Novell Nsure Identity Manager 2 Overview Futures

Скачать презентацию Novell Nsure Identity Manager 2 Overview Futures

81ad5a1ec052900b0e8519d3912cadde.ppt

Количество слайдов: 57

Novell Nsure Identity Manager 2: Overview & Futures Bob Bentley Product Line Manager Identity Management bbentley@novell. com Deven Macdonald Product Manager Identity Management dmacdonald@novell. com

Agenda Overview and Future of Novell’s Nsure Identity Manager Introduction How does it work? Highlights of Nsure Identity Manager 2 Roadmap Question and Answer 2 © 3/16/2018 Novell Inc.

Overview

Business goal = the agile enterprise Employees Partners B 2 B Marketing Sales Customers Your business Finance 4 © 3/16/2018 Novell Inc. Customer service

What’s drivingthread: Identity The common the agile enterprise? “Audits are focusing on identity issues because corporate governance, regulatory compliance, and security rely on identity, and the lack of solid identity management infrastructure creates business risk. ” Business Drivers ―Jamie Lewis, The Burton Group July 2003 Business Facilitation Security Cost Reduction & Productivity • Reach global customers • Consistent security policy • Tighter supplier relationships • Immediate system-wide access updates • More productive partnerships • Consistent identity data • Eliminate redundant administration tasks • Reduce helpdesk burden • Fast employee ramp-up Service Level • Focused, personalized content • Comprehensive profile view • Self-service Identity Management 5 © 3/16/2018 Novell Inc. Regulatory Compliance • Role-based access • Protect personal information • Enable individuals to update profiles • Real-time visibility and disclosure

Achieving the Agile Enterprise The critical first step Gain Control of Identity “The ability to use and manage digital identity— while balancing legal, regulatory, privacy, and security concerns—is a prerequisite for securing and managing the virtual enterprise. ” ―Jamie Lewis, The Burton Group, July 2003 6 © 3/16/2018 Novell Inc.

What is Identity Management? Identity = How user information is represented in all the IT systems throughout the organization… • Directories • Human Resource Systems • Applications • Databases • PBX/Telephone Systems • Physical Access Systems • Etc. Identity Management = Setting and acting on policies for identity information, regarding security, organization, granting of access, etc. Why do we care about Identity Management? • Reduce administration and help desk costs • Improve security • Enhance end-users’ productivity and satisfaction • Ensure business policies are followed • Provide confidence to be able to do business 7 © 3/16/2018 Novell Inc.

Novell Identity Management Leadership “The metadirectory service Magic Quadrant shows the metadirectory market is maturing quickly, with Novell leading the pack toward the future. ” Gartner Research Note August 2002 “We continue to view [Novell] Dir. XML as market leading technology” Gartner Research Note September 2003 8 © 3/16/2018 Novell Inc.

Burton Group: Novell has strongest position “Novell is best positioned to leverage the obvious and important relationship between directory services and provisioning, and is doing so with new products. ” “Novell is currently in the strongest position. ” “Novell Nsure Identity Manager offers a logical migration path for existing e. Directory and Dir. XML customers, and its features and capabilities will also benefit non-Novell customers. ” --Gerry Gebel, Burton Group, Quotes from 2002 & 2003 9 © 3/16/2018 Novell Inc.

Quotes from Recent Press Tour Nsure Identity Manager 2 improves the tools used by network administrators for managing and synchronizing passwords across different network directories. The update introduces a visual tool to establish company password policies for assigning access rights to applications. . . Novell is integrating its identity management and Web services software in a way that it says will ease customers' ability to secure corporate networks. CNET, Martin La. Monica, January 2004 Novell, along with Microsoft and IBM, is leading a trend toward merging meta-directory and provisioning software. With Identity Manager 2, Novell is adding a more userfriendly interface, easier mechanisms for setting user access rules, and better password management and auditing capabilities. Network World, John Fontana, January 2004 Nsure Identity Manager 2 allows IT administrators to deploy an integrated identity management solution, rather than rely on a slew of stand-alone programs for such chores as ID provisioning, single sign-on, and password management. Tech. Web, Greg Keizer, January 2004 12 © 3/16/2018 Novell Inc.

How does it work?

Islands of Isolated Data HR ERP Operating System Database Mail Directory PBX 14 © 3/16/2018 Novell Inc.

Sharing data through an identity vault HR Database ERP Identity Manager Mail Directory PBX 15 © 3/16/2018 Novell Inc. Operating System

Managing the User Lifecycle Provisioning Relationship Begins Promotion Move Locations USER LIFECYCLE Routine User Administration New Project Forgot Password De-Provisioning 16 Relationship Ends © 3/16/2018 Novell Inc. Password Expires Password Management

Role-based User Provisioning Scenario: New employee, customer, partner, supplier HR System 1) A new user record is created in the HR system (or another authoritative source) Database HR Manager Waldo Wilkes wwilkes Waldo Accounting Waldo_Wilkes Microsoft Exchange Nsure Identity Manager 2) Identity Manager captures the new user event 3) Identity Manager then creates an account in each connected system and synchronizes the appropriate information based on established business rules 17 © 3/16/2018 Novell Inc. CRM wwildes@company. com Physical Resources 801 -555 -4567

De-provisioning Scenario: Relationship ends with employee or customer HR System 1) The User record is deleted or disabled in the HR system (or other authoritative source) Database X Accounting X X Employee Waldo Wilkes X Nsure Identity Manager 3) Identity Manager then revokes access to each connected system © 3/16/2018 Novell Inc. X Microsoft Exchange 2) Identity Manager captures the terminated user event 18 CRM Physical Resources X

Routine User Administration Scenario: Employee changes throughout user lifecycle Examples of Administration Tasks Performed 1. X Provision Access to New Systems 3. CRM Remove access to systems based on policy needs 2. Internal App Passwords Set on New Systems Microsoft Exchange Database X Nsure Identity Manager Physical Resources Accounting Employee 19 © 3/16/2018 Novell Inc.

Nsure Identity Manager Product Architecture Policies Identity Vault Subscriber Channel Engine Driver Publisher Channel Identity Manager Policies 20 © 3/16/2018 Novell Inc. Application

Identity Vault • Identity Vault • • • 21 © 3/16/2018 Novell Inc. Leverages e. Directory Hosts the meta data Where policy definitions are stored for a particular driver Maintains relationships between users and their respective applications Where password policies are defined Where events are generated and propagated to subscribing applications

Identity Manager Engine Interface to the identity vault • • Engine • Supports the loading of multiple driver shims Guaranteed delivery of events within the identity vault Event loop-back detection Join engine • • • 22 © 3/16/2018 Novell Inc. Handles data transformations Processes based on filtering Policy and XSLT processor

Identity Manager Driver Shim XML Interface • • Driver App Shim Application’s native interface • • 23 Issues and receives XML documents Document Object Model © 3/16/2018 Novell Inc. Does not require application to change Can be accessed by the engine either locally or remotely

Associations Identity Manager CN Bobby Department Sales Emp. Id 003456 E-mail bdoe@ab. com 2/15/1965 Date of birth Assoc. Emp. Id HR bdoe@ab. com 003456 Dept Address Sales DOB 15. 2. 1965 HR 24 E-mail © 3/16/2018 Novell Inc. Dept Birthdate E-mail bdoe@ab. com Sales 2/15/65

Authoritative Relationships Identity Manager Bobby CN Marketing Sales Department Emp. Id 003456 E-mail bdoe@ab. com 2/15/1965 Date of birth Dept Assoc. Publisher only Emp. Id E-mail HR bdoe@ab. com Dept 003456 Subscriber only 003456 Address bdoe@ab. com Dept Marketing Sales Dept Sales Marketing DOB 15. 2. 1965 Birthdate 2/15/65 HR 25 © 3/16/2018 Novell Inc. E-mail

Data transformation Identity Manager CN Bobby Department Sales Emp. Id E-mail 2/15/1965 003456 bdoe@ab. com Assoc. Emp. Id HR bdoe@ab. com 003456 Dept 15. 2. 1965 HR © 3/16/2018 Novell Inc. 2 -15 -65 Address Sales DOB 26 E-mail Assoc. 15. 2. 1965 2/15/1965 Date of birth Dept Birthdate E-mail bdoe@ab. com Sales 2 -15 -65

Highlights of Nsure Identity Manager 2

Foundational Features (Dir. XML) What we’re building on… Features Benefits Bi-directional, real-time connection Works the way your business does Distributed authority Rule-based Provisioning Controlled, automatic distribution of resources Robust/flexible policy definition Compatible with existing business processes Cross-platform freedom Maps to real-life heterogeneous environments Scalable, fault-tolerant architecture Highly reliable and robust Extensive connectivity Relevant to your business Ability to create custom connectors 28 Overcomes deployment politics Extensible to unique environments © 3/16/2018 Novell Inc.

Primary Enhancements in Version 2 Features New policy definition model Benefits Greatly simplified configuration Expanded effective delivery force Role-based entitlements Password management suite Comprehensive, automatic password policy enforcement Empowered users White pages & self-service Expanded self-service Logging, monitoring & auditing 29 Administration leverage Non-repudiative security © 3/16/2018 Novell Inc.

New Policy Development Model Policy Builder Nsure Identity Manager 2 Policy Builder • A simple, browser-based, point & click way to create and modify policies – – • • Reduces dependence on XSLT to accomplish common tasks Use Policy Builder to define: – – – – 30 Policy: a collection of rules Rule: a set of actions, and conditions under which those actions are executed © 3/16/2018 Novell Inc. Creation policies Default naming policies Placement policies Initial password policies Schema mapping policies Event transformation policies And so on…

Policy Development Model Policy Builder- Example of a Rule 31 © 3/16/2018 Novell Inc.

A Matching Rule Using XSLT 32 © 3/16/2018 Novell Inc.

The Equivalent Rule (Generated from Nsure Identity Manager 2 Policy Builder) 33 © 3/16/2018 Novell Inc.

Role-based Entitlements Provides resource entitlements to users based on their memberships in a role. • • • 34 Role membership is determined dynamically or statically – Dynamic memberships can be defined by combinations of attributes – Uses inclusion and/or exclusion to define membership Sample entitlements: – Accounts on connected systems – Inclusion in a NOS group – Inclusion in an email distribution list Entitlements are re-calculated and provisioned when users are added or changed © 3/16/2018 Novell Inc.

Entitlement Policy Screen Shot 35 © 3/16/2018 Novell Inc.

Password Management Suite A suite of password-related security functions: • System-wide password policy – • Password self-service – • Specify connected systems that will receive the organization’s common password, as defined in password policy Bi-directional password synchronization – 36 Empower users to help themselves with forgotten passwords, password resets, changing passwords Password distribution – • Establish password policy that will be used for and enforced on connected systems © 3/16/2018 Novell Inc. Manage the native password management activities in connected systems, ensuring consistency

Password Management Suite Password Policy • • Administrators specify required properties of an acceptable password for systems throughout the enterprise Examples of password policy controls: – – – • 37 Minimum/maximum number of characters Minimum number of upper case characters Minimum number of numerals Password re-use forbidden Password exclusion lists And so on… Conformance is checked before allowing password to be set in the Nsure Identity Manager 2 identity vault © 3/16/2018 Novell Inc.

Password Management Suite Password Policy Features (Admin UI)/Advanced Password Rules 38 © 3/16/2018 Novell Inc.

Password Management Suite Administrative Wizards make it easy Policy Wizard showing policies may include: • Universal Password • Advanced Password Rules • Challenge sets • Forgotten password • Assign to users or containers in tree • External applications to subscribe to Universal Password 39 © 3/16/2018 Novell Inc.

Password Management Suite Password Self-Service • • 40 Administrators configure self-service policies – Challenge/Response options – Challenge/Response success actions (for example: ) – Email hint – Reset to last good password – Display hint on the page – Allow users to change their password Users configure their own hints and/or answers to challenge questions – Hint is not allowed to contain the password © 3/16/2018 Novell Inc.

Password Management Suite Password Distribution • • 41 User sets a new common password using the self-service password interface New password is checked against password policy New password is set on user object within the Nsure Identity Manager 2 identity vault Password is distributed to associated user objects on connected systems © 3/16/2018 Novell Inc. Connected Systems • • • e. Directory Legacy NDS Active Directory/Exchange 2000 Windows NT Domains Network Information Service (NIS) • Linux • Solaris • other UNIX Group. Wise Lotus Notes Sun. One SAP User Management Relational databases • Oracle • DB 2 • Sybase

Password Management Suite Bi-directional Password Synchronization • Users can perform password management functions through native password interfaces – – – • • • Nsure Identity Manager 2 detects the change and checks against policy If successful, password is distributed throughout the connected system If unsuccessful – – 42 Windows NT (NT Domains) Windows 2000 (Active Directory) Windows 2003 (Active Directory) e. Directory (all platforms) NIS (Unix, Linux) © 3/16/2018 Novell Inc. Failure Notice sent via email Password is reset to a ‘good’ password according to policy

White Pages & Self-Service e. Guide • • • 43 Look up information on objects in e. Directory and/or other LDAP repositories Anonymous mode or Authenticated mode Allows user to maintain their own information Integrated Organizational Chart view Supports digital photos, etc. © 3/16/2018 Novell Inc.

Nsure Audit Integration Novell’s official logging & auditing framework • • 44 Centralized log for all systems throughout the enterprise – SQL, flat file or SYSLOG – Standard for all Novell applications – Open to 3 rd party integration Nsure Identity Manager 2 logs all identity management activity Includes reporting and notification capabilities Optional upgrades – Non-repudiative log – Real-time monitor © 3/16/2018 Novell Inc.

Nsure Audit Reporting, Logging and Notification Reporting: • • • Filters may be defined to report on specific events Integrates with Crystal Reports Export data to Microsoft Excel, or text file Logging: • Examples of what Nsure Identity Manger events are logged: – – • Engine events – Start/stop driver, engine errors, engine warnings Status events – Success, error, retry, warning, … Operation events – Search, Add, Modify, Remove, & etc. Transformation events – Initial doc, placement, create, & etc. Events stored in flat file, Syslog, My. SQL, Oracle, etc. Notification: • • 45 Setup conditions Specify notification channel (SMTP, flat file, & etc. ) © 3/16/2018 Novell Inc.

Roadmap Roadmap

Visual Deployment Studio Visual, drag & drop IDE for IDM 2 Deployment • • • 47 Lay out the system visually, then configure Leverages Policy Builder and Dir. XML Script for defining policies Based on Eclipse framework Work online or offline Save projects/configurations with version control Document new or existing deployments © 3/16/2018 Novell Inc.

To be presented under NDA Only Visual Developer Studio Graphical Modeling Tool – Policy Management 49 © 3/16/2018 Novell Inc.

Advanced Identity Application Suite Web Portal-based End-User Identity Suite • • 51 End-user oriented applications for: – Approval workflow – Advanced white pages – Advanced Organizational charting – Delegated administration – Password Management Based on exte. Nd v 5. x enterprise-class workflow engine and user portal © 3/16/2018 Novell Inc.

Other Sessions of Interest

Other Sessions of Interest Introductions, Case Studies, Dev Hands-on INTRODUCTIONS, OVERVIEWS, AND FUTURES IO 160: Provisioning Comes of Age IO 144: Nsure Audit: What's New and Beyond IO 163: Understanding the Big Picture of Secure Identity Management IO 164: Identity Integration: The Foundation for Becoming an Agile Enterprise IO 165: Novell Account Management Overview and Futures IO 166: Nsure Identity Manager 2 (formerly Dir. XML) Competitive Comparisons IO 264: Overview of the Nsure Identity Manager 2 (formerly Dir. XML) Deployment Studio BUSINESS CASE STUDIES BUS 163: Making the Business Case for Secure Identity Management BUS 165: Case Study: Asset Management within the Context of Identity Management BUS 166: Layered Secure Identity Management: Balancing Business and Technical Needs BUS 250: Combining Corporate Trees with Nsure Identity Manager 2 BUS 251: Creating an Identity-Based Portal at the State of Nebraska with Novell BUS 261: Implementing Secure Identity Management in Government Organizations BUS 269: Case Study: Dir. XML Implementation at Waste Management BUS 361: Building the Employee Portal at Lufthansa with SAP Enterprise Portal 6 DEVELOPER HANDS-ON DHO 260: Implementing Dir. XML Style sheets DHO 262: Provisioning for Developers with Novell Identity Manager DHO 361: Nsure Identity Manager 2 Hands-On Developer Lab 55 © 3/16/2018 Novell Inc.

Other Sessions of Interest Developer Lectures, Technical Tutorials DEVELOPER LECTURES DL 263: Nsure Identity Manager 2 (formerly Dir. XML) Developer Overview DL 361: Nsure Audit: Instrumenting Custom Applications DL 362: Nsure Audit Essentials TECHNICAL TUTORIALS TUT 105: Hands-On: Implementing Nsure Identity Manager 2 (formerly Dir. XML) TUT 163: Configuring Nsure Identity Manager 2 (formerly Dir. XML) for Enterprise Applications TUT 165: Configuring Nsure Identity Manager 2 (formerly Dir. XML) for Schools Interoperability Framework TUT 166: Configuring Nsure Identity Manager 2 (formerly Dir. XML) for Group. Wise® 3 TUT 259: Password Synchronization Across Novell e. Directory, Microsoft Active Directory* and Windows NT* 4 TUT 264: Password Management with Novell Identity Manager 2 (formerly Dir. XML) TUT 265: Troubleshooting Nsure Identity Manager 2 (formerly Dir. XML) TUT 266: Implementing Nsure Identity Manager 2 (formerly Dir. XML) Policies TUT 267: Configuring Novell Nsure Identity Manager 2 (formerly Dir. XML) for JDBC TUT 268: Advanced Configuration for Active Directory Using Nsure Identity Manager 2 (formerly Dir. XML) TUT 285: Architecting Identity Management Solutions TUT 286: Comprehensive Password Management: From Policy Definition to Deployment TUT 287: Configuring Novell Nsure Identity Manager 2 for IBM Lotus Notes TUT 366: Designing Secure Identity Management Solutions TUT 367: Secure Identity Management: Assessing Your Requirements TUT 381: Installing and Configuring the Novell Dir. XML Mainframe and IBM AS/400* Drivers TUT 383: Upgrading to Nsure Identity Manager 2 (formerly Dir. XML) TUT 384: Understanding the Architecture of Nsure Identity Manager 2 (formerly Dir. XML) 56 © 3/16/2018 Novell Inc.

Questions & Answers

Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc. , makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.