Administracin avanzada en Directorio Activo y Exchange

Raul DOpazo
PSO Consultant Raul.Dopazo@quest.com
2009 Quest Software, Inc. ALL RIGHTS RESERVED

Introduccin a Active Roles Server

Quest Active Roles proporciona la solucin a los retos
diarios de la administracin del Directorio Activo y Exchange, a la vez que maximiza la seguridad, facilita la automatizacin de tareas y aporta un interface personalizado.

Caractersticas principales:

Administracin centralizada y delegacin de permisos basada en plantillas Aprovisionamiento automtico de usuarios desde diferentes orgenes (SQL, Oracle, LDAP, Iplanet, ADAM, etc) Autoservicio de usuario final mediante un portal web totalmente customizable Flujo de aprobacin sobre cambios y acciones en el Directorio Activo Auditoria detallada de cambios e informes personalizables sobre el uso de ActiveRoles Interfaz de Administracin MMC o Web (Admin, HelpDesk, SelfUser) Unidades Administrativas virtuales, personalizables y dinmicas

ActiveRoles Version 6.5 (novedades)

Flujo de aprobacin a distintos niveles Editor grafico para los Flujos de aprobacin Baja automtica de grupos de Seguridad/Distribucion Scripting a travs de Windows PowerShell Scripting Host Policy extensions para otros sistemas (ejm: BES) Soporte para Windows Server 2008 R2, SQL Server 2008 y Exchange Server 2010

Ejemplo prctico de Provisioning con ARS

Step
HR

Without Rules

With Rules

Add employee to HR system

5 minutes 10 minutes 5 minutes 5 minutes 10 minutes 10 minutes 10 minutes 10 minutes Effort: Elapse Time: 65 minutes Hours / Days

5 minutes Automatic Automatic Automatic Automatic Automatic Automatic Automatic 5 minutes

4 5 minutes

Create

Create user account in Active Directory

Location, Unique Name, Strong Password Generation

Create Exchange mailbox

Controlled Store Selection, Alias Generation

Create home directory

Location, NTFS permissions, Share permissions

Configure

Add user to groups

Security and Distribution Groups

Assign administrative permissions Create user accounts connected systems

Send to metadirectory, Unix/Linux, etc.

Inform

Inform the Business

E-mail to IT, Service Desk, Management Facilities, etc.

Gestion de Objetos de Exchange

Automatic mailbox store selection on new user creation for load balancing Role-based delegation over mailbox provisioning & recipient management Day-to-day recipient management tasks: create, move, delete etc Assignment of Send-As permissions User Auto-deprovision policy Provision Microsoft Office/Live Communication Server Phone number format enforcement for Unified Communication Integration with ActiveRoles Self-Service Manager: Self-Service DL Management

Gestin de Equipos
Role-based delegation over tasks Manage services, stop/restart set properties Delegation over services by name Manage shares Manage printers Manage device settings Manage local users & groups

Out of the Box Management User Interfaces

MMC - manages user, group, computer, and Microsoft Exchange Web Consoles
Interfaces designed for Admin, Help Desk & Self-Service Simplifies day-to-day tasks and reduces administrative costs Configures with point-and-click simplicity to meet customer needs Built with the latest technology

Delegacin basada en Roles/Plantillas

Day-to-Day Admin AD Architect
Create OUs Create Objects Join Computers

AD / AD LDS
Computers Domain Controllers APAC EMEA North America New York Mexico City

Sr. Administrator

Mailbox Admin
Create/Remove Mailboxes Move Mailbox Update Addresses

Exchange Admins

Service Desk
Create Users/Groups Create Groups Reset Pwrds, Unlock Accounts

OU Admins / Help Desk

Self-Service
Update personal Information Request Access Update Phone #

Cross-platform
Applications
Databases Directories Platforms

End user Self-Service

App/Data Owners
Access Management Assign Assistants Attestation

Application / Data Owners

Job Function

Roles

Access

Reglas para la integridad de los datos

Business Rule Examples

Generate Display Name Description cannot be left blank Phone number must contain 1- ### - ### - #### E-mail address = first letter of first name + last name@quest.com http://www.quest.com/people/

Polticas de auto-provisionamiento
Location, Unique Logon Generation, Strong Password Generation, Remote Access Create Location, NTFS permissions, Share permissions

Policy

Controlled Store Selection, Alias Generation

Policy

Access Control / Email Distribution Lists

Policy

Cross Platform for non AD Integrated

Configure

Policy

Linux/Unix/Java Enabled

Policy
Other Identity Manager Manual

Centralized Provisioning

Inform

Policy

Managers, HR and Support

Policy

Affordable / Efficient / Error Free Completed in Minutes

Policy

10

Polticas de Flujo de Aprobacin

Initiators Approval & Activities Configuration

Users

Multi-Level Approval Object Owners Managers Specific User Specific Group

Graphical Workflow Designer

Applications or Scripts

PowerShell Extensibility

Email Approve/Reject

Email Notifications

Web Based Approval Management

Branching / Stopping

Audit & Visibility

11

Informes Centralizados y Auditoria

Operations Tracking & Compliance Checking On-line Change History & User Activity Tracking

12

Aplicaciones integradas con ActiveRoles

Quest Password Manager Quest Authentication Services Quest Defender Quest GPOADmin Quest Access Manager Quest Knowledge Portal Quest vWorkspace

Para demos tcnicas de integracin con otros productos:

http://www.quest.com/active-roles-server/integration.aspx

13

ActiveRoles Community

14

Preguntas y respuestas a travs de Live Meeting

2009 Quest Software, Inc. ALL RIGHTS RESERVED

Quest Software realiza WebSeminars la ltima semana de cada mes

Soluciones para Exchange Server http://www.quest.com/exchange Soluciones para SharePoint http://www.quest.com/sharepoint Windows Management http://www.quest.com/microsoft

16

WebSeminars de Quest Software

Visite nuestro blog: http://questsoftware.wordpress.com

17

Gracias!

2009 Quest Software, Inc. ALL RIGHTS RESERVED