Thursday, May 8, 2014

An Inside Look: Prolifics Identity Management Health Check

Some identity management solutions produce interfaces and results that look decadent, others homemade.  Some are simple and pure, and others a blazing tangle of neon-lit panels. Whether an identity management solution appears simple or elaborate, the reality is those consumable interfaces sit atop a service bundle responsible for keeping access data to critical business systems flowing.

If you see something like this on the front:

The measurements may come from something like this:

(not an actual IM administrative panel)

Robust solutions can be configured to heel systems into measurable formation, and report anticipated conditions to responsible parties.  One picture can clearly call out an error, such as a connection choking on a query because an index became too fragmented and is now thrashing on I/O.   Most facets of a functioning identity management solution can be known and therefore measured.

That is, until they change.
  • Certificates or passwords expire
  • Software needs to be patched
  • Organizations want to adapt to new opportunities
  • Organizations anticipate growth
  • New security mandates are introduced
Entropy rules all, even in software.

Two ways to prepare for the changes that affect an identity management system are to be reactive - trust existing monitors and processes, wait for something to happen, and respond - or be proactive and review system health.  The difference is fodder for FUD (Fear, Uncertainty, and Doubt).  Only the most masochistic of us appreciate learning a litany of imminent problems and shortcomings on the back of resolving a current one. And, as experts in identity management, Prolifics prefers getting in front of a situation instead of waiting until a customer encounters one problem only to bear the bad news that they have five more.

The Prolifics Identity Management Health Check is a proactive review of an existing identity management installation. Prolifics inspects the environment, current running software, logs, and activity.  The result of a health check is a forecast for upgrade potential and how current system monitors may respond if current conditions continue.  

The following topics are included in a Health Check:
  • Hardware and Operating System
  • Software Solution Infrastructure
    • Documentation and Architecture
    • Utilization
    • Authorization
  • Identity Management
    • Services
    • Policies
    • Workflows
    • Operations
    • Lifecycles
    • Permissions
    • Schedules
  • Directory Integrator
  • Databases
  • Directories
  • Customizations
After inspecting the previous areas, several important artifacts will be created:
  1. A detailed map of the current infrastructure, which can be used for audits, upgrades, customizations, and future problem resolution
  2. Recommendations for configuration changes, patches and updates
  3. Critical discoveries
When everything works the way it should, the little lights blink, texts and emails and robo-calls are made, and all is good, Then, one day, comes a furlong of stack trace or cryptic code to announce that something unexplainable happened.  It could be an innocuous event, or it could be symptomatic of a more serious problem. Someone will have to look past the friendly front ends, behind the reports, and go below the surface.  There they will confront the complexity of an identity management solution. 

(An actual IM infrastructure)

In cases like this, it's always good to be prepared.

To learn more about Prolifics' security solutions, visit:

Stephen Cote is an Enterprise Solutions Architect at Prolifics. He brings extensive experience in orchestrating enterprise architectural initiatives while creating marketable products that drive revenue and protect assets. Stephen is a creative technology leader with more than 18 years of involvement in all aspects of software development from inception to release, as a manager, architect, and technical engineer.