Identity migration apparatus and method

US 8,346,908 B1
Filed: 12/13/2011
Issued: 01/01/2013
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for migrating locally-managed identities to centrally-managed identities, the method comprising:

providing with computer hardware including at least one computer processor at least one interface control that enables a user to create a migration project;

providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed account groups;

providing at least one interface control that enables a user to specify a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;

providing at least one interface control that enables a user to specify migration rules for the migration project;

providing at least one interface control that enables a user to specify a migration schedule for the migration project; and

executing the migration rules with the computer hardware including the at least one computer processor according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.

View all claims

26 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity migration program provides interfaces for a user to manage operations for migrating locally-managed identities to centrally-managed identities. The provided interfaces include a project management interface, an identity selection interface, a migration rule editor interface, and a project scheduling interface. In certain embodiments, the identity migration program includes a communication module that provides interfaces for managing communication between the identity migration program and locally-managed and centrally-managed servers. Interfaces may also be provided to manage identity group migration and migration error resolution. A migration process management interface enables the user to halt, roll back, or resume a migration project.

446 Citations

20 Claims

1. A method for migrating locally-managed identities to centrally-managed identities, the method comprising:
- providing with computer hardware including at least one computer processor at least one interface control that enables a user to create a migration project;
  
  providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed account groups;
  
  providing at least one interface control that enables a user to specify a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  providing at least one interface control that enables a user to specify migration rules for the migration project;
  
  providing at least one interface control that enables a user to specify a migration schedule for the migration project; and
  
  executing the migration rules with the computer hardware including the at least one computer processor according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising providing at least one interface control that enables a user to modify at least one migration rule to manually correct an identity migration error.
  - 3. The method of claim 1 further comprising providing at least one interface control that enables a user to halt a migration process specified by the migration project.
  - 4. The method of claim 1 wherein the one or more centrally-managed account groups include one or more centrally-managed account groups in Active Directory.
  - 5. The method of claim 1 wherein the locally-managed account groups include one or more locally-managed account groups in Unix.

6. A system for identity migration comprising:
- computer hardware including at least one computer processor; and
  
  a plurality of modules stored in computer-readable storage comprising computer readable instructions that, when executed by the computer processor, cause the computer hardware to perform operations defined by the computer-executable instructions, the modules configured to;
  
  provide at least one interface control that enables a user to create a migration project;
  
  provide at least one interface control that enables a user to identify locally-managed identities associated with locally-managed account groups;
  
  provide at least one interface control that enables a user to specify a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  provide at least one interface control that enables a user to specify migration rules for the migration project;
  
  provide at least one interface control that enables a user to specify a migration schedule for the migration project; and
  
  execute the migration rules according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6 wherein the modules are further configured to provide at least one interface control that enables a user to roll back a migration process specified by the migration project.
  - 8. The system of claim 6 wherein the modules are further configured to provide at least one interface control that enables a user to resume a migration process specified by the migration project.
  - 9. The system of claim 6 wherein the modules are further configured to provide at least one interface control that enables a user to modify at least one migration rule to resolve identity migration errors.
  - 10. The system of claim 6 wherein the modules are further configured to provide at least one interface control that enables a user to retrieve locally-managed identities from at least one server, provide at least one interface control that enables a user to communicate an identity map to at least one server, and communicate the identity map to at least one server in response to user activation of the at least one interface control.

11. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to migrate locally-managed identities to centrally-managed identities, the operations comprising:
- providing at least one interface control that enables a user to create a migration project;
  
  providing at least one interface control that enables a user to identify locally-managed identities associated with locally-managed account groups;
  
  providing at least one interface control that enables a user to specify a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  providing at least one interface control that enables a user to specify a plurality of migration rules for the migration project;
  
  providing at least one interface control that enables a user to specify a migration schedule for the migration project; and
  
  executing the migration rules according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise providing at least one interface control that enables a user to interrupt a migration process specified by the migration project.
  - 13. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise providing at least one interface control that enables a user to resume a migration process specified by the migration project.
  - 14. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise providing at least one interface control that enables a user to commit a migration process specified by the migration project.
  - 15. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise providing at least one interface control that enables a user to unmap at least one locally-managed identity from at least one centrally-managed identity.

16. A method for migrating locally-managed identities to centrally-managed identities, the method comprising:
- providing at least one interface control that enables a user to migrate locally-managed identities associated with locally-managed account groups to one or more centrally-managed account groups; and
  
  executing migration rules with computer hardware including at least one computer processor according to a migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16 further comprising providing at least one interface control that enables a user to identify the locally-managed identities associated with the locally-managed account groups.
  - 18. The method of claim 16 further comprising providing at least one interface control that enables a user to specify the migration rules for the migration project, and providing at least one interface control that enables a user to specify the migration schedule for the migration project.
  - 19. The method of claim 16 wherein the one or more centrally-managed account groups include one or more centrally-managed account groups in Active Directory.
  - 20. The method of claim 16 wherein the locally-managed account groups include one or more locally-managed account groups in Unix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Vanyukhin, Nikolay, Shevnin, Oleg, Korotich, Alexey
Primary Examiner(s)
WASEL, MOHAMED A

Application Number

US13/324,874
Time in Patent Office

385 Days
Field of Search

709/218, 709/219, 709/223
US Class Current

709/223
CPC Class Codes

H04L 41/00 Arrangements for maintenanc...

H04L 41/0893 Assignment of logical group...

Identity migration apparatus and method

First Claim

26 Assignments

0 Petitions

Accused Products

Abstract

446 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity migration apparatus and method

First Claim

26 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

446 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links