Internet Access to Shared Service

Michael Wittenburg, a colleague with MCS - UK, recently sent through a link to a case study of a project I was involved in with him. The Internet Access to Shared Service (IASS) project aimed to provide the UK Ministry of Defence with secure remote access to its line-of-business applications.

You can find the case study here: Case Study - The Ministry of Defence. The IASS solution used combination of multiple products to enable the secure remote access, including:
  • Microsoft Active Directory Directory Services
  • Microsoft Intelligent Application Gateway (IAG)
  • Microsoft .NET Framework
  • Microsoft BizTalk Server 2006
  • Microsoft Identity Lifecycle Manager 2007 FP1 (ILM)
  • Microsoft Internet Security and Acceleration Server 2006
  • Gemalto Chip & PIN (EMV) .Net Smart cards
I spent quite a few weeks at the Microsoft Technology Center (MTC) in Reading, UK working with folks from MCS, Capgemini and other partners to put together this solution. My role was to implement the smart card management and identity synchronization bits, using the ILM Certificate Management solution to manage the Gemalto EMV smart cards and the ILM Identity Synchronization solution to manage the users, provisioning and deprovisioning them from CLM and the UK Government Gateway. Getting all of this to work was quite interesting and a bit of a challenge, working around the various products' idiosyncrasies. However, with a little bit of customization work using the CLM APIs, the project was a success. Have a look at the case study to get more details.

Also, once again, a big thank you to all the guys involved at the MTC: Paul Thomas, David Hoyle, Michael Wittenburg, Mark Allen, Sam Mannix, Diarmuid Curtin, David Chaudry and Adrian Castiallo, to name a few. It was a real pleasure working and having a few pints with you guys.

Comments

Post a Comment

Popular posts from this blog

Microsoft Customer Guidance for WannaCrypt Attacks

As you no doubt are aware, the WannaCrypt attacks over the last couple of weeks have been quite pervasive. Microsoft has provided some guidance on the WannaCrypt attacks that I thought you should be aware of, both for Azure as well as on-premises. https://azure.microsoft.com/en-us/blog/wannacrypt-attacks-guidance-for-azure-customers/ https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Of note, Microsoft has released security patches for OS versions that are no longer in mainstream support, i.e. Windows XP, Windows 8 and Windows Server 2003.
Read more

ILM 2007 Certificate Management Customizations

ILM 2007, through its Certificate Management solution, or Certificate Lifecycle Manager (CLM) as it used to be known, allows an organization to manage credentials within their Windows Server 2003 and 2008 certification authorities. It acts like an administrative proxy, allowing you issue and manage digital certificates and smartcards through a web interface. The solution provides three different APIs (i.e. Provision, SQL and Notification) and a number of customizable interfaces, all of which allow you to customize CLM. This gives you the ability to greatly extend and expand the product's capabilities. For an overview of these APIs and interfaces, have a look at the Certificate Lifecycle Manager Overview on MSDN. Over the next few postings, I'll be looking at these APIs and interfaces in greater detail, to show you how they work and how they could be put to use in your CLM deployment. And I'd like to add a quick shout-out to David Lundell, over at ILM Best Practices , f
Read more