Hitachi ID Systems services methodology

By: M-tech  09-12-2011
Keywords: Help Desk, Identity And Access Management, Management Suite

Project kickoff

An interview is held with the primary project stake-holders to identify the key business objectives for Hitachi ID Management Suite deployment. These objectives are prioritized and metrics are defined that will later be used to characterize success or identify problems.

Project objectives normally include reducing operating costs, improving service SLA, enhancing security and regulatory or policy compliance.

Metrics may include reduced help desk call volume (e.g., percent reduction or target monthly numbers), improved speed for provisioning new users or responding to access change requests, etc.

A short (normally 1-2 page) document formally defining business objectives is provided at the end of this phase.

Needs analysis

A needs analysis phase is undertaken to review current Hitachi ID Systems customer identity and access management business processes, identify new processes that the project should implement and define technical details to implement the new processes.

In large or complex deployments, this phase may be broken down into an initial review, which identifies high-level objectives and generates a time and cost estimate for a second phase and a subsequent detailed analysis, which collects detailed information about data flows, attribute mappings, change authorization, role definition, etc. In this case, a summary process analysis document is produced in the first phase and detailed documents are produced in the second phase.

The needs analysis phase produces two documents:

  • A process analysis document, which includes:
    • A list of current processes used to set up new staff with access, to update identity attributes and security entitlements as business needs change, to terminate access and to manage passwords.
    • A list of desired processes that the Hitachi ID Management Suite implementation will enable. This may include:
      • Automatic propagation of user data from systems of record to target systems.
      • Self-service workflow to allow users to request and authorize access changes.
      • Consolidated and delegated user administration.
      • Consolidated reporting on access rights and access change history.
      • Password synchronization, self-service reset and assisted reset.
      • Processes to collect new data from the user population, such as security questions for authentication, demographic information, login ID reconciliation or biometric samples.
      • User notification for events such as upcoming password expiration, user profile changes, etc.
    • A logical architecture, which shows how systems and external processes interact to implement the above processes.
  • A technology analysis document, which includes:
    • A network architecture illustrating how Hitachi ID Management Suite will tie into existing IT infrastructure.
    • Integration details for each and every system with which Hitachi ID Management Suite will exchange data.
    • Attribute mappings, correlating user profile attributes between systems of record, change requests and target systems.
    • Process details, including business logic for change propagation, input validation for the self-service workflow system, authorizer routing rules, login ID assignment standards, procedures for delegation and automated escalation of authorization responsibility, etc.
Installation and configuration

Hitachi ID Systems engineers normally install Hitachi ID Management Suite either on-site or using remote control over a VPN. The installation phase normally includes installation of the software on each server, activation of software, data and configuration replication where appropriate, configuration of every business process and technical detail identified in the Technology Analysis document and the Project Planning document and initial testing to validate that everything that was installed and configured works.

Many Hitachi ID Systems customers choose to deploy functionality incrementally.

Hitachi ID Password Manager (formerly P-Synch) can be deployed incrementally based on a variety of variables, including:

  • Users.
  • Target systems.
  • Features.

Gradual deployment is recommended and normally tied to users -- for example, activate N users per day and ask them to register.

Where gradual deployment is used, users are classified into three groups: available, activated and enrolled. Users are automatically created in the available group based on their existence on one or more target systems. Users are automatically moved from available to activated by a nightly batch process, which also prompts newly activated users to self-register. Once users register, they are automatically changed to enrolled status.

The rate of moving users from available to activated status can be centrally controlled and can be adaptive, for example depending on the current number of activated but as-yet not enrolled users.

Hitachi ID Identity Manager can be deployed incrementally based on a variety of variables, including:

  • User populations -- by role, classification or geography.
  • Target systems and within target systems, account types, attributes under management, NOS groups under management, etc.
  • Features (i.e., automatic change propagation, self-service workflow, consolidated administration console and delegated administration services).

Incremental, iterative deployment is recommended: deliver early and often, to minimize project risk. Avoid attempts to characterize all system requirements early -- this typically is hard to do and requirements change over time.

Normally key target systems are deployed initially, along with consolidated administration. Next, automated change propagation is configured and finally self-service security requests / approvals workflow. Delegated administration is normally implemented right after consolidated administration.

The precise sequence and schedule of feature, target and business logic implementation will depend on a detailed project design, to be completed jointly with Hitachi ID Systems customer.

Once in production deployment, Identity Manager is normally extended to include ever-more target systems, attributes, template accounts, roles, NOS groups, authorizers, etc. This growth is organic and ongoing -- it is unlikely to cease while Identity Manager is in use.

Where existing tools and processes are being replaced, they are normally replaced one-by-one, as new capabilities are deployed, pilot-tested, validated and rolled-out.

After installing Hitachi ID Management Suite, Hitachi ID Systems engineers produce a "Site Report," which outlines everything that was installed and configured.

Keywords: Help Desk, Hitachi Id Management Suite, Identity And Access Management, Management Suite,

Contact M-tech

Email - none provided

Print this page

Other products and services from M-tech


Hitachi ID Management Suite

Delegated audits of user entitlements, with certification by individual managers and application owners, roll-up of results to top management and cleanup of rejected security rights. Group Manager is also available as a stand-alone product, as well as a component of Identity Manager. Hitachi ID Telephone Password Manager -- Telephone self-service for passwords and tokens.



Hitachi ID Systems courses are designed for security specialists, help desk personnel, system administrators, project leaders/managers and anyone responsible for the implementation and administration of Hitachi ID Management Suite. Teaching you how to carry out implementation, project plan layout, customization, and administration smoothly. Your company will realize savings in implementation, planning, administration, and ongoing support costs.


Solution Delivery Services

Hitachi ID Systems partners are trained in Hitachi ID Systems products, are familiar with the Hitachi ID Systems methodology and employ the same high standards as the internal Hitachi ID Systems solution delivery team. Depending on each client's in-house resources and preferences, Hitachi ID Systems is positioned to deliver solutions using a combination of Hitachi ID Systems staff, in-house resources and Hitachi ID Systems partners.


Professional Services

Identity and Access Management products are installed across the enterprise infrastructure and have an impact on systems, directories, applications, user support, HR, corporate security and audit. Hitachi ID Systems services are normally priced on a fixed-cost, fixed-deliverables basis, eliminating cost overruns and transferring risk from our customers to Hitachi ID Systems.


Product Releases

This is done with features such as password synchronization, self-service password reset, enterprise single sign-on, PIN resets for tokens and smart cards, enrollment of security questions and biometrics and emergency recovery of full disk encryption keys.