Overview of Identity and Access Management Product Line


Published on

Attend the two-hour foundation session on the Identity and Access Management product line from Novell and start your BrainShare right! This session will deliver a high-level overview of the full Identity and Access Management product line. It will highlight how the products work together as an integrated solution, and the session has a modular format so you can attend the product overviews you are most interested in. The session will provide real life examples of integration-focused benefits, followed by a 25 minute overview and update on each of the products: Novell Identity Manager, Novell Access Manager and Novell SecureLogin.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Overview of Identity and Access Management Product Line

  1. 1. Overview of Identity and Access Management Product Line
  2. 2. Presenters Ajay Sharma Kamal Narayan Product Marketing Manager Product Manager Novell, Inc. nkamal@novell.com Baber Amin Business Line Manager, Lee Howarth Novell, Inc. baber@novell.com Product Manager, Novell, Inc. lhowarth@novell.com Bob Bentley Product Manager Novell, Inc. bbentley@novell.com 2 © Novell, Inc. All rights reserved.
  3. 3. Risk to The Enterprise is Rising 3 © Novell, Inc. All rights reserved.
  4. 4. Complex Times, Complex Challenges • How do I manage changes to user identities and access rights? • How do I improve the productivity of my IT staff and end users? • How do I reduce password-related calls to the helpdesk due to stronger password policies? • How do I ensure that users have the right access to systems so I can minimize risk? • How do I manage access for partners, customers and other users outside my organization? • How do I maintain strong, agile control over resource and information access to comply with current regulations? 4 © Novell, Inc. All rights reserved.
  5. 5. Novell Identity and Access ® Management Solutions Novell Identity and Access Management solutions help you address the fundamental problem of managing “who has access to what,” so you can trust that your business is secure. 5 © Novell, Inc. All rights reserved.
  6. 6. Identity and Security Solutions Identity and Access Management Capabilities • User Provisioning and Management • Roles Management • Simplified, Secure Access 6 © Novell, Inc. All rights reserved.
  7. 7. Identity and Security Solutions Identity and Access Management Products • Novell Identity Manager ® • Novell Access Manager ™ • Novell SecureLogin 7 © Novell, Inc. All rights reserved.
  8. 8. Novell Identity and Access ® Management Solutions Capabilities User Provisioning and Simplified, Secure Access Management IT End User Line-of- Business Manager Roles Management 8 © Novell, Inc. All rights reserved.
  9. 9. Novell Identity Manager ® Overview Bob Bentley Product Manager Novell, Inc./ bbentley@novell.com Kamal Nayaran Product Manager Novell, Inc. /nkamal@novell.com
  10. 10. Novell Identity Manager ® Enable your organization to be more open and agile without limiting security, control or compliance. Integrate, automate, and secure access to information for customers, partners, and employees. Maintain clear visibility of people, actions, and compliance, past and present. The result: Simplify and secure the enterprise while controlling costs and meeting regulatory demands. 10 © Novell, Inc. All rights reserved.
  11. 11. Your Identity Challenges • Provisioning new users - Users wait up to 3 weeks for activated accounts • Managing users - Help desk costs $25-40 per call for password resets, with 25-35% of calls related to password resets • De-provisioning users - 30-60% of existing accounts are invalid • Deploying new initiatives - Up to 30% of development time is for controlling access to applications and data • Reconciling user data - 100+ user data sources at typical firm provide out-of-sync and untrustworthy identity data • Protecting trust - Many new privacy and regulatory requirements around the world • Achieving compliance – Up to 25% of IT budget is consumed to support compliance 11 © Novell, Inc. All rights reserved.
  12. 12. How Does Novell Identity Manager Help? ® Security Cost • Revoke system access in minutes, not • Reduce your help desk costs by 40% days • Automate manual processes and work- • Manage all password policies centrally flows • People get access to only what they need • Extend the value of legacy applications based on business roles • Simplified implementation and • Eliminate siloed and duplicative systems administration • End vendor lock-in and high switching costs Compliance • Clear visibility into who has access to Agility what, when and how they got it, and who approved it • Integrate new businesses in days, not months • Historical/forensic review of access • Hire a new employee and have all their • Insightful risk metrics illuminate systems ready automatically on their start compliance conflicts date • Easy policy updates to stay current • Empower users with provisioning control • Instant documentation for auditors • Have business decisions drive IT and not the other way round 12 © Novell, Inc. All rights reserved.
  13. 13. Novell Identity Manager 4 ® Product Family Compliance Management Platform IDM 4 “Dorado” IDM 4 “Capricorn” 13 © Novell, Inc. All rights reserved.
  14. 14. Identity Manager Architecture Logical View Your Portal/ Customers/ Mobile Webtop Web Services/ Business CISO Compliance/ Employees Partners/ Developers and Custom Managers Auditor Contractors Consultants Key Functional Capabilities White Pages/ Business Approval Work- Role-based Advanced Role and Compliance Self-Service/ Resource flow User Mgmt/ Reporting Policy Content Pwd Mgmt Request Deleg Admin and Metrics Mapping Major Components Real-time Data RBAC Identity Work-flow Historical Deployment Reporting Open APIs and Mgmt Integrity Model Vault System Warehouse Tools Connectors Directories Help Desk Databases Credentialing Applications OS and Telephone and Cloud and SaaS File Systems Building Access 14 © Novell, Inc. All rights reserved.
  15. 15. Identity Manager in Operation Promotion PROVISION ROLE-BASED USER ADMINISTRATION Employee, Customer, Partner, Volunteer Relationship Begins Move Locations Manager, REPORT AND Resource MONITOR Owner Auditor, Security Lead New Project REQUEST AND Relationship Ends ? APPROVAL x PASSWORD Forgot Password MANAGEMENT Password Expires PASSWORD MANAGEMENT 15 © Novell, Inc. All rights reserved.
  16. 16. Industry- Leading Provisioning • Automated Provisioning New employees automatically granted access to – everything needed on their first day The right people – Robust request and approval workflow system get access to the – Revoked access occurs in minutes right resources at • Role-based Management the right time, and – Automatically assigns and updates resources based nothing else. on users' business roles – Respects Segregation of Duties between roles • Identity Data Synchronization – Maintains integrity of user information throughout the organization – Enforces authority of identity information—the right data from the right sources – Updates propagate within moments 16 © Novell, Inc. All rights reserved.
  17. 17. Powerful User Tools • Password Management Enforce system-wide strong password policies – Empowering users Password management webtop helps users – change or recover passwords with critical tools – Bi-directional password synchronization while enforcing appropriate • User Self-Service security and – Users can initiate their own access requests and password changes reducing your – Significantly reduces management costs and time costs. to productivity • Delegated Administration – Business managers or department leaders can manage their users, reducing dependence and burden on IT 17 © Novell, Inc. All rights reserved.
  18. 18. Advanced Reporting and Metrics • Insightful reports Meaningful insight – Variety of out-of-the-box report templates into how your – Reporting on present and past states, plus activity over time organization's – Spans both the Identity Vault and connected systems mission critical – Ready report customization through open report user provisioning template standards is operating, and • Robust automation the ability to prove – Visual report scheduling – one time or recurring compliance. – Policy-based data collection and storage – Automatic report distribution to critical stakeholders and storage of completed reports • Powerful compliance support – Current and forensic review of identity and user provisioning related data 18 © Novell, Inc. All rights reserved.
  19. 19. Policy Mapping and Integration • Role Mapping Administrator Letting business – Automatically discovers authorizations that can be granted within your major IT systems users Intelligently – Allows business users (not just consultants, IT staff or connect the developers) to define and maintain which authorizations policy dots are associated with business roles between the Result: associated authorizations are automatically – provisioned to business role members major IT systems your organization • Breakthrough innovation in how your identity system is “programmed” depends on. – Visual, drag and drop, business-user-friendly tool – Order-of-magnitude reduction in time, effort, cost – Applies to both initial setup and ongoing maintenance of policy to keep it business-relevant • Sustainable access compliance – Works between Novell IDM, SAP, SharePoint, etc. ® 19 © Novell, Inc. All rights reserved.
  20. 20. Ready for Cloud Computing • Uniquely ready for the challenges of the Ensuring your Cloud Computing organization is – Cloud-ready architecture makes the location of ready for—and resources transparent—on-site, hosted, or both taking full – User organizations enjoy the same security, management capabilities and predictability whether advantage of— inside the organization or out in the cloud cutting edge IT • Seamless integration with SaaS and trends. hosted solutions – User provisioning/de-provisioning, request/approval processes, password changes, identity profile updates, reporting, etc. • Powerful tools make the hosted business model transparent, scalable and efficient – SaaS application support with scalability and high availability to ensure compliant SaaS processes 20 © Novell, Inc. All rights reserved.
  21. 21. Intelligent Content Control • Protects your configuration IP and Allows simplifies troubleshooting customization of – Leverages and protects your tremendous investments in policies, work-flow definitions, and other configuration IDM to your – Alerts you when you're changing something that is used environment in multiple places and could have unintended effects without getting – 'Factory Mode' temporarily overrides any changes made painted into a and/or allows return to clean slate corner • Enables content libraries – Capture, archive, share, reuse good policy elements – Integrators can create their unique 'canonical' approach • Future: Out-of-the-box Business Relevance via Compliance Content Packs from Novell ® – Addressing key compliance needs aligning to regulations such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II, FERC/NERC, etc. 21 © Novell, Inc. All rights reserved.
  22. 22. Improved User Experience • Work Dashboard – A single consolidated view bringing together upcoming tasks, resource and role assignment, status of Providing outstanding requests, etc. controls in the – “Much less clicking” hands of users • Resource Model and Assignments Dashboard to enhance – A clear, easily understood view of who currently has access to what productivity – Eliminates the “tech speak gap” for ordinary users who need to make decisions about who should get what • Built in SSO Support – Out-of-the-box integration with AD/Kerberos ticket systems, SAML assertions, and SAP Logon ticket systems – Eliminates the need for an external SSO tool when accessing IDM 22 © Novell, Inc. All rights reserved.
  23. 23. New Work Dashboard 23 © Novell, Inc. All rights reserved.
  24. 24. Industry-leading Deployment Tools • Designer Bringing the – Model, deploy and document identity policies “industrial – Explore “what if” scenarios revolution” to the – Version control, save/archive and reuse efforts highly manual, – Up to 50% less cost in deployment expensive • Analyzer process of rolling – Evaluate, cleanse and prepare identity data within out identity systems to be managed management. – Up to 80% less time and effort in manual-intensive prep work 24 © Novell, Inc. All rights reserved.
  25. 25. Development Platform • True identity services architecture Easily consume, – Modular, accessible functions manage and interact with identity • Easily consumed into your environment (“mashup”) management functions however Your company portal you need to. – – Custom or mobile application – Help desk or other business processes • Over 100 standards-based identity services – REST, SOAP, LDAP, JDBC, etc. – Management and end-user actions 25 © Novell, Inc. All rights reserved.
  26. 26. Award-Winning Technology Ahead of the Competition Information Security Magazine 2007 and 2008 Reader's Choice Award Novell Identity Manager, this year's identity management winner is widely regarded as the market leader, automating user provisioning to get employees what they need—and only what they need—to get to work quickly. —Second year in a row, Gold Medalist 2007 Global Product Excellence Customer Trust Award • Novell Identity Manager 3.5 for Excellence in Identity Management ® • Novell Access Manager for Excellence in Access Management ® ™ • Novell Sentinel 6 for Excellence in Security Management ® ™ 2008 SIIA 23rd Annual Codie Awards “Best Security Solution • Novell Identity and Security Management Portfolio, Novell, Inc.” “For large and growing mid-sized organizations Novell Identity Manager 3.5 is our hands-down choice. For functionality, ease of use, and overall support, we rate this our Best Buy”. - SC Magazine 26 © Novell, Inc. All rights reserved.
  27. 27. Industry's Best Partners 27 © Novell, Inc. All rights reserved.
  28. 28. Nearly 7000 Customers 28 © Novell, Inc. All rights reserved.
  29. 29. www.novell.com/identitymanager 29 © Novell, Inc. All rights reserved.
  30. 30. Novell Access Manager ® ™ Lee Howarth Product Manager, Novell, Inc. /lhowarth@novell.com
  31. 31. Novell Access Manager ® ™ Single solution protects both Web and enterprise applications Enables organizations to rapidly deploy secure online services Designed to help reduce management overhead and infrastructure costs Integrated Identity Federation – Out of the box support for all major specifications 31 © Novell, Inc. All rights reserved.
  32. 32. Customer Pain Points Security and Compliance • Need to provide secure access to resources • Need to prove who accessed what • Users have too many IDs and passwords to remember Cost and Complexity • Many different Web applications • Infrastructure costs are too high • Help desk costs are too high Agility • Constant changes to the environment: new applications added all the time and identity stores scattered across the enterprise • Need to deliver partner-enabled services (SSO) • Acquisitions 32 © Novell, Inc. All rights reserved.
  33. 33. How Does Novell Access Manager Help? ® ™ Security Cost Business and Compliance and Complexity Agility Protects Web and Provides Web SSO Supports any enterprise applications without modification to standard HTTP Web (Web and SSL VPN) Web servers server Provides Web SSO No need for separate Supports multiple SSL VPN and/or VPN identity stores in any Provides advanced solution combination levels of authentication Reduces infrastructure Integrated identity Costs (SSL certificates federation Provides traceability and IP addresses) (Who logged in and where did they go) Federation enables existing applications 33 © Novell, Inc. All rights reserved.
  34. 34. Novell Access Manager Components ™ 34 © Novell, Inc. All rights reserved.
  35. 35. Product Milestones Since 2009 • Novell Access Manger 3.1 – Jan 2009 ® ™ – WS-Federation and Information Card Support – SSL VPN Enhancements – Improved Administration – Additional Platform Support – Additional APIs • Novell Access Manager 3.1 SP1 – July 2009 – Identity Server Session Failover – Non-Redirected Login – Full Tunneling SSLVPN – Customized Login Page Enhancements – Session-based Logging 35 © Novell, Inc. All rights reserved.
  36. 36. WS-Federation and Information Cards • Comprehensive SSO – Builds on the strengths of Novell Access Manager 3.0 – out of ® ™ the box SSO to any standard web server – Adds WS-Federation to SAML and Liberty Alliance support – Adds support for Windows CardSpace (Information Cards) • Microsoft SharePoint Integration – Worked closely with Microsoft to develop an test ADFS-based SSO – Perfect solution for enterprises that use a primary identity store other than Active Directory (Novell eDirectory , Sun etc). ™ – Transforms Identity (LDAP / Federation) into ADFS-claims that can be used for policy decisions in MS SharePoint 36 © Novell, Inc. All rights reserved.
  37. 37. Managing Access to SharePoint Architectural View • SharePoint user management for multiple communities – Options: > Manual registration / management > Identity management / provisioning – Issues > Increases management overhead > Doesn't support federated access beyond WS-Federation eDirectory ™ “Employees” Microsoft SharePoint Active Active Directory Directory “SharePoint” “Business Units” Sun One “Customers” 37 © Novell, Inc. All rights reserved.
  38. 38. Managing Access to SharePoint with Novell Access Manager ® ™ • Simplified access to MS SharePoint – User authenticates to Access Manager Novell (Direct or Federated) Access eDirectory ™ Manager “Employees” > Access Manager can validate identities across multiple identity stores as well as federated authentication from partners using SAML, WS- Fed or Liberty Alliance Active Directory – User accesses SharePoint “Business Access Manager Units” > Access Manager transforms LDAP and transforms LDAP federated identity into claims that are forwarded and Federated Identity into ADFS to Active Directory Federation Services (ADFS) claims Sun One “Customers” – SharePoint Administrator – Mr. Happy > Associates claims to SharePoint groups > No need to manage individual identities for all users that need to access SharePoint – Improved user experience > Single Sign-On to SharePoint and Microsoft other Web resources protected by Access Active SharePoint Directory Manager “SharePoint” 38 © Novell, Inc. All rights reserved.
  39. 39. SSL VPN Enhancements • Simplified Deployment – Removed dependency on Access Gateway authentication • Perfect for remote offices • Improved Management – Client Integrity Checking Level authorization policies – Role-based control of client (Enterprise or Kiosk) • Security Enhancements – Desktop Cleanup • History, Cache – Secure Folder 39 © Novell, Inc. All rights reserved.
  40. 40. Management and Customization • Streamlined Management Interface – Lower level policies to govern delegated administration • Authorization API – Enables integration with non-LDAP policy information points – Adds to existing authentication and identity injection APIs • Additional Platform Support – Windows Server for Identity and Admin Servers – AIX version of J2EE Agent for IBM WebSphere 40 © Novell, Inc. All rights reserved.
  41. 41. Future Releases • Novell Access Manager 3.1 SP2 – April 2010 ® ™ – Timeout per protected resource – SAML/eGov Certification – Access Gateway Service • Novell Access Manager futures – Web Agent Enforcement Points – SAML Enhancements (Simplified Configuration) – Performance Optimization in Virtual Environments – Identity Services – Single Box Installation 41 © Novell, Inc. All rights reserved.
  42. 42. www.novell.com/accessmanager 42 © Novell, Inc. All rights reserved.
  43. 43. Novell Secure Login ® Baber Amin Business Line Manager, Novell, Inc. /baber@novell.com
  44. 44. Novell SecureLogin ® • Enable single sign-on to Web, JAVA and enterprise applications • Reduce costs • Enhance security with improved productivity • Support compliance efforts 44 © Novell, Inc. All rights reserved.
  45. 45. Novell SecureLogin Mitigates Risk 45 © Novell, Inc. All rights reserved.
  46. 46. Novell SecureLogin Reduces Costs 46 © Novell, Inc. All rights reserved.
  47. 47. Novell SecureLogin ® Improves Productivity 47 © Novell, Inc. All rights reserved.
  48. 48. Novell SecureLogin and Compliance ® 48 © Novell, Inc. All rights reserved.
  49. 49. Novell SecureLogin ® 49 © Novell, Inc. All rights reserved.
  50. 50. Password Synchronization Workstation Mainframe Username 1 / Password Mainframe Password: 123456 SAP Username 2 / Password Synchronized SAP App Password: passwords are 123456 limited to the “lowest NOS common Username 3 / Password Network OS Password: denominator” of 123456 the connected systems. Win32 Username 4 / Password Password: Win32 App 123456 50 © Novell, Inc. All rights reserved.
  51. 51. Enterprise Single Sign-on Partner App Password: acme01 Mainframe Password: 123456 SAP Password: Passwords are john077 as strong as User Workstation each application NOS will permit. Novell Password: SecureLogin carpediem09 Win32 Password: surferdude85 Gmail Password: 51 © Novell, Inc. All rights reserved. jj2500
  52. 52. Pre-provision User Credentials Supplemented by ESSO SAP HR E-mail Linux Mainframe Password: Password: FV25I68 mfe009678 Novell Identity Manager Identity & Credential Store (eDirectory) Novell SecureLogin User 52 © Novell, Inc. All rights reserved.
  53. 53. Web Access Management Supplemented by ESSO Internal Web Applications Novell SecureLogin Expense Reportin g User Portal Interface Benefits Web Access Directory Time Off Management Infrastructure External Web Applications Partner App Web Mail 53 © Novell, Inc. All rights reserved.
  54. 54. Novell SecureLogin ® 1H 2010 2H 2010 2H 2010 2011 NSL 7.x • eSSO Server / appliance offering • Zero day upgrade • Modular Client • Automated patch NSL 7.x management • UCF driven reports • Automated patch management • Modular Client • Supporting delegated NSL 7.x access • Enhanced support for re- • Emergency access capability • authentication Integrated OTP • FDE support • eSSO to SaaS applications • Flash application support NSL 7.0 SP1 • Windows 7 support • Oracle Forms • .NET and basic WPF support • SAP environment support 54 © Novell, Inc. All rights reserved.
  55. 55. For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit www.novell.com/securelogin 55 © Novell, Inc. All rights reserved.
  56. 56. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.