Monday, September 12, 2005

Provisioning, Fulfillment, and Workflow Engines—Welcome to my world!

These days, I no longer have the luxury of working with Active Directory as a “stand alone” component in the enterprise. My role demands that I view it as part of a comprehensive systems management workflow, and my primary objective is to automate as much of that workflow as possible. Not hard if you’re dealing with a single enterprise, but when you’re automating a workflow that services multiple enterprises—as we do at EDS—it becomes a daunting task. I suppose I’m trying to automate the automation, in a sense.

To add still more complexity, we don’t provide the same services to all clients so I must envision an event driven, service oriented architecture that encapsulates everything from initial request, through delivery, reporting, and billing. It gives me a headache, but it is certainly challenging! There are days that I long to become a Wal-Mart greeter… For the moment, I’m concentrating on provisioning—user provisioning and role based access control. Later, I’ll concentrate on the workflow engine…one bite at a time, right?

Once upon a time, Windows administrators thought that automating provisioning meant writing a script to create new user IDs that were modeled after an existing user ID or an ID template. Now we understand that there’s a lot more to consider than just groups and R, W, X. We know to consider groups, files, applications, delegation, roles, operations, tasks, and so on. I’ve never found a better mechanism for beginning this sort of work than a traditional access control matrix combined with a role hierarchy. Always comforting to start off on the right foot.

Hmmm…first problem: I’m creating role-based access control for multiple enterprises, and few (if any) of our clients will share the same roles. So I’ll have to be very granular in the initial work and create a set of “role components” that will become the building blocks used to create the specific roles for each enterprise client. Then I’ll have to step back and walk through the administrative workflow to find the commonalities across all clients, so that I can further automate administrative processes and tasks. You see, I want to remove as much cost from provisioning and user management processes as possible. So I’ve got to centralize and automate tasks such that I don’t unnecessarily repeat the same tasks for each client (and by client I mean enterprise customer, not device).

I feel another headache coming on. Does anyone know if Wal-Mart accepts on-line applications?!