ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
761fa71f691facd349bca64ddb53d8a49919d3db
nexus/wiki/sources/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md
weishen 7cecf10c79 Auto-sync: 2026-04-24 08:02
2026-04-24 08:02:47 +08:00

58 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Learning Sessions Identity Governance VSM Replacement - 20231128"
type: source
tags:
- Identity-Governance
- VSM
- CTP
- IAM
- AWS-Identity-Center
date: 2023-11-28
---
## Source File
- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/02_IAM/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md]]
## Summary用中文描述
- 核心主题身份治理Identity Governance框架以及用 Micro Focus IGA 替换 DXC 虚拟 SMVSM工具的计划
- 问题域:企业数字身份管理——谁来访问、谁该访问、如何访问;内部/外部用户(含承包商)的权限治理
- 方法/机制Micro Focus IGA 通过资源控制工作流实现权限审批/撤销/监控Active Directory 组映射角色AWS Identity Center + IAM 提供云资源访问IG 治理 AD 组工作流
- 结论/价值VSM 将被 IG 全面替换,采用相同架构但连接 Coptum 域POC 正在进行中以验证架构和流程;用户通过 IGA Portal 申请权限,审批后自动授权
## Key Claims用中文描述
- 身份治理通过三个核心问题(谁当前有访问权限、谁应该有访问权限、如何执行访问)驱动数字化风险管理和合规
- Micro Focus IGA 通过工作流管控 Active Directory 组的权限审批与撤销,并配合 AWS IAM + Azure AD Domain Services 实现云资源访问
- IG 支持内部和外部用户(含承包商)的有时限访问权,适合临时权限管理场景
- VSM → IG 替换计划将保持原有架构不变,但 IG 连接至 Coptum 域(而非原 DXC 域)
- POC概念验证正在进行以验证替换架构和审批流程的可行性
- IGA Portal 用户体验:搜索资源 → 申请权限 → 填写表单 → 审批流 → 自动授权
## Key Quotes
> "Identity governance is a framework for managing digital identities efficiently, minimizing risk, and maintaining compliance." — 身份治理定义
> "IG integrates with AWS Identity Center to provide access to resources via IAM. Groups in Active Directory represent roles, and IG governs access to these groups." — IG + AD + AWS Identity Center 集成架构
> "The plan is to replace VSM with IG for all accounts, using the same architecture as VSM, but with IG connected to Coptum domain." — VSM 替换计划核心策略
## Key Concepts
- [[Identity-Governance]]:数字化身份管理框架,最小化风险、保持合规,核心三问:谁有访问/谁该访问/如何访问
- [[IGAIdentity Governance and Administration]]身份治理与管理Micro Focus IGA 是该领域的具体产品实现
- [[AWS-Identity-Center]]AWS 身份中心(原 AWS SSO通过 IAM 提供云资源访问控制
- [[Micro-Focus-IGA]]Micro Focus 身份治理与管理工具,管控 AD 组工作流并连接 AWS Identity Center
- [[Active-Directory]]微软目录服务AD 组映射角色IGA 治理这些组的成员关系
## Key Entities
- [[Micro Focus]]:会议来源组织,其 IGA 产品线用于替换 DXC VSM 工具
- [[DXC-VSM]]DXC Virtual SMDXC 提供的老一代身份治理工具,将被 Micro Focus IGA 替换
- [[AWS-Identity-Center]]AWS 身份中心,提供跨账户单点登录和权限管理
- [[Azure-AD-Domain-Services]]Azure AD 域服务,作为身份认证桥梁连接 DXC 域
## Connections
- [[Micro-Focus-IGA]] ← depends_on ← [[Active-Directory]]
- [[AWS-Identity-Center]] ← depends_on ← [[Micro-Focus-IGA]]
- [[Micro-Focus-IGA]] ← replaces ← [[DXC-VSM]]
- [[Azure-AD-Domain-Services]] ← bridges_auth ← [[Active-Directory]]
## Contradictions
- 暂无已知冲突内容
Reference in New Issue View Git Blame Copy Permalink