Contents Overview 1 Overview of the Metadirectory Planning Process 2 Assessing the Existing Information Infrastructure 5 Identifying the Functional Goals of the Metadirectory 9 Determining the Information Requirements 10 Determining Management and Security Requirements 14 Lab A: Determining the Functional Requirements for a Metadirectory Implementation 16 Review 17 Module 13: Planning a Metadirectory Implementation BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. The publications specialist replaces this example list with the list of trademarks provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor> Other product and company names mentioned herein may be the trademarks of their respective owners. Module 13: Planning a Metadirectory Implementation iii BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes Instructor_notes.doc Module 13: Planning a Metadirectory Implementation 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! Overview of the Metadirectory Planning Process ! Assessing the Existing Information Infrastructure ! Identifying the Functional Goals of the Metadirectory ! Determining the Information Requirements ! Determining Management and Security Requirements When planning a Microsoft Metadirectory Services (MMS) version 2.2 implementation, you must determine a set of functional objectives for the metadirectory that will meet the information management needs of an organization. To determine these functional objectives, you must take a current directory inventory, develop the metadirectory content requirements, determine the information flow behavior of the metadirectory, and determine management and security issues. The planning process results in a functional specification that is used to guide the design and development of the MMS implementation. The results of the planning process include a list of directories to be integrated in the metadirectory, a list of the type of entries and the attribute for information for each, and a specification of which connected directory is authoritative for each attribute. At the end of this module, you will be able to: ! Describe the metadirectory planning process. ! Assess the organization’s current information management systems and gather the information necessary to determine metadirectory requirements. ! Identify the functional goals that a metadirectory will provide that meet the identity management needs of the organization. ! Determine the metadirectory information requirements. ! Determine the metadirectory management and security requirements. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, we will discuss how to plan an MMS implementation that meets an organization’s functional requirements for a metadirectory. Emphasize that throughout this module, the deliverables that are developed during the planning process provide the input into the design and development process, which is discussed in module 14, “Designing and Developing a Metadirectory,” in course 2062A, Implementing Microsoft Metadirectory Services 2.2. 2 Module 13: Planning a Metadirectory Implementation BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # Overview of the Metadirectory Planning Process Assemble Planning and Design Teams Assemble Planning and Design Teams Assess Current Directories and Applications Assess Current Directories and Applications Determine Functional Goals Determine Functional Goals Determine Information Requirements Determine Information Requirements Determine Management and Security Requirements Determine Management and Security Requirements The Functional Requirements of the Metadirectory The goal of the metadirectory planning process is to define a set of functional requirements. These functional requirements will then be used to guide the design and development of an MMS implementation that meets the identity information needs of an organization. The metadirectory planning process consists of the following steps: ! Assemble the metadirectory planning and implementation teams. Because implementing the metadirectory will affect the entire organization, the key stakeholders must be identified and organized into the following teams: • Planning team. This team consists of staff from the information technology (IT) support groups, the business groups that own the identity information contained in the directories and the applications that use this information, the human resource group, and the person(s) who will be leading the design and development of MMS. The planning team works towards joining the information they own into a common metadirectory and defining the rules for how information flows between the metadirectory and the connected directories. The primary goal of this team is to develop a basic vision for a directory- enabled computing environment and to determine the functional objectives for the metadirectory. • Implementation team. This team includes the developers, administrators, and support personnel who will design, implement, and manage MMS according to the goals outlined in the functional specifications. ! Assess the current information flow for the organization. The planning team assesses the existing flow of identity information through the organization and identifies the current business processes and rules that determine this information flow. Assessing the current information flow also includes gathering information about the existing directories and the applications that use those directories. Topic Objective To describe the metadirectory planning process. Lead-in Module 13: Planning a Metadirectory Implementation 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY ! Determine the functional goals of the metadirectory. This step results in a list of specific and achievable goals that describe how identify information should flows throughout the organization, what information should be integrated, and how the organization will then use this integrated information. These functional goals will guide the development of the metadirectory’s information, management, and security requirements. ! Determine the metadirectory information requirements. After defining the objectives of the metadirectory and taking inventory of the existing directories, you need to determine a specific set of information flow requirements that outlines the behavior of the metadirectory. These requirements include identifying what information the metadirectory will contain, what directories this information originates from, and the basic model for how attributes flow among the connected directories. ! Determine the metadirectory management and security requirements. The final step in the planning process is to define who will manage the connected directories and who will manage the MMS product itself, as well as managing the MMS Server service. Additionally, you will have to specify the security and access requirements for the group that will manage and maintain MMS. 4 Module 13: Planning a Metadirectory Implementation BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY The Metadirectory Functional Requirements A List of Directories to Be Integrated in the Metadirectory A List of Directories to Be Integrated in the Metadirectory The Naming Convention for Metadirectory Entries The Naming Convention for Metadirectory Entries The Metadirectory Entry Types The Metadirectory Entry Types The Attributes Stored in Each Metadirectory Entry The Attributes Stored in Each Metadirectory Entry The Directory From Where Each Attribute Initially Originates The Directory From Where Each Attribute Initially Originates The Directory That Will Be Authoritative for Each Attribute The Directory That Will Be Authoritative for Each Attribute The Metadirectory Management Method The Metadirectory Management Method The Metadirectory Security Policy The Metadirectory Security Policy The result of the planning process is a specification that outlines the functional requirements for the metadirectory. These requirements describe the content and behavior for the proposed metadirectory, and will guide the MMS design and development process, during which the implementation team will develop join and attribute flow strategies, and develop and test the management agents. The following list identifies the information that makes up the functional requirements: ! A list of directories to be integrated in the metadirectory. ! The naming convention for metadirectory entries. ! The metadirectory entry types. ! The attributes stored in each metadirectory entry. ! The directory from where each attribute initially originates. ! The directory that will be authoritative for each attribute. ! The metadirectory management method. ! The metadirectory security policy. Topic Objective To identify the items in the list of functional requirements. Lead-in The result of the planning process is a functional specification that outlines the functional requirements for the metadirectory. Module 13: Planning a Metadirectory Implementation 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # Assessing the Existing Information Infrastructure ! Assess the Current Directories ! Assess Directory-Enabled Applications ! Document Current Business Processes and Rules $ Determine business rules that define the current environment $ Integrating directories in the metadirectory may require changes to existing business processes MMS joins together information from various directories in an organization. Therefore, it is important to develop a good understanding of the current directory environment, which includes taking an inventory of the existing directories and assessing the applications that use those directories. Assessing Current Directories You will need to systematically assess each current directory that will be integrated with the metadirectory. During this inventory, you will need to document the kind of information each directory currently contains, how the information is organized, and whether identical information is contained in other directories. Assessing Current Directory Applications You will need to take inventory of the current applications that will use the metadirectory, as well as determine the need for additional applications in the future. Documenting Current Business Processes Directory systems and the applications that use them usually exist in the larger scope of a set of business processes. These business processes often determine what information is contained in each directory and how this information is collected and used. Because implementing a metadirectory may require modifying business processes, you need to document the organization’s current business process and rules. Topic Objective To describe why it is necessary to gather information about the existing directory environment to determine metadirectory requirements. Lead-in The first step in the planning process is to assess the current directory environments. You will analyze the current environment within the scope of how the metadirectory can provide potential solutions to the organization’s information flow requirements. 6 Module 13: Planning a Metadirectory Implementation BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY For example, you could document the processes that occur when a person is hired. What are the processes for getting the new employee a telephone number, a mailbox, and a user account? What directory systems and application are utilized during this process? When determining the functional goals for the metadirectory, an organization may also need to consider ways to improve how they manage identify information. Improving identity information management may require modifying current business processes. [...]... directory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 16 Module 13: Planning a Metadirectory Implementation Lab A: Determining the Functional Requirements for a Metadirectory Implementation Topic Objective To introduce the lab Lead-in In this lab, you will plan an metadirectory implementation and develop the functional requirements based on a given scenario Explain the lab objectives... functional goals early on in the metadirectory planning process? By thinking about how the organization wants to use the metadirectory to integrate identity information, high level functional goals can guide how you approach the solution of integrating directories and managing information flow BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 18 Module 13: Planning a Metadirectory Implementation. .. Management To determine how you want to manage MMS, determine which management method best applies to your organization MMS can be managed in two ways: ! Centralized management With this method, all MMS servers are managed by your central support organization Use centralized management when the organization has a single site, or has multiple sites but a single support organization ! Distributed management... you may also want to store information about departments, lists, network resources, and network applications or other data such as geographic, organizational, and system data ! Determine the connected directory that you will use to initially populate the metadirectory with each of the entry types that you have identified The directory you will use depends on how clean and accurate the data is for each... distributed management for a widely distributed enterprise with multiple support organizations Determine the MMS Security Policy: $ $ $ Internal privacy boundaries determine what attribute values are accessible to owners, administrators, and users Authentication requirements determine what access anonymous and authenticated users have to the metadirectory data Internal access control determines access categories... costs to maintain all the existing directories, because the cost of maintaining existing directories can factor into the metadirectory design BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 13: Planning a Metadirectory Implementation 9 Identifying the Functional Goals of the Metadirectory Topic Objective To describe the planning step of identifying the functional goals for... Suzan Fine in the e-mail directory is the same Suzan Fine who is in the human resources directory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 8 Module 13: Planning a Metadirectory Implementation ! Determine, if possible, the total cost of ownership to maintain and administer the directory When determining the functional goals of the metadirectory, you should have an idea... servers are managed by separate support organizations Use distributed management if your enterprise is widely distributed and has multiple support organizations BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 13: Planning a Metadirectory Implementation 15 Determining MMS Security The first step to determine metadirectory security is to understand the MMS security framework... this information when you design the attribute flow strategy Note When identifying what types of entries will reside in the metadirectory, you may also need to determine whether to allow new metadirectory entries to created manually in the metadirectory by using MMS Compass BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 13: Planning a Metadirectory Implementation 13 Determining... MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 13: Planning a Metadirectory Implementation 11 Determining Naming Requirements Topic Objective To explain that the naming requirements must be determined for the metadirectory ! Determine a Naming Convention for Metadirectory Entries $ Lead-in $ ! Examples include first name/last name or first initial/last name Adopt naming convention from . that will manage and maintain MMS. 4 Module 13: Planning a Metadirectory Implementation BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION. the metadirectory planning process. Lead-in Module 13: Planning a Metadirectory Implementation 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER