Completed project: Enterprise Directory migration

Primary UITS contact: Alan Walsh

Completed: October 12, 2009

Description: Information about people that is used to control electronic access is maintained in multiple locations today. One of the sources is known as the Enterprise Directory Service, or EDS. Many enterprise applications, including OneStart and Oncourse, use the data in the EDS to manage access.

Originally conceived in 2007, the goal of this project is to migrate the information currently maintained in the EDS to another central directory service known as Active Directory, or ADS. In addition to being the primary source of authentication for CAS, network (VPN) access, and most workstations, Active Directory also contains a rich set of data about people at Indiana University, as well as records related to computers, groups, and other network resources.

Most of the applications that rely on the EDS also have a dependency on ADS, so migrating all person information from EDS into ADS will eliminate a redundant service, resulting in a number of benefits to users of enterprise applications at Indiana University. Among other things, improvements in efficiency will result in more accurate directory data.

The Active Directory schema will be extended, in two phases, to accommodate the additional person information. The first phase will consist of the Internet2 eduPerson schema. Phase II will be a revised version of the IU extensions to the Internet2 schema, known as iuEduPerson.

Once the schema extensions are complete, person data in AD will be updated and enterprise applications will begin to retrieve that data from AD.

Outcome: When the project is complete, the EDS will be completely eliminated. This includes numerous servers, as well as processes to support and maintain the environment. All of the enterprise applications that rely on the data in EDS will be able to rely on ADS for information about people as well as groups.

Milestones and status:

  • May 2007: Initial proof of concept
  • January 2008: Project kick-off
  • Phase I:
    • Initial survey of applications using EDS Completed January 2008
    • Analysis of required changes Completed February 2008
    • Move eduPerson schema extensions to AD Completed March 2008
  • Phase II:
    • Move iuEduPerson schema to test AD Completed May 2008
    • Acceptance testing Completed July 2008
    • Move iuEduPerson schema to AD Completed July 2008
    • Populate attributes in AD Completed August 2008
  • Phase III:
    • Upgrade AD servers and place behind firewall Completed November 2008
    • Migrate OneStart application to AD Completed November 2008
    • Migrate remaining applications (Completed September 5, 2009):
      • Timekeeping
      • Workflow
      • SIS
      • Research Administration
      • Travel
      • Purchasing
      • Electronic Payment System
      • IUIE
      • Library
    • Decommission EDS servers Completed September 22, 2009

Comment process: Send email to Alan Walsh.

Benefits:

  • Elimination of redundant services
  • Reduction in support costs
  • Increases in performance
  • Greater fault tolerance
  • Disaster recovery capability
  • Simplified access to electronic resources
  • Richer set of data about people at Indiana University

Project team:

  • Alan Walsh
  • Rahul Doshi
  • Jacob Farmer
  • David Bickel
  • Rick Jackson
  • Matt Dixon
  • Jeremy Geib
  • Brian McGough
  • Jeremy Hopf

Project sponsor:

  • EI Systems director: Rob Lowden

This is document awua in the Knowledge Base.
Last modified on 2015-09-30 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.