

• Many different Web Server Technologies

Teacher

Firewall

SEC

UR

ITY

IN

FR

AS

TR

UC

TU

RE

Web Servers andApplications

Teacher

One Net

Student

Parent

IUAdmin

Linux/Apache

eDirectory™

iChain®

Benefits of iChain:• Single Authentication Point

• Provides Web Single Sign On (headers and Form Fill) Sends Personalized content to applications

• Rewrites HTML data (completely hide internal DNS infrastructure)

• Dynamically encrypts content as it passes through proxy

• Single SSL Certificate can be used for all internal web sites (proxy based)

• No change to HTML content

• No change to applications authentication process

• Secures all HTTP servers

• Remove Direct Access to Web Servers

iChain Solution

IIS

Phase 1• Identity Based Collaborative Learning

– Personal Content and Class Storage– Web Based Access for Teachers and Students– Student ePortfolio - Cradle to Job– User Self Service and Web Based Help Desk– Faculty and IT Staff Training

• SIF Readiness Assessment– Technology Infrastructure Assessment– High-Level SIF Design and Plan (Naming

Standards)– Executive Level Presentation of Findings

• Minimum Phase 1 Software Requirements– Novell File System Factory– IUAdmin and AuditLogin

Phased Approach – Phase 1

Phase 1 Policy Based Collaborative Learning

ZENWorks™

GroupWise®

NetMail

Novell

BorderManager

IUAdmin™

AuditLogin™

eDirectory™

File System Factory™

Policy Based Storage

Home DirectoryClass Storage

Student ePortfolio

User

AuditLogin Report & Graph

User

Product Licenses Novell SLA

• File System Factory™Condrey Consulting

• IUAdmin™• AuditLogin™, TrustFun

UIMPORT LDAP IDM Console One

User

Faculty Students

SCSD

SHS

STUDENTS

SMS

STUDENTS

User

Production Tree

Internet

Novell BorderManag

er

K12 Student ProvisioningGrade Promotion

Student Locker

Home Directory

ePortfolio

Class Storage

User

HS1

IUAdmin

MS1

HD

EP

Grade Promotion eDirectory

UIMPORT LDAPCustom or3rd Party

Console OneIDM

FSF

Production Tree

Internet

K12 Student ProvisioningGraduation

User

HS1 IUAdmin™

EPHD

ePortfolio EP

IUAdmin™

SCSD

DIST

SMS

STUDENTS

Graduated

Novell BorderManag

er

Student LockerGraduation

eDirectory

UIMPORT LDAPCustom or3rd Party

Console OneIDM

FSF

Phase 1 Benefits

Teachers

• Web based access to resources and data

• Team Collaboration with students and teachers

• Teacher ePortfolio

Students

• Personalized Student Content

• Improved timeliness of service

• Web Based Access to resources and lesson assignments

IT Departments

• Reduced help desk support costs

• Reduced time needed to manage personal and group storage

• Leverage existing systems and infrastructure – No upgrades

Administrators

• Meet NCLB requirement for personalize content

• Minimal cost with large return

• Web based access to resources and data

Description Cost Maint Totals

File System Factory – 5000 Students (SLA) $2,500.00 $0.00 $2,500.00

IUAdmin – 900 Faculty and 12th Grade Students $700.00 $140.00 $840.00

AuditLogin – Site District License $1,000.00 $350.00 $1,350.00

TrustFun – Site District License $400.00 $125.00 $525.00

Software Cost     $5,215.00

* Hardware Cost     $0.00

Total Software and Hardware Cost     $5,215.00

       

# Students in District = 5000

* FTE for File System Factory# Faculty in District = 500

# Students in 12th Grade = 400

FTE for IUAdmin = 900

* Hardware costs depends on the clients current environment Recommend one server for IUAdmin Resource Portal

Phase One Pilot Example

Current IUAdmin Educational PricingFlexible Pricing Based on District Needs

IUADMIN Government/Educational Pricing*

  New License   Maintenance Maintenance

User Count SKU# Price SKU# Price

1000 IAV101KEDU $700 IAMT01KEDU $140

2000 IAV102KEDU $1,000 IAMT02KEDU $200

4000 IAV104KEDU $1,600 IAMT04KEDU $320

8000 IAV108KEDU $2,400 IAMT08KEDU $480

16000 IAV116KEDU $3,200 IAMT16KEDU $640

32000 IAV132KEDU $4,800 IAMT32KEDU $960

Unlimited IAV1UNLEDU $6,400 IAMTUNLEDU $1,280

Current AuditLogin Educational Pricing

Government and Education Pricing*

AuditLogin

Description SKU# Price

Gov/Education New Licenses    

V3 Single Server ALV3NSSEDU $100

V3 Three Server Pack (save 25%) ALV3N3PEDU $225

V3 Site License ALV3NSTEDU $1,000

Gov/Education Maintenance    

V3 Yearly Upgrade Protection and Maintenance Option*** ALMAINTEDU $350

Gov/Education Upgrade from Version 2    

V3 Three Server Pack Upgrade** ALV3USSEDU $50

V3 Site License Upgrade ** ALV3USTEDU $500

Phase 2 – SIF-Enabled Identity Management• Detailed SIF Identity Management Design and Plan• SIF Production Pilot

– Two Schools and District Office– Knowledge Transfer and Training

• Full SIF Deployment Phase - Remaining Schools• Minimum Software Requirements

– Edustructures SIFWorks - SLA– SIS SIF Agent – Specific to vendor– NSure Identity Manager SIF Driver (DirXML) - SLA– Novell iChain – SLA– Hardware Requirements – Depends on Size of District

Phased Approach – Phase 2

User Provisioning / De-Provisioning

User Access Management

Content Management& Personalization

AuditLoginTrustFun

IUAdmin

File System Factory

Phase 1

Phase 2

Nsure Identity Mgr SIFWorks

Novell iChain

NW 6.5 Virtual Office eXtend

Portal

SIF-Enabled Identity Management Phases

Collaborative Learning

SIF Provisioni

ng

User

ZENWorks

NetMail®

Novell iChain

Extend Portal / Virtual Office

IUAdmin

AuditLoginInstructional

Services

eDirectory™

File System Factory

User

AuditLogin Report & Graph

DirXML

H.R. &Finance

VoiceTelephon

y

Library Automation

Student Information

Services

Transportation

FoodServices

Policy Based Storage

Home DirectoryClass Storage

Student ePortfolio

User

Faculty Students

Student Provisioning Phase 2

Q & A

TrustFun Rights Analysis

TrustFun Report

Trustee Assignment Detail