• Site Map
• Contact Us

• Home
• Our Company
• News &  Events
• Products
• Services
• Resource Center
• Community

Services Solution Delivery Process

Solution Delivery Process

The Hitachi ID solution delivery team uses a standard process to implement identity management solutions for enterprise customers. This process is illustrated in Figure [link].

    Hitachi ID Solution Delivery Process (1)

The Hitachi ID solution delivery process is a linear progression of logical steps, each of which results in a document. the customer must provide a sign-off for each document before the next phase of work can commence. The duration of each step or project phase, varies depending on the complexity of the customer's organization, processes and requirements.

More detail about each phase in the Hitachi ID solution delivery process follows:

1. Project kickoff

   An interview is held with the primary project stake-holders to identify the key business objectives for Hitachi ID Management Suite® deployment. These objectives are prioritized and metrics are defined that will later be used to characterize success or identify problems.

   Project objectives normally include reducing operating costs, improving service SLAs, enhancing security and regulatory or policy compliance.

   Metrics may include reduced help desk call volume (e.g., percent reduction or target monthly numbers), improved speed for provisioning new users or responding to access change requests, etc.

   A short (normally 1-2 page) document formally defining business objectives is provided at the end of this phase.

2. Needs analysis

   A needs analysis phase is undertaken to review current the customer identity management business processes, identify new processes that the project should implement and define technical details to implement the new processes.

   In large or complex deployments, this phase may be broken down into an initial review, which identifies high-level objectives and generates a time and cost estimate for a second phase and and a subsequent detailed analysis, which collects detailed information about data flows, attribute mappings, change authorization, role definition, etc. In this case, a summary process analysis document is produced in the first phase and detailed documents are produced in the second phase.

   The needs analysis phase produces two documents:

   • A process analysis document, which includes:
     • A list of current processes used to set up new staff with access, to update user attributes and privileges as business needs change, to terminate access and to manage passwords

     • A list of desired processes that the Hitachi ID Management Suite implementation will enable. This may include:
       • Automatic propagation of user data from systems of record to managed systems
       • Self-service workflow to allow users to request and authorize access changes
       • Consolidated and delegated user administration
       • Consolidated reporting on access rights and access change history
       • Password synchronization, self-service reset and assisted reset
       • Processes to collect new data from the user population, such as Q-A (Question-and-Answer) profiles for authentication, demographic information, login ID reconciliation or biometric samples
       • User notification for events such as upcoming password expiration, user profile changes, etc.

     • A logical architecture, which shows how systems and external processes interact to implement the above processes

   • A technology analysis document, which includes:
     • A network architecture illustrating how Hitachi ID Management Suite will tie into existing IT infrastructure
     • Integration details for each and every system with which Hitachi ID Management Suite will exchange data
     • Attribute mappings, correlating user profile attributes between systems of record, change requests and target systems
     • Process details, including business logic for change propagation, input validation for the self-service workflow system, authorizer routing rules, login ID assignment standards, procedures for delegation and automated escalation of authorization responsibility, etc.

3. Project planning

   In the project planning phase, Hitachi ID develops a technical architecture, roll-out plan and a statement of work for the installation and configuration of Hitachi ID Management Suite. These documents define what components of the software will be installed and where, how plug-ins will be used to implement business logic, how users will be asked to use the system and how the system will integrate with existing infrastructure.

   These items are presented to the customer and an open discussion ensues to finalize the design.

4. Software development

   In some deployments, some custom software may be required. Software development is normally carried out on a fixed-price, fixed-deliverable basis, with prior agreement on a statement of work.

5. Installation and configuration

   Hitachi ID engineers normally install Hitachi ID Management Suite either on-site or using remote control over a VPN. The installation phase normally includes installation of the software on each server, activation of software, data and configuration replication where appropriate, configuration of every business process and technical detail identified in the Technology Analysis document and the Project Planning document and initial testing to validate that everything that was installed and configured works.

   Many Hitachi ID customers choose to deploy functionality incrementally.

   P-Synch® can be deployed incrementally based on a variety of variables, including:

   • Users.
   • Target systems.
   • Features.

   Gradual deployment is recommended and normally tied to users -- for example, activate N users per day and ask them to register.

   Where gradual deployment is used, users are classified into three groups: available, activated and enrolled. Users are automatically created in the available group based on their existence on one or more target systems. Users are automatically moved from available to activated by a nightly batch process, which also prompts newly activated users to self-register. Once users register, they are automatically changed to enrolled status.

   The rate of moving users from available to activated status can be centrally controlled and can be adaptive, for example depending on the current number activated but as-yet not enrolled users.

   ID-Synch® can be deployed incrementally based on a variety of variables, including:

   • User populations -- by role, classification or geography

   • Target systems and within target systems, account types, attributes under management, NOS groups under management, etc.

   • Features (i.e., automatic change propagation, self-service workflow, consolidated administration console and delegated administration services)

   Incremental, iterative deployment is recommended: deliver early and often, to minimize project risk. Avoid attempts to characterize all system requirements early -- this typically is hard to do and requirements change over time.

   Normally key target systems are deployed initially, along with consolidated administration. Next, automated change propagation is configured and finally self-service security requests / approvals workflow. Delegated administration is normally implemented right after consolidated administration.

   The precise sequence and schedule of feature, target and business logic implementation will depend on a detailed project design, to be completed jointly with the customer.

   Once in production deployment, ID-Synch is normally extended to include ever-more target systems, attributes, template accounts, roles, NOS groups, authorizers, etc. This growth is organic and ongoing -- it is unlikely to cease while ID-Synch is in use.

   Where existing tools and processes are being replaced, they are normally replaced one-by-one, as new capabilities are deployed, pilot-tested, validated and rolled-out.

   After installing Hitachi ID Management Suite, Hitachi ID engineers produce a "Site Report," which outlines everything that was installed and configured.

6. Roll-out

   Roll-out follows Hitachi ID Management Suite installation and again is normally phased. In most deployments, unit testing is followed by stress tests (normally just for P-Synch), then by pilot tests with select user communities and finally with a phased activation of the entire user population.

   Hitachi ID normally shows customers how to run reports once roll-out has begun, to identify activated users and measure user adoption.

7. Measurement

   Data is available in Hitachi ID Management Suite to track transaction rates, user enrollment, success and failure of events such as logins, requests, target system updates, nightly automation, etc.

   Hitachi ID advises its customers to track these metrics over time, to ensure successful deployment and to measure success in relation to metrics and business objectives set out during the project kickoff.

8. Sign-off

   Once the software has been installed and configured and roll-out has commenced, Hitachi ID normally signs off on the professional services engagement and switches from a pro-active deployment mode to an ongoing support arrangement with customers.

For more information please contact:

1.403.233.0740
profserv@Hitachi-ID.com

© Hitachi ID Systems, Inc. 2008. All rights reserved.