Overview of Identity and Access Management Product Line

Overview of Identity and Access
Management Product Line

Presenters
Ajay Sharma Kamal Narayan
Product Marketing Manager Product Manager
Novell, Inc. nkamal@novell.com

Baber Amin
Business Line Manager, Lee Howarth
Novell, Inc. baber@novell.com Product Manager,
Novell, Inc. lhowarth@novell.com

Bob Bentley
Product Manager
Novell, Inc. bbentley@novell.com

2 © Novell, Inc. All rights reserved.

Risk to The Enterprise is Rising


Complex Times, Complex Challenges

• How do I manage changes to user identities and access rights?
• How do I improve the productivity of my IT staff and end users?
• How do I reduce password-related calls to the helpdesk due to
stronger password policies?
• How do I ensure that users have the right access to systems so I
can minimize risk?
• How do I manage access for partners, customers and other users
outside my organization?
• How do I maintain strong, agile control over resource and
information access to comply with current regulations?


Novell Identity and Access
®

Management Solutions

Novell Identity and Access Management
solutions help you address the
fundamental problem of managing “who
has access to what,” so you can trust that
your business is secure.


Identity and Security Solutions

Identity and Access Management
Capabilities
• User Provisioning and
Management
• Roles Management
• Simplified, Secure Access


Identity and Security Solutions

Identity and Access Management Products

• Novell Identity Manager
®

• Novell Access Manager ™

• Novell SecureLogin


Novell Identity and Access
®

Management Solutions Capabilities

User Provisioning and Simplified, Secure Access
Management

IT End
User

Line-of-
Business
Manager

Roles Management


Novell Identity Manager
®

Overview

Bob Bentley
Product Manager
Novell, Inc./ bbentley@novell.com

Kamal Nayaran
Product Manager
Novell, Inc. /nkamal@novell.com

Novell Identity Manager ®

Enable your organization to be more
open and agile without limiting
security, control or compliance.
Integrate, automate, and secure
access to information for customers,
partners, and employees.
Maintain clear visibility of people,
actions, and compliance, past and
present.
The result: Simplify and secure the
enterprise while controlling costs
and meeting regulatory demands.


Your Identity Challenges

• Provisioning new users - Users wait up to 3 weeks for activated
accounts
• Managing users - Help desk costs $25-40 per call for password
resets, with 25-35% of calls related to password resets
• De-provisioning users - 30-60% of existing accounts are invalid
• Deploying new initiatives - Up to 30% of development time is for
controlling access to applications and data
• Reconciling user data - 100+ user data sources at typical firm
provide out-of-sync and untrustworthy identity data
• Protecting trust - Many new privacy and regulatory requirements
around the world
• Achieving compliance – Up to 25% of IT budget is consumed to
support compliance


How Does
Novell Identity Manager Help?
®

Security Cost
• Revoke system access in minutes, not • Reduce your help desk costs by 40%
days
• Automate manual processes and work-
• Manage all password policies centrally flows
• People get access to only what they need • Extend the value of legacy applications
based on business roles
• Simplified implementation and
• Eliminate siloed and duplicative systems administration
• End vendor lock-in and high switching costs
Compliance
• Clear visibility into who has access to Agility
what, when and how they got it, and who
approved it • Integrate new businesses in days, not
months
• Historical/forensic review of access
• Hire a new employee and have all their
• Insightful risk metrics illuminate systems ready automatically on their start
compliance conflicts date
• Easy policy updates to stay current • Empower users with provisioning control
• Instant documentation for auditors • Have business decisions drive IT and not
the other way round

Novell Identity Manager 4
®

Product Family

Compliance
Management
Platform

IDM 4
“Dorado”

IDM 4
“Capricorn”


Identity Manager Architecture Logical View

Your Portal/ Customers/
Mobile Webtop Web Services/ Business CISO Compliance/ Employees Partners/ Developers and
Custom Managers Auditor Contractors Consultants

Key Functional Capabilities
White Pages/ Business Approval Work- Role-based Advanced Role and Compliance
Self-Service/ Resource flow User Mgmt/ Reporting Policy Content
Pwd Mgmt Request Deleg Admin and Metrics Mapping

Major Components
Real-time Data RBAC Identity Work-flow Historical Deployment
Reporting Open APIs and Mgmt
Integrity Model Vault System
Warehouse Tools

Connectors

Directories Help Desk Databases Credentialing
Applications OS and Telephone and Cloud and SaaS
File Systems Building Access


Identity Manager in Operation

Promotion
PROVISION ROLE-BASED USER
ADMINISTRATION
Employee,
Customer,
Partner,
Volunteer

Relationship
Begins Move Locations

Manager,
REPORT AND Resource
MONITOR Owner
Auditor,
Security Lead
New Project

REQUEST AND
Relationship
Ends
? APPROVAL

x
PASSWORD Forgot Password
MANAGEMENT
Password Expires PASSWORD
MANAGEMENT

Industry- Leading Provisioning

• Automated Provisioning
New employees automatically granted access to
–
everything needed on their first day
The right people
– Robust request and approval workflow system get access to the
– Revoked access occurs in minutes right resources at
• Role-based Management
the right time, and
– Automatically assigns and updates resources based
nothing else.
on users' business roles
– Respects Segregation of Duties between roles
• Identity Data Synchronization
– Maintains integrity of user information throughout the
organization
– Enforces authority of identity information—the right
data from the right sources
– Updates propagate within moments


Powerful User Tools

• Password Management
Enforce system-wide strong password policies
–
Empowering users
Password management webtop helps users
–
change or recover passwords
with critical tools
– Bi-directional password synchronization
while enforcing
appropriate
• User Self-Service
security and
– Users can initiate their own access requests and
password changes reducing your
– Significantly reduces management costs and time costs.
to productivity
• Delegated Administration
– Business managers or department leaders can
manage their users, reducing dependence and
burden on IT


Advanced Reporting and Metrics

• Insightful reports Meaningful insight
– Variety of out-of-the-box report templates into how your
– Reporting on present and past states,
plus activity over time
organization's
– Spans both the Identity Vault and connected systems
mission critical
– Ready report customization through open report
user provisioning
template standards is operating, and
• Robust automation the ability to prove
– Visual report scheduling – one time or recurring compliance.
– Policy-based data collection and storage
– Automatic report distribution to critical stakeholders
and storage of completed reports
• Powerful compliance support
– Current and forensic review of identity and user
provisioning related data


Policy Mapping and Integration

• Role Mapping Administrator Letting business
– Automatically discovers authorizations that can be
granted within your major IT systems
users Intelligently
– Allows business users (not just consultants, IT staff or
connect the
developers) to define and maintain which authorizations policy dots
are associated with business roles
between the
Result: associated authorizations are automatically
–
provisioned to business role members
major IT systems
your organization
• Breakthrough innovation in how your identity
system is “programmed” depends on.
– Visual, drag and drop, business-user-friendly tool
– Order-of-magnitude reduction in time, effort, cost
– Applies to both initial setup and ongoing maintenance
of policy to keep it business-relevant
• Sustainable access compliance
– Works between Novell IDM, SAP, SharePoint, etc.
®


Ready for Cloud Computing

• Uniquely ready for the challenges of the Ensuring your
Cloud Computing organization is
– Cloud-ready architecture makes the location of ready for—and
resources transparent—on-site, hosted, or both
taking full
– User organizations enjoy the same security,
management capabilities and predictability whether advantage of—
inside the organization or out in the cloud cutting edge IT
• Seamless integration with SaaS and trends.
hosted solutions
– User provisioning/de-provisioning, request/approval
processes, password changes, identity profile updates,
reporting, etc.
• Powerful tools make the hosted business
model transparent, scalable and efficient
– SaaS application support with scalability and high
availability to ensure compliant SaaS processes


Intelligent Content Control

• Protects your configuration IP and Allows
simplifies troubleshooting customization of
– Leverages and protects your tremendous investments in
policies, work-flow definitions, and other configuration
IDM to your
– Alerts you when you're changing something that is used
environment
in multiple places and could have unintended effects without getting
– 'Factory Mode' temporarily overrides any changes made painted into a
and/or allows return to clean slate
corner
• Enables content libraries
– Capture, archive, share, reuse good policy elements
– Integrators can create their unique 'canonical' approach
• Future: Out-of-the-box Business Relevance
via Compliance Content Packs from Novell ®

– Addressing key compliance needs aligning to regulations
such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II,
FERC/NERC, etc.

Improved User Experience

• Work Dashboard
– A single consolidated view bringing together upcoming
tasks, resource and role assignment, status of Providing
outstanding requests, etc.
controls in the
– “Much less clicking”
hands of users
• Resource Model and Assignments Dashboard to enhance
– A clear, easily understood view of who currently has
access to what
productivity
– Eliminates the “tech speak gap” for ordinary users who
need to make decisions about who should get what
• Built in SSO Support
– Out-of-the-box integration with AD/Kerberos ticket
systems, SAML assertions, and SAP Logon
ticket systems
– Eliminates the need for an external SSO tool when
accessing IDM


New Work Dashboard


Industry-leading Deployment Tools

• Designer Bringing the
– Model, deploy and document identity policies “industrial
– Explore “what if” scenarios revolution” to the
– Version control, save/archive and reuse efforts highly manual,
– Up to 50% less cost in deployment expensive
• Analyzer process of rolling
– Evaluate, cleanse and prepare identity data within out identity
systems to be managed
management.
– Up to 80% less time and effort in
manual-intensive prep work


Development Platform

• True identity services architecture Easily consume,
– Modular, accessible functions manage and interact
with identity
• Easily consumed into your
environment (“mashup”) management
functions however
Your company portal
you need to.
–

– Custom or mobile application

– Help desk or other business processes

• Over 100 standards-based
identity services
– REST, SOAP, LDAP, JDBC, etc.

– Management and end-user actions


Award-Winning Technology
Ahead of the Competition
Information Security Magazine 2007 and 2008
Reader's Choice Award
Novell Identity Manager, this year's identity management winner is widely
regarded as the market leader, automating user provisioning to get employees
what they need—and only what they need—to get to work quickly.
—Second year in a row, Gold Medalist

2007 Global Product Excellence Customer Trust Award
• Novell Identity Manager 3.5 for Excellence in Identity Management
®

• Novell Access Manager for Excellence in Access Management
®
™

• Novell Sentinel 6 for Excellence in Security Management
®
™

2008 SIIA 23rd Annual Codie Awards
“Best Security Solution • Novell Identity and Security Management Portfolio, Novell, Inc.”

“For large and growing mid-sized organizations Novell Identity Manager 3.5 is
our hands-down choice. For functionality, ease of use, and overall support, we
rate this our Best Buy”. - SC Magazine


Industry's Best Partners


Nearly 7000 Customers


www.novell.com/identitymanager


Novell Access Manager
®
™

Lee Howarth
Product Manager,
Novell, Inc. /lhowarth@novell.com

Novell Access Manager ®
™

Single solution protects both
Web and enterprise applications
Enables organizations to rapidly
deploy secure online services
Designed to help reduce
management overhead and
infrastructure costs
Integrated Identity Federation –
Out of the box support for all
major specifications


Customer Pain Points

Security and Compliance
• Need to provide secure access to resources
• Need to prove who accessed what
• Users have too many IDs and passwords to remember
Cost and Complexity
• Many different Web applications
• Infrastructure costs are too high
• Help desk costs are too high
Agility
• Constant changes to the environment: new applications added
all the time and identity stores scattered across the enterprise
• Need to deliver partner-enabled services (SSO)
• Acquisitions


How Does Novell Access Manager Help? ®
™

Security Cost Business
and Compliance and Complexity Agility

Protects Web and Provides Web SSO Supports any
enterprise applications without modification to standard HTTP Web
(Web and SSL VPN) Web servers server
Provides Web SSO No need for separate Supports multiple
SSL VPN and/or VPN identity stores in any
Provides advanced solution combination
levels of
authentication Reduces infrastructure Integrated identity
Costs (SSL certificates federation
Provides traceability and IP addresses)
(Who logged in and
where did they go) Federation enables
existing applications


Novell Access Manager Components ™


Product Milestones Since 2009

• Novell Access Manger 3.1 – Jan 2009
®
™

– WS-Federation and Information Card Support
– SSL VPN Enhancements
– Improved Administration
– Additional Platform Support
– Additional APIs
• Novell Access Manager 3.1 SP1 – July 2009
– Identity Server Session Failover
– Non-Redirected Login
– Full Tunneling SSLVPN
– Customized Login Page Enhancements
– Session-based Logging


WS-Federation and Information Cards

• Comprehensive SSO
– Builds on the strengths of Novell Access Manager 3.0 – out of
®
™

the box SSO to any standard web server
– Adds WS-Federation to SAML and Liberty Alliance support
– Adds support for Windows CardSpace (Information Cards)
• Microsoft SharePoint Integration
– Worked closely with Microsoft to develop an test ADFS-based
SSO
– Perfect solution for enterprises that use a primary identity store
other than Active Directory (Novell eDirectory , Sun etc).
™

– Transforms Identity (LDAP / Federation) into ADFS-claims that
can be used for policy decisions in MS SharePoint


Managing Access to SharePoint
Architectural View

• SharePoint user management for multiple communities
– Options:
> Manual registration / management
> Identity management / provisioning
– Issues
> Increases management overhead
> Doesn't support federated access beyond WS-Federation
eDirectory
™

“Employees”

Microsoft
SharePoint Active Active
Directory Directory
“SharePoint” “Business
Units”

Sun One
“Customers”


Managing Access to SharePoint with
Novell Access Manager ®
™

• Simplified access to MS SharePoint
– User authenticates to Access Manager
Novell
(Direct or Federated) Access eDirectory
™

Manager “Employees”
> Access Manager can validate identities across
multiple identity stores as well as federated
authentication from partners using SAML, WS-
Fed or Liberty Alliance Active
Directory
– User accesses SharePoint “Business
Access Manager Units”
> Access Manager transforms LDAP and transforms LDAP
federated identity into claims that are forwarded and Federated
Identity into ADFS
to Active Directory Federation Services (ADFS) claims
Sun One
“Customers”
– SharePoint Administrator – Mr. Happy
> Associates claims to SharePoint groups
> No need to manage individual identities for all
users that need to access SharePoint
– Improved user experience
> Single Sign-On to SharePoint and
Microsoft
other Web resources protected by Access Active
SharePoint
Directory
Manager “SharePoint”


SSL VPN Enhancements

• Simplified Deployment
– Removed dependency on Access Gateway authentication
• Perfect for remote offices

• Improved Management
– Client Integrity Checking Level authorization policies
– Role-based control of client (Enterprise or Kiosk)
• Security Enhancements
– Desktop Cleanup
• History, Cache
– Secure Folder


Management and Customization

• Streamlined Management Interface
– Lower level policies to govern delegated administration
• Authorization API
– Enables integration with non-LDAP policy information
points
– Adds to existing authentication and identity injection APIs
• Additional Platform Support
– Windows Server for Identity and Admin Servers
– AIX version of J2EE Agent for IBM WebSphere


Future Releases

• Novell Access Manager 3.1 SP2 – April 2010
®
™

– Timeout per protected resource
– SAML/eGov Certification
– Access Gateway Service
• Novell Access Manager futures
– Web Agent Enforcement Points
– SAML Enhancements (Simplified Configuration)
– Performance Optimization in Virtual Environments
– Identity Services
– Single Box Installation


www.novell.com/accessmanager


Novell Secure Login ®

Baber Amin
Business Line Manager,
Novell, Inc. /baber@novell.com

Novell SecureLogin ®

• Enable single sign-on to Web, JAVA
and enterprise applications
• Reduce costs
• Enhance security with improved
productivity
• Support compliance efforts


Novell SecureLogin Mitigates Risk


Novell SecureLogin Reduces Costs



Improves Productivity


Novell SecureLogin and Compliance
®


Password Synchronization

Workstation

Mainframe
Username 1 / Password
Mainframe Password:
123456

SAP
Username 2 / Password Synchronized
SAP App Password: passwords are
123456 limited to the
“lowest
NOS common
Network OS Password: denominator” of
123456 the connected
systems.
Win32
Password:
Win32 App
123456


Enterprise Single Sign-on
Partner App

Password:
acme01

Mainframe

Password:
123456

SAP

Password: Passwords are
john077 as strong as
User
Workstation
each application
NOS will permit.
Novell Password:
SecureLogin carpediem09

Win32

Password:
surferdude85

Gmail

Password:
jj2500

Pre-provision User Credentials
Supplemented by ESSO

SAP HR E-mail Linux Mainframe

Password: Password:
FV25I68 mfe009678

Novell Identity Manager

Identity & Credential Store (eDirectory)

Novell
SecureLogin

User


Web Access Management
Supplemented by ESSO
Internal Web
Applications
Novell
SecureLogin Expense
Reportin
g
User

Portal Interface
Benefits

Web Access Directory Time Off
Management
Infrastructure

External Web
Applications

Partner App

Web Mail



1H 2010 2H 2010 2H 2010 2011

NSL 7.x
• eSSO Server / appliance
offering
• Zero day upgrade
• Modular Client
• Automated patch
NSL 7.x management

• UCF driven reports
• Automated patch
management
• Modular Client
• Supporting delegated
NSL 7.x access
• Enhanced support for re-
• Emergency access capability
• authentication
Integrated OTP
• FDE support
• eSSO to SaaS applications
• Flash application support
NSL 7.0 SP1
• Windows 7 support
• Oracle Forms
• .NET and basic WPF support
• SAP environment support


For More Information Try SecureLogin for
Yourself
We'll install SecureLogin on
• Visit table A5 in IT Central your machine (for free).

• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion
– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle
Management
– IAM207: SecureLogin and Your Active Directory Setup
– IAM302: Using Hard Disk Encryption and SecureLogin
– IAM303: Enhancing SecureLogin with Multi-factor Authentication
– IAM304: Securing Shared Workstation with SecureLogin
• Walk through the SecureLogin demo in the
Installation and Migration Depot
• Visit www.novell.com/securelogin


Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.

Overview of Identity and Access Management Product Line

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (17)

Destacado

Destacado (20)

Similar a Overview of Identity and Access Management Product Line

Similar a Overview of Identity and Access Management Product Line (20)

Más de Novell

Más de Novell (20)

Overview of Identity and Access Management Product Line