web access management in the cloud: problem solved! · web access management in the cloud: problem...
TRANSCRIPT
WebAccessManagementintheCloud:ProblemSolved!SingleSignOn,SessionManagementandhowtouseyourexistingon-premisesAccessManagementsolutiontoprotectapplicationsintheCloud
2www.idfconnect.com
Server-sideApplicationIntegration
AJAX/Mobile/ThickClientApplicationIntegration
ApplicationsintheCloud
WAM-as-a-Service
"Agent-less"Infrastructure
5SSO/RestUseCases
SSO/RestSolvesManyChallenges
3www.idfconnect.com
TheSituation
50ormoreapplicationsintegratedwithyouron-premisesWAMinfrastructure
Multipleuserdirectories
MultiplePasswordpolicies
Multipleauthenticationmechanisms
ACommonQuandary!
Constraints
NOnewfirewallports
NOcloud-to-datacenterVPNs
NOsyncing/pushingemployeecredentialstothecloud
KeyQuestion HowdoweleverageourexistingWAMinfrastructuretohandleplatforms&applicationsinthepubliccloud?
4www.idfconnect.com
AuthenticationManagement
AccessControlEnforcement
SingleSignOn
IdleSessionTimeout
SessionMaximumTime-to-Live
CentralizedAudit
WebAccessManagement
06 01
02
0304
05
ACompleteWebAccessManagementSolution
5www.idfconnect.com
CentralizedAudit
CentralizedAudit
WAMGapsintheCloud
AuthenticationManagement
AccessControlEnforcement
SingleSignOn
IdleSessionTimeout
SessionMaximumTime-to-Live
01
03
06
SessionMaximumTime-to-Live
IdleSessionTimeout
AccessControlEnforcement
02WebAccessManagement(Gapsinthe
Cloud)
04
05
6www.idfconnect.com
AccessControlEnforcement
IdleSessionTimeout
SessionMaximumTime-to-Live
CentralizedAudit
CentralizedAudit
WAMGapsintheCloudAllSolvedbySSO/Rest
AuthenticationManagement
AccessControlEnforcement
SingleSignOn
IdleSessionTimeout
SessionMaximumTime-to-Live
01
03
06
02WebAccessManagement(Gapsinthe
Cloud)
04
05
7www.idfconnect.com
Remember:FederationisNOTtheSameasWebAccessManagement
Federation WebAccessManagement(WAM)
One-timehandofffrompartnerIDP
LimitedlogoutcapabilityPerimeterDefense
Audit
Accesscontrol
www.yourwebsite.com
future business
PolicyEnforcementPoint(PEP)
PolicyDecisionPoint(PDP)
www.yourwebsite.com
future business
Authentication
Sessionlifecyclemanagement
8www.idfconnect.com
TheSSO/RestSolution
A
B
C
D
SSO/Restcombinesexisting
andemergingtechnologiesto
extendtheperimeterofyour
WAMsolutionsafelyand
securelyintoyourpublicCloud
platforms
SSO/Rest!
Restbased- lightweight
Nofirewallholes- secure
Easytouse,handleslatency,transparent….
Engineeredtosolvethisproblem
9www.idfconnect.com
SSO/RestSolutionArchitecture
CloudApp(s) SSO/RestGateway PolicyDecisionPointLegend
BrowserHTTPtraffic SSO/RestHTTPtraffic CASSO(SiteMinder)Agenttunnel
CorporateNetwork
SSO/RestPlugin
Cloud
Browser
10www.idfconnect.com
SSO/RestFeatures• Enforcesaccesspolicies,sessionmanagementrulesandtimeoutsacrossallappswhetheron-siteor
cloud-based• BroadPlug-insupport,includingApacheHTTPServer,MicrosoftIIS,NGINX,generic.Net andJ2EE,IBM
WebSphere,RedHatWildfly (JBoss),ApacheTomcat,andOracleWebLogic• Built-inwebapplicationandserviceforpluginself-registration• RichclientintegrationsupportforAJAX,AdobeFlex,MicrosoftSilverlight,andMobileapplications• ComprehensiveOAuthandOIDCsupport,includingwrappingvendor-specificSSOtokensinside
OAuth/OIDCtokensfortightestintegrationandsecurity• GatewaycomponentisavailableasaJ2EEWARfile,apreconfiguredTomcatzipdistribution,aVM
appliance,oraDockerimage• SupportsCASSOandOracleAccessManager– withastandalonepolicydecisionpointbasedonan
XACMLrulesenginecominginQ3• Fullysupportsmostcloud-basedplatforms,includingAmazonAWS,MicrosoftAzure,GoogleApp
Engine,andCloudFoundry• Extensibleagentlogic(somethingthatmostWAMout-of-the-boxagentscannotprovide)
11www.idfconnect.com
“LookMom!NoVPN!”
SSO/RestEngine
Login
UpdateSession
Validate Session
isProtected
Gateway
Enable/ Disable
Change Password
isAuthorized
SSO/RestWebService Endpoints
12www.idfconnect.com
IIS
HTML5
XML
Cloud
CSS3
ProvenSuccesseswithLargeEnterprises
SeamlessandSecureIntegrationFortune50retailcompanymakesanacquisition,andhasseamlesslyandsecurelyintegratedthenewwebappswithitseCommerceportal,withouthavingtobringtheappsin-houseorcreatingaVPNtothenewcompany
SuccessfullyMove.Net applicationstoMicrosoftAzureFortune50financecompanysuccessfullymovesits.NetapplicationstoMicrosoftAzurewhilepreservingallofitsSSOintegrations,authenticationandaccesspolicies,andauditcapabilities
js
PHP
AcquiredCompanyExistingWebApps
.NET
.Net Applications MicrosoftAzure
C#
eCommercePortal
ASP.NET
THANK YOU !ForMoreInformation,PleaseVisit
IDFConnect,Inc.2207ConcordPike#359Wilmington,DE19803Phone:(888)765-1611Fax:(888)765-7284
www.idfconnect.com
www.linkedin.com/in/rsand
@IDFConnect
www.facebook.com/IDFConnect
@rsand2
TurnCASSOintoyourEnterprise2-FactorAuth SolutionwithSSO/MobileKey.Formoredetailsvisitwww.idfconnect.com/products/sso-mobilekey/
Alsocheckoutourotherproducts:www.idfconnect.com/products