Marcel Van Den Assum, information boss at dairy company Fonterra’s NZMP subsidiary, outlines the company’s global directory services project.
Why did you implement a global directory project and why did you choose Siemens’ DirX meta-directory?
We set up a global directory services project early in 2001, the goal of which was to give employees, contractors, customers and suppliers controlled access to Fonterra’s enterprise application initiatives through a common global directory service. This is based on a defined access control model.
The project’s key objectives were to:
1. Minimise the security risk to our electronic information.
2. Provide consistent directory information for all employees, contractors, key customers and suppliers.
3. Ensure that access to applications and services reflects the role, responsibility and accountability of employees and contractors.
Following the completion of a functional specification, a request for proposal was issued, with six vendors responding. Their proposals were evaluated against their product’s functional capability, their ability to implement the product and, of course, cost. The Siemens DirX meta-directory product was ultimately selected for our global directory.
How important was planning and how did you approach it?
Planning was critical to the project, as it is with any project. This forms part of our standard project office methodology. We consider all the steps, from analysis to design, build and implementation. For the global directory services project it was critical to identify which applications were the owners of pieces of information and which applications were the recipients of that information. For example, HR is the owner of someone’s job title (recorded in the HR application), while Infrastructure is the owner of the email address (recorded in the email system).
How long did planning take?
From scoping the project, preparing the functional specification, issuing the RFP and completing contract negotiations it took us six months.
Have you finished installing the meta-directory?
Implementation started in July 2002. This connected our Lotus Notes, MS Exchange and intranet environments. Since then we have connected to NDS/GroupWise, Windows NT, Microsoft’s Active Directory and Cisco Radius [remote access]. We are currently planning the connection to our Oracle 10.7 HR module and the implementation of automatic account creation and suspension.
The achievements to date position us for the implementation of user authentication and reduced sign-on.
How long did the rollout take?
Full operational hand-over to our production team took place in early April of this year.
How is the organisation using it?
As new staff members join the organisation our global helpdesk adds their details to the global directory. We also record what applications staff need to access. Our global directory then sends email alerts to the various application administrators, both in New Zealand and offshore as required.
Our global directory creates a unique identifier for each person who has access to our systems, by name, location and systems used. This is important to us as it provides consistent information about people across systems and provides the ability to monitor access to systems.
How many users does it cover?
We have a licence for 10,000 users, with a worldwide user population.
Is it just for NZMP or all of Fonterra?
Our initial focus was on applications and services that had a global reach. For example, we connect to 17 Microsoft Exchange services in the Americas — from Philadelphia to Sao Paulo in Brazil. We are currently in the process of connecting to the legacy LAN and email systems within New Zealand.
What about other items, eg machines, services?
We have installed the Siemens DirX product on two identical servers. These are HP Netserver LC 2000R, one is the production server, the other a shadow server providing operational continuity. The operating system is Windows 2000 SP2.
Synchronisation of directory information with each of the target systems occurs on a daily basis at this point in time. This will be reviewed once automatic account creation and suspension has been enacted.
What issues should organisations installing a meta-directory be aware of?
Be clear on the problem that you’re trying to address.
- Have appropriate project governance.
- Technical issues are relatively minor. The real challenge is in business process and information flow. There is a need to ensure agreement of business process by both business owners and systems administrators.
- Validation of people’s names. Two or more people may have the same name; one person may be known by several names across systems (eg Jo Smith, Josephine Smith).
- And in a global environment there is a need to define how non-Anglo Saxon names will be handled. Many names don’t follow the traditional format of first, middle and last name when referring to a person’s given name and family name. For example: Kyoung Ok Han, Abdul Rahman Al Omari, Juan Manuel Ugarte Undurrage.