Más contenido relacionado La actualidad más candente (20) Similar a What's New in Novell Identity Manager 4.0 (20) What's New in Novell Identity Manager 4.02. Presenters
Bob Bentley
Product Line Lead
Kamal Narayan
Product Manager
Yogesh Rao
Product Manager
2 © Novell, Inc. All rights reserved.
3. Agenda
• Introduction
• Major New Features in IDM4
• Architectural Enhancements
• New Integration Modules and Tools
• Product Editions
• Summary/Question and Answers
3 © Novell, Inc. All rights reserved.
5. Novell Identity Manager ®
Enable your organization to be
more open and agile without
limiting security, control
or compliance.
Integrate, automate, and
secure access to information
for customers, partners,
and employees.
Maintain clear visibility of
people, actions, and
compliance, past and present.
The result: Simplify and secure
the enterprise while controlling
costs and meeting
regulatory demands.
5 © Novell, Inc. All rights reserved.
6. Your Identity Challenges
• Provisioning new users - Users wait up to 3 weeks for
activated accounts
• Managing users - Help desk costs $25-40 per call for password
resets, with 25-35% of calls related to password resets
• IT dependence – Lost efficiency because of dependency upon
scarce IT resources for user access needs
• De-provisioning users - 30-60% of existing accounts are invalid
• Deploying new initiatives - Up to 30% of development time is for
controlling access to applications and data
• Reconciling user data - 100+ user data sources at typical firm
provide out-of-sync and untrustworthy identity data
• Protecting trust - Many new privacy and regulatory requirements
around the world
• Achieving compliance – Up to 25% of IT budget is consumed to
support compliance
6 © Novell, Inc. All rights reserved.
7. How Does
Novell Identity Manager Help?
®
Security Cost
• Revoke system access in minutes, not • Reduce your help desk costs by 40%
days • Automate manual processes and work-
• Manage all password policies centrally flows
• People get access to only what they need • Extend the value of legacy applications
based on business roles • Simplified implementation and
• Eliminate siloed and duplicative systems administration
• End vendor lock-in and high switching costs
Compliance
• Clear visibility into who has access to Agility
what, when and how they got it, and who • Integrate new businesses in days, not
approved it
months
• Historical/forensic review of access • Hire a new employee and have all their
• Insightful risk metrics illuminate systems ready automatically on their start
compliance conflicts date
• Easy policy updates to stay current • Empower users with provisioning control
• Instant documentation for auditors • Have business decisions drive IT and not
7 © Novell, Inc. All rights reserved. the other way round
8. Identity Manager in Operation
Promotion
PROVISION ROLE-BASED USER
ADMINISTRATION
Employee,
Customer,
Partner,
Volunteer
Relationship
Begins Move Locations
Manager,
REPORT AND Resource
MONITOR Owner
Auditor,
Security Lead
New Project
REQUEST AND
Relationship
Ends
? APPROVAL
x
PASSWORD Forgot Password
MANAGEMENT
Password Expires PASSWORD
MANAGEMENT
8 © Novell, Inc. All rights reserved.
11. Identity Manager Architecture Logical View
Your Portal/ Customers/
Mobile Webtop Web Services/ Business CISO Compliance/ Employees Partners/ Developers and
Custom Managers Auditor Contractors Consultants
Key Functional Capabilities
White Pages/ Business Approval Work- Role-based Advanced Role and Compliance
Self-Service/ Resource flow User Mgmt/ Reporting Policy Content
Pwd Mgmt Request Deleg Admin and Metrics Mapping
Major Components
Real-time Data RBAC Identity Work-flow Historical Deployment
Reporting Open APIs and Mgmt
Integrity Model Vault System
Warehouse Tools
Connectors
Directories Help Desk Databases Credentialing
Applications OS and Telephone and Cloud and SaaS
File Systems Building Access
11 © Novell, Inc. All rights reserved.
12. Advanced Reporting and Metrics
• Insightful reports Meaningful insight
– Variety of out-of-the-box report templates into how your
– Reporting on present and past states,
plus activity over time
organization's
– Spans both the Identity Vault and connected systems
mission critical
– Ready report customization through open report
user provisioning
template standards is operating, and
• Robust automation the ability to prove
– Visual report scheduling – one time or recurring compliance.
– Policy-based data collection and storage
– Automatic report distribution to critical stakeholders
and storage of completed reports
• Powerful compliance support
– Current and forensic review of identity and user
provisioning related data
12 © Novell, Inc. All rights reserved.
14. Advanced Reporting and Metrics
Defining a Report to Run
[screen shots]
14 © Novell, Inc. All rights reserved.
15. Advanced Reporting and Metrics
Repository of Defined and/or Scheduled Reports
[screen shots]
15 © Novell, Inc. All rights reserved.
16. Advanced Reporting and Metrics
Managing the Report Scheduler
[screen shots]
16 © Novell, Inc. All rights reserved.
17. Advanced Reporting and Metrics
Sample Completed Report
[screen shots]
17 © Novell, Inc. All rights reserved.
18. Policy Mapping and Integration
• Role Mapping Administrator Letting business
– Automatically discovers authorizations that can be
granted within your major IT systems
users Intelligently
– Allows business users (not just consultants, IT staff or
connect the
developers) to define and maintain which authorizations policy dots
are associated with business roles
between the
Result: associated authorizations are automatically
–
provisioned to business role members
major IT systems
your organization
• Breakthrough innovation in how your identity
system is “programmed” depends on.
– Visual, drag and drop, business-user-friendly tool
– Order-of-magnitude reduction in time, effort, cost
– Applies to both initial setup and ongoing maintenance
of policy to keep it business-relevant
• Sustainable access compliance
– Works between Novell IDM, SAP, SharePoint, etc.
®
18 © Novell, Inc. All rights reserved.
19. Role Mapping Administrator
Enterprise Roles Authorizations
Examples: Items that can be granted
• Regional Sales Mgr to users (accounts, roles,
• ICU Nurse transactions, group
memberships, etc.)
Examples:
• Run sales pipeline report
• Access to drug
dispensing system
RMA Puts it all on One Screen
• Shows all Enterprise Roles configured in
Novell IDM
®
• Discovers and retrieves all Authorizations
in the connected system
Business Analyst
• Drags Authorizations on to Roles—
associating the Authorization with the Role
Novell
Identity Manager
Novell IDM
• Automatically provisions the people in the
Role with the Authorization ...
• Keeps it updated as role membership
changes or as Role/Authorization
associations change
19 © Novell, Inc. All rights reserved.
22. Ready for Cloud Computing
• Uniquely ready for the challenges of the Ensuring your
Cloud Computing organization is
– Cloud-ready architecture makes the location of ready for—and
resources transparent—on-site, hosted, or both
taking full
– User organizations enjoy the same security,
management capabilities and predictability whether advantage of—
inside the organization or out in the cloud cutting edge IT
• Seamless integration with SaaS and trends.
hosted solutions
– User provisioning/de-provisioning, request/approval
processes, password changes, identity profile updates,
reporting, etc.
• Powerful tools make the hosted business
model transparent, scalable and efficient
– SaaS application support with scalability and high
availability to ensure compliant SaaS processes
22 © Novell, Inc. All rights reserved.
23. Intelligent Content Control
• Protects your configuration IP and Allows
simplifies troubleshooting customization of
– Leverages and protects your tremendous investments in
policies, work-flow definitions, and other configuration
IDM to your
– Alerts you when you're changing something that is used
environment
in multiple places and could have unintended effects without getting
– 'Factory Mode' temporarily overrides any changes made painted into a
and/or allows return to clean slate
corner
• Enables content libraries
– Capture, archive, share, reuse good policy elements
– Integrators can create their unique 'canonical' approach
• Future: Out-of-the-box Business Relevance
via Compliance Content Packs from Novell ®
– Addressing key compliance needs aligning to regulations
such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II,
FERC/NERC, etc.
23 © Novell, Inc. All rights reserved.
24. Improved User Experience
• Work Dashboard
– A single consolidated view bringing together upcoming
tasks, resource and role assignment, status of Providing
outstanding requests, etc.
controls in the
– “Much less clicking”
hands of users
• Resource Model and Assignments Dashboard to enhance
– A clear, easily understood view of who currently has
access to what
productivity
– Eliminates the “tech speak gap” for ordinary users who
need to make decisions about who should get what
• Built in SSO Support
– Out-of-the-box integration with AD/Kerberos ticket
systems, SAML assertions, and SAP Logon
ticket systems
– Eliminates the need for an external SSO tool when
accessing IDM
24 © Novell, Inc. All rights reserved.
27. Technical Advancements
• Unified installation
– Streamlined installation covers all components
Many “Under
– Preconfiguration with best-practice “content” from
the Hood”
Novell and their 13+years' experience in the business
® Enhancements
– Optional virtual machine image deployment to make your
• Embedded IDV option IDM even more
– Silent and invisible identity vault powerful
– A dedicated purpose identity store
– Managed with application specific tools
(vs. going into iManager and managing
Novell eDirectory attributes manually)
®
™
• Coming: Driver fan-out and high availability
– Manage 1000's of similar target systems via one driver
(ex: Oracle DB's, AD instances, AS/400 systems)
– True software-based driver failover
27 © Novell, Inc. All rights reserved.
28. Development Platform
• True identity services architecture Easily consume,
– Modular, accessible functions manage and interact
with identity
• Easily consumed into your
environment (“mashup”) management
functions however
Your company portal
you need to.
–
– Custom or mobile application
– Help desk or other business processes
• Over 100 standards-based
identity services
– REST, SOAP, LDAP, JDBC, etc.
– Management and end-user actions
28 © Novell, Inc. All rights reserved.
30. New and Updated Drivers
• Microsoft SharePoint
– Fine-grained integration with this
popular collaboration environment
Ongoing
• Salesforce.com improvements in
– Seamless SaaS integration
connectivity to keep
SOAP/SPML
•
your IDM system
Updated for easier SOAP endpoint integration
most relevant
–
– Supports latest version of SPML
• eDirectory-to-eDirectory Driver
– Eliminates the need for each instance of
Novell eDirectory to have its own IDM engine
®
™
– Simplifies licensing and management
– Uniform challenge/response sets for passwords
• Oracle and SAP
– Easier to discern and buy
– Oracle drivers enhanced
30 © Novell, Inc. All rights reserved.
31. Industry-leading Deployment Tools
• Designer Bringing the
– Model, deploy and document identity policies “industrial
– Explore “what if” scenarios revolution” to the
– Version control, save/archive and reuse efforts highly manual,
– Up to 50% less cost in deployment expensive
• Analyzer process of rolling
– Evaluate, cleanse and prepare identity data within out identity
systems to be managed
management.
– Up to 80% less time and effort in
manual-intensive prep work
31 © Novell, Inc. All rights reserved.
32. Novell Analyzer ®
Data Browsing
Data Analysis
Automation to help you analyze,
cleanse and prepare identity data
for management
32 © Novell, Inc. All rights reserved.
35. IDM 4 “Capricorn” vs “Dorado”
• IDM 4 “Capricorn”
– The The traditional way Novell Identity Manager has
®
been offered to customers
– Designed for organizations who want to selectively
choose which components best fit their needs
• IDM 4 “Dorado”
– A new, comprehensive packaging of pre-integrated
solution components
– Additional market leading capabilities not available in
any other offering (Novell or competition)
– Designed for organizations looking for a single offering
that includes everything needed for state-of-the-art user
provisioning and identity management
35 © Novell, Inc. All rights reserved.
36. IDM 4 “Capricorn” vs “Dorado”
• IDM 4 “Capricorn” is comparable to IDM 3.6 today
– Updated user application (not including RBPM functionality)
– Will include a few basic reports
– Streamlined install with Embedded IDV option
– The designated next version for IDM 3.6 customers
• IDM 4 “Dorado” (items not included in “Capricorn”)
– Includes all “Capricorn” + RBPM capabilities
– Includes Advanced ID Data Warehouse/Reporting
– Includes Role Mapping Administrator
– Includes additional drivers (Salesforce, SharePoint)
– Includes Analyzer
– Is “content-ready”
– Offers the full API set (REST and SOAP interfaces)
36 © Novell, Inc. All rights reserved.
37. IDM 4 “Capricorn” vs “Dorado”
Analyzer tool
Extensive REST/SOAP
APIs
Content Pack Readiness
Role Mapping Administrator
Approval WF and Role-
based Provisioning
Basic Reports Advanced Reporting Suite
User Application User Application
IDM Policy Engine IDM Policy Engine
Adv
Basic Drivers
Optionally Optionally
Drivers Basic
Embedded IDV Embedded IDV
Drivers
IDM 4 “Capricorn” IDM 4 “Dorado”
37 © Novell, Inc. All rights reserved.
38. Planned Release Schedule
• Beta test Spring 2010
• IDM 4 “Dorado” will be available in Summer 2010
• IDM 4 “Capricorn” will be available approximately
1Q later
• Driver high availability/fan-out capability will be
available later in the year
38 © Novell, Inc. All rights reserved.
42. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.