This research note is restricted to the personal use of

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "This research note is restricted to the personal use of christine_tolman@byu.edu"

Transcription

1 Burton IT1 Research G Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance and use of digital names, credentials, and attributes for people, devices, and applications. Change and consolidation in the industry heighten the need for a logical architecture for developing and evaluating IdM solutions. This document is the root template for the Reference Architecture. It incorporates a revised template graphic to illustrate the interaction of users; objects or resources they seek to use; access gateways, authentication, and policy enforcement services; federated domains; identity administration, policy administration, and provisioning; and identity data services. *The secondary authors listed above have been included for attribution purposes only. They were the original authors of this content, but were not involved in the latest update. As they are no longer employed at Gartner, please contact the lead author if you have questions. Table of Contents Template Applicability...2 Template Map... 2 Template Diagram... 3 Template Description...4 Access Policy Enforcement... 5 User Management Templates...6 Identity Data Services Templates...6 Common Concepts and Terms... 7 Subjects... 7 Access Gateways...7 Federation... 7 Objects...8

2 Management and Audit... 8 Recommended Reading...9 Notes List of Figures Figure 1. Template Map...2 Figure 2. Template Symbols... 3 Figure 3. Identity Management... 4 Template Applicability What are the components and interfaces of an architecture for identity management? Template Map As illustrated in Figure 1, the "Identity Management" references other templates containing further details. Figure 1. Template Map Identity Management You are here. Identity Data Services Identity Policy Admin Provisioning Web Access Mgmt Identity and Access Governance Integrated Layered Directory Environment Virtual Directory Metadirectory Directory Externals Directory Internals Access Request Access Certification Data Gathering and Fulfillment Services Source: Gartner (June 2012) Page 2 of 11 Gartner, Inc. G

3 Template Diagram Figure 2 illustrates the symbols used in the template diagram. A colored square-cornered box with solid borders represents a component; components implement functionality and may contain subcomponents (which may be described in subsidiary templates). A gray box with rounded corners and a dotted border represents an interface; interfaces provide programmatic access to some or all of a component's functionality. A white box with square corners and a solid border sticking out of the surface of an interface represents a discrete unit of functionality within an interface. A gray box with arrowheads at two ends and a dotted border represents a protocol. Protocols provide remote access (over a communications link) to some or all of the functionality of a component. Figure 2. Template Symbols A colored square box with solid borders is a component. A gray round-cornered box with dotted borders is an interface. A white box on the surface of an interface is a function. A gray arrow with dotted borders is a protocol. Source: Gartner (June 2012) Figure 3 is the template diagram for identity management. Gartner, Inc. G Page 3 of 11

4 Figure 3. Identity Management Federation Authentication and reduced sign-on Access gateway Access policy enforcement Access policy mgmt. Provisioning Provisioning policy mgmt. Identity admin. and audit interface Identity audit Authentication and authorization Personalization and visualization Query and update Identity data services interface Trust mgmt. Delegated user admin. Self-service Source: Gartner (June 2012) Template Description Identity management (IdM) services enable management of subject identities and control the access of domain subjects 1 (e.g., users or services) or subjects in federated domains 1 to objects 1 (or resources) such as applications and databases. IdM services grant or deny access in keeping with policies defined by the organization that owns and controls the requested resources. These services allow access based on identity attributes including a user's identity, permissions, and role 1 information. Access management, provisioning, 1 and other IdM security components rely on identity data services (e.g., directory services) to provide information about users and their permissions. For example, an authorization system may implement the policy 1 that a user with the role or attribute "bronze dealer" can access the "bronze dealer price" field in a database. Although the authorization system knows the rules, it cannot function without the identity data that identifies who the bronze dealers are. Whereas authorization and other policy enforcement systems control user access to resources by actively allowing or prohibiting runtime access attempts, provisioning services control policy indirectly by propagating account information and access rights to diverse applications and security domains, which then use this information to locally enforce policies such as authorization. (For definitions of terms such as "subject," "object," "role," "provisioning," and "policy," see "Concepts Page 4 of 11 Gartner, Inc. G

5 and Definitions." The interaction of these components is discussed in the templates referred to throughout this root template.) The templates described in this root template break IdM down into access policy enforcement, user management, and identity data services. Each subsection contains a link to the corresponding Reference Architecture template and the template's problem statement. Access Policy Enforcement Access policy enforcement infrastructure provides authentication 1 of subjects and may provide authorization 1 and reduced sign-on through components such as the following: Firewalls perform access control on the network traffic between systems. Note that the term "firewall," as used here, refers to any device (whether it is an enterprise firewall, a router or switch, or a security appliance) that acts as an identity-enabled policy enforcement point (PEP) 1 while performing network access control. For example, firewalls may authenticate users and allow or deny access to the system on a particular port. Proxies positioned at network access points intercept communications of a certain type (e.g., Hypertext Transfer Protocol [HTTP]) between the subject and the resource, authenticate the user, and allow or deny access to the resource based on rules or policies. Agents behave like proxy components, except they are co-located on a system with the target resource. Authorization services function as policy decision points (PDPs) 1 that make authorization decisions on behalf of PEPs. Firewalls, proxies, and agents may function as PEPs that contact PDPs such as authorization services or identity data services, or PEPs may be co-located with their own PDP functionality. Before they can access resources, users coming from outside the enterprise network may pass through an access gateway (e.g., a portal) and multiple PEPs such as firewalls, proxies, and agents. To understand how an overarching authorization architecture can be abstracted from the physical environment, see "Decision Point for Selecting Authorization Mechanisms" and "Decision Point for Authentication." In addition, the back-end resources such as operating systems and applications usually have native authentication and authorization capabilities of their own. Resource-specific authentication interfaces come into play when a user logs into a resource directly rather than through a centralized access gateway or policy enforcement component. Resource-specific authorization logic is applied in addition to any centralized policy enforcement. Access policy enforcement systems usually support reduced sign-on. In such scenarios, the centralized access services either proxy the access for the user, or generate a Kerberos ticket, session cookie, or other session information that the resource can natively recognize. Gartner, Inc. G Page 5 of 11

6 For authorization purposes, centralized policy enforcement services are often applied at the front end while leaving fine-grained or custom authorization to the local resource or resource manager. In such cases, it is important that the centralized policy service's view of identity and the resource view of identity are well correlated. One way to provide such correlation is through a bridged session associated with a common user identifier. Another way to achieve identity correlation is through provisioning of accounts with consistent privileges across diverse resources. Yet another approach is to use HTTP variables to pass the user identifier name and pertinent attributes. Web access management (WAM) services are a common solution set consisting of PEPs (e.g., agents or proxies) and PDPs (e.g., authorization services) that provide centralized access policy enforcement. "Web Access Management Services" What are the components of WAM services that enable external and internal users of Web portal systems to be authenticated and/or authorized to access enterprise resources? User Management Templates To learn more about the structure of various portions of IdM architectures, click on the links for any of the following Reference Architecture templates: "Identity Administration" What are the components an organization uses to administer internal and external user identities and related policies? "Provisioning Services" What are the components an organization can use to leverage its knowledge of user identities and roles and automatically provision accounts and access rights across its resource managers and applications? Identity Data Services Templates Identity data services store and provide identity information such as names, credentials, roles, and other attributes to users, applications, user management, policy enforcement, and other services. Although directory services and other repositories are important components, additional identity data services such as synchronization, replication, and identity proxy capabilities are necessary to ensure adequate availability, accessibility, and performance. Federation and virtualization are also important for increasing the utility of identity information for diverse applications and domains. To learn more about identity data services, see the following template: "Identity Data Services" What are the components and interfaces of identity data services through which an organization can store and provide identity information to users, applications, and other services throughout the enterprise? Page 6 of 11 Gartner, Inc. G

7 Common Concepts and Terms The IdM templates all conform to a common understanding of the following basic concepts and terms that are central to Gartner's IdM Reference Architecture. Subjects Alternately known as "principals" or "users," subjects are people, application entities, and named devices whose identities are managed in an IdM environment. Subjects may access resources using Web interfaces, client/server interfaces, or other protocols. Subjects may access enterprise networks either internally, from local-area network (LAN)-based desktops, or externally, from outside the firewall. Applications and Web services modules may access other applications or Web services interface points to fulfill user requests. Virtual private network (VPN) technology is often used to create secure tunnels from employee portable devices or remote locations. Access Gateways Access gateways such as portals, terminal services, and other solutions provide a centralized or consistent presentation experience for users. Portals are an application development paradigm in which content and applications are aggregated into a single browser view. Most portals require no client software or dependencies beyond a Web or Wireless Application Protocol browser. Portals can also broker Web services requests using Web Services for Remote Portlets (WSRP). Some access gateways personalize the aggregation and presentation of these views based on user identities, preferences, and roles. Access gateways can mitigate differences among user client devices, applications, and locations by separating application presentation from application backend processing and data-storage tiers. Separate access gateways can be implemented for internal and external users, respectively, or both categories of users can access the same infrastructure, with separate permissions enforced through integrated IdM services. Increasingly, users are utilizing IdM functions through access gateways such as portals. Typically, access gateways provide some authentication and authorization features, but these are not as comprehensive, robust, or well integrated as the security services from WAM systems. However, WAM systems are often fairly well integrated with portals, and many access gateways can integrate with dedicated access management systems. Federation Organizations are increasingly implementing identity federation to support access across multiple identity domains. In federated environments, domains exchange just-in-time assertions of identity attributes or events, such as whether a given user has logged into a given site and has a particular set of permissions. Identity federation may be established across internal business units, affiliated enterprises, or public identity networks. Gartner, Inc. G Page 7 of 11

8 Objects Objects (or resources) include applications, platforms, databases, resource managers, operating systems, LANs, printers, scanners, and devices. The resources in a typical enterprise are highly fragmented, which increases the cost and difficulty of managing them. Burgeoning connectivity exacerbates an environment in which resources contain their own embedded security functions, provided in some cases by the applications themselves and in other cases by resource managers, such as the operating system. These security functions include account repositories, access control lists (ACLs), policies, auditing, and enforcement logic. In some cases, embedded security functions are necessary to address security needs that are unique to an application or system. But in other cases, the embedded security functions duplicate general-purpose security functionality and could be replaced with general-purpose security. In addition, if exposed to the external environment or serious internal threats, many security systems embedded within resources are weak and will fail. The IdM infrastructure therefore exists to provide general-purpose facilities to increase the security and manageability of resources in accordance with enterprise policies. Identity Sources and Information IdM services support creation and maintenance of identity information, including groups, roles, attributes, credentials, and entitlements. Identities are stored in IdM repositories, such as directories. Where possible, integrated directory environments aggregate composite user information from multiple sources. However, primary identity sources include human resources (HR), customer, and supplier databases. Applications and other resource managers also hold accounts, credentials, and other information for users. Thus, some of the "objects "shown in the template diagram may be used as identity sources. It is critical, however, that each source of data hold clean or correct information. Management and Audit All IdM infrastructure components require management and auditing. Consoles, servers, databases, and agent components are dedicated to fault management, performance management, configuration management, accounting management, and security management. Auditing functions include event prioritization and secure event collection, correlation, and reporting. Once only an afterthought, auditing services are receiving increased attention as customers deploy complianceoriented IdM architecture. Although all IdM products should include basic logging and reporting for auditing purposes, IdM vendors are now developing specialized auditing products. It must also be possible to correlate audit information, fault data, and other security information across the infrastructure and the objects in the resource layer. 1 "Identity and Access Governance" What are the components of a complete IAG program and technical architecture and how do these relate to the rest of the identity management infrastructure? Page 8 of 11 Gartner, Inc. G

9 Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Concepts and Definitions" "Decision Point for Selecting Authorization Mechanisms" "Decision Point for Authentication" "Web Access Management Services" "Provisioning Services" "Identity Data Services" Revision History June 2012 Revised to include updated figures and template map. Updated links and text. Added Recommended Reading section. February 2010 Updated graphics to new standard. Removed items which are context for the identity management (IdM) architecture but not actually part of it (e.g., subjects and objects). November 2005 The "identity data services" functional aggregation subsumes "directory services" and "identity mapping and referral" services. "Access gateway" replaces "portals" to allow for more generalized coverage of presentation issues. "Subjects" replaces "internal users" and "external users" to formalize terminology (similar authentication and policy enforcement mechanisms are often employed regardless of the user's starting point with respect to the perimeter). "Access policy enforcement infrastructure" replaces "access management" and "Web access management" (WAM) to reflect the increased diversity of IdM policy enforcement points (PEPs), which now include some firewalls as well as WAM agents or proxies. Gartner, Inc. G Page 9 of 11

10 "Objects" subsumes "applications, platforms, and databases." April 2003 The template was renamed "Identity Management Templates" (previously "Applications Infrastructure Templates"). The template now incorporates a revised graphic that more effectively shows the relationships of IdM components. Discussion of authentication and authorization was enhanced under the "Access Management" section. The link to the sub-template formerly called "Identity Management" was updated to the subtemplate's new name, "Identity Administration," because the term "identity management" has taken on a broader meaning. A link to an additional template for virtual directory services was added to fill out the "Identity Mapping and Referral" section, which also contains a link to metadirectory services. The "I&AM Environment" sidebar was removed and replaced with a section called "Common Concepts and Terms." Miscellaneous icons on the template graphic, such as "users" and "portals," point to this section. Notes 1 Gartner. "Concepts and Definitions." 25 April Page 10 of 11 Gartner, Inc. G

11 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT USA Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, ombudsman/omb_guide2.jsp. Gartner, Inc. G Page 11 of 11

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Realize That Big Security Data Is Not Big Security Nor Big Intelligence G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is

More information

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

What's a Digital Marketing Platform? What Isn't?

What's a Digital Marketing Platform? What Isn't? G00252512 What's a Digital Marketing Platform? What Isn't? Published: 26 June 2013 Analyst(s): Jake Sorofman, Andrew Frank, Bill Gassman, Adam Sarner, Mike McGuire The rise of digital marketing has amplified

More information

SOA REFERENCE ARCHITECTURE: WEB TIER

SOA REFERENCE ARCHITECTURE: WEB TIER SOA REFERENCE ARCHITECTURE: WEB TIER SOA Blueprint A structured blog by Yogish Pai Web Application Tier The primary requirement for this tier is that all the business systems and solutions be accessible

More information

Research. Identity and Access Management Defined

Research. Identity and Access Management Defined Research Publication Date: 4 November 2003 ID Number: SPA-21-3430 Identity and Access Management Defined Roberta J. Witty, Ant Allan, John Enck, Ray Wagner An IAM solution requires multiple products from

More information

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows Introduction... 3 Goals for Windows Integration... 4 Directory

More information

Use a TCO Model to Estimate the Costs of Your Data Center

Use a TCO Model to Estimate the Costs of Your Data Center G00233221 Use a TCO Model to Estimate the Costs of Your Data Center Published: 26 June 2012 Analyst(s): David J. Cappuccio The cost to own and run a data center is significantly higher than many IT managers

More information

Identity as a Service Powered by NetIQ Solution Overview Guide

Identity as a Service Powered by NetIQ Solution Overview Guide Identity as a Powered by NetIQ Solution Overview Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...

More information

Unicenter Remote Control r11

Unicenter Remote Control r11 Data Sheet Unicenter Remote Control r11 Unicenter Remote Control TM is a highly reliable and secure application for controlling and supporting remote Windows and Linux systems. It delivers all of the features

More information

Agenda Overview for Social Marketing, 2015

Agenda Overview for Social Marketing, 2015 G00270737 Agenda Overview for Social Marketing, 2015 Published: 19 December 2014 Analyst(s): Julie Hopkins Social marketing programs are maturing; executives increasingly expect ROI to follow social marketing

More information

Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models

Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models G00237716 Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models Published: 6 February 2013 Analyst(s): David W. Cearley, Donna Scott, Joe Skorupa, Thomas J. Bittman Cloud

More information

Security and Identity Management Auditing Converge

Security and Identity Management Auditing Converge Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,

More information

ObserveIT User Activity Monitoring

ObserveIT User Activity Monitoring KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on

More information

Organizations Should Implement Web Application Security Scanning

Organizations Should Implement Web Application Security Scanning Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

From Secure Virtualization to Secure Private Clouds

From Secure Virtualization to Secure Private Clouds From Secure Virtualization to Secure Private Clouds Gartner RAS Core Research Note G00208057, Neil MacDonald, Thomas J. Bittman, 13 October 2010, RV2A108222011 As enterprises move beyond virtualizing their

More information

Cloud, SDN and the Evolution of

Cloud, SDN and the Evolution of Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form

More information

DameWare Server. Administrator Guide

DameWare Server. Administrator Guide DameWare Server Administrator Guide About DameWare Contact Information Team Contact Information Sales 1.866.270.1449 General Support Technical Support Customer Service User Forums http://www.dameware.com/customers.aspx

More information

Selecting a Mobile App Development Vendor

Selecting a Mobile App Development Vendor G00246304 Selecting a Mobile App Development Vendor Published: 27 December 2012 Analyst(s): Ken Parmelee Ensuring that mobile app development vendors meet requirements and are viable requires an understanding

More information

WINDOWS 2000 Training Division, NIC

WINDOWS 2000 Training Division, NIC WINDOWS 2000 Active TE Directory Services WINDOWS 2000 Training Division, NIC Active Directory Stores information about objects on the network and makes this information easy for administrators and users

More information

Managing the Risks of Running Windows Server 2003 After July 2015

Managing the Risks of Running Windows Server 2003 After July 2015 G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended

More information

GRAVITYZONE HERE. Deployment Guide VLE Environment

GRAVITYZONE HERE. Deployment Guide VLE Environment GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

More information

Key Issues for Identity and Access Management, 2008

Key Issues for Identity and Access Management, 2008 Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research

More information

Lesson Plans Managing a Windows 2003 Network Infrastructure

Lesson Plans Managing a Windows 2003 Network Infrastructure Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS HP Application Lifecycle Management on Software-as-a-Service Dedicated HP ALM/QC Offering Data sheet At a Glance The Dedicated HP ALM/QC offering is an on-demand Software-as-a-Service (SaaS) solution for

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and

More information

Hybrid for SharePoint Server 2013. Search Reference Architecture

Hybrid for SharePoint Server 2013. Search Reference Architecture Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc. SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification

More information

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Ensuring the Security of Your Company s Data & Identities. a best practices guide a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management

More information

Unlock the Value of Your Microsoft and SAP Software Investments

Unlock the Value of Your Microsoft and SAP Software Investments SAP Technical Brief SAP Gateway Objectives Unlock the Value of Your Microsoft and SAP Software Investments Bridging the integration gap between SAP and Microsoft environments Bridging the integration gap

More information

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

Best Practices for Confirming Software Inventories in Software Asset Management

Best Practices for Confirming Software Inventories in Software Asset Management Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

Emerging PC Life Cycle Configuration Management Vendors

Emerging PC Life Cycle Configuration Management Vendors Research Publication Date: 20 January 2011 ID Number: G00209766 Emerging PC Life Cycle Configuration Management Vendors Terrence Cosgrove Although the PC configuration life cycle management (PCCLM) market

More information

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents

More information

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as

More information

Organizations Must Employ Effective Data Security Strategies

Organizations Must Employ Effective Data Security Strategies Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security

More information

Highmark Unifies Identity Data With Oracle Virtual Directory. An Oracle White Paper January 2009

Highmark Unifies Identity Data With Oracle Virtual Directory. An Oracle White Paper January 2009 Highmark Unifies Identity Data With Oracle Virtual Directory An Oracle White Paper January 2009 Highmark Unifies Identity Data With Oracle Virtual Directory Executive Summary... 3 The Challenge: A Single

More information

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must

More information

Deploying F5 to Replace Microsoft TMG or ISA Server

Deploying F5 to Replace Microsoft TMG or ISA Server Deploying F5 to Replace Microsoft TMG or ISA Server Welcome to the F5 deployment guide for configuring the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security

More information

An Oracle White Paper January 2013. Integrating Oracle Application Express with Oracle Access Manager. Revision 1

An Oracle White Paper January 2013. Integrating Oracle Application Express with Oracle Access Manager. Revision 1 An Oracle White Paper January 2013 Integrating Oracle Application Express with Oracle Access Manager Revision 1 Disclaimer The following is intended to outline our general product direction. It is intended

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Five Business Drivers of Identity and Access Management

Five Business Drivers of Identity and Access Management Research Publication Date: 31 October 2003 ID Number: SPA-21-3673 Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation,

More information

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures

More information

AGILEXRM REFERENCE ARCHITECTURE

AGILEXRM REFERENCE ARCHITECTURE AGILEXRM REFERENCE ARCHITECTURE 2012 AgilePoint, Inc. Table of Contents 1. Introduction 4 1.1 Disclaimer of warranty 4 1.2 AgileXRM components 5 1.3 Access from PES to AgileXRM Process Engine Database

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

Securing the Microsoft Platform on Amazon Web Services

Securing the Microsoft Platform on Amazon Web Services Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft

More information

Preparing for GO!Enterprise MDM On-Demand Service

Preparing for GO!Enterprise MDM On-Demand Service Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules

More information

SAML 2.0 SSO Deployment with Okta

SAML 2.0 SSO Deployment with Okta SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Designing a Windows Server 2008 Network Infrastructure

Designing a Windows Server 2008 Network Infrastructure Designing a Windows Server 2008 Network Infrastructure MOC6435 About this Course This five-day course will provide students with an understanding of how to design a Windows Server 2008 Network Infrastructure

More information

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for Citrix Access Gateway VPN Connections DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer

More information

CA Single Sign-On Migration Guide

CA Single Sign-On Migration Guide CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for

More information

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client LANDesk White Paper LANDesk Management Suite for Lenovo Secure Managed Client Introduction The Lenovo Secure Managed Client (SMC) leverages the speed of modern networks and the reliability of RAID-enabled

More information

Understanding Vulnerability Management Life Cycle Functions

Understanding Vulnerability Management Life Cycle Functions Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010 Oracle Identity Analytics Architecture An Oracle White Paper July 2010 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may

More information

Cloud IaaS: Security Considerations

Cloud IaaS: Security Considerations G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the

More information

DIGIPASS Authentication for GajShield GS Series

DIGIPASS Authentication for GajShield GS Series DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and

More information

P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T

P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T, F U S I O N E D I T I O N R E L E A S E 1 1. 1. 1.x P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E

More information

Selection Requirements for Business Activity Monitoring Tools

Selection Requirements for Business Activity Monitoring Tools Research Publication Date: 13 May 2005 ID Number: G00126563 Selection Requirements for Business Activity Monitoring Tools Bill Gassman When evaluating business activity monitoring product alternatives,

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

AD Self-Service Suite for Active Directory

AD Self-Service Suite for Active Directory The Dot Net Factory AD Self-Service Suite for Active Directory Version 3.6 The Dot Net Factory, LLC. 2005-2011. All rights reserved. This guide contains proprietary information, which is protected by copyright.

More information

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design. SSM6435 - Course 6435A: Designing a Windows Server 2008 Network Infrastructure Overview About this Course This five-day course will provide students with an understanding of how to design a Windows Server

More information

How to Get to Single Sign-On

How to Get to Single Sign-On How to Get to Single Sign-On Gregg Kreizman Neil Wynne Twitter: @neilwynne Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in

More information

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Related Usage Models... 5 Reference Framework...

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Centrify Cloud Connector Deployment Guide

Centrify Cloud Connector Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as

More information

Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015

Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 G00263819 Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 Published: 18 June 2014 Analyst(s): Carl Claunch Support for Windows Server 2003 will end in July 2015. Production

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods

More information

AT&T Global Network Client Domain Logon Guide. Version 9.6

AT&T Global Network Client Domain Logon Guide. Version 9.6 Version 9.6 AT&T Global Network Client Domain Logon Guide 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual

More information

Setup Guide Access Manager Appliance 3.2 SP3

Setup Guide Access Manager Appliance 3.2 SP3 Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS

More information

Multi-Domain Security Management

Multi-Domain Security Management Multi-Domain Security Management R77 Versions Administration Guide 20 May 2014 Classification: [Protected] 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation

More information

Copyright http://support.oracle.com/

Copyright http://support.oracle.com/ Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.

More information

Securing BYOD With Network Access Control, a Case Study

Securing BYOD With Network Access Control, a Case Study Securing BYOD With Network Access Control, a Case Study 29 August 2012 ID:G00226207 Analyst(s): Lawrence Orans VIEW SUMMARY This Case Study highlights how an organization utilized NAC and mobile device

More information

Identikey Server Performance and Deployment Guide 3.1

Identikey Server Performance and Deployment Guide 3.1 Identikey Server Performance and Deployment Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is'

More information

<Insert Picture Here> Oracle Identity And Access Management

<Insert Picture Here> Oracle Identity And Access Management Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.

More information

Extranet Access Management Web Access Control for New Business Services

Extranet Access Management Web Access Control for New Business Services Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Identity and Access Management for the Cloud

Identity and Access Management for the Cloud Identity and Access Management for the Cloud What you need to know about managing access to your clouds Organizations need to control who has access to which systems and technology within the enterprise.

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Solution Path: Threats and Vulnerabilities

Solution Path: Threats and Vulnerabilities Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing

More information

Release Notes for Version 1.5.207

Release Notes for Version 1.5.207 Release Notes for Version 1.5.207 Created: March 9, 2015 Table of Contents What s New... 3 Fixes... 3 System Requirements... 3 Stonesoft Appliances... 3 Build Version... 4 Product Binary Checksums... 4

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Agenda Overview for Emerging Marketing Technology and Trends, 2015

Agenda Overview for Emerging Marketing Technology and Trends, 2015 G00270688 Agenda Overview for Emerging Marketing Technology and Trends, 2015 Published: 18 December 2014 Analyst(s): Andrew Frank The best digital marketers exploit emerging trends and technologies to

More information

How it works. b) IP addresses are allocated dynamically and may change any time.

How it works. b) IP addresses are allocated dynamically and may change any time. NeoRouter is a cross-platform zero-configuration VPN solution that securely connects Windows, Mac and Linux computers at any locations into a virtual LAN and provides a networking platform for various

More information

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported

More information