Identity migration apparatus and method

US 8,966,045 B1
Filed: 11/27/2012
Issued: 02/24/2015
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for chan in functioning of at least one computer by migrating locally-managed identities to centrally-managed identities, the method comprising:

providing, on computer hardware including at least one computer processor, at least one interface control configured to receive input from at least one input device and to communicate the input to the computer hardware, thereby enabling a user to create a migration project to be carried out by the computer hardware;

receiving, by the interface control from the input device, an identification of locally-managed identities associated with locally-managed account groups;

receiving, by the interface control from the input device, a specification of a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;

receiving, by the interface control from the input device, a specification of migration rules for the migration project;

receiving, by the interface control from the input device, a specification of a migration schedule for the migration project; and

executing the migration rules with the computer hardware including the at least one computer processor according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity migration program provides interfaces for a user to manage operations for migrating locally-managed identities to centrally-managed identities. The provided interfaces include a project management interface, an identity selection interface, a migration rule editor interface, and a project scheduling interface. In certain embodiments, the identity migration program includes a communication module that provides interfaces for managing communication between the identity migration program and locally-managed and centrally-managed servers. Interfaces may also be provided to manage identity group migration and migration error resolution. A migration process management interface enables the user to halt, roll back, or resume a migration project.

419 Citations

20 Claims

1. A method for chan in functioning of at least one computer by migrating locally-managed identities to centrally-managed identities, the method comprising:
- providing, on computer hardware including at least one computer processor, at least one interface control configured to receive input from at least one input device and to communicate the input to the computer hardware, thereby enabling a user to create a migration project to be carried out by the computer hardware;
  
  receiving, by the interface control from the input device, an identification of locally-managed identities associated with locally-managed account groups;
  
  receiving, by the interface control from the input device, a specification of a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  receiving, by the interface control from the input device, a specification of migration rules for the migration project;
  
  receiving, by the interface control from the input device, a specification of a migration schedule for the migration project; and
  
  executing the migration rules with the computer hardware including the at least one computer processor according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising receiving, by the interface control from the input device, a modification of at least one migration rule to manually correct an identity migration error.
  - 3. The method of claim 1 further comprising halting a migration process specified by the migration project.
  - 4. The method of claim 1 wherein the one or more centrally-managed account groups include one or more centrally-managed account groups in Active Directory.
  - 5. The method of claim 1 wherein the locally-managed account groups include one or more locally-managed account groups in Unix.

6. A system for identity migration comprising:
- computer hardware including at least one computer processor and at least one input device; and
  
  a plurality of modules stored in computer-readable storage comprising computer readable instructions that, when executed by the computer processor, cause the computer hardware to perform operations defined by the computer-executable instructions, the modules configured to;
  
  create a migration project in response to user input received from the input device;
  
  identify locally-managed identities associated with locally-managed account groups;
  
  specify a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups;
  
  specify migration rules for the migration project;
  
  specify a migration schedule for the migration project; and
  
  execute the migration rules according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6 wherein the modules are further configured to allow a user to roll back a migration process specified by the migration project.
  - 8. The system of claim 6 wherein the modules are further configured to allow a user to resume a migration process specified by the migration project.
  - 9. The system of claim 6 wherein the modules are further configured to allow a user to modify at least one migration rule to resolve identity migration errors.
  - 10. The system of claim 6 wherein the modules are further configured to allow a user to retrieve locally-managed identities from at least one server, provide at least one interface control that enables a user to communicate an identity map to at least one server, and communicate the identity map to at least one server in response to user activation of the at least one interface control.

11. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to migrate locally-managed identities to centrally-managed identities, the operations comprising:
- receiving a user'"'"'s input from an input device;
  
  at least in part in response to the input received from the input device, creating a migration project, encoded in tangible computer storage, that includes at least (a) an identification of locally-managed identities associated with locally-managed account groups, (b) a specification of a migration of the locally-managed account groups to one or more centrally-managed account groups such that the migration of the locally-managed account groups migrates the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups and preserves local group membership information and identity attributes about the locally-managed identities migrated to the one or more centrally-managed account groups, (c) a plurality of migration rules for the migration project, and (d) a migration schedule for the migration project; and
  
  executing the migration rules according to the migration schedule to automatically migrate the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise a user-selectable operation of interrupting a migration process specified by the migration project.
  - 13. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise a user-selectable operation of resuming a migration process specified by the migration project.
  - 14. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise a user-selectable operation of committing a migration process specified by the migration project.
  - 15. The non-transitory computer readable storage medium of claim 11 wherein the operations further comprise a user-selectable operation of unmapping at least one locally-managed identity from at least one centrally-managed identity.

16. A system for migrating locally-managed identities to centrally-managed identities, the method comprising:
- computer hardware comprising at least a computer processor and an input device;
  
  at least one interface control that receives a user'"'"'s input from the input device and, based at least in part upon the user'"'"'s input, causes the computer hardware to migrate locally-managed identities associated with locally-managed account groups to one or more centrally-managed account groups; and
  
  a migration rule execution module that causes migration rules, encoded in tangible computer storage, to be executed on the at least one computer processor, thereby causing the computer hardware to automatically migrate, in accordance with a migration schedule encoded in tangible computer storage, the locally-managed identities associated with the locally-managed account groups to the one or more centrally-managed account groups in a manner that preserves the local group membership information of migrated locally-managed identities.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 further comprising at least one interface control that enables a user to identify the locally-managed identities associated with the locally-managed account groups.
  - 18. The system of claim 16 further comprising at least one interface control that enables a user to specify the migration rules for the migration project and at least one interface control that enables a user to specify the migration schedule for the migration project.
  - 19. The system of claim 16 wherein the one or more centrally-managed account groups include one or more centrally-managed account groups in Active Directory.
  - 20. The system of claim 16 wherein the locally-managed account groups include one or more locally-managed account groups in Unix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Vanyukhin, Nikolay, Shevnin, Oleg, Korotich, Alexey
Primary Examiner(s)
Wasel, Mohamed

Application Number

US13/686,700
Time in Patent Office

819 Days
Field of Search

709/218, 709/219, 709/223
US Class Current

709/223
CPC Class Codes

H04L 41/00 Arrangements for maintenanc...

H04L 41/0893 Assignment of logical group...

Identity migration apparatus and method

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

419 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity migration apparatus and method

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

419 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links