Installing and Configuring the Novell Identity Manager Mainframe and IBM AS/400 Connector Doug Anderson Product Manager Boyd Wilson.

Slides:



Advertisements
Similar presentations
Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/ (14pt) Manage and Deploy Applications using Virtualization.
Advertisements

Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.
How to Successfully Cluster GroupWise Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.
SAN Design Considerations Hylton Leigh Senior Consultant Novell Consulting, UK Stuart Thompson Senior Consultant Novell Consulting, UK.
How to Implement a Cluster of Clusters Atiq Adamjee Senior Architect Novell, Inc. Brad Rupp Software Engineer Novell, Inc.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.
Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,
Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc.
DIR-835A1 Wireless N750 Dual-Band Router Wireless & Router Product Div. July 2011 D-Link WRPD.
Document Management with GroupWise ® Gregg Hinchman Consultant Hinchman Consulting Jerry Winkel Novell Escalation Engineer.
Nsure ™ Audit: Instrumenting Custom Applications Rick Meredith Jason Arrington Nsure Audit Engineering Novell, Inc.
Configuring Novell Account Management with Identity Manager for Linux and UNIX Doug Anderson Product Manager Boyd Wilson Product Architect,
Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.
Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer, Novell Robert Gillette IS Development Manager, City of Los.
Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software Engineer
Implementing iChain ® in the Wild: Life beyond the lab Rich Roberts Senior Architect – Novell Consulting Novell Inc. Jim Short iChain Guru – Novell Consulting.
Novell ® Storage Manager for eDirectory Doug Ouzts Technical Trainer
Implementing DirXML ® Stylesheets David Wagstaff
Novell Nsure TM Identity Manager 2 andGroupWise Provisioning Art Purcell, GroupWise ® Engineering, David Holbrook, DirXML Engineering,
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Successful GroupWise Clustering, Part 1 Gregg A. Hinchman Ed Hanley Novell Inc.
April 30, 2007 openSUSE.org Build Service a short introduction Moiz Kohari VP Engineering.
The Art of Business Continuance Brad Rupp WG Storage Engineering Novell Gregg A. Hinchman Consultant Hinchman Consulting.
Novell ® BrainShare ® A Hands-on Approach to Implementing an Effective Retention Solution with Novell GroupWise and GWArchive Greg Smith, Director.
How to Successfully Cluster GroupWise ® Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
Kevin James Prototype Systems Devloper Novell Inc. Freddy Kaiser Technical Directory, Enterprise Solutions Novell Inc. BUS172 - Case Study: Extended Provisioning.
SecureLogin Solution for Hospital Environments Keith Lewis Novell Consultant Novell, Inc. Troy Drewry Protocom Consultant Protocom.
Advanced Mono Development: Best Practices Miguel de Icaza CTO, Ximian Nat Friedman VP Software Development, Ximian
Retention for GroupWise Angela Williams - Channel Sales Manager Jeff Stratford - President Nexic, Inc.
Beginning Programming with the Novell GroupWise ® Object API Glade Monson Developer Services, Novell Inc.
Understanding Novell DirXML™ Technology
Novell Account Management Overview and Futures Doug Anderson Product Manager David Condrey Engineering Manager
Strong Authentication to any Application Using SecureLogin and NMAS TM Scott Kiester and John Jolly Software Engineer Novell, Inc.
Securing GroupWise ® end-to-end with SSL Mike Bills ATT Engineer, Novell Inc.
Best Practices for Running Multiple Identity Manager 2 (formerly DirXML ® ) Drivers on Linux and Solaris Patrick J Cush Senior Technical Specialist Novell.
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Securing Legacy Applications with exteNd Composer and Novell iChain Kirk Noren Application Services Specialist Novell, Inc.
Service Pack 2 System Center Configuration Manager 2007.
Configuring Novell GroupWise ® on SuSE LINUX Randy Brown GroupWise Dedicated Support Engineer, Novell Inc. Matt Preston GroupWise Support.
DIR-826L Wireless N600 Gigabit Cloud Router Sales Guide WRPD Jan 25 th, 2012 D-LINK HQ.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
가상화 기반의 Workload 관리솔루션 : FORGE PlateSpin Virtualization and Workload Management 나영관 한국노벨 /
SUSE ® Linux Enterprise High Availability Extension.
Introduction to GroupWise ® C3POs Glade Monson Developer Services, Novell Inc.
IDC Says, "Don't Move To The Cloud" Richard Whitehead Director, Intelligent Workload Management August, 2010 Ben Goodman Principal.
Novell ® IT Consulting Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
SUSE ® Linux Enterprise Desktop in a One-To-One 21st Century Classroom Alex Inman Director of Technology Whitfield School
Novell ® Technical Training Field / Sales Presentation Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Patrick Hynes Solutions Director | Novell Endpoint Management | Overview of.... ZENworks 11.
OES11 / SLES11 Feature Competitive Novell Confidential.
GStreamer in OpenOffice.org? Cédric Bosdonnat, Radek Doulík.
Forrester and Novell Novell ® Identity Manager 4 Webcast I Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Novell ® Demo Systems Portal Update Doc Hodges Novell Demo Systems
DHP-600AV / DHP-601AV Powerline AV2 Gigabit Adapter Powerline AV2 Starter Kit Sales Guide WRPD, Mar 2013 D-Link Confidential.
From Source Code to Packages and even whole distributions By Cool Person From openSUSE.
Enterprise Linux Servers Solution Overview Kerry Kim Enterprise Linux Servers Solution Manager.
From Source Code to Packages for Various Distributions Andreas Jaeger Program Manager openSUSE
UI-Facelift of the YaST Partitioner Module Martin Schmidkunz Status: 13th February 2008.
SUSE Studio: Building distributions By Cool Person From openSUSE.
From Source Code to Packages for Various Distributions
Redesign of AppArmor Modules in YaST
EControl: ZERO Rights, Browser-based Identity Management for Help Desk Personnel - GroupWise, eDirectory, Active Directory, Exchange and Mixed Networks.
Presentation transcript:

Installing and Configuring the Novell Identity Manager Mainframe and IBM AS/400 Connector Doug Anderson Product Manager Boyd Wilson Product Architect, Jeff Bate Engineering Randy Martin Engineering

© March 10, 2004 Novell Inc, Confidential & Proprietary 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

© March 10, 2004 Novell Inc, Confidential & Proprietary 3 The one Net vision Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably. Novell Nsure ™ Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

© March 10, 2004 Novell Inc, Confidential & Proprietary 4 Agenda Overview and Roadmap AS/400 Connectivity AS/400 Configuration Demo RACF Driver for Mainframe Connectivity RACF Driver Configuration Demo Futures Q&A

© March 10, 2004 Novell Inc, Confidential & Proprietary 5 What’s Up With NAM and IDM? Let’s clear this up now These are complementary products, not competing products Identity Manager is the family, and NAM is part of it NAM is going to go from cousin to brother

© March 10, 2004 Novell Inc, Confidential & Proprietary 6 How are Novell Account Management and Identity Manager Related? NAM has functionality not available in IDM2 (Fan-Out Drivers, Windows Standalone Mode, Authentication Redirection, Native Script Handling, password sync using standard eDir password) NAM also has limitations not found in IDM2 (Subscriber-Only, Different Architecture, Different Management Console)

© March 10, 2004 Novell Inc, Confidential & Proprietary 7 What’s the Mission? To make it easy for any Novell Account Management customer (and there are thousands), be it version 2.1 or 3.0, on any platform, to move forward, without losing any critical functionality, and, in fact, gaining significant functionality.

© March 10, 2004 Novell Inc, Confidential & Proprietary 8 But, for today... But for right now, let’s talk about how NAM works today, and how it will work in the future

AS/400 Connectivity

© March 10, 2004 Novell Inc, Confidential & Proprietary 10 Account Provisioning to a Target By permitting a collaborative unit such as a container or a group to a target system, you automate the management of all users that may be associated with the collaborative unit in the future. OS/390 Mainframe With RACF AS/400 Application Server Set of Linux Web Servers AS/400 RACF Linux Servers

© March 10, 2004 Novell Inc, Confidential & Proprietary 11 NAM 3.0 Principal Components AS/400 Unix Other Windows 390 Core Services Agents Event Listener Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Platform Services eDirectory Novell DirXML

© March 10, 2004 Novell Inc, Confidential & Proprietary 12 AS/400 Unix Other Windows 390 NAM 3.0 Principal Components eDirectory Authentication Services API Platform Services System Intercept Platform Services Process User and Group Management Platform Receiver Scripts User Authentication Core Services Agents Event Listener Manager Services Object Services Audit Services Certificate Services Web Services Journal Services SSL Novell DirXML

© March 10, 2004 Novell Inc, Confidential & Proprietary 13 Receiver Scripts Default Scripts are delivered for each security system for each platform. May be modified or replaced by the customer. Target system administrators already know how to write scripts since the local scripting environment is used on each platform (REXX, Shell Script, Windows Script, etc) In many cases administrators already have scripts to perform operations on their local system and these can be plugged directly in.

© March 10, 2004 Novell Inc, Confidential & Proprietary 14 Adding Users To The Directory Authentication Services API eDirectory Novell DirXML Platform Services System Intercept Platform Services Process User Authentication User and Group Management Platform Receiver Scripts Core Services Agents Event Listener Manager Services Object Services Audit Services Certificate Services Web Services Journal Services SSL 1. A new user is created in eDirectory 4. Object Services creates an E-user object in the Census, associates it to the proper Platform and passes this information on to Event Journal Services 3. An Access Management Event is created and sent to Object Services 5A. The Platform Receiver requests an Access Management Event from Event Journal Services pertaining to the Platform Set that this particular platform is associated with 5B. Event Journal Services reads the information for the object specified in the Access Management Event out of eDirectory and passes it on to the Platform Receiver 6. The Platform Receiver processes the Access Management Event through a suitable script (Add User) and passes it on the local user security system 7. Event Journal Services notifies Audit Services which records the actions taken in the Audit Log 2. The Event Listener sees the change

© March 10, 2004 Novell Inc, Confidential & Proprietary 15 AS/400 Connector Facts AS/400 and Windows platforms share many of the same challenges with regard to provisioning and password synchronization. Security system is not as accessible or extensible as eDirectory or even RACF on the mainframe. Provisions users and groups from eDirectory™ to AS/400 security system. Supports bi-directional sync of passwords. Account Management API is available on the AS/400 platform.

© March 10, 2004 Novell Inc, Confidential & Proprietary 16 AS/400 Password Intercept Password check cannot be intercepted. This means we cannot use redirection. Password change can be intercepted via exit specified in the system value QPWDVLDPGM. This means we can use password replication. Authentication Services API System Intercept Platform Services Process User Authentication

© March 10, 2004 Novell Inc, Confidential & Proprietary 17 AS/400 Basics Uses a scripting language called “CL”, which is the language that the Account Management platform receiver scripts are provided in. System security profiles are based on levels: 10, 20, 30, 40 and 50. Determines required elements for a user profile. We support integration with systems at any security level.

18 AS/400 Security System Basic user information is kept in a user profile. All other user and group information in kept in the distribution directory. We update both UID SalesGroup Member Sales Manager Description BobUsername Profile Distributio n Directory User and Group Management Platform Receiver Scripts attrmap.conf

Account Management AS/400 Configuration Demo

RACF Driver for Mainframe Connectivity

© March 10, 2004 Novell Inc, Confidential & Proprietary 21 Identity Manager Driver and Account Management 3 Connector Options for Mainframes Identity Manager 2.0 Driver for RACF In Beta Now. Announced at BrainShare 2004 SLC. Useful if need to have RACF authoritative for Accounts More info to come… Account Management Connector for Mainframes Supports RACF, ACF2, and Top Secret security systems on OS/390. Allows account provisioning from eDirectory to each of the above security systems. Supports bi-directional password sync. Supports extendable control through REXX scripting.

© March 10, 2004 Novell Inc, Confidential & Proprietary 22 RACF Driver Facts Bi-directional for User Accounts and Groups. Bi-directional for passwords. Supports being run as a native or remotable driver. Leverages IDM 2.0 password management framework through Universal Password in eDirectory. Uses auxiliary classes add MVS RACF schema attributes to User and Group objects in eDirectory. Can be used to sync one RACF system with another through eDirectory.

© March 10, 2004 Novell Inc, Confidential & Proprietary 23 RACF Driver Requirements Novell Nsure Identity Manager 2.0 or later iManager 2.02 or later Any IBM supported OS/390 or z/OS release RACF 1.9 or later

© March 10, 2004 Novell Inc, Confidential & Proprietary 24 RACF Driver Components Driver Shim – Interface between the Identity Manager Engine and RACF. Contains both a Subscriber channel and a Publisher channel. Sample Policies and Filters for controlling bi- directional flow of data between eDirectory and RACF. RACF Event Subsystem – Captures RACF events and provides and interface into the Subscriber and Publisher channels.

25 z/OS RACF Event Subsystem (One for each system sharing the RACF dataset) RACF Driver Shim (Can also run local to the DirXML Engine) Change Log RACF Command Exit RACF RACINIT Exit Cross Memory Queue Change Log Started Task Publisher Subscriber DirXML Engine RACF commands (ADDUSER, ALTUSER, DELUSER, ADDGROUP, ALTGROUP, DELGROUP, CONNECT, REMOVE, PASSWORD) LDXSERV command (GETNEXT and MARKDONE) DirXML Remote Loader Policies LDXSERV Command (NOLOG and ISSUE) RACF commands (LISTUSER, LISTGROUP)

© March 10, 2004 Novell Inc, Confidential & Proprietary 26 Rules and Style Sheets Customization is handled through rules and style sheets. The shim itself avoids implementing policy. Examples … RACF Password Interval is 1–254 Days; eDirectory is number of seconds EDir User: Group Membership, Group: Members; RACF has profiles for users, groups, and connects. RACF does no cleanup. eDir User delete becomes RACF revoke. Group delete blocked. The behavior of the driver is governed by its configuration of options, policies, and filters. The configuration of the Driver for RACF is stored in its driver object in eDirectory.

27 RACF Event Subsystem Uses standard RACF exits (IRREVX01 and ICHRIX02) to capture events of interest. Places events in a ECSA-based cross memory queue. Started Task moves events from queue to Change Log Direct Access (DA) dataset. Publisher channel is provided events from the Change Log dataset via LDXSERV TSO command. RACF Exit Change Log Started Task Change Log Dataset Queue Driver Publisher Channel

RACF Driver Configuration Demo

Futures

© March 10, 2004 Novell Inc, Confidential & Proprietary 30 Facts The same engineering team now develops and supports the Account Management and RACF Driver deliveries in the Mainframe solution space as well as the AS/400 connector. Account Management and Identity Management are converging using a multiple phase approach.

© March 10, 2004 Novell Inc, Confidential & Proprietary 31 IDM/NAM Convergence This does NOT mean simply that Account Management is going away and being converted to drivers. Convergence requires new functionality in the current IDM Engine and management infrastructure as well as a change in current NAM management methodologies. This will open up new possibilities for managing how drivers work. This will allow for a common management and customization infrastructure. Migrations from current DirXML®/Identity Manager drivers and NAM implementations will be made seamless. No need to wait to deploy!

© March 10, 2004 Novell Inc, Confidential & Proprietary 32 NAM Futures and Convergence The following slides constitute one phase in the convergence process. All current functionality is taken forward.

© March 10, 2004 Novell Inc, Confidential & Proprietary 33 Component Location (Core Driver) The Core Driver now includes all the functionality of the former Event Listener, Manager and Agents. A Core Driver must be installed on the server(s) where replicas of the provisioned users and ASAM System container reside. The Core Driver uses a mix of DirXML and LDAP calls to accomplish its mission You can install more than one Core Driver for redundancy, when you upgrade upgrade the Manager first, then the agents all to Core Drivers

© March 10, 2004 Novell Inc, Confidential & Proprietary 34 Principal Components AS/400 Unix Other Windows 390 Core Driver(s) Fan Out Auditing UIDGID Mgmt Authentication Redirection Bi-directional Password Replication UP Support IDM2 Integration Requires fewer objects in eDirectory Platform Services eDirectory Novell DirXML

© March 10, 2004 Novell Inc, Confidential & Proprietary 35 AS/400 Unix Other Windows 390 Principal Components eDirectory Authentication Services API Platform Services System Intercept Platform Services Process User and Group Management Platform Receiver Scripts User Authentication Core Driver(s) Manager Services Object Services Audit Services Certificate Services Web Services (iManager Integration) Journal Services Auth Redirection (agent) SSL Novell DirXML

© March 10, 2004 Novell Inc, Confidential & Proprietary 36 eDirectory Novell DirXML Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services DirXML LDAP/SSL Core Driver Communications Installed on the Same System

© March 10, 2004 Novell Inc, Confidential & Proprietary 37 Multiple Core Drivers eDirectory Novell DirXML eDirectory Novell DirXML Multiple Core Drivers can watch for events in different or the same replica rings. DirXML LDAP/SSL DirXML LDAP/SSL Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services

© March 10, 2004 Novell Inc, Confidential & Proprietary 38 Component Location (Platform Services) Platform Services run on the target system. Delivery and Installation based on the Native Platform.

© March 10, 2004 Novell Inc, Confidential & Proprietary 39 Core Driver(s) eDirectory Novell DirXML Platform Services – AS/400 LDAP Security System API Interf ace Proces s Intercep ts And Interfac es AS/400 APP 1 APP 2 APP 3 APP N

Question and Answer

© March 10, 2004 Novell Inc, Confidential & Proprietary 41

General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.