|
All,
We are in the process of redefining our
Internet-enabled applications with a view to a centralised customer/client
database. There has been quite a bit of discussion regarding using AD as
this "customer store", since AD will already be in this
environment.
I'm a bit hesitant to recommend "vanilla" AD for
this task, however I can see a number of benefits to this approach, as the
support monkeys can manage the entire environment using the same tools they use
to manage the production environment (ADUC etc).
I've been reading up on the information regarding
MIIS (what little there is), and can see some potential for a configuration such
as this, eg:
- Use AD to store the "core" customer information
(user name, password, basic details)
- Use ADAM or SQL (or whatever) for each
application to store application specific extensions (so I don't end up with a
blown out schema in AD with thousands of additional props for user
objects)
- Use MIIS as the Authentication / Identity
management front end, and use it to sync these disparate databases to ensure
some semblance of "sameness" between them.
- Also use some of the MIIS features such as
provisioning etc to ease the management overhead.
Applications could use AD to authenticate the
customer coming in, and then use their ADAM database to house the application
specific information they need.
We could possibly then use MIIS to "backchannel"
into the production AD system, so that corporate users can gain access to these
Internet applications without requiring multiple accounts.
This is all just brainstorming at the moment,
however (as usual), I need to come up with some sort of design by next week
(gotta love being given lots of time *grin*). Having not actually got my
hands on MIIS, this could be completely unfeasible. Other options are a
custom database for the "customer store", or some other existing
product.
Has anyone been down this road before, and could
share some insights / resources ?
Thanks
Glenn
|
- Re: [ActiveDir] Identity Management using AD Glenn Corbett
- Re: [ActiveDir] Identity Management using AD jim . katoe
- RE: [ActiveDir] Identity Management using AD Gil Kirkpatrick
- RE: [ActiveDir] Identity Management using AD Jackson Shaw
- RE: [ActiveDir] Identity Management using AD Myrick, Todd (NIH/CIT)
- Re: [ActiveDir] Identity Management using ... Glenn Corbett
- RE: [ActiveDir] Identity Management us... Rick Kingslan
- Re: [ActiveDir] Identity Managemen... Glenn Corbett
- RE: [ActiveDir] Identity Managemen... Joe
- RE: [ActiveDir] Identity Management using AD Thommes, Michael M.
- RE: [ActiveDir] Identity Management using AD Gil Kirkpatrick
