overview of identity and access management product line
Post on 14-May-2015
3.694 Views
Preview:
DESCRIPTION
TRANSCRIPT
Overview of Identity and Access Management Product Line
© Novell, Inc. All rights reserved.2
Presenters
Ajay SharmaProduct Marketing Manager
Baber AminBusiness Line Manager,Novell, Inc. baber@novell.com
Bob BentleyProduct ManagerNovell, Inc. bbentley@novell.com
Kamal NarayanProduct ManagerNovell, Inc. nkamal@novell.com
Lee HowarthProduct Manager,Novell, Inc. lhowarth@novell.com
© Novell, Inc. All rights reserved.3
Risk to The Enterprise is Rising
© Novell, Inc. All rights reserved.4
Complex Times, Complex Challenges
• How do I manage changes to user identities and access rights?
• How do I improve the productivity of my IT staff and end users?
• How do I reduce password-related calls to the helpdesk due to stronger password policies?
• How do I ensure that users have the right access to systems so I can minimize risk?
• How do I manage access for partners, customers and other users outside my organization?
• How do I maintain strong, agile control over resource and information access to comply with current regulations?
© Novell, Inc. All rights reserved.5
Novell® Identity and Access Management Solutions
Novell Identity and Access Management solutions help you address the fundamental problem of managing “who has access to what,” so you can trust that your business is secure.
© Novell, Inc. All rights reserved.6
Identity and Security Solutions
Identity and Access Management Capabilities• User Provisioning and
Management
• Roles Management
• Simplified, Secure Access
© Novell, Inc. All rights reserved.7
Identity and Security Solutions
Identity and Access Management Products
• Novell® Identity Manager
• Novell Access Manager™
• Novell SecureLogin
© Novell, Inc. All rights reserved.8
Novell® Identity and Access Management Solutions Capabilities
User Provisioning and Management
Simplified, Secure Access
Roles Management
IT EndUser
Line-of-Business Manager
Novell® Identity ManagerOverview
Bob BentleyProduct ManagerNovell, Inc./ bbentley@novell.com
Kamal NayaranProduct ManagerNovell, Inc. /nkamal@novell.com
© Novell, Inc. All rights reserved.10
Novell® Identity Manager
Enable your organization to be more open and agile without limiting security, control or compliance.
Integrate, automate, and secure access to information for customers, partners, and employees.
Maintain clear visibility of people, actions, and compliance, past and present.
The result: Simplify and secure the enterprise while controlling costs and meeting regulatory demands.
© Novell, Inc. All rights reserved.11
Your Identity Challenges
• Provisioning new users - Users wait up to 3 weeks for activated accounts
• Managing users - Help desk costs $25-40 per call for password resets, with 25-35% of calls related to password resets
• De-provisioning users - 30-60% of existing accounts are invalid• Deploying new initiatives - Up to 30% of development time is for
controlling access to applications and data• Reconciling user data - 100+ user data sources at typical firm
provide out-of-sync and untrustworthy identity data• Protecting trust - Many new privacy and regulatory requirements
around the world• Achieving compliance – Up to 25% of IT budget is consumed to
support compliance
© Novell, Inc. All rights reserved.12
How Does Novell® Identity Manager Help?Security• Revoke system access in minutes, not
days
• Manage all password policies centrally
• People get access to only what they need based on business roles
• Eliminate siloed and duplicative systems
Compliance• Clear visibility into who has access to
what, when and how they got it, and who approved it
• Historical/forensic review of access
• Insightful risk metrics illuminate compliance conflicts
• Easy policy updates to stay current
• Instant documentation for auditors
Cost• Reduce your help desk costs by 40%
• Automate manual processes and work-flows
• Extend the value of legacy applications
• Simplified implementation and administration
• End vendor lock-in and high switching costs
Agility• Integrate new businesses in days, not
months
• Hire a new employee and have all their systems ready automatically on their start date
• Empower users with provisioning control
• Have business decisions drive IT and not the other way round
© Novell, Inc. All rights reserved.13
Novell® Identity Manager 4 Product Family
Compliance Management Platform
IDM 4 “Dorado”
IDM 4 “Capricorn”
© Novell, Inc. All rights reserved.14
Identity Manager Architecture Logical View
ApplicationsDirectories
OS and File Systems
DatabasesTelephone and Building Access
Help DeskCloud and SaaS
Credentialing
Real-time Data Integrity
RBAC Model
Work-flow System
Identity Vault
White Pages/ Self-Service/ Pwd Mgmt
Business Resource Request
Role-based User Mgmt/ Deleg Admin
Approval Work-flow
Key Functional Capabilities
Mobile WebtopYour Portal/
Web Services/ Custom
Business Managers
CISO Compliance/ Auditor
Employees
Major Components
Connectors
Customers/ Partners/
Contractors
Advanced Reporting
and Metrics
Historical Reporting
Warehouse
Developers and Consultants
Role and Policy
Mapping
Compliance Content
Open APIs Deployment and Mgmt
Tools
© Novell, Inc. All rights reserved.15
Identity Manager in Operation
Promotion
Forgot Password
Password Expires
x?
New Project
Move Locations
Employee,Customer,Partner,Volunteer
RelationshipBegins
Auditor,Security Lead
Manager,Resource Owner
PROVISION ROLE-BASED USERADMINISTRATION
REQUEST ANDAPPROVAL
PASSWORDMANAGEMENT
RelationshipEnds
PASSWORDMANAGEMENT
REPORT ANDMONITOR
© Novell, Inc. All rights reserved.16
Industry- Leading Provisioning
• Automated Provisioning– New employees automatically granted access to
everything needed on their first day– Robust request and approval workflow system– Revoked access occurs in minutes
• Role-based Management– Automatically assigns and updates resources based
on users' business roles– Respects Segregation of Duties between roles
• Identity Data Synchronization– Maintains integrity of user information throughout the
organization– Enforces authority of identity information—the right
data from the right sources– Updates propagate within moments
The right people get access to the right resources at the right time, and nothing else.
© Novell, Inc. All rights reserved.17
Powerful User Tools
• Password Management– Enforce system-wide strong password policies– Password management webtop helps users
change or recover passwords– Bi-directional password synchronization
• User Self-Service– Users can initiate their own access requests and
password changes– Significantly reduces management costs and time
to productivity
• Delegated Administration– Business managers or department leaders can
manage their users, reducing dependence and burden on IT
Empowering users with critical tools while enforcing appropriate security and reducing your costs.
© Novell, Inc. All rights reserved.18
Advanced Reporting and Metrics
• Insightful reports– Variety of out-of-the-box report templates– Reporting on present and past states,
plus activity over time– Spans both the Identity Vault and connected systems– Ready report customization through open report
template standards
• Robust automation– Visual report scheduling – one time or recurring– Policy-based data collection and storage– Automatic report distribution to critical stakeholders
and storage of completed reports
• Powerful compliance support– Current and forensic review of identity and user
provisioning related data
Meaningful insight into how your organization's mission critical user provisioning is operating, and the ability to prove compliance.
© Novell, Inc. All rights reserved.19
Policy Mapping and Integration
• Role Mapping Administrator– Automatically discovers authorizations that can be
granted within your major IT systems– Allows business users (not just consultants, IT staff or
developers) to define and maintain which authorizations are associated with business roles
– Result: associated authorizations are automatically provisioned to business role members
• Breakthrough innovation in how your identity system is “programmed”
– Visual, drag and drop, business-user-friendly tool– Order-of-magnitude reduction in time, effort, cost– Applies to both initial setup and ongoing maintenance
of policy to keep it business-relevant
• Sustainable access compliance – Works between Novell® IDM, SAP, SharePoint, etc.
Letting business users Intelligently connect the policy dots between the major IT systems your organization depends on.
© Novell, Inc. All rights reserved.20
Ready for Cloud Computing
• Uniquely ready for the challenges of the Cloud Computing
– Cloud-ready architecture makes the location of resources transparent—on-site, hosted, or both
– User organizations enjoy the same security, management capabilities and predictability whether inside the organization or out in the cloud
• Seamless integration with SaaS and hosted solutions
– User provisioning/de-provisioning, request/approval processes, password changes, identity profile updates, reporting, etc.
• Powerful tools make the hosted business model transparent, scalable and efficient
– SaaS application support with scalability and high availability to ensure compliant SaaS processes
Ensuring your organization is ready for—and taking full advantage of—cutting edge IT trends.
© Novell, Inc. All rights reserved.21
Intelligent Content Control
Allows customization of IDM to your environment without getting painted into a corner
• Protects your configuration IP and simplifies troubleshooting
– Leverages and protects your tremendous investments in policies, work-flow definitions, and other configuration
– Alerts you when you're changing something that is used in multiple places and could have unintended effects
– 'Factory Mode' temporarily overrides any changes made and/or allows return to clean slate
• Enables content libraries– Capture, archive, share, reuse good policy elements– Integrators can create their unique 'canonical' approach
• Future: Out-of-the-box Business Relevance via Compliance Content Packs from Novell®
– Addressing key compliance needs aligning to regulations such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II, FERC/NERC, etc.
© Novell, Inc. All rights reserved.22
Improved User Experience
Providing controls in the hands of users to enhance productivity
• Work Dashboard– A single consolidated view bringing together upcoming
tasks, resource and role assignment, status of outstanding requests, etc.
– “Much less clicking”
• Resource Model and Assignments Dashboard– A clear, easily understood view of who currently has
access to what– Eliminates the “tech speak gap” for ordinary users who
need to make decisions about who should get what
• Built in SSO Support– Out-of-the-box integration with AD/Kerberos ticket
systems, SAML assertions, and SAP Logon ticket systems
– Eliminates the need for an external SSO tool when accessing IDM
© Novell, Inc. All rights reserved.23
New Work Dashboard
© Novell, Inc. All rights reserved.24
Industry-leading Deployment Tools
• Designer– Model, deploy and document identity policies– Explore “what if” scenarios– Version control, save/archive and reuse efforts– Up to 50% less cost in deployment
• Analyzer– Evaluate, cleanse and prepare identity data within
systems to be managed– Up to 80% less time and effort in
manual-intensive prep work
Bringing the “industrial revolution” to the highly manual, expensive process of rolling out identity management.
© Novell, Inc. All rights reserved.25
Development Platform
• True identity services architecture– Modular, accessible functions
• Easily consumed into your environment (“mashup”)
– Your company portal
– Custom or mobile application
– Help desk or other business processes
• Over 100 standards-based identity services
– REST, SOAP, LDAP, JDBC, etc.
– Management and end-user actions
Easily consume, manage and interact with identity management functions however you need to.
© Novell, Inc. All rights reserved.26
Information Security Magazine 2007 and 2008Reader's Choice AwardNovell Identity Manager, this year's identity management winner is widely regarded as the market leader, automating user provisioning to get employees what they need—and only what they need—to get to work quickly.
—Second year in a row, Gold Medalist
2007 Global Product Excellence Customer Trust Award• Novell® Identity Manager 3.5 for Excellence in Identity Management• Novell® Access Manager™ for Excellence in Access Management• Novell® Sentinel™ 6 for Excellence in Security Management
2008 SIIA 23rd Annual Codie Awards“Best Security Solution • Novell Identity and Security Management Portfolio, Novell, Inc.”
“For large and growing mid-sized organizations Novell Identity Manager 3.5 is our hands-down choice. For functionality, ease of use, and overall support, we rate this our Best Buy”. - SC Magazine
Award-Winning TechnologyAhead of the Competition
© Novell, Inc. All rights reserved.27
Industry's Best Partners
© Novell, Inc. All rights reserved.28
Nearly 7000 Customers
© Novell, Inc. All rights reserved.29
www.novell.com/identitymanager
Novell® Access Manager™
Lee HowarthProduct Manager,Novell, Inc. /lhowarth@novell.com
© Novell, Inc. All rights reserved.31
Novell® Access Manager™
Single solution protects both Web and enterprise applications
Enables organizations to rapidly deploy secure online services
Designed to help reduce management overhead and infrastructure costs
Integrated Identity Federation – Out of the box support for all major specifications
© Novell, Inc. All rights reserved.32
Customer Pain Points
Security and Compliance• Need to provide secure access to resources• Need to prove who accessed what• Users have too many IDs and passwords to remember
Cost and Complexity• Many different Web applications• Infrastructure costs are too high• Help desk costs are too high
Agility• Constant changes to the environment: new applications added
all the time and identity stores scattered across the enterprise• Need to deliver partner-enabled services (SSO)• Acquisitions
© Novell, Inc. All rights reserved.33
How Does Novell® Access Manager™ Help?
Protects Web and enterprise applications (Web and SSL VPN)
Provides Web SSO
Provides advanced levels of authentication
Provides traceability (Who logged in and where did they go)
Provides Web SSO without modification to Web servers
No need for separate SSL VPN and/or VPN solution
Reduces infrastructure Costs (SSL certificates and IP addresses)
Federation enables existing applications
Supports any standard HTTP Web server
Supports multiple identity stores in any combination
Integrated identity federation
Costand Complexity
BusinessAgility
Securityand Compliance
© Novell, Inc. All rights reserved.34
Novell Access Manager™ Components
© Novell, Inc. All rights reserved.35
Product Milestones Since 2009
• Novell® Access Manger™ 3.1 – Jan 2009– WS-Federation and Information Card Support
– SSL VPN Enhancements
– Improved Administration
– Additional Platform Support
– Additional APIs• Novell Access Manager 3.1 SP1 – July 2009
– Identity Server Session Failover– Non-Redirected Login
– Full Tunneling SSLVPN
– Customized Login Page Enhancements
– Session-based Logging
© Novell, Inc. All rights reserved.36
WS-Federation and Information Cards
• Comprehensive SSO– Builds on the strengths of Novell® Access Manager™ 3.0 – out of
the box SSO to any standard web server
– Adds WS-Federation to SAML and Liberty Alliance support
– Adds support for Windows CardSpace (Information Cards)• Microsoft SharePoint Integration
– Worked closely with Microsoft to develop an test ADFS-based SSO
– Perfect solution for enterprises that use a primary identity store other than Active Directory (Novell eDirectory™, Sun etc).
– Transforms Identity (LDAP / Federation) into ADFS-claims that can be used for policy decisions in MS SharePoint
© Novell, Inc. All rights reserved.37
Managing Access to SharePointArchitectural View
• SharePoint user management for multiple communities– Options:
> Manual registration / management> Identity management / provisioning
– Issues> Increases management overhead> Doesn't support federated access beyond WS-Federation
Sun One“Customers”
Active Directory
“BusinessUnits”
eDirectory™
“Employees”
Active Directory
“SharePoint”
MicrosoftSharePoint
© Novell, Inc. All rights reserved.38
Managing Access to SharePoint with Novell® Access Manager™
• Simplified access to MS SharePoint– User authenticates to Access Manager
(Direct or Federated)> Access Manager can validate identities across
multiple identity stores as well as federated authentication from partners using SAML, WS-Fed or Liberty Alliance
– User accesses SharePoint> Access Manager transforms LDAP and
federated identity into claims that are forwarded to Active Directory Federation Services (ADFS)
– SharePoint Administrator – Mr. Happy> Associates claims to SharePoint groups> No need to manage individual identities for all
users that need to access SharePoint
– Improved user experience> Single Sign-On to SharePoint and
other Web resources protected by Access Manager
Sun One“Customers”
Active Directory
“BusinessUnits”
eDirectory™
“Employees”
Active Directory
“SharePoint”
NovellAccess
Manager
MicrosoftSharePoint
Access Managertransforms LDAP
and FederatedIdentity into ADFS
claims
© Novell, Inc. All rights reserved.39
SSL VPN Enhancements
• Simplified Deployment– Removed dependency on Access Gateway authentication• Perfect for remote offices
• Improved Management– Client Integrity Checking Level authorization policies– Role-based control of client (Enterprise or Kiosk)
• Security Enhancements– Desktop Cleanup• History, Cache
– Secure Folder
© Novell, Inc. All rights reserved.40
Management and Customization
• Streamlined Management Interface– Lower level policies to govern delegated administration
• Authorization API– Enables integration with non-LDAP policy information
points– Adds to existing authentication and identity injection APIs
• Additional Platform Support– Windows Server for Identity and Admin Servers– AIX version of J2EE Agent for IBM WebSphere
© Novell, Inc. All rights reserved.41
Future Releases
• Novell® Access Manager™ 3.1 SP2 – April 2010– Timeout per protected resource– SAML/eGov Certification– Access Gateway Service
• Novell Access Manager futures – Web Agent Enforcement Points– SAML Enhancements (Simplified Configuration)– Performance Optimization in Virtual Environments – Identity Services– Single Box Installation
© Novell, Inc. All rights reserved.42
www.novell.com/accessmanager
Novell® Secure Login
Baber AminBusiness Line Manager,Novell, Inc. /baber@novell.com
© Novell, Inc. All rights reserved.44
Novell® SecureLogin
• Enable single sign-on to Web, JAVA and enterprise applications
• Reduce costs• Enhance security with improved
productivity • Support compliance efforts
© Novell, Inc. All rights reserved.45
Novell SecureLogin Mitigates Risk
© Novell, Inc. All rights reserved.46
Novell SecureLogin Reduces Costs
© Novell, Inc. All rights reserved.47
Novell® SecureLogin Improves Productivity
© Novell, Inc. All rights reserved.48
Novell® SecureLogin and Compliance
© Novell, Inc. All rights reserved.49
Novell® SecureLogin
© Novell, Inc. All rights reserved.50
Password Synchronization
SAP
Mainframe
Win32
SAP App
Workstation
Network OS
Win32 App
Mainframe
NOS
Username 1 / Password
Username 2 / Password
Username 3 / Password
Username 4 / Password
Synchronized passwords are limited to the “lowest common denominator” of the connected systems.
Password:123456
Password:123456
Password:123456
Password:123456
© Novell, Inc. All rights reserved.51
Enterprise Single Sign-on
User Workstation
Novell SecureLogin
SAP
Mainframe
Win32
NOS
Password:123456
Password:john077
Password:carpediem09
Password:surferdude85
Gmail
Password:jj2500
Partner App
Password:acme01
Passwords are as strong as each application will permit.
© Novell, Inc. All rights reserved.52
Pre-provision User Credentials Supplemented by ESSO
Novell Identity Manager
Identity & Credential Store (eDirectory)
SAP HR E-mail Linux Mainframe
Password:FV25I68
Password:mfe009678
User
Novell SecureLogin
© Novell, Inc. All rights reserved.53
Web Access Management Supplemented by ESSO
Internal Web Applications
Portal Interface
External Web Applications
Novell SecureLogin
User
DirectoryWeb Access Management Infrastructure
Expense Reporting
Benefits
Time Off
Partner App
Web Mail
© Novell, Inc. All rights reserved.54
Novell® SecureLogin
20111H 2010 2H 2010
• Windows 7 support• Oracle Forms • .NET and basic WPF support• SAP environment support
NSL 7.0 SP1
• Emergency access capability• Integrated OTP • eSSO to SaaS applications • Flash application support
NSL 7.x
• UCF driven reports• Automated patch
management• Modular Client• Supporting delegated
access• Enhanced support for re-
authentication• FDE support
NSL 7.x
2H 2010
• eSSO Server / appliance offering
• Zero day upgrade• Modular Client• Automated patch
management
NSL 7.x
© Novell, Inc. All rights reserved.55
For More Information
• Visit table A5 in IT Central• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle
Management– IAM207: SecureLogin and Your Active Directory Setup– IAM302: Using Hard Disk Encryption and SecureLogin– IAM303: Enhancing SecureLogin with Multi-factor Authentication– IAM304: Securing Shared Workstation with SecureLogin
• Walk through the SecureLogin demo in the Installation and Migration Depot
• Visit www.novell.com/securelogin
Try SecureLogin for Yourself
We'll install SecureLogin on your machine (for free).
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
top related