c fermilab
play

=C=Fermilab Managed by Fermi Research Alliance, LLC for the U.S. - PowerPoint PPT Presentation

Jan 04, 2024 •305 likes •564 views

FERMILAB-SLIDES-18-104-CD =C=Fermilab Managed by Fermi Research Alliance, LLC for the U.S. Department of Energy Office of Science Office 365 Integration At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015

  1. FERMILAB-SLIDES-18-104-CD =C=Fermilab Managed by Fermi Research Alliance, LLC for the U.S. Department of Energy Office of Science Office 365 Integration At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, Office of Science, Office of High Energy Physics.

  2. About Fermilab • Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding of everything we see around us. As the United States' premier particle physics laboratory, we work on the world's most advanced particle accelerators and dig down to the smallest building blocks of matter. • Fermilab collaborates with more than 20 countries on physics experiments based in the United States and elsewhere. • Fermilab's 6,800-acre site is located in Batavia, Illinois, and is managed by the Fermi Research Alliance LLC for the U.S. Department of Energy Office of Science. FRA is a partnership of the University of Chicago and Universities Research Association Inc., a consortium of 86 research universities. 2 ------------------------0 Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  3. Abstract • Fermilab is migrating to Office 365. The initial offering is to provide the Office application to laboratory owned devices - desktops, laptops, and mobile. As the Office 365 licensing model moves from per device to per user the deployment of an authentication infrastructure to allow only authorized use of the application was required. As Fermilab relies on centrally managed authentication services for daily operations the Office 365 authentication had to be integrated into these services. • This talk will focus on the configuration of the necessary on- premise software to integrate Office 365 with our authentication services, how we are managing the licensing of users, and integration into our future Identity Management 3 ------------------------0 service. Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  4. Office 365 • Fermilab is a long term user of Microsoft Office • Arguably the standard for document processing for desktops • Existing On Premise Services • Exchange • SharePoint • Enterprise Agreement • License costs • Device vs User 4 ------------------------0 Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  5. Deployment • Authentication – Microsoft Cloud – Federated Identity • User Provisioning – Microsoft Cloud – On Premise Active Directory – Synchronization between Active Directory and the Microsoft Cloud 5 ------------------------0 Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  6. Deployment • Preparation – Target users with 5 or less device licenses – Provision user accounts – Multiple installs available to each user • Windows – System Center Configuration Manager 2007 – Deploy Click-to-Install version • OSX – Casper 9 – Delete License File 6 ------------------------0 Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  7. Authentication • Microsoft Cloud Account – Unique username and password user@yourdomain.onmicrosoft.com • Onboarding • Off-boarding • Federated Identity – Existing username and password user@yourdomain – Federated Identity Provider required • Fermilab chose to use Federated Identity 7 ------------------------0 • Active Directory Federation Services (ADFS) Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  8. Connection • Multi-step Process – Active Directory (AD) Universal Principal Name (UPN) • Will be part of the Office 365 username • UPN needs to be added to Office 365 • Requires DNS record for the UPN domain services.fnal.gov text = "MS=ms11931651” – “Clean” AD • Accounts with duplicate email addresses – Install and configure Federation application – If necessary • Must be the same domain as UPN you are using 8 ------------------------0 Fermilab Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  9. Connection • Connect ADFS to Microsoft Cloud • PowerShell – Host not Service name • Be Patient – Convert command can take some time Adm inistrator: Windows Azure Active Directory Module for Windows PowerShell .__ - ____.__ c_ ------------------------0 Fermilab 9 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  10. Connection • The Convert command Micr oso ft O ffi ce 365 Id en ti ty P latform Pr ope rt i es makes a change in the Ac ce pt ed Oai ms I Ora ani zat i on I En dpoints I Not es I Adv anced I I I Ide ntifi e rs Monitorin g En crypt i on Si gn at u re Office Cloud and adds a Specify the di sp l ay name a nd identifi ers for this re lyin g pa rty trust . Relying Party Trust to ADFS Oi~ lay name: I I Mi crosoft Office 365 Identity P latf orm Re lyin g pa rty identifier: AQd I Exa mp le: https :/ If s .contoso . com /a dfs /servicesA rust R~ lyin g pa rty identifie rs : https :/ /l og in .m icrosoftorr li ne . com / extS TS . srf I B.emove I um fed erat i on : Mi crosoftOn li ne J ~I ~_ O _K _~I I Ca ncel &,ply _ He _ lp~ C=Fermilab 10 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  11. Connection • Synchronize User Account Information • Assign Licenses • Use Simple ------------------------0 Fermilab 11 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  12. Synchronize • Special Accounts – Cloud Service Account • Global Admin • Password Expiration • No License Required – Active Directory Service Account • Created as part of Windows Azure Active Directory Sync tool install • No Elevated Access – Cloud Admin Accounts • Recommended ------------------------0 Fermilab 12 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  13. Synchronize • Synchronize User Account Information – Activate in Office 365 – Install Windows Azure Active Directory Sync • Requires .Net 3 dism /online /enable-feature /featurename:NETFX3 /all /source:DRIVE:\sources\sxs /limitaccess – Only synchronize what you need to the cloud • OU based filters – http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and- configure-dirsync-with-ou-level-filtering-for-office365.aspx – Don’t synchronize passwords 13 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  14. Synchronize • Synchronization Service Manager Client – Debugging information – Manually sync AD to Cloud • Sync Schedule – Default is every 3 hours – Easy to change • Edit C:\Program Files\Windows Azure Active Directory Sync\Microsoft.Online.DirSync.Scheduler.exe.Config • Change <add key="SyncTimeInterval" value="3:0:0" /> to the necessary value • Save the file • Restart the Windows Azure Active Directory Sync Service • Filters ------------------------0 Fermilab 14 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  15. Synchronize • User based filters – In the Synchronization Service Manager Client 15 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  16. Licensing • Assign licenses – Web Interface • Manual process – PowerShell Commands • Simple PS> get-msoluser -UserPrincipalName user@services.fnal.gov | Set- MsolUserLicense -AddLicense fermicloud:ENTERPRISEPACK_GOV ------------------------0 Fermilab 16 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  17. Licensing • Office 365 Applications • Each application can be enabled or disabled per user • License management can be automated using AD group membership http://365lab.net/2014/04/22/office-365-assign-licenses-based-on-groups-using-powershell-advanced-version/ 17 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  18. Licensing • Our click-to-run licensing 18 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  19. Licensing • Off-boarding – Account deletion – OU change • Properly defined synchronization rules remove user from Office 365 freeing up the license – Script linked above will remove licenses from users once they are removed from the groups ------------------------0 Fermilab 19 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  20. Licensing • Usage – Per application • PowerShell Get-MsolUser -all | Where-Object {$_.Licenses.AccountSkuID -eq "fermicloud:ENTERPRISEPACK_GOV"}|Select DisplayName, UserPrincipalName Get-MsolAccountsku Office 365 Licenses 1800 1600 1400 1200 1000 800 600 400 200 0 12/1/2014 1/1/2015 2/1/2015 3/1/2015 4/1/2015 20 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  21. Licensing • End user can see how many systems they have Office installed on • Office 365 admins are unable to query Office 365 and see how many installs each authorized used has used 21 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

  22. Identity Management • Roles – Group membership for Office 365 application licensing • Easily integrated with IdM applications – Our Goal • IDM role assignment enables each Office 365 application as necessary ------------------------0 Fermilab 22 Al Lilianstrom | Office 365 Integration at Fermilab 7/2/2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The High Intensity Horizon at Fermilab R. Tschirhart Fermilab Fermilab Users Meeting June 13 th

The High Intensity Horizon at Fermilab R. Tschirhart Fermilab Fermilab Users Meeting June 13 th

The High Intensity Horizon at Fermilab R. Tschirhart Fermilab Fermilab Users Meeting June 13 th , 2012 Project-X: Evolution of the existing Fermilab accelerator complex with the revolution in Super-Conducting RF Technology. any

587 views • 32 slides
Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users

Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users

Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting CMS Physics from Early LHC Running Dan Green Fermilab For the CMS Collaboration FNAL Users Meeting June 2010 1 Outline Outline

617 views • 25 slides
Searching for Muon to electron conversion: The Mu2e experiment at Fermilab Richie Bonventre

Searching for Muon to electron conversion: The Mu2e experiment at Fermilab Richie Bonventre

This document was prepared by Mu2e collaboration using the resources of the Fermi National FERMILAB-SLIDES-19-078-ND Accelerator Laboratory (Fermilab), a U.S. Department of Energy, Office of Science, HEP User Facility. Fermilab is managed by

878 views • 66 slides
A Beam-Based Production Target Monitor for the Mu2e Experiment at Fermilab APS DPF 2019

A Beam-Based Production Target Monitor for the Mu2e Experiment at Fermilab APS DPF 2019

This document was prepared by Mu2e collaboration using the resources of the Fermi National Accelerator Laboratory (Fermilab), a U.S. FERMILAB-SLIDES-19-084-CCD-OCIO Department of Energy, Office of Science, HEP User Facility. Fermilab is managed by

536 views • 29 slides
Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron

Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron

Welcome to Fermilab and the 13th annual Fermilab-CERN HCPSS! 13 th annual Fermilab-CERN Hadron Collider Physics Summer School August 20-31, 2018 Fermilab hcpss.fnal.gov/hcpss18 Jim Hirschauer and Estia Eichten 20 Aug 2018 Introductions

158 views • 13 slides
Fermilab Quantum Computing Testbed Approaches James Amundson, Fermilab with contributions from

Fermilab Quantum Computing Testbed Approaches James Amundson, Fermilab with contributions from

Fermilab Quantum Computing Testbed Approaches James Amundson, Fermilab with contributions from James Kowalkowski, Adam Lyon, Alexandru Macridin, Gabriel Perdue and Panagiotis Spentzouris December 6, 2017 Background Fermilab and Fermilab

676 views • 38 slides
Experience with Crystals at Fermilab Vladimir SHILTSEV (Fermilab) Workshop on Acceleration In

Experience with Crystals at Fermilab Vladimir SHILTSEV (Fermilab) Workshop on Acceleration In

Experience with Crystals at Fermilab Vladimir SHILTSEV (Fermilab) Workshop on Acceleration In Crystals and Nanostructures June 24-25, 2019 - Fermilab Past Experience at Fermilab Slow extraction (Tevatron Run I): 1990s R.Carrigan, et

429 views • 40 slides
Re Report on Fermilab and Community y Strategies Interface of Fermilab with Snowmass SNOWMASS

Re Report on Fermilab and Community y Strategies Interface of Fermilab with Snowmass SNOWMASS

Re Report on Fermilab and Community y Strategies Interface of Fermilab with Snowmass SNOWMASS 2021 Fermilab PAC, July 20, 2019 Marcela Carena Fermilab Marcela Carena | Fermilab PAC 20.07.2019 European Particle Physics Strategy Update

216 views • 18 slides
Fermilab Theory Status and Plans Marcela Carena Fermilab PAC Meeting July 17, 2018 Role of

Fermilab Theory Status and Plans Marcela Carena Fermilab PAC Meeting July 17, 2018 Role of

Fermilab Theory Status and Plans Marcela Carena Fermilab PAC Meeting July 17, 2018 Role of Fermilab theorists Focus core strengths in key research areas directly related to the Fermilab experimental program Conduct world-leading theoretical

961 views • 54 slides
T evatron Highlights FERMILAB-SLIDES-18-094-E D CDF Fermilab Users Meeting This document

T evatron Highlights FERMILAB-SLIDES-18-094-E D CDF Fermilab Users Meeting This document

T evatron Highlights FERMILAB-SLIDES-18-094-E D CDF Fermilab Users Meeting This document was prepared by [CDF and D0 Collaborations] using the resources of the Fermi National Accelerator Laboratory (Fermilab), a U.S. Department of Energy,

207 views • 19 slides
The Science &amp; Computing @Fermilab Sharan Kalwani w/numerous contributions from everyone @

The Science &amp; Computing @Fermilab Sharan Kalwani w/numerous contributions from everyone @

The Science &amp; Computing @Fermilab Sharan Kalwani w/numerous contributions from everyone @ Fermilab Chicago UniForum meetup.com Tuesday, October 28, 2014 What is Fermilab? What do we do here? Fermilab is America's particle physics and

716 views • 57 slides
New Ini(a(ves in Fermilab Par(cle Astrophysics (a.k.a.

New Ini(a(ves in Fermilab Par(cle Astrophysics (a.k.a.

New Ini(a(ves in Fermilab Par(cle Astrophysics (a.k.a. non-accelerator physics) Aaron S. Chou Wilson Fellow, FNAL 2010 Fermilab Users Mee(ng Energy

467 views • 27 slides
Beams Stability at Fermilab Complex Alexey Burov Fermilab Many thanks to R. Ainsworth, Y.

Beams Stability at Fermilab Complex Alexey Burov Fermilab Many thanks to R. Ainsworth, Y.

Beams Stability at Fermilab Complex Alexey Burov Fermilab Many thanks to R. Ainsworth, Y. Alexahin, C. Bhat, V. Lebedev, A. Macridin, E. Metral, K. Seiya, C.Y. Tan, T. Zolkin MW Rings, Fermilab, May 2018 1 AB Accelerator complex H -

562 views • 19 slides
Fermilab Storage Strategy Bo Jayatilaka (Fermilab SCD) 2nd International Computing Advisory

Fermilab Storage Strategy Bo Jayatilaka (Fermilab SCD) 2nd International Computing Advisory

Fermilab Storage Strategy Bo Jayatilaka (Fermilab SCD) 2nd International Computing Advisory Committee Meeting 15 October 2019 Current storage landscape Custodial and active storage for all Fermilab experiments scientific data - This

200 views • 18 slides
RCS for Multi-MW Facility at Fermilab Jeffrey Eldred MW Rings Workshop at Fermilab May 2018

RCS for Multi-MW Facility at Fermilab Jeffrey Eldred MW Rings Workshop at Fermilab May 2018

FERMILAB-SLIDES-18-132-AD-APC RCS for Multi-MW Facility at Fermilab Jeffrey Eldred MW Rings Workshop at Fermilab May 2018 This document was prepared by [DUNE Collaboration] using the resources of the Fermi National Accelerator Laboratory

776 views • 40 slides
Fermilab Test Beam Facility Fermilab Test Beam Facility and and LArIAT Experiment LArIAT

Fermilab Test Beam Facility Fermilab Test Beam Facility and and LArIAT Experiment LArIAT

AC02-07CH11359. Alliance, LLC (FRA), acting under Contract No. DE- Facility. Fermilab is managed by Fermi Research Department of Energy, Office of Science, HEP User National Accelerator Laboratory (Fermilab), a U.S. Collaboration] using the

734 views • 44 slides
IETF ENUM and Internet Directory Services Richard Shockey ENUM WG co-chair NeuStar, Inc.

IETF ENUM and Internet Directory Services Richard Shockey ENUM WG co-chair NeuStar, Inc.

IETF ENUM and Internet Directory Services Richard Shockey ENUM WG co-chair NeuStar, Inc. 1120 Vermont Avenue N.W. Washington DC, 20005 rich.shockey@neustar.com 314.503.0640 Problem Statement How do callers find service(s) on the

509 views • 13 slides
Distributed Systems Naming &amp; Binding Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Naming &amp; Binding Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Naming &amp; Binding Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 My 15 MacBook Pro

592 views • 13 slides
Introduction to command line and accessing servers remotely Marco Bchler, Emily Franzini, Greta

Introduction to command line and accessing servers remotely Marco Bchler, Emily Franzini, Greta

Introduction to command line and accessing servers remotely Marco Bchler, Emily Franzini, Greta Franzini, Maria Moritz eTRAP Research Group Gttingen Centre for Digital Humanities Institute of Computer Science Georg August University

560 views • 15 slides
MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp

MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp

MC714: Sistemas Distribu dos Prof. Lucas Wanner Instituto de Computac ao, Unicamp Aula 8: Nomeac ao Revis ao: Exerc cios Descreva o processo de conex ao entre cliente e servidor com sockets TCP/IP . 1

755 views • 33 slides
Next-Generation gTLD Registration Directory Service (RDS) to replace WHOIS ICANN57 F2F Meeting

Next-Generation gTLD Registration Directory Service (RDS) to replace WHOIS ICANN57 F2F Meeting

Next-Generation gTLD Registration Directory Service (RDS) to replace WHOIS ICANN57 F2F Meeting Slides RDP PDP WG | ICANN58 | 11 March 2017 Agenda 2 3 1 Introductions PDP Work Plan, PDP Working &amp; SOI Updates Progress, &amp;

785 views • 37 slides
Provider Directory Advisory Group Meeting January 13, 2016 Welcome! Introductions Agenda

Provider Directory Advisory Group Meeting January 13, 2016 Welcome! Introductions Agenda

Provider Directory Advisory Group Meeting January 13, 2016 Welcome! Introductions Agenda review Updates on HIT procurement and Common Credentialing Fees discussion Break Fees discussion Wrap up and next steps 2 HIT

630 views • 31 slides
SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell Incident Response BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995)

810 views • 46 slides
HDF Group ESRF September 2019 Kita-OIO SDS Integration Agenda September 2019 1 About OpenIO

HDF Group ESRF September 2019 Kita-OIO SDS Integration Agenda September 2019 1 About OpenIO

HDF Group ESRF September 2019 Kita-OIO SDS Integration Agenda September 2019 1 About OpenIO 2 OpenIO SDS + KITA 3 Demo 2 OpenIO OpenIO ID 3 Founded in 2015 Quickly growing across geographies and vertical markets 3 40+ 3 40

668 views • 18 slides

More recommend