1 / 45

one N et Information without boundaries. Access anytime, anywhere on any device.

Identity Management Novell Nsure Identity Manager Jānis Treijs JTreijs @novell. com. one N et Information without boundaries. Access anytime, anywhere on any device. :. :. :. Novell exteNd ™. Novell Nsure ™. Novell Nterprise ™. Novell Ngage SM. :.

Download Presentation

one N et Information without boundaries. Access anytime, anywhere on any device.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identity Management Novell Nsure Identity Manager Jānis Treijs JTreijs@novell.com • one Net • Information without boundaries. Access anytime, anywhere on any device.

  2. : : : Novell exteNd™ Novell Nsure™ Novell Nterprise™ Novell NgageSM : one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision

  3. : : : Novell exteNd™ Novell Nsure™ Novell Nterprise™ Novell NgageSM : Novell Nsure™ Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably. The one Net vision

  4. In the next hour… Your Mission Return to work ready to ask the questions your organization needs you to ask regarding Secure Identity Management

  5. rock? rope? snake? tree trunk? You can’t understand a subject just by analyzing its parts The blindmen and the elephant

  6. You also have to understand how the pieces fit together

  7. What is Identity Management? • Identity = how an individual (or entity) is represented within a heterogeneous IT system • Identity Management = streamlining the process of • managing user’s… • Access/accounts • Passwords • Information • Typical functions of Identity Management: • Directory • Identity Synchronization (Metadirectory) • Provisioning/De-provisioning • Role-based Administration • White Pages & User Self-Service • Secure Logging, Auditing, & Reporting

  8. Enable access to network resources and applications & delegation of administration Automate, protect and monitor enterprise and Internet resources and applications Integrate and manage identities and resource entitlements What is SIM?Secure Identity Management

  9. Secure identity management touches many diverse capabilities Personalized User Interface Web Based Access Auditing &Intrusion Detection Password Management Self Service Policy Driven Workflow Authoritative Identity Sourcing Authentication Remote Access Role Based Profiling Single Sign-on Content Aggregation

  10. B2B Employees Partners Customers The basic questions of secure identity management… Communities of Users What types of identities matter to your enterprise? What types of systems or resources should they have access to? Existing Systems Collaboration Transactions Docs/Content Utilities Network Packages

  11. Users consume Web Service Information Assembled into streamlined processes Systems abstracted as Web Services What is SOA?Services-oriented Architecture

  12. Web services Web services Web services Web services Web services Web services Services Enabling Existing Systems as Services Users and Devices Existing Systems

  13. Identity Store Web services Associating Services with Identities Users and Devices • Authenticate • Validate your identity • Determine your role • Authorize • Verify access rights Secure Identity Management Services Existing Systems

  14. Provisioning Services Based on Identity Users and Devices • Provision & personalize appropriate services • Enable single sign-on Secure Identity Management Services OperatingEnvironments

  15. B2B Employees Partners Customers Legacy Systems Application Infrastructure – exteNd Security Resource Management Identity Management – Nsure Identity Manager Network Services Collaboration Database Directory OS - Netware, Windows, Linux one NetNovell Enterprise Server Stack

  16. Making One Net Real: Service Around Identity Access & Authentication Services Novell’s offerings exploit the usage of entity attributes (identity) to construct shared services which can be managed and orchestrated through the use of declarative policies. Collaboration Services Directory & Identity InteractionServices Integration Services Networking & IT Resource Management Services Source: IDC.

  17. The common thread: Identity “Audits are focusing on identity issues because corporate governance, regulatory compliance, and security rely on identity, and the lack of solid identity management infrastructure creates business risk.” ―Jamie Lewis, The Burton Group July 2003 Security Business Facilitation Regulatory Compliance Cost Reduction & Productivity Service Level Business Drivers • Reach global customers • Tighter supplier relationships • More productive partnerships • Consistent security policy • Immediate system-wide access updates • Consistent identity data • Eliminate redundant administration tasks • Reduce helpdesk burden • Fast employee ramp-up • Focused, personalized content • Comprehensive profile view • Self-service • Role-based access • Protect personal information • Enable individuals to update profiles • Real-time visibility and disclosure Identity Management

  18. Novell Nsure Identity Manager 2 (formerly Novell DirXML)

  19. HR ERP Database OperatingSystem Mail Directory PBX Isolated Identities

  20. HR ERP Database OperatingSystem Mail Directory PBX Foundation: Integrated Identities Nsure Identity Manager

  21. What is Nsure Identity Manager 2? • Nsure Identity Manager provides comprehensive user lifecycle management of: • User Accounts/access rights • User Passwords • User Information • Capabilities: • Foundation - Identity Synchronization (Metadirectory) • Provisioning/Deprovisioning • Role-based administration (entitlements) • Password Management & User self-service • Secure Logging, Auditing, and Reporting

  22. Managing the User Lifecycle Provisioning Relationship Begins Promotion Routine UserAdministration Move Locations USERLIFECYCLE New Project Forgot Password PasswordManagement Relationship Ends Password Expires De-Provisioning

  23. vvilks Valdis Valdis_Vilks vvilks@uznemums.lv 9123456 Role-based User ProvisioningScenario: New employee, customer, partner, supplier HR System 1) A new user record is created in the HR system (or another authoritative source) HR Manager Valdis Vilks Linux Database Accounting Microsoft Exchange Identity Manager 2) Identity Manager captures the new user event Physical Resources 3) Identity Manager then creates an account in each connected system and synchronizes the appropriate information based on established business rules

  24. 1) The User record is deleted or disabled in the HR system (or another authoritative source) De-provisioningScenario: Relationship ends with employee or customer X HR System Linux X Database X Employee Valdis Vilks Accounting Microsoft Exchange X X Identity Manager Physical Resources X 2) Identity Manager captures the terminated user event 3) Identity Manager then revokes access to each connected system

  25. Routine User AdministrationScenario: Employee receives a Promotion Administration Tasks to Perform: ERP System 1- Remove (De-Provision) access to systems Linux Database X 2- Provision Access to new systems3- Passwords set on new systems X Accounting Microsoft Exchange Identity Manager Physical Resources Employee

  26. Routine User AdministrationScenario: Employee receives a Promotion Administration Tasks to Perform: Linux 1- Remove (De-Provision) access to systems HR System (371)7123-456 2- Provision Access to new systems3- Passwords set on new systems +371(712-3456) 4- Update Profile Information Collaboration Identity Manager 371-7123456 371-7123456 Physical Resources Legacy Database User visits the self-service portal to update their profile information (ex: new phone #) 371-7123-456 2) Identity manager captures the change event 3) The updated information is synchronized to all connected systems

  27. Identity Manager CN Bobby Department Sales 003456 Workforce ID E-mail bd@ab.com ADD Date of birth 2/15/1965 ADD 003456 HR Assoc. Assoc. bd@ab.com Email bd@ab.com EmpId 003456 Address Sales Dept Dept Sales Birthdate 2/15/65 DOB 15.2.1965 Name Bobby Doe Distributed ownership:Authoritative Data Sources HR E-mail

  28. Bobby CN Sales Department 003456 EmpId bd@ab.com E-mail 2/15/1965 2/15/1965 2/15/1965 Date of birth Email bd@ab.com Assoc. 003456 HR Assoc. 15.2.1965 2-15-65 bd@ab.com EmpId 003456 Address Sales Dept Dept Sales DOB Birthdate 15.2.1965 2-15-65 Data transformation HR E-mail

  29. Password Management • A suite of password-related security functions: • System-wide password policy • Establish password policy that will be used for and enforced on connected systems • Password self-service • Empower users to help themselves with forgotten passwords, password resets, changing passwords • Password distribution • Specify connected systems that will receive the organization’s common password, as defined in password policy • Bi-directional password synchronization • Manage the native password management activities in connected systems, ensuring consistency

  30. Password Policy • Administrators specify required properties of an acceptable password for systems throughout the enterprise • Examples of password policy controls: • Minimum/maximum number of characters • Minimum number of upper case characters • Minimum number of numerals • Password re-use forbidden • Password exclusion lists • Conformance is checked before allowing password to be distributed to all of the connected systems

  31. Password Self-Service • Administrators configure self-service policies • Challenge/Response options • Challenge/Response success actions (for example:) • Email hint • Reset to last good password • Display hint on the page • Allow users to change their password • Users configure their own hints and/or answers to challenge questions • Hint is not allowed to contain the password

  32. 1- Self-service portal is used to enter a new password. Connected Systems eDirectory Legacy NDS Active Directory/Exchange 2000 Windows NT Domains GroupWise Lotus Notes SunOne SAP User Management Network Information Service (NIS) Linux Solaris other UNIX Relational databases Oracle DB2 Sybase 2-Password is checked for conformance to policies Identity Manager Server 3- Password is set on user object in Identity Manager 4- Password is distributed to associated user objects on connected systems that support subscription to the password attribute Password Distribution

  33. Bi-directional Password Synchronization • Users can perform password management functions through native password interfaces • Windows NT (NT Domains) • Windows 2000 (Active Directory) • Windows 2003 (Active Directory) • eDirectory (all platforms) • NIS (Unix, Linux) • Identity Manager 2 detects the change and checks against policy • If successful, the password is distributed throughout the connected systems • If unsuccessful • Failure Notice sent via email • Password is reset to last good password

  34. Auditor or Administrator Secure Logging, Auditing, and Reporting(Integration with Novell Nsure Audit) Access Promotion Move Locations USERLIFECYCLE New Project Forgot Password Relationship Ends Password Expires

  35. Secure Logging Service Monitors Notifications Platform Agent Email SNMP SYSLOG CVR* Storage Java Logs Reports Logging & Reporting ArchitectureIdentity Manager logs all identity management activity Identity Manager *CVR – Critical Value Reset, eDirectory value reset function

  36. Provisioning Demo

  37. 1 2 3 Hewitt Associates automates account provisioning Approach Customer situation Business results • Create new user IDs and passwords in minutes, rather than days • Consolidated 80% of IDs and passwords • Eliminated costly and slow manual processes • Eliminated lingering access • Consolidate user information in Novell eDirectory • Synchronize identity information across major applications • Provision and close accounts automatically as people come and go • Use centralized identity vault for authentication • IT creates or modifies 100-150 user identities per week • Some associates needed 25-50 unique IDs and passwords • Providing access rights to a new hire took a week of manual processes

  38. Novell Identity Management Leadership “The metadirectory service Magic Quadrant shows the metadirectory market is maturing quickly, with Novell leading the pack toward the future.” Gartner Research Note August 2002 “We continue to view [Novell] DirXML as market leading technology” Gartner Research Note September 2003 Movement from last year’s MQ

  39. Burton Group: Novell has strongest position • “Novell is best positioned to leverage the obvious and important relationship between directory services and provisioning, and is doing so with new products.” • “Novell is currently in the strongest position.” • “Novell Nsure Identity Manager offers a logical migration path for existing eDirectory and DirXML customers, and its features and capabilities will also benefit non-Novell customers.” • --Gerry Gebel, Burton Group, • Quotes from 2002 & 2003

  40. Giga identifies Novell as a winner • “Microsoft and Novell emerge as early and obvious winners in the metadirectory market with products that have significant market penetration, the backing of stable and committed vendors and broad offerings in which their metadirectories serve a strategic purpose.” • Giga Research, September 2003

  41. The Market shows its support • Novell is the fastest growing top-ten vendor of identity management solutions, with 51.4% growth. • 2003 IDC reports

  42. Radicati places Novell in the lead • IBM, Microsoft and Novell are currently jockeying for position in the emerging identity management market. Novell currently leads the "full suite" market segment with 25% market share, with the others following closely. • Radicati Group, November 2003

  43. Comments and Questions

  44. Promos • NetWare 6.5 Promotion • New Licence – 47% off • NetWare 6.5 Upgrade Promotion • Upgrade - 40% off • Upgrade + Annual Upgrade Protection – 51% off • Upgrade + Full Term Upgrade Protection – 57% off • Netware/SUSE LINUX/Nterprise Linux Services • NetWare+Upgrade Protection -> -> SUSE LINUX + Nterprise Linux Services

More Related