private cloud forefront identity manager 2010 (adam bresson)
DESCRIPTION
Forefront Identity Manager 2010TRANSCRIPT
![Page 1: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/1.jpg)
JOURNEY TO THE CLOUD
FIM 2010 Used for Management of AD the core of your Identity in the Private Cloud
![Page 2: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/2.jpg)
Cloud Security Concerns
• Security is the number 1 concern for cloud adoption
• 75% responded 4 or 5 (on 1 to 5 scale) *• Key security issues:
• Isolation of tenants from each other & hosting infrastructure
• Compute and network layers• Authentication / Authorization / Auditing of access to
cloud services• Unauthorized access / DoS due to weak (or
mis)configuration
* Source: IDC Enterprise Panel
![Page 3: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/3.jpg)
Three Pillars
Identity Management Platform
Au
thori
zati
on
Au
then
ticati
on
Att
rib
ute
s
![Page 4: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/4.jpg)
To The Cloud!
• Hyper-V uses AD groups natively for delegated administration
• Security configuration driven via Group Policy
• What is an effective way to manage groups?
![Page 5: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/5.jpg)
Typical Cloud ID Journey
Silos(Islands of Identity)
FederatedIslands ofIdentity
Au
thori
zati
on
Au
then
ticati
on
Att
rib
ute
s
![Page 6: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/6.jpg)
A Better Journey
Silos(Islands of Identity)
FederatedIslands ofIdentity Identity Management Platform
Au
thori
zati
on
Au
then
ticati
on
Att
rib
ute
s
![Page 7: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/7.jpg)
What is Forefront Identity Manager
Self-Service integration
FIM Portal
WindowsLog On
AD FS login across clouds
Integrated login to applications
Secure the Private CloudDirectories
LOB Applications
Databases
Manages Active Directory - secure delegation
of administration- enable access to
private cloud
![Page 8: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/8.jpg)
Phone
AD
Common Identity across clouds
FIM 2010
Workflow
HR SystemFirstName
Terry
LastName
Adams
Title Sales Manager
Dept Sales
Mgr: Melissa Meyers
EmplID 123
FirstName
Terry
LastName
Adams
Title Sales Manager
Dept Sales
Mgr: Melissa Meyers
LoginID Tadams
Firstname Terry
LastName
Adams
Phone 555-1234
Phone 555-1212
EmailLoginID
Tadams
Email [email protected]
Email [email protected]
Groups Melissa’s Directs
All in Sales
Sales App Owners
Group membership and user attributes generated
Exchange
SharePoint
Web Sites
File / Print
Line of Business
Apps
Integrated and federated common identity
Office 365
Windows Azure
Private Cloud
PaaSSaaS
Public Cloud
![Page 9: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/9.jpg)
Private Cloud Enabled Identity
All Microsoft solutions for private cloud leverage a single identity store to authenticate users with Microsoft® Active Directory® across physical and virtual systems.
Virtualization
Hyper-V™
Hardware Presentation Application
Network Access Protection
Server and Domain Isolation
Forefront™ Security Solutions
System Center Virtual Machine Manager
Forefront Identity Manager
Activ
e Di
rect
ory
Active Directoryo Single identity store to
authenticate users o Support across physical and
virtual systemso Federated Identity
Forefront Identity Managero Easy user provisioningo Identity synchronizationo Simplified management of
cloud resources
Terminal Services
Microsoft App. Virt.
![Page 10: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/10.jpg)
Roles in Hyper-V and
System Center
Leverage AD Groups in
roles
Manage AD Groups in
FIM
Private Cloud Self
Service secure and compliant
Solution Example – Enhancing Private Cloud with Identity
• Hyper-V and SC Virtual Machine Manager uses roles• Roles can contain users or groups from AD• Delegation of datacenter management • Forefront Identity Manager securely manages membership in AD
groups
![Page 11: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/11.jpg)
Solution Example- Enhancing Private Cloud with Identity
• Default role allows access to all operations
• Additional roles with desired rights can be created• 33 different operations
OOB grouped under• Hyper-V Service Operations• Hyper-V Networks
Operations• Hyper-V Virtual Machine
Operations
Hyper-V Authorization Manager + Common identity in Private Cloud
![Page 12: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/12.jpg)
Virtual Machine Manager + Common identity in Private Cloud
• The Administrator profile • Complete administrative access to
all the hosts, virtual machines, and library servers in VMM 2008
• The Delegated Administrator profile• Grants administrative access to a
defined set of host groups and library servers
• The Self-Service User profile • Administrative access to a defined
set of virtual machines through the Web-based Virtual Machine Manager Self-Service Portal
• Additional delegation capabilities in Self service portal
Solution Example - Enhancing Private Cloud with Identity
![Page 13: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/13.jpg)
FIM (Helping) with The Cloud
Can I have Admin access to the cloud
app?Request
Oh, alright then
Approve
User
![Page 14: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/14.jpg)
EVERY JOURNEY NEEDS A HISTORY
Silos(Islands of Identity)
FederatedIslands ofIdentity Identity Management Platform
Au
thori
zati
on
Au
then
ticati
on
Au
dit
Att
rib
ute
s
![Page 15: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/15.jpg)
TO THE CLOUD!
• Using Hyper-V as an infrastructure for Private Cloud is great for server optimization but, without an IAM architecture in place, this is just moving around the administrative problems.
• FIM provides a compliant and well managed AD. Compliance here is about automation of changing access permissions, making sure users have the right access, reporting.
• Active Directory provides the common identity platform for classic datacenter hosted systems, to private cloud and also paves the way to enabling use of public cloud resources.
![Page 16: Private cloud forefront identity manager 2010 (adam bresson)](https://reader038.vdocuments.site/reader038/viewer/2022103110/54b7c7d64a79593d748b4584/html5/thumbnails/16.jpg)
QUESTIONS ?