Capgemini Saves 50 per cent on Administration Costs with Identity
Capgemini, a leading provider of consulting, technology and outsourcing, needed to run a Microsoft Windows NT 4.0 system alongside its new Microsoft Active Directory technology for up to 18 months.
They identified Microsoft Identity Integration Server (MIIS) 2003, a solution which manages identities and coordinates user details across organisations’ data source, as the best means for them to synchronise the identity information between the two systems. MIIS 2003 was up and running for Capgemini in the short space of one afternoon, giving complete peace of mind to its migration team. It has reduced the cost and risk associated with operating a manual system. Capgemini now has a guaranteed synchronisation mechanism in place that enables the company to have single point administration for data services to all its 6,500 employees in the UK and Ireland.
Situation
Migration projects for data services in multinational companies are often fraught with risks and unexpected costs. Some major companies find it necessary to run their legacy system alongside the new technology for up to two years. Without a smart solution that can easily match identity information from disparate data repositories, manual processes have to be used usually involving extra costs and inconvenient delays.
This was the prospect facing the operations in the UK and Ireland of Capgemini, a leading provider of consulting, technology and outsourcing services. Capgemini employs 6,500 people in the British Isles. The company offers its local and international customers management and technology consulting; systems transformation; systems management and local professional services. Its global strategic alliances with top technology companies help provide customers with solutions tailored to their unique business needs.
Capgemini decided to migrate its Microsoft® Windows NT® 4.0 Server operating system used by employees in the UK and Ireland. It chose Microsoft Windows Server™ 2003 with its component Microsoft Active Directory® and Microsoft Exchange Server 2000 for its e-mail and data services. However, CGEY wanted the two systems to coexist for at least 18 months, as all the company’s existing business processes resided in the legacy system.
Steve Plank, Architectural Engineer, Microsoft, says: “Capgemini then wanted new and deleted groups with new and deleted members to be automatically maintained in Active Directory and for the migration team to be kept up-to-date by automated emails of all these activities.”
Andy Lambert, Infrastructure Architect, Microsoft Business Unit, Capgemini, says: “There are a ton of processes and legacy applications that had built up over the lifetime of the previous system so moving all those over to Active Directory is potentially a real blocker to a speedy migration.”
Solution
Capgemini began the project to migrate to Active Directory in 2002. It realised in the test phase in summer 2003 for the new operating system running Active Directory that it would need to look for new technology to enable Active Directory to coexist with the legacy system.
In a separate project, headed by Andy Lambert, Capgemini wanted to introduce identity management to improve efficiency and security throughout the company which operates from different locations in the UK and Ireland. The Capgemini team had already selected Microsoft Identity Integration Server (MIIS) 2003 to realise this. MIIS 2003 offers a centralised service that integrates and stores identity information from multiple directories to provide a unified view of employees and resources.
The alternative would have been using a manual system. Plank says:
“Capgemini tried other vendors’ products but they were difficult to use and weren’t able to give the responsiveness that the business needed.”
Steve Plank, Architectural Engineer, Microsoft
“Capgemini tried other vendors’ products but they were difficult to use and weren’t able to give the responsiveness that the business needed.”
Andy Lambert and Steve Plank both agreed that one approach was to employ MIIS 2003 in order to provide the required coexistence between NT4.0 and Active Directory. This would enable Capgemini to achieve a single point for administering user account and group information, reducing effort, improving security, and reducing operational risk.
MIIS also enables the automatic provisioning and deprovisioning of access rights and other changes in employee status using Active Directory, an essential component of the Microsoft Windows Server family. This technology enables enterprises to manage data centrally in distributed computing environments and contributes greatly towards improving productivity as well as minimising operational risk.
Benefits
Automated Identity Management
By using MIIS 2003, Capgemini reduced administrative costs because data is updated automatically between the two coexisting systems. There is no longer any need for manual integration. Plank says: “The company is using Microsoft technology for something that wasn’t immediately thought of in the initial project.”
Lambert is also pleased that Microsoft and Capgemini came up with the right solution just in time. He says
“Carrying this out in a manual environment would have been very expensive and far from ideal, but we were getting desperate to find a solution. It is difficult to quantify the precise savings with MIIS 2003 but there is up to 50 per cent less admin.”
Andy Lambert, Infrastructure Architect, Microsoft Business Unit, Capgemini: “Carrying this out in a manual environment would have been very expensive and far from ideal, but we were getting desperate to find a solution. It is difficult to quantify the precise savings with MIIS 2003 but there is up to 50 per cent less administration.“
In addition to cost savings, efficiencies have also been achieved. Lambert says: “It would have taken 12 hours to synchronise the two systems but now it’s instantaneous throughout the working day. User accounts, group memberships—everything is kept up to date.”
Rapid Time to Market
The rapid implementation of MIIS 2003 was a major benefit for Capgemini. Plank recalls: “I went into Capgemini for half a day and worked with its team. Within four hours we had the whole system working. Capgemini was also pretty impressed that we could process all its test data – about 10,000 records – in 30 minutes. It was taking almost 24 hours for another system to do a similar not quite so functional exercise.”
Better Business Processes
With the two systems coexisting for over 12 months, Capgemini will have the best of both worlds for its business processes. The company is also able to maximise the value of its previous investment in IT.
Plank says that MIIS 2003 has helped accelerate the migration process between the legacy system and Active Directory, because not absolutely everything has to be in place before users are migrated across.
Lambert says: “We have gained the peace of mind that comes from knowing that our group management will continue working in the way it always did, until we get the chance to develop new business processes.”
Greater Security and Reduced Risk
By enabling this synchronisation between the two environments, Capgemini, using MIIS 2003, has a guaranteed method to ensure the validity of user and group information is maintained. Ultimately MIIS 2003 will be extended to synchronise employee information throughout the business estate. Lambert says: “MIIS has fulfilled an immediate, short term requirement for synchronising the two environments. Without this automatic provisioning a manual process may have left enabled user accounts in one environment that should have been disabled. This could have serious repercussions.”
Scalable for New Applications
Having implemented MIIS 2003 to enable the legacy system to work alongside Active Directory, Capgemini is preparing to use MIIS for improved identity management within the business. “We will be extending identity management with MIIS 2003 throughout the UK and Ireland operation in 2004 and taking advantage of its provisioning capabilities across the diverse business application Capgemini employ,” says Lambert.
MIIS 2003 provides a highly scalable solution with the capacity to integrate potentially any number of data sources and employees. As such it is beneficial to organisations engaged in migration projects such as Capgemini.