Mais conteúdo relacionado Semelhante a Hitachi ID Identity Manager: Detailed presentation (20) Mais de Hitachi ID Systems, Inc. (17) Hitachi ID Identity Manager: Detailed presentation1. 1 Hitachi ID Identity Manager
Managing the User Lifecycle
Across On-Premises and
Cloud-Hosted Applications
User provisioning, RBAC, SoD and access certification.
2 Agenda
• Introductions.
• Hitachi ID corporate overview.
• ID Management Suite overview.
• Identity problems and Hitachi ID Identity Manager benefits.
• The HiIM solution.
• Software demonstration.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
2. Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identity
and access management solutions.
• Founded as M-Tech in 1992.
• A division of Hitachi, Ltd. since 2008.
• Over 900 customers.
• More than 11M+ licensed users.
• Offices in North America, Europe and
APAC.
• Partners globally.
4 Representative Hitachi ID Customers
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
3. Slide Presentation
5 ID Management Suite
6 Identity and Access Problems
For users For IT support
• How to request a change? • Onboarding, deactivation across many
• Who must approve the change? apps is challenging.
• When will the change be completed? • More apps all the time!
• Too many passwords. • What data is trustworthy and what is
• Too many login prompts. obsolete?
• Not notified of new-hires/terminations on
time.
• Hard to interpret end user requests.
• Who can request, who should authorize
changes?
• What entitlements are appropriate for
each user?
• The problems increase as scope grows
from internal to external.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
4. Slide Presentation
7 Identity and Access Problems (continued)
For Security / risk / audit For Developers
• Orphan, dormant accounts. • Need temporary access (e.g., prod
• Too many people with privileged access. migration).
• Static admin, service passwords a • Half the code in every new app is the
security risk. same:
• Weak password, password-reset
processes. – Identify.
• Inappropriate, outdated entitlements. – Authenticate.
• Who owns ID X on system Y? – Authorize.
• Who approved entitlement W on system – Audit.
Z? – Manage the above.
• Limited/unreliable audit logs in apps. • Mistakes in this infrastructure create
security holes.
8 User Provisioning
User provisioning is defined as:
• Software to create, modify and delete users on different systems.
• It must include connectors:
– Directories.
– Operating systems.
– Applications.
• It also has to implement business process:
– Data synchronization from one system to another.
– Self-service requests.
– Authorization workflows.
• Finally, it should enforce policy rules:
– Login ID assignment.
– Approvals rules.
– Segregation of duties.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
5. Slide Presentation
9 ID Management Suite Component Overview
Hitachi ID Create, manage and delete users and entitlements.
Identity Manager Automation, self-service and delegation.
Hitachi ID Periodic review and cleanup of users and entitlements.
Access Certifier
Hitachi ID Self service, resource-centric management of AD
Group Manager group membership.
Hitachi ID Synchronize, reset passwords.
Password Manager Manage RSA tokens, security questions, voice prints,
PKI certs.
Periodically randomize and control access to sensitive
passwords.
Addons
Hitachi ID Periodic updates to data mapping users to their
Org Manager managers.
Hitachi ID Turn-key IVR for password reset and token
Phone PW Manager management.
Hitachi ID Auto-populate login IDs and synchronized passwords
Login Manager for users.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
7. Slide Presentation
11 ID Management Suite in the User Lifecycle
Lifecycle Automation Self service / Policy enforcement
stage request workflow
Onboarding
• From HR • Web UI (contractors). • Role-based
(employ- setup.
ees). • Standardized
IDs, OU, mail
store, etc.
Management
• Identity • Applications. • SoD
synchro- • Group membership. enforcement.
nization. • Profile updates. • Authorize
• Automatic changes.
role • ID mapping.
changes.
Support
• Password reset. • Password
• Resolve access denied strength.
errors. • Password
expiry.
Deactivation
• Auto- • Access certification. • Archive
termination. • Scheduled terminations. mailboxes,
home dirs, etc.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
8. Slide Presentation
12 HiIM Features
Automation:
• Provision joiners, deactivate leavers.
• Multiple HR feeds.
Requests portal:
• Self-service profile updates.
• Delegated security change requests.
Security controls:
• Access certification.
• RBAC and SoD.
• Reports on current entitlements, history.
Workflow process:
• Authorizers.
• Implementers.
• Certifiers.
Integrations:
• 110+ connectors, included.
• Incident management, SIEM, e-mail interfaces.
• Manage building access, physical assets.
Identity synchronization:
• Consistent data among apps.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 8
9. Slide Presentation
13 Closed Loop IAM
Integrated Hitachi ID Management Suite Integrated
Systems List accounts Target
List
of Record people Auto Systems
discovery
Updates
Detected
changes
Create, Non-integrated
Auto-provisioning Identity delete, Systems
Identity synch. Cache update
Updates accounts
Automatic
request
- Validate requests
Auto-
Manual Requests - Route for approval
Requesters Web UI - Invite authorizers
fulfillment
request
- Send reminders Work
- Escalate Queue
Invitations - Delegate Create,
Manual delete,
fulfillment Connectors update
Request Transaction accounts
Approvals Queue
Authorizers Approve,
Web UI
Manager
reject,
delegate
Invitations Invitations
Certification Workflow Implementer Accept,
Certifiers Review,
Implementers
certify, Web UI Manager Web UI confirm
correct
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 9
10. Slide Presentation
14 Competitive Differentiation
Consistency Full featured
• Manage all identities and entitlements • Administration and governance in a single
• On-premise and SaaS. product.
• Accounts, entitlements and resources. • Triggers: automation and request portal.
• 110+ connectors included. • Controls: policy, authorization workflow,
certification.
Scalability Usability
• Multi-master architecture. • Business-friendly request process using
• Load balanced, replicated. roles, PDRs.
• Deploy across data centers. • Simple e-mail/web authorization.
• Multi-lingual. • Windows shell extension.
• Fulfillment by both connectors and
humans.
15 The Hitachi ID Solution is Flexible
Customize: Every aspect of the user interface
Integrate with: 110+ target system types
Call tracking systems
HR systems
Authentication hardware
Meta directories
Enforce: Password policy
Authentication rules
Change authorization rules
User naming standards
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 10
11. Slide Presentation
16 Scalability and Fault-Tolerance
• Multiple Hitachi ID Identity Manager servers can be configured for load balancing.
• Data is automatically replicated between servers in real time.
• Built-in high performance identity cache accelerates system response.
• A service monitors the health of each server and may restart it or take it out of circulation.
• A proxy server compensates for slow or insecure connectivity to remote target systems.
• There are production customers with up to 300,000 users on just two servers.
• Replication has been scaled to 20 servers.
17 Included Connectors
Many integrations to target systems included in the base price:
Directories: Servers: Databases:
Any LDAP, AD, WinNT, NDS, Windows NT, 2000, 2003, Oracle, Sybase, SQL Server,
eDirectory, NIS/NIS+. 2008, Samba, Novell, DB2/UDB, Informix, ODBC.
SharePoint.
Unix: Mainframes, Midrange: HDD Encryption:
Linux, Solaris, AIX, HPUX, 24 z/OS: RACF, ACF2, McAfee, CheckPoint.
more. TopSecret. iSeries,
OpenVMS.
ERP: Collaboration: Tokens, Smart Cards:
JDE, Oracle eBiz, PeopleSoft, Lotus Notes, Exchange, RSA SecurID, SafeWord,
SAP R/3 and ECC 6, Siebel, GroupWise, BlackBerry ES. RADIUS, ActivIdentity,
Business Objects. Schlumberger.
WebSSO: Help Desk: Cloud/SaaS:
CA Siteminder, IBM TAM, BMC Remedy, SDE, HP SM, WebEx, Google Apps,
Oracle AM, RSA Access CA Unicenter, Assyst, HEAT, Salesforce.com, SOAP
Manager. Altiris, Track-It! (generic).
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 11
12. Slide Presentation
18 Simple Integration with Custom Apps
• Hitachi ID Identity Manager easily integrates with custom, vertical and hosted applications using
flexible agents .
• Each flexible agent connects to a class of applications:
– API bindings (C, C++, Java, COM, ActiveX, MQ Series).
– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.
– SSH sessions.
– HTTP(S) administrative interfaces.
– Web services.
– Win32 and Unix command-line administration programs.
– SQL scripts.
– Custom LDAP attributes.
• Integration takes a few hours to a few days.
• Fixed cost service available from Hitachi ID.
19 Multi-Master Architecture
ix,
Un ,
D, /390
A S P,
e d O DA 0 ,
tiv or L S40
Na assw ge ted
p han
A
Password
-h os s
User c
Synch ud app
Trigger Target Systems Clo aaS
Systems
S
with local agent:
OS/390, Unix,
PW
Reverse ate Hitachi ID older RSA
lid
Web Proxy Va Application
VPN s Target Systems
Server(s) ice
Server erv with remote agent:
IVR bS
SQL
Server DB
We AD, SQL, SAP, Notes, etc
ork
Load
SQL
Balancer DB
e tw
lN
ca
ails Lo
Target Systems
Em SQL/Oracle
ter
en
Firewall
SMTP or ts
Notes Mail Tic
ke
ge
r
t aC
&T
r ig
Da
Incident
up te
TCP/IP + AES Management Lo
ok
mo
Various Protocols
System System of Firewall Re
Record Proxy Server
Secure Native Protocol
(if needed)
HTTPS
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 12
13. Slide Presentation
20 Server Internal Architecture
Remote Site Integrations Core Services
IIS or Apache
HTTPS
Execute
List, Inspect,
Create, Delete, Connector IDWFM
Modify: Workflow Manager
Secure RPC
Users, Groups User Web
User Interface Browser
Exits IDTM
Transaction Manager
Target Hitachi ID
End User
System Proxy Server
PSUPDATE
Auto-Discovery
Execute
Business Logic
Admin/Config
Native API,
Protocol IDTRACK
Plugins Automation Engine
Target
System IDDB
Hitachi ID
Database Manager
Encrypted
Protocol
Local
Agent
Target Oracle or MSSQL
System Hitachi ID
Real-Time Stored Procs Server:
Encrypted
Replication
Identity Cache
Requests
IDM Internal
Database
Configuration Components
History
Hitachi ID
Server
21 Rapid Deployment and Low TCO
Optimized to minimize effort: Using Hitachi ID Identity Manager
technology:
• User provisioning with HiIM: • Built-in nightly auto-discovery of IDs,
entitlements.
– Initial deployment: • Both attribute-based and self-service ID
6 – 9 months. mapping.
– Ongoing maintenance: • Request, approvals screens and
0.5 – 1.0 FTE. processes are built-in.
• Implementer infrastructure for
non-integrated apps is built-in.
• Powerful authorization workflow is built-in.
• Deployment does not depend on role
engineering.
• 110 connectors out of the box.
• Rapid integration with custom, vertical
apps.
• Easy customization of GUI, business
logic.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 13
14. Slide Presentation
22 Competitive Advantages
Unique features Rapid deployment
• Self-service password/PIN reset from • Key features built-in, not custom:
anywhere.
• Workflow to refresh OrgChart data. – Change request forms.
• Request for resources mapped to AD – Authorization process.
groups. – Access certification UI.
• Detect/block effective SoD violations. – Auto-discovery.
• Self-service ID mapping.
• Unique approach to workflow.
Scalable platform Integrations
• Real-time data replication. • 110+ included connectors.
• Multi-master architecture. • Flexible connectors.
• Proxy server to cross firewalls. • Built-in implementers workflow.
• Stored procedures, native code for speed. • Integrated with incident management,
SIEM, etc.
23 Hitachi ID Professional Services
• Hitachi ID offers a variety of services relating to Hitachi ID Identity Manager, including:
– Needs analysis and solution design.
– Fixed price system deployment.
– Project planning.
– Roll-out management, including maximizing user adoption.
– Ongoing system monitoring.
– Training.
• Services are based on extensive experience with the Hitachi ID solution delivery process.
• The Hitachi ID professional services team is highly technical and have years of experience deploying
IAM solutions.
• Hitachi ID partners with integrators that also offer business process and system design services to
mutual customers.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 14
15. Slide Presentation
24 Hitachi ID Solution Delivery Approach
Fixed-price: All work is delivered on a fixed-price, fixed-deliverables basis. The
"meter" is never running.
Phases, milestones: Hitachi ID recommends breaking up long projects into phases of 1–3
months. Work is reviewed and payment is due when milestones are met.
Open assignment: Each phase may be undertaken by Hitachi ID, the customer, a systems
integrator or a combination of the participants.
Templates: Template documents and sample business logic are used to expedite
work.
Customer portal: A self-service portal supports discovery, client/partner/vendor interaction,
document distribution and more.
25 AdMax: Maximizing User Adoption
• Successful implementation of an identity and access management system must be supported by an
effective user adoption program.
• AdMax is an Hitachi ID professional services program, used to plan for and execute effective user
enrollment projects.
• AdMax is designed to maximize adoption of and ROI from Hitachi ID identity management solutions,
using:
– Best practices, case studies and industry norms.
– Enrollment, user adoption and ROI measurement.
– Incentive and disincentive programs.
– Presentations and training materials for users and HD staff.
– Project roles and responsibilities.
– Sample project plans, promotional materials, e-mails, graphics and other user communications.
– Workbooks for project implementation.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 15
16. Slide Presentation
26 Summary
Hitachi ID Identity Manager enables automated, self-service and policy-driven management of identities
and entitlements:
• Automation: onboarding, deactivation, identity synchronization.
• Self-service: profile updates.
• Delegated administration: access requests, approvals workflow.
• Policy engines: RBAC, SoD, standard setup for new users.
• Reports: who-has-what, change history.
• Integrations: 110 connectors built-in.
• Rapid deployment: built-in screens, processes, features minimize custom coding.
More secure infrastructure, lower IT management costs and faster user service.
Learn more at Hitachi-ID.com/Identity-Manager
27 Getting an IAM Project Started
• Build a business case.
• Get management sponsorship and a budget.
• Discovery phase, capture detailed requirements.
• Assemble a project team:
– security
– system administration
– user support
– etc.
• Try before you buy: Demos, POCs, pilots.
• Install the software, roll to production.
• Enroll users, if/as required.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres
www.Hitachi-ID.com Date: March 1, 2012