Identity migration apparatus and method

US 8,086,710 B2
Filed: 10/30/2007
Issued: 12/27/2011
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to migrate locally-managed identities to centrally-managed identities, the operations comprising:

providing at least one interface control that enables a user to create a migration project;

providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed groups in Unix;

providing at least one interface control that enables a user to specify the migration of the locally-managed account groups to one or more centrally-managed account groups stored in Active Directory,wherein the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups in Unix to the one or more centrally-managed account groups in Active Directory, andwherein the migration of the locally-managed account groups further preserve local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;

providing at least one interface control that enables a user to specify a plurality of migration rules for the migration project;

providing at least one interface control that enables a user to specify a migration schedule for the migration project; and

executing the migration rules according to the migration schedule too automatically migrate the locally-managed identities associated with the plurality of locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.

View all claims

26 Assignments

Timeline View

Assignment View

0 Petitions

Reexaminations

Accused Products

Abstract

An identity migration program provides interfaces for a user to manage operations for migrating locally-managed identities to centrally-managed identities. The provided interfaces include a project management interface, an identity selection interface, a migration rule editor interface, and a project scheduling interface. In certain embodiments, the identity migration program includes a communication module that provides interfaces for managing communication between the identity migration program and locally-managed and centrally-managed servers. Interfaces may also be provided to manage identity group migration and migration error resolution. A migration process management interface enables the user to halt, roll back, or resume a migration project.

Citations

15 Claims

1. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to migrate locally-managed identities to centrally-managed identities, the operations comprising:
- providing at least one interface control that enables a user to create a migration project;
  
  providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed groups in Unix;
  
  providing at least one interface control that enables a user to specify the migration of the locally-managed account groups to one or more centrally-managed account groups stored in Active Directory,wherein the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups in Unix to the one or more centrally-managed account groups in Active Directory, andwherein the migration of the locally-managed account groups further preserve local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  providing at least one interface control that enables a user to specify a plurality of migration rules for the migration project;
  
  providing at least one interface control that enables a user to specify a migration schedule for the migration project; and
  
  executing the migration rules according to the migration schedule too automatically migrate the locally-managed identities associated with the plurality of locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to communicate an identity map to at least one server.
  - 3. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to modify a migration rule to resolve identity migration errors.
  - 4. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to manually correct an identity migration error.
  - 5. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to halt a migration process specified by the migration project.
  - 6. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to roll back a migration process specified by the migration project.
  - 7. The non-transitory computer readable storage medium of claim 1, further comprising providing at least one interface control that enables a user to resume a migration process specified by the migration project.

8. An apparatus, implemented in one or more processors, to centralize identity management, the apparatus comprising:
- a project management module configured to provide at least one interface control that enables a user to create a migration project;
  
  an identity selection module configured to provide at least one interface control that enables a user to specify locally-managed identities associated with locally-managed groups in Unix to be migrated to one or more centrally-managed account groups stored in Active Director and associate the locally-managed identities with the migration project;
  
  a group management module configured to provide at least one interface control that enables a user to specify group migration of the locally-managed identities associated with the locally-managed account groups in Unix to the one or more centrally-managed account groups in Active Directory, wherein the migration of the locally-managed account groups further preserve local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  a migration rule editor configured to provide at least one interface control that enables a user to specify a plurality of migration rules for the migration project;
  
  a scheduling module configured to provide at least one interface control that enables a user to specify a migration schedule and associate the migration schedule with the migration project; and
  
  an execution module configured to execute the migration schedule according to the plurality of migration rules and the migration schedule, to automatically migrate the locally-managed identities associated with the plurality of locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, further comprising a communication module configured to:
    - retrieve locally-managed identities from at least one server;
      
      provide at least one interface control that enables a user to communicate an identity map to at least one server; and
      
      communicate an identity map to at least one server in response to user activation of the at least one interface control.
  - 10. The apparatus of claim 8, wherein the migration rule editor is further configured to provide at least one interface control that enables a user to modify a migration rule to resolve identity migration errors.
  - 11. The apparatus of claim 8, further comprising an account mapping module configured to provide at least one interface control that enables a user to manually correct an identity migration error.
  - 12. The apparatus of claim 8, further comprising a migration process management module configured to provide at least one interface control that enables a user to halt a migration process specified by the migration project.
  - 13. The apparatus of claim 12, wherein the migration process management module is further configured to provide at least one interface control that enables a user to roll back a migration process specified by the migration project.
  - 14. The apparatus of claim 12, wherein the migration process management module is further configured to provide at least one interface control that enables a user to resume a migration process specified by the migration project.

15. A method to migrate locally-managed identities to centrally-managed identities, the method comprising:
- providing at least one interface control that enables a user to create a migration project;
  
  providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed groups in Unix;
  
  wherein the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups in Unix to the one or more centrally-managed account groups in Active Directory, andwherein the migration of the locally-managed account groups further preserve local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  providing at least one interface control that enables a user to specify a plurality of migration rules for the migration project;
  
  providing at least one interface control that enables a user to specify a migration schedule for the migration project; and
  
  executing the migration rules according to the migration schedule to automatically migrate the locally-managed identities associated with the plurality of locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Vanyukhin, Nikolay, Shevnin, Oleg, Korotich, Alexey
Primary Examiner(s)
WASEL, MOHAMED A

Application Number

US11/928,887
Publication Number

US 20080104220A1
Time in Patent Office

1,519 Days
Field of Search

709/218, 709/219, 709/223
US Class Current

709/223
CPC Class Codes

H04L 41/00 Arrangements for maintenanc...

H04L 41/0893 Assignment of logical group...

Identity migration apparatus and method

First Claim

26 Assignments

0 Petitions

Reexaminations

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Identity migration apparatus and method

First Claim

26 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Reexaminations

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links