Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

Similar documents
System Administration Training Guide. S100 Installation and Site Management

Mod 2: User Management

Okta/Dropbox Active Directory Integration Guide

NSi Mobile Installation Guide. Version 6.2

Employee Active Directory Self-Service Quick Setup Guide

HP Client Automation Standard Fast Track guide

This document is provided to you by ABC E BUSINESS, Microsoft Dynamics Preferred partner. System Requirements NAV 2016

Aurora Hosted Services Hosted AD, Identity Management & ADFS

System Requirements for Microsoft Dynamics NAV 2016

Cloud Services ADM. Agent Deployment Guide

System Requirements for Microsoft Dynamics NAV 2016

OneStop Reporting 3.7 Installation Guide. Updated:

System Requirements for Microsoft Dynamics NAV 2016

SAP Crystal Reports & SAP HANA: Integration & Roadmap Kenneth Li SAP SESSION CODE: 0401

Administration Guide. WatchDox Server. Version 4.8.0

Administering Windows Server 2012

Office 365 deployment checklists

Moving to the Cloud: A Practical Guide Community IT

Documentation. CloudAnywhere. Page 1

XIA Configuration Server

Using Exclaimer Signature Manager with Office 365

Interworks. Interworks Cloud Platform Installation Guide

Cloud Authentication. Getting Started Guide. Version

Deploying System Center 2012 R2 Configuration Manager

LEARNING SOLUTIONS website milner.com/learning phone

How To - Implement Single Sign On Authentication with Active Directory

Introduction to the AirWatch Cloud Connector (ACC) Guide

Interact Intranet Version 7. Technical Requirements. August Interact

activecho Driving Secure Enterprise File Sharing and Syncing

AVALANCHE MC 5.3 AND DATABASE MANAGEMENT SYSTEMS

System Requirements for Microsoft Dynamics NAV 2015

Hardware/Software Requirements For Self-Hosting Multi Server

Active Directory Management. Agent Deployment Guide

3M Command Center. Installation and Upgrade Guide

DOCSVAULT Document Management System for everyone

System Requirements for Microsoft Dynamics NAV 2016

Veeam Backup Enterprise Manager. Version 7.0

A Guide to New Features in Propalms OneGate 4.0

Sisense. Product Highlights.

SMALL BUSINESS OUTSOURCING

Office 365 deploym. ployment checklists. Chapter 27

Remote Application Server Version 14. Last updated:

Administration Guide for the System Center Cloud Services Process Pack

1. PREREQUISITES 2. NETWORK ADMINISTRATORS INFO

NetIQ Advanced Authentication Framework. System Requirements. Version 5.1.0

AVG Business SSO Partner Getting Started Guide

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Netwrix Auditor for Exchange

Get started with cloud hybrid search for SharePoint

Getting Started with Attunity CloudBeam for Azure SQL Data Warehouse BYOL

Active Directory Management. Agent Deployment Guide

Netwrix Auditor for Active Directory

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

DameWare Server. Administrator Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Statement of Work for

Fairsail. Implementer. Fairsail to Active Directory Synchronization. Version 1.0 FS-PS-FSAD-IG R001.00

ADFS 2.0 Application Director Blueprint Deployment Guide

Novell to Microsoft Conversion: Identity Management Design & Plan

Implementing Active Directory Rights Management Services with Exchange and SharePoint

Extend your Exchange On Premises Organization to the Cloud

Enterprise Vault.cloud Deployment Checklist

System Requirements. Microsoft Dynamics NAV 2016

Sage ERP Accpac 6.0A. SageCRM 7.0 I Integration Guide

Agency Pre Migration Tasks

User Management Tool 1.5

PC Monitor Enterprise Server. Setup Guide

McAfee Cloud Single Sign On

ManageEngine Desktop Central Training

Quick Start Guide for VMware and Windows 7

Technical Requirements for OneStop Reporting products

Project management integrated into Outlook

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Google Apps Deployment Guide

Propalms TSE Quickstart Guide

Document OwnCloud Collaboration Server (DOCS) User Manual. How to Access Document Storage

AVG Business SSO Connecting to Active Directory

Upgrade Guide BES12. Version 12.1

Pearl Echo Installation Checklist

NYS Office 365 Administration Guide for Agencies

Password Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Copyright 2011 Sage Technologies Limited, publisher of this work. All rights reserved.

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

BridgeConnex Statement of Work Managed Network Services (MNS) & Network Monitoring Services (NMS)

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

WatchDox Administrator's Guide. Application Version 3.7.5

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Remote Application Server Version 14. Last updated:

Sage SalesLogix. Implementation Guide. Version 8.0 Developed by Sage SalesLogix User Assistance

How To Use Exchange Reporter Plus On A Microsoft Mailbox On A Windows (Windows) On A Server Or Ipa (Windows 7) On An Ubuntu 7.6 (Windows 8) On Your Pc Or

File Share Navigator Online 1

Single Sign On. SSO & ID Management for Web and Mobile Applications

Password Reset PRO INSTALLATION GUIDE

Netwrix Auditor for SQL Server

Power Update - Documentation Power Update Manager

Transcription:

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements Encore Software Solutions (V3) provides a holistic Identity Lifecycle Management and Federated Security Solution with an integrated Identity Verification System. Managing the Identity of an individual ( User ) through the user s given lifecycle requires an understanding of the users attributes as they change throughout their lifecycle. These attributes include but are not limited to: Role, Type, Security, Resource Access, Location and Status. A User s role may change based on their position (Ex. Teacher to Administrator) or location (Ex. School to School or School to District Office) which also changes the type of User (Ex. Standard to Privileged User) which ultimately affects not only their level of Security but also the Resources that they utilize or need. The Users status may change based on the type or seasonality of the position (Ex. Adjunct Professor, Teachers Aide) but the User needs to be in a managed state until the lifecycle of the user or position ends. As Technology continues to migrate to a utility model, resources are more often being accessed that do not belong to the consumer or consumer organization. Due to this change in consumption models as well as the proliferation of technology needs by Users, automating and securing a Users access to all resources (owned or non- owned) is critical. Otherwise, the manual processes place a very heavy burden on the organization and user that ultimately results in a significant delay in a user gaining access to the resources they need. Equally as important as the ability to provision resources is the ability to de- provision resources when they are no longer required or permitted. Encore Software Solutions ILM/FSS provides the mechanisms required to take a user from inception (Staff: Hiring / Student: Enrollment) through their lifecycle (Staff: Position / Student: Grade Change), automates their resource access (creating resources, changing resources, revoking resources) and provides the proper security constructs to enable resource access to owned (Ex. On- Premise File Servers or Application) or non- owned (ex. Office 365, Google, Renaissance Learning) resources. Full automation cannot be completed unless there is a level of User Self Service where the User can quickly on- board and reset their own password without having to engage Technical Support as Resources are often times accessed off- premise and after hours. 1

Encore Software Solutions (formerly V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) is made up of (4) unique but integrated components: o Provisioning (IDIOM): User and Application Provisioning o Enhanced Authentication: Security Federation (Authorization and Identity Provider) o Single Sign- On: One- Time Sign on to access multiple disparate resources o Identity Verification System: User Onboarding / Password Reset Provisioning (IDIOM): Utilizing an Authoritative Source such as an HR or Financial ERP (Staff) or Student Information System (Student), Encore creates, changes and manages the User Identity. The Provisioning Engine provisions Active Directory as well as other third- party applications (see Library Addendum). Configuring Specific Locations / Sites: 2

Configuring Users to not be Managed by Provisioning: Review Logs and Errors: 3

Configure Location Details: Manage Specific Job Codes: Manage Users Overrides: 4

Manage Student Overrides: Manage Home Folder (Creation, Migration, Archive and Deletion): Manage Advanced System Details: 5

Enhanced Authentication (EA): Provides a Federation mechanism that allows users to access resources that are not Active Directory integrated through standard security mechanisms such as SAML, WS- Federation, CAS and Shibboleth. Single Sign On (SSO): Enables the user to authenticate one time (generally to Active Directory) and their authentication information can be passed to other resources that are not Active Directory integrated or aware. 6

Identity Verification System (IVS): Enables the User to perform password resets with pre- defined questions/answers or other security mechanisms. 7

Cloud Email (Office 365 and Google) Distribution Editor When migrating to Cloud Email Platforms, there are a few irregularities regarding membership of synchronized distribution groups. Specifically, an end user will likely find they cannot edit a distribution list correctly and have the changes save. This issue is due to a conflict between changes in the cloud and changes in your on premise Active Directory. The root cause is the directory synchronization process is not bi- directional. To make it work correctly, the user should be editing the distribution group membership in the on premise Active Directory and then the synchronization will correctly update the cloud distribution group. Unfortunately, neither Outlook nor OWA can do that natively. ESS Distribution List Editor for the cloud solves this problem. For this release of the ESS Distribution List Editor, your users will be able to manage their Office 365 or Google Apps cloud distribution groups from within the desktop Outlook client or via an internet accessible web site. Office 365 OWA integration support is coming soon. 8

Cloud Email Active Directory Management Plugins (Widgets) Provides Cloud Email Attribute Management from Active Directory Users and Computers that enables Full User Attribute Management from One Location (ADUC) instead of having to access Exchange Online, Google Admin Management Console and Active Directory. 9

10

Template Encore Software Solutions Scope of Work Objectives To provide a turn- key, annual subscription- based, managed solution for Identity Lifecycle Management (User and Application Provisioning), Federated Security (Single Sign On, Enhanced Authentication, Federation via WS- Fed, SAML, CAS, Shibboleth) and Identity Verification System (User Self- Service Password Reset). Overview Encore Software Solutions Identity Lifecycle Management and Federated Security Solution Suite provides all of the required components to meet the customer requirements Project Details General Items A pre- project planning meeting will be held to ensure all client needs are understood and all design are accurate Client will sign off on project plan / design prior to implementation Any changes required post sign- off will result in a project change request and may result in additional billing Customer Environment Base Requirements: A Base SharePoint Implementation (Minimum 2010, 2013 or newer preferred Foundation is acceptable) is required for SSO/IVS. Identity Lifecycle Management / Provisioning (IDioM) v1.7.1 o Microsoft Forefront Identity Manager (FIM) 2010 SP3 o Internet Information Server 6.0 Web Server (or newer) Minimum 1, Recommend 2+ o SQL 2005 DB or newer usually shared with ILM / FIM o Environments being provisioned must be healthy, highly available and accessible Enhanced Authentication v4.1 o Healthy Active Directory 2008 R2 (or newer) Environment o SQL 2005 (or newer) DB o Internet Information Server 6.0 Web Server (or newer) Minimum 1, Recommend 2+ o Net Framework v3.5 Single (Simple) Sign- On Web Edition v3.8 o Healthy Active Directory 2008 R2 (or newer) Environment o.net Framework v3.5 o Internet Information Server 6.0 Web Server (or newer) Minimum 1, Recommend 2+ o Full Administrative rights Enterprise Admin, Schema Admin, Domain Admin Identity Verification System (User Self Service / Password Reset) v3.8 o Healthy Active Directory 2008 R2 (or newer) Environment o.net Framework v3.5 o Internet Information Server 6.0 Web Server (or newer) Minimum 1, Recommend 2+ o Full Administrative rights Enterprise Admin, Schema Admin, Domain Admin Cloud Email (Exchange, Office 365, Google) Distribution List Editor (DL Editor) and Active Directory Users and Computers (ADUC) Cloud Email Widgets (Plugins) o.net Framework 4.5.1 o Windows 2008 R2 or Windows 7 with AD Plugins or Newer 11

Customer Environment Base Requirements Hardware or vhardware: Windows 2012 R2 and SQL 2014 is recommended for all Platforms Identity Lifecycle Management / Provisioning (IDioM) v1.7.1 o Dual CPU o 8GB RAM (Depending on number of users, RAM may be higher) o HDD 40GB System Drive 80GB Data Drive o 1Gb NIC Enhanced Authentication v4.1 o Dual CPU o 8GB RAM (Depending on number of users, RAM may be higher) o HDD 40GB System Drive 80GB Data Drive o 1Gb NIC Single (Simple) Sign- On Web Edition v3.8 o Dual CPU o 8GB RAM o HDD 40GB System Drive o 1Gb NIC Identity Verification System (IVS) v3.8 o Dual CPU o 8GB RAM o HDD 40GB System Drive o 1Gb NIC Encore Software Solutions Licensing Schema: Identity Lifecycle Management / Provisioning (IDioM) v1.7.1 o Base License Plus Enabled User Enhanced Authentication v4.1 o Base License Plus Enabled User Single (Simple) Sign- On Web Edition v3.8 o Base License Plus Enabled User Identity Verification System (IVS) v3.8 o Base License Plus Enabled User Cloud Email DL Editor and ADUC Widgets o Base License 12

Encore Software Solutions Components: Identity Lifecycle Management / Provisioning (IDioM) v1.7.1 o ILM/FIM Add In Extends ILM/FIM o Home Folder Agent processes home folders exported by ILM/FIM Enhanced Authentication v4.1 o Ticket Manager Installed on every IIS server protected by EA o ISAPI Filter Installed on every server with a ticket manager o Database Manager Installed on one or more servers to provide database access to ticket managers o Logon System Web application installed on one or more IIS servers to provide login o Identity Firewall Optional Single (Simple) Sign- On Web Edition v3.8 / Identity Verification System (IVS) v3.8 o Access System Web application responsible for executing logins. At least 1 IIS server required, 2 or more recommended o Administration Tools At least one server for hosting tool set. o Active Directory Users and Computers (ADUC) Snap- In installed with admin tools, must be installed on at least one server for updating macros o SharePoint Web Part Optional launch platform for SharePoint o Provisioning Optional component that allows users to be enabled via a script Encore Responsibilities: Review Project Details in Pre- Project Planning Session Validate Solution Design and Configurations Specific Component Steps o Provisioning (IDioM) v1.7.1 Install ILM/FIM Install and configure IDioM prerequisites Install and configure IDioM Import Data Step through each import/synchronization and verify data Export data Start automatic processing o Enhanced Authentication v4.1 Install and configure the database manager and database. Install and configure the ticket manager on each IIS server to be protected by EA. Setup and configure the authentication web application Add the ISAPI filter to each IIS site to be protected o Single (Simple) Sign- On Web Edition / Identity Verification System v3.8 Install and configure the Administration tools Extend the Active Directory Schema Deploy the domain components Install and configure the web application Install and configure the SharePoint web part Develop and deploy macros Provide 2-4 Hours of Administrative training per Component Provide Documentation in Standard Format (PDF, DOC) 13

Client Responsibilities Provide Full Administrative Access (including Remote Access) to all Physical and Logical Components required for Project o Network Servers (Active Directory, Member Servers, etc.), Complete Network Documentation, OS, Software and Licensing Downloads as Necessary Provide a Highly Available Datacenter/Operating Environment that includes but is not limited highly available networking, cooling, power and other environment concerns Customer will provide all necessary hardware, software, licensing, etc. unless defined differently in an attached Bill of Material Ensure that all hardware and software in project Scope or necessary for the project has necessary Licensing and Support Contracts Customer will provide necessary network and Internet connectivity Provide onsite resource to facilitate all information and communication project requirements Provide availability for downtime, if required Responsible for communications between third party Data Center, Internet, MPLS and other Utility providers for scheduling turn- ups, cuts, etc. Encore is not responsible for delays caused by faulty hardware/software components, third party utilities and may result in additional billing if additional time is required due to delays or outages. Project Deliverables o Provide Documentation in Standard Format (PDF, DOC) Out of Scope Any changes required post sign- off will result in a project change order and may result in additional billing. A copy of the Change Request Form is attached in Appendix B. General Assumptions Client will provide remote access to network as it relates to this project Client will provide Encore access to all relevant devices, software, facilities and security measures for successful completion of the project Work may be performed remotely or onsite as needed Client will grant access to entire physical work area during Encore s normal business hours of 8am- 5pm Monday - Friday Client will ensure that sufficient rack space is available as it relates to this project Client will be responsible for any third party delays not caused by Encore. Delays may require additional fees and/or Change Orders Client will provide all necessary network cabling, cabling tie- wraps, etc. not defined in the Bill of Material Any physical transportation of data will be encrypted utilizing Microsoft BitLocker unless otherwise stated. All projects will be required to obtain a signed Project Signoff to indicate project completion (Appendix A) 14

s 15

Encore Software Solutions comparison to Microsoft Forefront Identity Manager (Native) 16

Appendix A Project Signoff Project Information The information below provides detailed information related to the project. It is provided as an additional level of detail and clarification of the client and associated contacts. Client Name: Address: City / State / ZIP: Phone: Email: Project Name: Project Number: Sales Rep: P.O. Number(s): Lead Engineer: Project Manager: Project Signoff By signing below, you agree that all work has been completed as documented in the Scope of Work section of this Statement of Work. Final project billing will be submitted for invoicing and payment as documented in the Encore General Terms and Conditions. Encore Authorized Signature Printed Name Title Date Customer Authorized Signature Printed Name Title Date 17

Appendix B Change Order Form Change Order Form Client: Order Number: Project Name: Project Location: We hereby agree to make change(s) as described herein: NOTE: This change order becomes part of an in conformance with the existing contract. We AGREE to make the change(s) specified at this price Columbus City Schools Encore Technology Group, LLC By: By: Print Name: Print Name: Title: Title: Date: Date: ACCEPTANCE The above prices and specifications of this Change Order are satisfactory and are hereby accepted. All work to be performed under the same terms and conditions as specified in the original contract unless otherwise specified. 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information