Secure Extended-Enterprise Collaborationdownload.microsoft.com/download/D/8/1/D813E355-3336-415A...>...

Secure Extended-Enterprise Collaboration

17 March 2009

Microsoft France seminar on

Extended Enterprise

Exostar Collaboration solutions for Aerospace & Defense

Jean-Paul Buu-Sao, Information System Architect

Email: [email protected]

Exostar Company Overview

Company Facts

> Headquartered in Herndon, VA, USA

> Founded in 2000 by aerospace and defense

industry leaders that shared a common

vision to reduce supply chain costs across

the entire industry

> Largest provider of multi-enterprise

collaboration services to the aerospace and

defense industry

> Industry leader in security and identity

management

Customer Adoption

> Customers include 85 of Top 100 Global

A&D companies

> Major customers include BAE Systems,

Boeing, Lockheed Martin, Raytheon,

Rolls-Royce, UK MOD and Northrop

Grumman

> 40,000 enabled trading partners with over

95,000 users of on-demand applications

> Integrated to hundreds of back office

systems

> 10M annual transactions valued at over

$40B in spend

Exostar enables secure information sharing, collaboration and business

process integration throughout the extended value chain

Copyright 2009 Exostar LLC. All Rights Reserved. For Public Distribution 2

Requirements for Extended Collaboration within the

A&D sector

• Extend key processes beyond enterprise boundaries:

> Product Design

> Procurement & Strategic sourcing

> Supply chain Planning & Execution

• Some key challenges that need to be addressed:

> Meet regulatory requirements (e.g. ITAR, EAR)

> Protect everyone‟s Intellectual Property

> Offer a flexible security model

> Enable suppliers regardless of their geographical

locations size or technical expertise


Detailed Requirements


• Identity and Access Management requirements:

> Distributed, yet compliant, Identity Management,

– Federated Identity Management, governed by the appropriate Policy Authorities and Identity Policies

> Access Management, based on:

– Compartmentalized access control across a multi-tenant environment (SAAS) that supports

– Role-based access,

– Multiple levels of authentication strength, and encryption,

– Full audit and non-repudiation

• Agility, flexibility, interoperability requirements:

> Flexible security model providing the right service level for each project/program

> Multiple identity federation protocols and single sign-on services

• Scalability, reliability, supportability

> Scalable Trust Fabric

> Company and users on-boarding process at global level


Solution: Exostar Trusted Workspace (1/2)

Hub Services

3rd Party

Applications

Exostar Identity Management Solutions

Customer Information CenterSupplier On-Boarding

Federated Identity ServiceHosted PKI Credential Service

Exostar Trusted Workspace

Exostar Applications

ForumPass4Hosted collaboration

Environment

IContactSecure email

enablement

S.C.PSupply Chain

Platform

SourcePassHosted eSourcing

Environment

3rd Party

Identity

Management

(DoD CAC)

Portal Services

Single Sign-OnHosted identity authentication

Partner Id. FederationId. Federation Service

Identities

Enterprise GatewayFederate Once

Identities Identities Identities Identities Identities Identities


Category Solutions Key point Benefits summary

Collaborative

applications

• ForumPass4, leveraging

Microsoft SharePoint 2007

• Microsoft Forefront

• Other applications

Delivered in a secure,

federated, SAAS

environment

Easy-to-use,

compatible with

desktop environment,

frees IT

Identity &

Access

Management

• Microsoft Active Directory

Federation Service (ADFS) 1.0

• End-to-end data confidentiality

• Ping Federate

• MS CA Server

• Exostar FIS/MAG/EAG

• Levels of security profile

• Multiple levels of Identity

Assurance

• Role-based access

• Single sign-on

• Multiple credential levels

Risk management, IP

Protection

Trust Fabric • PKI Trust Fabric

• Federation Trust Fabric

• Compliant with A&D policy

standards (TSCP)

• Scalable through

mechanisms of transitive

trust

• Global support for

Organization and user

registration, identity

proofing and credentialing

Compliance,

scalability

Solution: Exostar Trusted Workspace (2/2)

PKI Trust Fabric across the A&D industry

UK MoDUS DoD

Leveraging own certification authoritiesBuying individual certificates

Issuing Certificate

Authorities

Boeing Lockheed MartinExostar ARINCSITA

FBCA(Federal)

CBCA(Certipath)

NL MoD

Rolls-Royce BAE Systems

EADS / Airbus RaytheonCompanies Company

Northrop Finmeccanica

Companies CompanyCompanies CompanyCompany CompanyCompany CompanyCompany Company

Cross-certificationSAFE CA(Pharma)


Federated Identity Service - FIS: Overview

• Exostar managed credential issuance service providing PKI credentials for enterprises and trading partners

• Three levels of identity assurance> Rudimentary Assurance

– Software certificates which are issued based on organization sponsorship

> Medium Software Assurance Credential Assurance– Software certificates with in-person proofing– CertiPath Policy compliance

> Medium Hardware Credential Assurance – Hardware token, FIPS 1409-2 based, certificate– Third-party face-to-face identity proofing– CertiPath Policy compliance

• Full service enablement, training and support

• Commercially available



Core

Sensitiv

e

Restric

ted

Account

Management

Certificate

Management FP US

Core

Sensitiv

e

FP EU

Exostar Managed

Access Gateway

(MAG)

www. Single Authentication ApplicationsPortal Services

FIS

Self-Service Self-Service

Corporate / Public Network Exostar Trusted Workspace

Enterprise Access

Gateway

(EAG)

ForumPass4 – Access Architecture

ForumPass4 – Multiple levels of security


Restricted

Data

[CertiPath PKI Compliant]

RLOA

-Identity Federation Support

-End to End Encryption

-User Name and Password

-Sharepoint Access Controls

-SSL

Government

Specified

Military Grade

Security

Easy Access

UKR Compliance

Additional „Restricted Attribute‟, Credential Support

Advanced security policy enablement

Intellectual Property exchanges

2 Factor Authentication Requirements

Sensitive Data Exchange-share financial data

Compliance enablement-ITAR Sensitive data

Basic Team Collaboration-Simple File Sharing

Web Conferencing

Knowledge Sharing

Multi-partner workflow enabled business process


ForumPass4 – Supporting multiple profiles

ForumPass4 – some European case-studies

• BAES Submarines Solution> Management of the commodities for the “Astute” class attack submarine

> Reduced design approval time: from 12 months down to 3 (75% gain)

Source: Global Logistics & Supply Chain Strategies, 16 Dec 2008

• Rolls-Royce> Design of the “Trent 1000” engine for the Boeing 787

> Reduced design collaboration time: from 45 weeks down to 23 (48% gain)

Source: Aviation Week, 22 Sep 2008


ForumPass4 - Status


• 6,700 registered users (4301 EU, 2399 US)

• 246 companies are registered with ForumPass

Largest Users:

• Rolls-Royce

• BAE Systems

• Northrop Grumman

• Esterline

FP4 Addresses the Gaps in OOTB SharePoint identified by Forrester Research1. Identity and Access Control

2. Document Confidentiality (at rest and in motion)

3. Integrity (at rest and in motion)

Lessons learned (on MS products)


• SharePoint 2007 (MOSS) is an excellent foundation for collaborative capability> Excellent features set, scalability, reliability

> A&D organizations look very positively at PDM products that build on top of

MOSS (e.g. Siemens Teamcenter Community)

> Needed to make changes to make multitenant / multi enterprise

• We needed to enhance MOSS to meet defense business security requirements> Strengthen OBB security

> Desktop Integration not fully integrated with some ADFS scenarios (web-

based authentication)

> Need to introduce just-in-time provisioning (pick list, contact info)

> Roadmap includes fine-grained, claims-aware, access control

> Multiple authentication protocols (ADFS and Ping as Authentication front-

end to MOSS)

Secure Extended-Enterprise Collaborationdownload.microsoft.com/download/D/8/1/D813E355-3336-415A...>...

Documents

Transcript of Secure Extended-Enterprise Collaborationdownload.microsoft.com/download/D/8/1/D813E355-3336-415A...>...