EControl 2.x for Mixed Networks Web-based, ZERO-Rights User Account Management, Identity Administration and User Provisioning and EMU for eDirectory and.

Slides:



Advertisements
Similar presentations
Omni eControl: Unified management console for multiple applications
Advertisements

© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.
automated single login access to Novell storage resources
ADManager Plus Simplify Your Active Directory Management.
Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Using the Self Service BMC Helpdesk
GEtServices Services Training For Suppliers Requests/Proposals.
Donnie Hamlett Technology Specialist Microsoft Corporation Microsoft Services for NetWare 5.0 Overview Overview Directory Synchronization Services Directory.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Omni Introduction Page All About Omni and our Products.
EControl for Mixed Networks Aldo Zanoni B.Ed., B.A. CEO, Managing Director Omni Technology Solutions Tel: Web-based, “ZERO.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
GroupLink’s everything HelpDesk The Novell Integrated Service Desk Que Mangus Marketing Manager
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
Implementing eControl for Help Desk User Management and Self Service Aldo Zanoni Master CNI, B.A., B.Ed. Director of Customer Service, Omni Technology.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Chapter 7 WORKING WITH GROUPS.
Microsoft Identity and Access Solutions Market Trends and Futures
Module 2: Managing User and Computer Accounts
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Part Two Aldo Zanoni CEO, Managing Director Omni Technology Solutions
Classroom User Training June 29, 2005 Presented by:
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Chapter 9: Novell NetWare
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
MIGRATING FROM MICROSOFT EXCHANGE SERVER AND OTHER MAIL SYSTEMS Appendix B.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Designing Active Directory for Security
Module 9 Configuring Messaging Policy and Compliance.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 7 Active Directory and Account Management.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
Module 9 Configuring Messaging Policy and Compliance.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
IPortal Bringing your company and your business partners together through customized WEB-based portal software. SanSueB Software Presents iPortal.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.
Module 7 Planning and Deploying Messaging Compliance.
Windows Role-Based Access Control Longhorn Update
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
By Rashid Khan Lesson 6-Building a Directory Service.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Managing Office 365 Identities and Requirements.
EControl: ZERO Rights, Browser-based Identity Management for Help Desk Personnel - GroupWise, eDirectory, Active Directory, Exchange and Mixed Networks.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Presentation transcript:

eControl 2.x for Mixed Networks Web-based, ZERO-Rights User Account Management, Identity Administration and User Provisioning and EMU for eDirectory and GroupWise Bulk User Management Aldo Zanoni B.Ed, B.A., MCNI, MCNE, MCP CEO, Managing Director Omni Technology Solutions Inc.

Agenda Welcome and Introduction What is eControl? What Pain Does it Relieve? Why Companies Need / Buy eControl 2 Is eControl Right for You? 10 Key Questions 3 eControl Modules Future of eControl EMU – Bulk User Management Questions and Answers 8 7 Appendix: Screenshots 9

What is eControl? eControl is a web-based, ZERO-Rights enterprise user account management and provisioning tool for users of Novell eDirectory, GroupWise and NetMail; and Microsoft Active Directory and Exchange systems. eControl delivers an immediate return on investment by enabling an enterprise to efficiently, securely and inexpensively implement user account management and provisioning services across multiple and mixed network operating systems and systems.

eControl

eControl relieves the pain caused by using multiple applications to manage mixed and multiple Novell eDirectory, Microsoft Active Directory, Novell NetMail, Novell GroupWise and Microsoft Exchange systems.

Who are the Identity Management Players? The many large and small players include: – IBM (Tivoli Identity Manager and Access Manager) – CA (Entrust) – Novell (Identity Manager 3) – Microsoft (Identity Integration Server) – Oracle (Identity Management) – HP, RSA, SUN … – Avatier – BMC Software – M-Tech

Where does eControl Fit? eControl can be deployed as part of a comprehensive identity management strategy that includes different components of: – Directory synchronization – Federated identity management – Meta directory – User Self-service – Single sign-on – Biometric and other user authentication

Is eControl Right for You? 1. Is your Help Desk or IT department often the bottleneck in your user account management and provisioning process? 2. Do your Help Desk operators have more rights than they should on your network because they need to carry out certain account management tasks? 3. Does your account management and provisioning process comply with internal or SOX regulatory security, privacy and audit report requirements? 4. Are you running GroupWise on Windows or Exchange with eDirectory and/or multiple eDirectory and Active Directory environments? 5. Does your Help Desk need to run multiple user account management tools?

Is eControl Right for You? 6. Have department mergers or corporate acquisitions made your user account creation and management tasks cumbersome and complex? 7. Are costs increasing and productivity decreasing due to the time required to train new Help Desk Operators how to use a combination of ConsoleOne, NWAdmin, iManager, Microsoft Management Console or custom Task Pads? 8. Terrified about the consequences of a Help Desk Operator or junior administrator hitting the delete key on the wrong object or accessing information outside their realm of account management responsibility? 9. Need to deploy user password self-service or user self- service for GroupWise or in a multiple or mixed eDirectory, GroupWise, Active Directory or Exchange environment? 10. Are you being asked to manage and integrate more complex systems with fewer resources?

Why Companies Buy eControl eControl is a non-invasive solution that delivers very specific and easily deployed user account management and access control pain relief. Companies are finding that achieving the Holy Grail of fully automated identity management and account provisioning services is much more complex and time consuming than expected. This difficulty is caused by the systemic complexity created by the multitude of access roles and rules that need to be defined in multiple operating systems in order to automatically manage access rights as employees change positions or move in and out of the company.

Why Companies Buy eControl With eControl, we started with what we knew best – Novell eDirectory and GroupWise – and allowed our customers needs to shape the evolution of eControls features, modules and additional operating system support. eControl brings a large piece of the identity and user access management puzzle to the table. In many cases, it is the only piece that a company requires.

Why Companies Buy eControl eControl delivers web-based, ZERO-Rights user account access administration and provisioning. It allows the IT manager and the security administrator to determine who can carry out what user account management tasks against which accounts. eControl allows the CIO and IT department to focus on contributing to the companys high-value business processes rather than having to be concerned with the administration of user access rights across multiple systems and related security issues.

Why Companies Buy eControl eControl appeals to different business units and levels of decision making and budget authority because of intersecting and complementary objectives: – CIOs look to improve the efficiency of IT staff allocation and allow highly-trained, scarce resources to focus on delivering business value through IT integration initiatives. – Business unit managers look to increase user productivity and time effective user management change. – CFOs look to implement cost containment strategies. – CSOs are required to satisfy legislative or internal user account management and data access security requirements.

Why Companies Need eControl Help desk managers need eControl because it: – Delivers immediacy of response and increased efficiency dealing with user change and account modification requests – Delivers a common, intuitive user interface to manage users across multiple and mixed operating systems – Provides granular control over who can carry out what user account administration tasks – Requires approximately 15 minutes to train new help desk operators or junior administrators – Takes THREE hours to completely install, configure and integrate

Why Companies Need eControl Business unit managers need eControl because it: – Allows user account administration to be decentralized to department managers when appropriate thereby delivering department-based administration and more timely account change management – Delivers granular control to those people within the department who should be able to control application processes – Provides increased productivity by delivering timely access to user account change requests

Why Companies Need eControl CSOs or security administrators need eControl because: – They are responsible to ensure internal and external information and security compliance requirements are satisfied – eControl allows the removal of all trustee assignments, system rights, permissions and related user account access rights from the native operating systems – In most environments, there is a certain measure of trust that exists. Completely removing trustee assignments and permissions from user account managers precludes the need for this trust to exist. eControl allows the CSO to have 100% control over the security failure points on the system – It provides a complete audit log of all transactions that occur in eControl for everything from password changes to adding or removing a user from a group

Why Companies Need eControl CFOs or budget administrators need eControl because: – As an enterprise grows, eControl allows the enterprise not to have to increase the number of people who need to be hired to carry out user management tasks (cost avoidance) – eControl delivers significant cost reduction by making it simple for non-technical (less expensive) clerical staff to be assigned user account provisioning and administration tasks – User self-service significantly decreases costs related to the number of password change and demographic change requests that would otherwise need to flow through a help desk environment

Why Companies Need eControl Human resource managers needs eControl because: – It puts account provisioning and deprovisioning back into the hands of HR staff without any associated security risks – Who other than a senior HR staff member should be involved in disabling the accounts of users in a department that is being investigated? – eControl can remove account enabling and disabling responsibility from the IT department and return it to HR

Why Companies Need eControl eControl enhances compliance with HIPAA, Sarbanes- Oxley and other security and privacy legislation through increased security and controls in the following areas: – Authentication and Authorization: All system rights are removed from all accounts and replaced with explicit task assignments based on group membership. – Configuration and Change Management: Only those users who have been authorized to carry out user configuration and changes are able to do so. All changes made by administrators in the eControl administration and configuration application are tracked and can be made available for audit. A record of all administration changes that are made is maintained so the state of eControl at any previous time can be determined. – Segregation of Duties: eControl can be configured to ensure that no single person has rights to carry out access management and be responsible for auditing, initiating or approving incompatible activities in those systems. – Documentation and Reporting: eControl's audit log and tracking strategies provide support for appropriate reporting on each participant's role and acitivites in the user management and account provisioning process. eControl keeps track of who did what, when. (See Sample Log.) Future enhancements to eControl will allow for non- technical resources and auditors to run web-based, ZERO-Rights audit reports to support Sarbanes-Oxley and other reporting requirements.

Sample Account Change Log File Date; Numeric Action Id; Action Description; Status; Source; Login Account; Parameter(s);;; Module 2/2/2006 9:50:19 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin5,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/2006 9:52:42 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin1,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/2006 9:52:50 AM;1011;Group Membership Viewed;True; ; LDAP:// :389/cn=HDOBerlin1,ou=HDO,ou=Berlin,o=ACME; LDAP:// :389/cn=AaJacob,ou=Berlin,o=ACME;;HelpDesk 2/2/2006 9:53:00 AM;1051;Directory Password Changed;True; ; LDAP:// :389/cn=HDOBerlin1,ou=HDO,ou=Berlin,o=ACME; LDAP:// :389/cn=AaJacob,ou=Berlin,o=ACME;;HelpDesk 2/2/2006 9:53:01 AM;1052; Password Changed;True; ; LDAP:// :389/cn=HDOBerlin1,ou=HDO,ou=Berlin,o=ACME; LDAP:// :389/cn=AaJacob,ou=Berlin,o=ACME;;HelpDesk 2/2/2006 9:53:24 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin2,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/2006 9:53:35 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/2006 9:56:24 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/ :19:54 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=Stephane,o=DEV;;;HelpDesk 2/2/ :20:01 AM;1021;GW Distribution List Membership Viewed;True; ; LDAP:// :389/cn=Stephane,o=DEV; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;;HelpDesk 2/2/ :20:11 AM;1022;GW Distribution List Membership Added;True; ; LDAP:// :389/cn=Stephane,o=DEV; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;29D3B710-04E F00DA008A00 2DB3B060-04E F00DA008A B60-04E F00DA008A00 328B9E40-04E F00DA008A00 349A E F00DA008A00;HelpDesk 2/2/ :20:12 AM;1021;GW Distribution List Membership Viewed;True; ; LDAP:// :389/cn=Stephane,o=DEV; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;;HelpDesk 2/2/ :20:31 AM;10;Authentication Attempt;True; ; LDAP:// :389/cn=HDOBerlin3,ou=HDO,ou=Berlin,o=ACME;;;HelpDesk 2/2/2006 1:06:28 PM;10;Authentication Attempt;False; ; LDAP:// :389/cn=Stephane,o=DEV;;;Global 2/2/2006 1:06:35 PM;10;Authentication Attempt;True; ; LDAP:// :389/cn=Stephane,o=DEV;;;HelpDesk

eControl History Windows application for bulk user import and management for eDirectory and GroupWise Requires full rights Requires Novell Client and GroupWise Client No customization options Windows-based user account management for eDirectory and GroupWise Requires full rights Requires Novell Client and GroupWise Client Customizable interface to restrict user account management tasks Web-based user account management for mixed eDirectory, GroupWise, Active Directory and Exchange systems ZERO Rights No Client required Full customization, multiple modules and cross-platform support EMUHDUeControl

Web-based Modules: eControl – HD, USS, AC, CL, SOX Browser eDirectory: LDAP and native APIs GroupWise: Win32 APIs Active Directory and Exchange: LDAP and native APIs NetMail: LDAP Proxy Service 5

ZERO-Rights Modules 1. Help Desk User Management (HD) – Provides Help Desk Operators with the ability to carry out the TOP TEN user administration tasks – in a web browser. NO rights required! 2. User Self-Service / Self-Administration (USS) – Allows you to set which user fields can be updated or modified by a user in the web interface 3. Account Create / Manager (AC) – Allows HDOs to create users based on eControl profiles and Account Create templates 4. Contact Lookup (CL)* – Allows users to retrieve configured information from eDirectory (phone numbers, etc.) 5. Sarbanes-Oxley Reporting (SOX)* – Allows ZERO Rights web-based access to security and audit reports by non- technical staff *Version 3

Help Desk User Management Module Controlled and restricted interface for Help Desk Operators and junior administrators Allows for delegation of standard tier-one Help Desk operations to non-technical personnel without jeopardizing system security Real-time user account management changes Benefit from significant time and cost savings in training non-technical staff how to use eControl. 15 minutes to train a new Help Desk staff member!

HD User Account Management Tasks eDirectory and GroupWise 1. Manage Account Password and Strong Password 2. Manage GroupWise Password and Strong Password 3. Enable / Disable User Accounts 4. Manage Group Memberships 5. Manage Organizational Roles 6. Set Password Restrictions 7. Release Intruder Lockout 8. Create User Identification Information 9. Manage Login Information (Login Script and Profile) 10. Manage Login Restrictions 11. Manage GroupWise Distribution Lists 12. Manage GroupWise Options (Visibility, Expiration Date) 13. Manage NetMail Account Status Active Directory and Exchange 1. Manage Account Password and Strong Password 2. Enable / Disable User Accounts 3. Manage Group Memberships 4. Manage Exchange Mail Groups 5. Release Intruder Lockout 6. Create User Identification Information 7. Manage Account Expiration Date

Account Create Module Tasks Provision accounts based on eControl Account Create wizard linked to eDirectory / Active Directory profiles (e.g., home directory, group memberships, account and all other account information Customizable user-required fields (e.g., first name, last name, middle initial, phone number, department, mobile number, etc.) Creates user name based on specified naming convention and requires name to be unique across all configured systems

User Self-Service Module Tasks Subscribe / Unsubscribe from distribution lists and groups Select challenge-response phrases and provide answers to enable web-based, forgot my password management Update eDirectory fields, including extended schema values, that have been enabled by the Administrator (e.g., mobile number, pager, etc.)

Hardware / Software Requirements Windows 2000 or 2003 with IIS 5 or 6 Security certificate for SSL Microsoft Message Queuing (MSMQ) Novell NetWare Client 4.9* Novell GroupWise 5.x or 6.x Client* MSSQL or Schema Extension to provide forgot my password self-service MSSQL for audit trail archiving Novell NetWare*, OES*, SUSE Linux*, Windows NDS Version 8.5 or any version of eDirectory Any version of Active Directory * Target system specific

Novell eDirectory Novell GroupWise Novell NetMail Microsoft Active Directory Microsoft Exchange Microsoft NT Domains Lotus Notes Open LDAP SQL/MySQL Custom Applications (Ricoh) The Future of eControl FUTURE INTEGRATION CURRENT SUPPORT

eControl Demonstration visit for more information about eControl

Trends that will Drive the Future of eControl eControls support for additional operating systems and features will be driven by our customers and partners needs. The trends we see are: – Consolidation to larger data centers – Move to open source and open standards software model – Increased use of heterogenous systems that provide line of business specific applications that will require IDM and access control integration – Increasing acquisitions and consolidations that bring together systems that need to peacefully co-exist and/or be properly managed during the transition period – Increased need to provide real-time user provisioning, account enabling and account change management – Decentralization of user account management to those people who need to manage their own resources (personnel and application access) – Increased regulatory and internal security compliance requirements

Use EMU to: – Improve your Return on Investment in large Novell® networks – Better manage large Netware, NDS/eDirectory®, NetMail® and/or GroupWise® Networks – Create, manage, import or modify tens, hundreds and thousands of accounts – Manage more accounts with fewer resources, in less time, with less stress – Update tens, hundreds or thousands of telephone numbers (or other standard or extended schema values) with a few clicks of a mouse

EMU Features – Move user home directories to other volumes - keep Trustee Assignments, File Ownership and Disk Restriction information – Check for duplicate user names in specific containers (or the entire tree) before creating user IDs – Enhanced ability to modify users based on the contents of a text file – Bulk modify user properties based on Group Membership – Add and delete Group Membership at the same time – Bulk modify GroupWise visibility – Bulk modify GroupWise and NDS passwords – Create GroupWise users for existing NDS users schema values) with a few clicks of a mouse – Identify/select/modify/delete accounts based on last login time, number of days since last login time, never logged in, not used in X days, etc.

EMU Demonstration Simply the easiest, quickest and most efficient way to distribute bulk user management of eDirectory and GroupWise account information.

Worldwide Distribution Channel

Question and Answers visit for more information about eControl and EMU

Appendix - Screenshots 1. Active Directory Group Membership 2. eDirectory Group Membership 3. eDirectory Restricted Tasks 4. eDirectory All Tasks 5. Change eDirectory Password 6. Manage GroupWise Distribution List 7. Set eDirectory Password Restrictions 8. Set Active Directory Identification 9. Set eDirectory Identification 10. Account Create 1. System Configuration 2. Search Context Configuration 3. Account Create Configuration 4. Add Group to a Task 5. Configure Forgot Password Questions. Help Desk Operator Tasks System Configuration

Active Directory Group Membership

eDirectory Group Membership

eDirectory Restricted Tasks

eDirectory All Tasks

Change eDirectory Password

Manage GroupWise Distribution List

eDirectory Password Restrictions

Active Directory Identification

eDirectory Identification

eDirectory User Self-Administration

Account Create

Administration – System Configuration

Search Context Configuration

Account Create Configuration

Add Group to Task

Forgot Password

Thank you

eControl for Mixed Networks Web-based, ZERO-Rights User Account Management, Identity Administration and User Provisioning Aldo Zanoni B.Ed, B.A., MCNI, MCNE, MCP CEO, Managing Director Omni Technology Solutions Inc Ext. 232