This research note is restricted to the personal use of
|
|
- Scarlett Goodwin
- 8 years ago
- Views:
Transcription
1 Burton IT1 Research G Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance and use of digital names, credentials, and attributes for people, devices, and applications. Change and consolidation in the industry heighten the need for a logical architecture for developing and evaluating IdM solutions. This document is the root template for the Reference Architecture. It incorporates a revised template graphic to illustrate the interaction of users; objects or resources they seek to use; access gateways, authentication, and policy enforcement services; federated domains; identity administration, policy administration, and provisioning; and identity data services. *The secondary authors listed above have been included for attribution purposes only. They were the original authors of this content, but were not involved in the latest update. As they are no longer employed at Gartner, please contact the lead author if you have questions. Table of Contents Template Applicability...2 Template Map... 2 Template Diagram... 3 Template Description...4 Access Policy Enforcement... 5 User Management Templates...6 Identity Data Services Templates...6 Common Concepts and Terms... 7 Subjects... 7 Access Gateways...7 Federation... 7 Objects...8
2 Management and Audit... 8 Recommended Reading...9 Notes List of Figures Figure 1. Template Map...2 Figure 2. Template Symbols... 3 Figure 3. Identity Management... 4 Template Applicability What are the components and interfaces of an architecture for identity management? Template Map As illustrated in Figure 1, the "Identity Management" references other templates containing further details. Figure 1. Template Map Identity Management You are here. Identity Data Services Identity Policy Admin Provisioning Web Access Mgmt Identity and Access Governance Integrated Layered Directory Environment Virtual Directory Metadirectory Directory Externals Directory Internals Access Request Access Certification Data Gathering and Fulfillment Services Source: Gartner (June 2012) Page 2 of 11 Gartner, Inc. G
3 Template Diagram Figure 2 illustrates the symbols used in the template diagram. A colored square-cornered box with solid borders represents a component; components implement functionality and may contain subcomponents (which may be described in subsidiary templates). A gray box with rounded corners and a dotted border represents an interface; interfaces provide programmatic access to some or all of a component's functionality. A white box with square corners and a solid border sticking out of the surface of an interface represents a discrete unit of functionality within an interface. A gray box with arrowheads at two ends and a dotted border represents a protocol. Protocols provide remote access (over a communications link) to some or all of the functionality of a component. Figure 2. Template Symbols A colored square box with solid borders is a component. A gray round-cornered box with dotted borders is an interface. A white box on the surface of an interface is a function. A gray arrow with dotted borders is a protocol. Source: Gartner (June 2012) Figure 3 is the template diagram for identity management. Gartner, Inc. G Page 3 of 11
4 Figure 3. Identity Management Federation Authentication and reduced sign-on Access gateway Access policy enforcement Access policy mgmt. Provisioning Provisioning policy mgmt. Identity admin. and audit interface Identity audit Authentication and authorization Personalization and visualization Query and update Identity data services interface Trust mgmt. Delegated user admin. Self-service Source: Gartner (June 2012) Template Description Identity management (IdM) services enable management of subject identities and control the access of domain subjects 1 (e.g., users or services) or subjects in federated domains 1 to objects 1 (or resources) such as applications and databases. IdM services grant or deny access in keeping with policies defined by the organization that owns and controls the requested resources. These services allow access based on identity attributes including a user's identity, permissions, and role 1 information. Access management, provisioning, 1 and other IdM security components rely on identity data services (e.g., directory services) to provide information about users and their permissions. For example, an authorization system may implement the policy 1 that a user with the role or attribute "bronze dealer" can access the "bronze dealer price" field in a database. Although the authorization system knows the rules, it cannot function without the identity data that identifies who the bronze dealers are. Whereas authorization and other policy enforcement systems control user access to resources by actively allowing or prohibiting runtime access attempts, provisioning services control policy indirectly by propagating account information and access rights to diverse applications and security domains, which then use this information to locally enforce policies such as authorization. (For definitions of terms such as "subject," "object," "role," "provisioning," and "policy," see "Concepts Page 4 of 11 Gartner, Inc. G
5 and Definitions." The interaction of these components is discussed in the templates referred to throughout this root template.) The templates described in this root template break IdM down into access policy enforcement, user management, and identity data services. Each subsection contains a link to the corresponding Reference Architecture template and the template's problem statement. Access Policy Enforcement Access policy enforcement infrastructure provides authentication 1 of subjects and may provide authorization 1 and reduced sign-on through components such as the following: Firewalls perform access control on the network traffic between systems. Note that the term "firewall," as used here, refers to any device (whether it is an enterprise firewall, a router or switch, or a security appliance) that acts as an identity-enabled policy enforcement point (PEP) 1 while performing network access control. For example, firewalls may authenticate users and allow or deny access to the system on a particular port. Proxies positioned at network access points intercept communications of a certain type (e.g., Hypertext Transfer Protocol [HTTP]) between the subject and the resource, authenticate the user, and allow or deny access to the resource based on rules or policies. Agents behave like proxy components, except they are co-located on a system with the target resource. Authorization services function as policy decision points (PDPs) 1 that make authorization decisions on behalf of PEPs. Firewalls, proxies, and agents may function as PEPs that contact PDPs such as authorization services or identity data services, or PEPs may be co-located with their own PDP functionality. Before they can access resources, users coming from outside the enterprise network may pass through an access gateway (e.g., a portal) and multiple PEPs such as firewalls, proxies, and agents. To understand how an overarching authorization architecture can be abstracted from the physical environment, see "Decision Point for Selecting Authorization Mechanisms" and "Decision Point for Authentication." In addition, the back-end resources such as operating systems and applications usually have native authentication and authorization capabilities of their own. Resource-specific authentication interfaces come into play when a user logs into a resource directly rather than through a centralized access gateway or policy enforcement component. Resource-specific authorization logic is applied in addition to any centralized policy enforcement. Access policy enforcement systems usually support reduced sign-on. In such scenarios, the centralized access services either proxy the access for the user, or generate a Kerberos ticket, session cookie, or other session information that the resource can natively recognize. Gartner, Inc. G Page 5 of 11
6 For authorization purposes, centralized policy enforcement services are often applied at the front end while leaving fine-grained or custom authorization to the local resource or resource manager. In such cases, it is important that the centralized policy service's view of identity and the resource view of identity are well correlated. One way to provide such correlation is through a bridged session associated with a common user identifier. Another way to achieve identity correlation is through provisioning of accounts with consistent privileges across diverse resources. Yet another approach is to use HTTP variables to pass the user identifier name and pertinent attributes. Web access management (WAM) services are a common solution set consisting of PEPs (e.g., agents or proxies) and PDPs (e.g., authorization services) that provide centralized access policy enforcement. "Web Access Management Services" What are the components of WAM services that enable external and internal users of Web portal systems to be authenticated and/or authorized to access enterprise resources? User Management Templates To learn more about the structure of various portions of IdM architectures, click on the links for any of the following Reference Architecture templates: "Identity Administration" What are the components an organization uses to administer internal and external user identities and related policies? "Provisioning Services" What are the components an organization can use to leverage its knowledge of user identities and roles and automatically provision accounts and access rights across its resource managers and applications? Identity Data Services Templates Identity data services store and provide identity information such as names, credentials, roles, and other attributes to users, applications, user management, policy enforcement, and other services. Although directory services and other repositories are important components, additional identity data services such as synchronization, replication, and identity proxy capabilities are necessary to ensure adequate availability, accessibility, and performance. Federation and virtualization are also important for increasing the utility of identity information for diverse applications and domains. To learn more about identity data services, see the following template: "Identity Data Services" What are the components and interfaces of identity data services through which an organization can store and provide identity information to users, applications, and other services throughout the enterprise? Page 6 of 11 Gartner, Inc. G
7 Common Concepts and Terms The IdM templates all conform to a common understanding of the following basic concepts and terms that are central to Gartner's IdM Reference Architecture. Subjects Alternately known as "principals" or "users," subjects are people, application entities, and named devices whose identities are managed in an IdM environment. Subjects may access resources using Web interfaces, client/server interfaces, or other protocols. Subjects may access enterprise networks either internally, from local-area network (LAN)-based desktops, or externally, from outside the firewall. Applications and Web services modules may access other applications or Web services interface points to fulfill user requests. Virtual private network (VPN) technology is often used to create secure tunnels from employee portable devices or remote locations. Access Gateways Access gateways such as portals, terminal services, and other solutions provide a centralized or consistent presentation experience for users. Portals are an application development paradigm in which content and applications are aggregated into a single browser view. Most portals require no client software or dependencies beyond a Web or Wireless Application Protocol browser. Portals can also broker Web services requests using Web Services for Remote Portlets (WSRP). Some access gateways personalize the aggregation and presentation of these views based on user identities, preferences, and roles. Access gateways can mitigate differences among user client devices, applications, and locations by separating application presentation from application backend processing and data-storage tiers. Separate access gateways can be implemented for internal and external users, respectively, or both categories of users can access the same infrastructure, with separate permissions enforced through integrated IdM services. Increasingly, users are utilizing IdM functions through access gateways such as portals. Typically, access gateways provide some authentication and authorization features, but these are not as comprehensive, robust, or well integrated as the security services from WAM systems. However, WAM systems are often fairly well integrated with portals, and many access gateways can integrate with dedicated access management systems. Federation Organizations are increasingly implementing identity federation to support access across multiple identity domains. In federated environments, domains exchange just-in-time assertions of identity attributes or events, such as whether a given user has logged into a given site and has a particular set of permissions. Identity federation may be established across internal business units, affiliated enterprises, or public identity networks. Gartner, Inc. G Page 7 of 11
8 Objects Objects (or resources) include applications, platforms, databases, resource managers, operating systems, LANs, printers, scanners, and devices. The resources in a typical enterprise are highly fragmented, which increases the cost and difficulty of managing them. Burgeoning connectivity exacerbates an environment in which resources contain their own embedded security functions, provided in some cases by the applications themselves and in other cases by resource managers, such as the operating system. These security functions include account repositories, access control lists (ACLs), policies, auditing, and enforcement logic. In some cases, embedded security functions are necessary to address security needs that are unique to an application or system. But in other cases, the embedded security functions duplicate general-purpose security functionality and could be replaced with general-purpose security. In addition, if exposed to the external environment or serious internal threats, many security systems embedded within resources are weak and will fail. The IdM infrastructure therefore exists to provide general-purpose facilities to increase the security and manageability of resources in accordance with enterprise policies. Identity Sources and Information IdM services support creation and maintenance of identity information, including groups, roles, attributes, credentials, and entitlements. Identities are stored in IdM repositories, such as directories. Where possible, integrated directory environments aggregate composite user information from multiple sources. However, primary identity sources include human resources (HR), customer, and supplier databases. Applications and other resource managers also hold accounts, credentials, and other information for users. Thus, some of the "objects "shown in the template diagram may be used as identity sources. It is critical, however, that each source of data hold clean or correct information. Management and Audit All IdM infrastructure components require management and auditing. Consoles, servers, databases, and agent components are dedicated to fault management, performance management, configuration management, accounting management, and security management. Auditing functions include event prioritization and secure event collection, correlation, and reporting. Once only an afterthought, auditing services are receiving increased attention as customers deploy complianceoriented IdM architecture. Although all IdM products should include basic logging and reporting for auditing purposes, IdM vendors are now developing specialized auditing products. It must also be possible to correlate audit information, fault data, and other security information across the infrastructure and the objects in the resource layer. 1 "Identity and Access Governance" What are the components of a complete IAG program and technical architecture and how do these relate to the rest of the identity management infrastructure? Page 8 of 11 Gartner, Inc. G
9 Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Concepts and Definitions" "Decision Point for Selecting Authorization Mechanisms" "Decision Point for Authentication" "Web Access Management Services" "Provisioning Services" "Identity Data Services" Revision History June 2012 Revised to include updated figures and template map. Updated links and text. Added Recommended Reading section. February 2010 Updated graphics to new standard. Removed items which are context for the identity management (IdM) architecture but not actually part of it (e.g., subjects and objects). November 2005 The "identity data services" functional aggregation subsumes "directory services" and "identity mapping and referral" services. "Access gateway" replaces "portals" to allow for more generalized coverage of presentation issues. "Subjects" replaces "internal users" and "external users" to formalize terminology (similar authentication and policy enforcement mechanisms are often employed regardless of the user's starting point with respect to the perimeter). "Access policy enforcement infrastructure" replaces "access management" and "Web access management" (WAM) to reflect the increased diversity of IdM policy enforcement points (PEPs), which now include some firewalls as well as WAM agents or proxies. Gartner, Inc. G Page 9 of 11
10 "Objects" subsumes "applications, platforms, and databases." April 2003 The template was renamed "Identity Management Templates" (previously "Applications Infrastructure Templates"). The template now incorporates a revised graphic that more effectively shows the relationships of IdM components. Discussion of authentication and authorization was enhanced under the "Access Management" section. The link to the sub-template formerly called "Identity Management" was updated to the subtemplate's new name, "Identity Administration," because the term "identity management" has taken on a broader meaning. A link to an additional template for virtual directory services was added to fill out the "Identity Mapping and Referral" section, which also contains a link to metadirectory services. The "I&AM Environment" sidebar was removed and replaced with a section called "Common Concepts and Terms." Miscellaneous icons on the template graphic, such as "users" and "portals," point to this section. Notes 1 Gartner. "Concepts and Definitions." 25 April Page 10 of 11 Gartner, Inc. G
11 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT USA Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, ombudsman/omb_guide2.jsp. Gartner, Inc. G Page 11 of 11
Realize That Big Security Data Is Not Big Security Nor Big Intelligence
G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationOracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003
Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity
More informationSOA REFERENCE ARCHITECTURE: WEB TIER
SOA REFERENCE ARCHITECTURE: WEB TIER SOA Blueprint A structured blog by Yogish Pai Web Application Tier The primary requirement for this tier is that all the business systems and solutions be accessible
More informationOracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004
Oracle Identity Management: Integration with Windows An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows Introduction... 3 Goals for Windows Integration... 4 Directory
More informationResearch. Identity and Access Management Defined
Research Publication Date: 4 November 2003 ID Number: SPA-21-3430 Identity and Access Management Defined Roberta J. Witty, Ant Allan, John Enck, Ray Wagner An IAM solution requires multiple products from
More informationWhat's a Digital Marketing Platform? What Isn't?
G00252512 What's a Digital Marketing Platform? What Isn't? Published: 26 June 2013 Analyst(s): Jake Sorofman, Andrew Frank, Bill Gassman, Adam Sarner, Mike McGuire The rise of digital marketing has amplified
More informationUse a TCO Model to Estimate the Costs of Your Data Center
G00233221 Use a TCO Model to Estimate the Costs of Your Data Center Published: 26 June 2012 Analyst(s): David J. Cappuccio The cost to own and run a data center is significantly higher than many IT managers
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationUnicenter Remote Control r11
Data Sheet Unicenter Remote Control r11 Unicenter Remote Control TM is a highly reliable and secure application for controlling and supporting remote Windows and Linux systems. It delivers all of the features
More informationIdentity as a Service Powered by NetIQ Solution Overview Guide
Identity as a Powered by NetIQ Solution Overview Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO
More informationAgenda Overview for Social Marketing, 2015
G00270737 Agenda Overview for Social Marketing, 2015 Published: 19 December 2014 Analyst(s): Julie Hopkins Social marketing programs are maturing; executives increasingly expect ROI to follow social marketing
More informationSecurity and Identity Management Auditing Converge
Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationFrom Secure Virtualization to Secure Private Clouds
From Secure Virtualization to Secure Private Clouds Gartner RAS Core Research Note G00208057, Neil MacDonald, Thomas J. Bittman, 13 October 2010, RV2A108222011 As enterprises move beyond virtualizing their
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationObserveIT User Activity Monitoring
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on
More informationDameWare Server. Administrator Guide
DameWare Server Administrator Guide About DameWare Contact Information Team Contact Information Sales 1.866.270.1449 General Support Technical Support Customer Service User Forums http://www.dameware.com/customers.aspx
More informationSelecting a Mobile App Development Vendor
G00246304 Selecting a Mobile App Development Vendor Published: 27 December 2012 Analyst(s): Ken Parmelee Ensuring that mobile app development vendors meet requirements and are viable requires an understanding
More informationTop 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models
G00237716 Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models Published: 6 February 2013 Analyst(s): David W. Cearley, Donna Scott, Joe Skorupa, Thomas J. Bittman Cloud
More informationManaging the Risks of Running Windows Server 2003 After July 2015
G00263054 Managing the Risks of Running Windows Server 2003 After July 2015 Published: 1 April 2014 Analyst(s): Carl Claunch Windows Server 2003 and Windows Server 2003 R2 reach the end of their extended
More informationUnlock the Value of Your Microsoft and SAP Software Investments
SAP Technical Brief SAP Gateway Objectives Unlock the Value of Your Microsoft and SAP Software Investments Bridging the integration gap between SAP and Microsoft environments Bridging the integration gap
More informationKey Issues for Identity and Access Management, 2008
Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research
More informationUnderstanding Vulnerability Management Life Cycle Functions
Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability
More informationCloud, SDN and the Evolution of
Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form
More informationEnsuring the Security of Your Company s Data & Identities. a best practices guide
a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationAt a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS
HP Application Lifecycle Management on Software-as-a-Service Dedicated HP ALM/QC Offering Data sheet At a Glance The Dedicated HP ALM/QC offering is an on-demand Software-as-a-Service (SaaS) solution for
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and
More informationWINDOWS 2000 Training Division, NIC
WINDOWS 2000 Active TE Directory Services WINDOWS 2000 Training Division, NIC Active Directory Stores information about objects on the network and makes this information easy for administrators and users
More informationHybrid for SharePoint Server 2013. Search Reference Architecture
Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationAn Oracle White Paper January 2013. Integrating Oracle Application Express with Oracle Access Manager. Revision 1
An Oracle White Paper January 2013 Integrating Oracle Application Express with Oracle Access Manager Revision 1 Disclaimer The following is intended to outline our general product direction. It is intended
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationSecuring the Microsoft Platform on Amazon Web Services
Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft
More informationLesson Plans Managing a Windows 2003 Network Infrastructure
Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...
More informationThe Value of Integrating Configuration Management Databases With Enterprise Architecture Tools
Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationOracle Identity Analytics Architecture. An Oracle White Paper July 2010
Oracle Identity Analytics Architecture An Oracle White Paper July 2010 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may
More informationOracle Collaboration Suite
Oracle Collaboration Suite Firewall and Load Balancer Architecture Release 2 (9.0.4) Part No. B15609-01 November 2004 This document discusses the use of firewall and load balancer components with Oracle
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationFive Business Drivers of Identity and Access Management
Research Publication Date: 31 October 2003 ID Number: SPA-21-3673 Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation,
More informationProtecting Microsoft Internet Information Services Web Servers with ISA Server 2004
Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationDeploying F5 to Replace Microsoft TMG or ISA Server
Deploying F5 to Replace Microsoft TMG or ISA Server Welcome to the F5 deployment guide for configuring the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security
More informationSelection Requirements for Business Activity Monitoring Tools
Research Publication Date: 13 May 2005 ID Number: G00126563 Selection Requirements for Business Activity Monitoring Tools Bill Gassman When evaluating business activity monitoring product alternatives,
More informationAT&T Global Network Client Domain Logon Guide. Version 9.6
Version 9.6 AT&T Global Network Client Domain Logon Guide 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual
More informationGRAVITYZONE HERE. Deployment Guide VLE Environment
GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
More informationExpose your Intranet Portal to the Outside World in a Secured Manner (aka. A Secured Inside/Outside Portal) An Oracle White Paper
Expose your Intranet Portal to the Outside World in a Secured Manner (aka. A Secured Inside/Outside Portal) An Oracle White Paper Expose your Intranet Portal to the Outside World in a Secure Manner. INTRODUCTION
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationSSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.
SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification
More information<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More informationBest Practices for Confirming Software Inventories in Software Asset Management
Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the
More informationEXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported
More informationExtranet Access Management Web Access Control for New Business Services
Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control
More informationNAC Strategies for Supporting BYOD Environments
G00226204 NAC Strategies for Supporting BYOD Environments Published: 22 December 2011 Analyst(s): Lawrence Orans, John Pescatore Network access control (NAC) will be a key element in a flexible approach
More informationCloud IaaS: Security Considerations
G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationOracle Application Development Framework Overview
An Oracle White Paper June 2011 Oracle Application Development Framework Overview Introduction... 1 Oracle ADF Making Java EE Development Simpler... 2 THE ORACLE ADF ARCHITECTURE... 3 The Business Services
More informationLANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client
LANDesk White Paper LANDesk Management Suite for Lenovo Secure Managed Client Introduction The Lenovo Secure Managed Client (SMC) leverages the speed of modern networks and the reliability of RAID-enabled
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationUse Heterogeneous Storage Virtualization as a Bridge to the Cloud
G00214958 Use Heterogeneous Storage Virtualization as a Bridge to the Cloud Published: 12 August 2011 Analyst(s): Gene Ruth Data center operators who are interested in private cloud storage technologies
More informationClients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in
Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must
More informationHow to Reduce Network Equipment Maintenance Costs
G00264020 How to Reduce Network Equipment Maintenance Costs Published: 13 May 2014 Analyst(s): Andrew Lerner, Mark Fabbi Each year, maintenance costs swallow 15% to 25% of total enterprise IT budgets,
More informationHow it works. b) IP addresses are allocated dynamically and may change any time.
NeoRouter is a cross-platform zero-configuration VPN solution that securely connects Windows, Mac and Linux computers at any locations into a virtual LAN and provides a networking platform for various
More informationMake Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015
G00263819 Make Migration From Windows Server 2003 a Priority, Before Support Ends in July 2015 Published: 18 June 2014 Analyst(s): Carl Claunch Support for Windows Server 2003 will end in July 2015. Production
More informationCA Single Sign-On Migration Guide
CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for
More informationPreparing for GO!Enterprise MDM On-Demand Service
Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationModify Your Storage Backup Plan to Improve Data Management and Reduce Cost
G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSetup Guide Access Manager Appliance 3.2 SP3
Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS
More informationPayment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios
Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Overview Citrix XenApp, XenDesktop and NetScaler are commonly used in the creation of Payment Card Industry (PCI), Data Security
More informationSharePoint 2013 Logical Architecture
SharePoint 2013 Logical Architecture This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
More informationAgenda Overview for Emerging Marketing Technology and Trends, 2015
G00270688 Agenda Overview for Emerging Marketing Technology and Trends, 2015 Published: 18 December 2014 Analyst(s): Andrew Frank The best digital marketers exploit emerging trends and technologies to
More informationSharePoint 2013 Business Connectivity Services Hybrid Overview
SharePoint 2013 Business Connectivity Services Hybrid Overview Christopher J Fox Microsoft Corporation November 2012 Applies to: SharePoint 2013, SharePoint Online Summary: A hybrid SharePoint environment
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationHighmark Unifies Identity Data With Oracle Virtual Directory. An Oracle White Paper January 2009
Highmark Unifies Identity Data With Oracle Virtual Directory An Oracle White Paper January 2009 Highmark Unifies Identity Data With Oracle Virtual Directory Executive Summary... 3 The Challenge: A Single
More informationSecuring BYOD With Network Access Control, a Case Study
Securing BYOD With Network Access Control, a Case Study 29 August 2012 ID:G00226207 Analyst(s): Lawrence Orans VIEW SUMMARY This Case Study highlights how an organization utilized NAC and mobile device
More informationEmerging PC Life Cycle Configuration Management Vendors
Research Publication Date: 20 January 2011 ID Number: G00209766 Emerging PC Life Cycle Configuration Management Vendors Terrence Cosgrove Although the PC configuration life cycle management (PCCLM) market
More informationRelease Notes for Version 1.5.207
Release Notes for Version 1.5.207 Created: March 9, 2015 Table of Contents What s New... 3 Fixes... 3 System Requirements... 3 Stonesoft Appliances... 3 Build Version... 4 Product Binary Checksums... 4
More informationOracle Access Manager. An Oracle White Paper
Oracle Access Manager An Oracle White Paper NOTE: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any
More informationDell SonicWALL SRA 7.5 Citrix Access
Dell SonicWALL SRA 7.5 Citrix Access Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through Dell SonicWALL SRA 7.5. It also includes information about
More informationDesigning a Windows Server 2008 Network Infrastructure
Designing a Windows Server 2008 Network Infrastructure MOC6435 About this Course This five-day course will provide students with an understanding of how to design a Windows Server 2008 Network Infrastructure
More informationSSL-VPN 200 Getting Started Guide
Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN
More informationHP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide
HP Service Manager Software Version: 9.34 For the supported Windows and UNIX operating systems Processes and Best Practices Guide Document Release Date: July 2014 Software Release Date: July 2014 Legal
More informationCitrix Access on SonicWALL SSL VPN
Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring
More informationCopyright http://support.oracle.com/
Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.
More information