1 / 29

vacman middleware 3.0

VACMAN Middleware 3.0. What is it? - Product PositioningStrong Authentication SolutionBased on One-Time-Password technologyHuge variety of supported tokens

libitha
Download Presentation

vacman middleware 3.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. ES Product Management | W. Kalny | 2006-11-28 1 VACMAN Middleware 3.0 Product Presentation

    3. VACMAN Middleware 3.0 Functionality 2 Major Functional Areas Supported Authentication Environments Administration

    4. Supported Authentication Environments

    5. Supported Authentication Environments

    6. Supported Authentication Environments

    7. Supported Authentication Environments

    9. Supported Authentication Environments

    10. Supported Authentication Environments

    11. VACMAN Middleware Data Model Following Record Types are provided by VM: DIGIPASS Record DIGIPASS User Account Record Component Record Policy Record Back-End Server Record Domain Record Organizational Unit Record

    12. VACMAN Middleware Data Model DIGIPASS Record for each DIGIPASS in use and contains: DIGIPASS serial number and model Names and paramaters of applications in DIGIPASS Status of various options (e.g. lock, etc.)

    13. VACMAN Middleware Data Model DIGIPASS User Account Record for each DIGIPASS user and contains Authentication Settings DIGIPASS assignment Using Active Directory: DIGIPASS User Account Record is attached to the AD user account as an auxiliary class. DIGIPASS User Account Record is not required for administration (AD account is used) Using ODBC Database: DIGIPASS User Account Record stored in standard database table Administrative Privileges assigned to User Account, therefore necessary

    14. VACMAN Middleware Data Model Component Record Created to represent: Authentication servers Authentication Client Components (RADIUS Clients, IIS Modules) Administration Client Components (when required) Main purposes for Component Records: For authentication clients to indicate that it is permitted to process an authentication request from that client and to specify an authentication policy For RADIUS clients to hold the shared secret To hold the license key for authentication servers and IIS Modules

    15. VACMAN Middleware Data Model Policy Record Contains settings that affects the user authentication process, e.g.: Whether Windows or RADIUS authentication should be used Whether various automatic management features should be used The DIGIPASS application types required Backup Virtual DIGIPASS settings

    16. VACMAN Middleware Data Model Back-End Server Record Required when a RADIUS server is used by VM for authentication. Possible to create more than one back-end server for fail-over purposes Possible to allocate different back-end RADIUS servers for different user domains

    17. VACMAN Middleware Data Model Domain Record Active Directory Environment: Each DIGIPASS and DIGIPASS User must belong to one of the pre-existing AD domains User-ID must be unique within a domain DIGIPASS Configuration Domain is required for installation purposes ODBC or Embedded Database Environments: Domains are included to: Mirror the AD domain structure Provide ability to limit administrative activities (delegated administration) Allocate un-assigned DIGIPASS records to different domains Master Domain required for default DIGIPASS assignment and administrative purposes

    18. VACMAN Middleware Data Model Organizational Units Records Active Directory Environment: DIGIPASS User Accounts and DIGIPASS records are stored in organizational units or the user container Special container – called DIGIPASS pool – created during installation for unassigned DIGIPASSes Administration dutied to be assigned to administrators per organizational unit ODBC or Embedded Database Environments: Domains are included to: Mirror the AD domain structure Provide ability to limit administrative activities (delegated administration) Allocate un-assigned DIGIPASS records to different organizational units

    19. The Authentication Process Policy Based Authentication For every authentication request, a Policy is identified that controls the process and defines the authentication features to be used. Policy to be used based on client component and organizational unit All policy settings now in one location (Policy Record) Additional flexibility through: Windows Group Check can be used for RADIUS For RADIUS Authentication, the RADIUS server or Windows can be checked only for certain events (not for every login) A RADIUS server can be used for IIS Modules For IIS Modules, Windows or the RADIUS server can be checked for every login. Policies may be set in hierarchies including inheriting attributes from one level to the other.

    20. DIGIPASS Assignment A whole DIGIPASS is assigned to a user (not just one application) – user can use all applications in DIGIPASS More than one DIGIPASS can be assigned to a user – user may be assigned a hardware DIGIPASS and a software DIGIPASS for different situations User accounts can share the same DIGIPASS – achieved by linking the two DIGIPASS User Account Records User Account Locking instead of DIGIPASS application locking Grace period feature applied to each DIGIPASS (instead to the User Account) Settings for Backup Virtual DIGIPASS now located in DIGIPASS Record (instead of DIGIPASS User Account Record)

    21. Extensive Authentication Settings User Identification by User ID and Domain Windows Name Resolution Simple Name Resolution Separate Domain Login field Default Domain Setting in Policy User ID Conventions Up to 255 characters (all characters allowed) for User ID and passwords (only 128 UTF-8 supported by RADIUS protocol) Unicode support

    22. Extensive Authentication Settings More Features Forwarding of authentication requests from 3rd RADIUS Server Supports more than one RADIUS authentication port Default RADIUS ports are now 1812/1813 Support for event based Digipass (using OATH) Self-Assignment process „2-Step“-Login for Primary Virtual Digipass and Challenge/Response authentication requests Login Failure Reasons are displayed in form-based IIS Modules Customizable Realm Name for the Login prompt in basic authentication IIS Module

    23. Active Directory Integration Storage of Digipass and User Data in Active Directory User account settings for VM stored as extension to normal AD user account (using Auxiliary Class) Digipass data stored with User accounts wherever they are located Digipass is moved to ist user‘s organizational unit during assignment procedure Location of unassigned Digipass is kept flexible Administration Directly with Active Directory Connectivity to Middleware server not rquired for administration Admin privileges not controlled by Middleware Server Middleware user account not required to perform administration

    24. Active Directory Integration Delegated Administration Granular privileges available set up in Active Directory Property Sets defined for common groupings of attributes Active Directory „Delegation of Control“-Wizard shows option for full Digipass adminsitration Administration Interface Full property sheet used for Digipass records Extensive bulk adminsitration operations (like Reset Application, Reset PIN, Force PIN Change) Administration MMC Interface used for configuration records Connection Handling Connections to Active Directory will be closed periodically and checked if another Domain Controller should be used instead. LDAP requests show excellent performance

    25. Extensive ODBC Database Support New embedded Database: PostgreSQL 8.1 Improved Support for Other ODBC Databases Microsoft SQL Server 2000 and 2005 Oracle 10g IBM DB2 8.2 Sybase Adaptive Server Anywhere 9.0 Domains and Organizational Units Where VM user accounts are based on WIN user accounts, Domains can be used to match WIN domains Domains and Organizational Units allow allocation of Digipass to quotas or geographical reality Domains and Organizational Units support delegated administration Service Provider can user Domain and Organizational Units to represent their customers

    26. Extensive ODBC Database Support Administration Controls Improved implementation to support larger scale and service provider environments Administrative privileges at individual operations level such as View Digipass, Reset Digipass Application, Update Policy Adminsitrative access to data controlled at the Domain and Organizational Units level Adminsitrative programs restricted to defined locations Maximum number of concurrent administrative sessions Policy for authentication of administrative logons available New Replication Mechanism High reliability through maintaining a queu of changes to transmit to disk Monitoring of replication process with detailed audit messages and monitoring of connection status and queue size

    27. Audit System Multiple Audit Methods available and configurable Text File Ouput Event Log Output ODBC Database Output Live Connection to Audit Viewer Ability to Analyze / Report on Audit Data Extensive message documentation Extensive search and filter functionality Audit Viewer Messages from different sources Flexible filtering Multiple Document Interface for report comparison Masseges to be viewed in different time zones

    28. TCL Command Line Administration Designed for scripted administration Implemented as an extension to the TCL scripting language Complex Bulk Administration Tasks Reporting of data in a data store

    29. Secure Licensing Model License Key to be loaded into the Data Store Number of users controlled through DPX files VASCO Licensing Web Site will only permit license keys for the correct number of Middleware Servers License Key to be obtained for each IIS module Main Administration MMC Interface provides ability to request and load licenses at any time

    30. Pricing Structure 4 Elements for a complete offer: Token prices (one time fee) Software Licenses for timely unlimited Usage (one time fee) Maintenance (annual fees) include support during business hours, software updates and bug fixes, annual user data license fees (were included in token prices in the past) Any services (one time fee) VS 6.x, VM 2.x to VM 3.0 upgrades available For customers with existing maintenance agreement: 70% discount For customers without existing maintenance agreement: 35% discount

    31. Migration Procedure Existing 2.3 customer sends PO to VASCO Customer receives invoice with respective discount (70% discount with Maintenance, 35% without) Customer receives software with new serial number Customer installs software and gets activation request code Customer activates software at licensing web page using serial number activation request code and receives the encrypted licensing key Customer copies licensing key into DAT directory of VM installation

    32. Available Documents

    33. Competition

    34. Thank you Any Questions? wkalny@vasco.com

More Related