Click here to receive your FREE subscription to Campus Technology
Focus
Privacy Drives Directory Work at Northwestern
9/20/2007
On the shortlist were Microsoft Identity Integration Server, OctetString (acquired by Oracle in 2005), and Radiant Logic RadiantOne. The cost and scope of the Microsoft solution eliminated it from final consideration. And after a close examination of the two remaining choices, Board said, RadiantOne came out on top based on its internal business rule construction interface. "We felt that RadiantLogic's programming interface and fundamentally Java-based interfaces for code that we would have to write centrally was more amenable to our skill set, and we felt it could be better supported going forward than an OctetString."Board said he estimates that the university has invested about $100,000 in the software's licensing and maintenance fees. Deploying it on the central forest, as a Windows 2003 instance, took about two months of committed staff time, stretched across 12 calendar months. Part of that, he said, "was making sure we had various rules in place debugged and special cases taken care of."
Then the challenge became bringing those other forests into the operation. "This is no small feat," Board said. "It took us the better part of a year to come to a consensus in the university about how AD was going to be managed--whether we were going to get rid of those 18 forests and everybody was going to be part of one central forest or whether there was going to be inter-forest trust relationships."
When the decision was made to retain the forests, the two-year project to move the 18 directories began. Here the tricky parts of the projects were twofold: getting that school or division to make the decision about whether to buy new hardware and get the software installed, said Board, and getting schema definitions synchronized between RadiantOne and each individual forest.
Also, the administrators at the individual forests needed training, if appropriate, in how to create manual identities in situations, for example, where a visitor to the campus community wanted access to the network. That also involved implementing software rules as part of the RadiantOne filter feature.
But once those issues are nailed down, said Board, "building the actual solution and scheduling time to flip the switch is less trying."
The new approach has the identity system talking to LDAP as its only target, and then RadiantOne takes the LDAP changes and processes them out to the appropriate AD forests.
Next up for Board's team regarding its work with RadiantOne: bringing up a second instance for disaster recovery purposes and virtualizing the servers rather than having "iron" dedicated to the software.
Board advises his peers in other schools to be moving to a system that maintains a single identity for each member of the community. "Based on complexity of the institution and its size, that may require multiple directory services of one sort or another," he said. "Keeping those services in step, one with another, is non-trivial. But software like RadiantOne makes it more digestible. It becomes a more manageable, sort of an isolatable function within the network, rather than having it combined with some parts of your identity management structure."
Read More:
Dian Schaffhauser is a writer who covers technology and business. Send your higher education technology news to her at dian@dischaffhauser.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Fixed-Mobile Convergence: Dartmouth Beefs Up Cell Coverage, Cuts Costs
Problems with cell phone coverage aren't uncommon on college campuses. There are two main reasons: The beefy structure of historic buildings can block cellular reception within walls, and, on more remote campuses outside cities, signal coverage can be light.
- Thompson Rivers U Deploys Unified Digital Campus for ERP
Thompson Rivers University (TRU) in British Columbia has selected SunGard Higher Education's Banner Unified Digital Campus (UDC) to integrate its ERP systems.
- DV Kitchen Web Video Publishing System Released
DVcreators.net has released DV Kitchen, a new video encoding and publishing application for Mac OS X designed specifically for creating materials to be posted on the Web.
- NEC Debuts 4 Education Projectors
NEC this week debuted four new projectors targeted toward education applications, along with a new MultiSync LCD display. The new NP-series projectors are entry-level models started at $899 but are designed to provide high light output, support for closed captioning, and built-in networking capabilities.
- Security Researchers Uncover Spring Framework Vulnerability
Software frameworks are enjoying enormous popularity these days among a range of developers. It's popularity well earned; frameworks provide powerful tools for building more flexible and less error-prone applications. They generally enhance developer productivity with out-of-the-box functionality. And they can free developers to focus on features instead of common coding tasks.
- 3PAR Server Arrays Integrate Fat-to-Thin Processing
Utility storage provider 3PAR has announced the release of the 3PAR InServ T400 and T800 Storage Servers. The new hardware is built on the company's third-generation InSpire architecture, featuring the 3PAR Gen3 ASIC with integrated fat-to-thin processing.
