Embry-Riddle Aeronautical University had a major identity and access management challenge on its hands.
The university, which specializes in aviation and aerospace education at its two residential campuses in Prescott, Ariz., and Daytona Beach, Fla., and more than 130 training centers throughout the United States, Europe, Canada and the Middle East, provides online administrative and email services to about 70,000 students, faculty, affiliates, alumni and applicants annually.
"As a higher education institution, our biggest challenge is dealing with so many different roles and responsibilities and what I call the churn, the fact that we have new people joining the organization all the time and other people leaving just as quickly," said Cindy Bixler, Embry-Riddle's chief information officer. "This was confusing because there were too many passwords and too many usernames."
Compounding the problem was the fact that many of the university's users have multiple roles within the various administrative systems. For example, members of the faculty will often sign up to take classes while graduate students garner credits by serving as teachers.
Assigning the proper roles and privileges to people using the online applications -- a practice known as provisioning -- and revoking certain privileges when roles change -- deprovisioning -- were largely manual and potentially insecure processes. It became abundantly clear to Bixler and crew that something needed to be done to simplify, streamline and improve the security of the school's
Embry-Riddle conducted an exhaustive vendor evaluation process before deciding to standardize on Oracle for its identity management needs. Bixler said the key to the evaluation process, which focused primarily on Oracle, Novell and Sun Microsystems, was finding a vendor whose ideas, practices and technologies fit in with Embry-Riddle's business and IT vision for the future -- a vision that includes providing students with "leading edge" technology.
"We wanted to, one, make sure that it aligned with our strategic vision and where we were going and, two, that it was a company we really wanted to invest in, because we knew that once we did this we didn't want to go back and do it again," Bixler explained. "We wanted to make sure that the company or the product line that we were going with was one that was going to stay for the long run."
The university already used Novell's flavor of Linux to run its file and print management systems, as well as Novell eDirectory to manage access to those systems. But Bixler's team ultimately decided against expanding the Novel eDirectory implementation.
"Novell didn't really fit in with our enterprise systems," Bixler said. "To be honest, we've had some issues with performance and how well we worked with Novell when things got rough. I really didn't want to continue on that relationship."
While Sun Microsystems' identity management technology was certainly interesting to Bixler, it also failed to make the cut.
"[The Sun technology] was very open and it could possibly integrate with anything," she said, "but we didn't see that strategic alignment."
Oracle ultimately won out because Bixler liked where the company's identity management roadmap was heading. Besides, she added, the university already had a major investment in Oracle's flagship database management system, and the Oracle E-Business Suite was the source of many of the school's online administrative applications -- two factors that promised to make the integration phase of the project go smoothly.
The Oracle Identity and Access Management Suite is made up of Oracle's Identity Manager, Access Manager, Adaptive Access Manager, Enterprise Single Sign-On, Identity Federation, Virtual Directory, Internet Directory, Management Pack for Identity Management and Web Services Manager.
In addition to several components of the Oracle Identity and Access Management Suite, the Oracle E-Business Suite and the Oracle Database on Linux, Embry-Riddle is also currently using Oracle's Application Server, Portal and Real Application Clusters.
The identity and access management implementation at Embry-Riddle has been very successful so far, but Bixler says she'd like to see Oracle step up its efforts on the training front.
"The new tools and new software come out quickly, [but] the training is usually a step or two behind," she said. "With Oracle overall that tends to be a problem but not so much in this case."
A staggered implementation
The first phase of Embry-Riddle's identity management project went live about two years ago when the university launched the Oracle Internet Directory to keep track of users, roles and privileges. Later, in August 2006, the company went live with Oracle Portal, which provides users with centralized access to the applications they need.
"The Oracle Internet Directory, along with the Portal, allows us to do single sign-on, so we can have the same username and password across multiple applications," Bixler said. "Now, when you log into the Oracle Portal, it shows you services based on your roles. We can deliver the right information to the right constituent at the right time."