Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit.

Slides:

Advertisements

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

McAfee One Time Password

Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

Active Directory: Final Solution to Enterprise System Integration

Unified Logs and Reporting for Hybrid Centralized Management

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.

Understanding Active Directory

Public Key Infrastructure from the Most Trusted Name in e-Security.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory Lecture 3 – Domain Services Primer.

Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

Module 7 Active Directory and Account Management.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

MEDIU Learning for HE Ahmad Nimer | Project Manager.

Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

OpenField Consolidates Stadium Data, Provides CRM and Analysis Functions for an Intelligent, End-to-End Solution COMPANY PROFILE : OPENFIELD Founded by.

THE NEW WAY TO WORK TOGETHER Share Find the perfect balance between compliance and collaboration Efficiently manage infrastructure while maximizing.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

OVERVIEW OF ACTIVE DIRECTORY

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

User and Device Management

Service Pack 2 System Center Configuration Manager 2007.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

THE NEW WAY TO WORK TOGETHER Share Find the perfect balance between compliance and collaboration Efficiently manage infrastructure while maximizing.

Red Hat Enterprise Linux Presenter name Title, Red Hat Date.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

Windows interoperability with Unix/Linux

Secure Connected Infrastructure

Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.

Azure-Powered beaconsmind Suite Connects with CRM and POS Systems and Offers Dashboards with Data Insights to Boost Sales and Customer Loyalty MICROSOFT.

Overview of Active Directory Domain Services

Radius, LDAP, Radius used in Authenticating Users

SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.

Veeam Backup Repository

Migrating to IdM in a large Linux Environment

Running on the Powerful Microsoft Azure Platform,

NAAS 2.0 Features and Enhancements

Data Security for Microsoft Azure

Unitrends Enterprise Backup Solution Offers Backup and Recovery of Data in the Microsoft Azure Cloud for Better Protection of Virtual and Physical Systems.

CloneManager® Helps Users Harness the Power of Microsoft Azure to Clone and Migrate Systems into the Cloud Cost-Effectively and Securely MICROSOFT AZURE.

Datacastle RED Delivers a Proven, Enterprise-Class Endpoint Data Protection Solution that Is Scalable to Millions of Devices on the Microsoft Azure Platform.

Dell Data Protection | Rapid Recovery: Simple, Quick, Configurable, and Affordable Cloud-Based Backup, Retention, and Archiving Powered by Microsoft Azure.

Public Key Infrastructure from the Most Trusted Name in e-Security

One-Stop Shop Manages All Technical Vendor Data and Documentation and is Globally Deployed Using Microsoft Azure to Support Asset Owners/Operators MICROSOFT.

Appcelerator Arrow: Build APIs in Minutes. Connect to Any Data Source

Media365 Portal by Ctrl365 is Powered by Azure and Enables Easy and Seamless Dissemination of Video for Enhanced B2C and B2B Communication MICROSOFT AZURE.

Presentation transcript:

Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit

2 Why customers care about Identity and Security Management 3. Increase efficiency of IT (And therefore save costs) 4. Enable their business (And bring in new revenue streams) 3. Compliance (Because they have to) FIPS201 HSPD-12 SOX PCI HIPAA GLB 2. Risk reduction (To protect money, data, reputation) 1. Compliance (Because they have to) FIPS201 HSPD-12 SOX PCI HIPAA GLB

Red Hat and Netscape On December 8, 2004, Red Hat acquired assets from AOL's Netscape Security Solutions business unit, including currently shipping products: Netscape Certificate Management System (Red Hat Certificate System) Netscape Directory Server (Red Hat Directory Server) Initial efforts were focused on building a tighter relationship between the Netscape products and Enterprise Linux. Acquisitions of JBoss, Identyx & Qumranet and new technologies such as MRG now provide an extension for the identity management technologies into the Cloud, Application and Web Services space.

Red Hat Directory Server Standards compliant LDAP v2 and v3 Directory Server High performance, availability and scalability through multi-master replication Data redundancy for failover, load balancing Simultaneous update with conflict resolution No single point of failure, Fault tolerance

What does Red Hat Directory Server provide? Centrally store vital security data Identity Username, data, password, organization, groups Machine name, groupings Synch info with Microsoft Active Directory Policy Application Settings User Profiles Access Control Information Directory not a database Read optimized Organized around users, machines, and policy LDAP Manage this data GUI or command line Make security data highly available Replicate Authenticate users Widely supported; OS access through NIS or PAM “gateway” Supports Kerberos via SASL Integrated support for X.509 certificates Can call out to databases, legacy systems via plug-in API Control access at a fine level Using external criteria like type of connection, day of week/time, hostname/IP Using groups (“engineering”) or roles (“managers”)

*Current plan of record. Release dates and content subject to change due to resource constrains and market factors. Red Hat Directory Server Release Red Hat Directory Server 8.2 – July 27 th 2010 Maintenance and bug fix release Security enhancements Salted MD5 password hash Require secure connections for simple binds Require a minimum security factor for server connections Improved Standards Compliance Syntax validation Updated DN syntax Support for Dereferencing Searches Support for Bitwise Filters

*Current plan of record. Release dates and content subject to change due to resource constrains and market factors. Red Hat Directory Services Roadmap Red Hat Directory Server 9.0 – 2 nd Half CY11 Target RHEL 6 Support Add support for OpenLDAP client libraries Extend MMR support from 4 masters to 20 masters Support tree renames (Mod RDN with new superior) Move entry to new container, Move container, Rename container

Security Information Situation Today Many security and security management applications store and manage their own vital security information Identity Policy Audit Difficult to analyze across applications, so organizations can't Form a full picture of their security stance Comply with government regulations Protect themselves sufficiently Efficiently enable their operations Example: Identity silos Example: > problem for Policy, Audit

What is needed? Vital security information (IPA) should be: Open (You own it) Inter-operable Manageable Need a way to make it possible for vital security information Identity Policy Audit to enable the freedom and efficiency of next generation IT infrastructure To enable this: Maximize freedom Maximize efficiency

IPA Overview Open source project Started 3 years ago and contributed to by Red Hat But open to all freeIPA versions v1: April User Identity v2: Machine identity Alpha 3 released May Complete v2 planned for 2 nd half 2010 Red Hat Product Offering 1 st half 2011

IPAv1 provides Single Sign on for users Tie together Directory and Kerberos User Kerberos ticket for SS) to UNIX/Linux, JBoss, other apps Centralized authentication point for IT Unite Directory, Kerberos From Apps, UNIX/Linux, VPNs, WLANs Easy for IT to set up, migrate to, and manage Simple IPA install Intuitive web interface, Command line Tools migrate from NIS Key Data replicated via Directory Services KDCLDAPCLI/GUI IPA Server v1 Unix/LinuxAdmin

IPAv2 (Early 2011 target) will provide Identify and group machines, Vms, services Simplified service authentication and establishment of secure communication Client agent: SSSD System Security Service Daemon + IPA Plugin Management of machine certificate Host Based Access Control DNS Integration KDC LDAP CLI/GUI IPA Server v2 Unix/LinuxAdmin PKI DNS

System Security Services Daemon System daemon. Already in Fedora, going in to Red Hat Enterprise Linux and hopefully other distributions SSSD provides: Access to identity and authentication remote resource through a common pluggable framework Caching and offline support PAM and NSS modules, as well as D-BUS based interfaces Better database to store local users as well as extended user data

How does IPA Interoperate with Active Directory? IPA v1 and v2 Synchronization of User Identity Users, Passwords (optional) IPA manages Linux/Unix policy Each platform managed well by its own native solution IPA v3 Cross realm kerberos trust with AD ADIPA Unix/Linux Windows ADIPA Unix/Linux Windows Sync Trust

15 Questions