Aurora Hosted Services Hosted AD, Identity Management & ADFS



Similar documents
How the Quest One Identity Solution Products Enhance Each Other

Speeding Office 365 Implementation Using Identity-as-a-Service

Novell to Microsoft Conversion: Identity Management Design & Plan

Softerra Adaxes Enterprise Directory Solution

Infrastructure security Active Directory and beyond.

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

Increase the Security of Your Box Account With Single Sign-On

Quest Software Product Guide

Vodafone Total Managed Mobility

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Two-Factor Authentication

MICROSOFT EXAM QUESTIONS & ANSWERS

NETWRIX IDENTITY MANAGEMENT SUITE

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Understanding and Configuring Password Manager for Maximum Benefits

How to best protect Active Directory in your organization. Alistair Holmes. Senior Systems Consultant

Microsoft Office 365 from Vodafone. Administrator s Guide for Midsize Businesses and Enterprises

The Top 5 Federated Single Sign-On Scenarios

Ondřej Výšek Sales Lead, Microsoft MVP.

Server-based Password Synchronization: Managing Multiple Passwords

NCSU SSO. Case Study

ActiveRoles Server v 6.7

MICROSOFT HIGHER EDUCATION CUSTOMER SOLUTION

FOREFRONT IDENTITY MANAGEMENT

Cayosoft Administrator. Modern Administration. Cayosoft.com. Unify, Simplify and Secure Microsoft Administration. Features at a Glance

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

6.7. Administrator Guide

Documentation. CloudAnywhere. Page 1

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Security Features in Password Manager

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

An Overview of Samsung KNOX Active Directory and Group Policy Features

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

MICROSOFT HIGHER SOLUTION

Implementing Microsoft Azure Infrastructure Solutions

Veritas Enterprise Vault.cloud for Microsoft Office 365

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Advanced Configuration Steps

Proposal Document TitleDocument Version 1.0 TitleDocument

STRONGER AUTHENTICATION for CA SiteMinder

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Symantec Enterprise Vault.cloud Overview

Leveraging SAML for Federated Single Sign-on:

ChangeAuditor 5.7. What s New

Office 365 Windows Intune Administration Guide

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Centrify Cloud Connector Deployment Guide

Microsoft Enterprise Mobility Suite

Active Directory Automation RFSP # 1382 Addendum # 1 November 5, 2015

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

1 ForestSafe SaaS Service details Service Description Functional Non Functional

Okta Mobility Management

Collaborating with External Users

UDiMan. Introduction. Benefits: Name: UDiMan Identity Management service. Service Type: Software as a Service (SaaS Lot 3)

Password Management Before User Provisioning

PortWise Access Management Suite

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Identity and Access Management for the Hybrid Enterprise

Secure Collaboration within Organizations, B2B and B2C.

Identity and Access Management

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Authentication Integration

Active Directory Self-Service Bundle

Hybrid Cloud Identity and Access Management Challenges

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

Manage all your Office365 users and licenses

How To Make A Multi-Tenant Platform Secure And Secure

Microsoft Enterprise Mobility Suite

Identity. Provide. ...to Office 365 & Beyond

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Defender Delegated Administration. User Guide

Course 50382A: Implementing Forefront Identity Manager 2010 OVERVIEW

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

Automated User Provisioning

Cloud Computing for Small to Mid Size Businesses. Tech66, LLC William Burleson

Implementing Microsoft Azure Infrastructure Solutions

This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in

RSA SecurID Two-factor Authentication

Two-Factor Authentication

All your apps & data in the cloud, all in one place.

10 Steps to Cleaning Up Active Directory User Accounts and Keeping Them That Way

Implementing Microsoft Azure Infrastructure Solutions

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses

aaps algacom Account Provisioning System

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Identity and Access Management

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

Implementing Microsoft Azure Infrastructure Solutions

Transcription:

22/09/2013 Aurora Hosted Services Hosted AD, Identity Management & ADFS

1 Service Overview - Hosted Identity Management Core provides a fully managed solution hosted in Azure and connected directly to your corporate network. Seamlessly connected we are able to provide the following enterprise IDAM products from Quest and Microsoft (not all included in the solution (base platform includes Active Roles, Password Reset Portal, User & Group self Service and Quick Connect for cloud)):f Active Roles Server Automates Active Directory account management, mailbox and groups, including user provisioning and de-provisioning. Password Manager Secure self-service password reset portal. Defender Location aware Two Factor Authentication. Quick Connect for Cloud sync identities between other cloud based systems (Google, Office 365, Postini and Salesforce etc.) Quick Connect for base systems - able to take a data feed from multiple sources including: SQL, LDAP, ODBC, and delimited text files. Forefront Identity Manager 2012 SP2 Active Directory Federation Services (ADFS) Geo-redundantly fully managed in Azure. 1.1 What does this solution give you? Aurora is the first big step in moving your traditional network managed service and infrastructure to the cloud. Specifically we move domain services to Azure and then we layer a set of Enterprise toolsets from Microsoft and Quest to provide enhanced management of users and groups. Let s walk you a few examples of Active Roles Server and Quick Connect that will show you how our solution will not only enable you to move to Office 365 and Azure but how we can help enhance the current IT services you provide your business: Load balanced connections (plan specific) 24/7 server monitoring 99.9% server uptime SLA Notification of outages Customer helpdesk and ticketing system Your choice of SLA Geographic European failover for all servers and storage Compliant with: ISO27001, SSAE16, HIPPA BAA and E.U. Data Protection Directive Provisioned in < 1 week from point of ordering 1.1.1 Example of how Aurora works: New User Joins the business In this model we show a new user joining the company where we have Active Roles Server Quick Connect monitoring the HR system as the authoritative source of data. We could be monitoring other systems if required for authoritative data as well. The data is passed to our Azure service where workflow is performed in the active Directory and other cloud based systems. Page 2

New user joins organisation HR Manager adds user to the UK Sales Department In the HR Database Quick Connect picks up the change and sends the data to Active Roles Server in Azure ARS Creates the User in the correct OU with the correct naming standards ARS provisions the Office365 Mailbox and correct User Security access Groups/Distribution Group Memberships, creates a temporary password and sends info to the users manager. User description attribute and any other attributes that we need are automatically added to the user object in Active Directory. Data shares and correct access rights to data are automatically provisioned. 1.1.2 User changes department In this example the user moves to a different job in the business. As an example may this user is an Intern and has now finished their six months in Sales and are now moving to HR. HR Manager changes the user details in the HR database to show that the user now works in HR. Quick Connect picks up the change and informs Active Roles Server in Azure. ARS moves the User to the correct OU. ARS changes all of the Security Groups and Distribution Group Memberships for the User. Page 3

1.1.3 User leave the company In this example our user leaves the company and the HR manager updates the user s information to say that they no longer work in the business. HR Manager changes the user status to Employment Terminated Quick Connect passes the information to Active Roles Server in Azure. ARS starts the customised de-provision administration workflow process. The account is disabled, password reset to random strong value, User name attribute amended with Lloyd Carnie de-provisioned 01-09-13 User removed from groups (Security and Distribution) Mailbox hidden from the GAL or acces permissions assigned to Manager. User rights removed from Home Directory and reassigned to Manager. Folder set to auto-delete in six months time. Account moved to De-provisioned Users OU in AD and scheduled for deletion in one year from now. 1.1.4 What about other cloud product integration We are moving towards an IT eco-system where we will likely have multiple cloud vendors attached to our organisation. The problem is that they all have their own requirements. What if you have Sales Force, Box.com, Google and Office 365? They all need their own: Way of assigning licencing. Cloud IDs or Federation Service. User and group provisioning and management. Access Reporting and compliance De-centralised access control Separate de-provisioning processes Wasn t moving to cloud supposed to be easier? You moved all your resources to the cloud but gained x systems to try and manage. They are all different. Salesforce is different in its permission model from Office365 as an example. With Aurora from Core you can have one central system managed through Active Directory via Active Roles and Quick Connect. You set the policies once and then as you user moves around the organisation we can keep all your outlying cloud systems in sync and up to date, and this includes passwords! Page 4

1.2 Aurora Hosted and Managed Solution Pricing The following tables indicate how we price the Aurora models. There might be some variations in the end price if you require customisation. Note: Cost is per user per month. Note: Base costs are per month for the managed server backend. Page 5

1.2.1 ADFS plans Please note that each ADFS plan listed below comes with a per user support charge of 0.15p per month. Page 6

1.3 Managed Services - Support Page 7

2 Service Description - Aurora Identity Solution The following products are part of Cores Aurora offering: 2.1.1 Quest Active Roles Server The aim of the solution is to automate the user lifecycle in the business so that basic creation tasks are automatically done with approval workflows built in when a user joins, and when HR notify of the leavers that all systems and access are automatically removed upon de-provisioning. ActiveRoles Server helps you manage, automatically provision, re-provision and, more importantly, de-provision users quickly, efficiently and securely in Active Directory, AD LDS (formerly ADAM) and beyond. ActiveRoles Server provides strictly enforced role-based security, automated group management, change approval and easy-to-use Web interfaces for helpdesks and self-service to achieve practical user and group lifecycle management for the Windows enterprise. Part of the user lifecycle is the access management for each of the regional IT teams. A full security and delegation model is part of the design to ensure that each IT team within the business can perform their job function for the users and computer objects that they support, but that no further rights to the domain or forest will be granted. This includes removing access to DNS, Group Policy and other back end systems that have wide effects. The delegation model allows for different roles within the business to be represented and then given access to specific areas within the AD OU structure. The security structure will ensure the whole domain is locked down natively and the only access administrators will get is via the ARS proxy solution. Secure access Acts as a virtual firewall around Active Directory, enabling you to control access through delegation using a least privilege model. Based on defined administrative policies and associated permissions generates and strictly enforces access rules, eliminating the errors and inconsistencies common with native approaches to AD management. Plus, robust and personalized Page 8

approval procedures establish an IT process and oversight consistent with business requirements, with responsibility chains that complement the automated management of directory data. Automate account creation Automates a wide variety of tasks, including: Creating user and group accounts in AD Creating mailboxes in Exchange Populating groups Assigning resource in Windows ActiveRoles Server also automates the process of reassigning and removing user access rights in AD and AD-joined systems (including user and group de-provisioning) to ensure an efficient and secure administrative process over the user and group lifetimes. When a user s access needs to be changed or removed, updates are made automatically in AD, Exchange, SharePoint, OCS, Lync and Windows, as well as any AD-joined systems such as UNIX, Linux and Mac OS X. 2.1.2 Quest Password Manager Provides a simple, secure, self-service solution that enables end users to reset forgotten passwords and unlock their accounts. Now your organization can implement stronger password policies while reducing its help desk workload. With Password Manager, you no longer have to sacrifice security to reduce costs. Password Manager supports the widest range of data security standards so you can implement secure data access policies beyond the control offered natively in Active Directory. Page 9

It increases security by: Reducing help desk errors Eliminating the need for users to write down passwords Making password guessing and break-ins more difficult 2.1.3 Quest Defender Two Factor Defender enhances security by enabling two-factor authentication & multi-factor authentication to network, Web and applications-based resources. Quest Defender uses the scalability and security of Active Directory for identity storage and management, enabling administrators to use their existing skill set to manage two-factor authentication and eliminating the costs and time involved in setting up and maintaining proprietary databases. Defender enables the full lifespan of hardware tokens typically 5-7 years and offers software tokens that NEVER expire. In addition, Defender s user self-registration and ZeroIMPACT migration capabilities ease the rollout of twofactor authentication for both administrators and users. Page 10

2.1.4 Quest One Quick Connect for Base Systems The Quick Connect component of Quest Active Roles Server is designed to automate user provisioning and de-provisioning in Microsoft Active Directory environments. It is able to take a data feed from multiple sources including: SQL, LDAP, ODBC, and delimited text files, and use the information to automatically update Active Directory based on a programmed set of business logic. Quick Connect plugs into the Active Roles Server service to leverage the Policy Objects and object compliance rules that have been configured, so user objects will always comply to corporate standards regardless of being created manually or through Quick Connect. Quick Connect is also a two way synchronisation system. So a feed that is taken from one system can be provisioned into another and any updates can then selectively be synchronised back. Filter sets can ensure that only specific fields are included in the two way sync to ensure specific systems remain authoritative for specific attributes. 2.1.5 Quest One Quick Connect for Cloud Quick Connect for Cloud Services integrates online identities with Quest One (ActiveRoles Server and Password Manager), Active Directory-based or enterprise solutions to extend provisioning to cloud-based email and collaboration services. Quick Connect for Cloud Services connects to Microsoft Office 365, Google Apps Premier online services (including Gmail and Docs), Google Postini Services, Salesforce.com and ServiceNow. Using easily configured workflows, Quick Connect provisions users or groups and keeps properties synchronized. De-provisioning workflows may be used to lock down or delete obsolete users and groups. Page 11

2.1.6 Collaboration Service Are you in the midst of a company merger or acquisition? Do you have a multi-forest/multi-org Exchange environment? Collaboration Services provides real-time synchronization of free/busy information and Global Address Lists (GALs) between organizations. It delivers the level of protection that you require by maintaining secure boundaries between Exchange organizations and Active Directory forests while providing a transparent collaboration process. Whether you need time to plan your Exchange migration, or have communications and scheduling requirements with partners, Collaboration Services can improve your productivity. Page 12

3 Terms and Conditions 1) The Aurora platform is hosted on Windows Azure and hence is only accredited to host up to IL2 level data. Usage of the platform outside these restrictions by a customer is out of the control of Core. 2) Minimum subscription to the Aurora server platform is 1 year, price. 3) The per user charge for the service is per enable user per month. The identity lifecycle management available in Aurora can automatically disable inactive accounts and we highly encourage clients to use this portion of the service to reduce overall costs. 4) Support hours for the platform are standard working hours 8am 6pm Monday Friday. Custom support packages are available at an additional cost to the base service price. 5) Standard commercial terms and conditions apply as per the Core Terms and conditions of business.pdf Page 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information