SlideShare uma empresa Scribd logo

Securing Shared Workstations with Novell SecureLogin

Novell
Novell

Kiosks are deployed in many industries, such as health care and manufacturing, to provide users with quick access to applications. But challenges often arise in these deployments when users don’t close applications or simply leave the kiosk without logging off, exposing sensitive data to unauthorized users. This session will demonstrate the use of the Desktop Automation Services. We will show you how to build policy-based shared workstation protection at the workstation level, at the network level (using Novell Modular Authentication Service and eDirectory) and across Citrix sessions. We will also show you how to configure the policies to lock workstations when an authentication device is removed or when the user’s session has timed out. Finally, you will see a real-world example of Desktop Automation Services working at Maine Medical Center. This session will demonstrate how to secure these shared workstations using the the Desktop Automation Services (DAS) in Novell SecureLogin. Presenters will show how to build policy-based shared workstation protection at the workstation level, at the network level (using NMAS and requires eDirectory™) and across Citrix sessions. They’ll also show how to configure the policies to lock workstations when an authentication device is removed or when the user’s session has timed out.

1 de 30
Baixar para ler offline
Securing Shared Workstations with Novell SecureLogin ® Kevin Prior Rajasekar Pandiyan Technology Specialist Software Consultant kprior@novell.com prajasekar@novell.com
Session Content This session will explain and demonstrate: • About shared workstations and kiosks • What is Desktop Automation Services (DAS) in the context of kiosks • Usage of Desktop Automation Services (DAS) • How to build policy-based shared workstation protection at the workstation and network levels • How to configure policies to lock workstations when an authentication device is removed or when a user's session is timed out. • Finally, a real world example of DAS from EOS Systems, who has worked with customer implementations 2 © Novell, Inc. All rights reserved.
Kiosks or Shared Workstations Description • Workstation shared by several people throughout the day to provide quick access to applications. Often several users in an hour. – Examples: health care, education, manufacturing, financial institutions, government environments Challenges • When users don't close the application or simply leave the workstation without logging off, they expose sensitive data to unauthorized users. 3 © Novell, Inc. All rights reserved.
What Is The Novell Single Sign-on ® Solution for Shared Workstations? • Novell has combined the value of Novell SecureLogin with the value of DAS (Desktop Automation Services) provides: – Fast login – Fast user switching – Single sign-on • Simplified core components to support different workstation form factors • A solution that solves some of the key foundational pain currently in health care, retail and manufacturing • Simple message: – One Id. One Password – One Login – Fast 4 © Novell, Inc. All rights reserved.
DAS (Desktop Automation Services) What is Novell Desktop Automation Services? ® • An add-on to Novell SecureLogin • Handles unique use cases associated with shared workstations or kiosks. • Executes selective and configurable lists of user operations from virtually any scripting or programming medium on the Windows operating system. • Most common deployment to provide fast user switching in Clinical Workstation. • Runs locally on the workstation to handle these unique use cases. • Identity-based services can be related to the workstation, user (attributes), or location (via IP subnet) 5 © Novell, Inc. All rights reserved.
DAS Overview Different versions and support details • Formerly known as the Application Runner Shell or system (ARS). • Originally written by Novell Consulting / Custom Development ® • Customers currently running the older version of ARS (DAS)version 1.0.4.13 or earlier will still be supported by NCCD but are entitled to the upgrade to DAS 2.0. • DAS is available for no cost to all currently licensed customers of Novell SecureLogin (NSL) version 6.0 or higher. • NSL version 3.51 or lower is not supported and customers must upgrade to NSL 6.0 or higher in order for DAS 2.0 to be installed. • NSL 7.0 bundles the latest version (DAS 2.1) • NSL 7.0 SP1 Supports DAS in Windows 7 6 © Novell, Inc. All rights reserved.
DAS Overview What DAS does? • DAS process that runs on the workstation monitors for different triggers in the workstation • DAS executes the actions configured for a trigger scripted in an XML file • Actions and triggers are controlled by Actions.xml file – Configure on the workstation or in the directory – Specified in eDirectory on container or user ™ 7 © Novell, Inc. All rights reserved.
DAS Functionality Login / Logout Smart Card NSL Novell Client Configuration File Network (actions.xml) Monitor Card Monitor DAS ► Windows Events Executes Actions Proximity Card Kill-app, map-drive nds-logout, ldap-logout, ... Hot Key Inactivity Timer Screen Saver 8 © Novell, Inc. All rights reserved.
DAS Configuration stored in Directory Novell Environment ® Microsoft Environment SecureLogin NWClient32.exe slproto.exe LDAP GINA actions.xml NLDAPlgn.exe (Local File) OPTIONAL actions.xml (Local File) Registry DAS Registry actions.xml actions.xml (ARSConfig object) (ARSConfig object) eDirectory eDirectory LDAP ARSControl ARSControl IDM Driver User User ARSUser ARSUser Active Directory 9 © Novell, Inc. All rights reserved.
DAS Actions and Triggers DAS Triggers DAS Actions (continued) • on-nds-login • test-app-running • on-ldap-login • kill-app • on-hot-key • kill-all-apps • on-screen-saver • map-drive • On-cardmon • map-home-drive • test-logged-in • test-ldap-logged-in DAS Actions • test-nds-attr-valtest-ip-subnet • execute-user-action • test-env-variable • if-true • message-box • if-false • nds-logout • run-application • ldap-logout 10 © Novell, Inc. All rights reserved.
Sample actions.xml <?xml version="1.0"?> <application-runner-script> <action name="hidedesk"> <nds-logout /> <hide-desktop /> </action> <action name="showdesk"> <unhide-desktop /> </action> <action-triggers> <on-hot-key virtual-key="s" modifiers="ctrl" action-name="showdesk"/> <on-hot-key virtual-key="h" modifiers="ctrl" action-name="hidedesk"/> </action-triggers> </application-runner-script> 11 © Novell, Inc. All rights reserved.
DAS 2.0 Key Features • Ability to quickly login and logout users (fast user switching) using either the Novell Client or the LDAP client in NSL. ™ • Novell Client is no longer necessary with DAS 2.0 as it was with previous versions. • Provides convenience tools for the user such as: – hot-keys, drive mappings and auto launching of applications or shutting down applications • Support for Windows 2000 Pro, XP, and Vista • DAS can be used as a substitute for login scripts for multi- user workstations • Card monitoring service to detect smartcard pulls and run a series of user defined logout actions Installation by Microsoft Installer (MSI) 12 © Novell, Inc. All rights reserved.
New in DAS 2.1 • Actions: – hide-desktop – unhide-desktop – Screen-Saver-On (invokes when Screen Saver is activated) • Action Triggers: – on-inactivity-timer – on-screen-saver – on-pcprox-removal (Is this required) • Command Line Switches – ars.exe /refresh (Refresh actions.xml during run time) – ars.exe /shutdown (Terminates DAS) 13 © Novell, Inc. All rights reserved.
Fast User Switching In order to provide fast user switching, one needs: • Ability to quickly log off previous user – Screensavers – Logout button – Session time outs – Proximity and Smart Card pull – Proximity sonar devices • Quickly shut down applications that were open and reset workstation for next user in seconds • Disconnect shared or home drive mappings • Prompt for next user to authenticate • Lock down workstation in idle state to prevent unauthorized use • Best utilized with shared or kiosk workstations 14 © Novell, Inc. All rights reserved.
Sample Use Cases In Different Industries • Healthcare – Shared workstations/kiosks at nurse stations, exam rooms, patient kiosks, mobile health care worker, remote clinics, physician offices • Manufacturing – Factory floor shared workstation, shop floor control, stockrooms, information kiosks, remote/mobile workers, call centers • Retail – Point-of-Sale, stockrooms, kiosks • High Tech – Offshore development, call centers • Financial Service – Customer service, call centers, information kiosks, remote and offshore resources • Education – Student labs, remote learning centers 15 © Novell, Inc. All rights reserved.
DAS Use Case Example #1 • Workstation is configured to boot-up and auto-login to Windows Desktop and AD Domain automatically • Novell Client is presented for users to authenticate ® to eDirectory and get their Netware drive mappings ™ ® • 3-5 users may use the workstation in a single hour (multiple Windows profiles to manage) • Common in education, financial services, government Issue: How do you ensure the previous user is logged out or all active applications and the workstation is ready for the next user without having to completely restart the Windows o/s? Need fast user switching. 16 © Novell, Inc. All rights reserved.
DAS Use Case Example #2 • Workstation is configured to boot-up and auto-login to windows desktop, AD Domain and NetWare automatically ® (generic ID) • Network drives are mapped at boot-up and remain the same for all users • Users are required to log into each individual application (application level security) • 3-10 users may use the workstation in a single hour • Common in healthcare and manufacturing Issue: How do you ensure each user is required to authenticate once while getting SSO to their applications and can still provide fast login/logout? 17 © Novell, Inc. All rights reserved.
HIT Security Questions 19th Annual HIMSS CIO Survey 2008 Which of the following security technologies Which technologies does your facility plan are presently in place at your organization? to use or implement in the next two years? Firewalls 98.00% Single Sign-On 49.20% User Access Controls (based on role/location) 82.70% Biometric Technologies (i.e. retinal scan, fingerprint technology) 42.30% Audit Logs of Each Access to Patient Health Records 80.50% Email Encryption 34.20% Off-site Storage 76.90% Disaster Recovery 30.90% Disaster Recovery 74.60% Data Encryption 27.00% Electronic Signature 73.30% Electronic Signature 25.40% Intrusion Prevention / Detection Service 69.70% Intrusion Prevention / Detection Service 25.10% Multi-Level Passcodes 65.10% Public Key Infrastructure (PKI) 22.50% Data Encryption 62.50% Off-site Storage 20.80% Email Encryption 61.60% Audit Logs of Each Access to Patient Health Records 19.90% Single Sign-On 35.50% User Access Controls (based on role/location) 17.90% Public Key Infrastructure (PKI) 27.40% Biometric Technologies (i.e. retinal scan, fingerprint Multi-Level Passcodes 16.00% technology) 21.80% Firewalls 11.10% None 1.00% None 0.30% Don’t Know 1.00% Don’t Know 1.60% Other (Please specify) 0.00% Other (Please specify) 0.00% 18 © Novell, Inc. All rights reserved.
Solution Differentiators • Shared Credentials – Web SSO, enterprise SSO, provisioning • Identity Management Provisioning Integration – Automatic provisioning of SSO credentials • Leverage existing directory infrastructure vs. requiring an additional identity store (no additional hardware) – Minimizes administrative overhead – Simplifies user management – SIGNIFICANTLY improves fault tolerance, high availability, and scalability – Support of open standards (i.e. LDAP, SAML, CCOW) and interoperability across the enterprise 19 © Novell, Inc. All rights reserved.
Solution Differentiators • More multi-factor device support than any other vendor • Minimal Workstation Impact – Does not modify the GINA – Small client footprint – Fully compatible with Microsoft and Novell workstation ® environments – Fast login/logout – Flexibility in application launching – Fully integrated with ZENworks for desktop management ® • Centrally managed. No need for dual administration. – New users have instant access to solution capabilities 20 © Novell, Inc. All rights reserved.
Thom Kirby EOS Sytems
Who We Are • Eos Systems is a comprehensive IT solutions provider with an increasing national presence – We serve clients in 38 states • Eos Systems provides consulting and solutions for clients in information-intensive fields, including:  – Banking – Law – Education – Manufacturing – Healthcare – Government 22 © Novell, Inc. All rights reserved.
Who We Are Identity and Security Endpoint - Identity Management - Virtualization - Access Management - Resource Management - Security Management - Green IT - Compliance Management - Disaster Recovery and High Availability Solutions and Technologies Outsourced IT Collaboration - Consulting - E-mail - Support Services - Teaming - Product Procurement - Web - Managed Services - Mobile 23 © Novell, Inc. All rights reserved.
Who We Are • Major Vendor certifications include: Microsoft, Citrix, Novell, Sophos, HP, IBM, Dell, Cisco, VMware, Symantec, Gwava, Netvision, MacAfee, Lenovo and 3Com. • Eos Systems was established in 1997 and is headquartered in Boston, Massachusetts. • Office locations: – New York City – Boston – Salt Lake City Aligning Technology with Business Process 24 © Novell, Inc. All rights reserved.
Customer Use Case for Health Care • Environment: – Kiosk-type machines stationed in a health care environment – 3-5 different users must be able to quickly login/logout within an hour using a PCProx/Smartcard – User access to applications/data must be controlled/enforced • Issues: – Enforcing/controlling user access to the data is paramount as it can involve protected/confidential customer records – Login/Logout process needs to be under 5-10 seconds, including closing previous user active applications – Unique user authentication to eDirectory and ZENworks ™ ® Configuration Management for the user to deliver drive mappings, applications, and policies 25 © Novell, Inc. All rights reserved.
Customer Use Case for HealthCare Solution: • Desktop Automation Services (DAS) for fast user switching • Workstation is configured to boot-up and AutoAdminLogin to Windows Desktop and AD Domain automatically • DAS integration script will handle Novell® Client and ZCM logout/login to run associated drive mappings, applications, policies, and printers for specific users. • Configurable inactivity timers for automated screen saver lock and user logout from the system to ensure data/application security. • Novell Single Sign-on integration for all user-associated applications. • NMAS integration for PCProx security cards with eDirectory to allow fast secure logins without the need to type usernames and passwords. 26 © Novell, Inc. All rights reserved.
Question and Answer
For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit www.novell.com/securelogin 28 © Novell, Inc. All rights reserved.
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recomendados

Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Novell
 
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsAvoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsNovell
 
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...Novell
 
Novell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell
 
Novell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell
 
Novell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell
 
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...Novell
 
Novell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell
 

Recomendados

Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...
Migrating from Novell ZENworks 7 Desktop Management to Novell ZENworks Config...Novell
 
Avoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsAvoiding Common Novell ZENworks Configuration Management Implementation Pitfalls
Avoiding Common Novell ZENworks Configuration Management Implementation PitfallsNovell
 
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...
Application Repackaging Best Practices for Novell ZENworks 10 Configuration M...Novell
 
Novell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell ZENworks Advanced Application Management
Novell ZENworks Advanced Application ManagementNovell
 
Novell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell Success Stories: Endpoint Management in Education
Novell Success Stories: Endpoint Management in EducationNovell
 
Novell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell Success Stories: Endpoint Management in Government
Novell Success Stories: Endpoint Management in GovernmentNovell
 
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...
Introducing Novell Privileged User Manager and Securing Novell Open Enterpris...Novell
 
Novell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell Success Stories: Endpoint Management in Healthcare
Novell Success Stories: Endpoint Management in HealthcareNovell
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software AppliancesNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell
 
SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1 SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1 Novell
 
20th March Session Four by Rod Grigson
20th March Session Four by Rod Grigson20th March Session Four by Rod Grigson
20th March Session Four by Rod GrigsonSharath Kumar
 
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Novell
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell
 
Oracleonoracle dec112012
Oracleonoracle dec112012Oracleonoracle dec112012
Oracleonoracle dec112012patmisasi
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateNovell
 
Manage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinarManage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinarHitachi Vantara
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureNovell
 
Fy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth JonesFy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth Jonessim100
 
Best Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworksBest Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworksNovell
 
Discover what's new in Windows Server 2012 Active Directory
Discover what's new in Windows Server 2012 Active DirectoryDiscover what's new in Windows Server 2012 Active Directory
Discover what's new in Windows Server 2012 Active DirectoryMicrosoft TechNet - Belgium and Luxembourg
 
Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Digicomp Academy AG
 
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...Novell
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
LogRhythm Appliance Data Sheet
LogRhythm Appliance Data SheetLogRhythm Appliance Data Sheet
LogRhythm Appliance Data Sheetjordagro
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 

Mais conteúdo relacionado

Mais procurados

Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software AppliancesNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell
 
SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1 SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1 Novell
 
20th March Session Four by Rod Grigson
20th March Session Four by Rod Grigson20th March Session Four by Rod Grigson
20th March Session Four by Rod GrigsonSharath Kumar
 
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Novell
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...Novell
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell
 
Oracleonoracle dec112012
Oracleonoracle dec112012Oracleonoracle dec112012
Oracleonoracle dec112012patmisasi
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateNovell
 
Manage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinarManage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinarHitachi Vantara
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureNovell
 
Fy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth JonesFy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth Jonessim100
 
Best Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworksBest Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworksNovell
 

Mais procurados (17)

Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8
 
How to Maintain Software Appliances
How to Maintain Software AppliancesHow to Maintain Software Appliances
How to Maintain Software Appliances
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
Novell Success Stories: Endpoint Management in High Tech and Professional Ser...
 
SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1 SUSE Linux Enterprise Server for System z SP1
SUSE Linux Enterprise Server for System z SP1
 
20th March Session Four by Rod Grigson
20th March Session Four by Rod Grigson20th March Session Four by Rod Grigson
20th March Session Four by Rod Grigson
 
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
 
Novell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for NonprofitsNovell Success Stories: Endpoint Management for Nonprofits
Novell Success Stories: Endpoint Management for Nonprofits
 
Novell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in EducationNovell Success Stories: Collaboration in Education
Novell Success Stories: Collaboration in Education
 
Oracleonoracle dec112012
Oracleonoracle dec112012Oracleonoracle dec112012
Oracleonoracle dec112012
 
Adaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin OrchestrateAdaptive Computing Using PlateSpin Orchestrate
Adaptive Computing Using PlateSpin Orchestrate
 
Manage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinarManage rising disk prices with storage virtualization webinar
Manage rising disk prices with storage virtualization webinar
 
Integrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing InfrastructureIntegrating Novell Teaming within Your Existing Infrastructure
Integrating Novell Teaming within Your Existing Infrastructure
 
Fy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth JonesFy09 Sask Tel Learn It System Centre Garth Jones
Fy09 Sask Tel Learn It System Centre Garth Jones
 
Best Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworksBest Practices for IT Asset Management Using Novell ZENworks
Best Practices for IT Asset Management Using Novell ZENworks
 
Discover what's new in Windows Server 2012 Active Directory
Discover what's new in Windows Server 2012 Active DirectoryDiscover what's new in Windows Server 2012 Active Directory
Discover what's new in Windows Server 2012 Active Directory
 

Semelhante a Securing Shared Workstations with Novell SecureLogin

What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...Novell
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
LogRhythm Appliance Data Sheet
LogRhythm Appliance Data SheetLogRhythm Appliance Data Sheet
LogRhythm Appliance Data Sheetjordagro
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
HMS: Scalable Configuration Management System for Hadoop
HMS: Scalable Configuration Management System for HadoopHMS: Scalable Configuration Management System for Hadoop
HMS: Scalable Configuration Management System for HadoopDataWorks Summit
 
Novell SecureLogin 7 and Your Microsoft Active Directory Setup
Novell SecureLogin 7 and Your Microsoft Active Directory SetupNovell SecureLogin 7 and Your Microsoft Active Directory Setup
Novell SecureLogin 7 and Your Microsoft Active Directory SetupNovell
 
Novell ZENworks Application Virtualization Advanced Administration
Novell ZENworks Application Virtualization Advanced AdministrationNovell ZENworks Application Virtualization Advanced Administration
Novell ZENworks Application Virtualization Advanced AdministrationNovell
 
Storage&Os-updated-18May
Storage&Os-updated-18MayStorage&Os-updated-18May
Storage&Os-updated-18Maykrishna p
 
Windows sys admin interview questions
Windows sys admin interview questionsWindows sys admin interview questions
Windows sys admin interview questionsStudent
 
Os structure
Os structureOs structure
Os structureMohd Arif
 
Active directory domain administration tools
Active directory domain administration toolsActive directory domain administration tools
Active directory domain administration toolsImran Khan
 
RES Online Seminar Een gratis werkplek voor iedereen
RES Online Seminar Een gratis werkplek voor iedereenRES Online Seminar Een gratis werkplek voor iedereen
RES Online Seminar Een gratis werkplek voor iedereenRES Software Nederland
 
UGIF 12 2010 - features11.70
UGIF 12 2010 - features11.70UGIF 12 2010 - features11.70
UGIF 12 2010 - features11.70UGIF
 
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7Nicolas Desachy
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 

Semelhante a Securing Shared Workstations with Novell SecureLogin (20)

Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)
 
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
LogRhythm Appliance Data Sheet
LogRhythm Appliance Data SheetLogRhythm Appliance Data Sheet
LogRhythm Appliance Data Sheet
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gx
 
HMS: Scalable Configuration Management System for Hadoop
HMS: Scalable Configuration Management System for HadoopHMS: Scalable Configuration Management System for Hadoop
HMS: Scalable Configuration Management System for Hadoop
 
Novell SecureLogin 7 and Your Microsoft Active Directory Setup
Novell SecureLogin 7 and Your Microsoft Active Directory SetupNovell SecureLogin 7 and Your Microsoft Active Directory Setup
Novell SecureLogin 7 and Your Microsoft Active Directory Setup
 
Novell ZENworks Application Virtualization Advanced Administration
Novell ZENworks Application Virtualization Advanced AdministrationNovell ZENworks Application Virtualization Advanced Administration
Novell ZENworks Application Virtualization Advanced Administration
 
Storage&Os-updated-18May
Storage&Os-updated-18MayStorage&Os-updated-18May
Storage&Os-updated-18May
 
Windows sys admin interview questions
Windows sys admin interview questionsWindows sys admin interview questions
Windows sys admin interview questions
 
Os structure
Os structureOs structure
Os structure
 
Active directory domain administration tools
Active directory domain administration toolsActive directory domain administration tools
Active directory domain administration tools
 
RES Online Seminar Een gratis werkplek voor iedereen
RES Online Seminar Een gratis werkplek voor iedereenRES Online Seminar Een gratis werkplek voor iedereen
RES Online Seminar Een gratis werkplek voor iedereen
 
UGIF 12 2010 - features11.70
UGIF 12 2010 - features11.70UGIF 12 2010 - features11.70
UGIF 12 2010 - features11.70
 
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7
Informix User Group France - 30/11/2010 - Fonctionalités IDS 11.7
 
Cl107
Cl107Cl107
Cl107
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 
Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin Orchestrate
 

Mais de Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

Mais de Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

Securing Shared Workstations with Novell SecureLogin

  • 1. Securing Shared Workstations with Novell SecureLogin ® Kevin Prior Rajasekar Pandiyan Technology Specialist Software Consultant kprior@novell.com prajasekar@novell.com
  • 2. Session Content This session will explain and demonstrate: • About shared workstations and kiosks • What is Desktop Automation Services (DAS) in the context of kiosks • Usage of Desktop Automation Services (DAS) • How to build policy-based shared workstation protection at the workstation and network levels • How to configure policies to lock workstations when an authentication device is removed or when a user's session is timed out. • Finally, a real world example of DAS from EOS Systems, who has worked with customer implementations 2 © Novell, Inc. All rights reserved.
  • 3. Kiosks or Shared Workstations Description • Workstation shared by several people throughout the day to provide quick access to applications. Often several users in an hour. – Examples: health care, education, manufacturing, financial institutions, government environments Challenges • When users don't close the application or simply leave the workstation without logging off, they expose sensitive data to unauthorized users. 3 © Novell, Inc. All rights reserved.
  • 4. What Is The Novell Single Sign-on ® Solution for Shared Workstations? • Novell has combined the value of Novell SecureLogin with the value of DAS (Desktop Automation Services) provides: – Fast login – Fast user switching – Single sign-on • Simplified core components to support different workstation form factors • A solution that solves some of the key foundational pain currently in health care, retail and manufacturing • Simple message: – One Id. One Password – One Login – Fast 4 © Novell, Inc. All rights reserved.
  • 5. DAS (Desktop Automation Services) What is Novell Desktop Automation Services? ® • An add-on to Novell SecureLogin • Handles unique use cases associated with shared workstations or kiosks. • Executes selective and configurable lists of user operations from virtually any scripting or programming medium on the Windows operating system. • Most common deployment to provide fast user switching in Clinical Workstation. • Runs locally on the workstation to handle these unique use cases. • Identity-based services can be related to the workstation, user (attributes), or location (via IP subnet) 5 © Novell, Inc. All rights reserved.
  • 6. DAS Overview Different versions and support details • Formerly known as the Application Runner Shell or system (ARS). • Originally written by Novell Consulting / Custom Development ® • Customers currently running the older version of ARS (DAS)version 1.0.4.13 or earlier will still be supported by NCCD but are entitled to the upgrade to DAS 2.0. • DAS is available for no cost to all currently licensed customers of Novell SecureLogin (NSL) version 6.0 or higher. • NSL version 3.51 or lower is not supported and customers must upgrade to NSL 6.0 or higher in order for DAS 2.0 to be installed. • NSL 7.0 bundles the latest version (DAS 2.1) • NSL 7.0 SP1 Supports DAS in Windows 7 6 © Novell, Inc. All rights reserved.
  • 7. DAS Overview What DAS does? • DAS process that runs on the workstation monitors for different triggers in the workstation • DAS executes the actions configured for a trigger scripted in an XML file • Actions and triggers are controlled by Actions.xml file – Configure on the workstation or in the directory – Specified in eDirectory on container or user ™ 7 © Novell, Inc. All rights reserved.
  • 8. DAS Functionality Login / Logout Smart Card NSL Novell Client Configuration File Network (actions.xml) Monitor Card Monitor DAS ► Windows Events Executes Actions Proximity Card Kill-app, map-drive nds-logout, ldap-logout, ... Hot Key Inactivity Timer Screen Saver 8 © Novell, Inc. All rights reserved.
  • 9. DAS Configuration stored in Directory Novell Environment ® Microsoft Environment SecureLogin NWClient32.exe slproto.exe LDAP GINA actions.xml NLDAPlgn.exe (Local File) OPTIONAL actions.xml (Local File) Registry DAS Registry actions.xml actions.xml (ARSConfig object) (ARSConfig object) eDirectory eDirectory LDAP ARSControl ARSControl IDM Driver User User ARSUser ARSUser Active Directory 9 © Novell, Inc. All rights reserved.
  • 10. DAS Actions and Triggers DAS Triggers DAS Actions (continued) • on-nds-login • test-app-running • on-ldap-login • kill-app • on-hot-key • kill-all-apps • on-screen-saver • map-drive • On-cardmon • map-home-drive • test-logged-in • test-ldap-logged-in DAS Actions • test-nds-attr-valtest-ip-subnet • execute-user-action • test-env-variable • if-true • message-box • if-false • nds-logout • run-application • ldap-logout 10 © Novell, Inc. All rights reserved.
  • 11. Sample actions.xml <?xml version="1.0"?> <application-runner-script> <action name="hidedesk"> <nds-logout /> <hide-desktop /> </action> <action name="showdesk"> <unhide-desktop /> </action> <action-triggers> <on-hot-key virtual-key="s" modifiers="ctrl" action-name="showdesk"/> <on-hot-key virtual-key="h" modifiers="ctrl" action-name="hidedesk"/> </action-triggers> </application-runner-script> 11 © Novell, Inc. All rights reserved.
  • 12. DAS 2.0 Key Features • Ability to quickly login and logout users (fast user switching) using either the Novell Client or the LDAP client in NSL. ™ • Novell Client is no longer necessary with DAS 2.0 as it was with previous versions. • Provides convenience tools for the user such as: – hot-keys, drive mappings and auto launching of applications or shutting down applications • Support for Windows 2000 Pro, XP, and Vista • DAS can be used as a substitute for login scripts for multi- user workstations • Card monitoring service to detect smartcard pulls and run a series of user defined logout actions Installation by Microsoft Installer (MSI) 12 © Novell, Inc. All rights reserved.
  • 13. New in DAS 2.1 • Actions: – hide-desktop – unhide-desktop – Screen-Saver-On (invokes when Screen Saver is activated) • Action Triggers: – on-inactivity-timer – on-screen-saver – on-pcprox-removal (Is this required) • Command Line Switches – ars.exe /refresh (Refresh actions.xml during run time) – ars.exe /shutdown (Terminates DAS) 13 © Novell, Inc. All rights reserved.
  • 14. Fast User Switching In order to provide fast user switching, one needs: • Ability to quickly log off previous user – Screensavers – Logout button – Session time outs – Proximity and Smart Card pull – Proximity sonar devices • Quickly shut down applications that were open and reset workstation for next user in seconds • Disconnect shared or home drive mappings • Prompt for next user to authenticate • Lock down workstation in idle state to prevent unauthorized use • Best utilized with shared or kiosk workstations 14 © Novell, Inc. All rights reserved.
  • 15. Sample Use Cases In Different Industries • Healthcare – Shared workstations/kiosks at nurse stations, exam rooms, patient kiosks, mobile health care worker, remote clinics, physician offices • Manufacturing – Factory floor shared workstation, shop floor control, stockrooms, information kiosks, remote/mobile workers, call centers • Retail – Point-of-Sale, stockrooms, kiosks • High Tech – Offshore development, call centers • Financial Service – Customer service, call centers, information kiosks, remote and offshore resources • Education – Student labs, remote learning centers 15 © Novell, Inc. All rights reserved.
  • 16. DAS Use Case Example #1 • Workstation is configured to boot-up and auto-login to Windows Desktop and AD Domain automatically • Novell Client is presented for users to authenticate ® to eDirectory and get their Netware drive mappings ™ ® • 3-5 users may use the workstation in a single hour (multiple Windows profiles to manage) • Common in education, financial services, government Issue: How do you ensure the previous user is logged out or all active applications and the workstation is ready for the next user without having to completely restart the Windows o/s? Need fast user switching. 16 © Novell, Inc. All rights reserved.
  • 17. DAS Use Case Example #2 • Workstation is configured to boot-up and auto-login to windows desktop, AD Domain and NetWare automatically ® (generic ID) • Network drives are mapped at boot-up and remain the same for all users • Users are required to log into each individual application (application level security) • 3-10 users may use the workstation in a single hour • Common in healthcare and manufacturing Issue: How do you ensure each user is required to authenticate once while getting SSO to their applications and can still provide fast login/logout? 17 © Novell, Inc. All rights reserved.
  • 18. HIT Security Questions 19th Annual HIMSS CIO Survey 2008 Which of the following security technologies Which technologies does your facility plan are presently in place at your organization? to use or implement in the next two years? Firewalls 98.00% Single Sign-On 49.20% User Access Controls (based on role/location) 82.70% Biometric Technologies (i.e. retinal scan, fingerprint technology) 42.30% Audit Logs of Each Access to Patient Health Records 80.50% Email Encryption 34.20% Off-site Storage 76.90% Disaster Recovery 30.90% Disaster Recovery 74.60% Data Encryption 27.00% Electronic Signature 73.30% Electronic Signature 25.40% Intrusion Prevention / Detection Service 69.70% Intrusion Prevention / Detection Service 25.10% Multi-Level Passcodes 65.10% Public Key Infrastructure (PKI) 22.50% Data Encryption 62.50% Off-site Storage 20.80% Email Encryption 61.60% Audit Logs of Each Access to Patient Health Records 19.90% Single Sign-On 35.50% User Access Controls (based on role/location) 17.90% Public Key Infrastructure (PKI) 27.40% Biometric Technologies (i.e. retinal scan, fingerprint Multi-Level Passcodes 16.00% technology) 21.80% Firewalls 11.10% None 1.00% None 0.30% Don’t Know 1.00% Don’t Know 1.60% Other (Please specify) 0.00% Other (Please specify) 0.00% 18 © Novell, Inc. All rights reserved.
  • 19. Solution Differentiators • Shared Credentials – Web SSO, enterprise SSO, provisioning • Identity Management Provisioning Integration – Automatic provisioning of SSO credentials • Leverage existing directory infrastructure vs. requiring an additional identity store (no additional hardware) – Minimizes administrative overhead – Simplifies user management – SIGNIFICANTLY improves fault tolerance, high availability, and scalability – Support of open standards (i.e. LDAP, SAML, CCOW) and interoperability across the enterprise 19 © Novell, Inc. All rights reserved.
  • 20. Solution Differentiators • More multi-factor device support than any other vendor • Minimal Workstation Impact – Does not modify the GINA – Small client footprint – Fully compatible with Microsoft and Novell workstation ® environments – Fast login/logout – Flexibility in application launching – Fully integrated with ZENworks for desktop management ® • Centrally managed. No need for dual administration. – New users have instant access to solution capabilities 20 © Novell, Inc. All rights reserved.
  • 21. Thom Kirby EOS Sytems
  • 22. Who We Are • Eos Systems is a comprehensive IT solutions provider with an increasing national presence – We serve clients in 38 states • Eos Systems provides consulting and solutions for clients in information-intensive fields, including:  – Banking – Law – Education – Manufacturing – Healthcare – Government 22 © Novell, Inc. All rights reserved.
  • 23. Who We Are Identity and Security Endpoint - Identity Management - Virtualization - Access Management - Resource Management - Security Management - Green IT - Compliance Management - Disaster Recovery and High Availability Solutions and Technologies Outsourced IT Collaboration - Consulting - E-mail - Support Services - Teaming - Product Procurement - Web - Managed Services - Mobile 23 © Novell, Inc. All rights reserved.
  • 24. Who We Are • Major Vendor certifications include: Microsoft, Citrix, Novell, Sophos, HP, IBM, Dell, Cisco, VMware, Symantec, Gwava, Netvision, MacAfee, Lenovo and 3Com. • Eos Systems was established in 1997 and is headquartered in Boston, Massachusetts. • Office locations: – New York City – Boston – Salt Lake City Aligning Technology with Business Process 24 © Novell, Inc. All rights reserved.
  • 25. Customer Use Case for Health Care • Environment: – Kiosk-type machines stationed in a health care environment – 3-5 different users must be able to quickly login/logout within an hour using a PCProx/Smartcard – User access to applications/data must be controlled/enforced • Issues: – Enforcing/controlling user access to the data is paramount as it can involve protected/confidential customer records – Login/Logout process needs to be under 5-10 seconds, including closing previous user active applications – Unique user authentication to eDirectory and ZENworks ™ ® Configuration Management for the user to deliver drive mappings, applications, and policies 25 © Novell, Inc. All rights reserved.
  • 26. Customer Use Case for HealthCare Solution: • Desktop Automation Services (DAS) for fast user switching • Workstation is configured to boot-up and AutoAdminLogin to Windows Desktop and AD Domain automatically • DAS integration script will handle Novell® Client and ZCM logout/login to run associated drive mappings, applications, policies, and printers for specific users. • Configurable inactivity timers for automated screen saver lock and user logout from the system to ensure data/application security. • Novell Single Sign-on integration for all user-associated applications. • NMAS integration for PCProx security cards with eDirectory to allow fast secure logins without the need to type usernames and passwords. 26 © Novell, Inc. All rights reserved.
  • 28. For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit www.novell.com/securelogin 28 © Novell, Inc. All rights reserved.
  • 29.
  • 30. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.