IDM concepts
-
Upload
vtr-ravi-kumar -
Category
Documents
-
view
1.795 -
download
1
description
Transcript of IDM concepts
Sun Java™ System Identity ManagerInnovative Identity Management
Customer PresentationSun Microsystems
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 2
Business Imperatives
Identity management solutions must address multiple, conflicting business goals
ImproveAccess &Service
BecomeMore
Secure
ReduceCosts
Web Services
Extranets
Portals
DynamicUser Base
OperationsHelpDesk Development
Integration
CorporateGovernance
InternalThreats
ExternalThreats
LegalMandates
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 3
Sun Identity Management
ImproveAccess &Service
Fosters productivity, strong business relationships and increases revenue
● Single Sign-on improves service and ease of use
● Automated provisioning ensures rapid access to required resources
● Self-service account management and password reset
● Federation to enable trusted partnerships and new revenue opportunities
Lowers risk and ensures compliance with policies and mandates
● Automatic detection of potential risks such as dormant accounts
● Role- and rules-based access control to protect enterprise resources
● Centralized visibility and control across divisions and departments
● Enterprise-wide identity auditing and reporting
Improves operational efficiencies & bottom line results• Reduces administrative costs through automation, delegation and self-service
• Reduces total cost of ownership and speeds deployment times
• Reduces development and integration costs through open, integratable architecture
ImproveAccess &Service
BecomeMore
Secure
ReduceCosts
Sun Identity Management
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 4
Sun Identity Management
Identity ManagerDirectory Server
Enterprise Edition
Access Manager
● Comprehensive software portfolio that includes● Directory Services ● Access Control, Single Sign-on,
Federation● Provisioning and Meta-
Directory Services● Open and integratable to reduce
integration cost and complexity
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 5
Sun Identity Management Products
AccessManager
Federation
Single Sign-On
Access Control
IdentityManager
Synchronization Services
Password Management
User Provisioning
DirectoryServer EE
AD Sync Services
Security/Failover
Directory Services
Web-Based Administration
Audit & Reporting
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 6
Network Identity Architecture Template
Source: Burton Group Telebriefing, Enterprise Identity Mgmt, The Strategic Infrastructure Imperative
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 7
Sun Java System Identity Manager ● Automated user provisioning to
improve operational efficiency and enhance security
● Secure, automated password management to improve service levels and lower costs
● User self-service and delegated administration to lower support costs
● Automated data synchronization to lower workloads associated with handling change
● Non-invasive, flexible architecture to speed deployment and ROI
● Comprehensive auditing and reporting to improve security compliance
A comprehensive solution for managing identity profiles and permissions throughout the entire identity lifecycle
● Enhanced security
● Lowered costs● Improved
productivity
Add
Change
Delete
Business Drivers for Identity Management
The rising importance of Information SecuritySecurity audits: Operations must be able to demonstrate the ability to control, audit and report on what users have access to
Legislative compliance: HIPAA, Gramm-Leach-Bliley Act, Sarbanes Oxley, 21 CFR Part 11, European Data Protection Directive, etc.
The increasing amount of change in enterprise environments
Acquisitions, divestitures, reorganizations, workforce reductions
The growing need to control costs “Do more with Less”
Recurring charges for non-digital resources that were not de-provisioned
Spiraling help desk costs for password resets
Provisioning ChallengesFragmented, Manual and Insecure
Other Assets
Human Resources System
Call CenterFacilities/PurchasingHelp Desk
Siebel CRMOracle FinancialsExchange and Active Directory
Chargeable Assets
• Mobile phone/service
• Conference call account
• Credit card
• Office space
• Phone
• Laptop
FormerEmployees
Partners CustomersEmployees
• Where are my risks?
• Who should have access?
• Who does have access?
• What assets have been provided?
• How much does this cost?
Provisioning with Identity ManagerStreamlined, Automated and Secure
Approving Manager
FormerEmployees
Partners CustomersEmployees
HRSystem
Other AssetsSiebel CRMOracle FinancialsExchange and Active Directory
Chargeable Assets
• Mobile phone/service
• Conference call account
• Credit card
• Office space
• Phone
• Laptop
Reduced riskComplete view of user’s identity Efficient, automated operations
Identity Manager Capabilities
Automated user provisioning
Synchronization services
Auditing and reporting
Delegated administration
Password management
Cross platform support
Noninvasive, flexible architecture
Features and BenefitsSmart Forms
AutoDiscovery
Virtual Identity manager
Agentless Adapters
ActiveSync
Rules Engine
Dynamic Workflow
Centralized password policy management
Help desk integration
Pass-through authentication
Technical Architecture Diagram
Mainframe
Unix Systems
Directories
Custom Apps
Groupware
RDBMS
NT/ADS
Asset Database/Directory• Laptop Serial Number
• Office Number
• Mobile Service Plan
• Mobile Phone Model
Custom
JDBC
Servlet
• Conference Call Account
• Credit Card
Partner Web App
SOAP/XMLRPC
ADSI
3270
JNDI
LDAP/JDBC
SSH
RDBMS orLDAP Directory
LighthouseVirtual ID Store
JDBC/LDAP
Agent-less
Gateway
Agent
Approving Manager
Any WebBrowser
End UserSelf-Service
Any WebBrowser
HTTPS
SMTPHTTPS
J2EEApplication
Any App Server
HR
ExternalWorkflow
WSBPEL
AuthoritativeSource Adapters
JMAC/ABAP/JDBC
HelpDesk
TROUBLE TICKETCREATION
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 14
Identity Manager Resources
More than 50 out-of-the-boxConfigured with resource wizardsMost defined and tested in minutes
Types of resourcesMainframe security managersDatabasesDirectory ServicesApplicationsOperating SystemsERP SystemsMessaging platforms
Identity Manager Resource Adapter Types
Agentless connectivity
Easily intergrated in existing environments
Single maintenance point for upgrades
Eliminates most technical/political objections
Gateways where appropriate
Crossing OS/AIP boundaries
Follows platform interface requirementsProvides compatiblity over time using recommended APIs
Custom Adapters
Unusual or proprietary resources
The RDK is a clean and effcient approach
Lots of custom skeletons to reuse
Identity Manager Workflow Features
Management of complex business processesCapable of comples processes
Multi-step approvalsRobust notification frameworkSilent Directory data transformationsCan include digital and non-digital assets
Task persistence
Task recoveryAdminstrator queuesEscalation
Automatic network / resource error compensation with notification
Diverse execution models
Synchronous, concurrent or hybrid workflowsIndependent thread forked processesDeferred/scheduled processes to execute at present time
Identity Manager Virtual Identities
Lightweight
Real-time interaction with managed resources
Can modify operation of connected application NOW!
No complex replication infrastrucre
Ability to generate reports on native data in resources
Virtual Identity Composition
Identity Manager ID
Basic Information (name, email)
List of resources
Key information for each resource
Extendable
Identity Manager Synchronization
Multiple synchronization types to best fit a given resource
ActiveSync
Smart Polling
Event Listener
Full IDM workflow is availableExecute complex business logic
Approvals and notifications
Converting to and from flat data or nodal structures
Secondary system lookups
Reconciliation and Discovery
Bulk activity – Where batch process is needed.
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 19
Identity Manager Auditing & Reporting
Every action in Identity Manager is loggedStored in the IDM repositoryDiscrete entries for each activity
Allows for aggregate queriesExtendable, Ex: signed logging
Extended logging for compliance reporting
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 20
Identity Manager Auditing and Reporting (cont.)
Reporting typesUser and AdministratorSummary ReportsUsageRoleResource
Report output optionsAd-hocScheduledVisualFormatted for export
Risk analysis reportsWizard to create new reports
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 21
Identity Manager Interface Options
Zero footprint web based applicationsAdministrator interfaceEnd user self administration
SOAP/SPMLProvides standards based interfaceHTTP connectivity
Java API for custom applicationsConsole
ScriptableBulk process
IVR (legacy InnerVoice Bright)Business Process Editor (Java Swing)
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 22
Identity Manager Objects and Containers
UsersResources
Any external data managed by Identity ManagerRoles and resource groups
Contain multiple resourcesContain behaviorApply rules and policy
Organization and Virtual OrganizationsVirtual Organizations map to org structures in remote directories
Relationships between objects and containers
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 23
Identity Manager Delegated Administration
CapabilitiesDiscrete
Can be assigned to a user that perform only one function
N-level delegationCan be assigned from one administrator to another providing true n-level delegation
Administrators are createdGranular authority
Any user can be an administratorUser's administration privileges may be limited
To a specific capabilityIn a specific organization
Using the web interfacceUsing rules, forms or workflow
Technical Differentiators
Industry's first integrated Provisioning and Meta-directory solutionPatent-pending, noninvasive technology that enables rapid deployment and efficient ongoing management:
Auto-discoveryVirtual Identity ManagerAgent-less AdaptersActiveSyncRules EngineDynamic Workflow
Java System Identity ManagerCompetitive Chart
Microsoft NovellSun
Yes
Yes
Yes
via Silverstream
No
No
IBM
Limited
Limited
Yes
No
No
Integrated offering
noninvasive, flexible architecture
Delegated Administration
Workflow Capabilities
Cross Platform Support
Single Connector strategy
Yes NoNo Yes?
Yes
Yes
No
No No
No
Identity Manager Validation
“We've reduced the turnaround time on user requests for account changes such as additions and deletions by up to 50% and have been able to expand the responsibilities of the user registration group.” Rick Perry, Director of Enterprise Operations and Security, BNSF
“We selected Sun because of it's flexibility and scalability. They were able to address our self-service password management needs of today as well as provide a platform that can extend into full user provisioning in the future.” Manager Information Protection and Security
Customers