MSIT 458 * Information Security Project Part 1 * Team Triad

Download Report

Transcript MSIT 458 * Information Security Project Part 1 * Team Triad 

Information Security Project
[ Part 3/3 ]
Single Sign-on Integration (SSI)
****
password123
Login >
Login Successful !!!
For Professor Yan Chen;
By Team Triad [ Naveed | Radu | Moniza ]
1
AGENDA
[1] Current Solution: Issues/ pros/ cons
[2] Proposed Solution
[3] Implementation
[4] Analysis: Cost/ Risk
[5] Impact: Business/ Legal consequences
[6] Adoption: Corporation/ Industry
[1]
Current:
issues/pros/cons
[2]
Proposed
Solution
[3]
Implementation
[4]
Cost/Risk
[5]
Impact:
Business/Legal
[6]
Adoption:
Corp/Industry
Next Topic …
[1]
Current:
issues/pros/cons
[2]
Proposed
Solution
[3]
Implementation
[4]
Cost/Risk
[5]
Impact:
Business/Legal
[6]
Adoption:
Corp/Industry
[1] Current Solution: Shortcomings, Pros, Cons
[2] Proposed Solution
1) Current Solution
Problem Statement:
•
•
•
Our Company has SSO Infrastructure
Also has silo applications using AD for sign-on
We need to integrate silo apps into SSO
Portal
-OR-
SSO
Authentication
& Authorization
Current
Infrastructure
1) Current Solution
Pros & Cons
PROS:
•
•
•
Easier to understand
Faster site performance
No single point of authentication failure
CONS:
•
•
•
•
Need to remember additional passwords
Users spend more time logging in
Wasted infrastructure resources
Less Secure
Current Solution: Jack’s Story …
SSO
CRM
ERP
Custom
HR
Meet Jack!
Jack uses 5 different websites
Jack has to remember 5 different passwords
This makes Jack … VERY…
FRAZZLED!!!
Proposed Solution …
SSO
CRM
ERM
Custom
HR
Get rid of keys & passwords except 1
Integrate apps with existing SSO
Jack has to remember 1 password
That makes Jack very HAPPY !!!
Next Topic …
[1]
Current:
issues/pros/cons
[2]
Proposed
Solution
[3]
Implementation
[4]
Cost/Risk/
Selection
[5]
Impact:
Business/Legal
[6]
Adoption:
Corp/Industry
[3] Solution Implementation
3) Solution Implementation
Existing SSO Technology
Active Directory 2008 R2
SharePoint 2010
Question:
Which one to use?
Lets first analyze them both …
3) Solution Implementation
SSO Overview & Integration Steps
Active Directory
SharePoint
• Overview
• Integration Steps
• Overview
• Integration Steps
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
Active
Directory
101
AD
Integration
Active
SharePoint
101
Directory
Main Features
+
o Federation & Unity (ADFS)
o Directory Service (LDAP)
o Server Management (ADSM)
o Group Policy (GP)
SP
Integration
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
SSO Scenario with AD: Client accessing internet
11 Step process to
establish SSO
connection.
Requires custom
code/configuration
at Web Server.
Next Discussion:
Integrating our silo apps (at
Web Server) to work with
AD’s SSO
Reference:
Book: Windows Server® 2008 Active Directory® Resource Kit
By Stan Riemer; Conan Kezema; Mike Mulcare ; Byron Wright; Microsoft Active Directory
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
STEPS: Integrating apps to AD SSO
Step 1) Enable Federation on Web Server
Step 2) Enable Reading SAML token
Step 3) Verify Authentication from SAML token
Step 4) Obtain Trust Policy from AzMan
Step 5) Retrieve Claims
Step 6) Make Authorizing Decisions
A LOT of custom code & configuration
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
SharePoint - Main Component
Security
Standard
Enterprise
• Integrated with SSO providers
(such as AD)
• Portal
• BI
• Customize security
• Search
• Applications
• Separate admin portals
• Social
• BPM - Business
Process Mgmt
• People
• ECM -
Core
• Storage
• Topology
• Share Services
• Base APIs
• Security
Enterprise Content
Mgmt
Reference:
Book: Essential SharePoint 2010: Overview,
Governance, and Planning
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
SharePoint - Architecture
Next Discussion:
Integrating our silo
applications into SP
Site Collection
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
STEPS: Integrating apps to SP (& SSO)
Step 1) Move & Import app to SP Site
Step 2) Update SP Configuration, DB connections
Step 3) Configure app to attach SP master page
Step 4) Update site roles if necessary
NOT many code or configuration changes
Active
Directory
101
AD
Integration
SharePoint
101
SP
Integration
COMPARISON: AD vs. SP
Active Directory
• Require significant code
changes
SharePoint
• Easier to integrate
• Easier to configure
• More complex integration
• Added features
• Does not require SP for
• Can integrate with other
SSI
SSO providers
3) Solution Implementation
Microsoft Recommendation for SSI
Active Directory 2008 R2
• Integrate third-party/
complex apps
• Integrate apps when
unable to integrate with
SharePoint
SharePoint 2010
• Integrate Custom/simple
apps
• Integrate apps with
SharePoint whenever
possible
Reference:
Microsoft Press Book: “Microsoft SharePoint Foundation 2010”
Authors: Penelope Coventry, Troy Lanphier, Johnathan Lightfoot, Thomas Resing, Michael Doyle
Next Topic …
[1]
Current:
issues/pros/cons
[2]
Proposed
Solution
[3]
Implementation
[4]
Cost/Risk
[5]
Impact:
Business/Legal
[6]
Adoption:
Corp/Industry
[4] Cost/ Risk Analysis
[5] Business/ Legal Consequences
[6] Corporations/ Industry adoption of SSI
Cost of Single Sign-on Integration
Total Cost of Ownership (TCO)
Work Breakdown Structure (WBS) as follows:
Dev/Support
Cost
•SW Costs
•HW Costs
Software/
Hardware Cost
•Develop/Integrate
•Support/Repair
•Deploy/Maintenance
Incremental
Cost, 3yrs
•Developer
Training
Training Cost
•License renewal
•Dev/Support
•Training
Software & Hardware Cost
Decommissioning server
when integrating with SP.
Dev/Support Cost
Less work with SharePoint
Integration.
Training Cost
Slightly more training cost
for AD.
Incremental Cost
More support required for
AD.
Reference:
[1] Formula: (#3/52*#1)*#2
[2] Formula: (#3/52*#1/2)*#2
Risk Analysis
Risk of Implementing SSI
o
Investing in Microsoft technology stack
o
Availability of resources
o
Slower Performance
o
System outage affects all applications
Feasibility Analysis
What makes Implementing SSI, a feasible
solution?
o
Cost savings
o
Well documented integration
o
Leadership support
o
Simple integration options
Business & Legal Consequences
o
Easier authentication
o
Single & easy user management
o
Cross site integration
o
Single business portal
o
Simplifies legal requirement
Solution Adoption
By Corporations/Industries
o
Silo apps exist in all major corporations
regardless of industry.
o
Wide solution adoption potential.
o
SharePoint is industry leader and already
well adopted by organizations around
the world.
Q&A
Thank you,
[ TEAM TRIAD ]
Moniza | Radu | Naveed