Virtualization Case Study



Similar documents
Major Retailer Achieves Compliance With the PCI Data Security Standard

Likewise Security Benefits

Single Sign-On for Kerberized Linux and UNIX Applications

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley

Active Directory and DirectControl

Securing VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite

Datacenter Management Optimization with Microsoft System Center

Whitepaper: Centeris Likewise Identity 3.0 Security Benefits

Managing UNIX Generic and Service Accounts with Active Directory

Windows Least Privilege Management and Beyond

An Overview of Samsung KNOX Active Directory and Group Policy Features

MBAM Self-Help Portals

Deployment Options for Microsoft Hyper-V Server

Configuration Management in the Data Center

SmoothWall Virtual Appliance

Server Consolidation with SQL Server 2008

Datacenter Management and Virtualization. Microsoft Corporation

Microsoft and Citrix: Joint Virtual Desktop Infrastructure (VDI) Offering

Centrify Identity and Access Management for Cloudera

Symantec Server Management Suite 7.6 powered by Altiris technology

CA Automation Suite for Data Centers

identity management in Linux and UNIX environments

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Quick Start Guide for VMware and Windows 7

Google Apps Deployment Guide

IBM Tivoli Storage Manager for Virtual Environments

MobiKEY TM with TruOFFICE

Interoperability of Bloombase StoreSafe and Thales e-security keyauthority for Data At- Rest Encryption

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory

CRM to Exchange Synchronization

Veritas Cluster Server from Symantec

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Windows Server 2008 R2 Hyper-V Live Migration

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:

Access Control In Virtual Environments

Introduction to Hyper-V High- Availability with Failover Clustering

How To Manage A Privileged Account Management

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Protecting your Data in a New Generation Virtual and Physical Environment

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Centrify-Enabled Samba

Veeam Backup & Replication. Version 7.0

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Centrify Suite 2012 Express

Windows Server Virtualization An Overview

CA SiteMinder SSO Agents for ERP Systems

Altiris IT Management Suite 7.1 from Symantec

Privileged Account Access Management: Why Sudo Is No Longer Enough

Solution Overview VMWARE PROTECTION WITH EMC NETWORKER 8.2. White Paper

Symantec and VMware: Virtualizing Business Critical Applications with Confidence WHITE PAPER

Managing Physical and Virtual Machines in Paragon Protect & Restore

IBM Tivoli Endpoint Manager for Lifecycle Management

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

CA Virtual Assurance for Infrastructure Managers

Quick Start Guide for Parallels Virtuozzo

Microsoft Windows Server 2003 and Tecplot Software

Windows Scheduled Tasks Management Pack Guide for System Center Operations Manager. Published: 07 March 2013

Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies

How the Quest One Identity Solution Products Enhance Each Other

Understanding and Configuring Password Manager for Maximum Benefits

Course Title: Virtualization Security, 1st Edition

A Microsoft U.S. Public Sector White Paper by Ken Page and Shelly Bird. January government

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Active Directory and Linux Identity Management

Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac

Red Hat Enterprise ipa

Centralized Mac Home Directories with ExtremeZ-IP

EMC VPLEX FAMILY. Continuous Availability and data Mobility Within and Across Data Centers

EMC VPLEX FAMILY. Continuous Availability and Data Mobility Within and Across Data Centers

White Paper. Software version: 5.0

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

Simplifying Server Workload Migrations

SERVER VIRTUALIZATION.. ROADMAP REPORT..

Virtualization. Michael Tsai 2015/06/08

NetIQ Aegis Adapter for VMware vcenter Server

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Paragon Protect & Restore

An Esri White Paper January 2010 ArcGIS Server and Virtualization

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Management Reporter Integration Guide for Microsoft Dynamics AX

Online Transaction Processing in SQL Server 2008

Introduction to Virtual Datacenter

WINDOWS 7 & HOMEGROUP

BMC CONTROL-M Agentless Tips & Tricks TECHNICAL WHITE PAPER

Veeam Backup & Replication. Version 8.0

Centrify Server Suite Management Tools

Windows Security and Directory Services for UNIX using Centrify DirectControl

Windows Small Business Server 2003 Upgrade Best Practices

An Oracle White Paper August Higher Security, Greater Access with Oracle Desktop Virtualization

VMware ESX 2.5 Server Software Backup and Restore Guide on Dell PowerEdge Servers and PowerVault Storage

Understanding How to Choose a Database Platform for Siemens PLM Software s Teamcenter

VMware Infrastructure 3 and Stratus Continuous Availability:

Veeam Cloud Connect. Version 8.0. Administrator Guide

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Transcription:

INDUSTRY Finance COMPANY PROFILE Major Financial Institution. BUSINESS SITUATION Internal security audits found that VMware ESX, Red Hat Linux, and Solaris systems lacked an efficient way to control access and securely authenticate users. SOLUTION Used Likewise Enterprise and Active Directory to establish one ID per user, centralize user and access administration for VMware ESX, enforce global password and security policies with group policy and sudo. Monitored and reported on access and management activities on individual hypervisors. BENEFITS Met organizational security compliance standards. Reduced workload for server and identity administrators. Streamlined logon processes for users. Financial Firm Secures Its Private Cloud Likewise Enterprise has been instrumental in our security plan to lock down and audit our VMware systems. Virtualization has become absolutely mission critical to our operations and Likewise has been a perfect complement to our production infrastructure. Information Security Manager, Financial Institution. Introduction As one of the world s most recognizable financial institutions, this firm serves businesses and other financial organizations throughout the United States and internationally. It provides a range of financial services that requires highly available and recoverable production information systems made possible through VMware virtualization. An internal security audit revealed that its VMware ESX systems as well as its Red Hat Linux VM guests and Solaris systems were configured with filebased methods of user authentication and access control. The staff responsible for user accounts did not have the expertise to manage and synchronize accounts for every type of operating system. Instead they turned to Likewise Enterprise to help them create a single domain solution that manages accounts in Active Directory and provides each user with a single ID for all their heterogeneous systems. Copyright 2009 Likewise Software. All rights reserved. 10.10.2009. 1

The information contained in this document represents the current view of Likewise Software on the issues discussed as of the date of publication. Because Likewise Software must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Likewise, and Likewise Software cannot guarantee the accuracy of any information presented after the date of publication. These documents are for informational purposes only. LIKEWISE SOFTWARE MAKES NO WARRANTIES, EXPRESS OR IMPLIED. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form, by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Likewise Software. Likewise may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Likewise, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2009 Likewise Software. All rights reserved. Likewise and the Likewise logo are either registered trademarks or trademarks of Likewise Software in the United States and/or other countries. All other trademarks are property of their respective owners. Likewise Software 15395 SE 30th Place, Suite #140 Bellevue, WA 98007 USA Copyright 2009 Likewise Software. All rights reserved. 2

Table of Contents Situation... 4 Solution... 5 Summary and Results... 6 For More Information... 8 Copyright 2009 Likewise Software. All rights reserved. 3

Situation Virtualization Benefits Drive Rapid Deployment Beginning in early 2002, broad changes in the organization s networked financial service offerings led to the rapid growth of web applications. As its customers became increasingly dependent on the high availability of its services, the organization had to add many more physical systems. Red Hat Enterprise Linux was chosen for its stability and high uptime. Maintaining the growing data center became rapidly more costly as it expanded and the earliest hardware started to fail. In 2006, an evaluation of the VMware Infrastructure platform concluded that the firm could reduce administrative costs by aggressively using virtualization to consolidate the physical systems and to provide high availability and disaster recovery. Starting in 2007, the firm implemented a comprehensive virtualization plan, selecting VMware Infrastructure 3 and VMware ESX bare-metal hypervisors to provide support for a majority of internal and external customer-facing deployment scenarios. When any internal customer requested a new server from the IT department, it would be a VM by default. If server hardware for a hypervisor showed evidence of failure, VMs would be migrated to other hardware without sacrificing servicelevel agreements. By the end of 2009, more than 80 percent of the application servers would be VMs hosted in VMware and the infrastructure would span more than 30 ESX servers. Interoperability and Security Challenges The virtualization initiative solved a great many problems and made the IT team agile and more responsive to customer needs, but as a financial institution, regular security audits and controls are required to ensure that customer information is handled correctly. A comprehensive audit found that both Linux and VMware ESX systems needed to enforce a regular 30-day password change policy. More important, the audit also found that the organization should implement a manageable and secure system for authenticating users and controlling access. On a day-to-day basis, server administrators require secure access to both Linux operating systems and the ESX systems. Administrators Copyright 2009 Likewise Software. All rights reserved. 4

need to routinely log on ESX servers with an OpenSSH client or a Virtual Infrastructure Client to perform backup operations, deploy virtual machines, and troubleshoot problems. If passwords were constantly changing, the situation could become unmanageable without centralized or synchronized identity. Our server administrators began to spend more time using the VMware management tools, but we found it absolutely critical to connect directly to ESX hosts if we had to troubleshoot something beyond the capabilities of vcenter. Implementing a directory-based solution was a clear candidate for securing the entire infrastructure. The firm was using Active Directory 2003 R2 for its Windows servers. The administrators attempted to implement Active Directory authentication on their ESX hosts by using VMware s configuration scripts. Although Active Directory s Kerberos authentication provided single sign on, it provided only part of the desired solution. When we incorporated Kerberos authentication on our ESX hosts, we had some of the correct pieces in place, but it had limitations. Every time we changed the status of a VMware administrator, our Windows-oriented user accounts managers would have to update /etc/passwd files. It became a maintenance problem that had the potential to expose security gaps. And we had to treat the ESX systems differently from our Red Hat guests. Solution The company began testing commercial AD-bridge software products that would support all the operating systems in its data center, including its VMware ESX servers. In addition to providing Kerberos authentication that is compatible with Active Directory, AD-bridge software also provides security policy management and audit and reporting functions. Likewise Enterprise stood out for several reasons: Ability to integrate VMware ESX and other operating systems into Active Directory for access control and authentication. Account administration is completely transparent with such tools as Active Directory Users and Computers. Ability to control security and sudo with group policies and Active Directory s hierarchy of organizational units. Ability to audit access and activity on VMware ESX systems. Copyright 2009 Likewise Software. All rights reserved. 5

Likewise s exceptional support and professional service offerings. Likewise s strong partner relationship with VMware in current and future products. Moving completely to Active Directory for user management saved the institution significant time in provisioning new users. Likewise provided the best solution overall. It was stable and endured our rigorous testing process. We were also impressed that it didn t displace any packages on our ESX servers. The reporting features are now a big part of our quarterly security audit reporting process. We saved a lot of time and effort by going with Likewise. Summary and Results A prominent financial institution simplified how it managed privileged user access to its VMware ESX infrastructure by using Likewise Enterprise to integrate its hypervisors with Active Directory. The Likewise solution eliminated costs associated with password resets and user account turnover that would otherwise have required reconfiguring more than 30 VMware ESX systems on a 30-day schedule. The firm was able to implement a hierarchical security policy across all its systems with both standard domain security policies and sudo policy configured for domain identities, allowing the firm to lock down its systems. Finally, with Likewise Enterprise s features for auditing and compliance, the firm was able to validate its virtualization security with regular reporting and respond to security exceptions through consolidated eventlog analysis. Comprehensive Platform Support Systems Joined to Active Directory - 30-plus VMware 3.5 ESX Servers were joined to Active Directory. - 50-plus Red Hat guests were joined to Active Directory. - Additional Solaris and AIX systems were joined to Active Directory. All VMware accounts managed through Active Directory - Windows-based account administrators use Windows default tools for all operating systems, including VMware. - Active Directory organizational units are used to limit group access to hosts. Privileged User Access Controlled with Group Policy Copyright 2009 Likewise Software. All rights reserved. 6

- All day-to-day on-box activities controlled through sudo policies. - Access to admin and root accounts on VMware disabled, reducing internal threat risks and the possibility of human errors. Enterprise Single Sign-On - GSS-enabled SSH, SFTP, F-Secure and PuTTY used with current credentials users are not required to enter credentials. Reporting and Audit - Quarterly reports include audits of users, access and activities while passing strict security guidelines for financial organization information. - Audit events provide quick response to potential treats or management exceptions. Copyright 2009 Likewise Software. All rights reserved. 7

- For More Information For more information, visit the Likewise web site at http://www.likewise.com. For general questions, call 800-378-1330 or email info@likewise.com. ABOUT LIKEWISE Likewise Software solutions improve management and interoperability of Windows, Linux, Mac OS X, and Unix systems with easy-to-use software for cross-platform identity management. Likewise provides familiar Windows-based tools for system administrators to seamlessly integrate Linux and Unix systems into Microsoft Active Directory. This enables companies with mixed networks to use existing Windows skills and resources, maximize the value of their Active Directory investment, strengthen the network security, and lower the total cost of ownership of Linux and Unix servers. Likewise Software is a Bellevue, WA-based software company funded by leading venture capital firms Ignition Partners, Intel Capital, and Trinity Ventures. Likewise has experienced management and engineering teams in place and is led by senior executives from leading technology companies such as Microsoft, F5 Networks, EMC and Mercury. Copyright 2009 Likewise Software. All rights reserved. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information