-
User visits web application.
- User can view resource availability as unauthenticated user (availability recorded in web app database).
-
User logs in to web application.
- User information is authenticated against library SIP2 server:
- On failure: user is prompted to re-enter information
- On success:
- User's supplementary information (e.g., name) is added to web app database (unless exists). Password (PIN) is not saved to web app database.
- User account is created in ActiveDirectory (unless already exists). AD password is created from user's PIN (all information passed over SSL). Group and logon hours set to none.
- User information is authenticated against library SIP2 server:
-
User creates reservation (specifying date/time) for resource.
- Resource is marked as unavailable for specified time in web app database.
- User's AD group (used to control which remote desktops are accessible) and appropriate logon hours are scheduled to be set at some specific point before reservation. This scheduling is necessary due to how ActiveDirectory manages logon hours (on a weekly basis), and is handled by the web application.
-
User logs in to remote desktop using their library credentials.
- Currently, a user has to initiate connection from their Remote Desktop client (e.g., mstsc.exe), but it should be possible to create a link on the web application to initiate the connection (or at least provide a downloadable .rdp file that can be clicked to launch).
-
User works on remote desktop until reservation ends (logon hours expire).
- User receives warning about end of reservation.
- At some specific point after reservation ends, user's group and logon hours are set to none.
In my current model, a "resource" is just a remote desktop session. Depending on licensing options, etc., it may be preferable to set up different remote desktop environments.