Mark McManus – mmcmanus@novell.com Novell in Academia Mark McManus – mmcmanus@novell.com

Academic Landscape Collaboration Students Disruptions Commoditization Resources across institutions New Business Models Students Anywhere, Anytime Access Greater demand Why attend your institution? Disruptions Unforeseen Disturbance New Technologies Student Behavior Shifts Reduce Complexity Easier to register Strengthen Offering Change Direction Regulations Government Industry Security Globalization Students overseas Expanding Markets Border-mania © November 14, 2018 Novell Inc.

UCISA Top Concerns - The top nine 1 Data network access from devices owned and / or controlled by end-users. Network access for mobile users. 2 Security management of network attached systems User authentication and resource control 4 Ensuring that IT is being fully considered in the development and planning of our institutions. 5 Strategic approach to developing, maintaining and upgrading the IT infrastructure needed to deliver strategic IT-based academic and business services. Enterprise portals, web-based services 7 Ongoing costs of VLE / MLE systems 8 Business continuity planning Risks to services and computing service personnel from inadequate funding © November 14, 2018 Novell Inc.

one Net A world without information boundaries where information systems of all types work well together, connecting the right people to the right information at the right time to make the right decisions. © November 14, 2018 Novell Inc.

Solution Groups Novell exteNd Novell Nsure Novell Nterprise Opening the door to Web Services Novell exteNd Securely getting the right information to the right people Novell Nsure The best foundation for your mixed environment Novell Nterprise The experience to solve your business problems Novell Ngage : : : : © November 14, 2018 Novell Inc.

Novell® exteNd™ exteNd > Interaction > Web solutions : > Interaction > Web solutions > Integration exteNd Opening the door to Web services : : : : © November 14, 2018 Novell Inc.

Novell® Nsure™ Nsure > Identity access > Security solutions : : > Identity access > Security solutions > Integration Nsure Securely getting the right Information to the right people : : : © November 14, 2018 Novell Inc.

Novell® Nterprise™ Nterprise > Interface : : : : > Interface > Cross-platform solutions > Integration Nterprise The best foundation for your mixed environment : © November 14, 2018 Novell Inc.

Novell® Ngage™ Ngage > ROI > Global services : : : > ROI > Global services > Consulting & Support Ngage The experience to solve your business problems : : © November 14, 2018 Novell Inc.

Identity Manager 2 Extend Director/Composer File and Print eMail VLE Students Staff Institution to Institution File and Print eMail VLE Packaged Applications LOCAL ACCESS Students View of all resources Library/Resource services INTERNET ACCESS Finance HR Payroll Student Records Staff Explain: Existing resources and applications. Each has its own security mechanism First point is to provide a single point of authentication for internal and external access. No access to any resource until user is known Next, add identity management capability. Now you can not only identify the user, you can manage and understand their identity, e.g. role (student/staff/prospective student). Store details of relevant resources and provide access to them. Also, store preferences, etc. CNN, BT, French Tax Office, MOD all use this technology. CNN website can be customised. They can also do direct marketing based on profile. All using directory Web Services IDENTITY MANAGEMENT Partners iChain Extend Director/Composer Identity Manager 2 Single point of secure access Common and personalised view of all resources Seamless access to authorised services regardless of location © November 14, 2018 Novell Inc.

iChain Single point of secure access INTERNET ACCESS Explain: IDENTITY MANAGEMENT iChain INTERNET ACCESS Explain: Existing resources and applications. Each has its own security mechanism First point is to provide a single point of authentication for internal and external access. No access to any resource until user is known Next, add identity management capability. Now you can not only identify the user, you can manage and understand their identity, e.g. role (student/staff/prospective student). Store details of relevant resources and provide access to them. Also, store preferences, etc. CNN, BT, French Tax Office, MOD all use this technology. CNN website can be customised. They can also do direct marketing based on profile. All using directory © November 14, 2018 Novell Inc.

Web Servers and Applications What are the Customer Problems? Issues when creating a Secure Web infrastructure: Direct Access to Web Servers (increase possibility of hacking) Multiple User Identities (no single sign on) Need to install SSL services on each web server Need to change links in HTML content from HTTP to HTTPS Many different Web Server Technologies Firewall Web Servers and Applications Intranet SECURITY Linux/ Apache Employee Internet SECURITY Solaris/ Netscape Customer If we take a quick look at the typical issues that many organization face when deploying web applications, you will see that there are often different types of web applications and platforms those application run on. Based on the fact that different skill sets are required to manage these platforms you often find that they have different user repositories as well as different ways of formatting a users identity. So a user may have many different identities to access services offered by the same company. Direct access to web servers is also seen as a security risk. Good hackers very rarely go for the web server, they attack the platform. Firewalls can help, but anything that can be done to remove this direct access, will only increase the security of the services. SSL is another issue that will be faced, if I want to secure the data as it is transmitted over the Internet, I need to install SSL on each web server. Not only can this be costly in terms of purchasing SSL certificates, but it can also increases the management of the system. Also many people tend to forget that installing SSL onto a web server also requires the links in the web content to be changed from HTTP to HTTPS, additional tasks that not only increase deployment times, but can increase costs if web content management is an outsourced service. SECURITY NT IIS Extranet Partner © November 14, 2018 Novell Inc.

Web Servers and Applications Competitors Solution Agent Based Solutions Provide Single Sign-On Provides Access Control Personalization Previous Issues Still Exist Direct Access to Web Servers (increase possibility of hacking) Need to install SSL services on each web server Often, need to change links in HTML content from HTTP to HTTPS Often need to modify applications authentication process Many different Web Server Technologies Firewall Web Servers and Applications Intranet SECURITY Linux/ Apache Employee Internet SECURITY Solaris/ Netscape Customer If we look at the majority of iChain’s competitors services, they would have you install an agent on each of the web servers that you want to protect. This provides authentication, single sign-on, authorization and some personalization, but the majority of the issues we just discusses are still there. Not only that but the web agent model requires certain version of platform and web servers, which can limit the supported deployments, especially in the enterprise-based projects we discusses at the beginning of the presentation. SECURITY NT IIS Extranet Partner © November 14, 2018 Novell Inc.

The Novell Solution eDirectory™ Benefits of iChain: Single Authentication Point Provides Web Single Sign On (headers and Form Fill) – (can also simulate Netegrity SiteMinder) Sends Personalized content to applications Rewrites HTML data (completely hide internal DNS infrastructure) Dynamically encrypts content as it passes through proxy Single SSL Certificate can be used for all internal web sites (proxy based) No change to HTML content No change to applications authentication process Remove Direct Access to Web Servers Provides additional security to Citrix Servers One Net Firewall Web Servers and Applications iChain® Linux/ Apache SECURITY INFRASTRUCTURE Employee Citrix Citrix Customer Solaris/ Netscape Novell performed a great deal of investigation into what organizations were trying to do in terms of secure web content, and we took a different approach, which removes the requirement to install any security directly on the web server (comment: this does not mean that iChain does not work with web servers that do have security installed), instead we provide a security infrastructure that becomes the enforcement point for authentication and authorization. Novell’s solution not only provides authentication, single sign-on, authorization and personalization, but we also offer an answer to all of the other issues we raised in the previous slides. iChain removes the direct access to the web servers, only allowing valid HTTP traffic through it services. iChain provides single sign-on the backend web applications, even when the userID and password combinations are different. iChain dynamically encrypts data as it passes through the security infrastructure, requiring not SSL to be installed on the web servers, as well as not changes to HTML content (HTTP to HTTPS). In fact Novell currently secures over 100 web servers, using a single public IP address and a single SSL certificate, providing a massive reduction in deployment costs. One of the great features of iChain is that organizations can completely hide their internal DNS names. iChain automatically rewrites HTML content to display the external DNS names, rather than the internal ones NT IIS Partner eDirectory™ © November 14, 2018 Novell Inc.

Novell iChain - How does it work? Web servers Proxy Server Securit y ACL User=xx Password=xx Browser EmployeeID=43444 1. Authentication- Who are you? If we take a look at how iChain works the two main components are the iChain Proxy server and iChain Authorization server. The proxy server is really the heart of the security system and it communicates with the Authorization server using either LDAP or Secure LDAP. The Authorization server is essentially eDirectory 8.6 and above (recommendation) and is used to store identity and access control information. First Click – There are a number of different ways of defining a resource which determine if Authentication is required. Second Click – Out of the box iChain supports UserID and Password, X.509 certificates and Tokens. We will get into more specifics in the next few slides Third Click – Once you have verified the users identity, iChain determines if the user is allowed to access the specific resource, we will discuss the specific of the access control process in a later slide, but the basic operation is that the proxy server reads and caches ACL information from the iChain Authorization server. Fourth Click – The next feature is single sign-on.. There are two main methods of authenticating to a web applications. The first is header or basic authentication, and the second, which is used by application servers such as Extend, Oracle and BEA use authentication forms. iChain can single sign-on to both these types of methods. It is very rare that changes are required at the application for iChain’s SSO process to work. Fifth Click – The next feature is OLAC (object level access control), which provides the ability to forward any LDAP accessible user attribute to a backend web application header or query string values. This same technology allows iChain to single sign-on to backend applications when the credentials are different. Sixth Click – The final feature is data confidentiality, which is delivered by the Secure Exchange process. This dynamically encrypts the data as it passes through the iChain proxy. SSL between the proxy and web server is also supported. It is also worth mentioning that the iChain proxy server is based on the worlds fastest caching engine. So often content is delivered far quicker out of the proxy servers cache, than direct from the web server. 2. Access Control- What do you have access to? 3. Single Sign On iChain Authorization Server 4. OLAC (Personalization) 5. Data Confidentiality © November 14, 2018 Novell Inc.

SAML SAML – Security Assertions Markup Language XML-based security specification for exchanging authentication and authorization information Developed by the OASIS standards organisation Uses include Single Sign-On for B2B services Designed to addresses the complexities of establishing Business- to-Business communication between differing systems. To address these complexities the Industry has provided two new standards. The first one, SAML, which stands for Security Assertions Markup Language, is an XML-based security specification for exchanging authentication and authorization information. It was developed and is managed by the OASIS standards body, and it’s primary use (initially) will be for B2B services. SAML as over 100 members including Novell, Sun, IBM, Netegrity and Microsoft. The second standard is Liberty Alliance, with was spearheaded by business leaders from mostly none technical organizations. The Liberty Alliance specification is actually a structured version of SAML, in that the specification does not permit any passing of identity information, rather pseudonyms are created that link the users various Internet identities. We are focusing in the presentation on iChain and the SAML Extension for iChain, but I just wanted to make sure that you were aware that Novell has released Liberty enabled technology in the form of the Liberty Identity for eDirectory. Over 100 Members, including: Novell IBM® Microsoft® Sun® Netegrity® RSA Security® © November 14, 2018 Novell Inc.

View of all resources File and Print eMail VLE Packaged Applications Library/Resource services Finance HR Payroll Student Records Explain: Existing resources and applications. Each has its own security mechanism First point is to provide a single point of authentication for internal and external access. No access to any resource until user is known Next, add identity management capability. Now you can not only identify the user, you can manage and understand their identity, e.g. role (student/staff/prospective student). Store details of relevant resources and provide access to them. Also, store preferences, etc. CNN, BT, French Tax Office, MOD all use this technology. CNN website can be customised. They can also do direct marketing based on profile. All using directory Web Services IDENTITY MANAGEMENT © November 14, 2018 Novell Inc.

Reducing Business Complexity With Service-Oriented Architectures Users consume Web Service Information Assembled into streamlined processes Systems abstracted as Web Services © November 14, 2018 Novell Inc.

Novell exteNd Integrated Services-Oriented Application Development Comprehensive SOA suite Combines integration, portal and identity Services to securely deliver business information to the users that need it Reduced time to market with end-to-end visual tools Plethora of visual tools and wizards that speed service oriented application assembly and deployment Standard and Open Supports the latest industry standards Only SOA offering that supports deployments to leading J2EE Applications Servers Security The only SOA suite supported by industry leading Identity Management solution Interaction Orchestration Integration © November 14, 2018 Novell Inc.

Novell exteNd Integrated Services-Oriented Application Development Interaction and Portal Process Orchestration Business Integration © November 14, 2018 Novell Inc.

Novell exteNd Integrated Services-Oriented Application Development Interaction and Portal Process Orchestration Business Integration © November 14, 2018 Novell Inc.

Novell exteNd Business Integration Abstracting existing systems into Web Services Broad range of non-invasive connectivity Hides underlying technology Uses standard protocols Leverages existing skills and technologies Drag-and-drop data transformation Easy to use Wizard driven connection and deployment “Action-model” paradigm Web services XML Request Response Hides underlying technology whilst using standard protocols Designed for the mainstream corporate developer © November 14, 2018 Novell Inc.

Novell exteNd Business Integration Abstracting existing systems into Web Services Broad range of non-invasive connectivity 3270 5250 Microsoft .NET MS SQL Server CORBA Web/HTML Flat File SAP R/3 ANSI X.12/EDIFACT PeopleSoft XML Data General CICS Informix Java Email Siebel ODBC/JDBC Oracle MQ Series DB2 JMS Sybase HP/3000 Tandem 3270 SDK 5250 JAVA Telnet XML Data General EDI HP/ 3000 Non invasive No other 3rd party software required Use standard communication protocols TN3270, JDBC, ECI, HTTP etc Wizard driven connection creation Automatic character mapping conversions High performance connection pooling Utilizes application server features Provides sensible extensions Terminal connection pooling etc Openly accessible JDBC Tandem SAP HTML JMS, MQ Series CICS RPC © November 14, 2018 Novell Inc.

Novell exteNd Business Integration Abstracting existing systems into Web Services 1. Leverage existing skills and technologies 2. Drag-and-drop data mapping and Transformation Specialized wizards and Controls 3. Record events using “Action Model” paradigm 4. Test with “End-to-end” animation 5. Deploy completed services © November 14, 2018 Novell Inc.

Novell exteNd Integrated Services-Oriented Application Development Interaction and Portal Process Orchestration Business Integration © November 14, 2018 Novell Inc.

Process Orchestration Assemble services into streamlined processes Automates and simplifies complex transactions Manages long-running business processes Web Services Web Services XML XML Web Services Web Services XML XML Web Services Web Services XML XML © November 14, 2018 Novell Inc.

Process Orchestration Portlet Development Workflow Business Process Management Composite Service Oriented Applications Smart Links Exception Handling Checkpoint Activity Wizards generate forms that render legacy systems data Model user interaction sequences i.e. document workflow Route documents through complex workflows based on groups and users Call form sequences from within workflows Model long-running complex business processes Process Versioning Monitor, manage and report on business processes at every step of execution Development Model form flow sequences by dragging and dropping, not create cryptic configuration files GUI, drag and drop forms design Use wizards to generate forms that render legacy systems data Use JSP’s, XForms or both in the same form sequence Run form sequences in the built in portlet container Worflow Model long running user interaction sequences by drag and drop Call form sequences from within workflows Route documents through complex workflow Seamlessly integrate legacy systems into user workflow sequences Route workflow based on groups and users defined in your corporate security realm BPM Model long running, complex business processes by dragging and dropping Seamlessly pull legacy systems and partners into your business processes Test complex business processes in development, before production Monitor, Manage and report on business processes at every step of execution © November 14, 2018 Novell Inc.

Novell exteNd Integrated Services-Oriented Application Development Interaction and Portal Process Orchestration Business Integration © November 14, 2018 Novell Inc.

Novell exteNd Interaction and Portal Consuming Interactive Web Services XML Response Student request Web services XML Request © November 14, 2018 Novell Inc.

Novell exteNd Interaction and Portal Consuming Interactive Web Services Powerful personalized portal Search Content Management User interaction logic & personalization Integrated component applications eDirectory ID Container Group User Attribute Administrator End-User Developer Support any user device © November 14, 2018 Novell Inc.

Pre-packaged Portal - Express Portal Pre-configured and installed 24 ready to use portlets Browser based portal administration Multiple configuration options Container pages control site wide portal look and feel Shared pages control users and group look and feel User pages control personal preference Drag-and-drop layout © November 14, 2018 Novell Inc.

Novell exteNd Summary Integrated Services-Oriented Application Development Comprehensive SOA suite Combines integration, portal and identity Services to securely deliver business information to the users that need it Reduced time to market with visual end-to-end tools Plethora of visual tools and wizards that speed service oriented application assembly and deployment Standard and Open Supports the latest industry standards Only SOA offering that supports deployments to leading J2EE Applications Servers Security The only SOA suite supported by industry leading Identity Management solution Interaction Orchestration Integration © November 14, 2018 Novell Inc.

Identity Manager 2 File and Print eMail VLE Packaged Applications Library/Resource services Finance HR Payroll Student Records Explain: Existing resources and applications. Each has its own security mechanism First point is to provide a single point of authentication for internal and external access. No access to any resource until user is known Next, add identity management capability. Now you can not only identify the user, you can manage and understand their identity, e.g. role (student/staff/prospective student). Store details of relevant resources and provide access to them. Also, store preferences, etc. CNN, BT, French Tax Office, MOD all use this technology. CNN website can be customised. They can also do direct marketing based on profile. All using directory Web Services IDENTITY MANAGEMENT © November 14, 2018 Novell Inc.

Isolated Identities HR Student records Database Operating System Mail The need for identity management is driven by the fact that as companies have evolved, silos have developed within the organization. Identities exist in all of these systems, creating a management and security nightmare. Identity data is not accurate and up-to-date. Manual user administration processes are inefficient and cause security risks as well since security policies are not consistently enforced. Mail Directory PBX © November 14, 2018 Novell Inc.

Foundation: Integrated Identities HR Student records Nsure Identity Manager Database Operating System With identity synchronization as the key foundation of Identity Manager, we are able to integrate identities from all over the organization. Be sure to associate identity synchronization with the term Metadirectory. Many people may be more familiar with the term “metadirectory” as opposed to identity synchronization.  This foundation lets us streamline the user information. Novell Nsure Identity Manager 2 delivers swift, secure management.  It automates changes to user access rights, passwords and profiles, streamlining administration and reducing costs.  Nsure Identity Manager 2 helps you securely manage the access needs of your changing user community. Mail Directory PBX © November 14, 2018 Novell Inc.

Addressing Identity Management Capabilities: Metadirectory – Identity Synchronization (Foundation) User Lifecycle Management Provisioning/Deprovisioning Password Management User self-service – passwords and profile information Role-based administration Corporate white pages (address book) Auditing and Reporting <Describe specific problems that this solution solves for the customer, such as: productivity or efficiency cost of ownership (installation, operation, maintenance, admin) communications costs equipment or training costs management or growth costs.> © November 14, 2018 Novell Inc.

Password Management A suite of password-related security functions: System-wide password policy Establish password policy that will be used for and enforced on connected systems Password self-service Empower users to help themselves with forgotten passwords, password resets, changing passwords Password distribution Specify connected systems that will receive the organization’s common password, as defined in password policy Bi-directional password synchronization Manage the native password management activities in connected systems, ensuring consistency © November 14, 2018 Novell Inc.

Password Management Password Distribution User sets a new common password using the self-service password interface New password is checked against password policy New password is set on user object within the Nsure Identity Manager 2 identity vault Password is distributed to associated user objects on connected systems Connected Systems eDirectory Legacy NDS Active Directory/Exchange 2000 Windows NT Domains Network Information Service (NIS) Linux Solaris other UNIX GroupWise Lotus Notes SunOne SAP User Management Relational databases Oracle DB2 Sybase © November 14, 2018 Novell Inc.

Password Scenario: Using Self-service portal to change password 1- Self-service gadget is used to enter a new password. Connected Systems eDirectory Legacy NDS Active Directory/Exchange 2000 Windows NT Domains SAP User Management Network Information Service (NIS) Linux Solaris other UNIX (HP-UX, AIX) GroupWise Lotus Notes SunOne Relational databases Oracle DB2 Sybase 2- Password is checked for conformance to policies Identity Manager 2 Web Server 3- Password is set on user object in the Identity Vault Identity Manager 2 Server with associated Identity Vault 4- Password is distributed to associated user objects on connected systems that support subscription to the password attribute © November 14, 2018 Novell Inc.

Password Scenario: Bi-directional password sync User sets password on a participating system Participating Systems Active Directory NT Domains NIS (Unix) eDirectory Password is captured, and sent securely to the Identity Manager 2 Server. No Failure notice sent via email Conforms to the policy? Conforms to the policy? Conforms to the policy? Conforms to the policy? Reset password on participating system to last “good” password Yes Password is set on the user object in the Identity Vault. Password is distributed to associated user objects on connected systems that support subscription to the password attribute © November 14, 2018 Novell Inc.

Linux: a critical element of one Net Novell exteNd Novell Nsure Novell Nterprise Novell Ngage : LINUX © November 14, 2018 Novell Inc.

Committed to open source May 2004 Novell announces that all customers with existing NetWare maintenance/ upgrade/support protection agreements are able to use SUSE Linux Enterprise server at no extra cost. Announcements: April 03 May 03 Aug 03 Sept 03 Jan 04 UK Academic Site License agreement Under the above license this means that any Academic institution can deploy SUSE Linux Enterprise Server, site wide with updates and maintenance AND support so long as they have an existing NetWare agreement All services will run on NetWare and Linux Novell Certified Linux Engineer (CLE) program Ximian Acquisition— Linux desktop management solutions and open source projects Novell Nterprise Linux Services —Networking services for Linux environment eg. File, print, collaboration, messaging and directory services SUSE Acquisition— industry leading Linux. Novell announces Indemnification program © November 14, 2018 Novell Inc.

Continuing the open source direction Novell Forge Contributions Review Board Support Identify products or API’s to open source Provide code and support it for and with the community (Structural Bazaar) Provide contributions to the OSS community A technology collaboration site that allows incremental involvement in the OSS development community. http://forge.novell.com Open Source Review Board – Internal OSS education/advocacy and legal control. Provide guidance, tools, and training to facilitate the support of Linux across Novell solution suites. © November 14, 2018 Novell Inc.

Desktop to the Server Office Productivity Desktop Collaboration Management Development Server Ximian Desktop SUSE LINUX Desktop OpenOffice.org iFolder iPrint Ximian Evolution GroupWise ZENworks Ximian Red Carpet eDirectory iManager exteNd Director exteNd Composer Mono SUSE LINUX NetWare Novell Nterprise Linux Services Consulting Services for Linux offerings Security Services for the Linux environment © November 14, 2018 Novell Inc.

Why choose Novell for a Linux-based solution? Requires world-class ecosystem Must be reliable, secure and manageable Existing major platform suppliers must interoperate seamlessly with Linux Staff must be educated on Linux © November 14, 2018 Novell Inc.

Novell Premium Services Customers look to Novell for… Stable and reliable – 24x7x365 access to Linux experts Safe and secure – remote monitoring services, managed services, proactive health checks, preventative maintenance service and business continuity services Optimized and efficient – proactive planning services establish a support plan, dedicated and onsite resources, and ongoing relationship management Proven technical expertise Consistent methodologies World wide delivery Strategic partnerships High customer satisfaction © November 14, 2018 Novell Inc.

Novell delivering Extensive global programs Commitment to open source Novell, Ximian and SUSE relationships with IBM, Dell, HP and others Promoting adoption of Linux around the world Commitment to open source GNOME MONO Nforge Ifolder Strong financial position Only $1 billion software company with a Linux distribution and the worldwide ecosystem to support it. © November 14, 2018 Novell Inc.