1 / 30

Maximizing benefits of Active Directory

Maximizing benefits of Active Directory . Oliver Keizers Regional Manager oliver.keizers@netiq.com. Agenda. What We Will Cover Maximizing Your Return on Active Directory Lower the Cost of Administration Increase Internal Security Ensure Regulatory Compliance What’s New Summary

pascale
Download Presentation

Maximizing benefits of Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Maximizing benefits of Active Directory Oliver Keizers Regional Manager oliver.keizers@netiq.com

  2. Agenda • What We Will Cover • Maximizing Your Return on Active Directory • Lower the Cost of Administration • Increase Internal Security • Ensure Regulatory Compliance • What’s New • Summary • What You Should Walk Away With • How to securely manage users • Ways to automate account management • How to utilize more of Active Directory

  3. Maximizing Your Return On Active Directory

  4. Challenges Managing With AD

  5. NetIQ Administration Solutions • NetIQ Administration solution helps: • Lower the Cost of Administration • Task delegation • End user self service • Provisioning automation • Increase Internal Security • Layered security • Change control • Ensure Regulatory Compliance • Secure delegation • Centralized auditing

  6. Security Administration SuiteTask Appropriate Directory Access Securing and Maintaining the Directory AD Architect / Security Admin Administering Users/Resources and Maintaining Directory Info Desktop Configuration and Lockdown LAYERED SECURITY ARCHITECTURE Desktop Management / Group Policy Admin Departmental Admin / Help Desk Admin

  7. Security Administration SuiteTask Appropriate Directory Access AD Architect / Security Admin Direct/native access for auditing and management of the Active Directory security model and similar tasks that require a high level of privilege. Protected access for tasks that require low levels of privilege, and high levels of auditing, automation and extensibility. Offline access for sensitive tasks that can impact the entire enterprise environment if performed online. LAYERED SECURITY ARCHITECTURE Desktop Management / Group Policy Admin Departmental Admin / Help Desk Admin

  8. Security Administration SuiteTask Appropriate Directory Access AD Architect / Security Admin Desktop Management / Group Policy Admin Departmental Admin / Help Desk Admin

  9. Lower Administration Cost

  10. Lower The Cost of Administration • Task Delegation • Allow service administrators to control group membership • Allow help desk to start/stop services or print queues • Allow NT and AD management from same console • Provisioning • HR driven account creation • Create home dir w/new user • Self Service • White pages updates • End user password reset

  11. End User Password Self Service • Lowers Costs:Reduce help desk calls. • Web-based, self service for password resets and unlocks • Synchronizes password change across affiliated accounts • Enhances Security:No more Post-Its. • Challenge response authentication lets users securely reset their own passwords, so they don’t need to write it down • Increases Productivity:Less user downtime. • Automatically direct reset to user’s nearest domain controller so updates happen near real time • Kiosk account so locked out user can get to self service site • My Passwords • a67RTu11 • bb4567aw

  12. Increase Security

  13. Increase Internal Security • Centralized Auditing • “Who reset CEO’s password last night?” • Layered Security Architecture • Protect your corporate jewels… • …Minimize direct access to the vault • Secure Group Policy Mgmt • Offline test environment • Online changes are immediate! • No native permissions needed • Real time monitoring of changes

  14. Ensure Regulatory Compliance • Segregation of Duties • Secure delegation – No way to escalate privilege • Take away privileges when roles change • Centrally audit activity • Permissions Management • Who has access in AD • Who has access to files • Implement role based security • Change Control • Prevent live GPO changes

  15. What’s in it?

  16. Directory & Resource Administrator • The What • Secure Delegation • Centralized Auditing • Automate Tasks • Enforce Policies • The Why • Offload tasks to help desk • Know who accessed what, when • Reduce repetitive work • Keep AD content accurate • The How • No users have privilege in AD • All actions logged • Pre and post action triggers • Client side enforcement Unique single console for NT and AD

  17. Directory Security Administrator • The What • Native ACL Administration • Role Based Security • Permissions Search • The Why • Manage within Active Directory • Easier privilege management • See who can do what • The How • Store data within AD • Support for security templates • Search and reporting features

  18. Group Policy Administrator • The What • Change & Release Mgmt • Offline RSoP • Secure Delegation • The Why • Prevent configuration errors • “What-if” analysis w/o • deploying to production • No need for permissions in AD • The How • Offline Group Policy Repository • Offline change simulation • Similar model as DRA delegation Unique offline management capability

  19. What’s more?

  20. Group Policy Guardian • What Does It Do? • Real-time change monitoring • Audit trail of activity • Why Is This Important? • Large investment bank lost • hours of trading due to • undetected setting change! • Not if they had GPG. Native integration to AppMgr, MOM, SM

  21. Secure Password Administrator • Key Capabilities • Password Resets & Unlocks • Password Synchronization • Secure Self Service • Why Is This Important • Reduces calls to help desk • Keeps accounts in synch • Prevents account hijacking

  22. Extending Beyond Native Tools

  23. Extending Beyond Native Tools

  24. Web Console! NetIQ ADU&C

  25. Extending Beyond GPMC

  26. Wizards! NetIQ GPMC

  27. Summary

  28. Summary: Why NetIQ and SAS? • Fastest Time to Value • Quick install, ease of use, superior customization • Unique Layered Security Architecture • Enhance security AND lower TCO • Unique Administration Products • Offline management and real time alerting on Group Policies • Delegated file level security management • Unique End to End Windows Management • Migrate: User and account & Exchange migration, server consolidation • Manage: AD, NT, Exchange, file security & password mgmt • Monitor: Systems and Applications management • Secure: Vulnerability and security management

  29. Questions? Oliver Keizers, Regional Manager, oliver.keizers@netiq.com

More Related