Using Identity to Drive Cost Reductions

How can you use the identities stored in your systems to drive cost reductions? How do you automate processes that are labor intensive, frequently delayed, and exposed to human error?

C/D/H recently helped a client address these issues by implementing an Identity Vault and management system for one of the region's most forward thinking universities.

The Beginnings
We had established a trusted relationship with our client, Davenport University, after a number of successful infrastructure projects. Over the course of this relationship, our consultants proposed solutions to operational and technical problems we observed. The first step in this solution began in 2002 as a relatively simple integration of the Novell eDirectory with a Microsoft content management system driving a faculty portal. At the end of the first phase, help desk personnel were able to provision faculty to the new portal simply by populating specific fields in their eDirectory record. The Identity Management solution triggered the creation of an Active Directory account from which the portal relied to present customized content to the Davenport instructor. With the success of this solution, our client was prepared to expand the system.

Identity Vault Creation
The initial solution connected the production eDirectory with the Active Directory domain. While appropriate for a small system, it didn't scale well when we began discussing connecting to the AS/400, building access control system, and wireless network authentication system. Our solution architects, working with Davenport's senior system engineer, agreed that the creation and maintenance of an Identity Vault would better serve Davenport's long term needs.

An Identity Vault is the central "traffic cop" of identities, passing add/change/deletes to the connected systems via a series of business rules. For instance, not all users needed access to the faculty portal, so business rules at the Identity Vault examines the user record and decides to forward some, all, or none of the information to the Active Directory domain. In similar fashion, student records created on the AS/400 trigger eDirectory accounts creation, but are not added to the faculty portal. The design and creation of consultants brought to Davenport to support this next phase of connectivity. This project set the ground work for a university-wide identity repository for all future systems and applications.

Driving Costs Down
With the implementation of the Identity Vault and upgrade of their system to Novell's Identity Manager 2.0, Davenport University now has a highly automated, well thought-out, and real-time connector between their systems. Rather than relying on email, voice mails, or notes passed from one system administrator to another, the Identity Manager automates the process by monitoring changes to connected systems. The process works by sending XML jackets between agents where identities are added, removed, disabled, changed, renamed, or whatever needs to be done as defined by the host application.

"We've seen a significant impact on the time it takes to create or remove accounts from systems, and when you manage 90,000 accounts, we needed systems to help us. What used to take hours or days to complete is now accomplished in seconds. With our recent dormitory expansion, the system by being connected to the building access control application, can allow/disallow access by students before they even leave the registrar's office. We think this will keep our costs under control as the University continues to grow and prosper," says Kevin O'Halla, Chief Information Officer at Davenport University.

"We relied heavily on C/D/H's consultants in the design and implementation of this system. We bring them in for key projects like this in order to leverage their expertise. I know when I hire C/D/H they will deliver the solution within the budget and on the schedule they tell us. I wish all my vendors did that.”