what's new in novell identity manager 4.0
DESCRIPTION
This session will go into detail about the major features in Novell Identity Manager 4.0. It will give you the opportunity to get involved in a detailed discussion on the major new features in Identity Manager with the product management team. Hear more on the latest enhancements including role mapping administrator, advanced reporting capabilities, details of the embedded/preconfigured identity vault, single sign-on, resource model, REST services for custom user interface development, and much more. You will walk away with a solid understanding of the functionalities and business benefits provided by the new features.Speaker: Bob Bentley Product ManagerNovell, Inc.Kamal Narayan Product ManagerNovell, Inc.TRANSCRIPT
What's New in Novell® Identity Manager 4
© Novell, Inc. All rights reserved.2
Presenters
Bob Bentley
Product Line Lead
Kamal Narayan
Product Manager
Yogesh Rao
Product Manager
© Novell, Inc. All rights reserved.3
Agenda
• Introduction
• Major New Features in IDM4
• Architectural Enhancements
• New Integration Modules and Tools
• Product Editions
• Summary/Question and Answers
Novell® Identity Manager 4Brief Introduction
© Novell, Inc. All rights reserved.5
Novell® Identity Manager
Enable your organization to be more open and agile without limiting security, control or compliance.
Integrate, automate, and secure access to information for customers, partners, and employees.
Maintain clear visibility of people, actions, and compliance, past and present.
The result: Simplify and secure the enterprise while controlling costs and meeting regulatory demands.
© Novell, Inc. All rights reserved.6
Your Identity Challenges
• Provisioning new users - Users wait up to 3 weeks for activated accounts
• Managing users - Help desk costs $25-40 per call for password resets, with 25-35% of calls related to password resets
• IT dependence – Lost efficiency because of dependency upon scarce IT resources for user access needs
• De-provisioning users - 30-60% of existing accounts are invalid• Deploying new initiatives - Up to 30% of development time is for
controlling access to applications and data• Reconciling user data - 100+ user data sources at typical firm
provide out-of-sync and untrustworthy identity data• Protecting trust - Many new privacy and regulatory requirements
around the world• Achieving compliance – Up to 25% of IT budget is consumed to
support compliance
© Novell, Inc. All rights reserved.7
How Does Novell® Identity Manager Help?Security• Revoke system access in minutes, not
days
• Manage all password policies centrally
• People get access to only what they need based on business roles
• Eliminate siloed and duplicative systems
Compliance• Clear visibility into who has access to
what, when and how they got it, and who approved it
• Historical/forensic review of access
• Insightful risk metrics illuminate compliance conflicts
• Easy policy updates to stay current
• Instant documentation for auditors
Cost• Reduce your help desk costs by 40%
• Automate manual processes and work-flows
• Extend the value of legacy applications
• Simplified implementation and administration
• End vendor lock-in and high switching costs
Agility• Integrate new businesses in days, not
months
• Hire a new employee and have all their systems ready automatically on their start date
• Empower users with provisioning control
• Have business decisions drive IT and not the other way round
© Novell, Inc. All rights reserved.8
Identity Manager in Operation
Promotion
Forgot Password
Password Expires
x?
New Project
Move Locations
Employee,Customer,Partner,Volunteer
RelationshipBegins
Auditor,Security Lead
Manager,Resource Owner
PROVISION ROLE-BASED USERADMINISTRATION
REQUEST ANDAPPROVAL
PASSWORDMANAGEMENT
RelationshipEnds
PASSWORDMANAGEMENT
REPORT ANDMONITOR
© Novell, Inc. All rights reserved.9
Industry's Best Partners
Nearly 7000 Customers
Awards andAccolades
Novell® Identity Manager 4Major New Features
© Novell, Inc. All rights reserved.11
Identity Manager Architecture Logical View
ApplicationsDirectories
OS and File Systems
DatabasesTelephone and Building Access
Help DeskCloud and SaaS
Credentialing
Real-time Data Integrity
RBAC Model
Work-flow System
Identity Vault
White Pages/ Self-Service/ Pwd Mgmt
Business Resource Request
Role-based User Mgmt/ Deleg Admin
Approval Work-flow
Key Functional Capabilities
Mobile WebtopYour Portal/
Web Services/ Custom
Business Managers
CISO Compliance/ Auditor
Employees
Major Components
Connectors
Customers/ Partners/
Contractors
Advanced Reporting
and Metrics
Historical Reporting
Warehouse
Developers and Consultants
Role and Policy
Mapping
Compliance Content
Open APIs Deployment and Mgmt
Tools
© Novell, Inc. All rights reserved.12
Advanced Reporting and Metrics
• Insightful reports– Variety of out-of-the-box report templates– Reporting on present and past states,
plus activity over time– Spans both the Identity Vault and connected systems– Ready report customization through open report
template standards
• Robust automation– Visual report scheduling – one time or recurring– Policy-based data collection and storage– Automatic report distribution to critical stakeholders
and storage of completed reports
• Powerful compliance support– Current and forensic review of identity and user
provisioning related data
Meaningful insight into how your organization's mission critical user provisioning is operating, and the ability to prove compliance.
© Novell, Inc. All rights reserved.13
Advanced Reporting and MetricsOverview Dashboard
[screen shots]
© Novell, Inc. All rights reserved.14
Advanced Reporting and MetricsDefining a Report to Run
[screen shots]
© Novell, Inc. All rights reserved.15
Advanced Reporting and MetricsRepository of Defined and/or Scheduled Reports
[screen shots]
© Novell, Inc. All rights reserved.16
Advanced Reporting and MetricsManaging the Report Scheduler
[screen shots]
© Novell, Inc. All rights reserved.17
Advanced Reporting and MetricsSample Completed Report
[screen shots]
© Novell, Inc. All rights reserved.18
Policy Mapping and Integration
• Role Mapping Administrator– Automatically discovers authorizations that can be
granted within your major IT systems– Allows business users (not just consultants, IT staff or
developers) to define and maintain which authorizations are associated with business roles
– Result: associated authorizations are automatically provisioned to business role members
• Breakthrough innovation in how your identity system is “programmed”
– Visual, drag and drop, business-user-friendly tool– Order-of-magnitude reduction in time, effort, cost– Applies to both initial setup and ongoing maintenance
of policy to keep it business-relevant
• Sustainable access compliance – Works between Novell® IDM, SAP, SharePoint, etc.
Letting business users Intelligently connect the policy dots between the major IT systems your organization depends on.
© Novell, Inc. All rights reserved.19
Role Mapping Administrator
Enterprise RolesExamples:• Regional Sales Mgr• ICU Nurse
Authorizations
Items that can be granted to users (accounts, roles, transactions, group memberships, etc.)
Examples:• Run sales pipeline report• Access to drug dispensing system
RMA Puts it all on One Screen• Shows all Enterprise Roles configured in
Novell® IDM• Discovers and retrieves all Authorizations
in the connected systemBusiness Analyst• Drags Authorizations on to Roles—
associating the Authorization with the RoleNovell IDM• Automatically provisions the people in the
Role with the Authorization• Keeps it updated as role membership
changes or as Role/Authorization associations change
... Novell Identity Manager
© Novell, Inc. All rights reserved.20
Role Mapping Administrator
© Novell, Inc. All rights reserved.21
Role Mapping Administrator
© Novell, Inc. All rights reserved.22
Ready for Cloud Computing
• Uniquely ready for the challenges of the Cloud Computing
– Cloud-ready architecture makes the location of resources transparent—on-site, hosted, or both
– User organizations enjoy the same security, management capabilities and predictability whether inside the organization or out in the cloud
• Seamless integration with SaaS and hosted solutions
– User provisioning/de-provisioning, request/approval processes, password changes, identity profile updates, reporting, etc.
• Powerful tools make the hosted business model transparent, scalable and efficient
– SaaS application support with scalability and high availability to ensure compliant SaaS processes
Ensuring your organization is ready for—and taking full advantage of—cutting edge IT trends.
© Novell, Inc. All rights reserved.23
Intelligent Content Control
Allows customization of IDM to your environment without getting painted into a corner
• Protects your configuration IP and simplifies troubleshooting
– Leverages and protects your tremendous investments in policies, work-flow definitions, and other configuration
– Alerts you when you're changing something that is used in multiple places and could have unintended effects
– 'Factory Mode' temporarily overrides any changes made and/or allows return to clean slate
• Enables content libraries– Capture, archive, share, reuse good policy elements– Integrators can create their unique 'canonical' approach
• Future: Out-of-the-box Business Relevance via Compliance Content Packs from Novell®
– Addressing key compliance needs aligning to regulations such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II, FERC/NERC, etc.
© Novell, Inc. All rights reserved.24
Improved User Experience
Providing controls in the hands of users to enhance productivity
• Work Dashboard– A single consolidated view bringing together upcoming
tasks, resource and role assignment, status of outstanding requests, etc.
– “Much less clicking”
• Resource Model and Assignments Dashboard– A clear, easily understood view of who currently has
access to what– Eliminates the “tech speak gap” for ordinary users who
need to make decisions about who should get what
• Built in SSO Support– Out-of-the-box integration with AD/Kerberos ticket
systems, SAML assertions, and SAP Logon ticket systems
– Eliminates the need for an external SSO tool when accessing IDM
© Novell, Inc. All rights reserved.25
New Work Dashboard
Novell® Identity Manager 4New Architectural Features
© Novell, Inc. All rights reserved.27
Technical Advancements
• Unified installation– Streamlined installation covers all components– Preconfiguration with best-practice “content” from
Novell® and their 13+years' experience in the business– Optional virtual machine image deployment
• Embedded IDV option– Silent and invisible identity vault– A dedicated purpose identity store– Managed with application specific tools
(vs. going into iManager and managing Novell® eDirectory™ attributes manually)
• Coming: Driver fan-out and high availability– Manage 1000's of similar target systems via one driver
(ex: Oracle DB's, AD instances, AS/400 systems)– True software-based driver failover
Many “Under the Hood” Enhancements to make your IDM even more powerful
© Novell, Inc. All rights reserved.28
Development Platform
• True identity services architecture– Modular, accessible functions
• Easily consumed into your environment (“mashup”)
– Your company portal
– Custom or mobile application
– Help desk or other business processes
• Over 100 standards-based identity services
– REST, SOAP, LDAP, JDBC, etc.
– Management and end-user actions
Easily consume, manage and interact with identity management functions however you need to.
Novell® Identity Manager 4New Integration Modules and Tools
© Novell, Inc. All rights reserved.30
New and Updated Drivers
• Microsoft SharePoint– Fine-grained integration with this
popular collaboration environment
• Salesforce.com– Seamless SaaS integration
• SOAP/SPML– Updated for easier SOAP endpoint integration
– Supports latest version of SPML
• eDirectory-to-eDirectory Driver– Eliminates the need for each instance of
Novell® eDirectory™ to have its own IDM engine
– Simplifies licensing and management
– Uniform challenge/response sets for passwords
• Oracle and SAP– Easier to discern and buy
– Oracle drivers enhanced
Ongoing improvements in connectivity to keep your IDM system most relevant
© Novell, Inc. All rights reserved.31
Industry-leading Deployment Tools
• Designer– Model, deploy and document identity policies– Explore “what if” scenarios– Version control, save/archive and reuse efforts– Up to 50% less cost in deployment
• Analyzer– Evaluate, cleanse and prepare identity data within
systems to be managed– Up to 80% less time and effort in
manual-intensive prep work
Bringing the “industrial revolution” to the highly manual, expensive process of rolling out identity management.
© Novell, Inc. All rights reserved.32
Novell® Analyzer
Data Browsing
Data Analysis
Automation to help you analyze, cleanse and prepare identity data for management
Novell® Identity Manager 4Product Editions and Planned Availability
© Novell, Inc. All rights reserved.34
Novell® Identity Manager 4 Product Family
Merisa
Dorado
Capricorn
© Novell, Inc. All rights reserved.35
• IDM 4 “Capricorn”– The The traditional way Novell® Identity Manager has
been offered to customers– Designed for organizations who want to selectively
choose which components best fit their needs• IDM 4 “Dorado”
– A new, comprehensive packaging of pre-integrated solution components
– Additional market leading capabilities not available in any other offering (Novell or competition)
– Designed for organizations looking for a single offering that includes everything needed for state-of-the-art user provisioning and identity management
IDM 4 “Capricorn” vs “Dorado”
© Novell, Inc. All rights reserved.36
IDM 4 “Capricorn” vs “Dorado”
• IDM 4 “Capricorn” is comparable to IDM 3.6 today– Updated user application (not including RBPM functionality)– Will include a few basic reports– Streamlined install with Embedded IDV option– The designated next version for IDM 3.6 customers
• IDM 4 “Dorado” (items not included in “Capricorn”)– Includes all “Capricorn” + RBPM capabilities– Includes Advanced ID Data Warehouse/Reporting– Includes Role Mapping Administrator– Includes additional drivers (Salesforce, SharePoint)– Includes Analyzer– Is “content-ready”– Offers the full API set (REST and SOAP interfaces)
© Novell, Inc. All rights reserved.37
IDM 4 “Capricorn” vs “Dorado”
OptionallyEmbedded IDV
IDM Policy Engine
User Application
BasicDrivers
AdvDrivers
Approval WF and Role-based Provisioning
Advanced Reporting Suite
Role Mapping Administrator
Content Pack Readiness
Extensive REST/SOAPAPIs
IDM 4 “Dorado”
Analyzer tool
OptionallyEmbedded IDV
IDM Policy Engine
User Application
BasicDrivers
Basic Reports
IDM 4 “Capricorn”
© Novell, Inc. All rights reserved.38
Planned Release Schedule
• Beta test Spring 2010
• IDM 4 “Dorado” will be available in Summer 2010
• IDM 4 “Capricorn” will be available approximately 1Q later
• Driver high availability/fan-out capability will be available later in the year
© Novell, Inc. All rights reserved.39
www.novell.com/identitymanager
Questions?
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.