ARCHIVED: Completed project: Enterprise Directory migration

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Primary UITS contact: Alan Walsh

Completed: October 12, 2009

Description: Information about people that is used to control electronic access is maintained in multiple locations today. One of the sources is known as the Enterprise Directory Service, or EDS. Many enterprise applications, including OneStart and Oncourse, use the data in the EDS to manage access.

Originally conceived in 2007, the goal of this project is to migrate the information currently maintained in the EDS to another central directory service known as Active Directory, or ADS. In addition to being the primary source of authentication for CAS, network (VPN) access, and most workstations, Active Directory also contains a rich set of data about people at Indiana University, as well as records related to computers, groups, and other network resources.

Most of the applications that rely on the EDS also have a dependency on ADS, so migrating all person information from EDS into ADS will eliminate a redundant service, resulting in a number of benefits to users of enterprise applications at Indiana University. Among other things, improvements in efficiency will result in more accurate directory data.

The Active Directory schema will be extended, in two phases, to accommodate the additional person information. The first phase will consist of the Internet2 eduPerson schema. Phase II will be a revised version of the IU extensions to the Internet2 schema, known as iuEduPerson.

Once the schema extensions are complete, person data in AD will be updated and enterprise applications will begin to retrieve that data from AD.

Outcome: When the project is complete, the EDS will be completely eliminated. This includes numerous servers, as well as processes to support and maintain the environment. All of the enterprise applications that rely on the data in EDS will be able to rely on ADS for information about people as well as groups.

Milestones and status:

  • May 2007: Initial proof of concept
  • January 2008: Project kick-off
  • Phase I:
    • Initial survey of applications using EDS Completed January 2008
    • Analysis of required changes Completed February 2008
    • Move eduPerson schema extensions to AD Completed March 2008
  • Phase II:
    • Move iuEduPerson schema to test AD Completed May 2008
    • Acceptance testing Completed July 2008
    • Move iuEduPerson schema to AD Completed July 2008
    • Populate attributes in AD Completed August 2008
  • Phase III:
    • Upgrade AD servers and place behind firewall Completed November 2008
    • Migrate OneStart application to AD Completed November 2008
    • Migrate remaining applications (Completed September 5, 2009):
      • Timekeeping
      • Workflow
      • SIS
      • Research Administration
      • Travel
      • Purchasing
      • Electronic Payment System
      • IUIE
      • Library
    • Decommission EDS servers Completed September 22, 2009

Comment process: Send email to Alan Walsh.

Benefits:

  • Elimination of redundant services
  • Reduction in support costs
  • Increases in performance
  • Greater fault tolerance
  • Disaster recovery capability
  • Simplified access to electronic resources
  • Richer set of data about people at Indiana University

Project team:

  • Alan Walsh
  • Rahul Doshi
  • Jacob Farmer
  • David Bickel
  • Rick Jackson
  • Matt Dixon
  • Jeremy Geib
  • Brian McGough
  • Jeremy Hopf

Project sponsor:

  • EI Systems director: Rob Lowden

This is document awua in the Knowledge Base.
Last modified on 2018-01-18 15:54:45.