combining corporate trees with identity manager 2 jamie price senior network consultant bedrock...

Combining Corporate Trees with Identity Manager 2

Jamie PriceSenior Network ConsultantBedrock Managed Services and [email protected]

Jeff OlerSenior Network ConsultantBedrock Managed Services and [email protected]

Frank GreenVice President – Network AdministrationBank [email protected]

© March 9, 2004 Novell Inc.2

Agenda

Bank Mutual Overview

Solution Design Approach

Solution Design Overview

Solution Process

Value, Considerations, and Pitfalls

Project Benefit Summary

Future Paths

Bank Mutual Overview


Bank Mutual (pre-acquisition)

Company Facts:

• Corporate Office

• 51 Branches

• 550 Users

• 52 Partitions

• Easy Lender Host – Critical App

• Nautilus – Critical App


First Northern Savings Bank (pre-acquisition)

Company Facts:

• Operations Center• 19 Branches• 250 Users• 22 Partitions• VIP Host at branches – • Providing Internet access for Bank Mutual• Hosting MLS - Critical App• Hosting GroupWise for FNSB and BM users


Bank Mutual - Today

Company Facts:

• 72 branches• 820 users• Providing financial services for 120,000 households• Marketing blurbs

7

Lay Of The Land - The TreesGREEN

BAYMILWAUKEE

FNSB SER CORP Server User Group

BR001 Server User Group


NWR BR041 Server User Group


BR72Server User Group



OPERServer User Group

Domain PO1 PO1Mutual

MSB01


History

• Had spent time configuring trees to meet a common structure.

• Had duplicated Bank Mutual users in FNSB tree to accommodate GroupWise need.

• Was at pre-merge capability but:– Expertise in tree merging was low– WAN links increased risk to success

Solution Design Approach


The Project Approach

Back to the drawing board

• Eliminate all preconceived plans/ideas• Generate a list of goals and desires• Divide the list into 3 categories

– Critical – the solution must support these– Important – the solution can support these– Desired – the solution may support these

• Focus the project on “critical” success factors• Incorporate as many “important” and “desired”

factors as possible


The Goals

Critical Success Factors

Design and implement a unified directory structure that will support the following critical items:

Consolidation/Integration of directory systems– Administer Active Directory accounts via

NDS– Need to seamlessly map drives between

Windows shares and Novell volumes– Desire common shared directories


Plan…



– Future installation of ZenWorks/administering Zenworks® under one tree

– Flexibility for rapid branch addition and removal

– Limiting of security breaches


Plan…



• Minimized downtime during merge– Avoid altering branch hours as much as

possible, if at all.– Easy Lender (Bank Mutual tree) is a critical 24

hour online application.– While scheduled downtime is acceptable for

the VIP application, unscheduled downtime CANNOT occur.


Plan…

Important Success Factors

Design and implement a unified directory structure that can support the following important items:

• Reduction in helpdesk overhead• Reduction in user administration overhead• Selective password consolidation

Solution Design Overview


Traditional Tree Merge Concerns

Traditional Tree Merge:

• Too many branches. Need to drop to 1 partition/replica per tree.

• Replacement of replicas would be a lengthy process.

• Slow WAN links between bank branches – 56k in most cases.

• Heavily burdened WAN link between corporate offices.

• Risky process.• Difficult recovery situation.• Both trees at risk.


The Solution

High Level Overview:

• Implementation of eDirectoryTM synchronization• One way synchronization of OU’s, groups, and user

accounts• Migration of one branch/server at a time into the

parallel OU in the new tree• GroupWise/OPER OU move to new tree • Elimination of old tree

18

High Level Overview:Implementation of eDirectory

SynchronizationMILWAUKEE

SER CORP

NWR BR041

NER

MSB01

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

Mutual

19

High Level Overview: Implementation of eDirectory

SynchronizationMILWAUKEE

SER CORP

NWR BR041

NER

MSB01

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

20

High Level Overview: Implementation of eDirectory

Synchronization

MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

21

High Level Overview: One way synch of OU’s, groups, and

users

MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR 71

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

22

High Level Overview: One way synch of OU’s, groups, and

usersMILWAUKE

E

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

23

High Level Overview:Migration of branches/servers to

parallel OU’s in the new tree

MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

24



MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

Master Replica

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

25



MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

26

High Level Overview:GroupWise/OPER OU move to new

tree

MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

27

High Level Overview:Elimination of old tree

MILWAUKEE

SER CORP

NWR BR041

NER

MSB01

BR071

OPER

GREEN BAY

FNSB

BR72

BR71

BR89

OPER

MutualMasters

DirXML

28

End Result…..From This……GREEN

BAYMILWAUKEE

FNSB SER

CORP Server User Group








OPERServer User Group

Domain PO1 PO1Mutual

MSB01

NWR

29

GREEN BAY

MILWAUKEE

End Result…..To This……

SER

CORP

NWR

BR041

MSB01

BR064 BR001

NER

BR71 BR72 BR89 OPER BR033

Solution Process


The Process

Phase I - Pilot• Create Environment• Pilot Solution Build• Synchronization Install/Execution• Branch Move Pilot

Phase II - Materials Acquisition• Spec hardware/software needs• Generate Quotes• Order


The Process

Phase III - Production Environment Prep• Health Checks• Issue Resolution

Phase IV - Pre-Migration• Build Simulated Branch Server• Build Master Replica Server• Build DirXML Server - FNSB• Build DirXML Server - MB• Synchronization• Partition• Health Check


The Process

Phase V - Production Pilot• Branch Move Pilot

Phase VI - Implementation• Branch Prep• Branch Move• Branch Prep• Branch Move• Operations/Groupwise Move

Value, Considerations, and Pitfalls

35

NowWelcome to the

REAL WORLD


Phase I

Phase I – Pilot

• Ramped migration to NDPS – Queue based printing too much of an issue

• Identified need for reinstallation of backup and virus scan software

• Identified export/bulk load would not work – group membership issues

• Enabled granular script creation for branch migration

• Password management needs identified – unidirectional synch


Phase III/IV

Phase III - Production Environment Prep

• Health checks – WAN links• Replication issues• Timesync issues

Phase IV - Pre-Migration

• DirXML Server – FNSB – slow build – required replicas

• Synchronization – Certificate server location• Performance lag after creation of 2 MB-NER

partitions


Phase VI

Phase VI – Implementation

• Branches– Branch moves averaging 2.5 hours– Multiple employee involvement – script

benefits– Branch preps enabled distribution of Zen

client– Dinner break at replica placement– Bandwidth, bandwidth, bandwidth


Phase VI

Phase VI – Implementation

• Operations– Making sure that CA was last to move– Q57 NIC driver issues

• Groupwise Move issues– Jeff list these out

Project Summary


Project Summary

Result Summary

• Employees able to use apps in both trees during entire migration

• Both banks able to retain individual identities

• No downtime for critical apps or and branch in MB tree

• Branch conversions spread over 1 month – average 2.5 hours per night.

• Final Operations Center conversion performed in one day

• GroupWise cutover, tested, and proven in less than 6 hours

Future Paths


Future

NSure Audit

• Points


Future

ZenWorks®

• Points


Future

Identity Management

• Points


General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

combining corporate trees with identity manager 2 jamie price senior network consultant bedrock...

Documents

bank mutual users

bank branches

easy lender bank mutual

following critical items

fnsb tree

tree merging

unified directory structure

corporate trees