200 likes | 393 Views
Component : Policy Director. User Administration : 사용자 등록 관리 Global Sign-On : 사용자 Log On 관리 Security Manager : 보안 정책 생성 및 적용 관리 Policy Director : 웹 서버 접근 관리 Privacy Manager : 개인 정보 접근 관리 Risk Manager : 침입 위험 관리 PKI : 공개 키를 이용한 인증 관리. Component : Policy Director - 특징.
E N D
Component: Policy Director • User Administration : 사용자 등록 관리 • Global Sign-On : 사용자 Log On 관리 • Security Manager : 보안 정책 생성 및 적용 관리 • Policy Director : 웹 서버 접근 관리 • Privacy Manager : 개인 정보 접근 관리 • Risk Manager : 침입 위험 관리 • PKI : 공개 키를 이용한 인증 관리
Component: Policy Director - 특징 • Addresses the top challenges of e-business security • Secure communication with • Customers • Business partners • Others • Centrally define/manage security policy e-business applications • Transparently enforce authorization policy • Through access control rights to Web applications • Support virtually any client device • Browsers • Pervasive devices that use Wireless Access Protocol(WAP)
Component: Policy Director - 특징(계속) • Use public key infrastructure (PKI)-based authentication • To access existing Web-based applications • No rewriting or modification of applications • Control access to legacy TCP/IP-based client/server applications • Provide single sign-on to Web-based applications • Access for the Right People at the Right Time • Reduce your cost of building security into new applications • Eliminate the need to write complex security code
Component: Policy Director - 특징(계속) • Secure Access to Enterprise Web Servers • WebSEAL server manages access to all your Web servers • Centrally control Web resources as one logical Web space • Intelligent load balancing over replicated servers • Effective server scalability and deployment • Provides a fail over capability • Automatically switch to a backup Web server.
Component: Policy Director - 특징(계속) • Supports authentication and access control of Web browsers • Through user IDs and passwords • Through client-side certificates • Through RSA SecureID tokens • Provides single sign-on access to the Web servers it secures • Single log on once to PD • Subsequent logons are handled transparently
Component: Policy Director - 특징(계속) • Secure Access to Legacy Client/Server Applications • Secures traditional Internet services • Telnet and TCP/IP-based legacy applications • Logon required for access • VPN support • Between NetSEAT client and NetSEAL server • End-to-end encryption
Component: Policy Director - 특징(계속) • Support for Many Standardized Features • Supports many open, industry standards • LDAP for the storage of user and group credentials • Supports Netscape/IBM SecureWay LDAP directories • Provides strong authentication to web-based resources • Using X.509 V3 client certificates • Support/manage for full Certificate Revocation List (CRL) • Real-time control of user access rights
Component: Policy Director - 특징(계속) • Authorization API (AuthAPI) implements • Open Group Authorization Service API (aznAPI) • Provides a common set of authorization services • Support multiple operating system environments • Logon required for access • Security application development API • Customized security environment • Authorization decision-making possible in applications
Component: Policy Director - 특징(계속) • Integration with Other Tivoli Products • Foundation for Policy Director for Application Servers • Adds security support for CORBA applications • Logon required for access • Backbone for Tivoli SecureWay Privacy Manager • Integrates with Tivoli SecureWay PKI • Identifies users to PD access • Identifies PD to Web browsers
Component: Policy Director - 특징(계속) • Can configure PD as a logon target for Global Sign-On • Provide single sign-on across enterprise • Enables users to access resources across the enterprise • Integration with UA and SM • Allows PD user creation from UA console • Allows security policies from SM console
Component: Policy Director - Architecture Smart Junction Logical Web Space Firewall A 사용자 1 권한: A, B Policy Director WebSEAL B Authorization Database 사용자 2 권한: B, C C
Component: Policy Director - 효과 • Application과 보안의 독립 • No Agent Code • No Security Code • Centralized Single Point Control • Authentication • Authorization • e-Commerce Infra Enabler • Virtual Web Server Integration • 생산성 증대 • 관리 효율성 향상 IBM Netscape Apache Microsoft Permit Deny Policy Director Single Point Access Control User
Component: Policy Director - Platform • Server • IBM RS/6000 • Sun SPARC • Intel x86 or Pentium • IBM AIX 4.3.1 • Sun Solaris 2.6 • Windows NT 4.0 • HP-UX 11.0 • Client • Windows 95 • Windows 98 • Windows NT 4.0
Component: Policy Director - GM General Motors • 세계 최대 자동차 제조 회사 • Policy Director를 이용하여 GM/협력사 적용업무에 대한 안전한 웹 포탈 서비스를 제공 • 일만개의 직접 공급사를 지원하는 확장 가능성을 제공 • 공급사들이 GM의 웹서버 자원을 직접 관리함으로써 사업의 활성화를 유도 "Policy Director authorization and access control technology has been instrumental in helping us build several of our most strategic e-business initiatives -- in particular our Global Supplier Network and our intranet capabilities. " Ralph Szygenda - Vice President and Chief Information Officer, General Motors.
Component: Policy Director - RowePrice T.RowePrice • 뮤추얼 펀드, 자산 관리 서비스 제공 회사 • Policy Director를 이용하여 자사의 고객을 대상으로 하는 e-commerce 시스템의 보안 솔루션 구축 • Legacy 시스템과 웹 기반의 시스템의 원활한 연동 • Scalability와 extensibility 가 가장 큰 장점
Component: Policy Director - KLM KLM • Major 국제 항공사 • Policy Director를 이용하여 “Crew WorkStation” mission-critical 어플리케이션을 위한 웹 포탈 사이트 구축 • 중앙집중식 접근 통제 시스템 / 중앙 접근 통제 관리 시스템 구축 "Using Tivoli's Policy Director solution for our new Cockpit and Cabin Crew System had a very positive effect on the business case. It's central management allows for reduced TCO while the need of not writing 'permissions' -identification and access control - into each application but using a central policy scheme improved the ROI.” Bert van Wijk, Head of KLM Cabin Crew Projects
Component: Policy Director - 국내 동아일보사 • 국내 Major 언론사 • Policy Director를 이용하여 기자들을 위한Secure-Intranet 웹 사이트 구축 • 특징 : Tivoli PKI와의 연동으로 사용자 인증 방식 강화 국세청 • 국내 주요 관청 • Policy Director를 이용하여 국세청 Secure-Internet 웹 사이트 구축 • 특징 : 웹 관리자를 위한 인증과 Access Control 기능 제공으로 일반 사용자와 관리자의 접근 분리
Component: Policy Director - Reference • ABN/Amro • ABP • ADP • Aduanas • Aetna Insurance • Ahold • Air Tran • Alfa Laval • AmeriSource Corp • Anico • APNT • AT&T • Banco Banesco • Banco Itau • Banco Rio • Banco Santander • Banco Weise Sudameris • Banesto • Bangkok Bank • Banrural • Barclays • Expedium • Federal Reserve Bank • Fireman’s Fund • First USA • Freddie Mac • Frieghtliner • GKM Chep Ltd. • GM • Group Health (Kaiser) • HIT • HSBC • Hundai • I2 • ICCREA • IKON • Independent BC/BS • ING Bank • Baxter Health • BBV • Bell Atlantic Internet • Bell Canada • BC/BS of IL/TX • BC/BS of Kansas • BG • British Airways • Burlington Industries • CanTV • Capital BC/BS • Cari Varona • Cargill • CGU Insurance • Chase Manhattan Bank • CP Rail • Dascom – J • Delta Lloyd Insurance • Den Danske Bank • Dept. of Justice • Deutsche Telecom • DTCC
Component: Policy Director - Reference • Telcordia/Belcore • Telstra • Texas Farm Bureau • Tokyo Marines • Winn Dixie • WM Data • YKB • United Airlines • Universidad Autonoma de Campo • University of MA • VW Gedas • Washington State University • Westpac Banking Corp. • Westvaco • Whirlpool • Intessa • Investment Banker’s Trust • Jaztel • John Deere • Juske Bank • KBC • Kemper Insurance • KLM • Kotak Securities • Kreditkassen • Leader Systems • Maersk • Matsushita • Met Life • Multrix • Mutual of Omaha • Navistar • Navy Credit • NCM • New York Stock Exchange • NTT • Panasonic • Partima • Pershing • Ralston Purina • Safelite Autoglass • SBC • SEB • Shell Canada • St. Paul Insurance • State of NJ • State of Ohio • State of Washington • SunTrust