In the twenty-first century, no matter what industry you are in, it is important to have a secure identity. In banking, specifically, there are genuine threats to an environment that can be easily exploited due to lack of unique or secure identities.
Let’s take a look at a case where a bank had seven Active Directory (AD) domains and one LDAP infrastructure. The LDAP was the centralized repository for all users. The scattered environment where employees and contractors worked on seven different domains (MAX / CORE / PROD/ MWS / MMR/ B2B/ B2C) added complexity to the legacy infrastructure, as shown in Figure 1.
All these AD user / service accounts (seven AD domains) were synced with LDAP in different organizational unit under the single LDAP branch. Hence, all the critical applications, including SiteMinder, connected to LDAP for authentication and authorization.
Since such infrastructure could not support future technologies and could face numerous challenges during migration, the bank decided to migrate all seven AD domains to one single AD domain to modernize and simplify the architecture.
Precursor for migration
Complex infrastructure, higher cost for maintenance, administrative overhead, and longer resolution time.
Migration approach
As a part of the cost reduction strategy, we consolidated all AD domains to one domain (CORE). Our approach was that of migrating complex environments to simple ones. We focused on migration in waves for seamless migrations which would allow users and resources time to adjust.
We formed a team (ID Conversion), to access, analyze, implement, evaluate the migration tasks, and collaborate with multiple dependent teams. This new unit worked together with LDAP, Desktop, Exchange, AD, RSA, Azure, Application teams, WebEx, and others as users were spread across multiple locations.
Implementation
During the pilot identity conversion wave, we identified a few gaps in the current system. We then designed an eight-month migration plan to address these issues and get on track. We were able to complete the project much faster than anticipated.
Preparation for migration
We segregated users into multiple waves and planned the migration schedule. We informed all the dependent teams including (AD/LDAP/RSA/Desktop/exchange/Application), to align with the schedule.
During the migration
We migrated the accounts from the source domain to the CORE domain, switched the account in LDAP, and the dependent application teams propagated the changes in their respective applications. Users validated their access and confirmed.
The objective for migration
The objective was to migrate from a complex environment to a simple environment for cost reduction, future-readiness, and cloud migration.
Performance benefits
Cost benefit
Maintenance/support benefits
Aravind Ramani
Aravind has 15+ years of extensive IT experience in Identity & Access management domain which includes six years in Wipro as Technical Lead. He has hands on experience in various IDAM products like Oracle Unified Directory, Oracle Directory Server Enterprise Edition, Sun One Directory Server, CA Site Minder, ForgeRock, FIM and Identity Synchronization for Windows.