Novell Nsure Identity Manager 2 Competitive Overview Deven Macdonald PM, Nsure Identity Manager Novell, Inc. [email protected] Justin J.
Download ReportTranscript Novell Nsure Identity Manager 2 Competitive Overview Deven Macdonald PM, Nsure Identity Manager Novell, Inc. [email protected] Justin J.
Novell Nsure Identity Manager 2 Competitive Overview Deven Macdonald PM, Nsure Identity Manager Novell, Inc. [email protected] Justin J. Taylor Chief Strategist, Digital Identity Board Member, Liberty Alliance Novell, Inc. [email protected] Business goal = the agile enterprise Employees Partners B2B Marketing Sales Customers Your business Finance 2 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Customer service Identity Management Overview Identity = How user information is represented in all the IT systems throughout the organization… Identity Management = Setting and acting on policies for identity information, regarding security, organization, granting of access, etc. Why do we care about Identity Management? • • • • • 3 Reduce administration and help desk costs Improve security Enhance end-users’ productivity and satisfaction Ensure business policies are followed Provide confidence to be able to do business © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Islands of Isolated Data HR ERP Operating System Database Mail Directory PBX 4 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Sharing data through an identity vault HR Database ERP Operating System Identity Manager Mail Directory PBX 5 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Managing the User Lifecycle Provisioning Relationship Begins Promotion Routine User Administration Move Locations USER LIFECYCLE New Project Forgot Password De-provisioning 6 Relationship Ends © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary Password Expires November 6, 2015 Password Management Identity Management The need to understand competitive offerings Growing Identity Management needs by organizations world-wide continue to stimulate growth in the Identity/Provisioning market. On-going market growth = More Competition What is the difference between these offerings? What is the best solution for you? 7 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Decision Criteria? Decision Criteria Considering an Identity Management Solution Areas of Consideration Product Functionality •Automated Administration •Dynamic Rules Engine •Password Management Connectivity Technical Architecture •Connectivity •Architecture •Platforms, Directories •Performance •Database • Security •Applications •Rapid Development and Deployment •Role-based Access •Workflow •Platforms Cost and Viability •Initial Investment •Software and Service Costs •Hardware Costs •Services Costs •Financial, Market Organizational Viability •History 9 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Vision and Service •Product Vision •Services •Company •Professional Services •Support Functionality Product Functionality •Automated Administration •Dynamic Rules Engine •Policy Based Provisioning •Password Management •Workflow 10 Administration •Present data in a single location from which administrators applications and users can access or manage the identity •Robust and flexible rules for definition of data like associations, mapping, and transformation policies •Real-time event based provisioning (linking various sources of data to comprise and identity and perform automated functions) Dynamic Rules Engine •Defining policy (rules) to manage flow, ownership and structure of information from one or many systems into others (controlled automatic distribution of resources). •Manage data and resolve conflicts between data to reduce duplication, inconsistent, out-of-date or redundant data across multiple systems. Policy Based Resource Provisioning •Provisioning of access based on a users role, entitlements, rights, prerequisites, etc. •Policy enforcement ensuring new policy and changes are pushed and tracked across all platforms. Password Management and Workflow •Password strength, reset or change, self-service, bi-directional synchronization •Password policy enforcement •Routing, notification and approval (SMTP client or web service) •Delegation and escalation © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Connectivity Connectivity •Connectivity •Platforms, directories and database integration •Applications Connectivity •Ability to integrate with target applications • Real-time triggers • Non-intrusive •Secure communication and authentication •Extensive connectivity to meet all business needs Platforms, Directories, and Databases •Provision user accounts, group’s and rights •Integration with the following: • Database • Directory • Mainframe • UNIX Applications •Target business applications •Web Servers 11 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Technical Architecture Technical Architecture •Architecture •Performance •Platforms • Security •Rapid D&D 12 Architecture •Infrastructure requisites for use (impact on existing architecture) Performance •Scalability in the enterprise •Reliability and Usability •Logging, monitoring ability Platforms •Flexibility and support of widespread platforms (Database, Server, Client and Directory support) Security •Authentication, data integrity, password usage/encryption Rapid Development and Deployment •Ease of implementation •Rich customization capabilities •Supporting resources (documentation, product availability, delivery) © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Cost and Viability Cost and Viability •Initial Investment •Software and Service Costs •Hardware Costs •Financial, Market and Organizational Viability 13 Initial Investment •Consideration of total initial acquisition costs (licensing, deployment, consulting, training, on-going support) Software and Service Costs •Pricing availability (pre server and/or per seat) •Subscription, straight purchase, etc. Hardware Costs •Percentage of existing architecture that can be leveraged •Future priorities and areas of focus Financial, Market, and Organizational Viability •Vendor size, financial stability, existing customer base, market growth © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Vision and Service Vision and Service •Vision •Company •Professional Services •Support 14 Vision •Proven vision and product strategy •Long-term viability of an organization within the Identity Management market Company •Company history •Long-term goals improving on existing strengths and competencies •Market exposure Professional Services •Availability of technical resources, quality, technical depth •Demonstration of client satisfaction and long-term track record in market Support •World-wide support infrastructure •Proven problem resolution, on-going support and maintenance throughout product lifecycle © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Competitors Who are the key players? Top Tier Vendors These vendors: •Provide a comprehensive set of IdM products •Own a directory/ metadirectory platform •Provide related solutions •WW value delivery ability •Significant customer base •Acknowledged leaders by Analyst firms Players •IBM: Tight with CSIs. Marketing muscle. Big ticket. •Novell: Technical superiority, xplat specialty, more affordable. 16 Top Tier Contenders Lack one or more key attributes of Top Tier, but could or will close the gap. Players •Microsoft: Moving to Top Tier. •CA: Weaker offering without integration •Oracle: Moving into IdM, but lacks metadirectory •Sun/Waveset: Strongest on SunOne but weak solution •HP: Only needs an acquisition to play. © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Niche Vendors Focus on one or two specific functions. Architectures tend to run out of gas when scaled or stressed. Seeking investment, partnering or acquisition by Top Tier. Players •BMC •Courion •M-Tech •MaxWare •Netegrity/Business Layers •Critical Path •Etc. Leadership Recognition “Microsoft and Novell emerge as early and obvious winners in the metadirectory market with products that have significant market penetration, the backing of stable and committed vendors and broad offerings in which their metadirectories serve a strategic purpose.” -Giga Research, September 2003 IBM, Microsoft and Novell are currently jockeying for position in the emerging identity management market. Novell currently leads the "full suite" market segment with 25% market share, with the others following closely. -Radicati Group, November 2003 17 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Leadership Recognition “The metadirectory service Magic Quadrant shows the metadirectory market is maturing quickly, with Novell leading the pack toward the future.” Gartner Research Note August 2002 “We continue to view [Novell] DirXML as market leading technology” Gartner Research Note September 2003 18 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Functionality Connectivity Technical Architecture Cost and Viability Vision and Service Things we do right… • Centralized points of administration and web-based management • Robust dynamic rules engine • Flexible policy definition and policy based resource provisioning • Provide a secure and consistent repository • Open architecture − Scalable • Comprehensive connectivity − Real-time, event based, non-intrusive − Password synchronization • Password Management • Audit and Logging • Rapid development and deployment • Richest set of identity management solutions • Proven software and services Things to watch out for… • Novell ! 19 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Things they did right… • Web-based access and management • Functionality Connectivity Technical Architecture Cost and Viability Vision and Service A nice wrapper around acquired pieces – MetaMerge Admin Console/Graphical Development Environment Things to watch out for… • Questionable architectural synergies of IBM’s acquisitions • Significant effort required to change policy configuration (role definitions) • Limited connectivity – Heavy reliance on standards and protocols for integration • Limited password synchronization – Password interceptor (Win 2000) • Prohibitive long-term costs for product and services • Require customers to trust their ability to deliver – 20 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary Result of their strategy to outspend and out position competitors November 6, 2015 Things they did right… • • Good management interfaces Relatively low cost ($25,000 for Enterprise Edition, $19,000 for MS SQL) Things to watch out for… Functionality • Not cross-platform. Works only on Windows 2003 Server only Connectivity • Requires MS Visual Studio for policy creation Technical Architecture • Not integrated with Active Directory Cost and Viability – Uses an intermediate data store (MS SQL) Vision and Service – Not real-time • • 21 Limited connectors (generic/standards based). Do not plan to provide any sort of connectivity with an ERP. – Vision demonstrates Meta-directory focus only – Missing key host integration components Concentrates solely on the meta aspects of Identity Management © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Things they did right… • Strong use of LDAP, directory integration • Acquired niche “Cinderella” provisioning company Things to watch out for… • Hasn’t seen development until recent years Functionality – Connectivity • Limited connectors, connector development is very difficult Technical Architecture • Overlap between products – Cost and Viability Vision and Service 22 Compilation of several offerings • Sun’s meta-directory and Waveset’s Directory Master products Un-flexibile architecture – WaveSet’s rigid architecture is tactically oriented – Not able to scale as customer’s needs evolve • Historical weakness integration acquisitions • Weak supporting service programs © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary – WaveSet had established strong CSI relationships, Sun’s acquisition of WaveSet will have adverse impace – Consulting, technical support, developer support November 6, 2015 Niche Vendors (BMC, CA, Critical Path, MaXware, Thor, Courion, etc.) Things they did right… Functionality Connectivity Technical Architecture • Point solution for managing employees • Good management and configuration tools • Web-based management • Niche specific proficiencies (ie password management, reporting and auditing) Things to watch out for… • Not a comprehensive offering Cost and Viability – Architectural concerns (no underlying directory) Vision and Service – Mis-matched components • Scalability limitations • Uni-directional, not real time • No central point of administration – • 23 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary Hindrance to deployment and management Wearing acquisition targets November 6, 2015 Cumulative Return On Investment Identity & Access Management Identity-Enabled Applications Provisioning Directory Infrastructure Access Control •Process automation •Portals/content management •Collaboration •SSO/reduced SSO •CRM •Directory Services •Workflow •RBAC •De-provisioning •Help Desk •Password Sync •Policy-based access control •Auditing and reporting •Supply chain integration •Delegated admin •Secure wireless Web Services 24 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Award-winning solutions Novell Nsure solution: “…we gave Novell our Editor's Choice.” ― From Network Computing’s Secure Enterprise 2003 Identity Management Suites Review Novell Nsure: “Finalist for Best Security Product.” -LinuxWorld January 2004 Novell Nsure SecureLogin: “Recommended” - From SC Magazine February 2004 Single Sign-On Group Tests 26 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Other Sessions of Interest Other Sessions of Interest Introductions, Case Studies, Dev Hands-on INTRODUCTIONS, OVERVIEWS, AND FUTURES IO160: Provisioning Comes of Age IO144: Nsure Audit: What's New and Beyond IO163: Understanding the Big Picture of Secure Identity Management IO164: Identity Integration: The Foundation for Becoming an Agile Enterprise IO165: Novell Account Management Overview and Futures IO166: Nsure Identity Manager 2 (formerly DirXML) Competitive Comparisons IO264: Overview of the Nsure Identity Manager 2 (formerly DirXML) Deployment Studio BUSINESS CASE STUDIES BUS163: Making the Business Case for Secure Identity Management BUS165: Case Study: Asset Management within the Context of Identity Management BUS166: Layered Secure Identity Management: Balancing Business and Technical Needs BUS250: Combining Corporate Trees with Nsure Identity Manager 2 BUS251: Creating an Identity-Based Portal at the State of Nebraska with Novell BUS261: Implementing Secure Identity Management in Government Organizations BUS269: Case Study: DirXML Implementation at Waste Management BUS361: Building the Employee Portal at Lufthansa with SAP Enterprise Portal 6 DEVELOPER HANDS-ON DHO260: Implementing DirXML Style sheets DHO262: Provisioning for Developers with Novell Identity Manager DHO361: Nsure Identity Manager 2 Hands-On Developer Lab 28 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Other Sessions of Interest Developer Lectures, Technical Tutorials DEVELOPER LECTURES DL263: Nsure Identity Manager 2 (formerly DirXML) Developer Overview DL361: Nsure Audit: Instrumenting Custom Applications DL362: Nsure Audit Essentials TECHNICAL TUTORIALS TUT105: Hands-On: Implementing Nsure Identity Manager 2 (formerly DirXML) TUT163: Configuring Nsure Identity Manager 2 (formerly DirXML) for Enterprise Applications TUT165: Configuring Nsure Identity Manager 2 (formerly DirXML) for Schools Interoperability Framework TUT166: Configuring Nsure Identity Manager 2 (formerly DirXML) for GroupWise®3 TUT259: Password Synchronization Across Novell eDirectory, Microsoft Active Directory* and Windows NT* 4 TUT264: Password Management with Novell Identity Manager 2 (formerly DirXML) TUT265: Troubleshooting Nsure Identity Manager 2 (formerly DirXML) TUT266: Implementing Nsure Identity Manager 2 (formerly DirXML) Policies TUT267: Configuring Novell Nsure Identity Manager 2 (formerly DirXML) for JDBC TUT268: Advanced Configuration for Active Directory Using Nsure Identity Manager 2 (formerly DirXML) TUT285: Architecting Identity Management Solutions TUT286: Comprehensive Password Management: From Policy Definition to Deployment TUT287: Configuring Novell Nsure Identity Manager 2 for IBM Lotus Notes TUT366: Designing Secure Identity Management Solutions TUT367: Secure Identity Management: Assessing Your Requirements TUT381: Installing and Configuring the Novell DirXML Mainframe and IBM AS/400* Drivers TUT383: Upgrading to Nsure Identity Manager 2 (formerly DirXML) TUT384: Understanding the Architecture of Nsure Identity Manager 2 (formerly DirXML) 29 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Questions & Answers 31 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015 Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. 32 © 2003 Novell Inc, All Rights Reserved. Confidential & Proprietary November 6, 2015