安全身份管理ppt课件

1、平安身份管理understanding the big picture广州紫光北美科技:Opening the door to Web servicesNovell exteNdSecurely getting the right information to the right peopleNovell NsureThe best foundation for yourmixed environmentNovell NterpriseThe experience to solve your business problemsNovell NgageNovell Nsure 方案把身份管理提高

2、到一个新的层次，Novell的相关产品获得多项大奖，Novell的方案是把产品，客户以及协作方式结合的处理方案，此方案的中心是访问控制把资源权限平安、方便、高效地分配给合理的人Novell 的“一体化网络战略SMIn the next hour1.什么是平安身份管理2. 为什么人们关怀这个问题3. 如何处理目的企事业单位面临的平安身份管理问题You cant understand a subject 分而治之盲人与象You also have to understand 全局思索Secure identity management 涵盖很多内容Personalized User Interfa

3、ceContent AggregationSelf ServiceWeb Based AccessAuthenticationSingle Sign-onRemote AccessAuthoritative Identity SourcingPolicy Driven WorkflowRole Based ProfilingPassword Management Auditing &Intrusion Detectionsecure identity 分为三个主要部分Provide access to resources based on authenticated identityKnow

4、who youre dealing withDeliver servicesbased on a personsrole or preferences123accessmanagement访问管理identity management身份管理personalized delivery of applications and content运用和内容的个性化分发exploring secure identity management 一个商务环境的例子员工B2B协作同伴客户企业财务经济市场销售客户效力员工B2B协作同伴客户财务经济市场销售客户效力Roles & responsibilitiesA

5、cceptable useData classificationsPassword policiesCompliance procedures平安战略Identity身份管理Secure identity management 始于平安战略HRComputerPhoneWhite Pages对于新的员工,一同都轻而易举.New employees receive access and resources quickly & automatically, based on roles & responsibilities战略: Policies establish 哪些人 可以访问 哪些资源业务

6、Who are you? What is your role?What do you need access to?Access policies based on roles 简化管理CustomerSupplier信任证:Trusted credentials 允许对授权的资源进展平安访问EmployeeHRComputerPhoneWhite PagesNew employees receive access and resources quickly & automatically, based on roles & responsibilities员工分开的时候,问题也变得简单. T

7、erminated employees have access revoked completely & immediately across all systemsPolicies also determine 什么时候让访问权限失效Novell 的处理方案 of secure identity managementNsure 随时,随地,把需求的权限赋予需求的人.Novell Nsure secure identity management solutions enable you to securely extend resources to the people who power y

8、our business, leveraging your current systems 跨平台基于单一业务过程基于工业标志Combination of our directory, meta-directory, provisioning, access management, and Professional Services capabilitiesNsureNAMDirXMLThe Novell products that power Nsure solutionsNovell Nsure Secure Identity ManagementNetDirectoryHostNT/20

9、00/XPCustomersPartners /SuppliersWeb ServersNAMNsure ResourcesEmployeesSecure LoginBorder ManageriChainDirXMLSecure Identity Management1.什么是平安身份管理2. 为什么人们关怀这个问题3. 如何处理分析家: say we should all care about Secure Identity Management“While we still expect a return to 3A growth from increased activity in t

10、he security management area, we believe that identity management and Web services security, with their broad consumption of 3A technologies, will revitalize the market. However, these new initiatives will demand integration among previously separate products. Therefore, this transition will create e

11、ven greater turmoil in the 3A market for at least the next 12-24 months.(认证/授权/审计)Anthony C. Picardi, IDC (December 2002)“Identity has become a strategic business issue Integrated identity and access management infrastructure is “in Enterprises must create an Identity Management architecture and str

12、ategy.(身份管理体系构造和战略)Jamie Lewis, Burton Group (October 30, 2002)“Though IT budgets remain tight, organizations are continuing to invest in identity management because it addresses critical business issues and delivers a quantifiable return on investment (ROI). (投资报答)Jonathan Penn, Giga Information Gr

13、oup (October 22, 2002)“No CIO checklist for 2003 can be complete without an item on security. Concerns, both real and imaginary, will continue to test the resolve and the budgets of IS organizations. Demand and expectation for business transparency by customers, partners and regulators continue to i

14、ncrease. This virtualization creates a strategic business challenge to provide access simply, safely and economically to everyone who needs it and simultaneously prevent unauthorized or destructive access. During 2003, CIOs should review and update the complex issues of identity and access managemen

15、t (IAM) polices and methods. J. Mahoney, Gartner, Inc. (December 24, 2002)“Convergence and security concerns will drive enterprise directory services adoption (2002+), reinforcing the need for identity management (2002-04). NOS upgrades, strong authentication, and higher demands for identity managem

16、ent will drive increasingly complex integration of multi-vendor/platform directory instances (2003+), resulting in more use of EAI-like integration “toolkits. Earl Perkins, Meta Group (November 4, 2002)案例一:TransUnion Credit 信托公司reporting and financial services company“We live and die by long lists o

17、f FTC regulations Our entire business is based on the ability to provide the right people with secure access to enormous volumes of highly sensitive, regulated information. Secure identity management is a huge deal for us.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityHeav

18、ily regulated environmentSecurity a top concernMillions of credit reports processed dailyGrowth from 38,000-150,000 eCommerce users案例二: Mount Sinai NYU Health System 卫生系统“Novell has increased our availability by 30 fold Our internet-enabled capability allows us to provide secure, remote access to ou

19、r users, empowering them to maximize productivity, provide better patient care, and ultimately save lives.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityAffiliations with more than 17 hospitals, nine long-term care facilities, and four community physician practicesDisperse

20、d community of 10,000 usersDecrease time to access critical dataEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例三: Centennial College 高校Ontarios oldest community college“Unless we implemented a provisioning solution that made authentication and network administration fast

21、, reliable, simple and secure, the sheer volume of accounts would be unmanageable.4 campuses and 8 satellite locations3,000 faculty and staff12,000 full-time students30,000 part-time students80,000 alumniEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例四 Allianz Suisse 保险W

22、orlds 5th largest insurance company“We had to set up a secure external network to allow this cooperation to work efficiently, and we had only four months to do it.Merger of 3 large insurers250 offices4500 employees, many remoteDecided to offer new financial services provided by a partner想象:航空公司Digit

23、al航空公司举例想象:航空公司牢不可破的参照与解析eDirectory 满足的另一个全效力目录要求是，它可以创建并维护目录中不同对象间的关系。关系是树中相关对象间的链接。例如，当您将一位用户确定为组员时，eDirectory 就会在两个对象间建立链接。全效力目录必需满足的一个要求是在您更改目录树时，可以坚持这些至关重要的关系。用户 Fred.SLC.AM.Airports.DigitalAirlines 是 Pilots.Flight.Corp.DigitalAirlines组的一个成员。假设Digital航空公司将 Fred 派到亚特兰大，并将其用户对象转移到ATL.AM.Airports.

24、DigitalAirlines。为了维护 Fred 与机组间的关系，eDirectory 会自动更新机组的属性，以参考 Fred 的新位置。想象:航空公司虚拟复件例如，假设Digital航空公司假想的公司已在每架飞机上实施了 eDirectory，使机组人员可以在飞行时，经过电子邮件将关键信息发送给地勤、维护或客户效力部门。每架飞机上都安装一台效力器，效力器中存储着一个复件，其中包含通常随该飞机飞行的员工的网络身份信息。当飞机还在地面时，Digital航空公司的任何员工都可以在完好的目录中找到他人，由于飞机与全球网络互连。然而，飞机起飞后，衔接就断开了。在每架飞机上存储Digital航空公司全

25、体员工的一切用户对象非常不切合实践。然而，在一架飞机上存储一切对象的一个子集可以行得通，例如每位员工的姓名和电子邮件地址。Novell 的 eDirectory 经过虚拟复件提供了这种才干。 员工B2B协作同伴客户财务经济市场销售客户效力Facilitate businessIncrease securityReduce costImprove productivityEnhance user satisfactionIdentityNsure identity management benefits业务客户可以得到个性化的信息，从而提高称心度，添加市场时机与协作同伴无缝交换必要信息，对结合工

26、程的时限和质量要求。供应商能更好地了解您的需求，从而带来更好的购买过程显著提高员工效率，无论对于新加盟的员工还是转换任务岗位的员工同类产品Alternative solution providers, such as IBM, Sun, Computer Associates, Netegrity and Business Layers:短少一致的身份根底架构, 只能处理一部分问题 or 需求客户改动业务过程.These solutions:带来新的问题, 不能满足业务增长 and 添加行政问题.The Novell advantage优势Novell 具有独特的优势 Novell Nsure

27、:跨平台, 维护投资才干强, 整合原有系统,处理未来增长需求.comprehensive and modular solutionleverages your existing investmentsautomates your existing business processesprovides a foundation that will support the business environment as it evolves to Web servicesAdvantageNovell Nsure gives you the control and agility to meet

28、your evolving business needsDifferentiatorsSecure Identity Management1.什么是平安身份管理2. 为什么人们关怀这个问题3. 如何处理Secure Identity Management 处理重要的商务问题It provides the means to:实时的, 基于角色的资源 适用分布的任务环境、协作同伴、客户等从任何地方，支持无线保证系统的平安性Common challenges to successful Secure Identity ManagementProjectScopeApplicationIntegrat

29、ionRoleEngineeringArchitecturalDesignOrganizationalRealignmentLack ofExpertiseDataOwnershipTrainingChangeControl 2002 Giga Information Group, Inc.政策资金投入复杂度Your plans should address 多维问题战略组织过程技术人员变化管理工程管理PlanningDimensionsWhere is the enterprise going?What are the relevant business goals & initiative

30、s?How are business plans and technology strategy coordinated?How is the enterprise organized?What are the main business processes?How could these processes be improved?What is the current technical & application environment?What are the relevant technical requirements & constraints?Is there effectiv

31、e sponsorship for addressing these issues?What are the potential barriers to acceptance of solutions to these issues?How do you coordinate programs and projects across functional areas?What other initiatives or major changes may affect your plans?The solution delivery processBusiness focusRapid resu

32、ltsPhased approachConsensus drivenFlexibilityOpen systems and standards-basedLeverage existing investmentsSkills transferHigh value partnering加强战略方案验证Direction Setting需求分析设计开发与部署支持Implementation工程管理DirXML Concepts and Terms在NDS eDirectory之上运用 DirXMLeDirectory 灵敏易变Change tree names, container namesAd

33、d or delete schema without shutting down serverSplit trees, merge trees, create or join partitionseDirectory 容错性强Multi-master replication - vehicle for data sharingSchema and data integrityReferential integrityeDirectory 可扩展性好，速度快Billions of objects, thousands of searches/sec.DirXML 扩展了eDirectory的功能

34、Multi-master Replication123changeReplicatedReplicatedchangeFilterReplicatedGuy23目的: link data objectsDirXML establishes links between similar data objects and maintains the consistency of the data in each object基于规那么的自动链接匹配规那么Identifies if an object already exists with similar dataLinks the existing objects rather than creating new ones when rule is satisfied创建规那么Stipulates which attributes are required for create requestsSets default values交换规那么Provides placement handles for new objects数据流和数据转换战略映射 RuleConverts schema from XDS to th