single sign-on integration (ssi) information security project [ part 3/3 ] information security...
TRANSCRIPT
Single Sign-on Integration (SSI)
Information Security Project[ Part 3/3 ]
For Professor Yan Chen; By Team Triad [ Naveed | Radu | Moniza ]
Login >
Login Successful !!!
****password123
AGENDA
Team Triad – Slide # 2
[3]Implementati
on
[4]Cost/Risk
[5]Impact:
Business/Legal
[6]Adoption
: Corp/Industr
y
[2]ProposedSolution
[1]Current:
issues/pros/cons
1 Project Overview2 Technical Analysis3 Business Analysis
[1] Current Solution: Issues/ pros/ cons
[2] Proposed Solution
[3] Implementation
[4] Analysis: Cost/ Risk
[5] Impact: Business/ Legal
consequences
[6] Adoption: Corporation/
Industry
Next Topic …
Team Triad – Slide # 3
[1] Current Solution: Shortcomings, Pros, Cons[2] Proposed Solution
[3]Implementati
on
[4]Cost/Risk
[5]Impact:
Business/Legal
[6]Adoption
: Corp/Industr
y
[2]ProposedSolution
[1]Current:
issues/pros/cons
Project Overvie
w
Technical
Analysis
Business
Analysis
Current Infrastruct
ure
• Our Company has SSO Infrastructure• Also has silo applications using AD for
sign-on• We need to integrate silo apps into SSO
1) Current Solution
Team Triad – Slide # 4
Problem Statement:
Authentication& Authorization
SSO
Portal-OR-
PROS:• Easier to understand• Faster site performance• No single point of authentication
failureCONS:
• Need to remember additional passwords
• Users spend more time logging in• Wasted infrastructure resources• Less Secure
1) Current Solution
Team Triad – Slide # 5
Pros & Cons
HR
Custom
Current Solution: Jack’s Story …
ERP
CRM
SSO
Team Triad – Slide # 6
Meet Jack!
This makes Jack …
Jack has to remember 5 different passwords
Jack uses 5 different websites
VERY…FRAZZLED!!!
HR
Custom
ERM
CRM
SSO
Team Triad – Slide # 7
Integrate apps with existing SSO
SSO
That makes Jack very HAPPY !!!
Jack has to remember 1 password
Get rid of keys & passwords except 1
Proposed Solution …
Next Topic …
Team Triad – Slide # 8
[3] Solution Implementation
[3]Implementati
on
[4]Cost/Risk/ Selection
[5]Impact:
Business/Legal
[6]Adoption
: Corp/Industr
y
[2]ProposedSolution
[1]Current:
issues/pros/cons
Project Overvie
w
Technical
Analysis
Business
Analysis
Team Triad – Slide # 9
SharePoint 2010
3) Solution ImplementationExisting SSO Technology
Active Directory
2008 R2
Question: Which one to use? Lets first analyze them both …
3) Solution Implementation
Team Triad – Slide # 10
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
Active Directory• Overview• Integration Steps
SSO Overview & Integration Steps
SharePoint• Overview• Integration Steps
Team Triad – Slide # 11
Active
Directory
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
+
o Federation & Unity (ADFS)
o Directory Service (LDAP)
o Server Management (ADSM)
o Group Policy (GP)
Main Features
Team Triad – Slide # 12
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
Reference: Book: Windows Server® 2008 Active Directory® Resource KitBy Stan Riemer; Conan Kezema; Mike Mulcare ; Byron Wright; Microsoft Active Directory
11 Step process to establish SSO connection.
Requires custom code/configuration at Web Server.
Next Discussion: Integrating our silo apps (at Web Server) to work with AD’s SSO
SSO Scenario with AD: Client accessing internet
Team Triad – Slide # 13
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
Step 1) Enable Federation on Web Server
Step 2) Enable Reading SAML tokenStep 3) Verify Authentication from SAML token
Step 4) Obtain Trust Policy from AzMan
Step 5) Retrieve ClaimsStep 6) Make Authorizing Decisions
A LOT of custom code & configuration
STEPS: Integrating apps to AD SSO
Team Triad – Slide # 14
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
SharePoint - Main Component
Reference: Book: Essential SharePoint 2010: Overview, Governance, and Planning
Standard
• Portal• Search• Social• People• ECM -
Enterprise Content Mgmt
Enterprise
• BI• Applications• BPM -
Business Process Mgmt
Core
• Storage• Topology• Share
Services• Base APIs• Security
Security• Integrated with SSO
providers (such as AD)• Customize security• Separate admin portals
Team Triad – Slide # 15
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
SharePoint - Architecture
Next Discussion: Integrating our silo applications into SP Site Collection
Team Triad – Slide # 16
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
STEPS: Integrating apps to SP (& SSO)
Step 1) Move & Import app to SP SiteStep 2) Update SP Configuration, DB connections
Step 3) Configure app to attach SP master pageStep 4) Update site roles if necessary
NOT many code or configuration changes
Team Triad – Slide # 17
SharePointActive Directory
Active Directory
101
AD Integrati
on
SharePoint 101
SP Integrati
on
COMPARISON: AD vs. SP
• Easier to integrate
• Easier to configure
• Added features
• Can integrate with
other SSO providers
• Require significant
code changes
• More complex
integration
• Does not require SP
for SSI
• Integrate Custom/simple apps
• Integrate apps with SharePoint whenever possible
Team Triad – Slide # 18
SharePoint 2010
3) Solution Implementation
• Integrate third-party/ complex apps
• Integrate apps when unable to integrate with SharePoint
Active Directory
2008 R2
Microsoft Recommendation for SSI
Rule of
Thumb
Reference: Microsoft Press Book: “Microsoft SharePoint Foundation 2010”Authors: Penelope Coventry, Troy Lanphier, Johnathan Lightfoot, Thomas Resing, Michael Doyle
Next Topic …
Team Triad – Slide # 19
[4] Cost/ Risk Analysis[5] Business/ Legal Consequences[6] Corporations/ Industry adoption of SSI
[3]Implementati
on
[4]Cost/Risk
[5]Impact:
Business/Legal
[6]Adoption
: Corp/Industr
y
[2]ProposedSolution
[1]Current:
issues/pros/cons
Project Overvie
w
Technical
Analysis
Business
Analysis
Work Breakdown Structure (WBS) as follows:
Cost of Single Sign-on Integration
Team Triad – Slide # 20
• SW Costs• HW Costs
Software/Hardware Cost
Total Cost of Ownership (TCO)
Team Triad – Slide # 21
SharePoint Active Directory
Software & Hardware Cost1. Software Cost - Use Existing SW -$ -$
2. Hardware Cost - Use Existing HW -$ -$
3. Cost Savings - Decommission existing system (50,000)$ -$
Total SW/HW Cost (50,000)$ -$
Dev/Support Cost1. Develop/Integrate duration - in weeks 1 3
2. Develop/Integrate resources - in FTE 1.5 2.0
3. Developer Yearly Salary 90,000$ 75,000$
4. Develop/integrate Cost [1]2,596$ 8,654$
5. Support/Repair [2]1,298$ 5,192$
6. Deployment/Maintenance Cost 1,298$ 5,192$
Total Support Cost 5,192$ 19,038$
Training Cost1. No. of days for training 2$ 3$
2. Training Cost per day 1,000$ 1,000$
Total Training Cost 2,000$ 3,000$
Incremental Cost, 3 years1. Dev/Support duration per year - in weeks 2$ 6$
2. User Training Cost 1,000$ 1,000$
3. License renewal Cost -$ -$
4. Dev/Support Cost 3,462$ 8,654$
5. Incremental Cost 4,462$ 9,654$
Total Incremental Cost 13,385$ 28,962$
Total Cost of Ownership: (29,423)$ 51,000$
Costs
Reference:[1] Formula: (#3/52*#1)*#2[2] Formula: (#3/52*#1/2)*#2
Software & Hardware CostDecommissioning server when integrating with SP.Dev/Support CostLess work with SharePoint Integration.
Training CostSlightly more training cost for AD.
Incremental CostMore support required for AD.
Risk Analysis
Team Triad – Slide # 22
o Investing in Microsoft
technology stack
o Availability of resources
o Slower Performance
o System outage affects all
applications
Risk of Implementing SSI
o Cost savings
o Well documented
integration
o Leadership support
o Simple integration options
Feasibility Analysis
Team Triad – Slide # 23
What makes Implementing SSI, a feasible solution?
o Easier authentication
o Single & easy user management
o Cross site integration
o Single business portal
o Simplifies legal requirement
Business & Legal Consequences
Team Triad – Slide # 24
o Silo apps exist in all major
corporations regardless of
industry.
o Wide solution adoption potential.
o SharePoint is industry leader and
already well adopted by
organizations around the world.
Solution Adoption
Team Triad – Slide # 25
By Corporations/Industries
Q&AThank you,
[ TEAM TRIAD ]Moniza | Radu | Naveed
Team Triad – Slide # 26