Transcript Slide 1

Business Problems Technology Solutions
IDM vs MIIS.
The past, present, futures and direct
comparisons of Identity Management from both
Provo and Richmond
Martin Bradburn
Associated Network Solutions Plc
Over 10 years in IT
Business Problems Technology Solutions
Agenda
• Why Identity Management ?
• Novell’s IDM3 – an overview
• Microsoft’s MIIS – an overview
• Knock for knock
• The future
• Q&A - please
Over 10 years in IT
Business Problems Technology Solutions
Over 10 years in IT
Business Problems Technology Solutions
Priorities today
1
2
3
Ensure
Security and
Compliance
Reduce Costs
Maximise All
Your Assets
…across all systems and platforms
Over 10 years in IT
Business Problems Technology Solutions
Auditing & Compliance
Compliance initiatives, such as Sarbanes-Oxley, FSA and Law
Society occupy centre stage in IT and security projects.
Sarbanes-Oxley requires focus on
making sure that they are reporting
accurate information and that they know
where it is coming from.
The results of the IT auditing teams are
bubbling up to the boardroom
— and they can be pretty ugly…
Over 10 years in IT
Business Problems Technology Solutions
User-provisioning implementations are growing in number and
complexity, largely because of regulatory pressures.
Gartner estimates that there are approximately 1,200 production
deployments that are significant: These implementations are
enterprise wide, and they use multiple connectors, workflow and
approval processing.
Implementations of smaller workforce count are new, most within
the past 12 months, as they too feel regulatory compliance
pressures.
Over 10 years in IT
Business Problems Technology Solutions
Receipts and payments
system
SQL Server 2000
Complexity
External DB
External Feed
Oracle Client/Server
LDAP
Authoritative
Data
INGRES
Oracle Client/Server
HR
SAP
Email
Novell and AD account
Creation
INGRES
PERL scripts
Oracle Client/Server
APP
CMS
Card Production
Oracle Client/Server
DB
DB
Over 10 years in IT
DB
DB
DB
SQL CLUSTER
Redhat Linux
Business Problems Technology Solutions
Actual View of Novell before “Zero Day Start”
a4053
a4041
a1033
Ledger Link
Citrix
Automatesprocessof translating &
importing data into Hyperion
Usedas awebinterface
for Hyperion
Novell Open Job
Search Web Page
xxxx
xxxx
xxxx
Sells Novell products
viatheweb. Took the
placeof ShopNovell
a40xx
eSchool Licensing
Agreement (eSLA)
Filemaker Pro
Sits onown
DB
xxxx
68
Reports finances &
consolidates GLs
xxxx
2
56
40
4/i
Pris
a4001
i4083
i4014
ORACLEApplications
i4088
i4089
Khan Database
Oracle DB
a4079
Oracle
i30x
x
i40
36
/i10
48
i1 01
i1 0
09
9
i10
12
3
/i50
19
58
i30
xx
2
w)
no
18
i4 0
1, i1051, i105
a1006
Pro-Business
a1027
xxxx
i1011
Cendant Mobility
xxxx
xxxx
xxxx
Undocumented
APP/DB
App/DBnot on original
app inventory
xxxx
a4006
NCAM
a4007
a2001
Tracksconsulting &scheduling
info. Reportsoff of Evolve
37
i40
xxxx
NCM(Atlas)- US
xxxx
NCM-Ire
Novell contract management
Continuus
Novell contract management
/i502
5
Evolve DM
Discoverer
(Q1replacement for
NCIS)
Query tool usedtohit the
OracleProductionsystem
xxxx
a30xx
Oracle
a3002
3rdparty???
Phoenix
Aweb-based sales force
automation tool
a4028
a5015
DowJones
Exchange Rates/
Currency
CCTS
Leadwise
Tracks &stores
campaigns
a3009
xxxx
xx
i30
a3001
Siebel
i50
10
1
i503
Builds patches for NTS
(Compass Project)
Sales forceautomationtool
Manages external
incidents andcreates
TID's
i5020
Oracle
i5009/i501
i5022
MagRabbit
Support developer net
3rdparty???
xxxx
a30xx
Special PricingRequest
(SPR)Aprice request approval
a2004
processfor consultants
NILE
Mysales DB
xxxx
Builds & Updates tests
Exports resolvedTID's to
Prognistics
xxxx
xxxx
23
xxxx
a5027
a5013
Hibbert
Merges TIDInfo
& other datato"Support
ConnectionCD"
i5021
a5050
TIDExport
©Novell
i5003
Converts datafrom
vantivetoflat files
xxxx
a6002
xxxx
Searchenginefor Vantive
TID's
Groupwise
Translation Co.
xxxx
(Not stand-alone, will represent
interfacesat a later time)
39
i50
34
27
i5 0
i50
a5008
a2007
Primus
xxxx
5
i501
ALL RIGHTS RESERVED NO PART OF THIS DRAWING BAY BE
REPRODUCED, STORED IN A RETRIEVAL SYSTEM OR
TRANSMITTED BY ANY MEANS ELECTRONIC, MECHANICAL,
PHOTOCOPIED OR OTHERWISE WITHOUT THE PRIOR WRITTEN
CONSENTOFNOVELL
6
Communcationbetween
Cert andVue
Novell
CONFIDENTIAL
Novell International
LocalizationEnvironment
xxxx
i2 00
a5002
Vantive KK
Dataflow
Manual
xxxx
Webendof Folio
i5014
a5028
Testing Database
i50
a5032
CERT Express
xxxx
a30xx
xxxx
2
a5031
CERT for Web
i5011
Registration Activation
a5057
Support.Novell.Com
Imports datafromCNE DB
toVantive
Dataflow
Auto
a2002
32
i50
a5004
xxxx
xxxx
Mysales DB
Siebel 99.6 DBan Oracle DB
a30xx
i50
40
a5030
CNEXFER
PartnerII
App& DB
(Education)
a20xx
Mercury Interactive
Tracks defects andrequests
for enhancements
xxxx
i5035
0
i503
xxxx
Bay Quality (Remedy)
VANTIVE
Prognostics
Sends surveys tocustomers
withclosedincidents
xxxx
xxxx
Comments
Global Input Tool (GIT)
Reps submit issues that
get routedtoexports
a5001
a5016
i5024
Cert/Partner
DataStore
xxxx
a30xx
a5032
Patch Builder
xxxx
i5008
SharedDB/App Education
partners trackingsystem.
Interface
For Product Automation
i5 0
17
xxxx
a5053
xxxx
EPI Suite
Creates pictures for
Security badges
Contracts Database
i50
01
/i5
00
2
Imports datafromCNE DB
toVantive
Whitma-Hart
Resource
Scheduling Co.
OnlineForm
PVCS
Sourcecodeandversion
control
a1024
xxxx
CNEXFER
i5028
xxxx
a2003
xxxx
a1026
Tracks registrationwithall
Brainshares.
xxxx
CERT
Tracks Novell certification
Document
xxxx
Brainshare
a5030
a5005
i5033
xxxx
Cardkey buildingaccess
system
xxxx
Tracks Novell partner
information
a3005/a3006
xxxx
a5053
a1031
Westingouse
Immigration DB
(Credit CardTracking
System)
Create-A-Check
Shared
a1032
Immigration Ease
Tracks int'l assignment related
vendor invoicedata
PartnerNet (NAPS)
Siebel 2000DB - an
OracleDB
Creates expense
checks fromOraclefeed
CommonRepository for
Partner andCertificationdata
xxxx
xxxx
EnterpriseApplication
or Database
a40xx
Bank of Ireland
(EFT)
Third Party
Vendor
xxxx
a5037
oracle
i50 04
5/i4 03
5
oracle
Channel orderingtool for
external customers.
i2001
i4 06
oracle
i50xx
Broadvision (COT)
Application or
Database
Sourcecodeandversion
control.
a4073
xxxx
a4034
xxxx
xxxx
Replacedby Oracle
Financials & Catalyst Project
MPX
NonNLMImport & Export
xxxx
DRAWINGTITLE:
DxOp - Future
xxxx
PREPAREDBY:
Dave Preece, Kristin Hinson
PLATEINFORMATION
a5044
a50xx
Folio
MajorDomo/Lyris
NTSTime Tracking
Searchenginefor Vantive
TID's
Broadcasts issues/TID's
accordingtosubject viae-mail
a5012
Vue
a5011
Sylvan
Does Testing
for Novell Certifications
Does Testing
for Novell Certifications
xxxx
xxxx
a6001
NDS
xxxx
(Not stand-alone, will represent
interfacesat a later time)
xxxx
Over 10 years in IT
OutsourcedPayroll
Outsourcedrelocation
specialist
i4030
a5029
Corporatepurchasingcard
system
Tolas
DRAWNUSING
VISIO5.0
External Facing
Point
Asera
MLA WebOrdering
(Gonenow?)
Paris
a4027
NOTES
KEY
a4074
i40
09
i50 05
a4036
i104
0
Oracle ( Mysales
DB)
Bolt-on or Satellite
Application
to
(au
i50
xxxx
i106
3
xxxx
i30xx
4
i10
xx
i4017/i403 9
Tobit
i105
8
Reps acknowledgetheir
quota
2
i40
i4062
a4072
Fax Server usedoutside
US
i300
1
Quota Acknowledge.
Mysales.com
i402
9/i4
021
/i40
28/i4
022
a30xx
xxxx
i4010
i1050/
i1065
2
05
/i1
51
10
1/i
04
/i1
25
i10
xxxx
i3007
xxxx
OutsourcedMedical
Benefits Admin\
Company
i10
05
/i1
00
6/i
10
44
a30xx
a3008
KhanDB
(oracle)
37
50
7 /i
00
/i5
06
i5 0
Commerce Path
Fax Server for US use
only.
ADP/Mercer
Fidelity
401K tracking
xxxx
Daily batchof quotavs. actual
reportingby rep.
NOVA
Newwebreportingtool inpilot
i401
i4034 9/i4020
01 7
5/i4
i401
SigForms
FormMaker: transforms
faxes toforms
a1017
a1016
Edcor
i1 06
xx
i40
i404
7/i4
063
a4012
a1015
EducationReimbursement
Sales Tracking
i41
00
a40xx
a4013
a1023
MetLife
Tracks differed
compesation
i30x
x
Midas DB
(oracle)
Ernst &Young
Outsourcedtax manag.
for expat employees
xxxx
Sales Directory
(Data Store)
xxxx
66
i40
3rdparty bolton
CompensationPlanning
Program
a1012
Equity Edge
Stock OptionEvaluation
Program
a3016
Webbasedreportingtool
for financial systems
Taxware
Computes tax info. and
compliancereporting
xxxx
i30x
x
CPP
i1042
i101
8
i101
3/i1
017
Cognos
a4014
i4067
CPS
CalculationEngine, Only used
nowinAsia-Pac & EMEA
a50xx
(Catalyst Project)
Novell's Financials
/i4012
i4011
Gov. Tax Agency
i10
16
i1025, i104
Oracle
a1028
Trilogy/Midas
Q2-01Replacement for
CPS
02
i30
a40xx
StreamServe
Applicationbolt-on
xxxx
a1004
a1005
Oracle
a40xx
Registration (EDS)
Tracks courseregistration
& details
i1003/i1
028
9
on th
next
m
ill be
a3004
xxxx
33
i40
a5052
x
i10x
/i1055
i4013
go ne
Serras
Tracks andassigns serial
numbers
Oracle DB
mw
x
i40x
U.S. HealthCare
Ins. Carriers
0
i4016
xxxx
Tracks Novell employee demographic,
salary &benefit information.
i401
Oracle
47
i40
0
50
i40
7 3,
xxxx
Manages export licensing
andvalidation
a4016
(Business Travel
Solutions)
PeopleSoft
(2/0
1)
i40
07
i40
i4027
78
i4094
i40
a4017
(Applications Desktop
Integrator)
iClick
Employeeonlinetimecard
i1007
i1020/i1049
Sabre-BTS
x
i40x
Doesnot sit on a
DB
a40xx
a1019
0 53/
47
3
00
/i4
38
i40
/i1027
i1002
a1001
45/i4
Prism/NPI
Repository for sales
information
Vastera (EMS)
xxxx
xxxx
a1007
xxxx
i1 0
Rainmaker
PMT/EBS
Manages objectives &
quarterly objectives
i105
6
ADI
i401
8
Vantive Helpdesk
Manages internal Novell
incidents
xxxx
1
i102
xxxx
a3003
a30xx
Support subscription
services program
MS Access, MS Word
Sybase
i4 0
xxxx
i400
5/i4
006
a50xx
Trademarks &Patents
a1003
Department budgeting
i4 07
i4093
Methodof electronic data
transmission
xxxx
i10
37
/i1
05
7
15
0 77
Pro-EDI
Library)
Maintainselectronicdata assets/
manuals&artwork.
Import of check info.
(export feedand
update)
EDL (Electronic Data
Weblookupfor employee
work force.
xxxx
2
i103
8
i100
i10
55/i4
a4022
a4021
PNCBank
ARLockbox
i403
2
a4004
sybase
i4042
a4035
xxxx
a4018
Distributionpoint of saleand
inventory info.
i4 0
DataFlex
Corporate Directory
i1045
Employeedirectory infofor
run/movemanag.
a1020
Pillar
Produces Labels
sybase
i10
22
/i10
54
POS(Point of Sale)
i4044
Pilot OLAP stagingserver
xxxx
U.S. Treasury
Customs
Department
i4023
a4003
PRV-OLAP
i4084
xxxx
a40xx
i102 6
i1001
a4030
available for dowload.
xxxx
xxxx
PTS(Product Tracking
System) Tracks product
registration& serializationinfo.
Tempemployment
agency
01
i40 54
i4 0
First Article (ESD)
Storesinfo. about newproducts
6
i4 07
CAPS
Prints AIMS docs
a1021
Infosource
i1033
xxxx
Adecco
71
i40
a4033
Processes accounts payable
inUK andDublin
OverLabel Print
i4064
a1008
WebTrax
Connectiveactionsystem
i10
i4051
i4008
a4025
System)
xxx
x
xx
x
a5041
xxxx
a1013
a40xx
AIMS
Onlinetraining, delivery &
reportingfor theSales Org.
xxxx
i1064
Orbital
a4008
i10
69
a1022
Pathware
Tracks candidates and
resumes
i1067
Hyperion
i4082
xxxx
xxxx
Financials Tool
(Automated InventoryManagement
i1 0
a1002
Personic
Repositories for financial &
product info.
a40xx
xxxx
Archer
Management
Usedby Facilities
a4002
Pilot
Voyager a400x
Formats extracts for pilot
consumption
i1010
xxxx
i4070
a4032
a40xx
a50xx
Digital River
04
/i 1
02
xxxx
Facilities Management
xxxx
i1031
a40xx
SMS
(Ship Manifest/ Dublin) Creates
Invoice/ shipping labels.
a1014
B.I.G.
Tracks Certification, and
CBT
i10
a4011
a1025
Pinnacle/Traintrax
Unemployment
management Co.
i40
69
i4075
a4010
EVCOR
Tracks freight weight info
& shippinglabels
a1010
a1018
R.E. Harrington
xxxx
i1066
Cybersource
i1035
a40xx
Handles Credit Card
Transactions for ShopNovell
xxxx
i4024
a4019
Product Status
DB
DateRevised:
Version:
Document Ref:
01/29/01
Novell
®
INFORMATIONSERVICES &
TECHNOLOGY
Business Problems Technology Solutions
So, why are we all in this mess ?
• Organisations expand – recruitment & acquisitions
• Employees need access to many applications & resources
• Managing resource access tends to be carried out on a
system-by-system approach.
• On average this means that each user has 8–12
identities.
A field of disparate and complex systems…
Over 10 years in IT
Business Problems Technology Solutions
Novell’s IDM3 – an overview
Over 10 years in IT
Business Problems Technology Solutions
Novell IDM3 Major Components
End-User Features
•
User Application
–
Approval Workflow system
Identity Manager metadirectory engine
& connectivity
–
Self-service resource request
•
Eclipse-based Configuration
–
Roles and function delegation
•
iManager-based Administration
•
Delegation of admin duties
•
Enhanced White Pages
•
Enhanced Org Chart
•
User Search Application
Self-service Password Management
tools
•
•
Admin/System Features
Lightweight User Admin tools
Over 10 years in IT
•
Advanced provisioning reporting using
Novell Audit
•
Enhanced performance, scalability and
stability
•
Business Problems Technology Solutions
Novell Identity Manager 3
Novell Identity Manager 3 delivers:
• Automated User Provisioning
• Self-service Password Management
• Secure Logging, Auditing and Reporting
Across platforms: Linux, Windows, Solaris, HP-UX, AIX & NetWare
Over 10 years in IT
Business Problems Technology Solutions
IDM3 - Top 5 Innovations
1. Integrated Approval Workflow
2. Enhanced Identity Applications
3. Attractive, flexible User Application
4. Designer for Identity Manager
5. Enhanced Scalability and Data Security
Over 10 years in IT
Business Problems Technology Solutions
Integrated Approval Workflow
User application showing approval task in-box.
Full-featured workflow capabilities, including:
Over 10 years in IT
•
Role, group or individual assignments
•
Delegation and proxy functions
•
Expiration tracking with escalation policies
•
Self-service provisioning
•
No coding required (Java, script, XML, etc.)
Business Problems Technology Solutions
User checking status of a prior workflow request
User application showing approval task in-box.
Full-featured workflow capabilities, including:
Over 10 years in IT
•
Role, group or individual assignments
•
Delegation and proxy functions
•
Expiration tracking with escalation policies
•
Self-service provisioning
•
No coding required (Java, script, XML, etc.)
Business Problems Technology Solutions
End User View
Advanced identity applications unlock
greater value from the identity data.
Powerful organisational charting &
white/yellow pages
•
•
Self-service password management
•
Delegated administration for team leaders
Over 10 years in IT
Business Problems Technology Solutions
Views of User Workflow requests
Over 10 years in IT
Business Problems Technology Solutions
Views of User Search and List
Advanced identity applications unlock
greater value from the identity data.
Powerful organisational charting &
white/yellow pages
•
•
Self-service password management
•
Delegated administration for team leaders
Over 10 years in IT
Business Problems Technology Solutions
Views of User Search and List
Advanced identity applications unlock
greater value from the identity data.
Powerful organisational charting &
white/yellow pages
•
•
Self-service password management
•
Delegated administration for team leaders
Over 10 years in IT
Business Problems Technology Solutions
Administrator View
Full-featured Administration Console.
•
Monitoring, reporting & auditing features
Integrated into the common Administration
fabric
•
Separate from tools for Architecture/
Deployment
•
Over 10 years in IT
Business Problems Technology Solutions
Designer for Identity Manager Architect View
A powerful visual toolkit for
designing the identity environment.
•
Graphically configure complex systems
•
Model “What If” scenarios
•
Automatically generate documentation
Leverage re-usable configurations to
reduce deployment time
•
Over 10 years in IT
Business Problems Technology Solutions
Connectible Application Space
Over 10 years in IT
Business Problems Technology Solutions
Identity Manager Connected Systems
database
IBM DB2
Informix
Microsoft SQL Server
MySQL
Oracle
Sybase
JDBC
directories
Critical Path InJoin Directory
IBM Directory Server (SecureWay)
iPlanet Directory Server
Microsoft Active Directory
Microsoft Windows NT Domains
Netscape Directory Server
NIS
NIS +
Novell NDS
Novell eDirectory
Oracle Internet Directory
Sun ONE Directory Server
LDAP
email systems
Microsoft Exchange 2000, 2003
Microsoft Exchange 5.5
Novell GroupWise
Lotus Notes
Over 10 years in IT
enterprise applications
Baan
J.D.Edwards
Lawson
Oracle
Peoplesoft
SAP HR
SAP R/3 4.6 and SAP Enterprise
Systems (BASIS)
SAP Web Application Server (Web
AS) 6.20
Siebel
operating systems
Microsoft Windows NT 4.0
Microsoft Windows 2000, 2003
SUSE LINUX
Debian Linux
FreeBSD
Red Hat AS and ES
Red Hat Linux
HP-UX
IBM AIX
Solaris
UNIX Files - /etc/passwd
enterprise message bus
BEA
IBM Websphere MQ
Open JMS
Oracle
JBOSS
Sun
TIBCO
other
Delimited Text
Remedy (for Help Desk)
SOAP
DSML
SPML
Schools Interoperability Framework (SIF)
mainframe
RACF
ACF2
Top Secret
midrange
OS/400 (AS/400)
pbx
Avaya PBX
*NOTE: Identity Manager customers have integrated
numerous other systems utilizing general purpose Identity
Manager drivers such as JDBC, Delimited Text, or LDAP
Business Problems Technology Solutions
Microsoft’s MIIS – an overview
Over 10 years in IT
Business Problems Technology Solutions
Microsoft MIIS Major Components
–
–
Synchronisation Engine
–
Synchronising into ever increasing number of systems – no longer just MS ones
–
Automated provisioning
–
Centralised Identity Store
Password Management (SP1)
–
Integrated into Windows front end
Over 10 years in IT
Business Problems Technology Solutions
MIIS – Identity Scenarios
Integration as foundation•Authentication
for IM services
•Authorization
•Identity Data
“Enterprise Directory”
•Authentication
Identity Integration
•Authentication
•Authorization
•Identity Data
•Authorization
•Identity Data
Rock solid software to integrate identity
Over 10 years in IT
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
•Authentication
•Authorization
•Identity Data
HR
System
Contractor
System
Lotus
Notes Apps
Infra
Application
COTS
Application
In-House
Application
In-House
Application
Business Problems Technology Solutions
MIIS Architecture
Key:
HR
Database
MA= Management Agent
CS= Connector Space
HR MA
HR
CS
CorpApp
Database
CorpApp
CS
Active
Directory
AD CS
CA MA
AD MA
Metaverse
MS SQL2000 based datastore
Over 10 years in IT
Business Problems Technology Solutions
MIIS Designer
Over 10 years in IT
Business Problems Technology Solutions
Connectivity in MIIS 2003, Enterprise Edition SP1
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Active Directory
Active Directory Application Mode
Exchange 2000 and 2003 Global Address List synchronisation
Sun One Directory (formerly iPlanet) 4.x and 5.0
SQL Server 7.0 and 2000
Oracle 8i and 9i
DSML 2.0
LDAP Directory Interchange Format (LDIF)
Delimited Text
Fixed-Width Text
Attribute-Value Pair Text
Windows NT 4.0
Exchange 5.5
Lotus Notes 5.0
Novell eDirectory 8.62 and 8.7
RACF – Shipped Summer ‘05
SAP (Beta)
Other mainframe and ERP systems to follow
Over 10 years in IT
Business Problems Technology Solutions
Knock for Knock
Over 10 years in IT
Business Problems Technology Solutions
Gartner’s meta directory Magic Quadrant
Movement from
last year’s meta directory
magic quadrant
“We continue to view IDM
as market leading
technology”
—Gartner
Over 10 years in IT
Business Problems Technology Solutions
Gartner’s User Provisioning Magic Quadrant
Over 10 years in IT
Business Problems Technology Solutions
Challenger Definition
Challengers have solid products that address the typical needs of the Userprovisioning market, with strong sales, visibility and clout that add up to higher
execution than niche players.
Many clients consider challengers to be the conservative safe alternative to niche
players.
Challengers in this Magic Quadrant have strong product capabilities, but they
have fewer production deployments than the leaders. Their business model,
overall product strength, marketing strategy and business partnerships vary and,
hence, has kept them from breaking into the Leaders quadrant.
Novell have been in the User-provisioning market for some time and have been
making steady progress.
Over 10 years in IT
Business Problems Technology Solutions
Niche Definition
Niche players offer viable, dependable solutions that meet the typical needs of
buyers.
Niche players are less likely to appear on shortlists but fare well when given a
chance. While they generally lack the clout to change the course of the market,
they should not be regarded as merely following the leaders.
Niche players may address subsets of the overall market, and often they can do
so more efficiently than the leaders. Clients tend to pick niche players when
stability and focus on a few important functions and features are more
important than a “wide and long” road map.
Microsoft has a basic User-provisioning product in MIIS and relies on
partners to round out its offering.
Over 10 years in IT
Business Problems Technology Solutions
Market Disruption
Two fundamentally different ways to solving the security administration problem
are the User-provisioning (middleware) approach and the enterprise access
management approach.
All vendors, except Microsoft, are taking the middleware approach, which
addresses the management of the complex authentication environment that has
evolved during the past 20 years.
Over 10 years in IT
Business Problems Technology Solutions
As long as enterprises are willing to make Active Directory their central
authentication service and rely on the access control infrastructure of the Windows
server, fewer user IDs will be needed, and those that remain can be managed as an
Active Directory account.
Microsoft partners, such as Centrify and Quest Software, are building tools to
provide the translation of Unix, Linux, Mac OS, VMware, WebSphere, WebLogic,
JBoss and Apache accounts so that they can be managed as Active Directory
accounts.
Microsoft Identity Integration Server (MIIS) is required to provision user accounts
and synchronise user profile information between target systems (until such time
that only one Active Directory user account is needed).
Over 10 years in IT
Business Problems Technology Solutions
This means that Microsoft would:
•Own the strategic user repository (Active Directory) in most accounts
•Drive the primary authentication for both network operating system
(NOS) and Web connections
•Drive the application-level authorisation schemes
Clearly, this is a lot to accomplish but no other vendor is in a position to pull
this off. The enterprise access management approach is not for everyone,
especially if enterprises have a need right now for managing and reporting on
the messy, complex user accounts environment that currently exist. This
approach is also not for those enterprises that want to maintain an “open”
authentication and authorisation infrastructure.
Over 10 years in IT
Business Problems Technology Solutions
Novell IDM
Novell was one of the vendors that took its meta directory product and evolved it
into a Javabased User-provisioning product. Because earlier versions of its Userprovisioning product were based on the meta directory product, it has strong data
synchronisation and Resource Access Management capabilities, but it lacked certain
core User-provisioning functions, such as self-service password reset and workflow,
and it required a fair amount of consulting work for implementation.
Novell has continually enhanced its User-provisioning offering (for example,
graphical interface for connector management and Service Provisioning Markup
Language support), and with the introduction of Identity Manager 3, it has a product
that provides very good User-provisioning capabilities, albeit with a few oddities
(such as, template workflow by the number of approval steps rather than Userprovisioning function, for example, add a new user).
Over 10 years in IT
Business Problems Technology Solutions
Novell has done a good job in focusing on the federal and state government
sectors and overall customer satisfaction is high.
To be the success it wants to be, Novell must be more strategic by adding
capabilities around Role Management, ensure it has a Tier 1 Service Industry and
provide a solution for the SMB market.
Novell has done a good job selling its User-provisioning solutions to its target
customers; however, Novell’s target audience is too narrow.
Gartner wants Novell to expand its marketing and sales efforts to a broader range
of customers.
Over 10 years in IT
Business Problems Technology Solutions
Microsoft MIIS
Microsoft’s User-provisioning offering, developed on the .NET platform, was
originally built as a metadirectory product that now supports much of the
heterogeneous IT infrastructure (connectors for SAP, PeopleSoft are in progress).
It is a set of modules that must be integrated to make up a basic Userprovisioning product. For example, workflow capability comes through BizTalk,
with Visual Studio required for complex workflow and rule support, and Unix
support comes through Services for Unix.
There is no support for Service Provisioning Markup Language, role management
nor out-of-the box reporting of any kind, although customers can use their
existing reporting products to get access to the data in the MS-SQL database.
Over 10 years in IT
Business Problems Technology Solutions
Gartner’s assessment of MIIS as a User-provisioning offering is that it is very
much a consulting engagement.
However, customers report that the software license fees and integration costs are
so much lower than other User-provisioning product deployments, that it is worth
the effort.
Microsoft has not productised capability (for example, workflow templates,
developed by Microsoft Consulting Services from its deployments).
Over 10 years in IT
Business Problems Technology Solutions
Microsoft’s next planned release in the second half of 2007 will be
comparable with today’s User-provisioning product offerings, with
workflow provided at the Windows server level.
But because the two different strategies to solving the security
administration problem – middleware vs. enterprise access management –
are not well articulated nor understood in the market, comparing MIIS with
a middleware User-provisioning product will result in MIIS not measuring
up 100 percent.
Over 10 years in IT
Business Problems Technology Solutions
Lower costs and the growth in Active Directory as
the central enterprise authentication service will
likely propel Microsoft into the Leaders quadrant
within the next 24 months.
Over 10 years in IT
Business Problems Technology Solutions
Infoworld Review ‘05
!
http://www.infoworld.com/article/05/10/07/41FEidm_1.html?s=feature
Over 10 years in IT
Business Problems Technology Solutions
Native System Connectivity
database
IBM DB2
Informix
Microsoft SQL Server
MySQL
Oracle
Sybase
JDBC
directories
Critical Path InJoin Directory
IBM Directory Server
(SecureWay)
iPlanet Directory Server
Microsoft Active Directory
Microsoft Windows NT Domains
Netscape Directory Server
NIS
NIS +
Novell NDS
Novell eDirectory
Oracle Internet Directory
Sun ONE Directory Server
LDAP
email systems
Microsoft Exchange 2000, 2003
Microsoft Exchange 5.5
Novell GroupWise
Lotus Notes
Over 10 years in IT
enterprise applications
Baan
J.D.Edwards
Lawson
Oracle
Peoplesoft
SAP HR (MIIS via delimited text)
SAP R/3 4.6 and SAP Enterprise Systems (BASIS)
SAP Web Application Server (Web AS) 6.20
Siebel
enterprise message bus
BEA
IBM Websphere MQ
Open JMS
Oracle
JBOSS
Sun
TIBCO
mainframe
RACF
ACF2
Top Secret
operating systems
Microsoft Windows NT 4.0
Microsoft Windows 2000, 2003
SUSE LINUX
Debian Linux
FreeBSD
Red Hat AS and ES
Red Hat Linux
HP-UX
IBM AIX
Solaris
UNIX Files - /etc/passwd
other
Delimited Text
Remedy (for Help Desk)
SOAP
DSML
SPML
Schools Interoperability Framework (SIF)
pbx
Avaya PBX
midrange
OS/400 (AS/400)
IDM3 Black
MIIS Red
Business Problems Technology Solutions
Supported Platforms
IDM3
MIIS
• NetWare 6.5 SP3 or later
• Novell Open Enterprise Server—NetWare or Linux
• Windows 2000 or 2003
• SUSE Linux Enterprise Server 9 or 10
• Red Hat Linux AS 3.0
• Solaris 8, 9 or 10
• AIX 5.2L
• Windows Server 2003 Enterprise edition
Over 10 years in IT
•(NB. Also requires SQL server 2000)
Business Problems Technology Solutions
Getting it all configured
IDM3
MIIS
•Most powerful Designer GUI
•Natively integrates with eDirectory
•Self documenting
•Still needs XML coding for certain things
•Real time synchronisation
•No native failover
•In built auditing
•Partner support excellent
•Designer GUI
•Does not natively integrate with AD (uses SQL2000)
•Requires Visual Studio and coding for most things
•Not real time synchronisation
•SQL2000 able to be replicated
•No identity auditing capability
•Partner support excellent
Over 10 years in IT
Business Problems Technology Solutions
What’s it going to cost ?
IDM3
MIIS
•IDM3 (including Microsoft Active Directory, Microsoft Windows
•MIIS 2003 SP1, Enterprise Edition per CPU
NT, Novell GroupWise, Microsoft Exchange, Lotus Notes, Novell
eDirectory and other LDAP v3 directories) + Audit + User
application with user self service and password management
(including all MS connectors)
•£5.55 per user
•Optional integration modules
•From £3.33 per user
•£13,400
•Windows Server 2003 R2 Enterprise Edition
•£2,222
•Windows Server 2003, Client Access License 20pack
•£444
•SQL Server 2005 Standard Edition
•£3,333
For comparison 1400 users @ £13.88 is
£19,432
Total investment £19,399
•£13.88 per user
•Optional Provisioning Module for Novell
Identity Manager 3 (Approval workflow system and Selfservice Resource Request)
All prices exclude VAT, maintenance and discounts
£/$ Exchange rate rate of 1.8
Over 10 years in IT
Business Problems Technology Solutions
IDM3
What’s in it for the users ?
MIIS
•Password self-service
•User Administration
•White pages and organisational charts
•Workflow
•Resource request
Over 10 years in IT
•Password self-service (reset now pulled from SP2)
Business Problems Technology Solutions
What’s in it for your boss ?
IDM3
MIIS
• Audit and compliance
• Good ROI
• Open source integration
• Past, present and future system integrations
• Good ROI (sometimes excellent)
• Microsoft integration
• Nobody’s yet been fired for buying MS !
Resource Provisioning Report
Peoplesoft Account
User
Date / Time
Action
cn=newuser,o=novell
1/2/2005 1:02:03PM
Provisioned
cn=newuser,o=novell
1/2/2005 1:02:03PM
Access changed
cn=firedexec,o=novell
1/2/2005 1:02:03PM
Deprovisioned
Office Key – PRV H61137
User
Date / Time
Action
cn=newuser,o=novell
1/2/2005 1:02:03PM
Provisioned
Executive washroom key
User
Date / Time
Action
cn=firedexec,o=novell
1/2/2005 1:02:03PM
Deprovisioned
Over 10 years in IT
Business Problems Technology Solutions
Anything else whilst we’re at it ?
Over 10 years in IT
Business Problems Technology Solutions
The Future
Over 10 years in IT
Business Problems Technology Solutions
Near-term IDM3 Roadmap
Identity Manager 3.5
•Scheduled/Random Password Generation
•Scheduled Event Processing
•Multi-language Support (Password Challenge/Response, Email Templates)
•AD-style Password Policy
•Visual Password Synchronisation for users
•Anonymous User Self-Registration
•Matrix Organisation Display and workflow approval
•UI Enhancements including Portlets for viewing User/Resource Associations
•Digital Signing of Approvals
•Matrix organisation and Quorum Approvals for workflows
•Shareable Policy Libraries
•Resource Kit (incl. normalised driver configs)
•IDM Monitoring Tools
Over 10 years in IT
Business Problems Technology Solutions
IDM3 Roadmap
Next Major Version of Identity Manager
–
–
–
Enhancements in user features (for example...)
–
Additional regulatory compliance management features
–
Additional provisioning workflow capabilities
–
Improved password management features
–
Support for matrix and non-traditional organizational structures
Enhancements in infrastructure (for example...)
–
Greater interoperability & integration with existing infrastructure
–
Finer control over event/activity processing
Enhancements in deployment process (for example...)
–
Greater automation in deployment
–
Improved deployment scenario flexibility
Over 10 years in IT
Business Problems Technology Solutions
MIIS Roadmap
Extending MA Reach Ongoing
Improving password
management capabilities
Further lowering the cost
and risks of Identity
Management
Over 10 years in IT
Additional MAs
64 bit support
Started June ’05
MIIS 2003 SP2
Q2/CY06
Codeless provisioning
Entitlement reporting. End-user self-service password reset
MIIS - Gemini
Self-service platform
Additional MAs
Business Problems Technology Solutions
MIIS Gemini
•
•
•
Add core functionality required for Process Integration Services
– End-user self-service password reset
– Rich workflow
– Centralised auditing
– Self-service application platform with integrated workflow and auditing
– Computed attributes
– Entitlement management based on organisational roles
Expose new functionalities to IT Pros and end users
– Identity manager console for declarative entitlement management
– Self-service applications
Expose self-service application interfaces for ISVs and corporate developers
Over 10 years in IT
Business Problems Technology Solutions
Summary
•
IDM3 is now a mature product with little major missing, MIIS Gemini is
close behind though
•
Novell’s (lack of) marketing will allow MS to catch up – again !
•
With Gemini, MIIS will offer a more complete password management story
•
Powerful workflow integration and UI entry points for self-service
applications could make Gemini as good as IDM3
•
MS are already planning Apollo – but the chances of this being platform
agnostic are very slim
Over 10 years in IT
Business Problems Technology Solutions
Questions and Answers ?
Over 10 years in IT