Directory & Identity Training - Session Abstracts

Speaker: Bahram Rushenas, Microsoft Consulting Services

Part I: The first part of this workshop demonstrates how a provisioning scenario including an approval process can be easily implemented with ILM “2” without writing a line of code. Throughout this walkthrough the ILM "2" architecture and configuration settings relative to the ILM "2" Codeless Provisioning functionality are explained.

Part 2: The second part of this workshop demonstrates how distribution lists and security groups can be easily managed with ILM “2” also without writing a line of code. Throughout this workshop the ILM "2" architecture and configuration settings relative to the ILM "2" functionality such as Dynamic & Static Group definition, Delegation of Administration and Office Integration are explained.

Technical prerequisites: Attendees should be familiar with ILM 2007 concepts. All equipment will be provided.

Speaker: Oxford Computer Group

More and more organizations are facing the need to collaborate with partners, suppliers, members and customers. E-mail is no longer sufficient…sending documents back and forth leads to mistakes and lost productivity when you lose track of which document is current. This is why so many companies have turned to tools like SharePoint, to allow teams both small and large to work together and share information in ways that e-mail can’t. In this four-hour hands-on workshop you will learn how to install and configure AD FS, including exchanging metadata with an “account partner”. You will also learn how to take your SharePoint system and configure it to be a “claims-aware” system that accepts AD FS authentication tokens to enable SSO for web collaboration. We'll also discuss designing and enabling SSO for additional applications to move beyond SharePoint, and we'll have plenty of Identity and Access Management expertise on-hand to answer your toughest questions.

Technical prerequisites: All equipment will be provided.

Speakers: Holger Reiners and Jorg Finkeisen, Microsoft Consulting Services

Part I: The first part of this workshop demonstrates how a Password Reset scenario can be easily implemented with ILM “2” without writing a line of code. Technical prerequisites: Attendees should be familiar with ILM 2007 password synchronization capabilities.

Part 2: The second part of this workshop demonstrates how ILM “2” can be used to manage objects in Active Directory. Further we’ll show how ILM “2” can easily be extended to enable computer object management for Active Directory without writing a line of code. Technical prerequisites: Attendees should be familiar with ILM 2007 provisioning capabilities. All equipment will be provided.

Speakers: David Lundell and Brad Turner, Ensynch

The extensibility of the ILM “2” portal allows for the lifecycle management of practically any resource. In this hands-on lab, you will envision and build a real application to track OID Assignments within your mock enterprise. In this session, you will learn how to extend the ILM “2” schema, customize Object Visualization Configuration, and tailor Management Policy to provide a request mechanism for data owners to request schema changes from a Schema Review Board. Synchronization rules will be introduced to facilitate auctioning of the request to an application database to track assignments. Finally, the lifecycle of each node and individual assignment will be tracked to ensure that data owners can deprecate unused assignments.

Technical prerequisites: Attendees are not required to bring a laptop.

Speaker: Gil Kirkpatrick, Sean Deuby, Brian Desmond

Speakers Gil Kirkpatrick, Sean Deuby, and Brian Desmond will introduce delegates to Microsoft’s new Thrive program – which is designed to help IT professionals manage their careers during the downturn. Brian Desmond will also share his war stories regarding the pitfalls of outsourcing infrastructure management, including Active Directory and Exchange.

Speaker: Dmitry Sotnikov

In this session we will dive into identity management, federation and sign-on process for Windows Azure and Microsoft’s BPOS products such as Exchange Online and SharePoint Online. How do you set up federation between your existing Active Directory and these “cloud” applications? Which options do you have? How does authentication actually happen? How much of the infrastructure and management effort can be shared across these applications and how much is application-specific?

Speaker: Dennis Glendenning

IIS 7 is a completely new platform for hosting web services and applications. It was built with the next generation thinking and offers you new opportunities to host all kinds of applications in a robust platform. This session explores the ways in which you can leverage the new security features of IIS 7 and Windows Server 2008 to provide a range of authentication and authorization options for tomorrow's environments.

Speaker: Nathan Muggli, Dennis Angeline, James McColl, and Dean Wells

The Directory Services team has delivered a rich set of features in Windows Server 2008 R2. This session provides an opportunity to ask questions and discuss those features in detail directly with the product group. This moderator lead discussion is an opportunity to discuss features, ask questions and provide the product group with the customer feedback that is essential to planning future releases of Microsoft Directory Service.

Speaker: Jorge de Almeida Pinto

Since the beginning, when Active Directory was first released with Windows 2000 Server, the methods and means for object recovery in AD have evolved and improved each time a new version of Windows was released. In time, the technology made it more easy to recover objects and prevent the loss of data after recovery. We will start this session with an introduction to object recovery related topics, followed by an explanation of all object recovery methods in all versions of AD after an accidental (mass) deletion, including what’s new in Windows Server 2008 R2 (Windows 7). The session will finish with some recommendations around object recovery. This session will include at least one demo!

Speaker: Danny Kim

Microsoft’s new Cloud based infrastructure provides the building blocks for hosting scalable and highly available services for Corporations, ISVs and developers to leverage all of the hardware and software of a global datacenter. This session will cover the main components of building an application for the Cloud along with additional complementary building block services Microsoft will have released such as Identity and Access services, BizTalk.net services (Internet Service Bus), Workflow Services, Database Services, etc. To tie the pieces together, the session will cover the mechanics of building a live service running on Microsoft's Cloud infrastructure.

Speaker: Darren Mar-Elia

This session focuses on using the direct LDAP APIs available in .Net from your PowerShell Scripts. The advantage of this API is that it is more performant than ADSI, but it also comes with more complexity. We'll provide plenty of real world examples that will let you leverage this capability to automate AD management tasks using PowerShell.

Speaker: James McColl and Dean Wells

Windows Server 2008 R2 brings IT Administration to a new level by adding the control and flexibility of Windows PowerShell to Active Directory identity management. This session will introduce IT Administrators to the capabilities provided by a new suite of AD PowerShell cmdlets that will allow administrators to manage Active Directory identities with the security and ease of web services. It will start by explaining PowerShell concepts, and demonstrate how to manage Active Directory objects such as users, computers, and groups. We'll go on to demonstrate more advance techniques for managing organizational units, domains, and forests. AD PowerShell is future of Active Directory administration and this sessions will provide the knowledge and understanding needed to jump start your AD PowerShell experience.

Speaker: Ivan Lam

This session shows you how to manage data with the next generation of management tool, AD Administrative Center which will be shipped in Windows Server 200 R2 release, in various scenarios to complete the daily IT tasks. From the UI design goals to fine-tuning of the tool, or from multi-domain environments to remote management of AD, you will learn the best practice of this tool and improve efficiency of your day-to-day administrative tasks in AD by experiencing with this totally revamped UIs.

Speaker: Joe Kaplan

In this session, we'll explore programming Active Directory DS and LDS using the .NET Framework. The session will cover the basic facilities offered by the .NET Framework today in version 2.0 and 3.5. After attending this session, participants will know why .NET is important for both application developers and administrators and what it has to offer them now and in the future for building all types of directory-enabled applications (web, GUI, command line, services, etc.).

Speaker: Eric Schwarz

Securing Active Directory Domain Services can be complex. In light of the emerging danger from Insider Threat, specialized measures are needed to address this challenge. This presentation will detail how to design a highly secure Domain Controller environment using numerous native, custom and third party technologies. Unique challenges posed by Insider Threat will be discribed along with options to mitigate them.

Speakers: Guido Grillenmeier

Deploying Win2008 with RODCs at large scale requires a good amount of planning and has already caused a few surprises (at HP and other companies of similar size), some of this is related to being able to manage the required replication policies sufficiently well – and what happens if you don’t. This session assumes that the audience is well versed in the basics of how the RODC works.

Speaker: Sean Deuby

When you use Hotmail, or Online Services, or Windows Live, have you ever wondered what kind of infrastructure supports such a wide array of software services? Active Directory, of course. Microsoft's Global Foundation Services supports these diverse customers. Come to this session to learn more about the GFS computing infrastructure and where it's headed.

Speaker: Mark Gray

Join us as we delve into the finer details related to figuring out what is really happening in Group Policy.

Speakers: Jeremy Moskowitz

When asked, most administrators would say that Group Policy is one of the most important day-to-day functions you can perform within your Active Directory. And, to that end, Microsoft has wrapped up a little goodie bag full of tasty nuggets for us to sprinkle upon our clients and servers. There are 21 new Group Policy features with the new Group Policy Preference Extensions and a newly updated GPMC. Not to mention updates to ADM files (now called ADMX files), a way to get out of "Local Group Policy Hell", and a way to centrally store template files. All said and done, it's a brave new world -- if only you know how to get started using it, and use it well.

Speaker: Dmitri Gavrilov

Do you face challenges in protecting your data according to FERPA or HIPAA? Join us as we examine the basic issues with the ACL model, including: Using defaultSecurityDescriptor in the schema vs. using inheritable security; why DENY aces are evil; designing read/write access (attributes/propsets) to data; designing create/delete/move access to data; and performance implications of restricting access to data.

Speaker: Mark Gray

Join us to for a look at what’s upcoming for Group Policy in Windows 7.

Speaker: Brad Turner

ILM 2 provides the framework for managing the lifecycle of objects expressed in the Identity Management portal, but what happens when they expire? How do you build multiple tiers of notification and reconcile objects at or nearing expiration?  Should I delete the object or disable it as part of a delayed event processing solution?  This session will focus on real world examples as experienced in the ILM 2 TAP program and demonstrate how to build and implement a multi-tier expiration and reconciliation system that incorporates different policies for each object type to be reconciled over multiple time frames.

Speaker: Dmitri Gavrilov

With architects and developers in mind, this session will examine various approaches to modeling data in AD and consider access patterns to this data. Some examples include: when to use or not to use linked attributes; overcoming the 1300 multi-valued attribute limit with linked DN+binary/DN+string attributes, and the DIT bloat risk associated with this; designing efficient queries: sorting vs. paging vs. performance vs. security; can VLV really be used for anything; and, using containerized and subtree-ized indexes.

Speakers: Brett Shirley

In this very technical session, we’ll take a deep dive into the architecture of the ESE engine, the different components that compose the engine, how they interrelate and store data. We will cover transactional logging, buffer cache management, B+ trees, space management, and the underlying database physical format.

Speaker: Brian Desmond

In many organizations, Active Directory and Exchange support personnel are often the top of the escalation chain for Wintel support in general. In this session we’ll look at a number of scenarios that will demonstrate tried and tested troubleshooting methodologies and toolsets. Many of these scenarios are extremely frequent Wintel problems that are often also frequent PSS calls. This is a demo heavy talk – we’ll use sample applications written specifically for this session as well as data from actual customer issues to troubleshoot live.

Speaker: Brian Desmond

The premise of this session is twofold. The primary goal is to teach Active Directory architects and administrators how to interpret complex network diagrams and configuration information and to transform it into a site topology that efficiently uses the network. The second goal of the session is to teach the audience the basics of the three most common WAN technologies as they relate to their data.

Speaker: Guido Grillenmeier

It is a compelling option to deploy RODCs in the DMZ – they help to reduce the costs of managing another AD forest in the DMZ and simplify overall management of the DMZ. This was the key reason for HP to leverage RODCs quite to the surprise of Microsoft at the time. There are even more challenges as to how RODCs work “under the hood” that need to be understood when deploying RODCs in the DMZ, which would be covered by this talk. We’ll also cover the benefits and downsides of deploying RODCs compared to traditional methods of authenticating users to resources in the DMZ – and help to clarify that RODCs in the DMZ is not the right solution for everyone. This session builds on Monday’s session Tales from Deployment of RODCs in Large Enterprises.

Speakers: Brian Desmond

One of the most important tenets of managing any large IT environment is consistency, and automation is key to this. At a high level this session will discuss some of the decision factors in choosing between disk imaging, a build CD, or a combination of both. We will look at how to automate the domain controller promotion step, and walk through building an unattended build CD.

Speaker: Robert Nottoli

Consider this session an FAQ from the speaker’s nine years of working with customers on Active Directory. This session will go through slides and where possible will show the answers in a live demo. Questions will include: “How do I make Active Directory work through a firewall?”; “How do I edit custom attributes in ADUC?”; and “How do I am perform that task from a command line?” along with seven other compelling questions. If you have your own questions to submit before the session please email Robert Nottoli at robnotto@microsoft.com.

Speakers: Darren Mar-Elia

Join us for a wide-ranging set of topics related to Group Policy, including an overview of how to leverage the Group Policy Preferences feature, basic troubleshooting steps, automating GP management using PowerShell and finally, best practices on creating secure desktops using GP.

Speaker: Radiant Logic

In 2007, Ford Motor Company made the decision to reduce costs and complexity by eliminating their legacy directory infrastructure and redirecting their more than 400 applications to leverage the investment that Ford had already made in Active Directory. This move not only eliminated significant license and maintenance costs but also reduced the amount of data that needed to be synchronized across systems and eliminated the confusion around data ownership. This presentation will describe how Ford used virtual directory technology to provide a smooth transition for applications configured for web based directories to authenticate against and be compatible with Active Directory.

Speaker: Dennis Angeline

Windows Server 2008 R2 delivers some highly anticipated features for Active Directory administrators. This session will provide a guided tour of the new AD Administrative Center and the new capabilities provided by AD PowerShell. We'll also cover the AD Recycle Bin for recovering deleted objects, the Best Practice Analyzer for verifying your AD configuration, and improvements to service account management and authentication assurance. This session will provide you with the information you need to understand and evaluate the Active Directory features that Windows Server 2008 R2 delivers.

Speakers: Jeremy Palenchar

ILM “2” includes a powerful workflow solution based on the Windows Workflow Foundation (WF). The flexibility of this system provides a solid foundation for developing workflows that can meet any business need. Attendees of this session will leave with a deep understanding of WF and several examples of Enterprise-class workflows suitable for their environment. Tips for making your workflows manageable, flexible and scalable will also be given.

Speakers: Gil Kirkpatrick

In addition to its new provisioning and workflow capabilities, ILM “2” provides a comprehensive audit trail of identity-related transactions. This session will discuss what sort of actions are audited (and which ones are not), how to get the audit data from ILM “2”, and how to build the reports you need to maintain regulatory compliance and provide diagnostic and troubleshooting support.

Speakers: Michael Brengs

This session covers recommended best practices for implementing a virtual directory within an identity management infrastructure. We’ll cover topics critical to all virtual directory deployments such as: understanding your data/requirements, caching of data, data replication needs, general architecture, high availability, static groups/dynamic groups and application integration.

Speaker: Microsoft Program Management

ILM “2” provides a flexible and extensible architecture for managing the lifecycle of users, groups, and other identities. By taking advantage of ILM “2”’s extensibility, it is possible to extend ILM “2”s reach to beyond users and groups to include access control concepts.

Speaker: Microsoft Program Management

The ILM team has delivered a rich set of new features and functionality in ILM “2”. This session provides an opportunity to ask questions and discuss those features in detail directly with the product group. This moderator lead discussion is an opportunity to discuss features, ask questions and provide the product group with the customer feedback that is essential to planning future releases of Identity Lifecycle Manager.

Speaker: Craig Martin

As the ILM 2007 market matured, more and more people were asking for some level of role management and access based on roles. A variety of approaches to this have been implemented, and over time a fairly standard architecture evolved as fittest for purpose. How will this look in the world of ILM “2”? The answer is – quite different, and some implementations are already underway. In this session we can take a first look at some approaches, and some of the configuration, workflows and additional modules that are needed. If you are interested in RBAC, or more generally in the business of extending ILM “2”, this is for you.

Speaker: Eric Huebner

The obective of this course is to provide information to implementors of ILM "2" on lessons learned and best practices identified during the ILM "2" RDP Program. The session is expected to be a wide ranging discussion of many of the features and in-depth configurations of ILM "2" along with a overview of the best options to choose in several implementation scenarios. Topics covered will be around performance, security, user experience, implementation challenges and operational best practices. Anticipated focus areas will be naming standards, sercurity design, implementation of custom rules extensions among others.

Speaker: Rob Allen

The obective of this course is to provide information to implementors of ILM "2" on lessons learned and best practices identified during the ILM "2" RDP Program. The session is expected to be a wide ranging discussion of many of the features and in-depth configurations of ILM "2" along with a overview of the best options to choose in several implementation scenarios. Topics covered will be around performance, security, user experience, implementation challenges and operational best practices. Anticipated focus areas will be naming standards, sercurity design, implementation of custom rules extensions among others.

Speaker: Peter LaCrosse

In addition to the well-known technical concerns surrounding any Identity and Access (IDA) project, identity architects (and the organizations we serve) are increasingly concerned with the process of optimizing our overall IDA infrastructures. By taking a systematic approach to managing identity-related architectures and projects, you can help to align IDA with your company's strategic business objectives, and do so in a repeatable manner. In this presentation, we'll use Microsoft's Infrastructure Optimization model to assess the current state of an organization embarking on an IDA project. We'll also discuss the use of the Microsoft Solutions Framework (MSF) to analyze and implement improvements to an organization's IDA infrastructure in a systematic and repeatable manner. By using these freely available tools and design models, you can move from a strictly technical IDA focus to aligning Identity and Access to help in reaching your organization's strategic business objectives.

Speaker: Mike Dube and Markus Vilcinskas

With Codeless Provisioning, Microsoft ILM "2" introduces a new feature that enables you to implement your complete identity integration business logic without the need of developing rules extension source code. We’ll will focus on how the architectural components are used “in action” and how to troubleshoot an environment if something is not working. Additionally, this session will discuss the boundaries of Codeless Provisioning to demonstrate scenarios where rules extension development may still be required. The goal of this presentation is to explain to you all aspects of codeless provisioning including related features in a digestible manner. After attending this presentation, you will have a solid understanding of all aspects of codeless provisioning, which will enable you to effectively implement this feature in your scenarios and troubleshoot common issues.

Speaker: Felix Gaehtgens

Here's an overlooked problem that causes many headaches: Once a user is authenticated, how will you now handle authorisation? Authorisation, like authentication, should be delegated, and not handled by applications themselves. But how so? The fact that this is not really done today causes unneccesary risks and large potholes not only in SOA environments. Felix looks at different approaches, best practises, and initiatives that currently exist around externalising authorisation and application security, plus an overview where he thinks all of this is heading.

Speaker: Felix Gaehtgens

Focused exclusively on Active Directory? Thought that directory servers and the LDAP protocol have reached their peak? Think again. The LDAP directory world has been humming over the last few years, and many new innovations have seen the light of day. This session will take you
fast-forward through some of the coolest features to be found in today's LDAP servers outside of Active Directory. We'll also cover major development in LDAP APIs and utilities that can be used with AD as well. Last but not least, we'll dissect some of the extensions to the LDAP protocol and where all of this is heading.

Speaker: Andreas Kjellman and Mark Wahl

Providing your user community the tools to easily manage their own passwords and distribution lists should remove a huge administrative burden from your IT staff. But putting the tools in place is not the same as having your users put them to use. In this session the ILM product team will discuss the challenges of self-service technology, approaches to self-service deployment, some of the surprising user behaviors that inhibit the use of self-service technologies and how to overcome them. We will also cover the future possibilities of ‘user-centric’ identity and its impact on identity management.

Speaker: Andreas Kjellman

Attend this session to learn from the ILM product team about the ILM “2” architecture and components from the lens of an IT Pro. This session will cover common deployment topologies and the challenges they present, best practices for managing the product, as well configuration tips and tricks to help ensure a successful ILM “2” deployment.

Speaker: Joel Silver

Microsoft is currently replacing major infrastructure pieces with ILM ‘2.’ How is this being done? What problems have we encountered? What lessons have we learned? In this session let’s take a detailed view at what it takes to implement custom functionality with ILM ‘2’ to replace our complex IT infrastructure.

Speaker: Randy Wiemer

Microsoft has announced plans to host 150 million Exchange mailboxes by 2013 as part of a next-generation multi-tenant, multi-org Exchange and Active Directory infrastructure. They have been developing the technology to support this plan for quite some time and have made it available to educational institutions ("Live@EDU") around the world for the past several months. In this session you will get an overview of this next-generation deployment of Exchange 14. We will demonstrate how to use Remote PowerShell and hosted Exchange management utilities to control and update your hosted mailboxes. You'll also receive an introduction to ILM’s new GALSync14 to perform bi-directional updates with your on-premises identity management system.

Speaker: Craig Martin

The features you've wanted for so long are just around the corner. You've already deployed a metadirectory and now you're eager to migrate to ILM "2". This session explains how to get there, including lessons learned, features you should prioritize, and insight into what the project will look like. This session is designed for existing administrators of MMS\MIIS\ILM infrastructures, and Systems Integrators who are interested in selling ILM "2" to their customers.

Speaker: Andrew Page

With server virtualization proving to be a “game changer” in the datacenter, its impact is being felt across all the directory services being provided by IT today. Using a combination of virtualization, new management tools, and features at the physical switch level, you have the ability to change configuration quickly while dramatically reducing deployment time, increasing service delivery, and take better advantage of your virtual hosts. In this session, we will take a deep look at the importance of managing a virtualized vs. physical environment.

Speaker: Kevin Kampman

The identity management community is examining opportunities for more abstract, interoperable identity capabilities. Initiatives like the Identity Services Work Group (ISWG) are establishing requirements and developing a set of business-driven scenarios to describe what capabilities are required and how these would work together within and between organizations. These requirements and business scenarios are intended to catalyze action within the industry and standards bodies to address current interoperability challenges.

This session will examine the current state of identity services and share insights on the following topics:

• Business requirements and use case scenarios for identity services
• Remapping identity infrastructure into services
• Interoperability challenges, industry standards, and where attention is needed
• Preparing for identity services

Speaker: Jeremy Palenchar and Andrew Weiss

ILM includes rudimentary support for provisioning mailboxes in Exchange 2007. This session will describe an enterprise-class solution for provisioning Exchange 2007 mailboxes with MIIS, ILM, or ILMv2. The solution supports mailbox provisioning based on user location and places new mailboxes based on Exchange server capacity or utilization. This session is a must for anyone looking to manage their Exchange mailboxes with ILM.

Speaker: Marvin Tansley

Enterprise PKI systems provide an excellent means for employees to authenticate with the organization's network while same infrastructure can provide encryption and digital signature. The Certificate Lifecycle Manager portion of ILM administers users with these PKI credentials. However, sometimes practical may make it difficult to have all users registered with PKI credentials for strong authentication to the network. For instance, large governmental organizations have chosen to use one-time passwords (OTP) to assure strong authentication to non-domain joined users. This presentation explains how you can deploy OTP authentication in your organization without having to deploy and manage a second administration product. The details of what it means to provision and how to deploy a one-time password strong authentication system using ILM “2” will be explained. In addition, how an administrator can manage users with an OTP device and the underlining architecture will be provided.

Speaker: David Lundell and Brad Turner

Come learn how to get the critical information you need to be able to administer ILM 2 and be able to show business value to the boss. In this session you will get the next release of the free Community Reporting Pack updated for use with ILM 2. You will learn how to report against ILM2 using the features included in the ILM 2 Portal, and through SQL Server Reporting Services, and Analysis Services. You will learn how to use the Web Services provided in ILM 2 to retrieve data for your reports and also a safe (but still unsupported) way to get the data from the database.

Speaker: Brian Komar

ILM "2" introduces codeless provisioning for provisioning user accounts…. but not for certificates. This session discusses how you can leverage codeless provisioning for your certificate deployments by using codeless provisioning and the CLM MA. The session will focus on how this affects your CLM workflows and configuration.

Speaker: Brian Komar

Do you need more immediate recognition of revoked certificates? Windows Server 2008 provides several options for changing your revocation infrastructure. This session looks at the options that are available to you (Issuing Distribution Point extensions, Online Certificate Status Protocol, Base CRLs, Delta CRLs) and provides you guidance on when to deploy these technologies. The session will provide guidance on when and how to deploy these new technologies and how to integrate the new technologies into your existing deployed certificate base.

Speakers: Dmitry Kazantsev

A common challenge when designing an IAM system is how to manage the Windows file system. What do you do to create those pesky home directories, and how do you manage them on an ongoing basis? In this presentation, we will present an innovative solution for envisioning the Windows file system as a full-fledged managed object using an Extensible Management Agent.

Speaker: David Lundell and Brad Turner

Come learn how to get the critical information you need to be able to administer ILM “2” and be able to show business value to the boss. In this session you will get the next release of the free Community Reporting Pack updated for use with ILM “2”. You will learn how to report against ILM “2” using the features included in the ILM “2” Portal, and through SQL Server Reporting Services, and Analysis Services. You will learn how to use the Web Services provided in ILM “2” to retrieve data for your reports and also a safe (but still unsupported) way to get the data from the database.

Speakers: Laura Hunter and Chris Calderon

We’ve all done the step-by-steps, but people still seem to have questions on how extensible ADFS really is. How do they address existing legacy applications? How are people implementing ADFS in the real world? In this session, we’ll look at how people are leveraging SharePoint in federated solutions. In addition, we’ll cover topics such as, considerations around federation policies, options for moving legacy applications to become claims-aware, logging, and finally custom claims transformation modules.

Speakers: Brian Puhl

Servers are set up, and nobody to federate with! Microsoft IT deployed Active Directory Federation Services in early 2005 and has been rapidly pushing the adoption of ADFSv1 (Windows Server 2003 R2) and ADFSv1.1 (Windows Server 2008) internally ever since. Come hear the technology, legal, process, and general challenges and benefits of Microsoft’s internal deployment. The session will cover where Microsoft has been, where they’re at, where they see the future of federation internally as they enter the CardSpace and federated identity era.

Speaker: Dennis Glendenning

IIS 7 is a completely new platform for hosting web services and applications. It was built with the next generation thinking and offers you new opportunities to host all kinds of applications in a robust platform. This session explores the ways in which you can leverage the new security features of IIS 7 and Windows Server 2008 to provide a range of authentication and authorization options for tomorrow's environments.

Speaker: Joe Kaplan

In this session, we will take a deep look at Micosoft's Active Directory Federation Services in terms of how we can customize the product to meet specific needs. The presentation will take the audience through several scenarios from simple to complex showing a variety of customizations that can be made to the product. The initial samples are focused on tasks an administrator could perform while the advanced scenarios would require help from a developer with .NET skills. Many of these customizations have never been documented publicly, so this session presents a unique opportunity to learn from any expert of the types of things you can and should be doing to make your federation deployment more successful.

Speaker: Randy Wiemer

The original vision for Microsoft Passport services was to provide “a single sign-in name and electronic wallet at participating sites”: a 1999 Microsoft press release called it “the first example of a megaservice.” Now, almost 10 years later, this vision has not gone away, and Passport (now called Live ID) still delivers on its original functionality of delivering an identification and password authentication service. However, while Live ID is heavily used by Microsoft’s Web sites, few other services make use of this technology. This is unfortunate, because the problem that Passport was designed to solve is still with us: ask yourself, how many usernames and passwords do you have? At how many Web sites? Can you even keep track? Perhaps the question to ask now is: if Passport wasn’t the "silver bullet" solution for federated identity, then what is? OpenID? Card Space? Live ID? Something else entirely? As an identity and access professional, how will you proceed when you’re asked to enable corporate access to externally-hosted Web-based services such as Exchange or SharePoint Online? In this presentation, we will explore how to use both Microsoft and open-source federation technologies, Active Directory Federation Services (AD FS) and Shibboleth, to enable your users to access Live ID protected services such as Hotmail, Spaces, SkyDrive, Exchange and SharePoint Online, using their existing enterprise credentials.

Speakers: Nick Nikols

Building bridges between disparate operating systems may be among the biggest challenges you face – both politically and technologically. Add to that the need to do it beyond the boundaries of your own organization without the risk of security breaches and you’re adding yet another level of complexity. Join Novell’s Nick Nikols to learn how to effectively enable workgroup applications - such as Microsoft SharePoint - to user groups that extend beyond organizational boundaries, while providing a consistent user experience that integrates with internal and external authentication and authorization services.

Speakers: Craig Martin

Last year my world was rocked when I saw a school without Active Directory (AD) outsource their e-mail to Hotmail while providing Single Sign-On. The AD/Exchange administrator in me was shaking in my boots as I realized Microsoft was really taking online services seriously.  A year later we are staring down Exchange Online, and Microsoft is getting their act together, but not afraid to make mistakes and learn some lessons along the way.  Come see what this looks like for customers, for system integrators, and for AD and Exchange administrators alike.

Speakers: Patrick Harding

Just how should enterprise identity management and outsource SaaS applications integrate securely? In this session Ping Identity CTO Patrick Harding, outlines four basic areas of identity integration with SaaS: provisioning, authentication, SSO and authorization. Patrick addresses these issues from both the SaaS provider and SaaS customer perspective, as both play roles in the SaaS Identity reference architecture.

Speaker: Matt Steele

The claims-based identity model enables an easier way to build applications that are identity-driven, support a variety of audiences and authentication mechanisms and can plug into a heterogeneous infrastructure using standards-based protocols, all without requiring application developers to write a lot of code. Key to the model is the Security Token Service (STS) which issues claims for applications to consume and hosts policies that determine what claims a user will get when accessing a specific application. In this session learn about Microsoft’s "Geneva" Server, an STS integrated with Active Directory and Windows CardSpace that is an infrastructure server for federation, supporting claims-aware applications and for SOA security.

Speaker: Dave Jones

Over the last few years Cisco has deployed proprietary and standards based mechanisms to provide a secure single sign on experience to our employees to our ASPs. Next on our roadmap is to provide the same access into Cisco for our partners and customers. This presentation is designed to share our experiences with our peers in the industry in the hope of advancing the quality and supportability of SSO between all entities.

Speaker: Donovan Follette

As the world grows more connected, demand is increasing for easy, secure ways to collaborate across companies and over the Internet using familiar tools and applications.  In this session learn how to collaborate across company boundaries using Active Directory Federation Services and SharePoint.

Speaker: Pam Dingle

Join veteran Experts Conference speaker Pam Dingle as she shares tips and tricks on how to achieve 'enlightened bottom-up' Identity Management. Pam believes that, as long as you start with a few simple overarching strategic principles, identity management can be 90% tactical. Pamela will use her professional IdM experience to show how the right selection of point solutions in the enterprise can make a world of difference, providing strategic agility to the business while pre-emptively reducing complexity for the future. Look for ILM, Federation and CardSpace to be key technology players in this talk, complete with real-life examples that tie it all together.

Speaker: Philip Stradling

This session will look at the challenges facing organizations that need to collaborate with other partners in way that involves the sharing of sensitive information. The need to collaborate is a common scenario across many areas of both the private and public sectors, where access to sensitive information has to be based on need-to-know principals, and where sensitive information must be protected in a consistent away as it moves across organizational boundaries.

Within any one organization there are often business drivers for a multitude of collaborative endeavors so the challenge for IT Pros is to assemble the tools and infrastructure that will enable: a) a multiplicity of virtual organizations with different sets of partners, b) tools for use by business executives to declare policies and to create and manage virtual organizations, and c) interoperability with other organizations that might be using non-Microsoft technologies.

We will look at the work of the identity strategy team to define the legal, architectural and technical components of an emerging solution that draws on the new capabilities of Geneva, ILM2, and RMS.

Speaker: James McLaughlin

Companies adopting two-factor authentication based on secure tokens enjoy the increased security of their enterprise using these strong authentication methods. Often times, username and password authentication remains as a secondary approach when other systems have not been completely integrated to accept two-factor authentication. For the mobile user, one of such system is access to e-mail using Microsoft Outlook Web Access (OWA). In this presentation, we’ll explain the one-time password based on the industry-wide collaboration Open Authentication (OATH), server architecture, and how to configure the Microsoft Exchange and Internet Authentication Service to accept OTP for authenticating users to OWA for accessing e-mail. We’ll also review practical experience in deploying this solution.

Speaker: Andy Schan

Once you have a solid RMS deployment in place, RMS can be extended to provide additional functionality to the enterprise. AD RMS support for XPS can be leveraged, MOSS 2007 provides the ability to protect content in document libraries, while Exchange Server 2007 SP1 introduced server-side license pre-fetching. In addition, AD RMS can be extended outside the enterprise by leveraging ADFS with business partners and suppliers. Finally, RMS can be integrated with (and triggered by) data classification to drive usage of RMS and provide an enhanced end user experience.

Speakers: Anthony Morgante

The session will present an overview of RMS, including a "drive through of user experience," architecture and integration with ADFS in Windows Server 2008.

Speaker: David Lundell and Mark Struck

Without proper care and feeding your Identity Metasystem databases (ILM Meta Directory Services, ILM Certificate Services, and RMS), can create chaos. Learn to ride the chaos with appropriate backup strategies, maintenance tactics, and optimization tricks. You will also receive a crash course in SQL Recovery Models, Database Maintenance Plans, Index Optimization, SQL Backups, and SQL Agent Jobs.

Speaker: Andy Schan

When deploying RMS, it is crucial to have a solid, well-designed infrastructure from day one. This allows you to have a solid foundation to build custom functionality and add 3rd party applications to. This session will cover the factors involved in designing and deploying a stable and manageable large (greater than 100,000) RMS deployment. Topics covered will include considerations for multiple forests, geographically dispersed environments, multiple business units and deployment to end users.

Speakers: Manny Vellon

Mixed networks can sometimes create even more complexity for organizations trying to implement two factor authentication. This session will include some of the options that are available and showcase some real world examples of organizations struggling to stay ahead of the security curve. Using more than one factor is also sometimes called strong authentication. Human authentication factors are generally classified into three cases:

1. Something the user has (e.g., ID card)
   
2. Something the user knows (e.g., a password or pin)
   
3. Something the user is or does (e.g., fingerprint)
   

Often a combination of methods is used, e.g., a bankcard and a PIN, in which case the term two-factor authentication (or multi-factor authentication) is used.