安全身份管理ppt課件

1、平安身份管理understanding the big picture廣州紫光北美科技:Opening the door to Web servicesNovell exteNdSecurely getting the right information to the right peopleNovell NsureThe best foundation for yourmixed environmentNovell NterpriseThe experience to solve your business problemsNovell NgageNovell Nsure 方案把身份管理提高

2、到一個新的層次，Novell的相關(guān)產(chǎn)品獲得多項大獎，Novell的方案是把產(chǎn)品，客戶以及協(xié)作方式結(jié)合的處理方案，此方案的中心是訪問控制把資源權(quán)限平安、方便、高效地分配給合理的人Novell 的“一體化網(wǎng)絡(luò)戰(zhàn)略SMIn the next hour1.什么是平安身份管理2. 為什么人們關(guān)懷這個問題3. 如何處理目的企事業(yè)單位面臨的平安身份管理問題You cant understand a subject 分而治之盲人與象You also have to understand 全局思索Secure identity management 涵蓋很多內(nèi)容Personalized User Interfa

3、ceContent AggregationSelf ServiceWeb Based AccessAuthenticationSingle Sign-onRemote AccessAuthoritative Identity SourcingPolicy Driven WorkflowRole Based ProfilingPassword Management Auditing &Intrusion Detectionsecure identity 分為三個主要部分Provide access to resources based on authenticated identityKnow

4、who youre dealing withDeliver servicesbased on a personsrole or preferences123accessmanagement訪問管理identity management身份管理personalized delivery of applications and content運用和內(nèi)容的個性化分發(fā)exploring secure identity management 一個商務(wù)環(huán)境的例子員工B2B協(xié)作同伴客戶企業(yè)財務(wù)經(jīng)濟市場銷售客戶效力員工B2B協(xié)作同伴客戶財務(wù)經(jīng)濟市場銷售客戶效力Roles & responsibilitiesA

5、cceptable useData classificationsPassword policiesCompliance procedures平安戰(zhàn)略Identity身份管理Secure identity management 始于平安戰(zhàn)略HRComputerPhoneWhite Pages對于新的員工,一同都輕而易舉.New employees receive access and resources quickly & automatically, based on roles & responsibilities戰(zhàn)略: Policies establish 哪些人 可以訪問 哪些資源業(yè)務(wù)

6、Who are you? What is your role?What do you need access to?Access policies based on roles 簡化管理CustomerSupplier信任證:Trusted credentials 允許對授權(quán)的資源進(jìn)展平安訪問EmployeeHRComputerPhoneWhite PagesNew employees receive access and resources quickly & automatically, based on roles & responsibilities員工分開的時候,問題也變得簡單. T

7、erminated employees have access revoked completely & immediately across all systemsPolicies also determine 什么時候讓訪問權(quán)限失效Novell 的處理方案 of secure identity managementNsure 隨時,隨地,把需求的權(quán)限賦予需求的人.Novell Nsure secure identity management solutions enable you to securely extend resources to the people who power y

8、our business, leveraging your current systems 跨平臺基于單一業(yè)務(wù)過程基于工業(yè)標(biāo)志Combination of our directory, meta-directory, provisioning, access management, and Professional Services capabilitiesNsureNAMDirXMLThe Novell products that power Nsure solutionsNovell Nsure Secure Identity ManagementNetDirectoryHostNT/20

9、00/XPCustomersPartners /SuppliersWeb ServersNAMNsure ResourcesEmployeesSecure LoginBorder ManageriChainDirXMLSecure Identity Management1.什么是平安身份管理2. 為什么人們關(guān)懷這個問題3. 如何處理分析家: say we should all care about Secure Identity Management“While we still expect a return to 3A growth from increased activity in t

10、he security management area, we believe that identity management and Web services security, with their broad consumption of 3A technologies, will revitalize the market. However, these new initiatives will demand integration among previously separate products. Therefore, this transition will create e

11、ven greater turmoil in the 3A market for at least the next 12-24 months.(認(rèn)證/授權(quán)/審計)Anthony C. Picardi, IDC (December 2002)“Identity has become a strategic business issue Integrated identity and access management infrastructure is “in Enterprises must create an Identity Management architecture and str

12、ategy.(身份管理體系構(gòu)造和戰(zhàn)略)Jamie Lewis, Burton Group (October 30, 2002)“Though IT budgets remain tight, organizations are continuing to invest in identity management because it addresses critical business issues and delivers a quantifiable return on investment (ROI). (投資報答)Jonathan Penn, Giga Information Gr

13、oup (October 22, 2002)“No CIO checklist for 2003 can be complete without an item on security. Concerns, both real and imaginary, will continue to test the resolve and the budgets of IS organizations. Demand and expectation for business transparency by customers, partners and regulators continue to i

14、ncrease. This virtualization creates a strategic business challenge to provide access simply, safely and economically to everyone who needs it and simultaneously prevent unauthorized or destructive access. During 2003, CIOs should review and update the complex issues of identity and access managemen

15、t (IAM) polices and methods. J. Mahoney, Gartner, Inc. (December 24, 2002)“Convergence and security concerns will drive enterprise directory services adoption (2002+), reinforcing the need for identity management (2002-04). NOS upgrades, strong authentication, and higher demands for identity managem

16、ent will drive increasingly complex integration of multi-vendor/platform directory instances (2003+), resulting in more use of EAI-like integration “toolkits. Earl Perkins, Meta Group (November 4, 2002)案例一:TransUnion Credit 信托公司reporting and financial services company“We live and die by long lists o

17、f FTC regulations Our entire business is based on the ability to provide the right people with secure access to enormous volumes of highly sensitive, regulated information. Secure identity management is a huge deal for us.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityHeav

18、ily regulated environmentSecurity a top concernMillions of credit reports processed dailyGrowth from 38,000-150,000 eCommerce users案例二: Mount Sinai NYU Health System 衛(wèi)生系統(tǒng)“Novell has increased our availability by 30 fold Our internet-enabled capability allows us to provide secure, remote access to ou

19、r users, empowering them to maximize productivity, provide better patient care, and ultimately save lives.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityAffiliations with more than 17 hospitals, nine long-term care facilities, and four community physician practicesDisperse

20、d community of 10,000 usersDecrease time to access critical dataEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例三: Centennial College 高校Ontarios oldest community college“Unless we implemented a provisioning solution that made authentication and network administration fast

21、, reliable, simple and secure, the sheer volume of accounts would be unmanageable.4 campuses and 8 satellite locations3,000 faculty and staff12,000 full-time students30,000 part-time students80,000 alumniEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例四 Allianz Suisse 保險W

22、orlds 5th largest insurance company“We had to set up a secure external network to allow this cooperation to work efficiently, and we had only four months to do it.Merger of 3 large insurers250 offices4500 employees, many remoteDecided to offer new financial services provided by a partner想象:航空公司Digit

23、al航空公司舉例想象:航空公司牢不可破的參照與解析eDirectory 滿足的另一個全效力目錄要求是，它可以創(chuàng)建并維護目錄中不同對象間的關(guān)系。關(guān)系是樹中相關(guān)對象間的鏈接。例如，當(dāng)您將一位用戶確定為組員時，eDirectory 就會在兩個對象間建立鏈接。全效力目錄必需滿足的一個要求是在您更改目錄樹時，可以堅持這些至關(guān)重要的關(guān)系。用戶 Fred.SLC.AM.Airports.DigitalAirlines 是 Pilots.Flight.Corp.DigitalAirlines組的一個成員。假設(shè)Digital航空公司將 Fred 派到亞特蘭大，并將其用戶對象轉(zhuǎn)移到ATL.AM.Airports.

24、DigitalAirlines。為了維護 Fred 與機組間的關(guān)系，eDirectory 會自動更新機組的屬性，以參考 Fred 的新位置。想象:航空公司虛擬復(fù)件例如，假設(shè)Digital航空公司假想的公司已在每架飛機上實施了 eDirectory，使機組人員可以在飛行時，經(jīng)過電子郵件將關(guān)鍵信息發(fā)送給地勤、維護或客戶效力部門。每架飛機上都安裝一臺效力器，效力器中存儲著一個復(fù)件，其中包含通常隨該飛機飛行的員工的網(wǎng)絡(luò)身份信息。當(dāng)飛機還在地面時，Digital航空公司的任何員工都可以在完好的目錄中找到他人，由于飛機與全球網(wǎng)絡(luò)互連。然而，飛機起飛后，銜接就斷開了。在每架飛機上存儲Digital航空公司全

25、體員工的一切用戶對象非常不切合實踐。然而，在一架飛機上存儲一切對象的一個子集可以行得通，例如每位員工的姓名和電子郵件地址。Novell 的 eDirectory 經(jīng)過虛擬復(fù)件提供了這種才干。 員工B2B協(xié)作同伴客戶財務(wù)經(jīng)濟市場銷售客戶效力Facilitate businessIncrease securityReduce costImprove productivityEnhance user satisfactionIdentityNsure identity management benefits業(yè)務(wù)客戶可以得到個性化的信息，從而提高稱心度，添加市場時機與協(xié)作同伴無縫交換必要信息，對結(jié)合工

26、程的時限和質(zhì)量要求。供應(yīng)商能更好地了解您的需求，從而帶來更好的購買過程顯著提高員工效率，無論對于新加盟的員工還是轉(zhuǎn)換任務(wù)崗位的員工同類產(chǎn)品Alternative solution providers, such as IBM, Sun, Computer Associates, Netegrity and Business Layers:短少一致的身份根底架構(gòu), 只能處理一部分問題 or 需求客戶改動業(yè)務(wù)過程.These solutions:帶來新的問題, 不能滿足業(yè)務(wù)增長 and 添加行政問題.The Novell advantage優(yōu)勢Novell 具有獨特的優(yōu)勢 Novell Nsure

27、:跨平臺, 維護投資才干強, 整合原有系統(tǒng),處理未來增長需求.comprehensive and modular solutionleverages your existing investmentsautomates your existing business processesprovides a foundation that will support the business environment as it evolves to Web servicesAdvantageNovell Nsure gives you the control and agility to meet

28、your evolving business needsDifferentiatorsSecure Identity Management1.什么是平安身份管理2. 為什么人們關(guān)懷這個問題3. 如何處理Secure Identity Management 處理重要的商務(wù)問題It provides the means to:實時的, 基于角色的資源 適用分布的任務(wù)環(huán)境、協(xié)作同伴、客戶等從任何地方，支持無線保證系統(tǒng)的平安性Common challenges to successful Secure Identity ManagementProjectScopeApplicationIntegrat

29、ionRoleEngineeringArchitecturalDesignOrganizationalRealignmentLack ofExpertiseDataOwnershipTrainingChangeControl 2002 Giga Information Group, Inc.政策資金投入復(fù)雜度Your plans should address 多維問題戰(zhàn)略組織過程技術(shù)人員變化管理工程管理PlanningDimensionsWhere is the enterprise going?What are the relevant business goals & initiative

30、s?How are business plans and technology strategy coordinated?How is the enterprise organized?What are the main business processes?How could these processes be improved?What is the current technical & application environment?What are the relevant technical requirements & constraints?Is there effectiv

31、e sponsorship for addressing these issues?What are the potential barriers to acceptance of solutions to these issues?How do you coordinate programs and projects across functional areas?What other initiatives or major changes may affect your plans?The solution delivery processBusiness focusRapid resu

32、ltsPhased approachConsensus drivenFlexibilityOpen systems and standards-basedLeverage existing investmentsSkills transferHigh value partnering加強戰(zhàn)略方案驗證Direction Setting需求分析設(shè)計開發(fā)與部署支持Implementation工程管理DirXML Concepts and Terms在NDS eDirectory之上運用 DirXMLeDirectory 靈敏易變Change tree names, container namesAd

33、d or delete schema without shutting down serverSplit trees, merge trees, create or join partitionseDirectory 容錯性強Multi-master replication - vehicle for data sharingSchema and data integrityReferential integrityeDirectory 可擴展性好，速度快Billions of objects, thousands of searches/sec.DirXML 擴展了eDirectory的功能

34、Multi-master Replication123changeReplicatedReplicatedchangeFilterReplicatedGuy23目的: link data objectsDirXML establishes links between similar data objects and maintains the consistency of the data in each object基于規(guī)那么的自動鏈接匹配規(guī)那么Identifies if an object already exists with similar dataLinks the existing objects rather than creating new ones when rule is satisfied創(chuàng)建規(guī)那么Stipulates which attributes are required for create requestsSets default values交換規(guī)那么Provides placement handles for new objects數(shù)據(jù)流和數(shù)據(jù)轉(zhuǎn)換戰(zhàn)略映射 RuleConverts schema from XDS to th