A technology strategic plan is a grand thing on paper, but sometimes taking the first step to fulfilling it can be daunting.
That’s what the IT services department of the British Columbia Institute of Technology found after creating a plan for the polytechnical university three years ago when it realized there was a large stumbling block in the way of achieving its goals: it didn’t have a handle on all of the people using an estimated 200 academic and management applications, including a wireless network.
Each system had an administrator managing identities and passwords without a common set of rules. It could take a week to register new people before they’d be able to get online. Meanwhile, there was no way the institution’s human resources system could signal the IT department when a staff person left. It learned by watching for retirement notices on bulletin boards.
What was needed, says Leo de Sousa, the IT services department’s enterprise architect for strategic practices, was an identity management system that would create an identity vault of users and automate provisioning and de-provisioning of users.
But it would have to be a king-sized vault, one to accommodate some 700,000 past and present students and staff. De Sousa’s department decided on Novell Identity Manager, a set of extraction tools for connecting source data to create the vault, because the institute’s IT staff already had experience with Novel eDirectory for file and print access.
It took a year to define what was needed and then to hone the rules about which the new software would run before the vault went live. “What we really needed was a comprehensive way to identify what identity management meant to BCIT, and then what are the services that would move it forward,” said de Sousa.
A consultant with experience in setting up an identity management system another academic institution was hired to help guide a team made up of BCIT infrastructure, network, and ERP specialists and several business analysts to answer a number of questions: how to identify who had access, what they could have access to, provisioning their access and federating with outside users who need access.
They also had the expertise to identify significant business events that should signal the identity management system to take action. “That’s harder than implementing the technology,” de Sousa cautioned. In addition, the team was responsible for creating the code that linked BCIT’s human resource system, the first point of contact for student and staff, to the Identity Manager and the vault.
To ensure a failure of one application doesn’t jam the vault, the system runs in a high availability Linux cluster of two blade servers, plus another cluster for the authorization tree.
In February the vault went live, to de Sousa’s delight: It now takes only five minutes to get a newly registered student or employee computer access to print, file and Internet services. However, it will take up to three years to link the system to all departments and their applications.