Presentation is loading. Please wait.

Presentation is loading. Please wait.

Amol Bhandarkar Technology Solution Professional – IDA | Microsoft

Published byMuriel Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "Amol Bhandarkar Technology Solution Professional – IDA | Microsoft"— Presentation transcript:

1 Amol Bhandarkar Technology Solution Professional – IDA | Microsoft amolrb@microsoft.com

2 Agenda Identity & Access Management ILM 2 High level architecture ILM 2 Features Demo of ILM 2 Intelligent Application Gateway AD Rights Management Service

3 Identity & Access Management Identity-Based Access Network Access Identity-oriented edge access - e.g. NAP Identity Infrastructure Identity & Credentials Infrastructure : Directory – Identity/Credentials, Infocards, Meta/Virt Dir, Basic Policy Identity & Access Management Compliance and Audit: Monitoring, reporting, auditing of identity-based access activity Identity & Credential Management: User provisioning, Certificate & Smartcard Management, User self-service Policy Management: Identity policy, user/role-based access policy, federation policy, Delegation Access Management: Group Management, Federation/Trust Management, Entitlements, RBAC Remote Access Access resources remotely - e.gSSL VPN App Access SSO, Web/Ent/Host Access, Federation Info Access Drive Encryption, ILP, Rights Management

4 Microsoft Identity Lifecycle Manager Identity Synchronization User Provisioning Certificate and Smartcard Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement

5 ILM 2 High Level Architecture

6 Credential Management Heterogeneous certificate management with 3rd party CAs Management of multiple credential types, including One Time Passwords Self-service password reset integrated with Windows logon Group Management Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates User Management Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management Policy Management SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Identity Lifecycle Manager “2” Features 6

7 End User Scenarios Credential Management Group Management User Management Policy Management 7 Integration with Windows logon No need to call help desk Faster time to resolution Request process through Office No waiting for help desk Faster time to resolution Automatic updating of business applications No need to call help desk Faster time to resolution Automatic routing of multiple approvals Approval process through Office Audit trail of approvals

8 IT Administrator Scenarios Credential Management Group Management User Management 8 Policy Management Centralized management Automatic policy enforcement across systems Management of role changes & retirements Generation and delivery of initial one-time use password Integration of smart card enrollment with provisioning Automatic management of group membership Secure access to departmental resources, with audit trail

9 ILM "2" in Action Directories Custom Self-Service integration LOB Applications ILM “2” Portal ISV Partner Solutions Windows Log On IT Departments Databases Policy Management Credential Management User Management Group Management

10 AuthN & AuthZ Workflows Action Workflow App DB Sync DB ILM "2" In Action Management Agents New user added in HR app ILM manages manager and dept head approvals Once approved, changes committed to ILM app store ILM sends welcome and confirmation e-mails Identity Stores ILM synchronizes updates with external identity stores Sync receives request Sync DB Management Agents HR-driven provisioning a of new employee

11 ILM "2" In Action Self-service smart card provisioning Approval workflows Card created & printed Certificates requested Self-service notification and One Time Password sent to end user End user downloads certificates onto smart card

12 ILM "2" In Action Self-service password management AuthN & AuthZ Workflows Delegation & Permissions Action Workflow App DB Sync DB Management Agents User forgets password Requests password reset at Win logon and answers Q/A Does user have permission to reset password? ILM validates Q/A response from user Changes committed to ILM app store ILM makes WMI call to reset password in AD Identity Stores ILM syncs new password to external identity stores ILM receives XML Request Processor

13 Identity Management

14 INTELLIGENT APPLICATION GATEWAY

15 Supports all Applications with SSL VPN Web – Client/Server - File Access Microsoft – SharePoint, Exchange, Dynamics In-house developed Third-party, e.g. Citrix, IBM, Lotus, SAP, PeopleSoft… Designed for Managed and Unmanaged Users & Devices Automatic detection of user system, software and configuration Access policies according to device “security state” Delete temporary files and data traces from unmanaged devices Drives Productivity with Application Intelligence Apply policy at granular application feature levels Dynamically control application data for desired functionality Single Sign-on with multiple directories, protocols and formats Fully customizable portal and user interface Intelligent Application Gateway 2007

16 Ensure the integrity and safety of network and application infrastructure by blocking malicious traffic and attacks Comprehensive policy enforcement helps drive compliance with legal and business guidelines for using sensitive data The IAG provides SSL-based application access and protection with endpoint security management, enabling granular access control and deep content inspection from a broad range of devices and locations to line-of-business, intranet, and client/server resources. Control Access Safeguard Information Protect Assets Secure, browser- based access to corporate applications and data from more locations and more devices Intelligent Application Gateway

17 Secure Application Access Intelligent Application Gateway™ External Firewall Port 443 Active Directory ISA Server SQL Server File Shares IIS Exchange Server SharePoint Server Laptops Single sign-on to multiple and custom directories Portal defined by user identity Native AD integration w/strong and two-factor authentication Control Policy-driven intranet access with ACL- level controls Web application firewall w/app-specific content, command, and URL filtering ‘Restricted zones’ definitions for URLs File upload / download control;.EXE identification Positive and negative- logic filtering rules Protect Comprehensive monitoring and logging Session termination & inactivity timeouts Endpoint compliance check and clean-up Endpoint policy- defined micro-portal Safeguard Custom Applications Intranet

18 Customizable Enterprise Security Intelligent Application Gateway™ External Firewall Port 443 LDAP Oracle Exchange Server SharePoint Server Partners IBM / Lotus SAP Web Active Directory SSL VPN connectivity and endpoint security verification Control Flexible config. and context- sensitive portal based on endpoint state & user identity Support for multiple simultaneous portal configurations Web application firewall with positive and negative logic learns and adapts to new apps Protect Per-application policy and comprehensive authentication / authorization mechanisms Application Optimizer Toolkit lets IT admins / app developers build customized security Endpoint session control, monitoring and state cleanup Safeguard Granular policy enforcement Extensive monitoring and logging

19 RIGHTS MANAGEMENT SERVICES (AD RMS)

20 Retention/ Destruction Usage StorageCollection Destruction Archive In Applications Shared with Third Parties ByEmployees,Marketers ElectronicDevices Backup Structured Databases UnstructuredData Online From 3rd Party InPerson Information Lifespan Technology Policy People Process Framework for Data Governance

21 21 Independent Consultant Partner Organization Home Mobile Devices USB Drive The flow of information has no boundaries Information is shared, stored and accessed outside the control of its owner The Information Workplace

22 Traditional solutions protect initial access … Access Control List Perimeter No Yes Firewall Perimeter Authorized Users Unauthorized Users Information Leakage Unauthorized Users …but not usage

23 Today’s policy expression… …lacks enforcement tools

24 Microsoft’s Approach to Information Protection Active Directory Rights Management Services (AD RMS) Persistent Protection + Data Encryption Policy Enforcement: Access Permissions Use Right Permissions Provides identity-based protection for sensitive data Controls access to information across the information lifecycle Allows only authorized access based on trusted identity Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted with 128 bit encryption Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery

25 How does RMS work? Information Author The Recipient RMS Server SQL Server Active Directory 2 3 4 5 2.Author defines a set of usage rights and rules for their file; Application creates a “publishing license” and encrypts the file 3.Author distributes file 4.Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license” 5.Application renders file and enforces rights 1.Author receives a client licensor certificate the first time they rights-protect information 1

26 Live Trial- RMS

27 References Identity Lifecycle Manager 2 www.microsoft.com/ilm2 technet.microsoft.com/ilm Intelligent Application Gateway www.microsoft.com/iag http://technet.microsoft.com/en- us/forefront/edgesecurity/bb687299.aspx AD Rights Management Services www.microsoft.com/rms

28 Feedback / QnA Your Feedback is Important! Please take a few moments to fill out our online feedback form. For detailed feedback, use the form at http://www.connectwithlife.co.in/vtd/helpdesk.aspx Or email us at vtd@microsoft.com Use the Question Manager on LiveMeeting to ask your questions now!

29 Contact Email Address amolrb@microsoft.com

30 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Amol Bhandarkar Technology Solution Professional – IDA | Microsoft"

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.

Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.
Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux.

Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Connect with life Bijoy Singhal Developer Evangelist | Microsoft India |

Connect with life Bijoy Singhal Developer Evangelist | Microsoft India |
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Ravi Sankar Technology Evangelist | Microsoft Corporation

Ravi Sankar Technology Evangelist | Microsoft Corporation
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Similar presentations

Ads by Google