Upload
cdh-technology-consultants
View
748
Download
0
Tags:
Embed Size (px)
Citation preview
C D H Quick Facts
About Us • 20th Year
• Grand Rapids & Royal Oak
• 25 Staff
Approach • Vendor Agnostic
• Non-reseller
• Professional Services Only
Partnerships
• Microsoft Gold
• VMware Enterprise
• Cisco Premier
• Novell Platinum
• Citrix Silver
C D H
Infrastructure
Access & Identity Management
Expertise
Project Management
Collaboration
P
I
C
A
C D H
jj122johnnyj294
********johnnyjohnjohn
jjohnson077
johnny_thegolfer413
johnmeister_192
******
**************************************************************** ****************
bigjohn_92
jjohnson077************
jjj_021john_Johnson_45**** ****
st.john_140
Users have too many credentials to remember
More and more applications requiring a password
The Problem: Password Proliferation
C D H
jj122johnnyj294
********johnnyjohnjohn
jjohnson077
johnny_thegolfer413
johnmeister_192
******
**************************************************************** ****************
bigjohn_92
jjohnson077************
jjj_021john_Johnson_45**** ****
st.john_140
Users have too many credentials to remember
Do they write them down? What about security?
More and more applications requiring a password
How many
passwords
do you have?
The Problem: Password Proliferation
C D H
Productivity
The helpdesk spends too much time on password resets, while end users sit idle.
jj122johnnyj294
********johnnyjohnjohn
jjohnson077
johnny_thegolfer413
johnmeister_192
******
**************************************************************** ****************
bigjohn_92
jjohnson077************
jjj_021john_Johnson_45**** ****
st.john_140
Users have too many credentials to remember
Write them down? What about security?
More and more applications requiring a password
How many
passwords
do you have?
The Problem: Password Proliferation
C D H Challenges
• How many passwords do your users have to remember?
• How much does it cost when a user forgets his/her password?
• What mission-critical projects should your helpdesk be focusing on?
• How long does it take to reset a lost or forgotten password?
• How long do your users sit idle waiting for a password reset?
• Are your users writing down their passwords?
C D H
Percent of password-related
helpdesk calls
Data: Leading Analyst Firms
25%-35%
Productivity Impact
C D H
• Enable single sign-on to Windows*, Web, Java*, terminal and enterprise applications
• Enhance security with strong
passwords and advanced
authentication
• Improve end-user and IT productivity
• Reduce costs related to password
resets
• Leverage your existing IT
investments
• Support regulatory compliance
efforts
• Deliver a quick win
Novell® SecureLogin
C D H Novell® SecureLogin Architecture Directory-enabled Architecture Strengths
• Works seamlessly with your directory infrastructure • Novell eDirectory™
• Microsoft Active Directory
• Any v3-compliant LDAP directory
• Minimal changes to the directory schema
• Prevents single point of failure in your deployment
• Users can log in to any network computer and realize the SSO experience
• Users can login and logout quickly
• Users can work in disconnected mode and still leverage SSO for logging into applications
C D H Novell® SecureLogin Architecture Novell eDirectory™
SSO
+
+
Shared
Desktop
DAS
Strong
Authentication Novell Client
Enterprise
Desktop
Terminal
Services
Novell
SecureLogin
Enterprise Systems
Application A
Application B
Application C
SecretStore Novell
eDirectory
Audit
Server
Report
Database
Optional Add-on
C D H Novell® SecureLogin Architecture Microsoft Active Directory
SSO
+
Shared
Desktop
DAS
MS Client
Enterprise
Desktop
Terminal
Services
Novell
SecureLogin
Enterprise Systems
Application A
Application B
Application C
Active
Directory
Audit
Server
Report
Database
Optional Add-on
+ Smart Card
Authentication
C D H Novell® SecureLogin Architecture Other LDAP Directories
SSO
+
Shared
Desktop
DAS
MS Client
Enterprise
Desktop
Terminal
Services
Novell
SecureLogin
Application A
Application B
Application C
LDAP V3
Directory
Audit
Server
Report
Database
Optional Add-on
Enterprise Systems
C D H Key Features
• Simple user interface
• Market-leading integration wizard reduces implementation time
• Out-of-the-box support for dozens of applications
• Consistent user experience, whether users are online or offline
• Supports multi-factor authentication
• Secure shared workstation support
• Detect Windows applications that open before Novell® SecureLogin
• Fault tolerance to ensure that network downtime doesn't affect SSO performance
• Flexibility to do more than just single sign-on
C D H How it Works Capture and Replay
• Novell SecureLogin captures and securely stores user credentials
• SecureLogin passes credentials to the target application on behalf of the user
• Passwords are not synchronized
• No changes to the application are required
• Supports a broad range of applications – Windows
– Web
– Java
– Citrix/ Terminal Servers
– Host-based/ Terminal Emulators
C D H Integration Wizard Initial Login
• Recognizes when a login
prompt is presented —
even if the application
opens before
SecureLogin
• Prompts administrator
with options for SSO-
enabling the application
C D H Integration Wizard Credential Source
• Allows administrator
to specify the
credential source
– Application's own
credential set
– Credentials from
another source
(network login or a
related application)
C D H Integration Wizard Identify Fields
• Identifies the login
fields
– Username
– Password
• Allows customization
of login prompt
C D H Integration Wizard Identify Fields
• Identifies the login
fields
– Username
– Password
• Shows which fields
will be populated
C D H Integration Wizard Re-authentication
• Allows administrators
to require additional
authentication before
SecureLogin injects
the user's credentials
C D H Integration Wizard Submit Options
• Allows the user or
SecureLogin to
submit the credentials
• Identifies the ―submit‖
button
C D H Integration Wizard Matching Criteria
• Helps SecureLogin
identify the
appropriate login
screen
• If two login screens
look the same,
defining matching
rules will distinguish
them
C D H Case Study #1
Hospital Setting
• Prox card reader
• Custom PIN login
• Password Synchronization (where
possible)
C D H Case Study #2
Level 1 Trauma Center
• Prox card reader
• Custom Password Request Authentication
• Auto-launch key EMR application
• Quick & Secure Login Functionality
C D H Case Study #3
Law Firm Setting
• User password authentication
• Password Synchronization (where possible)
• Custom Context Management solution – Monitor OCS client and prompt on incoming
call
– Auto-launch document management system with latest case notes
– Auto-launch accounts receivable
C D H Case Study #4
Hospital Setting
• User password authentication
• Auto-launch key EMR application
• Quick & Secure Login Functionality
• Password Synchronization (where
possible)
• Custom Context Management solution
C D H Oaklawn Hospital
• Reason for NSL – Generic accounts
– Compliance and privacy concerns
• Implementation Plan – Phased approach
• Phase 1 – SSO enabled 6 key applications
– Deployed to clinical areas
– Quick logon/logoff
– Created new eDirectory accounts for all staff
– Password Self Service
– Education was key
C D H Oaklawn Hospital
• Phase 2
– SSO enabled an additional 10 applications
– Context Management
• From iMed to GE PACS
• From iMed to MUSE
– Added admin workstations
– Upgraded the NSL Client
• Phase 3 (not started)
– Add support for Prox card reader
– SSO to enable additional applications
C D H Novell® SecureLogin
Strengths
• Mature and proven technology
• Delivers the markets most comprehensive
integration wizard
• Handles much more than just passwords
• Centrally managed and administered
• No extra hardware required
C D H Novell® SecureLogin
Strengths
• Choice of strong authentication devices
• Supports LAN, Web, thin client, VPN or
mobile users
• No application changes or modules
required on application servers
• True interoperability
• Non-intrusive, rapid deployment
C D H Novell® SecureLogin Strengths Improving Security
• Can be configured such that users never know their user ID and password for their applications
• Users only have to remember one password which means you can implement a stronger base password policy
• SecureLogin eliminates the need to write down passwords
• Can be configured to bring advanced authentication to every application
C D H Novell® SecureLogin Strengths Improving Security
• Allows you to apply strong password policy
for each application
– Unique passwords
– Special characters
– Alpha numeric
– Minimum and maximum characters
– Repeating characters
– Length
• Even if the application is not policy
enabled
C D H Novell® SecureLogin Strengths Improving Security
• Protection against the rogue administrator – When a user’s eDirectory™ password is reset,
access to the application secrets are locked
– The user must provide a passphrase answer to gain access to the secrets (or SecretStore™ administrator can unlock passwords)
– If an administrator tried to copy a user's secret to another user object, the secrets are locked
– Credentials are encrypted with 168-bit 3DES encryption with a unique key for each credential
C D H Eliminate Bad Habits
• Eliminates writing down passwords – End users only remember their main directory credentials
– Strong authentication can completely eliminate passwords
• Eliminates account sharing – End users don’t need to know passwords to back end
systems
– Increases traceability and accountability
• Eliminates weak passwords – Password policies can be applied to all applications
– Different systems can have different policies
• Eliminates password-related calls to the helpdesk – Helpdesk doesn't need password-reset rights to sensitive
applications
C D H
Lower costs by reducing password-related calls to the
helpdesk
Mitigate security risks by strengthening passwords and
password policies, and by eliminating security loopholes
Support compliance with government and industry
regulations, and internal policies
Increase productivity by allowing IT and end users to focus
on more strategic projects rather than worrying about
passwords
Leverage existing investments through tight integration
and interoperability
Benefits
C D H
Royal Oak 306 S. Washington Ave.
Suite 212
Royal Oak, MI 48067
p: (248) 546-1800
Thank You
Grand Rapids 15 Ionia SW
Suite 270
Grand Rapids, MI 49503
p: (616) 776-1600
(c) C/D/H 2007. All rights reserved www.cdh.com