June 17, 2007

My Good Friend Rajesh R


My entrance into the Identity management space started first with training by a free lance SUN trainer, Rajesh R. (Still couldn’t figure out what that R is! J). Somehow, once after the training is done, I was the only person who was able to keep up a professional relationship with him, from my batch.

Wondering why I am writing about a friend of mine here?

He is a person, from whom, I have learnt that it shouldn't be our career or job that should control us, and rather it should be we who should be controlling them.

He is continuously on the move every week, training corporates, on Sun Clusters, Sun Identity manager etc. Later I started feeling a little jealous of him. You know why? He travels to different places, interacting with many different minded people and thus making a wonderfully large fraternity. If you ask most of the people in the Identity Management space in India, everyone knows him. This is what I always dreamt of, thus a little bit of that “J”.

This person, is not human, a proper AI based machine, working properly with TIME and CALENDER. He updates his blogs everyday, he writes his recordings/finding etc of every day in time. He has been helping every IDM guy/gal in the Indian subcontinent by either directly solving the problem or interconnecting people.

He is an amazing guy and I am very proud and happy to be his friend.

You may kindly visit his blog http://blogs.sun.com/rajeshr

Identity Management made my life

Wonder how a domain in the security compliance space, made one’s life? Read on …

Early June 2005, when I was working for GE Capital International services as a Security Specialist, I was given an offer, to move to Identity Management domain, which has just sprung up as a new practice in that company. I was wondering what that move can cause to my career. Always thought, a firewall would stay all the time as the technology exists but what is this IDM? However took a daring step to move into the domain. The next week I went to a training on the Sun Identity manager basics, IDM 2525, provided my Mr. Rajesh, a renowned trainer in the SUN Space. The first good relationship started with friendship with him. Later, other few members from Satyam technologies, who also attended the same training. Another friendship with the AVP, (GE) from Thailand, who clicked a photograph of mine with another girl (whom I don’t even know), assuming her to be my girl friend, funny!

Then started my troubles. The next three months we didn’t have any much work to do. Just going to gym and whiling out our time was the best work we had. People, who chose to stay back in the Infosec space, started getting good work and laurels too. Those made me feel that I was at a wrong place. Later at the end of September we finally kicked off with a small project. When I mean small, it was really small. Today as a consultant in the IDM space, I would say, the project could have been completed in two phases of maximum a month in total. One should believe that the project took five months almost, missing on all the dead lines.

Next came, my other good friend, Johny Cope as a trainer from Neogent Corp, USA, to train us on the advanced Sun IdM. I am proud to say, that I was the only person along with the, said to be my girl friend girl, to complete the entire training in my training. I owe to the girl, because without her encouragement and push, I wouldn’t have attended that training. Once after the training, I realized what I can do in this IDM space.

The next project I did, I alone completed it in around 45 days. The next one, rather small, I have completed in a week.

Still wondering, how IDM made my life? Yes coming to that. This lady, with whom my snap was clicked, became my good friend and my best team mate. Any work, we both used to complete in no time, just because of her analytical nature and her encouragement for me. She also helped me attend the advanced training. However suddenly she had to leave the company, and joined Deloitte. I started feeling the gape in my team, because without her I was alone.

Then I felt, how it would be if my best team mate, who understands me very well in almost every situation, becomes my partner for life! Pondered over it, and then felt we both should be together. Got married to the intelligent, analytical, friendly, cute, naughty girl, Harini. See now you understand how IdM made my life.

When it comes to IdM at least she is the best for me to suggest. And when it comes to life, she is my best. Thus I successfully made an IdM family. We both are currently working for SUN Microsystems as Consultants in the Identity & Access Management space.

June 15, 2007

Error Severity=???? Sun Identity Manager

Recently a friend of mine asked me what is the below error?

<ErrorMessage severity='error'>New employee number is not present in Oracle HR.

Reasoning:
Whenever, programmers use, log4j functionality in their code, you get these kind of error descriptions. The different types would be, Warning, Error, Critical etc.

Easy Implemenation tool for Sun Identity Manager - ViDT

Six months prior I think people were hearing something called VIP - Velocity Identity Package. This package, as announced, was supposed to be providing HR synchronization etc and many other things. After joining SUN I was lucky enough to get a feel of this product, currently called as ViDT.

Briefly ... The software provides you the following

1. The ability to run multiple instances of SUN IdM (SIM) of different versions at the same time

2. The ability to create and maintain multiple projects with multiple instances of IdM

3. Compatible with all releases of SIM

4. Creates the forms for you, if you feed in data

5. Creates the workflows for you if you feed in the required data

6. Creates all basic administrators etc required for any implementation

7. Creates all the required policies

8. Creates the Design documents

9. Creates the other Project documents

10. Finally bundles you all the code for deployment at the customer end

Boy, one has to get a touch with it to understand how easier the life becomes for a SIM implementor. That too, after the release of 7.1 with many other features ViDT seems to make life much better.

This is a invention of the Neogent Inc, which was acquired by SUN last year.

My Sojourn with MIIS

Microsoft Identity Integration Server: Another sweet product from Microsoft.

This is a product in the Identity Management space. To my knowledge, unlike many other products available today in the market, MIIS is home-made. Via this blog, I am trying to post the knowledge I have received from my one year old friendship with MIIS.

The top features:

1. A state based, Synchronization server.

2. A decent provisioning system.

3. As usual lucid to understand and work

4. As common, has a wonderful group of people working on this and sharing their ideas and solving problems @ MMSUG@yahoogroups.com

5. An inbuilt tool to write your code and thus reduce your pain of writing code

6. Biztalk enabled workflows

7. Doesnt do a RIP v1 kind of data routing.

8. Precendence based Synchronization

9. Has connectors to many known databases and LDAPs

Bad Features:
> Complete Microsoft shop
Means, you have to use all MS products only to implement this product.

I feel, I am still missing something.

Well, this system works primarily as a Metadirectory server. Later it was modified to have the functionalities of a provisioning system.


The architecture:
The application MIIS is at the center, with its own repository called Metaverse. Now it gets connected to different data resources and creates virtual spaces (tables in the MIIS SQL Database) to edit the data that is being imported from the end data resources. To be clear, as any and every data manipulation that has to be done cannot be done on the end resource, we need a place where we can do that. That is called the Connector Space.

For example, if a particular table in an end resource contains 15 columns and we need to work on those fifteen, then we import all these values into the connector space. Later depending upon our needs we would import only the required amount of columns into the metaverse-the main MIIS Repository.

One life Cycle:

End DB -> MIIS -> End DB

Lets talk about a cycle. Data is pulled from the end Authoritative database. The data entirely, will be pulled into a table called mms_connectorspace (table contains data from all data sources, uniquely identified by the dataSource identification number). From here the business rules start getting applied. All rules, related to filtering ids or creating new values or making logical decision etc are worked on this data and final output data is pushed into the Metaverse. To implement all the required resource specific business logic, one implements a DLL for every resource. Now that the data is in the Metaverse, the other logic, like provisioning and deprovisiong and synchronization comes into picture. To handle all this, a special rules extension DLL called the Metaverse Rules Extension DLL is written. This takes care of the afore mentioned. Provisioning or the data being written is written only to the end resource connector space, i.e. the mms_connectorspace with the required id. Then upon export, with specific business logic DLL is configured for every resource, to take the data from the mms_connectorspace table and write it to the endDB.

This is the story.

The advantages in MIIS

1. You get most of the code easily written, because of the reference

2. There is a particular file that can write code for you

3. There are a wonderful set of people at MMSUG@yahoogroups.com just waiting to help.

This relatively, costs you lesser than remaining Identity Management Products.

For those who dont know much about Identity and Access Management, just one line, In the last RSA Security Conference, it was Bill Gates who came up the stage not to announce any other language or operating system, however for their new product ILM 2007 - Identity Life Cycle Manager (MIIS + CLM +++)

June 5, 2007

TIM vs SIM - A Snippet

I was reading a blog called "Identity Crisis" in Sun blogs site. Found a wonderful article on TIM vs SIM, related to Gartner's ratings. I donot want to replicate the content, however provide the link for you all to read.

http://blogs.sun.com/IdentityCrisis/entry/like_how_lame_is_that

Finally, Air Deccan proves itself

To my previous blog on the low cost flier, this is an Add-on

As every one now know, Mr.Mallya has taken 26% stake in AirDeccan, it proves that Mr. Gopinath has created the right impact in the industry. There was a review published in Times of India, if I could write it here ...

Air Deccan out numbered King Kingfisher in all aspects like, number of Flights, Destinations covered, Pilots and crew employed etc. That was really good to see.

To reiterate it was because of companies like AirDeccan, we have a drastically and positively changed air travel scenario in India.

Sun Identity Manager 7.1 is out

Sun Identity Manager 7.1 is the latest version of the Sun Java System Identity Manager product offering, augmenting the Periodic Access Review (PAR) feature, auditing capabilities, and adding/updating resource adapters. This update improves upon the industry-leading Identity Manager 7.0 solution with:

# Periodic Access Review Enhancements

* Dashboard view
* Remediation request during PAR
* Entitlement history

# Advanced Auditing Capabilities

* Policy violation prioritization
* Audit policy scan scheduling
* "Test" mode ability for audit policy scans (What-If analysis)
* Audit Log Publishers (JMX, JMS, and Scripted)

# Resource Adapters Additions and Updates

* Hybrid LDAP/RACF Mainframe Adapter (New)
* SAP GRC Access Enforcer (Virsa) (New)
* Lotus Notes 7.0 (updated)
* PeopleSoft HRMS 9.0 (updated)
* BMC Remedy Service Desk 7.0 (updated)
* Novell GroupWise 7.0 (updated)

# Other Improvements to:

* Administrative and End User Interface
* Identity Manager IDE
* Role delegations

# Bug Fixes and Platform Support Updates

So all set to rock with the latest one.