Timeline: 
January, 2013 to April, 2013
Status: 
Completed

Active Directory has been deployed for DPB and DGE.  Accounts within Carnegie's Active Directory are being branded as "Carnegie accounts" to help our user base understand that these accounts cover multiple Carnegie services and are separate from their Stanford "SUNet ID"s.  

Initiation

DPB and DGE currently have several servers floating around the departments, and each one is it's own isolated and siloed system.  Users need to remember which credentials they used on which system, and management of user accounts is virtually impossible.  Both IT an users need a managemeble authentication and identity service for all IT provided servers and systems

Requirements

  • Centralized identity and authentication systems
  • Web-based credential self-service portal
  • High-Availability
  • Multi-department solution
  • Future support for "Cloud" services

Recommend Solution

Leverage the "Carnegie-Wide" active directory system that's currently under development.  The domain struction is already built to proivde service for multiple departmetns, and comes with a password self-service web portal.  Local domian controllers and an IPSec tunnel to HQ (and other participating departments) should be sufficient to provide a highly availble authentication service for locally deployed IT services.