Академический Документы
Профессиональный Документы
Культура Документы
2 Agenda
Hitachi ID corporate overview.
Hitachi ID Suite overview.
Password problems and Hitachi ID Password Manager benefits.
The HiPM solution.
Software demonstration.
4 Representative Customers
5 Hitachi ID Suite
6 PM Differentiators
Hitachi ID Others
Password Manager
Built-in
Functionality:
Password synchronization Password reset.
Password and PIN reset.
HDD crypto key recovery.
Enterprise single sign-on.
Manage tokens, smart cards.
Update locally cached
passwords.
Always available:
PC web browser, smart phone. PC web browser.
PC login screen. PC login screen.
Phone call. Only at work.
At work and off-site
Integrations:
110+ target types. Typically 1 to 10 connectors.
10+ ITSM ("ticketing") No ticketing integration.
systems.
Scalability:
Multi-master, active-active, Single server, single location.
replicated. Hope users enroll after a big
Load balanced, geographically mail blast.
distributed.
Automatically discover users,
manage enrollment.
End users: Lose productivity when they have trouble logging in.
Support analysts: Spend much of their time resolving password problem calls. Must be
staffed for peak volume after holidays.
System administrators: Resolve escalated password problems.
Policy: Users prefer easily guessed passwords, write and share passwords.
Authentication: Weak caller authentication prior to HD password resets.
Delegation: Support staff require too many administrative logins.
Accountability: For support staff who perform resets.
Encryption: Passwords should not be sent or stored in the clear.
Policy: Hitachi ID Password Manager can enforce over 50 password rules, on every
system.
Synchronization: No need to write down multiple passwords.
Authentication: Users are identified before being allowed a HD password reset.
Delegation: Support staff no longer require administrative credentials.
Accountability: All password-related events logged.
Encryption: Sensitive data is sent and stored encrypted.
Unlock Encrypted
HDD
15 Included Connectors
Many integrations to target systems included in the base price:
17 Multi-Master Architecture
ord ,
sw nix
as , U 0, d,
ep
tiv nge AD S/39 P, o ste
a
N ha O DA 0 -h s
c L S 40 ud app
A ch
s y n ms
Clo aaS
ord yste
S
w
ss r s
Pa igge
pw tr
ate ith
Va
lid s w 90,
s tem OS/3
y : SA s
t s nt ce
ge ge r R rvi
ad cer Tar cal a , olde b se
Lo alan o
l nix e
b W h L,
Hitachi ID u wit SQ
server t ems : AD,
ys n t
se y t s ge etc
ver rox ge e a es,
Re eb p SQL Tar mot Not
w DB re AP,
S
N
VP erver n
s ad cer tio
Lo alan s ca B
pli
b tion ons SQL
ca ati
DB Re
nter
tifi vit e
IVR erver No nd in
t ac
Da
s a Hitachi ID
ts
ke server
Tic
ter
m
ste ord all
Sy f rec
ail
E-mystem
o Fir
ew
c en
t
ge ms ta
s
nt ste
m all Tar yste da
ide sy ew S te
mo
TCP/IP + AES Fir
Inc gmt
Various Protocols m
HR rA erv
er Re
nte y s ded)
Secure Native Protocol
ce x
Pro f nee
ta (i
Da
HTTPS
Active/active architecture.
Data replication between nodes:
Built-in, easy to configure.
WAN-friendly (high latency, low bandwidth, insecure channels).
Reliable (multiple retry queues).
Proxy servers resolve connection problems:
Across firewalls.
Over slow, insecure network routes.
Large production deployments:
5M users.
130,000 managed systems.
12 load balanced IAM servers.
10,000 completed transactions/hour.
19 Password Synchronization
Problem Solution
Users have too many passwords: Password synchronization pushes
password updates from one system to
On different systems, another:
with different policies,
expiring at different times. Multiple physical passwords.
Complexity leads users to do bad things: Same value everywhere.
Password synchronization allows users to:
Write down passwords ("sticky
notes"). Remember a single password value.
Forget/lock out passwords and call Manage it on a single schedule.
the help desk. Comply with a single password
Reuse old passwords. policy.
h
nc
d Sy ems
ord or yst
ssw ssw r S
a Pa rigge
User ep T
tiv e
Na hang e
c S uit
nt
me
a ge
ch
. an ms t:
syn ssM yste gen RSA
rt c e t S l a x,
Sta Ac ge ca ni
ID Tar ith lo 90, U
hi and w S/3
ac t y
Hit enti O s t
r em gen
ad ce Id yst te a
Lo alan t S o
B ge em
Tar ith r
w
TCP/IP + AES
Secure Native Protocol
User
ite
Su
nt
We
b
eme
g
na
b Ma s
em nt: A
We ss yst age , RS
ce S
ID nd Ac t
ge ca ni
l x
hi Tar ith lo 90, U
it ac tity a w S/ 3
H en O s t
Id em gen
Syst te a
t o
ge em
ad ce
r Tar ith r
Lo alan w
B
TCP/IP + AES
Secure Native Protocol
29 GINA Extensions
Support locked out users without a "generic" domain account:
Extend the Windows Graphical Identification and Authentication (GINA) subsystem, which:
Altiris
Assyst
BMC Remedy
SDE
Footprints
CA Unicenter
Clarify
HEAT
HP Service Desk
ServiceNow
Tivoli
Track-It!
Extensible via SMTP, HTTP(S), XML, ODBC.
calls
problems
46 Technology Advantages
A user attaches non-standard login A locked out user resolves his own
IDs to his profile. problem, from the login prompt,
Password expiration: using a Windows Vista credential
provider.
A user is invited, via e-mail, to Assisted password reset:
change soon-to-expire passwords.
Self-service password reset (SSPR) A help desk analyst signs in with an
using Secure Kiosk Account: RSA SecurID token and resets a
callers password.
A locked out user resolves his own PIN Reset for an RSA SecurID token:
problem, from the login prompt,
without client software deployment. A user resets his RSA SecurID
token PIN with HiPM.
Animation: ../../pics/camtasia/v9/hipm-pw-reset-vista-nb/hipm-pw-reset-vista-nb.mp4
Animation: ../../pics/camtasia/v8/hipm-pw-reset-gina/hipm-pw-reset-gina.cam
Animation: ../../pics/camtasia/v8/hipm-pw-reset-ska/hipm-pw-reset-ska.cam
Animation: ../../pics/camtasia/v9/hipm-qa-enrollment/hipm-qa-enrollment.mp4
Animation: ../../pics/camtasia/v82/hipm-alias-enrollment/hipm-alias-enrollment.cam
Animation: ../../pics/camtasia/v82/hipm-rsa-token-reset/hipm-rsa-token-reset.cam
Animation: ../../pics/camtasia/v9/hipm-pw-expired-email/hipm-pw-expired-email.mp4
Animation: ../../pics/camtasia/v9/hipm-assisted-pw-reset/hipm-assisted-pw-reset.mp4
59 Summary
An integrated solution for managing credentials:
Immediate security benefit: password policy, help desk caller authentication.
Low deployment cost, minimal ongoing investment, significant IT support savings.
Always accessible:
Web browser on PC, phone or tablet.
Windows login prompt.
Pre-boot encryption password prompt.
Phone call / IVR.
Available at work and while off-site.
110+ connectors included.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com