ConfigXpress Utility in CA IdentityMinder can my identity

agility made possible™

can my identity management solution quickly adapt to changing business requirements and processes?

SOLUTION BRIEFConfigXpress Utility in CA IdentityMinder

2

With the ConfigXpress tool in CA IdentityMinder™, you can promote business logic easily, document the system for efficient knowledge transfer and easily display relationships between CA IdentityMinder objects. These capabilities all provide time savings for the administrator and in turn contribute to overall reduction in TCO and better facilitates system suitability.

ConfigXpress Utility in CA IdentityMinder

3

ChallengeAn identity management solution is a sophisticated environment and organizations expect it to function as originally designed and as modified for its specific business needs. To meet those expectations, it must be managed in a consistent and sustainable manner. Part of that management requires adequate testing of customized functionality before deploying the changes into a production environment. Proper configuration management requires that modified system functionality first be tested in a development environment and then moved to a test environment before finally being migrated into production. This process helps ensure that the changed processes will work as expected to support the business requirements. But moving the components is often a challenge. One must ensure all necessary objects have been accurately moved between each environment for proper functioning of the production system.

OpportunityConfigXpress is a CA IdentityMinder™ utility that provides system administrators several useful capabilities, chief among them is the ability to easily move components between staging environments for simplified configuration management. It reduces the time and effort a system administrator must spend while moving components between configuration environments and thereby allows for more functional testing time. It also provides a change-analysis report that highlights differences between environments as compared to a current and baseline installation. It provides a “push-button” system documentation process that records the many system components for future reference or as a part of a system recovery plan. ConfigXpress also provides a convenient and efficient method to display component relationships. For example, it shows which screens are used by specific tasks and which administrative roles grant access to those tasks.

BenefitsConsiderable time can be saved with the ability to easily identify component differences and quickly promote these components between development, test and production environments as part of a configuration management process. As a result, the organization can better depend upon the identity management solution to provide consistent results and with a savings of time and effort. Using ConfigXpress, administrators can quickly perform these changes, document the system and quickly understand the relationships between objects, roles, and access to more easily manage the system. All of these factors are likely to contribute to a more easily maintainable identity management system and provide for a lower total-cost-of-ownership (TCO).

executive summary


4

SECTION 1: Business need

Managing an identity management solutionOrganizations depend upon consistent and known processes. A number of these processes are often implemented by an identity management solution in order to automate them. However, to ensure these processes perform as expected; they must be tested before moving or promoting the logic into a production environment.

An identity management solution is often a critical enabler of a business’ flexibility, if managed well. It can also be a significant impediment to the business if it cannot adjust quickly and reliably to the fast changing needs of today’s organizations. Every organization has specific processes that an identity management solution must implement. CA IdentityMinder enables that business flexibility through a number of features and one of them is PolicyXpress (please see related technology paper titled: “CA IdentityMinder: customization without coding”) where customized business logic can be defined without writing code. However, even with PolicyXpress the logic should still be tested before it is promoted to a production system environment.

Any identity management solution has many components and determining which objects have changed and which ones to move from test to production is a common challenge for any administrator. This process is similar for any identity management solution today. The process to move a component like a portal screen or a business policy requires the administrator to export an XML file that defines the environment, then search through the rather large file for the desired objects, cut-and-paste these objects into a separate file and then finally upload these selected objects into the target environment. This assumes that the administrator accurately determined the appropriate and related objects that were needed to accompany the screen or business policy. If the administrator doesn’t include all of the objects the promotion and test process from one environment to another will fail and the process will have to be reviewed and attempted again. This is a manual process that every administrator must learn and remember. However this is not an everyday occurrence so it is easily forgotten between attempts.

Configuration management is a challenge in any identity management environment, but ConfigXpress “flattens” the learning curve, makes searching through an XML file a thing of the past and configuration management as easy as pressing a button.

http://www.ca.com/~/media/files/TechnologyBriefs/connector_policy_xpress_tb_236744.pdf


5

SECTION 2: Solution

Simplified configuration management & moreConfigXpress provides CA IdentityMinder administrators with several significant productivity capabilities. This utility included with CA IdentityMinder is installed as a part of the standard product installation and has been available since r12.5 SP4, but the utility can actually be used with any CA IdentityMinder version from r8.1 and later. In this section, we will review those ConfigXpress capabilities.

ConfigXpress quickly analyzes a current CA IdentityMinder environment and displays the system’s components and their relationships to other objects within the system. This is especially useful for any administrator that needs to quickly understand the system or just to review impacts of proposed changes to an environment. For example, it shows which screens are used by specific tasks and which administrative roles grant access to those tasks. How much more productive could an administrator be if the time it normally takes to understand the identity management components were significantly reduced?

The next few screen captures show some of the display and analysis capabilities of ConfigXpress.

Figure A.System envirnoment: access definition and configuration

Quickly load from a live system or from an exported environment file the details of your identity management system. The Environment screen shows the URLs defined for authenticated access and access for public tasks such as password self-service. The software version is also displayed among other information.


6

ConfigXpress displays all of the environment’s graphical user interface screens along with their relationships with Tasks and details of data elements displayed on the screens. Also useful is the ability to see whether a screen is an unmodified out-of-the-box (OOTB) screen, a modified or a completely new screen developed by the implementing organization.

relationshipsdata elements

modified or new screen

Figure B.System screens: attributes and relationships


7

admin roles that grant access

to tasksscreens used by

the task

ConfigXpress displays all of the environment’s tasks along with their related roles which grant access to the tasks. Each task makes use of one or more screens and this is shown to the administrator. Like the screens, the tasks are also analyzed to determine which are OOTB, modified or defined by the implementing organization.

Figure C.System tasks: definition and relationships


8

This utility also provides a “push-button” system documentation capability that records the many system components for future reference or as a part of a system recovery plan. This document and the environment file could also be imported to a version control tool as files for long term storage.

With the click of a button all of the graphical components and configuration views provided by ConfigXpress can be deposited within a single document that is exported to an Adobe PDF file. The administrator can customize aspects of this document such as parts of the title page and a free-format introduction section to meet specific documentation needs.

A very useful part of the documentation is a listing of the objects and relationships that can help pinpoint performance hot-spots around a particular component that may not have been designed efficiently. There is also a listing of any active Web Services within the CA IdentityMinder environment; this provides the administrator a quick security risk assessment of any Web Services that may allow access to third-party applications.

Figure D.System documentation: quickly captures the environment


9

Additionally, each object can be inspected at a detailed view as source XML for further analysis and understanding.

While browsing any of the CA IdentityMinder components the administrator can view the object’s XML source for additional clarity of the object’s definition and behavior.

Here is a review of the configuration management capabilities provided by ConfigXpress and how this utility can simplify the process.

ConfigXpress can reduce an administrator’s time and effort while promoting components (business logic, screens, roles) between configuration environments through the following capabilities:

•Environment import from live systems or through exported files Connect to live systems and perform the configuration management process or use archived and previously exported Environment files.

•Quick comparison between environments For example, it displays the objects that have been changed between test and production environments. It is easy to compare against a current or baseline installation.

Show XML button provides this detail of

any system component

Figure E.Component details: XML source of components


10

•Can display only the changed or new components for targeted review Administrators often need to know what has changed and ConfigXpress quickly shows this view.

•Ensure all required objects are moved with the selected component When business logic is moved into production, the associated and required portal screens are also promoted as well. The administrator does not need to know and search for such information. This avoids system crashes and errors by appropriately migrating all needed objects.

All of these features can allow for more functional testing time by reducing the time previously used in searching for and the moving of objects.

This display screen shows the differences between two environments for quick promotion of objects between the development, test and production environments.

This shows two environments for

quick comparisons

Figure F.Promotion of objects: select the changed objects


11

SECTION 3: Conclusions

Simplified configuration managementIdentity management solutions require the flexibility and adaptability to implement business logic and integration to many heterogeneous enterprise systems. In today’s environments, because of the dynamic and competitive nature of business environments and shifting government regulatory requirements nothing stays the same for long. The end result: business processes and systems must be changed, and the identity management solutions supporting these systems must ebb and flow to meet the demands of the business. The question is often asked: “How can this be done quickly and in a cost effective manner?”

The CA IdentityMinder solution provides tools and utilities to enable customization without coding using PolicyXpress. Those same business policies can then easily be managed using ConfigXpress.

ConfigXpress provides the administrator the needed capabilities to promote business logic easily, document the system for efficient knowledge transfer and easily display relationships between CA IdentityMinder objects. These capabilities all provide time savings for the administrator and in turn contribute to overall reduction in TCO and better facilitates system suitability.

During a promotion of objects, ConfigXpress will inform the administrator of additional and required objects related to the promoted object. This better enables the target environment to operate properly with all of the required objects.

Figure G.Check that required screens are included with the task


CA Technologies is an IT management software and solutions company with expertise across all IT environments—from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 rely on CA Technologies to manage their evolving IT ecosystems. For additional information, visit CA Technologies at ca.com.

SECTION 4:

About the authorBob Burgess is an Advisor and a member of CA Technologies Security Center of Excellence team. His industry experience spans more than 20 years as a developer, technical evangelist, manager of a development team and stints in product marketing and sales. Prior to this experience, Bob served 11 years (active and reserve duty) in the in US Air Force involved with future weapons systems at Strategic Air Command Headquarters and served among other positions as a Squadron Commander. Bob has a Bachelor of Science in Computer Science in addition to a Bachelor of Science in Engineering Technology, both from Texas A&M University.

To learn more about the CA IdentityMinder architecture and technical approach, visit ca.com/user-provisioning.

Copyright © 2012 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “As Is” without warranty of any kind, including, without limitation, any implied warranties of merchant-ability or fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. CS2095_0212

http://www.ca.com/us/user-provisioning.aspx

Documents

ConfigXpress Utility in CA IdentityMinder can my identity