Automating Active Directory and Beyond Sven Kniest Automation Evangelist NetIQ MGT221 Bans Sagoo Solutions Engineer NetIQ MGT221 Agenda AD Challenges Why Automate AD Where does NetIQ fit in ID: 770006
Download Presentation The PPT/PDF document "Automating Active Directory and Beyond" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Automating Active Directory and Beyond…… Sven KniestAutomation EvangelistNetIQMGT221 Bans SagooSolutions EngineerNetIQMGT221
Agenda AD ChallengesWhy Automate AD?Where does NetIQ fit in?AD Automation ExamplesGoing beyond AD Automation....
Active DirectoryOwnership and Challenges“Active Directory has become indispensable!” “I need to reduce admin privileges." “I need to increase security and improve compliance." “Efficiency- efficient transitions!” “Ownership is hybrid; Security and Operations.” “We are growing by merger and acquisition." “There is a shift from operations to security, from CIO to CISO." “Security should be involved.” “Security IS involved.” “Reduce admin workload!” “We need to do more with the same resources."
Native Criticality Automation Security Today’s AD needs control over user permissions and change, as well as rich reporting and auditing capabilities Role of AD is evolving; increased demands by the business Native tools lack secure administration features Organizations should look to automation to decrease workload and simplify compliance Active Directory Management and Security
Why automate AD?Reduce manual work Implement approval steps for critical changesFaster response time to incidents and requestsEverybody has to follow the process
NetIQ: Active Directory Management and Security Solution OverviewMicrosoft: Windows • Exchange • Active Directory Migrate and Optimize Manage and Secure Automate and Integrate Reduce Complexity and Administrative Cost Categorize and Prioritize Tasks Model and Assess AD and Exchange Migration Securely Delegate Privileges Decrease Number of Privileged Accounts Enable Task-Based Provisioning Integrate Human Resource & Ticketing Systems Graphically Build Automated Business Processes Temporarily Assign Elevated Privileges Extend Active Directory to Unix, Linux, and Mac No Impact Migration & Restructuring Delegated Administration & Offline Management Automated Administration & User Self Service Increase Control and Compliance Authoritative Auditing and Compliance Reporting Model and Predict Impact of Group Policy Change Reduce Time to Detect Unauthorized Changes Schedule Migration around Business Needs Track and Evaluate Project Progress Maintain User Connectivity Enforce Policies throughout the Project Detect and Remediate Unauthorized Changes Enable Cross Functional Approval s
AutomateModel MeasureImprove Introducing NetIQ ® Aegis™ The Control & Automation Platform for IT Processes NetIQ Aegis is a software platform that models, automates, measures and improves run books and ITIL-based processes, bringing control and automation to IT Operations Aegis ITIL Process (macro) Run Books (micro)
NetIQ Aegis ArchitectureWorkflow Automation EngineNetIQ Products Enterprise Service Bus & Resource Model 3 rd Party Best-of-breed products Run Books (Event Correlation, Fault Recovery, Routine Server Restarts, etc. ) Processes (ITIL Incident Management, Change Management, DR testing, etc.) Correlation Engine AM SM SCM NCA MOM/ SCOM HPOV Remedy Smarts Adapters Bi-directional data collection and control Activity Libraries Workflow building blocks that control other tools Process Templates Provides built-in knowledge Presentation Layer Consoles tailored to specific users Independent Engines Allow data processing scalability Resource Mgmt DB Normalizes data from diverse tools Ops Console Config Console Reports … …
AD Management Workflows ExamplesAD Provisioning (feed from a datasource)User provisioning from HR feedSelf Empowerment / Just in time delegationTemporary local Administrator on machine requestGroup membership request formAD Security Event ManagementAuto rollback unauthorized GPO changeHigh profile group membership rollbackAD MaintenanceAutomatically Disable accounts who have not logged in for X days Email users whose password is about to expireCompliance Reporting / SignoffEmails the group owner every 60 days of the group membership and have them sign off on it
Active Directory Automationdemo
Out-of-the-Box Value with Knowledge Scripts™ Dynamic Grouping for Keeping Pace with Changes Targeted Policy Exceptions to Meet Unique Requirements GUI-based Customization and Connector-Based Integration Easy Implementation with Auto-Deployment Broad, Heterogeneous Coverage Flexibility Others* Secure Configuration Manager Security Manager Ops Manager BMC Remedy Email App Manager EMC Smarts Any 3 rd Party Integration Secure Administration Database Find Rows Update Rows Insert Rows Retrieve Values Execute SQL Execute Stored Proc VB Script Command Line Any GUI* Web UI XML Web Service (SOAP) Check Analysis Run Policy Templates Report Automation Exception Handling Job Management Graph Data Maintenance Custom Properties Deployment Correlation Event Management Escalation Event Management Tribal Knowledge Forensic Extraction Enable Processing Rules Disable Processing Rules Force Configuration Change Alert Management OU Management Contact Management Permissions Resolution User Provisioning Assign Ticket Update Ticket Close Ticket Escalate Ticket Create Ticket Object Management Object Operations Task Execution Impact Analysis Notification Management Manipulate Alerts Task Execution Manage Maintenance Respond To Alerts Spoof Email Save Attachment Await Email Respond To Email Simplicity Performance Counters *Pending Release NetIQ Aegis: Enterprise Architecture Synchronicity
Category Process Examples Supporting Integrate Raise the priority of events based on end-user impact as identified by synthetic transactions in Operations Manager or other tools such as HP SiteScope. Benefit: Reduce unplanned downtime by steering focus to high-impact events. IT Operations Managers Synchronize Operations Manager alert status, configurations or maintenance mode with other tools such as a manager of managers, service desk (tickets/RFCs), CMDB, etc. Benefit: Improve operational efficiency through workflow coordination and reduce development costs by integrating via a single message bus. IT Operations Directors & Integration Developers Automate Take multiple remedial actions , such as file manipulation or restarting services, when a series of events or conditions meet multiple criteria. Benefit: Automate more complex reaction decisions than are possible natively. Server and Application Administrators Manage scheduled tasks or processes with complex exceptions, such as holidays or end of quarter, to perform file deletion, routine server reboots, update data, etc. Benefit: Replace the need for additional, costly job scheduling tools. Server and Application Administrators Automate the administration of Operations Manager , such as agent integrity checks (e.g. confirming that applicable machines are posting data streams) or assigning the best management server to allocate an agent based on location and load. Benefit: Reduce the total cost of ownership for Operations Manager. Operations Manager Administrators Extend Drive alert resolution through progressive escalations, state changes and authorizations . Benefit: Reduce unplanned downtime due to missed alerts. IT Operations Managers Enrich alerts with information such as current machine configuration, owner, related issues, etc. by enabling access to disparate knowledge repositories. Benefit: Accelerate resolution and r educe administrator troubleshooting workload/time. Operations Manager Administrators Integrate, Automate and Extend Systems Center Operations Manager Automated Process Examples with Aegis
System Center Operations Manager 2007Alert Enrichment Exampledemo
question & answer
ActionsDownload Aegis and create your own processes.If your wondering how to get started....come and talk to us now!Catch us at the Exhibitor stand in Hall 4 (S2)Please fill in your evaluation.Competition Details: Win an iPOD Nano.The other sessions by NetIQ:GPO Management (Goetz Walecki)SCOM Impact Management (Frank Hoerner)
ResourcesDownload Aegis: http://www.netiq.com/f/form/form.asp?id=3185&origin=prodRead about Aegis: http://www.netiq.com/products/aegis/default.aspNetIQ website: http://www.netiq.com/Bans.Sagoo@attachmate.com Sven.Kniest@attachmate.com
Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!