Where Novell/Net IQ fit in the Standards Based IDM Market

Where Novell/Net IQ fit in the Standards Based IDM Market

IDMWORKS is a vendor neutral Identity & Access Management Service provider.  On our blog we highlight individual companies and products quite often.  Today we will be highlighting the Novell/Net IQ IAM stack.

When implementing an identity management solution it is typically in the best interest of a company to pursue a solution that adheres to industry standards.  Before we go any further it warrants pointing out that no solution is completely open and exclusively standards based. Every company has something in their product that makes them unique and hence worth purchasing.  But when you can implement a solution that is primarily based on standards such as LDAP, SAML or other industry accepted standards it gives your organization much greater flexibility in choosing a best-in-class point technology solution as part of the overall identity solution.

The base of the Novell/Net IQ identity management solution is the identity vault (IDV).  This is the hub in the hub-and-spoke solution that forms the basis for most implementations.  Choosing an identity repository is critical to the overall solution of the implementation.  The IDV should be fast, scalable and support the most common protocols such as LDAP and RADIUS.  The identity vault has the ability to be implemented on multiple platforms as organizations change over time and what is the preferred server platform today may not be the preferred platform tomorrow.  While it is not truly part of the standards argument, an identity vault that can operate of different platforms reduces risks when migrating the data center from one server platform to another and gives an organization much more flexibility in choosing the server platform that works best for their organization.

When you implement an identity management system you will be connecting to various systems and applications throughout your organization.  You should ask yourself  the following:

  • How easy or difficult is it to connect to various systems?
  • How many connectors does the identity management product come with?
  • What is the development effort for connecting to a system?
  • Is there an available community of expertise for supporting the identity management product?

These are all critical questions that must be answered as they have direct impact on the costs of implementing and supporting your identity management infrastructure.  By selecting a product that comes with a wide variety of pre-built connectors you greatly decrease your implementation expense and also decrease the risks of implementation issues as you are using a product that has been developed and tested in other environments and has a track record and a support channel behind it.  Also by using a product that adheres to industry standards such as XML, Java and even SQL you widen your pool for selecting professionals that can implement and support your solution.

Password Mangement

One of the greatest issues faced by help desk and IT organizations around the world today is password management and synchronization.  Your identity management solution should help address the chaos that is password policies.  Your solution should synchronize passwords throughout the connected systems or provide a mechanism for managing the access to those systems.  The solution should also provide a way for users to manage and reset their own passwords without help desk intervention.  Lastly, the solution should offer extensibility for password management so that future technologies can be integrated into the identity management solution without compromising the integrity of the authentication and authorization process as proper implementation of a password management solution will decrease the burden on your help desk and overall IT organization.

Workflow

An important component is many identity management solutions today is the ability to initiate and execute workflow requests.  Gone are the days where paper forms are shuffled through the mail room to grant access to critical systems.  Shuffling the same forms through email provided some improvement to the process but lacked the audit trail and accountability that is necessary for efficient business functionality.  These processes are now managed through the workflow engine and interface.  But when selecting that engine what are you getting?  Does the product lock you into it’s own interface or do you have the flexibility to integrate it with your other enterprise applications?  Does the product support web services and REST calls?  What features are available to these calls?  Choosing the correct solution can greatly increase the flexibility of your organization when it comes to implementing a workflow solution that makes your business dynamic and able to quickly react to the changing requirements that you are faced with daily.

Interoperability

Finally when evaluating an identity management product you must look at how well that product integrates with other components of an identity management solution.  You must consider authentication and authorization services.  No single product provides all of the needed or desired functionality so you are going to be looking at a suite of products.  Does the access management product support SAML?  How well will it integrate with the newly emerging Attribute Based Access Control (ABAC) and XACML (Extensible Access Control Markup Language) technologies?  And of course you must always be concerned with auditing and logging to meet compliance requirements.

While there are some vendors who offer many if not most of the components that make up a comprehensive identity management solution there are few, if any that offer all of the components.  This is where adhering to standards becomes such a critical issue.  By selecting components that adhere to industry standards it allows you to select best in class technology for each individual implementation point of your identity management solution with the confidence that it will work well as a part of your overall strategy.
 

Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS