Novell SecureLogin 7 and Your Microsoft Active Directory Setup

3,122 views

Published on

Novell recently shipped Novell SecureLogin 7, which delivers a host of enhancements, including:
• An improved integration wizard
• Extended support for .NET applications and Oracle Forms
• Integration with Client Login Extension (CLE) for recovering forgotten passwords
• Windows 7 support
In this session, we will go into detail about these new enhancements and will also discuss how to use SecureLogin 7 with Microsoft Active Directory and Active Directory Application Mode. In addition to understanding the new features in SecureLogin, when you leave this session you’ll understand:
• How to use SecureLogin with Active Directory and Active Directory Application Mode
• How to choose between a Novell eDirectory or Active Directory deployment
• How to add advanced authentication to your Active Directory deployment
• How to set up shared workstation support
• How to apply Active Directory group policies to SecureLogin
• And much more
Finally, you’ll hear from a customer who has deployed SecureLogin in their environment.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,122
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
127
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Novell SecureLogin 7 and Your Microsoft Active Directory Setup

  1. 1. Novell SecureLogin 7 and ® Your Active Directory Setup Thomas Manley Kevin Prior Gregory Domjan Information Security Engineer Technology Specialist Senior Engineer Synovus Financial kprior@novell.com gdomjan@novell.com
  2. 2. Agenda • What is new – key new features with – Novell SecureLogin 7 and ® – Novell SecureLogin 7 SP1 • Discuss Active Directory / ADAM • Strong Authentication • Shared Workstations • Demonstrations of new features • Hear from Synovus on their project 2 © Novell, Inc. All rights reserved.
  3. 3. Novell SecureLogin 7 ® Key New Features • GUI Integration Wizards – Windows, Web and Java – All have the same interface, unlike in 6.1 and prior • 64-bit support • Desktop Automation Services (DAS) enhancements • iManager Enhancements • New commands (when Wizard is not enough) • Events & Auditing • Bug fixes 3 © Novell, Inc. All rights reserved.
  4. 4. New in Novell SecureLogin 7 ® • Integration Wizard – Expanded application support – Improved graphical user interface – Drastically simplifies implementation • 64-bit Support – Microsoft* Windows* Vista OS – Microsoft* Windows* 2003 – Microsoft* Windows* 2008 4 © Novell, Inc. All rights reserved.
  5. 5. Changed in Novell SecureLogin 7 ® • Desktop Automation Services (DAS) – Included in MSI reducing install steps – More commands – Configuration editor • Commands – GetCheck/SetCheck standardised – SendEvent enhancment – Read/Click now have -order option 5 © Novell, Inc. All rights reserved.
  6. 6. Events and Auditing • Audit events are written to Windows Event log • Different event types – SecureLogin process – SecureLogin script – Other process > LDAP > SecureWorkstation • Configuration 6 © Novell, Inc. All rights reserved.
  7. 7. SecureLogin Events • EventId 257 GPO Failure • EventId 258 Audit event command • EventId 259 SecureLogin client started • EventId 260 SecureLogin client terminated • EventId 261 SecureLogin client enabled • EventId 262 SecureLogin client disabled • EventId 263 Password provided to the applications • EventId 264 SecureLogin Changed Password for an application • EventId 265 SecureLogin Changed Password automatically for an application • 7 © Novell, Inc. All rights reserved.
  8. 8. Other Events • LDAP Specific – EventId 1 SecureLogin user x has logged in – EventId 2 SecureLogin user has changed the LDAP password – EventId 3 Workstation has been unlocked by a different user, from who locked it • SecureWorkstation Specific – EventId 4 Session has timed out due to inactivity. – EventId 5 Device removal has been triggered – EventId 6 Manual lock has been triggered 8 © Novell, Inc. All rights reserved.
  9. 9. Novell SecureLogin 7 SP1® New Features • Windows 7 support – 32 and 64 bit • More specific support of .NET (WinForms & WPF) applications in addition to Win32 support • More specific support of Oracle Forms applications in addition to Java AWT/Swing support • Integration with Client Login Extension (CLE) for recovering forgotten passwords • Integration wizard also extended for .NET & Oracle Forms 9 © Novell, Inc. All rights reserved.
  10. 10. SecureLogin and Active Directory • Use Microsoft Active Directory as back-end data store • Works in complete Microsoft environments – No Novell eDirectory , no Novell Client , no other Novell ® ™ ™ components needed • Schema extension for AD • Administration through MMC and SLManager • Option to use Group Policies 10 © Novell, Inc. All rights reserved.
  11. 11. SecureLogin Deployment in AD Shared Desktop + Enterprise Terminal Enterprise and DAS Desktop Services Clinical Systems MS Client Application A SSO Novell Application B SecureLogin Application C Active Directory Report Audit Database Server Optional Add-on 11 © Novell, Inc. All rights reserved.
  12. 12. SecureLogin and ADAM • Microsoft ADAM used as back-end data store • Schema extended from ADAM • Administered through SLManager • Used by Microsoft-based customers that don't want to extend AD schema – But many use Exchange and or SMS which has this... 12 © Novell, Inc. All rights reserved.
  13. 13. SecureLogin Deployment in ADAM Shared Desktop + Enterprise Terminal Enterprise and DAS Desktop Services Clinical Systems User is MS Client Application A Authenticated SSO Novell Application B SecureLogin SecureLogin Locates Cache ADAM Instance Synchronization Application C Active ADAM Instance Directory Global Catalog Report Audit Database Server Optional Add-on 13 © Novell, Inc. All rights reserved.
  14. 14. AD Group Policies and SecureLogin • Allows distribution of single sign-on data using directory groups, which usually will be used in enterprises to manage roles • Supports Microsoft Group Policy Object for control over credential and application definition • Group Policies are used to more finely manage and apply directory settings • SecureLogin must be installed with GPO option 14 © Novell, Inc. All rights reserved.
  15. 15. Shared Workstation with AD Desktop Automation Services (DAS) • Runs on the workstation as a (service/app) • Configuration sourced from the directory (or the workstation) – Managed with simple xml file, the 'Actions.xml' • Requires SecureLogin in LDAP mode for fast user switching support (similar for Novell eDirectory to Novell Client ) ® ™ ™ • Detects trigger events – Hot keys – Buttons on desktop and in task bar – SecureLogin and other events • Launches actions based on those events • Configure using GUI editor or as XML using the simple command set to specify event of interest and the actions to take 15 © Novell, Inc. All rights reserved.
  16. 16. Demonstration – 7.0 and 7.0 SP1 New Features • Windows 7 • Wizard • .net App • Oracle Forms app • CLE 16 © Novell, Inc. All rights reserved.
  17. 17. Case Study: Synovus Financial Thomas Manley Information Security Engineer Synovus Financial 17 © Novell, Inc. All rights reserved.
  18. 18. About Synovus Financial Who We Are • A financial services holding company based in Columbus, Georgia. • Synovus provides commercial and retail banking, as well as investment services, to customers through 30 banks and 330 offices in Georgia, Alabama, South Carolina, Florida and Tennessee. • Approximately 6,500 employees 18 © Novell, Inc. All rights reserved.
  19. 19. The Business Case for SSO Front-line employees had to maintain as many as six different passwords Forgotten passwords and locked accounts impacted operations and generated Help Desk calls Password fatigue results in employees… – creating weak passwords – following predictable patterns when changing a password (e.g. incrementing a number) – storing passwords by writing them in a “password journal” An application may not enforce a password policy or comply with the company approved policy 19 © Novell, Inc. All rights reserved.
  20. 20. Proof of Concept (PoC) • Evaluated Novell SecureLogin and a competing ® appliance-based solution • Included 9 essential front-line applications: – 4 Windows applications – 3 mainframe applications – 2 Web applications • Applications share a common credential set • Must be able to leverage directory service attributes • Support for multiple logins per application per user 20 © Novell, Inc. All rights reserved.
  21. 21. Product Selection Novell SecureLogin ® • Tight integration with directory service – Leverages existing systems – Stores encoded user data within the directory – Inherits resilience of the directory architecture – Can query directory attributes for authentication or definition logic • Supports credential provisioning • Robust application definition language 21 © Novell, Inc. All rights reserved.
  22. 22. Implementation • Included 16 front-line applications (inc. PoC apps) – 8 Web applications – 5 Windows applications – 3 mainframe applications • Branded Novell SecureLogin as Synovus Simplified ® Sign-on (SSO) • Video training course provided prior to deployment • Augmented internal training and process documents to include SSO 22 © Novell, Inc. All rights reserved.
  23. 23. Implementation (Cont.) • Deployed SSO using Novell ZENworks® ® • SecureLogin installed in LDAP mode and addressing a layer 4 switch for load balancing • Local cache enabled to provide fail-over access to user credentials • Piloted SSO at one bank for 4 months • Phased deployment to remaining 29 banks and holding company over 2 months 23 © Novell, Inc. All rights reserved.
  24. 24. Support • Trained Help Desk personnel to facilitate SSO enrollment and troubleshooting • Authored and maintaining a Help Desk reference document detailing common troubleshooting procedures • Specified escalation path to provide agile first-, second- and third-tier support • Integrated SSO quality assurance testing into existing application QA testing processes • Identified user acceptance testing group 24 © Novell, Inc. All rights reserved.
  25. 25. The Users Have Spoken “Speeds up the process so much quicker. After I clock in it seems to take no time to have all the screens up that I need to work with.” – Personal Banker “This has been a user-friendly process. Signing on to three applications w/out keying in the password is so much better. Many thanks to your brilliant team.” – Lending Assistant 25 © Novell, Inc. All rights reserved.
  26. 26. Summary Increase productivity Lower costs Mitigate security risks Deliver a quick win 26 © Novell, Inc. All rights reserved.
  27. 27. For More Information • Visit table A5 in IT Central • Walk through the SecureLogin demo in the Installation and Migration Depot • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Visit www.novell.com/securelogin 27 © Novell, Inc. All rights reserved.
  28. 28. Question and Answer
  29. 29. For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit www.novell.com/securelogin 29 © Novell, Inc. All rights reserved.
  30. 30. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

×