Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed...

16
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell® Privileged User Manager Securely Managing Super User Access

Transcript of Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed...

Page 1: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

Technical White PaperIDENTITY AND SECURITY

www.novell.com

Novell® Privileged User ManagerSecurely Managing Super User Access

Novell Logo1 The registered trademark, ®,

appears to the right and on thesame baseline as the Logo.

Minimum Size RequirementsThe Novell Logo should NOT beprinted smaller than 3 picas(0.5 inches or 12.5 mm) in width.

Clear-space Requirements2 Allow a clean visual separation

of the Logo from all other elements.The height of the "N" is themeasurement for the minimumclear-space requirements aroundthe Logo. This space is flat andunpatterned, free of other designelements and clear from the edgeof the page.

3 picas(0.5 in)

(12.5 mm)

21 3

3

Page 2: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive
Page 3: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 1

Novell Privileged User Manager

Table of Contents: 2 . . . . . Novell Privileged User Manager: Securely Managing Super User Access

2 . . . . . How Novell Privileged User Manager Works

3. . . . . . Novell Privileged User Manager Key Differentiators and Features

3 . . . . . Novell Privileged User Manager Framework

6. . . . . . Summary of Privileged User Management Workflow

10 . . . . . Built-in Failover Scenario

12 . . . . . Conclusion

13 . . . . . Frequently Asked Questions

Page 4: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 2

Many organizations rely on their Linux* and UNIX* systems to run mission-critical services and applications. However, controlling who has access to these systems can be extremely difficult, especially when multiple users (i.e., IT administrators, application developers and database administrators) all have full super user rights to root accounts. Since most of these users only need limited access to perform specific functions that require super user privileges, organizations needlessly leave themselves open to security risks and stiff regulatory penalties.

To mitigate these risks, Novell Privileged User Manager helps organizations control access to super user and root privileges by giving administrators controlled super user access that enables them to perform their jobs, but without needlessly giving them root account credentials. Instead, it delegates privileged access through a centrally managed database that can authorize users to run privileged com-mands, while logging their keyboard activity.

As a result, Novell Privileged User Manager enables organizations to:

Minimize security vulnerabilities by eliminating the need to grant root access

Improve risk identification through central management and logging of administrative activity

Facilitate compliance efforts by providing full control of the audit process

How Novell Privileged User Manager WorksWith Novell Privileged User Manager, organizations can limit their susceptibility to unauthorized transactions and information access, and simplify the process of proving

compliance. The solution accomplishes this through the following three main phases of operation:

1. Command interception and analysis2. Policy control, authorization and alerting3. Auditing

Command Interception and Analysis

Novell Privileged User Manager sits between the user and the operating system, intercept-ing typed commands and sending them to a central authorization database for approval. According to policy, it can record single com-mands or entire user sessions. It extracts full keystroke data, storing it in secure, redundant databases. The collected commands are automatically analyzed and graded according to activity risk level.

Policy Control, Authorization and Alerting

Whether or not a command executes depends entirely on the policies defined by the organ-ization. Novell Privileged User Manager provides an intuitive, graphical inter face that allows organizations to create granular controls that govern command authorization based on the context of who the user is, what the command is, where it’s being executed, and when it’s being executed. The policies also provide separation-of-duty verification and accountability of user actions.

If Novell Privileged User Manager determines by policy that a command should be autho-rized, the command is remotely executed on the target machine under a privileged account’s credentials, such as root. It can also provide real-time alerts of any anomalies or command attempts that don’t adhere to

Novell® Privileged User Manager: Securely Managing Super User Access

Page 5: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 3

Novell Privileged User Manager www.novell.com

policy. Additionally, the solution can log all keystroke command activity to distributed databases, based on policy.

Auditing

Novell Privileged User Manager utilizes business-defined rules to pull filtered log events into its Compliance Auditor according to preset risk criteria. It automatically alerts managers via e-mail of any activities that require internal auditing and sign-off. The solution performs audits using an intuitive, color-coded interface, enabling the fast iden-tification of high-risk commands. It provides for the review of any suspicious activities, and if sanctioned by the organization’s manage-ment, electronically signs them as authorized.

Novell Privileged User Manager Key Differentiators and Features

Novell Privileged User Manager differentiates itself from competing solutions by enabling proactive compliance that enables security “due diligence” with full command-risk analy-sis. It’s built on top of a scalable framework architecture that can support thousands of hosts per framework, with built-in high avail-ability and load balancing. It delivers color-coded risk analysis that highlights harmful activity, as well as comprehensive and fast forensics analysis with searchable user activ-ity and log file management. It employs auto failover to eliminate downtime even during product updates. Novell Privileged User Manager also offers a higher ROI by lowering overall administration and audit efforts.

By taking advantage of Novell Privileged User Manager, organizations can also:

Enable administrators to perform required tasks under their own user account without requiring them to log on as root.

Eliminate the need to distribute privileged passwords or grant root access

Restrict command line access to applications by users, groups, hosts, time, day and date

Give managers a fast, easy way to evaluate, and sign-off on user activity

Automatically audit every administrative action back to the logged on user, including high-risk activities

Leverage color-coded risk analysis to drive the auditor directly to keystroke sessions that contain typed commands that could pose higher levels of risk.

Easily create and granularly manage policies for user privileges

View reports to validate that correct procedures and operational due diligence has been carried out by the organization

Centrally manage all aspects of the solution, including deployment, configuration, security policies, and keystroke auditing

Novell Privileged User Manager Framework

Novell Privileged User Manager is built on a secure, modular framework architecture that enables central management of the solution, while facilitating workload distribution, plug-and-play functionality and scalability. The framework provides secure communication between its various components, as well as integrated database and logging services. The following four main components make up the Privileged User Manager architecture:

Framework Manager Modules Command Control Agent Management Interface and Administration

The modular and distributive nature of the Novell Privileged User Manager architecture provides organizations a robust and scal-able solution for real-time actionable risk management. Its built-in redundancy enables 100-percent availability of service. It provides centralized management of security policies

Page 6: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 4

across multiple sites, regardless of the under-lying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive audit capabili-ties for complete compliance management and forensic analysis.

Framework

The framework for Novell Privileged User Manager provides the centralized services and administration for the solution and its various modules. The framework is designed to allow different manager modules and agents to be deployed within the framework. It provides a centralized registry enabling ser-vices and administration of the entire frame-work from any single point on the enterprise network. The framework handles distribution of components, acts as a certificate author-ity, and ensures communication between the solution’s various components.

When deploying a framework on a Novell Privileged User Manager host, the following common agents will be installed:

Registry Agent—Provides a locally cached lookup for module locations. The Registry Agent queries the Registry Manager when locally cached information is not available or isn’t fresh.

Distribution Agent—Provides the interface to control the installation and removal of the packages in the framework. It has methods to install, remove and list available or updatable packages. The Distribution Agent receives instructions from the package manager.

Store and Forward Agent—Provides a store and forward mechanism for guaranteed delivery of messages. It offloads the distribution of messages from the different solution components, such as the Command Control Manager and Command Control Agent.

Figure 1. Novell Privileged User Manager Framework

Page 7: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 5

Novell Privileged User Manager www.novell.com

Manager ModulesThe manager modules in Novell Privileged User Manager comprise a collection of mod-ules that can be plugged into the framework to provide a variety of different services and capabilities. Manager modules can be distri-buted onto different framework hosts to provide load balancing and fail-over for the framework. If multiple occurrences of the same type of managers exist on the same framework host, they will operate in primary/backup roles.

The following make up the main manager modules:

Command Control Manager—The Command Control Manager is a policy database. According to policy, it enables organizations to manage what, where, when and who can run Linux or UNIX privileged commands on hosts registered with the Novell Privileged User Manager framework. It’s the policy decision point in the solution, determining whether or not a user command will be allowed to execute. Multiple Command Control Manager modules can be deployed within an enterprise to authorize and manage command execution requests from Command Control Agents.

Audit Manager—The Audit Manager consists of a collection of databases that act as repositories for auditing information collected by the framework. It contains a history of the events and keystrokes that occur on the user clients in the system. One or more Audit Manager modules can be strategically placed within a given architecture to store the back-end databases used for the storage and retrieval of session data.

Registry Manager—Maintains a database of all framework hosts and modules. It provides certificate based registration features for the hosts.

Access Manager—Maintains a list of framework user accounts and provides authentication services for the solution.

Package Manager—Manages a repository for the different modules and components in the solution.

Command Control Agent

The Command Control Agent is deployed on every Linux or UNIX client where user com-mands are to be controlled, providing both a client and remote execution functionality. The Command Control Agent obtains command execution approval from the Command Control Manager. It is the solution’s policy enforcement point, authorizing or denying the execution of commands based on decisions made by the Command Control Manager.

Additionally, the Command Control Agent includes a fully integrated UNIX shell that performs complete session logging. The agent sends its collected audit information to the Audit Manager.

To provide command control on the client end, the Command Control Agent provides a number of shells and functions, including the command control shells rush and crush, based on the ksh shell structure. These shells and functions provide multiple options for integrating command control into Linux and UNIX environments, including the following:

Simple Scripts, Aliases, and Functions—Integrates the command control client rush by implementing shell scripts executed by users to carry out specific privileged tasks.

Using usrun before a Command—Typing usrun before any command automatically passes it to the Command Control Manager for authorization, providing command delegation. This requires that command control rules be defined to control authori-zation of the commands for the various users.

Complete Session Command Control Using rush—Complete session command control can be provided using the rush client by either typing usrun rush at the start of the session, which substantiates

Page 8: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 6

a shell with attributes as defined by the security policy.

Complete Session Capture Using crush—Complete session command control can be provided using the crush client by changing the user’s logon shell to the crush client.

Session Auditing—The rush and crush clients can audit every session command that the users type, whether they’re run locally or are authorized by the Command Control Manager. Commands built in to the users’ shells are audited, and if the crush shell is used, these commands are included in the session capture data.

Restricted Session Control—The solution provides a completely locked down shell using rrush, which doesn’t allow users to execute any commands without explicit authorization.

Management Interface and Administration

The Novell Privileged User Manager modules, agents and policies are administered through the browser-based framework console. When the solution is deployed, an administration module is automatically installed that contains a built in Web server, which provides access to the solution’s administration interface that enables the configuration and management of the various aspects of the solution.

The management interface includes a command control console that enables the configuration of all privileged user manage-ment policies. From within the command control console, sample libraries of policy objects can be simply dragged and dropped to build powerful, yet visually easy to under-stand, security rules. For example, dragging a trigger object, such as a user group or commands, into a rule can determine whether a submitted command will be authorized to run.

The interface also includes a compliance auditor console to facilitate the analysis of

events. It provides a proactive auditing tool that can pull events from the event logs, according to predefined rules. It color-codes each event record according to risk level to make it easy for administrators to visually identify items that need immediate attention. It utilizes context-sensitive menus to provide access to rules that pull events for analysis, as well as to automate workflow e-mail management.

Additionally, command control events can be tagged to a specific audit group to ensure that users can only view events appropriate to their role. The interface also provides reporting capabilities to enable organizations to easily access and search event logs, and review user keystroke activity.

Through the management interface organiza-tions can centrally manage the installation and updating of the solution’s different components deployed on the different hosts distributed throughout their environment. It includes an offline repository that contains applica-tion modules that are stored and ready for deployment to any host. With a single click, administrators can check for online updates and push out updated modules to its hosts.

Through the centralized console organizations can receive alerts and configure load-balancing and redundancy of the solution’s distributed components. The administration interface also provides the management of the users that log onto the administrative console. Lever-aging granular role-based access control mechanisms, it enables organizations to gov-ern which user groups can access specific consoles and perform specific tasks.

Summary of Privileged User Management WorkflowNovell Privileged User Manager delivers an end-to-end compliance workflow process that moves from user command enablement to entitlement, and to compliance-management reporting.

Page 9: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 7

Novell Privileged User Manager www.novell.com

1. In the first stage of the workflow, a user enters a command that is intercepted, authorized, and executed by Command Control.

2. In the second stage, metadata is injected into the session record that enables it to be easily identified for audit purposes and accessed by authorized managers.

3. In the third phase, the Compliance Auditor uses its set of rules to extract copies of event records and keystroke activity from the audit log, and then places them into

the Compliance Auditor database to await sign-off.

4. In the fourth phase, an e-mail listing the number of events that are waiting for approval is automatically generated each evening and sent to the appropriate managers.

5. In the fifth and final phase of the workflow, an IT manager can log into the Compliance Auditor and leverage its analysis tools to examine activity and electronically authorize records with a click of a button.

Figure 2. Novell Privileged User Manager Process Workflow

Command Authorization Process

The Command Control Agent module provides two distinct services. The first service is the Command Control Client (known as “Rush” or “usrun”). The second is the Remote Execution Service (known as “rune”). Rune allows commands to be run from a remote source. These services play an integral role in the steps that make up the command authorization process.

Page 10: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 8

Although there are a number of different client mechanisms and usage scenarios that can be involved in the command authorization process, the root delegation administration in Novell Privileged User Management generally follows three basic steps:

1. Client Request Initiation2. Command Control Authorization3. Remote Execution

Client Request InitiationA command control request can be initiated using either of the following two methods:

Using the Novell Privileged User Manager “usrun” script

Running a command in “rush” with the “set –o remote” option asserted

Figure 3. Client Request Initiation

Rush is an implementation of a Korn Shell (pdksh, POSIX Standard ’88), with extensions that provide command control functionality in Novell Privileged User Manager. When Rush is started, it runs setuid root, so that it can read certificates from the Novell Privileged User Manager certificate store. For security purposes, once caching is completed, the shell changes its uid back to the normal user. It then continues to run as a normal shell, waiting for commands and executing them at the user’s request.

When a command is executed and the “set –o remote” is asserted, it forks (as if it were going to execute a normal command/executable). It then reads the current process environment, including the uid, groups, current working directory, /etc/passwd entry, terminal settings and environment variables. The Rush shell next looks up the address of the Command Control Manager for authorization of the command.

Page 11: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 9

Novell Privileged User Manager www.novell.com

When seeking authorization, it starts at the most local manager and initiates a TCP/IP connection to it. If the manager is slow or can’t be contacted, it will initiate a connection to the next on the list, and so on. Once it has successfully made contact with the Command Control Manager, and SSL has successfully authenticated and encrypted the session, Rush will send the accumulated session data to the Command Control Manager.

The Command Control Manager will process its rules to check whether the command is allowed to run, and make any re-writes to the session data. The rush shell receives the signed data from the Command Control Manager, and if the command is authorized, it will look up the remote host address and contact the remote host.

The client rush process then goes into a loop looking for input/output and signals

(i.e., SIGWINCH) that are relayed to and from the local session tty (or piped command) and the remote process.

Command Control Authorization

For command control authorization, the Command Control Client contacts the Command Control Manager. Once it has been authorized using SSL, it passes on the details of the process, user and terminal set-tings of the requesting session. The Command Control Manager engages its policy database to access policy rules and attributes. These rules look for matches between the client session data and the policy attributes. Once the policy is matched to the session data, the data can be changed and the command authorized or denied. This is then signed by the Command Control Manager, audited and then passed back to the Command Control Client.

Figure 4. Command Control Authorization

Page 12: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 10

Remote Execution

If the command is authorized, the Command Control Client (rush) will contact the Remote Execution Service (rune) on the remote host. It transmits the signed data to rune, which will then check its authenticity and will allocate a local pseudo-terminal (pty) if required, daemonize, set up the process environment, and execute the process. All data through the

pty is read by rune, audited (if the session is marked for Session Capture), and passed to rush. Once the process has completed, or if a message is received from the client to terminate the session, rune will make sure the process has finished. If necessary, rune will terminate any remaining children. Finally, it will then audit the completion of the session and terminate itself.

Figure 5. Remote Execution

Built-in Failover ScenarioDowntime in any environment can be extremely costly, especially when users rely on the avail-ability of a security mechanism to perform their jobs. The modular nature of the Novell Privileged User Manager architectural framework has built-in redundancies that that can practically deliver 100 percent uptime through failover and load balancing of mission critical components.

Page 13: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 11

Novell Privileged User Manager www.novell.com

Normal Operation

The various components in Novell Privileged User Manager, such as the Command Control Agent, send all communications through a local Store and Forward Agent (see Figure 5). This agent acts likes a postal service that takes the responsibility to ensure that messages get delivered to the fastest responding manager.

Figure 6. Normal Communications between Agent and Manager

1. The Command Control Agent passes a message to its local Store and Forward Agent for delivery to a Command Control Manager.

2. Utilizing information provided by the Reg-istry Client, the agent’s Store and Forward Agent sends the message to the most appropriate Command Control Manager.

3. The Command Control Manager passes back its response through its local Store and Forward Agent to deliver it back to the Command Control Agent.

4. The Manager’s Store and Forward Agent delivers the message directly back to the Command Control Agent.

Failover Operation

When the most appropriate manager resource is not available, such as a Command Control Manager, the local Store and Forward Agent determines which backup manager the mes sage should be delivered to instead (see Figure 6). It makes this decision based upon current information provided by the Registry Client.

Page 14: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 12

1. The Command Control agent passes a message to its local Store and Forward Agent for delivery to a Command Control Manager.

2. The Store and Forward Agent tries to deliver the message to the most appropriate Command Control Manager, but the attempt fails.

3. The Store and Forward Agent requests the location of the nearest backup Command Control Manager from the Registry Client. The Registry Client contains an updated map of available resources that are main-tained centrally by a Registry Manager.

4. The Store and Forward Agent delivers the message to the backup Command Control Manager.

5. The backup Command Control Manager passes the message to its local Store and Forward Agent for delivery back to the Command Control Agent.

6. The backup manager’s Store and Forward Agent delivers messages directly back to the Command Control Agent.

ConclusionAs a component of Novell Compliance Management solutions, Novell Privileged User Manager helps IT administrators manage the identity and access of superuser and root accounts by controlling access to Linux and UNIX systems. It allows IT administrators to perform jobs without needlessly exposing root account credentials, while providing a centralized log of all activity down to the keystroke level. With Novell Privileged User Manager, organizations can limit their sus-ceptibility to unauthorized transactions and information access, and simplify the process of proving compliance.

Figure 7. Failover Communications between Agent and Manager

Page 15: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

p. 13

Novell Privileged User Manager www.novell.com

Frequently Asked QuestionsCan audit data reside in multiple repositories?

Yes. More than one Audit Manager can be installed to an environment, providing backup, fail-over and security of collected information.

Does Novell Privileged User Manager provide change management for policy administration?

Yes, policy changes can be committed in batches and subsequently audited.

What mechanisms does Novell Privileged User Manager offer for testing (regression included)?

Novell Privileged User Manager has an inte-grated test suite that allows test cases to be defined, grouped and run. Detailed reports show expected and actual results with an analysis path to help pinpoint problem areas.

Does Novell Privileged User Manager provide risk analysis for captured events?

The analysis engine in Novell Privileged User Manager examines each entry at the CLI and runs it through a rule set that looks at the com-mand, the directory, the user and the host, to assign a numerical risk level for each line of stdin. This value can be filtered on in reports or displayed in the form of a color when auditing events or watching keystroke playback.

Does Novell Privileged User Manager use industry-standard languages or proprietary scripting to create rules/policies?

Yes and No. Novell Privileged User Manager policies are administered through its unique visual editor. Policy objects can be dragged and dropped into rules to create powerful privilege management controls with little or no programming knowledge required. However, additional scripting can be added to further enhance the capabilities and scope of the

rules using industry-standard languages such as Perl.

Does Novell Privileged User Manager store your backend data in databases or flat files?

Novell Privileged User Manager uses embedded SQLite replicated databases in the product to maximize performance and guarantee data integrity

What mechanisms does Novell Privileged User Manager employ to encrypt the backend data?

All configuration and event data is stored in embedded databases that can be individually encrypted.

Does Novell Privileged User Manager contain any built in load-balancing or redundant failover mechanisms?

Every manager component in Novell Privileged User Manager can be duplicated in the enter-prise to provide complete fail-over and load balancing. As soon as a manager is detected as offline, its closest backup immediately takes over. Groups of managers can load balance traffic within virtual domains. These domains can be nested such that traffic is redirected to components higher in the tree if all managers within a domain node are offline.

When deploying Novell Privileged User Manager, does it affect any incumbent solution?

Novell Privileged User Manager has a non-invasive footprint that provides seamless and parallel integration with competing solutions. Solutions can run alongside each other until such time that the existing product is turned off.

Does Novell Privileged User Manager have the capability to restrict users to just predefined commands or directories?

Absolutely. The Command Control client in Novell Privileged User Manager contains a

Page 16: Novell Privileged User Managerlying Linux or UNIX platforms. Its modular components can be deployed and updated through a central management console. The solution offers comprehensive

restricted shell that is initially locked down. Specific commands and directories can be assigned programmatically, through rules, to control what directories are available and what commands a user can execute.

What mechanisms does Novell Privileged User Manager provide to deploy and update its individual components once installed?

The Package Manager in Novell Privileged User Manager contains a local database of application modules that can be updated through an online / offline connection to the Novell update servers. All deployment and updating is performed using a central console. Hosts can be grouped into logical domains to isolate network traffic and man-age load balancing.

Does Novell Privileged User Manager provide automated report capabilities?

Novell Privileged User Manager can send automated daily e-mails to auditors with details on events that require their sign-off. Events that are not resolved within specific time periods can be automatically escalated.

Can Novell Privileged User Manager provide reports on user entitlement?

Entitlement reports showing separation of duty for users can be automatically gener-ated and sent out to managers. In the same way as auditing user event activity, managers

can log into the Compliance Auditor and electronically ‘sign-off’ the reports.

Are there any limits on the number of hosts which can be managed through a single set of policies?

No, through load balanced and redundant components, the Novell Privileged User Manager architecture can scale to thousands of hosts with no single points of failure or bottlenecks. This allows centralized man-agement of privileges across all supported platforms from a single management console and one set of rules.

Does Novell Privileged User Manager have to go offline when updating? What happens if a component fails?

The redundant framework architecture in Novell Privileged User Manager ensures that all functions of the product are fully operational, even when the product is being updated. Any module that goes offline can automatically failover to a backup compo-nent if so configured.

Are users able to bypass the security features in Novell Privileged User Manager by ‘shelling-out’ of an application running as a privileged account (e.g., ‘vi’)?

Novell Privileged User Manager runs its own secure version of applications, transparently to the user, to block security bypasses.

www.novell.com

Contact your local Novell Solutions Provider, or call Novell at:

1 800 714 3400 U.S./Canada1 801 861 1349 Worldwide1 801 861 8473 Facsimile

Novell, Inc.404 Wyman Street Waltham, MA 02451 USA

462-002126-001 | 06/09 | © 2009 Novell, Inc. All rights reserved. Novell, the Novell logo and the N logo are registered trademarks of Novell, Inc. in the United States and other countries.

*All third-party trademarks are the property of their respective owners.

Novell Logo1 The registered trademark, ®,

appears to the right and on thesame baseline as the Logo.

Minimum Size RequirementsThe Novell Logo should NOT beprinted smaller than 3 picas(0.5 inches or 12.5 mm) in width.

Clear-space Requirements2 Allow a clean visual separation

of the Logo from all other elements.The height of the "N" is themeasurement for the minimumclear-space requirements aroundthe Logo. This space is flat andunpatterned, free of other designelements and clear from the edgeof the page.

3 picas(0.5 in)

(12.5 mm)

21 3

3

Learn more about Novell Privileged User Manager by visiting:

www.novell.com/pum