No one works in isolation in any business, but in the aptly named Hyve Group plc, a FTSE 250 international trade show organiser, the need to join forces is intrinsic. The company operates a highly collaborative environment sharing ideas and opportunities between teams. With 1,200 workers in 13 countries focused on delivering innovative and dynamic events around the world, its need for a flexible, collaborative IT environment made it a strong candidate for digital transformation.
Keith O’Hara, Group Technology and Information Director, Hyve
The challenges of multi-platform identity migration – with unreliable data…
As a consequence of growth through acquisition Hyve’s international footprint was made complex by different IT architectures. They naturally ran multiple applications – some shared, some not – and inevitably maintained multiple identity platforms, with all the complexity that implies for user, device and application identity management.
Hyve approached Azured to lead the project, knowing that it has specific and deep expertise in identity migration – one of the central challenges of the project. Acting as lead architect for the transformation, Azured assembled a team of project specialists whose knowledge and skills are not normally found in-house among client IT departments.
In crafting the solution, the core objective was that everyone on Hyve’s creative teams around the world should be able to use a single sign-on to virtually all the applications they need, from all the devices they use during the transition and after completion.
Given the complexity of the existing state, it would be a tall order for any specialist IT consultancy, but is firmly in the home territory of Azured. The confused state of the identity data made it unfeasible to consolidate into an existing directory services system.
Shaping a seamless single sign-on solution
Azured suggested it would be more favourable to migrate into a new hybrid identity platform (both on-premise and cloud-based). To do so would also be consistent with the planned move to cloud-based infrastructure for applications available across the enterprise.
To manage the migration, Azured would need to analyse the source platforms and remediate its data, removing duplicates (typically multiple identical objects in different identity platforms), cleaning up incorrect entries, deleting obsolete identity objects – for all its people and devices, current and past. It is a challenge that appears more straightforward in the description than in practice, when you bear in mind that each one of Hyve’s people might have more than fifty applications for which her log in needs to work, and consequently multiple objects relating to that identity must be migrated.
The Azured approach is marked by its attention to the device identities as well as the users of those devices. As an object of the user’s identity, everything she uses has identity data that must be recorded and moved into the new platform for it all to work as seamlessly as the brief required, namely, a single sign-on experience to everything: devices, networks, applications, permissions.
To guarantee all would be operating perfectly on the Monday morning after the migration, Azured created a simulated environment in a lab. The team focused on the critical applications first, analysing each device type (laptops and desktops) to understand the relationship between the user and the device, its operating system, and the applications the user needs to access.
Azured used a combination of scripts and software to iteratively interrogate the identity data, remediating it where it was inconsistent with the new platform in a lab simulation. The lab approach refines the migration process by continually analysing devices, applications and identities to arrive at a stable setup.
Streamlined. Secure. Cheaper? Sorry, did you just say, cheaper?
The migration was completed in a year, with the switch over achieving the Azured target of 72 hours downtime over one weekend, with critical systems such as mail and messaging only being off-line for a few hours overnight.
The identities for all Hyve’s people and its devices are in the new identity management system giving them uninterrupted access to all the applications they need. While holding all identity information in the new system Azured was also able, during the transition, to make accessible legacy applications whose server identities still reside in the old system. Azured were able to demonstrate that it was more cost effective to leave some of the legacy applications in the old world – having remediated it, than to migrate them to the new environment, saving Hyve significant sums of money.
The success of the project can be in part attributed to the technical solution, but also to the management of the project team and the relationship between Azured and the Group IT Director at Hyve. Hyve kept Azured operating at arm’s length, allowing the team to analyse, test, simulate and craft the solution to the IT brief, free from outside influence.
The net result for Hyve is not only a more easily managed identity system within a cloud-based IT architecture, but greater flexibility, more security, and ease of use to enable its people to collaborate more effectively between teams and across borders. The control the organisation now has over access and permissions is far greater, giving them a stronger sense of security and reduced risk.