module 1 introduction to mms

Distributed Management of Data Microsoft® Metadirectory Services MMS version 2.2 is a centralized service that stores and integrates identity information from multiple directories in an

Trang 1

Contents

Overview 1

The Business Needs for a Metadirectory 3

Overview of Microsoft Metadirectory Services 9

Centralized vs Distributed Management of

Data 19

Review 20

Module 1: Introduction

to MMS

Trang 2

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles Replace this example list with list of trademarks provided by copy editor Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

<This is where mention of specific, contractually obligated to, third party trademarks, which are added by the Copy Editor>

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Trang 3

Instructor Notes

Instructor_notes.doc Presentation:

xx Minutes

Lab:

xx Minutes

Trang 5

Overview

! What is a Metadirectory?

! The Business Needs for a Metadirectory

! Overview of Microsoft Metadirectory Services

! MMS Directory Elements

! How Information Flows in MMS

! Centralized vs Distributed Management of Data

Microsoft® Metadirectory Services (MMS) version 2.2 is a centralized service that stores and integrates identity information from multiple directories in an organization The goal of a metadirectory is to provide to an organization with a unified view of all known identity information about users, applications, and network resources A metadirectory solves important business issues that result from having information being stored in multiple, disparate data repositories throughout an organization

The success in planning and implementing a metadirectory solution by using MMS relies on how well you understand your organization’s business reasons for a metadirectory, the logical structure of MMS, and how MMS works

At the end of this module, you will be able to:

! Describe the purpose of a metadirectory

! Describe the business solutions that a metadirectory provides for an organization's data management requirements

! Describe the functions of the components that comprise MMS

! Describe the directory elements of MMS, including the directory tree, object entries, and entry attributes

! Describe the flow of information within MMS

! Differentiate between managing data in the metadirectory or managing data

in the connected directory

Metadirectory Services, how

MMS meets the data

management needs of an

organization, the logical

components of MMS, and

how information flows in

MMS The goal of this

module is to give you a high

level understanding of MMS

upon which subsequent

modules in this course will

build

Trang 6

What is a Metadirectory?

Metadirectory

Suzan Fine Logon name E-mail alias Cost center Employee #

ERP Database

Fine, Suzan Title Cost center Manager

Directory Service

Sfine Logon name Full Name DN

E-mail Directory

Suzanf Display name E-mail alias Phone #

HR Database

Suzan Fine Title Employee # Salary

A metadirectory is a service that collects information from different data sources throughout an organization and then joins all or part of that information into an integrated, unified view This unified view presents all of the

information about an object, such as a person or network resource, that is contained throughout the organization In most organizations, this information

is typically scattered in different directories, databases, and other data repositories throughout the Information Technology (IT) infrastructure The metadirectory:

! Joins all the information about each person or resource into a single entry

! Removes redundant or conflicting information

! Presents back out to the organization the unified view of all known information about each person or resource

After all the information about a person or resource is joined together in the metadirectory, you can apply rules about how this information is managed and how changes to this information flow back out to all the directories that are connected to the metadirectory Therefore, the metadirectory propagates any changes that originate in one directory to the other directories in the

repository that contains

identity information about all

people within an enterprise,

even if the identify

information originates from

disparate directories or

databases within that

enterprise

Trang 7

# The Business Needs for a Metadirectory

! Identity Is the Summary of Information About People, Applications, or Resources

! A Metadirectory Manages Identity Information By:

$ Aggregating identity information

$ Managing identity information

$ Managing changes and updates

$ Managing information integrity

A metadirectory solution integrates and manages the identity information for an

entire organization Identity is the summary of information about people,

applications, and resources that is contained in different and often incompatible directories and databases throughout the organization

Most often, organizations acquire disparate systems because each system provides the best solution to a business need, not because a system works well together with the other systems Different systems within an organization make

it difficult, if not impossible, to integrate and manage identity information Additionally, the complexity of managing identity information increases each time the organization deploys an additional application or platform Therefore, the primary challenges faced by organizations are the cost and complexity of supporting many different systems that contain identity information

A metadirectory meets the business needs by providing the following identity management solutions:

! Aggregating identity information

! Managing identity information

! Managing changes to identity information

! Managing the integrity of identity information

Identity information associated with people includes names, mailboxes, employee numbers, and job titles Identity information for applications includes the network addresses where clients can find servers and lists of services that applications provide Identity information for network resources, such as a printer, includes physical location and the printing capabilities it supports

Topic Objective

To introduce the business

needs for a metadirectory

Lead-in

Provide examples of identity

data for people,

applications, and network

resources

Note

Trang 8

Aggregating Identity Information

Metadirectory

Suzan Fine E-mail alias Mailbox Logon name Phone # Title Employee #

Suzanf E-mail alias Mailbox

HR Database

Suzan Fine Title Employee #

Sfine Logon name Phone #

! A Metadirectory Aggregates Identity Information By:

$ Joining identity information from multiple directories

$ Presenting a single view of all identity information for users and resources

$ Providing a single point of access and administration

A metadirectory allows you to collect identity information from several different directories and then join that information into a logical view that represents the sum of all identity information for a given object

! Identify information resides in multiple locations This creates a situation where administrators, applications, and users have to access many different data repositories to manage or obtain information about a single person or resource Additionally, the number of places where organizations must manage identity information increases with the addition of new systems

Topic Objective

To describe how a

metadirectory aggregates

identity information to solve

the business problems of

multiple, disparate

directories

Lead-in

Point out in the preceding

illustration how each pair of

attributes from each

directory is concatenated

into the entry in the

metadirectory

Trang 9

a unified view of identity information, the metadirectory also provides one place where administrators, applications, and users can access or manage the identity information for a specific object

For example, identity information about a user named Suzan Fine is stored in different directories, and each directory stores different types of identify information Additionally, this data about Suzan Fine is stored under a different name in each directory The metadirectory solves this issue by joining all the identity information about Suzan Fine in one entry in the metadirectory

Trang 10

Managing Identity Information

! A Metadirectory Manages Identity Information By:

$ Flowing identity information between directories

$ Synchronizing identity information between directories

$ Establishing rules that determine the authoritative source for identity

information

Metadirectory

Title Email alias Logon name

Sue Fine Logon name

Susan Fine Email alias

HR Database

Suzan Fine Title

Business Problem

Different directories often contain conflicting identity information about the same person or resource Additionally, the department or IT group that owns and manages the data in a specific directory usually believes that their data is authoritative compared to similar data that resides in a different directory In these cases, data owners are often reluctant to give up control of their data

Solution

To solve issues resulting from conflicting identity information, use the metadirectory to manage the flow of identity information between directories to resolve conflicts in identity information throughout the organization For each metadirectory entry, you can determine what specific identify information from each directory to import into the metadirectory To solve data ownership issues, you can also establish rules to determine which directory contains the

authoritative value for a specific attribute in a metadirectory entry and have the metadirectory update the other directories with the authoritative value

For example, the name attribute in the HR database has the value of “Suzan Fine”, the e-mail directory uses a value of “Susan Fine” and the directory services database uses a value of “Sue Fine” After determining that the metadirectory entry will have a name attribute, you can specify that the value in the HR database must be used in the metadirectory entry

Additionally, you can specify that the name attribute value in the HR database

is authoritative and that this value will be used to update the name attributes in both the e-mail directory and directory services database

Trang 11

Managing Changes to Identity Information

! A Metadirectory Manages Changes to Identity Information By:

$ Detecting changes made to identity information

$ Propagating changes to all directories

HR Database

Suzan Fine Title = Consultant

Metadirectory

Title = Sr Consultant

Title = Sr Consultant Title = Sr Consultant

A metadirectory allows you to manage changes to the identity information that exists throughout an organization The metadirectory can detect changes to identity information and then propagate those changes to the other directories that should also reflect the change

Because an organization’s identity information is often contained in different data repositories, a change made to data in one repository is not automatically made in any of the other repositories Making the change throughout the organization requires an administrator(s) to manually make the change in each directory Therefore, updating data in each directory is both costly and potentially unreliable Unmanaged identity information quickly becomes unorganized, which results in identity information that is unsynchronized throughout the organization

Solution

To manage changes to identity information, use a metadirectory to detect those changes, regardless of where the originating change occurs When a change is detected, the metadirectory automatically propagates the change to all other directories This change detection infrastructure keeps the metadirectory and all other directories synchronized Additionally, the metadirectory will also propagate any new object entries that are created in a directory or in the metadirectory itself

For example, assume that Suzan Fine was promoted from Consultant to Senior Consultant In the HR database, the value in the Title attribute is changed to

“Senior Consultant.” When the metadirectory detects this change, the value in the Title attribute in the metadirectory is modified, and that change is then propagated to all other directories that also contain a Title attribute

Trang 12

Managing the Integrity of Identity Information

! A Metadirectory Manages the Integrity

of Identity Information By:

$ Enforcing ownership of identity information

$ Allowing, blocking,

or reversing changes made to identity information

HR Database

Suzan Fine Title = Sr Consultant

Suzan Fine

Metadirectory

Suzan Fine Title = Sr.Consultant

Title = Consultant

Title = Sr Consultant

Title = Sr Consultant

Managing the integrity of identity information is the process of ensuring that as changes occur, data does not become corrupt or out of synchronization between directories A metadirectory solution must be able to maintain ownership relationships by allowing you to apply rules that enforce ownership at the attribute level

Political issues often prevent the aggregation of an organization’s identity information, even though such consolidation is technically possible Certain departments, such as human resources, maintain a strong ownership of their data While ownership of data is not an issue when directories remain separate, retaining ownership when data is synchronized among multiple directories becomes more challenging

For example, assume that the HR department owns identify information, such

as title, salary, and employee number If a person changed the title attribute in the email directory, which is synchronized with the HR database, the

metadirectory would set the attribute back to the value contained in the HR database

A metadirectory also supports attributes that have no defined ownership,

Trang 13

# Overview of Microsoft Metadirectory Services

Metadirectory

Connector Namespace

Connected Directory

Management Agent

Management Agent MMS Compass

LDAP-enabled Applications

Web Browser

Management Agent

Metaverse Namespace

MMS is a central service, which is installed on a computer running Microsoft Windows® 2000 Advanced Server or Windows 2000 Datacenter Server MMS stores and integrates identity information from multiple directories into one, organization-wide directory

The following components make up the logical structure of MMS:

! Connected directories A connected directory is a directory, database, or

other data repository that contains data that is integrated in the metadirectory Data in a connected directory must be organized in a hierarchical structure, and there must be a method for exporting the data from the connected directory so that it can be imported into the

metadirectory

! Management agents A management agent connects a specific connected

directory to the metadirectory A management agent takes data from the connected directory and imports that data into the metadirectory When data

in the metadirectory is modified, the management agent also exports the data back out to the connected directory to keep the metadirectory synchronized with the connected directory There is one management agent for each connected directory

! Metadirectory The MMS metadirectory consists of two logical namespaces:

• Connector namespace The connector namespace in the storage area is

used by management agents to import data from a connected directory Each connected directory has its own area within the connector namespace, which is managed by its corresponding management agent The contents in the connector namespace represent the contents of the connected directory

• Metaverse namespace The metaverse is the area of the metadirectory

that contains the integrated identity information from multiple connected

Topic Objective

To describe the components

that make up the logical

Định dạng
Số trang	26
Dung lượng	1,05 MB