Presentation of the Meta-Directory

Directorate General of Administration

Directorate of Information Technology

Presentation of the Meta-directory

______

This document is the property of the Council of Europe.

It may not be reproduced or communicated without the prior agreement of the author

______

Presentation of the Meta-directory1/6

Directorate General of Administration

Directorate of Information Technology

Contents

1Purpose of the document

2Presentation of the Meta-directory

3Data available in the Meta-directory

3.1Information on individuals

3.2Information on entities

4Architecture

1Purpose of the document

This document presentsthe Council of Europe'sMeta-directory,a systemfor thecentralisedmanagement of theidentity dataof Council of Europe Information System users (name, first name, office number, telephone numberetc).

2Presentationof theMeta-directory

The Meta-directoryimplemented at the Council of Europe is asingle referentialdatabase centralising the identity data ofall individuals with an IT account in their name in the Council of EuropeInformationSystem.

This repository provides aunified, aggregateview of users'identityinformation which is accessible to alltransversalapplications needing to exchange that information.

The Meta-directory:

•does not contain information on individuals who do not have an IT account in their name in the Council of Europe Information System,

•does not manage archiving of records: when a person leaves, their data are deleted,

•does not centralise the management of roles/permissions (which remains the responsibility of the applications),

•does not containother kinds ofdata (hardware used etc).

The Meta-directoryhas:

•a public area containing all non-confidentialdata,

•a restricted areacontaining the datadeemedconfidentialby the departments responsible for them.

The applications and services remain autonomous andresponsiblefor their own data:

•there is nocreation, modification ordeletion of information directly inthe Meta-directory,

•the Meta-directoryis solely a repository for data that already exist in the source applications.

3Data available inthe Meta-directory

The Meta-directory stores three types of information:

• informationon the individuals holding an IT account in one of the Council of Europe's account bases,
• informationon the Council of Europe's entities,
• mailing listsandshared mailboxes.

3.1Information on individuals

3.2Information on entities

4Architecture

The infrastructure implemented is based on a synchronisation engine (Microsoft Forefront Identity Manager) coupled with an available central business directory:

• in an LDAP version (Microsoft Active Directory Application Mode);
• in anSQL version (Microsoft SQL).

The architecture implemented is illustrated below:

Figure 1 : Schéma de la nouvelle infrastructure d’annuaire centralisé

The central business directory set up consists of:

• An LDAP directory comprising two MicrosoftADAMservers, using multi-

master replication. The Microsoft Network Load Balancing component is implemented toensure the balancing of the loads and the breakdowntolerance,

• An SQL directory: database hosted on a Microsoft SQL Server.

End of document

______

Presentation of the Meta-directory1/6