Red Hat’s IT department recently deployed JBoss BPM Suite to handle automated process workflow. JBoss BPM Suite is officially defined as:
An open source business process management suite that combines Business Process Management and Business Rules Management and enables business and IT users to create, manage, validate, and deploy Business Processes and Rules.
IT’s immediate use case is to replace our aging account management system, which is essentially a collection of perl and python scripts. Some of these date back to the turn of the millennium. These scripts had the responsibility of handling all aspects of user life cycle management, including:
- Pulling user data from the HRMS
- Creating the user LDAP object
- Creating the user group LDAP object
- Creating application accounts (home directories, mailboxes, etc)
- Updating LDAP objects with HRMS changes
- Closing user accounts and removing LDAP objects upon termination
- Syncing account information with third party systems (SaaS vendors, etc)
These legacy scripts would perform SQL queries directly against multiple data sources and call LDAP operations, application command line tools and make API calls. While this system worked well for many years, maintenance became an incredible burden. In essence, only one person knew the account automation system. New application integration requests would have to wait months for resources to free up. For applications allowing direct API integration, that meant some pour soul (me) would have to spend a fair amount of time just figuring out how this new application worked and what API calls were necessary. Moreover, when a vendor would suddenly change their API, that meant something was broken until there was time to fix it. The result was Service Desk team having to perform hundreds of manual operations in the mean time. Essentially, the maintainer could not scale with demand, let alone have the time to become an expert in every new application.
Continue reading “Account Management with JBoss BPM Suite”