Versions Compared

Old Version 3

changes.mady.by.user Jessica Fink

Saved on

compared with

New Version 4

changes.mady.by.user Jessica Fink

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executive Summary

<Jessica to write after meeting>After attending BaseCAMP in 2019, SMU joined CSP to learn more about open source, the community, and if the Trusted Access Platform was a good fit to or if a commercial solution was needed. Our achievements were non-traditional, and the biggest wins were recognition that the products can do the work we need, there is ongoing work to integrate them all together, potentially in one user interface. To know that they can work in our environment, in our use case, and we determined that it was a good fit. Ultimately, our decision was driven by budget, but with the knowledge learned in CSP, we were more confident that this was the right decision for our campus and able to explain why.

Solution Summary

Track: Lifecycle Lifecycle Management

Trusted Access Platform Components:  All TAP components were researched as part of this project.

Project Team: Tommy Doan (SMU),   Tom McMahon (SMU),  Pery Pery Doan (SMU), Allen Hughes Community Collaborators: (SMU), SMU Global Online department, Chris Hyzer (UPenn), Chris Hubing (Internet2), Nick Roy (Internet2), Scott Koranda (Spherical Cow Group), Benn Oshrinn (Spherical Cow Group), Paul Paul Caskey (Internet2)

The Environment: very small team trying to grow, private university, small Small to mid-sized private university, not affiliated with a system, with a really small team.

Benefits to Organization: SMU SMU Global Online and others are interested in the future outcome of this project, current community outside of IT doesn't see the gaps, looking forward to efficiencies and business enabler, not sure where IAM will land

The Project

Problem Statement:

The purpose of this project is to evaluate and select Identity Access Management (IAM) software and a professional services partner to assist with implementation.  

Impact Statement:

The existing account provisioning system, Account Maintenance Automation (AMA), is a PeopleSoft customization designed and developed by SMU personnel in 2009. Due to its limited focus and PeopleSoft-centric foundation, it does not address many of the current and future objectives of the Identity and Access Management (IAM) program that is being developed.

Scale and Scope: 

During this project the following high-level activities will be performed.  

  • Throughout the project, communication materials will periodically be prepared and presented or otherwise distributed to inform the various university-wide sponsors and stakeholders on the basis and progress of the project  
  • A Request for Information (RFI) will be prepared and sent to a short-list of IAM package software vendors 
    • RFI responses will be reviewed and scored, with the scores feeding a quantitative evaluation scorecard 
  • A SMU specific product demonstration will be executed by each vendor that achieves a qualifying score 
    • The software’s coverage of SMU requirements will be scored, with the scores feeding a quantitative evaluation scorecard 
  • A final report containing summary findings from the RFI process and a justifiable software recommendation will be prepared and presented to finalize the software selection 
  • A Request for Proposal (RFP) will be prepared and sent to the selected software vendor professional services group as well as professional services partners experienced in implementing the selected software. 
    • RFP responses will be reviewed and scored, with the scores feeding a quantitative evaluation scorecard 
  • In-person professional services presentation will be conducted by each vendor that achieves a qualifying score enabling us to meet key vendor resources and hear / ask questions about their implementation approach, prior successes, etc. 
    • SMU participant qualitative responses will be gathered and factored 
  • A final report containing summary findings from the RFP process and a justifiable professional services vendor recommendation will be prepared and presented to finalize the professional services vendor selection

The Solution

A final report containing summary findings from the RFP process and a justifiable professional services vendor recommendation will be prepared and presented to finalize the professional services vendor selection

The Result

Initial Plan:

Completion of Key Deliverables:

  • Reference Architecture

...

  • Document 
  • Concrete Architecture

...

  • Document 
  • Software Selection Report 
  • Prioritized Roadmap 

...

  • Discovery of Marketplace Capabilities

...

  • Document 
  • Services Vendor Selection

...

  • Report  

Actual Implementation:

The Reference Architecture was completed based on I2 the InCommon reference architecture, and the more that was learned about the TAP components, the more we realized they were reasonable and would meet the need.

We are still working on the Concrete Architecture document for our implementation with Unicon and Spherical Cow. The Software Section report is also in progress, but it’s looking like we'll go with Grouper & COmanage, but are not sure yet on midPoint.

The rest of the items have not been completed yet, there are discussions around working with others in a CACTI working group on the Discovery of Marketplace Capabilities Document. COVID interrupted a lot of working group activity, but we still think this is a useful document for us and the community.

Conclusions & Lessons Learned

Success Metrics: Success was determined by completion of the key deliverables.

Our achievements were non-traditional, and the biggest wins were recognition that the products can do the work we need, there is ongoing work to integrate them all together, potentially in one user interface. To know that they can work in our environment, in our use case was key, because there was some initial concern that Grouper was only for a Unix/Linux environment, not a Windows/AD environment, but that's not the case.

Vendors come to campus with a team to sell, no attempt in and open source to does not do this, so , it can be difficult to convince people that these are stable products with a future, that they won't be abandoned. Participating in the CSP made them us feel more comfortable .with the commitment to these products and long-term sustainability. We received an Education on what open source means, and as a buy and deploy university , we don't have a lot of developers in house. Noting It was notable  that these are built by campuses and shared to others. We asked the questions: What is open source? How viable are these projects? And got the answers we needed.

Understanding What is the relationship between Evolveum and Internet2 , is it viable, is it was important, knowing if midPoint was viable and if it was going to be around? What is the relationship?ScopeAdditionally, we would like to have more reading understanding the scope of implementation, how many universities are using each software package, what version they're running, tally marks & have them be willing to act as a reference

Conclusions & Lessons Learned

Success Metrics: Success was determined by completion of the key deliverables.

.

However, we were not prepared enough at the beginning for CSP the way it's currently designed. We spent more time investigating access management and guest systems that we expected. Our primary obstacle was determining which direction , to go in for product selection, which product, and our campus wanted to investigate both commercial or open source? ultimately . Initially there was a preference for having a commercial solution due to perceived supportability, but in the end it came down to that, default decision was initially to go commercial, but then decision went to nobudget and with COVID, having no budget left only one choice, have to go open source in the short term

would enjoy a forum for 'What is Open Source? What does it mean that Internet2 is backing that?" Pre-CSP introductions, Tom Jordan was a very powerful voice during F2F face

achievements were no-traditional, biggest things were recognition that the products can do the work we need, there is ongoing work to integrate them all together, potentially one interface

they can work in our environment, in our use case, concern that Grouper was only for a Unix/Linux environment, not a Windows/AD environment, but that's not the case

.

The Slack channels was the #1 way to leverage the SMEs, we felt bad asking newbie questions later, but it worked and others benefitted from our questions too.