Platform and Infrastructure
Chapter 1: Introduction to the Platform and Infrastructure Paper
On This Page
Executive SummaryThis paper discusses several typical identity and access management problems that many organizations face. The paper also describes a technology platform that provides a foundation for identity and access management solutions, by using a fictitious organization called Contoso Pharmaceuticals. It examines the issues and opportunities that effective identity and access management technologies must address, as well as relevant threats and countermeasures. This paper is part of the Microsoft Identity and Access Management Series. The Business ChallengeIdentity and access management has become more complex as digital identities take on an increasingly central role in specifying how users can participate in computer networks. Organizations need to identify users efficiently before granting them access to resources on local computers or the network. However, even businesses running small networks rarely store their identity information in one place. Multiple departments, locations in different countries and regions, business divisions, and software choices — along with mergers and acquisitions — result in database, directory service, and application-specific identity store proliferation. Developing a consistent and effective identity and access management strategy requires a sound understanding of the approaches and technologies you can use to address proliferating digital identities. Organizations and IT departments need to implement both short term and strategic approaches to controlling and using identity. An additional challenge to identity and access management is that security concerns must not impede business operations. There is always a tradeoff between the security level in an organization and functionality. This paper deals with these challenges by examining how to address security concerns without affecting the ability of users to carry out their jobs. The Business BenefitsMeeting these challenges with an appropriate identity and access management platform will provide your organization with the following benefits:
Who Should Read This PaperThe intended audience for this paper includes architects, IT professionals and managers, technical decision makers, and consultants involved in identity and access management efforts. Reader PrerequisitesThis paper assumes the reader has a moderate knowledge of identity and access management concepts and technologies, as described in the "Fundamental Concepts" paper in this series. FeedbackPlease direct questions and comments about this guide to secwish@microsoft.com. Paper OverviewThe business challenges discussed in this paper are the same ones many organizations face when dealing with identity and access management. Organizations need a technology platform that provides:
Enabling an organization to operate with partners, customers, and employees provides additional revenue possibilities and increases organizational flexibility. However, unauthorized attempts to access data, regulatory requirements, and data protection legislation — combined with the flood of viruses, worms and junk mail — make network security require a strong combination of planning, monitoring, analysis, and constant vigilance. This paper consists of six chapters that cover the following topics: The introduction provides an executive summary, the recommended audience for the paper, and an overview of each chapter in the paper. Chapter 2: Approaches to Choosing a Platform This chapter focuses on establishing a platform for identity and access management, and involves making some significant decisions that affect an organization's IT capabilities. These include whether to choose a single-vendor solution or multiple "best-of-breed" products that you can integrate to form a complete solution. The remainder of the chapter discusses choices related to selecting a single platform or best-of-breed product, and the impact of either approach on the technology areas of directory services, access management, trust services, identity life-cycle management tools, and your application platform. Chapter 3: Issues and Requirements This chapter introduces the fictitious organization Contoso Pharmaceuticals, which is used to describe the many common business, technology, and security requirements organizations demand from an identity and access management platform. The chapter also discusses the security vulnerabilities in Contoso Pharmaceuticals that drive many of these requirements. Chapter 4: Designing the Infrastructure This chapter discusses the Contoso Pharmaceuticals technology architecture, based on their decision to use the Microsoft Identity and Access Management Platform. The platform architecture provides a core set of operating systems, directory and security services, and technologies that various solutions, applications, and business processes will rely on as the foundation for the company's identity and access management solution. Chapter 5: Implementing the Infrastructure This chapter provides guidance on how to prepare the Contoso Pharmaceuticals infrastructure. It introduces tools and templates that you can use to establish the baseline environment, which is an implementation prerequisite for the remaining papers in this series. The guidance in this chapter was created to help consultants and customers establish the Microsoft Identity and Access Management solution scenarios in a lab or proof-of-concept environment. Chapter 6: Operating the Infrastructure After the infrastructure has been implemented a number of ongoing operational activities need to take place at scheduled intervals to ensure that the platform will continue to work successfully. This chapter introduces operational references for the infrastructure services described in this paper.
|
In This Article
|
