C D H

C D H Novell SecureLogin

April 14, 2010

C D H Quick Facts

About Us • 20th Year

• Grand Rapids & Royal Oak

• 25 Staff

Approach • Vendor Agnostic

• Non-reseller

• Professional Services Only

Partnerships

• Microsoft Gold

• VMware Enterprise

• Cisco Premier

• Novell Platinum

• Citrix Silver

C D H

Infrastructure

Access & Identity Management

Expertise

Project Management

Collaboration

P

I

C

A

C D H AIM Team

Doug Brower Jason Cooper Greg Daly

Tim Allison Eric Inch Erik Gilreath

C D H Talks Tech C D H

C D H The Problem: Password

Proliferation

More and more applications requiring a password

C D H

jj122johnnyj294

********johnnyjohnjohn

jjohnson077

johnny_thegolfer413

johnmeister_192

******

**************************************************************** ****************

bigjohn_92

jjohnson077************

jjj_021john_Johnson_45**** ****

st.john_140

Users have too many credentials to remember

More and more applications requiring a password

The Problem: Password Proliferation

C D H

jj122johnnyj294

********johnnyjohnjohn

jjohnson077

johnny_thegolfer413

johnmeister_192

******

**************************************************************** ****************

bigjohn_92

jjohnson077************

jjj_021john_Johnson_45**** ****

st.john_140

Users have too many credentials to remember

Do they write them down? What about security?

More and more applications requiring a password

How many

passwords

do you have?

The Problem: Password Proliferation

C D H

Productivity

The helpdesk spends too much time on password resets, while end users sit idle.

jj122johnnyj294

********johnnyjohnjohn

jjohnson077

johnny_thegolfer413

johnmeister_192

******

**************************************************************** ****************

bigjohn_92

jjohnson077************

jjj_021john_Johnson_45**** ****

st.john_140

Users have too many credentials to remember

Write them down? What about security?

More and more applications requiring a password

How many

passwords

do you have?

The Problem: Password Proliferation

C D H Challenges

• How many passwords do your users have to remember?

• How much does it cost when a user forgets his/her password?

• What mission-critical projects should your helpdesk be focusing on?

• How long does it take to reset a lost or forgotten password?

• How long do your users sit idle waiting for a password reset?

• Are your users writing down their passwords?

C D H

Percent of password-related

helpdesk calls

Data: Leading Analyst Firms

25%-35%

Productivity Impact

C D H

Average cost to reset passwords

$10-25 per call

Cost Impact

C D H Security Impact

C D H What Can We Do About It?

C D H

• Enable single sign-on to Windows*, Web, Java*, terminal and enterprise applications

• Enhance security with strong

passwords and advanced

authentication

• Improve end-user and IT productivity

• Reduce costs related to password

resets

• Leverage your existing IT

investments

• Support regulatory compliance

efforts

• Deliver a quick win

Novell® SecureLogin

C D H What It’s Not…

NSL <> IdM

C D H Novell® SecureLogin Architecture Directory-enabled Architecture Strengths

• Works seamlessly with your directory infrastructure • Novell eDirectory™

• Microsoft Active Directory

• Any v3-compliant LDAP directory

• Minimal changes to the directory schema

• Prevents single point of failure in your deployment

• Users can log in to any network computer and realize the SSO experience

• Users can login and logout quickly

• Users can work in disconnected mode and still leverage SSO for logging into applications

C D H Novell® SecureLogin Architecture Novell eDirectory™

SSO

+

+

Shared

Desktop

DAS

Strong

Authentication Novell Client

Enterprise

Desktop

Terminal

Services

Novell

SecureLogin

Enterprise Systems

Application A

Application B

Application C

SecretStore Novell

eDirectory

Audit

Server

Report

Database

Optional Add-on

C D H Novell® SecureLogin Architecture Microsoft Active Directory

SSO

+

Shared

Desktop

DAS

MS Client

Enterprise

Desktop

Terminal

Services

Novell

SecureLogin

Enterprise Systems

Application A

Application B

Application C

Active

Directory

Audit

Server

Report

Database

Optional Add-on

+ Smart Card

Authentication

C D H Novell® SecureLogin Architecture Other LDAP Directories

SSO

+

Shared

Desktop

DAS

MS Client

Enterprise

Desktop

Terminal

Services

Novell

SecureLogin

Application A

Application B

Application C

LDAP V3

Directory

Audit

Server

Report

Database

Optional Add-on

Enterprise Systems

C D H Key Features

• Simple user interface

• Market-leading integration wizard reduces implementation time

• Out-of-the-box support for dozens of applications

• Consistent user experience, whether users are online or offline

• Supports multi-factor authentication

• Secure shared workstation support

• Detect Windows applications that open before Novell® SecureLogin

• Fault tolerance to ensure that network downtime doesn't affect SSO performance

• Flexibility to do more than just single sign-on

C D H How it Works Capture and Replay

• Novell SecureLogin captures and securely stores user credentials

• SecureLogin passes credentials to the target application on behalf of the user

• Passwords are not synchronized

• No changes to the application are required

• Supports a broad range of applications – Windows

– Web

– Java

– Citrix/ Terminal Servers

– Host-based/ Terminal Emulators

C D H Integration Wizard Initial Login

• Recognizes when a login

prompt is presented —

even if the application

opens before

SecureLogin

• Prompts administrator

with options for SSO-

enabling the application

C D H Integration Wizard Credential Source

• Allows administrator

to specify the

credential source

– Application's own

credential set

– Credentials from

another source

(network login or a

related application)

C D H Integration Wizard Identify Fields

• Identifies the login

fields

C D H Integration Wizard Identify Fields

• Identifies the login

fields

– Username

– Password

• Allows customization

of login prompt

C D H Integration Wizard Identify Fields

• Identifies the login

fields

– Username

– Password

• Shows which fields

will be populated

C D H Integration Wizard Re-authentication

• Allows administrators

to require additional

authentication before

SecureLogin injects

the user's credentials

C D H Integration Wizard Submit Options

• Allows the user or

SecureLogin to

submit the credentials

C D H Integration Wizard Submit Options

• Allows the user or

SecureLogin to

submit the credentials

• Identifies the ―submit‖

button

C D H Integration Wizard Matching Criteria

• Helps SecureLogin

identify the

appropriate login

screen

• If two login screens

look the same,

defining matching

rules will distinguish

them

C D H

C D H Case Studies

C D H Case Study #1

Hospital Setting

• Prox card reader

• Custom PIN login

• Password Synchronization (where

possible)

C D H Case Study #2

Level 1 Trauma Center

• Prox card reader

• Custom Password Request Authentication

• Auto-launch key EMR application

• Quick & Secure Login Functionality

C D H Case Study #3

Law Firm Setting

• User password authentication

• Password Synchronization (where possible)

• Custom Context Management solution – Monitor OCS client and prompt on incoming

call

– Auto-launch document management system with latest case notes

– Auto-launch accounts receivable

C D H Case Study #4

Hospital Setting

• User password authentication

• Auto-launch key EMR application

• Quick & Secure Login Functionality

• Password Synchronization (where

possible)

• Custom Context Management solution

C D H Oaklawn Hospital

• Reason for NSL – Generic accounts

– Compliance and privacy concerns

• Implementation Plan – Phased approach

• Phase 1 – SSO enabled 6 key applications

– Deployed to clinical areas

– Quick logon/logoff

– Created new eDirectory accounts for all staff

– Password Self Service

– Education was key

C D H Oaklawn Hospital

• Phase 2

– SSO enabled an additional 10 applications

– Context Management

• From iMed to GE PACS

• From iMed to MUSE

– Added admin workstations

– Upgraded the NSL Client

• Phase 3 (not started)

– Add support for Prox card reader

– SSO to enable additional applications

C D H Novell® SecureLogin

Strengths

• Mature and proven technology

• Delivers the markets most comprehensive

integration wizard

• Handles much more than just passwords

• Centrally managed and administered

• No extra hardware required

C D H Novell® SecureLogin

Strengths

• Choice of strong authentication devices

• Supports LAN, Web, thin client, VPN or

mobile users

• No application changes or modules

required on application servers

• True interoperability

• Non-intrusive, rapid deployment

C D H Novell® SecureLogin Strengths Improving Security

• Can be configured such that users never know their user ID and password for their applications

• Users only have to remember one password which means you can implement a stronger base password policy

• SecureLogin eliminates the need to write down passwords

• Can be configured to bring advanced authentication to every application

C D H Novell® SecureLogin Strengths Improving Security

• Allows you to apply strong password policy

for each application

– Unique passwords

– Special characters

– Alpha numeric

– Minimum and maximum characters

– Repeating characters

– Length

• Even if the application is not policy

enabled

C D H Novell® SecureLogin Strengths Improving Security

• Protection against the rogue administrator – When a user’s eDirectory™ password is reset,

access to the application secrets are locked

– The user must provide a passphrase answer to gain access to the secrets (or SecretStore™ administrator can unlock passwords)

– If an administrator tried to copy a user's secret to another user object, the secrets are locked

– Credentials are encrypted with 168-bit 3DES encryption with a unique key for each credential

C D H Eliminate Bad Habits

• Eliminates writing down passwords – End users only remember their main directory credentials

– Strong authentication can completely eliminate passwords

• Eliminates account sharing – End users don’t need to know passwords to back end

systems

– Increases traceability and accountability

• Eliminates weak passwords – Password policies can be applied to all applications

– Different systems can have different policies

• Eliminates password-related calls to the helpdesk – Helpdesk doesn't need password-reset rights to sensitive

applications

C D H

Lower costs by reducing password-related calls to the

helpdesk

Mitigate security risks by strengthening passwords and

password policies, and by eliminating security loopholes

Support compliance with government and industry

regulations, and internal policies

Increase productivity by allowing IT and end users to focus

on more strategic projects rather than worrying about

passwords

Leverage existing investments through tight integration

and interoperability

Benefits

C D H

Royal Oak 306 S. Washington Ave.

Suite 212

Royal Oak, MI 48067

p: (248) 546-1800

Thank You

Grand Rapids 15 Ionia SW

Suite 270

Grand Rapids, MI 49503

p: (616) 776-1600

(c) C/D/H 2007. All rights reserved www.cdh.com