Advanced Authentication



Similar documents
Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool. Main features Preview

Domain Services for Windows Administration Guide

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Domain Services for Windows Administration Guide

The Encryption Anywhere Data Protection Platform

Novell File Reporter 2.5 Who Has What?

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Administration Quick Start

Advanced Authentication Methods Determining the Best Fit for Your Agency. Strong Authentication. Simplified.

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

NetIQ Advanced Authentication Framework. System Requirements. Version 5.1.0

Active Directory and DirectControl

Domain Services for Windows Administration Guide

DriveLock and Windows 7

Improving Interoperability and Reducing Cost in the Data Centre

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

NetIQ Advanced Authentication Framework. Maintenance Guide. Version 5.1.0

An Oracle White Paper Sep Buyer s Guide for Enterprise Single Sign On

Citrix and Terminal Services Guide SecureLogin 8.1

Directory Integration in LANDesk Management Suite

etoken TMS (Token Management System) Frequently Asked Questions

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

Endpoint Virtualization. Workspace Management: Simplify IT Organizations. Data Sheet Symantec TM Workspace Streaming 6.1

How the Quest One Identity Solution Products Enhance Each Other

The Convergence of IT Security and Physical Access Control

Introduction to Endpoint Security

Server-based Password Synchronization: Managing Multiple Passwords

DriveLock and Windows 8

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

DigitalPersona Pro Enterprise

How To Secure Your Data Center From Hackers

Technical Specification Data 1

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016

Symantec Endpoint Encryption Full Disk

Directory-enabled Lights-Out Management

Provide access control with innovative solutions from IBM.

PROTECT YOUR WORLD. Identity Management Solutions and Services

Authentication: Password Madness

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Administration Guide. SecureLogin 8.0. October, 2013

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Symantec Workspace Streaming 6.1

solutions Biometrics integration

Navigating Endpoint Encryption Technologies

Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

Introducing ZENworks 11 SP4

Technical Specification Data 1

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

Mod 2: User Management

Citrix XenServer Backups with Xen & Now by SEP

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

Implementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware

THE COMPLETE VIEWER FOR MS PROJECT. Deployment White Paper

Citrix XenDesktop Backups with Xen & Now by SEP

Citrix Password Manager 4.1

Novell Open Enterprise Server

nexus Hybrid Access Gateway

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Administration Guide Modular Authentication Services (NMAS) April 2013

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Extending Identity and Access Management

User Source and Authentication Reference

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Password Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist

Goverlan Remote Control

MS-6416D: Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

MS-6416: Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Longmai Mobile PKI Solution

Securing Administrator Access to Internal Windows Servers

Novell Access Manager SSL Virtual Private Network

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

STRONGER AUTHENTICATION for CA SiteMinder

Simplifying Desktop Mgmt With Novell ZENworks

Installation Guide SecureLogin 8.1

Simplifying Security with Datakey Axis Single Sign-On. White Paper

The Benefits of an Industry Standard Platform for Enterprise Sign-On

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

The Convergence of IT Security and Physical Access Control

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

IBM Tivoli Access Manager for Enterprise Single Sign-On

Using SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

CA Technologies Solutions for Criminal Justice Information Security Compliance

Designing a Windows Server 2008 Active Directory Infrastructure and Services

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Transcription:

Architecture Overview Authasas Advanced Authentication Strong Authenticating to Novell edirectory using Domain Services for Windows November, 2011 Authasas Advanced Authentication Asterweg 19D12 1031 HL Amsterdam The Netherlands 2011 Authasas www.authasas.com info@authasas.com t: +31 (0)26 373 61 70 f: +31 (0)20 524 13 68

Introduction Implementing strong authentication technologies has become an increasingly common requirement for organizations of all sizes. The dissatisfaction with passwords, based on usability issues, security issues, or both, has led to the adoption of many popular strong authentication methods, including smart card authentication, biometric authentication, contactless (physical access badge) authentication, and others. Authasas Advanced Authentication was designed to meet strong authentication project requirements leveraging multiple authentication methods and by supporting virtually all major hardware authentication devices. However, as Authasas Advanced Authentication is based on a Microsoft Active Directory environment, customers running edirectory were previously incompatible with the solution. Further, a significant portion of the Novell install base is migrating their Netware or Windows-based edirectory systems over to SUSE Linux OS and OES2 (Open Enterprise Server v2). This open platform provides security and performance enhancements, but limits the capabilities of AD-integrated authentication solutions...at least until now. Authasas recently introduced integration with Novell Domain Services for Windows (DSfW), leveraging the strength of strong, multi-factor authentication provided by Advanced Authentication, while utilizing edir on SUSE as the authoritative directory and data repository.

Solution Overview For the purpose of this document, the reader is assumed to possess a fundamental understanding of the Novell edirectory, DSfW, OES2, and SUSE software. This solution overview and architectural descriptions will focus on the implementation of strong authentication methods using Authasas Advanced Authentication in Novell edirectory and mixed environments. Novell OES2 and DSfW Novell Open Enterprise Server (OES) is the successor product to Novell, Inc. s NetWare operating system, based on SUSE Linux Enterprise Server (SLES). Originally released in March 2005, the current (2011) release is OES 2 SP3. Novell Open Enterprise Server (OES) is best thought of as a platform for delivery of shared network services (file, print, directory, clustering, backup, storage management, PKI, web applications, etc.) and common management tools. Domain Services for Windows streamlines user and group management and simplifies infrastructure complexity in mixed environments. This innovative technology allows Microsoft Windows users to access OES services using native Windows and Active Directory protocols. By allowing edirectory servers running on Open Enterprise Server to behave as if they were Active Directory servers, this technology enables companies with both directory services deployments to achieve better coexistence between the two platforms. Users can work in a pure Windows desktop environment and still take advantage of some Open Enterprise Server back-end services and technology, without the need for a Novell Client on the desktop.

Authasas Advanced Authentication Authasas Advanced Authentication Enterprise Edition is a multi-factor authentication solution for Microsoft networks. The authentication framework provides the secure matching of authenticators and the storage and retrieval of user credentials within Active Directory, AD Lightweight Directory Services, and edirectory. User credentials, or authenticators, may consist of one or more types such as biometric fingerprint, contactless smartcard, contact smartcard, USB Flash driver, or Security Questions (Q&A). Authenticators are more secure than passwords, because they do not complicate logon procedure, but remove the password burden on users and enhance secure access to their information. Authasas Advanced Authentication is comprised of a server component, a directory component and a client component. The Authenticore Server component serves as an authentication server and policy management server. Optionally, the Authenticore Server may also serve as a log server to centrally collect client and server event logs. The directory component serves as a repository for user credentials and policies. Supported directories include MS Active Directory, AD LDS, and Novell edirectory. The client component is the primary user interface for user authentication and consists of a GINA or Credential Provider depending on the operating system deployed to. This client component does not rely on NMAS or any other Novell client software. Authasas Advanced Authentication may be deployed to dedicated or existing hardware infrastructure. Authasas Advanced Authentication is simple to deploy and manage, and offers a low total cost of ownership, requiring less than one full time employee to administer.

Solution Architecture Authasas Advanced Authentication leverages a three-tier architecture composing of a client, a server, and a datastore. Client computers, including desktops, laptops, and virtual machines provide the platform where the Advanced Authentication Client and supported hardware, hardware device drivers, and device middeleware (when required) are deployed. As mentioned, there is no requirement for NMAS or other Novell client software, as Authasas provides the replacement GINA or Credential Provider to support the strong authentication methods deployed to each system. If the Novell GINA is required or desired for certain functionality (i.e. ZenWorks) then GINA chaining is fully supported on the client. The user interacts with the client to authenticate to their Windows using a card, fingerprint, or other method. Additional strong authentication integration is provided with Novell SecureLogin in environments where single sign-on is deployed. The Authenticore Server validates the users Authasas credentials and provides authentication to the DSfW domain. The Authenticore Servers deployed to Windows Server 2003 or 2008 are joined to the DSfW domain as member servers providing authentication, policy enforcement, and central logging of authentication and credential management events. The DSfW server supports the domain and directory requirements for the Authasas infrastructure by allowing computer policy enforcement via GPO, and providing a platform to support Active Directory emulation of edir user objects, and allowing for the use of Authasas administrative tools that are built on the Microsoft Management Console platform. The edirectory server remains the only LDAP repository required for user objects, and is further leveraged by Authasas as the primary repository for all strong authentication data (such as biometric templates, card identifiers, etc.) and user-based policies. The edirectory schema may be extended to support storage of this data within new attributes, or existing (unused) attributes may be leveraged without requiring extension of the edir schema.

Architecture Diagram

Case Study Overview Authasas Advanced Authentication has been successfully deployed in the Novell edirectory infrastructure described within this document as a part of a CJIS (Criminal Justice Information Services) compliance project within a US law enforcement agency. Law enforcement agencies pose unique IT requirements, as resources are divided between internal systems and external systems that must be secured at every endpoint. These endpoints are further distributed among mobile-based users in remote command centers, as well as in law enforcement vehicles. Authasas Advanced Authentication provides the endpoint security and fulfils the strong authentication requirements outlined by CJIS. CJIS compliance projects are increasing with a strong focus on multi-factor authentication to network resources within all US law enforcement agencies requiring access to FBI data resources. State and local government agencies, including law enforcement continue to represent a significant portion of the Novell install base; and with heterogeneous networks and federal mandates to secure those networks, Novell and Authasas have formed a strategic alliance to deliver a CJIS compliant authentication solution. Conclusions Authasas Advanced Authentication has delivered a strong authentication solution to heterogeneous Novell edirectory environments by leveraging Directory Services for Windows and OES2. Organizations are able to provide their users with simple, strong authentication methods that replace the standard Windows password. All user and credential data is maintained in Novell edirectory, without the need to migrate to Active Directory or other proprietary LDAP or database. Authasas Advanced Authentication provides a secure GINA or Credential Provider without the requirement for NMAS or Novell Client. This unique solution enables compliance with CJIS, HIPAA Hitech and other security initiatives while enhancing end user experience and eliminating the cost and inconvenience of managing passwords.

Trademarks Microsoft, Active Directory, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Authasas, Authasas Advanced Authentication are either registered trademarks or trademarks of Authasas in the United States, The Netherlands, and/or other countries. Novell, Novell Open Enterprise Server, NetWare, Domain Services for Windows, NMAS, and SUSE are registered trademarks or trademarks of Novell, Inc. in the United States and/or other countries. 2011 Authasas. All rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information