1

Simon: What, How and Why

Jon Finke

Communication and Middleware Technology

2

Overview

• Brief History– How did we get here?

• Current Functions• Selected Technologies

–Change Queues• Future Directions

3

Distant Past – 1986-1990

• Self service Unix Account– Long Distance Auth Code required

• Controls Access – RPI only• Allows for billing for printing

– Open to all students, faculty and staff– User selected “usernames”– Established relationship with Telecom– Desire for campus wide authenticator

4

1991 – Start of Simon• Joint “Computing in Curriculum”• Accounts for everybody

– One Person, One Account, All systems

• Feeds from HR and Registrar• Rudimentary guest management• Email aliases (.forward replacement)• 1993 – Hostmaster• 1993 – HR moves to Banner.• 1994 – Printmaster - /etc/printcap

5

1994 – ID Cards

• New ID card system– Same feed requirements as RCS– Simon became SOR for ISO numbers.

• Established relationship with ID card operations and management.

• Feed to Library Patron system

6

1996 – Phone Directory

• Required better HR feed• Became source for directory information.

– Some fields washed through Banner.

• 1997 Student records moved to Banner– Mostly a non event from an IdM perspective– No more student “guests”.

• 1998-99 – start PL/SQL rewrite, Y2K

7

2000 – Simon Web

• Move from command line to web for user applications.

• TSM (Backup) billing• File Generation (via PL/SQL)

8

2001 – Windows 2000

• Drive Windows 2000 domain– Password Sync

• Phase out SSNs• Campus Mailroom database• Feed to LDAP server• Feed to WebCT - Courseware

9

2002 – BEST Access System• New ID card system

– Simon record required for access– Including PARKING

• ID Specific Guest Management• Real time HR updates• New Meal Card system• Task force finds Simon SOR for people

10

2003 – More Feeds

• Insite – Space management– People feed to space management system– Buildings and room back to Simon

• Physical Plant management system– Fixx.rpi.edu

11

2004 – Authentication and Authorization

• VPN only accounts• Password Sync to LDAP• Password Sync to Applix• Demographic based building access

12

2005 – Unified Messaging

• Voicemail moves to windows domain– Provisioning via Simon

• Call Manager (VOIP) via Simon

13

2006-2008 – Status/APEX

• Status Drives directory• Started Status driven accounts• Oracle Application Express

– Rewriting existing applications– All new applications

14

Banner (Oracle Admin System)

Registrar Human Resources

Student Records Employee Records

Department Administrators

Simon (Oracle Userid Mgmt)

People

Directory InfoUserids

Active Directory (Windows 2000)

Photo ID Card System

AFS/KerberosEmail

user@RPI.EDU

White Pages LDAP & PH

ID Guests ID Desk

HartfordDirectory

15

Current Functions• Account Provisioning

– Kerb4, Kerb5, LDAP, Active Directory

• Telephone Directory (LDAP, Paper)• ID Card/Parking Transponders• System Configuration

– DNS, Aliases, Printing, Firewall

• Accounting – Printing, Disk, Backup, software licensing

16

Current Functions (cont.)

• Data Interchange– Accounting (PC Store, Telecom)– Building/Room Inventory– Student “Hold”

• Telecom Provisioning– VOIP, VoiceMail

17

Technologies

• Change Queues for other systems• Person Status – drives provisioning

18

Password Changes

• User Web page – encrypts PW with public key and queues it.– Requeue Processor – feeds new back ends.

• Back end processors – decrypt and apply• Notes

– Encrypted copies saved– Queue status web page for help desk

19

Changing Passwords

Database

Secure Web Server

Web Browser Password

Change Page

Change Queue

PublicKey

Password Change Server (Private Key)

SSL Encrypted with Public Key

Windows Domain

Controller

Windows Domain

Controllers

20

Near Futures

• Multiple account types (entitlements)• Based on person status• Delegate control to departments• Password queue rewrite• Oracle Application Express (APEX)• Web Services

21

Questions? Comments? Ideas?

Jon Finke

Rensselaer Polytechnic Institute

http://www.rpi.edu/~finkej

No animals were harmed in the making of this presentation. All scenes involving animals were monitored by employees of

Schenectady County Family Court