Rozwi¹zania Quest dl..


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • INTERNAL WHITEBOARD Put it by your desk Carry it in your briefcase
  • Important to understand and articulate that provisioning is NOT a one time event. There is a lifecycle to a user (new hire, job transfers and changes, and termination) and that the provisioning system they choose must consider the lifecycle and not simply new hire provisioning!
  • What process do you currently use for resetting forgotten passwords and unlocking Active Directory accounts? What kinds of calls comprise a substantial amount of your total Help Desk call volumes? How much of your users’ productivity is lost due to downtime caused by locked access to system resources? (In other words – how long, generally, does it take your Help Desk personnel to reset a user’s password or unlock an account?) How much cost/expense do you think each call requires of your group? -------------------------------------- META Group White Paper: The Value of Identity Management found that 45 percent of help desk calls are for password resets, and that automating password reset automation reduces this call volume by approximately one-third! Password resets are the second most common reason workers call help desks, accounting for about one in four help desk requests, according to the Gartner Group, an IT research company. At an average cost of US$22 per call , according to Gartner, that adds up fast, especially for large-scale enterprises and midsize organizations. According to the Gartner Group, 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about $70 . Password-related help desk calls may cost as much as $30 a call , according to a Meta Group study. In a Gartner Case Study – A large US beverage company saved $600,000 in only one year by using automated password reset software!
  • What are your concerns around security and stronger password policies? Do you have reports that show how many failed log-on attempts have been made or unlocked accounts exist? Do you have automatic alerts sent to key administrators when certain conditions occur? ----------------------------------------------------- GINA Extensions for Pre-Logon Access without Deploying KIOSKs: To make password reset easy for users, administrators can update the Windows logon dialog box to display a button that users can click to reset their passwords prior to logon. This eliminates the need to configure public kiosks or expensive telephone-based systems.
  • What is it? Self-Service Password Management - Password Reset Manager offers self-administration of passwords and locked accounts, with stringent enforcement of security policies Why should we spend our limited budget on it? It can virtually eliminate password-related calls to the help desk, minimize employee downtime, and strengthen security What is the real value? Can re-deploy or reduce help desk staff, increase user productivity by decreasing the time to gain network access – now you can implement stronger security policies and know that it will not increase call volumes to help desk! Graphically illustrate the solution and how it provides business value (show rather than tell).
  • Active Directory administrators will note that there are technical challenges in dealing with diagnostics and troubleshooting of Active Directory, as well.
  • View Active Directory site and replication topology graphically and visually detect problem areas Accelerate time-to-resolution of Active Directory replication, performance, and availability problems Gain immediate feedback from arsenal of analysis tests, identify problem machines and drill-down to resolve problem
  • Graphically represents the flow of data from the network through the various processes on a domain controller (DC) Visually indicates resource bottlenecks, degraded performance, and exceeded thresholds Enables further drill-down, expert help, knowledge base references, and resolution suggestions
  • Reduced TCO – Many organizations have already invested in 2003 for change and configuration management of Windows resources. For those organizations that have implemented SMS, Quest Management Xtensions for SMS provides a seamless path to enterprise-wide systems management using the tools already in place. With Quest Management Xtensions for SMS, organizations realize efficiencies by maximizing the reach, scope, and value of SMS. SMS for Unix, Linux and Mac – Quest Management Xtensions for SMS combines with SMS 2003 to provide a single tool for change and configuration management of Windows, UNIX, Linux, and Mac OS X systems. With Quest Management Xtensions for SMS non-Windows systems functionally act as SMS Advanced Clients to create a powerful, scalable, and easy-to-use management platform for management of the entire enterprise One Systems Management Tool – SMS 2003 provides an ideal platform for managing Windows resources. Its capabilities are seamlessly and natively extended to UNIX, Linux, and Mac OS X systems through Quest Management Xtensions for SMS. Without investing in additional infrastructure, additional training, more staff, or complex and difficult to implement enterprise console solutions, Quest Management Xtensions for SMS allows organizations to consolidate systems management around a single solution—SMS 2003—extended across all platforms. Simplified Management – Typical enterprise systems management solutions require complex and difficult to manage infrastructure that also requires additional resources to deliver and support. With Quest Management Xtensions for SMS the existing, proven, and trusted solution for change and configuration management in the Windows environment can be natively extended to UNIX, Linux, and Mac OS X environments.
  • Rozwi¹zania Quest dl..

    1. 1. Manage Your AD Infrastructure with Quest Tools QDP/Microsoft Road Show Lee Elliott – Quest Systems Consultant EMEA
    2. 2. Identity integration into Active Directory (Vintela Authentication Services and Vintela Single Sign-on for Java) Enterprise Group Policy (Vintela Authentication Services) SMS Integration (Quest Management Xtensions for SMS) MOM Integration (Quest Management Xtensions for MOM) Event Log Management (InTrust) Rules & Roles-based Administration (ActiveRoles Direct) User Provisioning (ActiveRoles Server) Diagnostics & Troubleshooting (Spotlight on AD) Online, Granular Recovery (Recovery Manager for AD) GPO Management (Group Policy Manager) Self-Serve Password (Password Manager) Password Management (Password Manager) Change Control & AD Lockdown (InTrust for AD) Pre/Post Migration Reporting/Analysis ( Reporter) NT4.0  Active Directory (Domain Migration Wizard) NDS eDirectory  AD (NDS Migrator AD  AD (Migration Manager for AD) E-mail Archival (Archive Manager) Usage Analysis (MessageStats) E-Discovery (Recovery Manager for Exchange) Compliance Reporting (MessageStats) Personal Folder Mgmt (Archive Manager) Diagnostics & Troubleshooting (Spotlight on Exchange) Message-level Recovery (Recovery Manager for Exchange) Multi-org Collaboration (Collaboration Services) High Availability (Availability Manager for Exchange) Exchange 5.5  Ex 2003 (Exchange Migration Wizard) Notes  Ex 2003 (Notes Migrator for Exchange) GroupWise  Ex 2003 (GroupWise Migrator for Exchange) Ex 200X  Ex 2003 (Migration Manager for Exchange) Event Log Management (InTrust) File / Folder User Access Reporting (Reporter) Storage Analysis (Storage Manager) File & Print Servers (Storage Consolidator) Active Directory Management Exchange Management Windows Management SharePoint Unix / Linux e-Discovery (Site Administrator for SharePoint) Usage Analysis (Site Administrator for SharePoint) Global Policy Management (Site Administrator for SharePoint) Centralized Administration (Site Administrator for SharePoint) Exchange Public Folders  SharePoint 2003 / 2007 (Public Folder Migrator for SharePoint)
    3. 3. Introducing Active Roles Server “ The Practical Way to Provision, Manage, and Secure Active Directory” <ul><li>The Challenge </li></ul><ul><ul><li>Providing employees secure access to resources needed across the network (user provisioning) is complicated yet critical. Provisioning is not a one-time event. Reprovisioning and deprovisioning continually require administrators’ time and attention. Duplicate data entry into Active Directory and HR and ERP systems is time-consuming and error-prone. </li></ul></ul><ul><li>Quest Solution </li></ul><ul><ul><li>ActiveRoles Server can help you automatically provision, re-provision and more importantly, de-provision users quickly, efficiently and securely in AD and beyond. ActiveRoles Server provides strictly enforced role-based security,automated group management, change approval and easy-to-use Web interfaces for self service, to achieve practical user and group lifecycle management for the Windows enterprise. </li></ul></ul>
    4. 4. So what is Provisioning anyway? “ New Boy” Active Directory Domain
    5. 5. Provisioning Lifecycle <ul><li>Reprovisioning (Promotion) </li></ul><ul><li>Promotions or Transfers </li></ul><ul><li>Project Assignments </li></ul><ul><li>Information updates </li></ul><ul><li>Deprovision (Retire) </li></ul><ul><li>Employment Status Changes </li></ul><ul><li>Disable Accounts </li></ul><ul><li>Disable Access to Resources </li></ul><ul><li>Assign Entitlements to others </li></ul><ul><li>Identity Administration </li></ul><ul><li>Information updates </li></ul><ul><li>Group and Distribution List Membership Changes </li></ul><ul><li>Self-service </li></ul><ul><li>New User is Provisioned (Hire) </li></ul><ul><li>User Account Creation </li></ul><ul><li>Mailbox and Home Folders Creation </li></ul><ul><li>Group and Distribution List Memberships </li></ul><ul><li>Access to Applications Granted </li></ul><ul><li>Accounts in Connected Systems Created </li></ul><ul><li>E-mail notifications </li></ul>
    6. 6. Business Issues <ul><li>Providing employees secure access to resources needed across the network (user provisioning) is complicated yet critical. </li></ul><ul><li>Provisioning is not a one-time event. Reprovisioning and deprovisioning continually require administrators’ time and attention. </li></ul><ul><li>Duplicate data entry into Active Directory and HR and ERP systems is time-consuming and error-prone. </li></ul><ul><li>Native Active Directory tools can’t ensure administrative security or data integrity. </li></ul>
    7. 7. Business Issues – Bigger Picture <ul><li>Compliance </li></ul><ul><li>Identity Management </li></ul><ul><li>Process Management </li></ul><ul><li>IT Efficiency </li></ul><ul><li>User Productivity </li></ul><ul><li>Lowers Total Cost of Ownership </li></ul><ul><li>Decreases potential risk: </li></ul><ul><ul><li>After being terminated, a former administrator to a transportation services company deleted the company’s customer database and changed system passwords . </li></ul></ul><ul><ul><li>After being fired, a former employee accessed his company’s servers, deleted 675 files, changed access control levels, altered billing records, and sent email with false statements about the company to hundreds of its customers </li></ul></ul>
    8. 8. What does ActiveRoles Server do ? ActiveRoles Server offers a practical approach to automated Active Directory user provisioning and administration, for maximum security and efficiency
    9. 9. Introducing Password Manager “Empower users, reduce support costs, and strengthen security” <ul><li>The Challenge </li></ul><ul><ul><li>Password resets are the leading source of requests for help desk assistance. The pain of password management is becoming more pervasive as organizations strive for more stringent security policies. Longer, more complex passwords that must be changed more frequently increase the likelihood that users will forget them and place a call to support. As a result, many organizations are caught between increasing security and reducing user support costs. </li></ul></ul><ul><li>Quest Solution </li></ul><ul><ul><li>Password Reset Manager provides a simple, secure, self-service solution that allows end users to reset forgotten passwords and unlock their accounts. It also allows administrators to implement stricter password policies while reducing the help desk workload. Organizations no longer have to sacrifice security to reduce costs. </li></ul></ul>
    10. 10. I have forgotten my password!! <ul><li>User forgets their password </li></ul><ul><li>User tries various combinations of old passwords </li></ul><ul><li>Eventually User gives up and contacts helpdesk </li></ul><ul><li>If possible, helpdesk responds - if not issues “ticket” </li></ul><ul><ul><li>Common ratio for large companies – 1 helpdesk admin/6000 users! </li></ul></ul><ul><li>In the meantime User cannot access any resources ie e-mail, shares, printers etc </li></ul><ul><li>Eventually the helpdesk resets the User password and the User is productive. </li></ul>
    11. 11. Business Challenges <ul><li>Increase security through comprehensive control over user account passwords </li></ul><ul><li>Decrease costs by reducing or eliminating expensive password related help desk calls </li></ul><ul><li>Increase productivity through a simple and secure self-service password management solution that is guaranteed to be used </li></ul><ul><li>Provide a single location for all user to manage Active Directory or other passwords </li></ul>According to the Gartner Group, 20% to 50% of all help desk calls are for password resets
    12. 12. Technical Challenges <ul><li>Increase security with password complexity policies that go beyond those provided by Active Directory </li></ul><ul><li>Select a simple and cost effective solution </li></ul><ul><li>Enforce end-user participation to guarantee ROI </li></ul><ul><li>Audit and alert administrators and users when relevant events or activates occur </li></ul>Forrester Research states that the average help desk labor cost for a single password reset is about $70
    13. 13. What does Password Manager do ? <ul><li>Secure Authentication </li></ul><ul><li>Strict password policy enforcement </li></ul><ul><li>Auditing and alerts </li></ul><ul><li>Intuitive and easy to use and deploy </li></ul><ul><li>GINA extensions for pre-logon password reset </li></ul>Or Help Desk
    14. 14. Introducing Spotlight on AD “Find and fix problems in Active Directory” <ul><li>The Challenge </li></ul><ul><ul><li>Administrators spend too much time troubleshooting and reacting to problems in Active Directory (AD). Problems like out-of-date Group Policy Objects (GPOs), missing DNS registrations, failed AD services and performance problems on domain controllers. This can have wide-reaching effects, including system downtime and directory unavailability. </li></ul></ul><ul><li>Quest Solution </li></ul><ul><ul><li>Spotlight acts as a real-time diagnostic tool for troubleshooting and rapid resolution of replication, performance and availability problems in AD environments. Spotlight provides a clear view of domain controller processes, an easy way to identify resource bottlenecks, and a consolidated view of AD and system status </li></ul></ul>
    15. 15. Technical Challenges <ul><li>Administrators cannot quickly identify the root cause of problems in AD and promptly resolve them. </li></ul><ul><li>Administrators do not have a clear view of domain controller processes or an easy way to identify resource bottlenecks. </li></ul><ul><li>Administrators do not have a consolidated view of AD and system status. </li></ul><ul><li>Performance alerts are raised in a monitoring console, while related diagnostic information is available through a separate interface, requiring manual work to correlate and resolve issues </li></ul>
    16. 16. What does Spotlight on AD do ?
    17. 17. Live Topology View
    18. 18. Unified Diagnostic Console
    19. 19. Introducing Vintella Authentication Servives “Integrate Unix into Active Directory” <ul><li>The Challenge </li></ul><ul><ul><li>Heterogeneity is the standard </li></ul></ul><ul><ul><li>Mixed Linux, Unix and Windows environments are a fact of life </li></ul></ul><ul><ul><li>Customers need to reduce IT complexity </li></ul></ul><ul><ul><li>Interoperability is a key business concern </li></ul></ul><ul><ul><li>Linux, Unix and Windows-based environments continue to grow </li></ul></ul><ul><ul><li>Specialized applications in these environments add to the problem </li></ul></ul><ul><li>Quest Solution </li></ul><ul><ul><li>VAS extends Windows identity to encompass Unix and Linux. This allows standardize x-platform password policies around AD and the ability to centralize user and group management within AD. The solution is also scalable supporting large AD deployments and forests. </li></ul></ul><ul><ul><li>Quest Management Extensions for MOM and SMS extend the capabilities of these applications to Unix and Linux. Simplifies and improves management allowing a single point of management. No additional training or systems required </li></ul></ul>
    20. 20. Web Services Policy Management Authentication and Identity Management Systems Management Health Monitoring IT Infrastructure Pain Points Microsoft Products and Technology .NET Group Policy Active Directory MIIS SMS 2003 MOM 2005 Unix, Linux, Java, and Macintosh Technology PHP Java CGI Config Files /etc file systems .Profile, etc . NIS PAM NSS LDAP /Proc File sys Static Conf files OS-specific utilities SAM, SMIT /Proc SNMP OS-specific, application-specific event systems Quest Products & Technology WBEM/SNMP Quest Management Extensions WBEM Quest Management Extensions Kerberos/LDAP Vintela Authentication Services Vintela Group Policy Vintela Single Sign-on for Java ? ? ? ? ?
    21. 21. Vintela Authentication Services <ul><li>Native integration of Unix/Linux into Active Directory </li></ul><ul><ul><li>Enables Active-Directory based SSO for heterogeneous systems </li></ul></ul><ul><li>Secure authentication and authorization </li></ul><ul><ul><li>Integration – not synchronization – between diverse systems </li></ul></ul><ul><ul><li>All credentials & identity information reside within Active Directory </li></ul></ul><ul><li>Complete NIS replacement </li></ul><ul><li>Unix Identity Management using RFC 2307 Schema </li></ul><ul><li>Extensive platform support: </li></ul><ul><ul><li>HP-UX, AIX, Solaris, Red Hat, SuSE </li></ul></ul><ul><li>Foundation for Group Policy on Unix/Linux </li></ul><ul><ul><li>Ships with Vintela Group Policy </li></ul></ul>
    22. 22. Vintela Group Policy (included with VAS) <ul><li>Extensible framework that extends Microsoft Group Policy to Unix and Linux clients through the native Active Directory interface </li></ul><ul><li>Extends policy-based management to Unix and Linux clients </li></ul><ul><ul><li>Control access to client machines </li></ul></ul><ul><ul><li>Scripting </li></ul></ul><ul><ul><li>Single point of access for the entire enterprise </li></ul></ul><ul><ul><li>Supports native Unix utilities from Active Directory (Sudo, Cron, etc.) </li></ul></ul><ul><li>Extended cross-platform support </li></ul><ul><ul><li>Solaris, HP-UX, AIX, and Linux (SuSE and Red Hat) </li></ul></ul>
    23. 23. Vintela Management Extensions <ul><li>SMS snap-in allows IT administrators to manage Unix, Linux and Mac OS X systems within SMS. </li></ul><ul><li>Extends the existing SMS framework and admin tools </li></ul><ul><ul><li>Uses the existing Management Points and Distribution Points </li></ul></ul><ul><ul><ul><li>VMX clients acts like an SMS Advanced Client </li></ul></ul></ul><ul><ul><ul><li>WBEM/CIM based – WMI for Unix </li></ul></ul></ul><ul><ul><li>Native systems management using SMS for Unix, Linux, Mac OS X </li></ul></ul><ul><ul><ul><li>Solaris, HP-UX, AIX, Mac OS X, and Linux </li></ul></ul></ul>
    24. 24. Extending the Power of Microsoft Management Solutions Only from Microsoft and Quest
    25. 25. Key Capabilities and Business Value <ul><li>Reduced TCO </li></ul><ul><ul><li>One point-of-management / One console </li></ul></ul><ul><ul><li>Eliminate repetitive, platform – specific tasks </li></ul></ul><ul><li>Extends Microsoft Solutions to Heterogeneous Systems </li></ul><ul><ul><li>Non-Windows systems act as MOM and SMS Advanced Clients </li></ul></ul><ul><ul><li>Extend core functionality of Windows solutions </li></ul></ul><ul><ul><ul><li>MOM/OM: Application & Server Monitoring, Event & Performance Management, Proactive Automated Response, Reporting </li></ul></ul></ul><ul><ul><ul><li>SMS/CM: Software & Patch Distribution, Hardware & Software Inventory, Software Metering, System Discovery, Remote Management </li></ul></ul></ul><ul><li>Leverage Existing Investments </li></ul><ul><ul><li>Native integration means core tasks can be managed from within a single infrastructure </li></ul></ul><ul><li>Simplify management </li></ul><ul><ul><li>Complexity goes down, while ROI goes up </li></ul></ul>
    26. 26. Extensive Platform Support <ul><li>RedHat Enterprise Linux – AS/ES/WS 2.1, 3.0 i386, 4.0* </li></ul><ul><li>SUSE – 8, 8 Enterprise Server 9, 9.1, 9.3, 10*, Enterprise Desktop 10* </li></ul><ul><li>Solaris – 8, 9 & 10 (sparc) </li></ul><ul><li>AIX – 5.1, 5.2, 5.3 </li></ul><ul><li>HP-UX – 11i (11.11 PA-RISC), 11.23 </li></ul><ul><li>Mac OS X – 10.3, 10.4 (ppc and Intel) </li></ul><ul><li>* version also supports 64-bit in 32-bit compatibility mode for Intel EM64T and AMD64 architectures </li></ul>
    27. 27. Non-Windows Collections <ul><li>QMX for SMS installs non-Windows Collections for support OS Platforms </li></ul><ul><li>Collections can be created, modified or deleted based on your needs </li></ul><ul><li>The QMX for SMS clients are SMS Advanced clients for Unix </li></ul>
    28. 28. Extending System Center Configuration Manager 2007 <ul><li>Natively extend Configuration Manager 2007 to Unix, Linux and Mac OS X </li></ul><ul><ul><li>Support new User Interface including task menus and Wizards </li></ul></ul><ul><ul><li>Integrate with new infrastructure </li></ul></ul><ul><li>Extend CM functionality (end of 2007) </li></ul><ul><ul><li>Hardware and Software Inventory </li></ul></ul><ul><ul><li>Software Distribution </li></ul></ul><ul><ul><li>Metering </li></ul></ul><ul><ul><li>Remote Tools </li></ul></ul><ul><ul><li>System Discovery </li></ul></ul><ul><ul><li>Client Deployment </li></ul></ul><ul><ul><li>Leverage core functionality </li></ul></ul><ul><ul><ul><li>Resource Explorer </li></ul></ul></ul><ul><ul><ul><li>Reporting </li></ul></ul></ul><ul><li>Add New Functionality (throughout 2008) </li></ul><ul><ul><li>Software Updates / Patch Management </li></ul></ul><ul><ul><li>Desired Configuration Management </li></ul></ul>
    29. 29. Next Steps……….. <ul><li>Visit: </li></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Download and evaluate the software </li></ul></ul><ul><ul><li>THANK YOU FOR YOUR TIME!! </li></ul></ul>