Last week in this blog series, we discussed what makes traditional identity security systems like CA Single Sign-On® (formerly called CA SiteMinder) inadequate for supporting and protecting today's business models and top IT initiatives. We also compared traditional identity and access management systems to Next Gen Identity solutions. Read last week's blog post. Today, we will describe the migration process from a traditional IAM system to a Next Gen Identity solution.
To start, migration is hard, expensive and filled with disruption. As you look at your identity and access management (IAM) infrastructure and evaluate whether the power and simplicity of a Next Gen Identity solution is worth the disruption to business-critical infrastructure, realize that you are already disrupting and adding complexity to your current identity solution to keep up with business demands.
If you are using a traditional IAM product like CA SiteMinder, you have probably been wrestling with your infrastructure through upgrades, add-ons and difficult support issues. It might feel like everything is 'good enough', but the reality is that new IT business models are forcing another round of upgrades, add-ons and difficult support issues--impacting revenue and impeding worker productivity.
As we have architected and developed our Next Gen Identity solution, a common sense approach to application migration has emerged. By following our four migration steps, much of the disruption can be reduced when moving your web access management (WAM) functionality away from CA SiteMinder while immediately taking advantage of the emerging IT business models.
Before we review our four migration steps, it is important to highlight a critical migration capability of the Ping Identity solution. Ping Identity architected the Next Gen Identity solution to co-exist, side-by-side, with the existing CA SiteMinder deployments. Through the advanced integration capabilities of PingFederate, CA SiteMinder authentication events and web sessions can be shared across both identity security solutions. As a result, your end-users will not be aware of the underlying system changes during a migration. Additionally (and importantly), your helpdesk staff won't be flooded with questions related to changed behavior, additional sign-ons or increased friction when accessing their applications.
The four migration steps for successfully moving away from CA SiteMinder to Next Gen Identity are:
The migration starts with planning. It is critical to survey your current infrastructure to understand how your users are authenticated, how access is managed, what policies are in place and what your web access management architecture should look like when the migration is completed. Note: our next blog post in this series will discuss some critical decisions that must be considered during the planning step.
After a solid plan has been developed, the installation and integration of the Next Gen Identity solution is performed. The integration with CA SiteMinder is important to provide the end user with the same experience. This is also a good time to test the migration plan with an application that has low risk when migrated.
Once the initial deployment is complete and the first several applications have been successfully migrated, it is time to ramp up migration. Full application migration starts in earnest, typically working from the simplest applications to the most complex.
The last step, after the applications have been migrated, is to finalize the migration. If all the applications have been successfully migrated from CA SiteMinder or other web access management systems, then the integrations between CA SiteMinder and the Next Gen Identity solution need to be removed. Ultimately, the CA SiteMinder infrastructure can be turned off and retired.
When the migration is complete, your IT group should see significant cost savings. Additionally, your group will be positioned to handle the next decade of identity trends that are critical to maintain a secure environment while also supporting your business.
See our migration guide for more information about our four migration steps.
Next week in this blog series, we will explain the technical strategies for authentication during a migration to a Next Gen Identity solution and the capabilities of such an identity security platform. In the meantime, here are some good related resources:
Beyond the Firewall, a white paper and webinar discussing six top IT trends and the necessity and superiority of identity-centered security to support them.