A site survey can be used to gather information about the applications and data stores that will be integrated into the deployment. In addition, these departmental interviews help to forge an understanding of the motivation of the groups involved by defining their particular functions and goals. Once collected, the information can solidify buy-in from the executive sponsors as well as serve as a design blueprint. The following groups of individuals can help in a site survey:
Users provide feedback about the applications they use on a daily basis.
Human resources provides information about hiring and termination processes.
Support personnel offer insight into problems that cross organizational boundaries.
Application administrators and developers can provide technical information about the line-of-business (LOB) applications to be integrated into the deployment.
Network administrators have knowledge of the organization’s technical baseline for performance and standards.
An initial survey might include gathering information about the following items:
The business processes are the procedures that diverse groups in the organization define to do their job. Processes can include procedures for:
Issuing payroll
Purchasing and accounts payable
Authorizing employee travel
Departmental budgeting
Terminating employees
It is imperative to assess these processes because they are generally supported by the applications used by each business unit. Things to consider include:
Do the current processes cause delays?
Are there a number of different processes that perform the same function?
Can processes be standardized across business unit boundaries?
How complex are the processes? Can they be consolidated or simplified?
Can the current processes handle organizational changes?
Any changes to be made to the processes should be initiated prior to the beginning of the deployment.
The IT infrastructure includes all the hardware servers, operating systems, and integrated applications that will be integrated into the Access Manager deployment. Consider the following:
What applications will leverage Access Manager?
Applications might include critical internal applications such as those for human resources and accounting or less-critical employee portals. Also leveraging the functionality of Access Manager might be external business-to-business applications that deal with both confidential financial information and less confidential sales material, or business-to-consumer shopping carts that are concerned with credit card data and purchase histories.
What systems will leverage Access Manager?
Consider the hardware on which applications are being deployed as well as their operating systems. An Access Manager deployment, at the minimum, includes a web container to run the application, a Sun Java System Directory Server (or existing data store), and Access Manager. Additional hardware servers might run their own web containers with corporate resources and on which Access Manager policy agents can be installed for improved security purposes.
What Access Manager services will each department leverage?
Consider the default and custom services integrated within Access Manager. Role and policy strategies will have to be mapped and defined for each department. Authentication modules need to be assessed and custom services, if any, need to be developed.
Other technical considerations also include:
Are there incompatibilities in the infrastructure?
Does the current system experience slowdowns or down time?
Are the applications sufficiently secure?
Are there virus control procedures?
Can applications be customized based on user entitlements?
For more information, see Evaluating Applications.
Virtual data is a catch-all phrase for the profiles that will access, the configurations that will be accessible from, and the data that will be secured by Access Manager. Virtual data includes, but is not limited to, user profiles (such as employees or customers), data and service access rules, and other types of corporate data.
What assets will Access Manager be protecting?
Access Manager secures access to all types of data and services. An administrator can regulate who can view or configure Access Manager data as well as control access to applications, portals, and services.
What users will leverage Access Manager?
Users might include employees, business partners, suppliers, and current or potential customers. Each user will have a profile that includes, at a minimum, their user ID and password. Employees will undoubtedly have larger and more confidential profiles than customers who access external sales information.
What data will be accessible?
Data might include public information, internal information, confidential information, and restricted data. Data might also include sales information on an external web site, confidential employee profiles, access rules that protect corporate resources, server configuration information, and federated customer profiles.
What is the authoritative source of the data?
Often multiple schemas that define different types of data are used. These definitions need to be reconciled within your deployment. Be aware of data ownership issues, allowing the various LOB applications to maintain control over their data, where appropriate. It is imperative to balance the demands of the satellite groups in order to provide service that is representative of the overall enterprise as all services are critical to the larger organization.
Other technical considerations also include:
Is the same information defined in multiple attributes?
Do users have multiple cross-organizational profiles?
Are the data stores located in front of the firewall?
Is the data consistent across different data stores?
How often is new data added or existing data modified?
For more information, see Categorizing Data.