We allowed each vendor one day to install and configure the various infrastructure components necessary to work with our test
bed, including installation of any required agents, implementation of any servers necessary to run their solutions, and some
time to verify that the solution was functional. Then, we hired our fictional junior accountant, Harry Truman, who was destined
for an exciting -- if brief -- experience with TCPIP Corp.
Harry proved to be on a fast track, as he was quickly promoted to accounting supervisor. This bump granted him additional
rights on several key systems, including the webERP application, and entered him in additional security groups in Active Directory.
Harry’s good fortune would only continue, as he would meet a stunning young woman named Sally Fergenschmeir, who in my mind’s
eye looks much like Alyssa Milano in a business suit. Sally is the daughter of Bartholomew Fergenschmeir, who loses his company
to TCPIP in a hostile acquisition, but who otherwise doesn’t enter into this story at all. Harry meets Sally during negotiations
for TCPIP to purchase Fergenschmeir. As luck would have it, Sally was single and attracted to pudgy bean counters. It was
kismet.
Before any nuptials could be planned, however, TCPIP Corp. bought out Fergenschmeir Inc., requiring the two AD stores to be
merged in some form or another. The test scenario required the solutions to be able to manage two directories, to provision
users from one directory into the other for the purpose of accessing file shares and applications across domains, and to migrate
the entire contents of the Fergenschmeir directory into the TCPIP AD forest to complete the acquisition.
With the TCPIP acquisition behind them, Sally and Harry could finally plan their wedding, and Sally would take Harry’s name.
Taking their cue from the change to Sally's record in the HR application, our solutions would then change Sally’s last name
across all managed resources within the infrastructure without administrator intervention.
Unfortunately for Harry, things were about to take a turn for the worse. One evening over dinner, Sally inadvertently mentioned
that one of Harry’s senior colleagues had successfully bargained for a sizable bonus during the acquisition process. Harry
had to see this for himself, and he surreptitiously stole an administrator password by watching a careless admin log in to
a system. Armed with his misbegotten admin privileges, Harry added a user account directly to AD and gave that account access
to the payroll files.
Although tracing this action to an individual is really outside of the realm of identity management, flagging and fixing this
breach was a test requirement. Indeed, a good identity management system should be able to prevent the creation of rogue accounts
via a properly configured rules system. When proof of Harry’s subversive activities surfaced due to a keen-eyed network admin,
Harry was unceremoniously dismissed, prompting us to change Harry's status in the HR system and requiring each solution to
detect this change and de-provision all of Harry’s accounts.
Of course, Sally was far from impressed with Harry’s cavalier actions. She immediately filed for divorce and changed her name
back to Fergenschmeir, requiring our identity management systems to facilitate one last change across all the systems.
Did Sally quickly rise through the ranks at TCPIP, gain control of the company, and convince shareholders to rebrand it Fergenshmeir
Inc.? Did Harry sink into despair but re-emerge years later as the CEO of a global spamming operation? The fates of Harry
and Sally following the completion of our test is left as an exercise to the reader, but the ways in which our six identity
management solutions handled their ups and downs are quite telling.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
