U.S. Department of Defense #3

The Client

This U.S. Defense Agency employs hundreds of thousands of enlistees and employees. The agency maintains a very large number of offices and worksites throughout the country and abroad, requiring extensive and secure computer services and high-speed communications to be available 24/7.

The Engagement

Working as part of an IBM services team, Encode architected, designed and installed IBM Tivoli Identity Manager (ITIM) as a user managed front-end for a 700,000-user system. The project was particularly complex due the nature of human resource allocation in the Defense Department.

Working with the same IBM team, Encode resolved a complex logon problem enabling IBM Tivoli Access Manager (TAM) to work within the clients required logon security procedures. The solution involved the creation of code and procedures to allow TAM to authenticate users based on encrypted certificates. As requested by the client, Encode authored major sections of a custom 600-page installation guide and provided training and mentoring support to client staff members.

Critical Services Delivered

During the engagement, Encode resolved two extremely critical issues that saved many months of project effort. During the ITIM installation, Encode discovered and repaired corrupted LDAP source data that was used to create the entire organizational structure. The next significant problem for the project was the anticipated loading time of hundreds of thousands of users. Using normal methodology, this would have taken multiple months of effort. With such a large number of users, the ITIM reconciliation function could not handle manual changes to user's status quickly. Encode designed a new process that reduced the load procedure to two days saving considerable time and money. Encode modified the procedure to search subsets of users for a more rapid and efficient search, which allowed authorized users more rapid access to programs and data.

• Analyze Infrastructure
• Security Architectural Design
• Software Installation, Configuration and Implementation

Technology Used

The software for this project was designed for a fault-tolerant Sun server cluster, using the Solaris operating system. In addition to Tivoli Identity Manager, Tivoli Access Manager, and WebSphere Application Server, IBM's Directory Integrator was used.

IBM Directory Integrator tool "consists of a server run-time environment and a graphical tool to build, test, and maintain the rules that the server executes. This enables the developer to continuously test connectivity, attribute mapping, and transformation logic against live sources, and to do this incrementally and with immediate visual feedback... The key features of this methodology are rapid development iterations with immediate testing and verification, followed by similarly rapid deployment, enhancement, and maintenance cycles." (IBM*)

*Copy which describes IBM products is adapted from the copy provided on the IBM website. Consult www.ibm.com for further information.