Web$Access$Managementin$the$Cloud:$$ ProblemSolved!€¦ · Web$Access$Managementin$the$Cloud:$$...
Transcript of Web$Access$Managementin$the$Cloud:$$ ProblemSolved!€¦ · Web$Access$Managementin$the$Cloud:$$...
Web Access Management in the Cloud: Problem Solved! Single Sign On, Session Management and how to use SiteMinder to protect applica7ons in the Cloud
2 www.idfconnect.com
Why is IDF Connect Right for your Enterprise?
Our CEO
Launched his engineering
career with fundamental
companies like IBM and
Netegrity -‐ where CA SSO
(formerly SiteMinder) was
developed, and he has
worked in IAM for almost
20 years.
01
Has helped implement the
largest rollouts at some of
the leading companies in
the world, solving the
most complex integraJon
challenges, bridging the
deepest technology to the
execuJve and boardroom. 02
And, for the last six years
he has been developing
SSO/Rest, a soluJon that is
approved of by fortune 50
companies, those of which
now possess true,
complete Web Access
Management in the Cloud
03
3 www.idfconnect.com
IIS
HTML5
XML
Cloud
CSS3
Proven Success with Large Enterprises
Seamless and Secure IntegraJon Fortune 50 retail company makes an acquisiJon, and has
seamlessly and securely integrated the new web apps with its
eCommerce portal, without having to bring the apps in-‐house
or creaJng a VPN to the new company
Successfully Moving .Net applicaJons to MicrosoT Azure Fortune 50 finance company successfully moves its .Net
applicaJons to MicrosoT Azure while preserving all of its SSO
integraJons, authenJcaJon and access policies, and audit
capabiliJes
js
PHP
Acquired Company Exis7ng Web Apps
.NET
.Net Applica7ons MicrosoC Azure
C#
eCommerce Portal
ASP.NET
4 www.idfconnect.com
The SituaLon
50+ applicaJons integrated with WAM infrastructure
MulJple user directories
MulJple Password policies
MulJple authenJcaJon mechanisms incl 2FA
A Common Quandary!
Constraints
NO new firewall ports
NO cloud-‐to-‐datacenter VPNs
NO syncing/pushing employee credenJals to the cloud
Key QuesLon How do we leverage our exisLng WAM infrastructure to handle plaQorms & applicaLons in the public cloud?
5 www.idfconnect.com
AuthenJcaJon Management
Access Control Enforcement
Single Sign On
Idle Session Timeout
Session Maximum Time-‐to-‐Live
Centralized Audit
Web Access Management
06 01
02
03 04
05
A Complete Web Access Management SoluLon
6 www.idfconnect.com
Centralized Audit
Centralized Audit
WAM Gaps in the Cloud
AuthenJcaJon Management
Access Control Enforcement
Single Sign On
Idle Session Timeout
Session Maximum Time-‐to-‐Live
01
03
06
Session Maximum Time-‐to-‐Live
Idle Session Timeout
Access Control Enforcement
02 Web Access Management (Gaps in the
Cloud)
04
05
7 www.idfconnect.com
Access Control Enforcement
Idle Session Timeout
Session Maximum Time-‐to-‐Live
Centralized Audit
Centralized Audit
WAM Gaps in the Cloud All Solved by SSO/Rest
AuthenJcaJon Management
Access Control Enforcement
Single Sign On
Idle Session Timeout
Session Maximum Time-‐to-‐Live
01
03
06
02 Web Access Management (Gaps in the
Cloud)
04
05
8 www.idfconnect.com
The SSO/Rest SoluLon
A
B
C
D
SSO/Rest combines exisJng
and emerging technologies to
extend the perimeter of your
WAM soluJon safely and
securely into your public Cloud
pla^orms
SSO/Rest!
Rest based-‐ lightweight
No firewall holes -‐ secure
Easy to use, handles latency, transparent….
Engineered to solve this problem
9 www.idfconnect.com
Server-‐side ApplicaJon IntegraJon
AJAX / Mobile / Thick Client ApplicaJon IntegraJon
ApplicaJons in the Cloud
WAM-‐as-‐a-‐Service
"Agent-‐less" Infrastructure
5 SSO/Rest Use Cases
SSO/Rest Solves Many Challenges
10 www.idfconnect.com
SSO/Rest SoluLon Architecture
Cloud App(s) SSO/Rest Gateway Policy Decision Point (e.g. CA SiteMinder)
Legend
Browser HTTP traffic SSO/Rest HTTP traffic WAM traffic (vendor-‐specific)
Corporate Network
SSO/Rest Plugin
Cloud
Browser
11 www.idfconnect.com
“Look Mom! No VPN!”
SSO/Rest Engine
Login
Update Session
Validate Session
isProtected
Gateway
Enable / Disable
Change Password
isAuthorized
SSO/Rest Web Services Endpoints
12 www.idfconnect.com
Remember: FederaLon is NOT the Same as Web Access Management
FederaLon Web Access Management (WAM)
One-‐Jme handoff from partner IDP
Limited logout capability Perimeter Defense
Audit
Access control
www.yourwebsite.com
future business
Policy Enforcement Point (PEP)
Policy Decision Point (PDP)
www.yourwebsite.com
future business
AuthenJcaJon
SAML OAuth OpenID
Session lifecycle management
THANK YOU ! For More InformaJon, Please Visit
IDF Connect, Inc. 2207 Concord Pike #359 Wilmington, DE 19803 Phone: (888) 765-‐1611 Fax: (888) 765-‐7284
www.idfconnect.com
www.linkedin.com/in/rsand
@IDFConnect
www.facebook.com/IDFConnect
@rsand2
Turn CA SSO into your Enterprise 2-‐Factor Auth SoluJon with SSO/MobileKey. For more details visit www.idfconnect.com/products/sso-‐mobilekey/
Also check out our other products: www.idfconnect.com/products