Archive for the ‘Novell’ Category
Monday, April 18th, 2011
***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK. We do not guarantee this will work in your environment and make no warranties***
While Novell’s Identity Manager product has an extensive list of actions, there is nothing like the power of the command line. The default actions included in the product cover the most common items that one would want to perform, but occasionally, a truly unique action needs to be performed. In the past, to extend the action infrastructure, one was required to write a java class and add it to the java class path. Recent versions of IDM, however, have included the ability to use ECMA scripting to extend capabilities without custom java classes. What follows, is a script and the corresponding actions within IDM to execute command line functions.
ECMA Script:
importPackage(Packages.java.lang);
function execCL(command)
{
var runtime, process;
runtime = new java.lang.Runtime.getRuntime();
process = runtime.exec(command);
process.waitFor();
return process.exitValue();
}
IDM Policy Action
<do-set-local-variable name=”command” scope=”policy”>
<arg-string>
<token-text xml:space=”preserve”>YourCommandHere(Hint: use $localvariablename to pass parameters)</token-text>
</arg-string>
</do-set-local-variable>
In the past, this method has been used to integrate password encryption with Mac OSX LDAP directories. The standard LDAP set password operation only sets the simple password, which appears as clear text to anyone viewing the user accounts. To properly set the password as an encrypted value, one must execute the “dscl” command on the OSX directory server.
The following is an example of the command to perform this:
ssh -vvv $osxHost$ /usr/bin/dscl -u $adminuser$ -P $adminpassword$ /LDAPv3/127.0.0.1 -passwd /Users/$name$ $passwd$ 2>&1
Questions, comments or concerns? Feel free to reach out to us at IDMWorks.
Tags: ECMA scripting, Novell Identity Manager
Posted in Identity Management, Identity Provisioning, Novell, Novell Identity Manager, Tips & Tricks | No Comments »
Tuesday, March 29th, 2011
Novell Identity Manager integrates tightly with Novell eDirectory. Part of the benefit of eDirectory is the inherent security built around passwords. But there are times that Novell’s native tools for managing passwords do not meet the specific needs of the deployment. So let’s briefly explore the options you have for managing passwords within the framework of Novell’s Identity Manager. For the purposes of this article password management is defined as the ability for a user to set a password, set challenge/response questions and use those challenge response questions to reset a forgotten password.
The first option, and probably the easiest to implement, is to use Novell’s Role Based Provisioning Module (RBPM) formerly known as the User Application. This tool is easily deployed and fully supports all of the password management functionality. It is can be branded and is fully supported by Novell. The drawback to the RBPM is that it may be more than some organizations need when they are looking for just password management. Additionally an organization may have an existing portal deployment that they want to integrate password management into. RBPM may not be the best fit for these organizations.
Another option is to utilize Novell’s Password Management Framework from their custom development group. This is a fully functional password utility that is specifically tailored to an organization. It is supported via Novell’s custom development group and fully supports all of the password management functionality. The disadvantage of this solution is the additional costs associated with the purchase, development and support of the solution. It can be integrated into an organizations existing portal solution and is fully supports branding specific to an organization.
If the functionality of Novell’s Password Management Framework (PMF) is what an organization is looking for but they do not wish to make the additional investment in product, support, etc… then a viable option is an open source project called PWM (available at https://code.google.com/p/pwm/). This solution is very comparable to Novell’s PMF. An organization may deploy it as is or customize it for their needs. The advantage of this solution is the reduced product costs. The disadvantage of this solution is that the organization is essentially self supporting themselves with this solution. Just as the solutions above PWM fully supports all of the password management functionality.
In RBPM 3.7 there is also a forgotten password web service that is available (http://server:port/warcontext/pwdmgt/service?wsdl). This is a good way to access basic password reset functionality. This service does not support all of the password management functionality. However it is a good option for organizations familiar with writing to web services and only need the basic forgotten password operations.
For organizations that desire the web service approach but need fuller functionality than what the basic web service interface provides there is in RBPM 3.7 REST services available. The functionality for the REST services is contained in a war file (RIS.war) that sits separate from the User Application and provides access to much more than just the password management features. The REST services are fully documented in Novell’s RBPM 3.7 online documentation. This solution can be integrated into an organizations existing portal framework or can be used to build a fully functional site that exposes specific functionality that an organization needs.
There are other options for integrating with Novell’s Identity Management solution for password management that utilize Novell’s APIs. But in the opinion of this consultant the above listed methods are the most cost effective options and provide the functionality that most organizations need.
As usual if you have questions, comments or concerns feel free to reach out to us at IDMWorks.
Tags: eDirectory, Identity Manager, Novell, Password Management, Password Management Framework, PMF, PWM, RBPM, Role Based Provisioning Module
Posted in Identity Management, Novell, Novell Identity Manager, Password Management | No Comments »
Monday, December 20th, 2010
(Editor’s Note) Just a brief disclaimer here: Although we are blogging quite a bit these days about Novell and they are at the forefront (no Microsoft IdM pun intended) of our thoughts we remain steadfast VENDOR NEUTRAL. It just so happens a bunch of IDMWorks folks went to the ATT Live Novell event in Las Vegas a week or so back and as such it seemed a waste to not flood the Blog with what we saw, liked, didn’t like and loved. Besides this they covered the costs for us to attend (hint, hint vendors out there) and I think we owe it to Novell to give them a fair bit of coverage. We remain honest in our assessments and appreciate and and all feedback you might have either below or through our contact page. Now back to our regularly scheduled blog already in progress…
Along with Todd Rossin (who beat me to the blog), I was one of the lucky ones who got to attend Novell’s ATT Live 2010 in Las Vegas. There is far too much to cover in one blog entry, so there will be multiple blogs for each class/training session that I attended. This entry will be covering the “What’s New with Novell’s Identity Manager 4″ session.
There are some cool new features that Novell added to Identity Manager, and they include:
- Advance reporting and metrics capability
- Role Mapping Administrator
- Package Manager
- Sharepoint and Salesforce.com drivers (connectors)
The Advance Reporting and Metrics piece includes tons of “out of the box” report templates, state based reporting (present, past, and activity level reporting), visibility across Identity Vault and connected systems, and customization of reports. You can also automate your reports, collect data based on policies and distribute them automatically once they are run. This is much improved over the previous version of Identity Manager and seems to incorporate more of what is used in Sentinel. Sometime in 2011, Sentinel and IDM reporting are going to get even closer along with other capabilities (we even blogged on this topic). The report customization was kind of difficult to grasp at first but the options seem pretty limitless once you get rolling. The added functionality of an automated distribution method is also a nice feature to have so that everyone can get their reports in a timely fashion without having to remind your Report Administrator to send them out. If you don’t want to clutter up your email system with these reports then you can also set them to retrieve upon you login to Identity Manager.
The Role Mapping Administrator application puts everything on one screen so you don’t have to scour through confusing tables or lists of roles and authorizations. It will show you the roles that are set up in your Identity Manager space and the available authorizations for your connected systems. It even allows one to drag and drop your connected system’s authorizations to your roles making it easier to control what accesses the employees get within your organization.
The Package Manager now allows more control over approval flows, roles, policies, and style sheets. By allowing versioning of your packages one can add enhancements and reduce the time it takes to upgrade a driver (connector). Of course if don’t like the packages that Novell provides you can now customize them and deploy them to your driver (connector) easier and faster than before.
There are new drivers (connectors) available out of the box including some very interesting ones, Sharepoint and Salesforce.com. I have always valued when companies keep up with the industries that they are supporting, so any new out of the box drivers (connectors) are helpful and welcome as this speeds up my own deployments and reduces the amount of customizations required to get everything up and running.
I will go into more detail on some of the above features in future blogs but I figured the first one should just be an overview of what’s new in IDM4. Overall the week was full of solid information straight from the developers of the software. You can’t go wrong trying to pry information directly from the people who designed it. Unfortunately, in the negative, the labs during the week had their fair share of problems but most of it worked out just fine in the end with a bit of cajoling. It is obvious that Novell is trying to become a major force in the Identity Management arena and this product will most likely move them in the right direction to accomplish that.
Tags: Identity Management, Identity Manager, Novell, Novell ATT Live, Novell Identity Manager
Posted in Identity Management, Novell, Novell Identity Manager, Novell Sentinel, Role Management, Security Information & Event Management (SIEM) | 1 Comment »
Thursday, December 16th, 2010
Novell ATT Live Round Up Part 2
Location: Vegas Baby!
So a team of IDMWorks folks ventured to a little known town of Las Vegas to attend the 4 day ATT Live Novell Training, Update and Marketing summit. So what did we learn? Much like the Vegas buffets we had our pick of many tools, overviews and information sessions. Each of the IDMWorks team members (there were 4 of us present) choose a little from column A and little from column B. As such I plan to speak to the sessions I attended and what I saw as well as my likes and dislikes.
This will be a multipart blog entry, as such I bring you Part 2: Novell ATT Live Roundup – Sentinel Security Information & Event Management!
The Novell sessions at ATT Live were interesting in that they weren’t full blown product training as much as bits and pieces specific to tasks within a product (such as Driver Packaging for Novell Identity Manager 4). The Novell Sentinel briefing I attended was “Identity Tracking for Novell Sentinel and Identity Manager” in which staff (preferably security) are alerted in real time of a breach in security allowing the staff to take immediate action to halt the user from being a bad, bad man (or woman). The key here is to know the old WHO, WHAT, WHERE and WHEN of the breach and having the means to not only identify but stop the malicious activity. Timing is of the essence here.
The lab revolved around tying the Novell Identity Manager 4 product into the Novell Sentinel product with ease. I won’t lie here and tell you that everything went uber smoothly or that there weren’t any glitches in the process but what I can tell you is that with a little elbow grease this is a completely doable proposition. The event monitoring can show us when an employee used their proximity card or badge to enter (who). When the user logged in to his/her laptop. What applications and databases they accessed. What policy they violated or breached and when they did it (in real time) and incident management and remediation. In the case of Novell Identity Manager 4 the action was used to trigger an immediate shutdown of all access rights including (but not limited to) Login ID suspension (works great if that account is SSO enabled for a one stop method), application access termination (if not SSO enabled), Badge credentials revocation (or CAC if you prefer), and immediate compliance audit and reporting to security staff members. Pretty…Frickin…Cool.
Now this has whet my appetite big time. It makes me want to see what other products are out there that also fit the bill and I see me taking a look at the Microsoft, Oracle, IBM and CA offerings that have a similar proposition soon to take a look at how they stack up. Feel free to sound off below on your experiences with Novell Sentinel or a similar vendor product.
As usual, questions, comments or needs, contact us here.
And Happy Holidays from the crew at IDMWorks!
Tags: Novell Identity Manager, Novell Sentinel, Rossin, Security Information & Event Management, SIEM, Todd, Todd Rossin
Posted in Common Access Card, Data Loss Prevention, Governance, GRC, Identity Management, Novell, Novell Identity Manager, Novell Sentinel, Security Information & Event Management (SIEM) | 1 Comment »
Wednesday, December 15th, 2010
Novell ATT Live Round Up Part 1
Location: Vegas Baby!
So a team of IDMWorks folks ventured to a little known town of Las Vegas to attend the 4 day ATT Live Novell Training, Update and Marketing summit. So what did we learn? Much like the Vegas buffets we had our pick of many tools, overviews and information sessions. Each of the IDMWorks team members (there were 4 of us present) choose a little from column A and little from column B. As such I plan to speak to the sessions I attended and what I saw as well as my likes and dislikes.
This will be a multipart blog entry, as such I bring you Part 1: Novell ATT Live Roundup – Novell Cloud Manager!
I guess after all my blogging about the state of the cloud space and the pros and cons it behooved me to sit in the cloud sessions. Interestingly I found out that the Novell folks seem to get it when it comes to the cloudview. What I mean is that the Novell reps spoke to the fact that many of the “cloud” offerings you see today are simply repackaged applications with no new innovation taking advantage of the cloud name (simply add in a dash of virtualization, a Web front end, some eye of newt and wallah!). From a marketing perspective Novell managed to show me that they could knock out a good chunk of the competitor’s cloud lines by using this simple fact.
The reps also understood where their Cloud Manager application was heading and in a refreshing twist of honestly let us know that in fact their application was a 1.x release and would not only suffer from that fact but would agree with whomever that, in fact, the product needed to mature. I couldn’t agree more. I have written as such very recently in this blog that while Cloud may be the “it” star of 2010 the CEOs, CIOs, and CTO’s are going to have a difficult time justifying the risk vs. reward at this point in time. Not to say that sooner rather than later this will change but for now the non sequitur I hear from almost every “C” level person I speak to is “not ready for prime-time” (which irks me about the same as such classics as “that is a slam-dunk”, “that product is dead on arrival”, and “that is a no-brainer”, but I digress).
What this means to me is that the clock is ticking on the acceptance of Cloudspace technologies. First come the bleeding edge crew (generation 1) that is in the process of Clouding up now. Then will come the quasi-early adopters (gen 2) that will pony-up when they see a mildly positive business case. Tertiary to the cloud will be the folks who see the actual business and technical risks go away that only comes with maturity (gen 3). This is the key group for the software sales and services side because this is probably 70% of the pie. Maturity will bring sales. The last group will be the late bloomers (gen 4). Thos who five to eight years from now will start to add in cloud services and will account for the later business on the downside of the elliptical curve.
As for the Novell Cloud Manager I see a big play in the works from Novell. Again this is a 1.x release but the insight and the technology is there. While I can’t recommend anyone use a 1.x of any vendor’s product I can unequivocally state that you should keep a good eye on this product and where it is going, especially if you are a gen 2 or gen 3 adopter. As for the who, what, where and when of the product, I hate adding that in this type of blog entry, so I am going to tell you to contact a Novell rep to take a look at the product and get a demo and to peruse the Novell Cloud web site. What you will find is exactly what you’d expect, cloud features.
As usual, questions, comments or needs, feel free to sound off in the comments section below or to contact us here.
Tags: Cloud Computing, Novell ATT Live, Novell Cloud Manager, Rossin, Todd, Todd Rossin
Posted in Cloud Computing, Novell, Novell Cloud Manager | No Comments »
Thursday, November 25th, 2010
A few weeks ago, I wrote about Novell and the possibility of an acquisition, well today that “theory” has been validated. On 11/22/2010 Attachmate announced that they had come to a definitive agreement with Novell’s board and shareholder for the purchase of the company.
Attachmate, not having the same footprint in the IAM space as Novell, has decided to let Novell operate as Novell (smart move) but the strategy isn’t very clear, or is it?
Let’s analyze it, what does Attachmate bring to the relationship besides having enough cash to purchase Novell? Do they have the requisite experience in:
- Selling enterprise Software – check
- Maintaining their existing customer base – check
- Up-selling the existing customer base – check
- Identity Management / Security – nope. The closest they come to security is Systems Management, Configuration Management & SIEM software. All of which Novell brings to the table.
What this tells us is that Attachmate is going to further their brand loyalty by selling Novell and attaching all of the great things that they have learned selling mainframe software.
Who would their potential customers be? Well, why not just look at Attachmate’s rolodex, I can’t think of a single Fortune 1000 client that doesn’t use their products, can you?
And for those nagging questions I had about the status of Novell’s SUSE UNIX? Apparently it isn’t going anywhere.
And for those nagging questions I had about the status of VMWare getting a hold of Novell? Well Microsoft put an end to that as well.
I think they can officially call it a dog-fight. Oracle and the likes, get ready for some serious competition from Attachmate.
Tags: aquisition, attachmate, Microsoft, netiq, Novell, Paul, Paul Bedi, SUSE, VMWare
Posted in Identity Management, linux, Novell, Novell Access Manager, Novell Identity Manager | No Comments »
Monday, November 15th, 2010
Interestingly enough I have been asked many times as to what exactly IDMWorks is and what it is that we do (and I don’t just mean the wife and kids). As such it seems time to do the quasi-annual blog sales pitch. I think most of our readers have an idea what we do and have perused the site to better inform themselves but there are some that don’t tread any farther than this here blog. So in keeping with the simplicity of blogvertising I present you IDMWorks.
Subject: Enterprise Identity & Access Management and Governance, Risk & Compliance
You may be aware of many of the issues organizations are facing today around the various challenges and aspects of Identity Management and Information Security.
At IDMWORKS we understand the problems that many of you are facing and are positioned to help. IDMWORKS is a vendor agnostic, Identity Management, Access Management, and Governance, Risk and Compliance Management Consultancy. We have consultants and engineers across the United States and North America that specialize helping clients with most aspects of Identity, Access Management, and GRC issues, including the following:
- Identity and Access Management technology evaluations and POCs
- Identity Management strategy creation, Integration and Deployment
- Identity Management / IT Security Technologies Assessment, Evaluation, and Planning
- Identity Management / IT Security Education
- Pre & Post Identity Management project Support Services
- Identity Federation
- PCI Compliance
- Governance, Risk and Compliance Management , Provisioning
- Single Sign-on and Web Access management
- Data Loss Prevention
IDMWORKS has been built upon the skills and experience of dedicated IDM professionals and specialist with a customer base that includes Government, Healthcare, Education, Financial Services, Energy, Manufacturing and Retail clients.
IDMWORKS has experience with the integration and implementation of the market leading Identity & Access Management, and GRC solutions and technologies – CA, Oracle/Sun, Novell, IBM, Aveksa, Citrix, Passlogix, and Sailpoint, to name a few – and would welcome the opportunity to discuss your IT Security needs to determine how we can help.
We would like to offer you the opportunity to take advantage of an initial Identity Management, and Compliance Assessment. The results of the assessment will include recommendations on potential solutions to address your current Identity management and GRC related issues.
For further information or to arrange an initial consultation, contact IDMWorks to discuss how we can help with a solution to address your needs.
Tags: Access Management, Compliance, Governance, GRC, Identity Management, idmworks, PCI Compliance, Risk, Role Management, Rossin, Todd, Todd Rossin
Posted in Access Management, Aveksa, Best Practices, CA, CA Identity Manager, CA SiteMinder, Citrix, Citrix Password Manager, Citrix XenApp, Cloud Computing, Enterprise Single Sign On (ESSO), Governance, GRC, Identity Management, Identity Provisioning, Novell, Novell Access Manager, Novell Identity Manager, Oracle Access Manager, Oracle Fusion Middleware, Oracle Identity Manager, Oracle Role Manager, Password Management, PCI Compliance, RBAC, Risk & Compliance, Roadmap, Role Management, SailPoint, Security & Risk, Single Sign On (SSO), SOA, SRM, Sun Identity & Access Management, Sun Identity Manager | No Comments »
Friday, November 12th, 2010
Legacy Sun Java System Identity and Access Management (IAM) customers have been calling us up often to ask about the state of the industry and their options with the Sun IAM stack moving forward. The choices are many right now but one fact remains, Sun IDM and Open SSO’s days are numbered. The products will be around for a while, years in fact, but eventually like that Saturn dealership on the corner, it will go away. Thus the grand migration is underway. As an IAM enabled company the question of where to migrate to is paramount. So let’s talk options.
Option 1) Stick with Sun As-Is
The old wait and see approach, but let’s be honest, the clock is ticking. Like a legacy application your IT staff built in their garage it won’t keep up with the rest of market and the future of IDM. There will never be a grand Cloud version of Sun IDM. What is most interesting is that there are options to move away from Sun that pretty much expire by years end.
So let’s move away from Option 1 for now and take a look at the future.
Option 2) “Migrate” to Oracle IAM (as part of Oracle Fusion Middleware)
I say migrate because with any non-Sun tool (and Oracle IAM is a much different beast) there is NO upgrade path. Oracle is attempting to woo existing Sun implementations into the fold by offering license swaps in the short term. For those looking to definitively move into Oracle IAM then this is the best bet and should be done ASAP as the swap cycle is time limited.
Option 3) Migrate to Novell IAM
Similar to Oracle, Novell is offering a swap out of the Sun software and licenses. This is a very interesting proposition. Novell is willing to give the product up for free in order to build the relationship. Basically from what the Novell Website states:
- The Sun Identity Manager swap gives you Novell Identity Manager, roles based provisioning module and enterprise integration module.
- The Sun Role Manager swap gives you Novell Access Governance Suite.
- The Sun Open SSO swap gives you Novell Access Manager.
- The Sun Directory Server EE swap gives you Novell eDirectory.
- Sun subscription customers can opt in for equivalent Novell product subscriptions and will be considered for additional incentives on a case-by-case basis.
I think this is brilliant tactic that I am surprised a few other vendors haven’t tried. To be straight, Novell has a great directory and SSO offering and is making huge strides in the Provisioning and Federation space. At a minimum for a no-cost look I might suggest talking to a Novell rep. But alas, much like Oracle, Novell’s offer is time-boxed. Come Dec.31, 2010 a statement of interest (not a purchase mind you, this simply locks in Novell’s committment in 2011 for the swap) must be signed or that coach turns back into a pumpkin.
Option 4) Migrate to CA IAM, IBM IAM, Microsoft IAM, etc. (there are many to chose from)
Choices, choices, choices. I can say that CA is making a major push in the IAM space and IBM seems to be lagging a bit but has been a big player in the past. Microsoft is also making strides to broaden their footprint in the IAM space. And there are plenty more vendors to look at. My guess is there are deals to be had even if there is no published “sale” going on.
I wouldn’t keep any pre-conceived notions about any of the vendors right now and thanks to the Oracle-Sun purchase the alternative vendors are pumping time and money into getting your business. We at IDMWorks are happy to work with you on any and all of the products in the market. We can help to dissect and divide the various offerings and help you to understand the best choice that fits into your environment.
The point is NOW is the time to take the Pepsi challenge. If you have a SUN IAM implementation you should be taking a look at the various vendors (including those not listed in Option 4) and line up a chat (or webcast, lunch-and-learn, email or phone call) with your local vendor representative because by 2011 a potential low cost update may go away.
Feel free to shoot us a note if you have questions.
Tags: CA Identity Manager, Novell Access Manager, Novell Identity Manager, Oracle Access Manager, Oracle Identity Manager, Rossin, Sun Access Manager, Sun Identity Manager, Sun Open SSO, Todd, Todd Rossin
Posted in Access Management, CA, CA Identity Manager, Identity Management, Identity Provisioning, Novell, Novell Access Manager, Novell Identity Manager, Oracle Access Manager, Oracle Fusion Middleware, Oracle Identity Manager, Sun Identity & Access Management, Sun Identity Manager | 5 Comments »
Friday, October 15th, 2010
I thought I’d talk about the two Access Manager products I am familiar with. This is not a “who’s the better product” thread, they both are excellent products. If someone asked me to pick one, I would hem and haw until they forgot they asked.
As far as the user experience goes, I don’t think any user is going to care about the difference. The ones who will have the most influence are the folks paying the bills. I tell people, I am technical, not sales, so I am not going to comment there either.
What I can do is highlight some of the technical differences. These two products both protect very well, but do it very differently. Let’s start with a little background on the products. This won’t be too deep. If you want deep, go see the company web sites.
Novell Access Manager is built around a fortress philosophy. You put an appliance in front of your sites and nobody gets through unless you allow it. Appliances can be stacked for increased workloads, all protected by a cluster of administrative servers. The database that holds all the setup and access rules is eDirectory (no surprise there) and is self contained. You do not need to use an existing eDirectory but rather one setup exclusively for Access Manager. User Stores can be just about anything; LDAP, AD, eDirectory, Databases, whatever… Administration is via a customized version of iManager, the Novell Web Manager. I can build a basic version on two servers. I combine the Identity Server and Management Console on a single box, and one additional server for the Access Gateway. The last Access Manager project I was involved in we had two Gateways in the DMZ for public access, two Gateways inside the firewall for private access and a management cluster of two servers. Our User Store was the IDM LDAP instance. Protection methods are pretty much standard, just about any piece of any web site can be protected if you choose. Federation is supported… well, you get the picture. It protects your web resources well.
CA SiteMinder uses a distributed protection method. Agents do the guarding, controlled by policy servers, that talk to external databases. The key difference here is, you are protecting the resources at the source. The Agents install on the Web/Application Servers. SiteMinder does not bring along any data storage. You have a number of “Stores” involved. Policy Store, User Store, Admin User Store, Token Store, Certificate Store… (did I forget any?) These can be a number of different database types. LDAP and SQL are the most recognizable. Most of the common SQL servers are supported. I cannot claim to have worked with all types of web servers, but I have yet to find one that does not support a SiteMinder Agent. One point I might add, when choosing an agent, pay attention to the Web Server build (32 vs 64 bit) not the OS build. I did have one site that was running 32 bit Apache on 64 bit Solaris and, oops, installed the wrong agent 
With SiteMinder R12 you also have an AdminUI server that requires an App server. It comes with JBOSS, and I typically will install it on the Policy Servers. They play real well together.
This was not intended to be a feature by feature comparison. I won’t tell you which product is right for you. Only you can decide that. I will put in a shameless plug for IDMWorks, we can help you decide, analyze your needs, examine how your business works, and help you decide the best way to protect your web assets.
Tags: CA SiteMinder, ca siteminder novell access manager, Novell Access Manager
Posted in Access Management, CA, CA SiteMinder, Novell, Novell Access Manager, Single Sign On (SSO) | No Comments »
Saturday, October 9th, 2010
Last week Oracle announced they had purchased Passlogix (best known for the V-GO ESSO application) and this got me thinking about the changes in the last 10 years in the Identity Industry.
A decade ago you had start-ups galore. Business Layers (eProvisioning), Netegrity (SiteMinder), Access360, Thor (Xellerate), Waveset, Oblix, Trulogica, M-Tech and Courion, too name a few, almost all of which were acquired.
Business Layers got acquired by Netegrity who got subsequently acquired by CA. Access360 got acquired by IBM as part of the Tivoli Identity Manager product. Thor got acquired by Oracle, Waveset by Sun and subsequently Oracle, Oblix by Oracle as well (I am sensing a trend here by the way). Trulogica got acquired by HP where it saw its demise. M-Tech became Hitachi and Courion bucked the trend and stayed Courion. Even the smaller space tools like Maxware got picked up by SAP. In fact, up until the last few years, we have remained in the land of the Big Company Identity Stack.
So how did we get there?
Back in the day IDM was slowly being looked at as the next wave in Risk and security. The issue at the time was that the products were very green and lacked the technical maturity to make implementation a worthwhile process. Sure, the low hanging fruit of automagically creating an Active Directory or Netware account was a breeze but the implementation around single sign-on, strategic workflows and approval/escalation to a host of applications was not a smooth process. In fact in the early 2000s the process involved prior to the technology was still being ironed out. Many of the projects we worked on required a high level of customization and as a result the time to implement took in some cases years to complete. During these multi-year engagements a good number of projects failed to get off the ground or changed scope so many times that in the end the effort was deemed a failure or not what is was originally sold as.
Eventually sanity won out and most organizations realized that Web Access Management, Provisioning and further more Federation and Role Management were separate sides of the Identity Management box. Instead of one large “Big Bang” a step by step approach gained traction as a method to actual success. Many of the larger organizations even split Access Management and Identity Management into strongly separate buckets with their own teams and infrastructure. Gone are the days where Access Manager and Identity Manager are viewed as the same application. Today the products are treated as interconnected but individual pieces complimenting each other even when they fall into the same stack. This can be seen in the job reqs that many organizations release when looking for a technical resource. 5 years back recruiters were still looking for the Jack-of-All trades Engineer/Developer/Architect/PM that knew the SSO, Provisioning, Federation, Role Management and Password Management tools from the 4 different vendors (my personal favorite being when the recruiter would then say a “junior” resource for said position was OK as a method to justify the sub-par rate, as if such a “junior” person existed with that level of knowledge).
The big company buy-up of the old Venture Capital backed firms yielded a greater maturity in the market and a fierce rivalry in the market place. In fact the biggest players are now Oracle, IBM, CA, Novell, and to a lesser extent BMC and a hard charging Microsoft. What is interesting though is as of a few years back the next generation of VC based IAM start-ups popped up and we are seeing history repeat itself with the next wave of industry consolidation.
For instance, take a look at the Role Management and Identity Governance market place.
Bridgestream Roles and Vaau RBACx got scooped up by Oracle and Sun and subsequently Vaau won the application war as Oracle’s preferred Role application (under the unfortunately named Identity Analytics banner).
Aveksa and Sailpoint popped up to not only compete in the same space but to offer superior products to manage compliance with HIPAA, SarBox and the like moving beyond solely role management into the governance and compliance management space.
Eventually, as is the case in the IAM space one, one or both companies are likely to be acquired. Where they will land is open to conjecture but like all Venture Capital based opportunities you are either a resounding success in the sales game or you are a cheap acquisition target. I have my own guesses as to what comes next for both companies but alas that is a topic for another blog entry.
As for the announcement of Passlogix being acquired, Oracle has a strong set of tools in the space covering all facets of Identity and Access Management. They are truly becoming the Walmart of the Identity World.
Tags: Aveksa, Federation, Governance, GRC, IAM, Identity, Identity Manager, IDM, Password Management, Rossin, SailPoint, Todd, Todd Rossin
Posted in Access Management, Aveksa, Enterprise Single Sign On (ESSO), Governance, GRC, Identity Management, Identity Provisioning, Novell, Password Management, RBAC, Role Management, SailPoint, Security & Risk, Sun Identity & Access Management, Vaau | 1 Comment »
