SecureLogin Solution for Hospital Environments

Keith LewisNovell ConsultantNovell, Inc.

Troy DrewryProtocom ConsultantProtocom

© March 9, 2004 Novell Inc.2

one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.

The one Net vision

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.3

The one Net vision

Novell Ngage services provides real-world experience from consultants around the world. Novell's service professionals make sure every Novell solution you implement is based on best practices, customized to meet your needs, and capable of delivering the highest possible return on investment.

Novell NgageSM

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.4

Session Rules

The success of this session depends upon audience participation. Your best opportunity to learn is to be involved.

Questions should be asked when the subject matter is being covered or at the end of the session.

Questions should be related to lesson being discussed. Other questions can be handled after the session is complete.

© March 9, 2004 Novell Inc.5

Session Overview

Common issues in hospital environments that inhibit the implementation of a single sign-on solution.

Discuss how SecureLogin can be used alone or with other products to provide solutions.

Provide demonstrations of some of the solution discussed.

Q & A

© March 9, 2004 Novell Inc.6

What is a Complete Solution?

A solution that provides capabilities in a wide range of environmental and work-flow conditions.

A customizable solution that has options.

A secure solution.

A solution that you can actually implement within a reasonable timeline and budget.

A solution that you can maintain.

A solution that adheres to current and is customizable for future HIPAA requirements.

© March 9, 2004 Novell Inc.7

Factors Inhibiting a Complete Solution

Ambiguous requirements.

Lack of situational knowledge.

Project Personnel availability.

Infrastructure requirements.

Budgetary concerns.

Corporate Climate.

© March 9, 2004 Novell Inc.8

To Build a Complete SecureLogin Solution One Must Consider

The Applications (Authentication Methods, Access Points and their use)

The Solution Distribution Method

Existing or New Password Policies

The User Environment

OS and Platforms

Current and Future HIPAA Regulations

Help Desk Training

User Training

Solution Documentation

Ongoing Maintenance

Can SecureLogin Alone Be a Complete Solution?

© March 9, 2004 Novell Inc.10

What SecureLogin brings to the table

Infrastructure Flexibility• Integrates with Novell® eDirectory™ and NDS®

• Integrates with Microsoft AD and MS Windows NT Domains• Integrates with NetScape iPlanet / SunOne directories• Integrates with any other LDAP v3+ compliant directory• NO additional infrastructure requirements• Support for mobile and disconnected users• Community (nursing) workstation support• Full Citrix and Microsoft Terminal Server capabilities• Microsoft Windows 9x, NT/2000 and XP workstation agents • Linux and hand-held agents in development

© March 9, 2004 Novell Inc.11

What SecureLogin brings to the tableContinued...Application Integration

• Microsoft Windows 16/32 bit support• Web HTML support• Terminal Emulator Support• Java support (Sun Java not that other company's junk!)• Advanced recognition and response features • Robust scripting language• Ability to run external scripts and applications• Capable of leveraging directory and environment

variables• Ability to share credentials with Novell Portal and iChain®

• Integrated SNMP auditing and reporting

© March 9, 2004 Novell Inc.12

Security• Utilizes 3Des to secure credentials, settings and scripts• Open SSL used in LDAP mode• Full NMAS integration• ‘Advanced Authentication’ support

– Biometrics devices– SmartCard readers– Tokens– Etc…

• Secondary Key for offline security• Integrates with OTP (One Time Password) for

mainframes• Integrates with SSPR (Self Service Password Reset)

What SecureLogin brings to the tableContinued...

© March 9, 2004 Novell Inc.13

A Complete SecureLogin Solution will include some or all of the following:

Securelogin

SecretStore

NMAS™

The NetWare® client

ZENWorks® or MSI

Advanced Authentication Devices

Special Securelogin utilities, DLLs and Configurations

Applicable HIPAA Regulations

© March 9, 2004 Novell Inc.15

Physical Safeguards

Required Safeguards• Workstation Use (164.310(b))• Workstation Security (164.310(c))

© March 9, 2004 Novell Inc.16

Technical Safeguards

Access Control - 164.312(a)(1)• Unique User Identification• Emergency Access Procedure

Person or Entity Authentication – 164.312(d)

How it WorksSome Quick Demos

© March 9, 2004 Novell Inc.18

Windows Applications

1 Identify the application in memory

2 Identify the active form

3 Provide the credentials

© March 9, 2004 Novell Inc.19

Web Applications

1 Identify Domain

2 Provide Credentials

3 Auto Submit

20

Terminal Emulation Applications

1 Create Tlaunch Configuration

2 Use Trigger/Response

3 Exit

Citrix SolutionOverview and Demos

© March 9, 2004 Novell Inc.22

An Overview – Citrix Configurations

Citrix MetaFrame v1.8+ Support

Citrix XP Support

Citrix NFuse Support

Citrix Servers with NetWare Client

Citrix Servers without NetWare Client

Published desktops

Published applications

Web portal applications

© March 9, 2004 Novell Inc.23

Citrix Desktops

1 SecureLogin Runs in the session startup

2 Connects to Directory

3 Provides Credentials

MS Terminal Serveror Citrix Farm

MS Terminal Server

or Citrix Farm

© March 9, 2004 Novell Inc.24

Citrix Published Application & Nfuse

1 The published application is started with SLLauncher

2 SecureLogin connects to the directory

3 Provides credentials

MS Terminal Serveror Citrix Farm

MS Terminal Serveror Citrix Farm

Citrix Demo

PDA SolutionDiscussion and Demo

© March 9, 2004 Novell Inc.27

PDA’s and SecureLogin

MS Terminal Serveror Citrix Farm

Required Components• Wireless Capability• Citrix ICA Client• for PocketPC

MS Terminal Serveror Citrix Farm

PDA Demo

Nursing Station SolutionOverview and Demonstration

© March 9, 2004 Novell Inc.30

A Complete SecureLogin Solutionfor a Nursing Station Might Use

The NetWare client

NMAS (SecureWorkstation)

ZENWorks

Biometrics

© March 9, 2004 Novell Inc.31

Factors Inhibiting a Complete Solution at a Nursing Station

Multiple people sharing a single desktop.

HIPAA Requiring that each user must have a unique login.

HIPAA requiring that the user authentication must time out after inactivity.

Another user accessing the workstation after the workstation is locked.

Authentication time.

© March 9, 2004 Novell Inc.32

The SecureLogin Complete Solutionin a Nursing Station

Provide Credentials for each user accessing the shared workstation.

Use NMAS and the Post Login Method Secure Workstation to lock or logoff the user after a specified period of inactivity.

Use the NetWare client version 4.9 and configure it to provide the user the force logoff command button.

Use ZENWorks to map drives and display applications only if the user has access to the applications if the login script is slowing authentication. (Java and VB scripts can also be used)

Nursing Station Demo

Other Solutions

© March 9, 2004 Novell Inc.35

Hospital Environmental Challenges?

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.