single sign-on integration (ssi) information security project [ part 3/3 ] information security...

Single Sign-on Integration (SSI)

Information Security Project[ Part 3/3 ]

For Professor Yan Chen; By Team Triad [ Naveed | Radu | Moniza ]

Login >

Login Successful !!!

****password123

AGENDA

Team Triad – Slide # 2

[3]Implementati

on

[4]Cost/Risk

[5]Impact:

Business/Legal

[6]Adoption

: Corp/Industr

y

[2]ProposedSolution

[1]Current:

issues/pros/cons

1 Project Overview2 Technical Analysis3 Business Analysis

[1] Current Solution: Issues/ pros/ cons

[2] Proposed Solution

[3] Implementation

[4] Analysis: Cost/ Risk

[5] Impact: Business/ Legal

consequences

[6] Adoption: Corporation/

Industry

Next Topic …


[1] Current Solution: Shortcomings, Pros, Cons[2] Proposed Solution

[3]Implementati

on

[4]Cost/Risk

[5]Impact:

Business/Legal

[6]Adoption

: Corp/Industr

y

[2]ProposedSolution

[1]Current:

issues/pros/cons

Project Overvie

w

Technical

Analysis

Business

Analysis

Current Infrastruct

ure

• Our Company has SSO Infrastructure• Also has silo applications using AD for

sign-on• We need to integrate silo apps into SSO

1) Current Solution


Problem Statement:

Authentication& Authorization

SSO

Portal-OR-

PROS:• Easier to understand• Faster site performance• No single point of authentication

failureCONS:

• Need to remember additional passwords

• Users spend more time logging in• Wasted infrastructure resources• Less Secure

1) Current Solution


Pros & Cons

HR

Custom

Current Solution: Jack’s Story …

ERP

CRM

SSO


Meet Jack!

This makes Jack …

Jack has to remember 5 different passwords

Jack uses 5 different websites

VERY…FRAZZLED!!!

HR

Custom

ERM

CRM

SSO


Integrate apps with existing SSO

SSO

That makes Jack very HAPPY !!!

Jack has to remember 1 password

Get rid of keys & passwords except 1

Proposed Solution …

Next Topic …


[3] Solution Implementation

[3]Implementati

on

[4]Cost/Risk/ Selection

[5]Impact:

Business/Legal

[6]Adoption

: Corp/Industr

y

[2]ProposedSolution

[1]Current:

issues/pros/cons

Project Overvie

w

Technical

Analysis

Business

Analysis


SharePoint 2010

3) Solution ImplementationExisting SSO Technology

Active Directory

2008 R2

Question: Which one to use? Lets first analyze them both …

3) Solution Implementation


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

Active Directory• Overview• Integration Steps

SSO Overview & Integration Steps

SharePoint• Overview• Integration Steps


Active

Directory

Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

+

o Federation & Unity (ADFS)

o Directory Service (LDAP)

o Server Management (ADSM)

o Group Policy (GP)

Main Features


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

Reference: Book: Windows Server® 2008 Active Directory® Resource KitBy Stan Riemer; Conan Kezema; Mike Mulcare ; Byron Wright; Microsoft Active Directory

11 Step process to establish SSO connection.

Requires custom code/configuration at Web Server.

Next Discussion: Integrating our silo apps (at Web Server) to work with AD’s SSO

SSO Scenario with AD: Client accessing internet


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

Step 1) Enable Federation on Web Server

Step 2) Enable Reading SAML tokenStep 3) Verify Authentication from SAML token

Step 4) Obtain Trust Policy from AzMan

Step 5) Retrieve ClaimsStep 6) Make Authorizing Decisions

A LOT of custom code & configuration

STEPS: Integrating apps to AD SSO


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

SharePoint - Main Component

Reference: Book: Essential SharePoint 2010: Overview, Governance, and Planning

Standard

• Portal• Search• Social• People• ECM -

Enterprise Content Mgmt

Enterprise

• BI• Applications• BPM -

Business Process Mgmt

Core

• Storage• Topology• Share

Services• Base APIs• Security

Security• Integrated with SSO

providers (such as AD)• Customize security• Separate admin portals


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

SharePoint - Architecture

Next Discussion: Integrating our silo applications into SP Site Collection


Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

STEPS: Integrating apps to SP (& SSO)

Step 1) Move & Import app to SP SiteStep 2) Update SP Configuration, DB connections

Step 3) Configure app to attach SP master pageStep 4) Update site roles if necessary

NOT many code or configuration changes


SharePointActive Directory

Active Directory

101

AD Integrati

on

SharePoint 101

SP Integrati

on

COMPARISON: AD vs. SP

• Easier to integrate

• Easier to configure

• Added features

• Can integrate with

other SSO providers

• Require significant

code changes

• More complex

integration

• Does not require SP

for SSI

• Integrate Custom/simple apps

• Integrate apps with SharePoint whenever possible


SharePoint 2010

3) Solution Implementation

• Integrate third-party/ complex apps

• Integrate apps when unable to integrate with SharePoint

Active Directory

2008 R2

Microsoft Recommendation for SSI

Rule of

Thumb

Reference: Microsoft Press Book: “Microsoft SharePoint Foundation 2010”Authors: Penelope Coventry, Troy Lanphier, Johnathan Lightfoot, Thomas Resing, Michael Doyle

Next Topic …


[4] Cost/ Risk Analysis[5] Business/ Legal Consequences[6] Corporations/ Industry adoption of SSI

[3]Implementati

on

[4]Cost/Risk

[5]Impact:

Business/Legal

[6]Adoption

: Corp/Industr

y

[2]ProposedSolution

[1]Current:

issues/pros/cons

Project Overvie

w

Technical

Analysis

Business

Analysis

Work Breakdown Structure (WBS) as follows:

Cost of Single Sign-on Integration


• SW Costs• HW Costs

Software/Hardware Cost

Total Cost of Ownership (TCO)


SharePoint Active Directory

Software & Hardware Cost1. Software Cost - Use Existing SW -$ -$

2. Hardware Cost - Use Existing HW -$ -$

3. Cost Savings - Decommission existing system (50,000)$ -$

Total SW/HW Cost (50,000)$ -$

Dev/Support Cost1. Develop/Integrate duration - in weeks 1 3

2. Develop/Integrate resources - in FTE 1.5 2.0

3. Developer Yearly Salary 90,000$ 75,000$

4. Develop/integrate Cost [1]2,596$ 8,654$

5. Support/Repair [2]1,298$ 5,192$

6. Deployment/Maintenance Cost 1,298$ 5,192$

Total Support Cost 5,192$ 19,038$

Training Cost1. No. of days for training 2$ 3$

2. Training Cost per day 1,000$ 1,000$

Total Training Cost 2,000$ 3,000$

Incremental Cost, 3 years1. Dev/Support duration per year - in weeks 2$ 6$

2. User Training Cost 1,000$ 1,000$

3. License renewal Cost -$ -$

4. Dev/Support Cost 3,462$ 8,654$

5. Incremental Cost 4,462$ 9,654$

Total Incremental Cost 13,385$ 28,962$

Total Cost of Ownership: (29,423)$ 51,000$

Costs

Reference:[1] Formula: (#3/52*#1)*#2[2] Formula: (#3/52*#1/2)*#2

Software & Hardware CostDecommissioning server when integrating with SP.Dev/Support CostLess work with SharePoint Integration.

Training CostSlightly more training cost for AD.

Incremental CostMore support required for AD.

Risk Analysis


o Investing in Microsoft

technology stack

o Availability of resources

o Slower Performance

o System outage affects all

applications

Risk of Implementing SSI

o Cost savings

o Well documented

integration

o Leadership support

o Simple integration options

Feasibility Analysis


What makes Implementing SSI, a feasible solution?

o Easier authentication

o Single & easy user management

o Cross site integration

o Single business portal

o Simplifies legal requirement

Business & Legal Consequences


o Silo apps exist in all major

corporations regardless of

industry.

o Wide solution adoption potential.

o SharePoint is industry leader and

already well adopted by

organizations around the world.

Solution Adoption


By Corporations/Industries

Q&AThank you,

[ TEAM TRIAD ]Moniza | Radu | Naveed


single sign-on integration (ssi) information security project [ part 3/3 ] information security...

Documents