|
| Novell Account Management 3 |
|
| Evaluation Guide |
|
|
||||||
|
||||||
|
||||||
|
||||||
|
 |
Make Server Platforms Work Together As One Net |  |
 |
|
|||
|
|
|
|
| Novell® Account Management 3 is a cross-platform access-management product that enables many server platforms to work together reliably, as one Net. With Novell Account Management, you can manage user accounts, passwords and authentication for all of your server platforms from a single point of administration. Novell Account Management distributes any changes you make to account information to every server on your network-instantaneously. Novell Account Management 3 has been enhanced with several new features, such as a Web-browser-based console, native script support, authentication redirection, account management for both users and groups and centralized administration. Novell Account Management 3 supports more platforms than previous versions, and supports password synchronization for all platforms. Novell Account Management 3 integrates with Novell eDirectory™ and DirXML®, a bi-directional data-sharing service, to centralize management and to automatically manage data, information and business processes throughout the network. |
|||
|
|||
|
Quick Profile | |
|
|
|||
|
|
|
|
| Product: Novell Account Management 3 Announce Date: July 12, 2002 Date Available: July 29, 2002 Key Benefits: Provides secure, centralized management of multiple server platforms. Enables simplified password administration. Provides centralized account management via Novell eDirectory as well as password synchronization and authentication redirection for all key operating systems. Pricing: $18 per platform set (Windows*, UNIX*, Mainframe). Total cost is $54. Licensing: Per user represented in Novell eDirectory Availability: Novell Authorized ResellersSM Novell Web Site: For Additional Information: |
|||
|
|||
|
Installation Requirements | |
|
|
|||
|
|
|
|
Server Requirements Novell Account Management 3 works with Novell eDirectory 8.62 or later running on any of the following platforms:
Note: FreeBSD does not support a full Pluggable Authentication Module (PAM) implementation. If and when additional PAM support is included, Novell Account Management will work with it.
Note: Only the AS Client API is supported.
Workstation Requirements Novell Account Management 3 runs on workstations that meet the following requirements:
|
|||
|
|||
|
Product Overview | |
|
||||||
|
|||||||||
|
|
|
|
||||||
Using Novell Account Management, you can manage and synchronize user accounts across your NetWare, Windows, UNIX, mid-range and mainframe server platforms. Novell Account Management includes a copy of Novell eDirectory and the DirXML engine for every seat purchased. Novell eDirectory serves as the repository for account information about individual users, including their names, passwords and roles within the organization. For example, a user’s account would likely include his department name and role, such as Human Resources and technician, respectively. Novell Account Management serves as the mechanism for managing the rules and policies around how data is shared and transformed among the various systems. For example, when a user’s role is changed in one security system, Novell Account Management automates updates to the information stored in all of the other systems throughout your network. You can easily make changes in your computing environment, such as adding a user or group, updating user accounts and changing security policies-without causing disruptions. Novell Account Management enables you to do the following:
Protect and manage user and group accounts on multiple server platforms Security policies established for some server platforms are not always recognized by other platforms within the network. This lack of recognition can leave some of your servers-and your entire network-vulnerable to attack. Novell Account Management protects your network by providing a way to centrally manage user accounts, passwords and authentication credentials across all of your diverse platforms. Whenever this information changes-for example, when an employee is transferred-Novell Account Management automatically updates the security systems of every network server. And while security may natively vary from server to server, you can use Novell Account Management to enforce consistent security policies across your network. Novell Account Management automatically redirects user authentication requests to Novell eDirectory-a powerful cross-platform directory service-while still maintaining user accounts on each individual server. Redirection technology inherent in Novell Account Management ensures maximum reliability in the event of server problems. Novell Account Management also enables you to leverage your existing network infrastructure: you will save money by avoiding costly and unnecessary upgrades. Novell Account Management also provides password synchronization between the various security systems. This feature simplifies password changes on multiple server platforms by allowing password changes to be made from any of the native end-user or administrative interfaces. Password synchronization also ensures a high-level of fault tolerance in case a connection is lost between a server and the central directory service. Novell Account Management can be installed quickly and non-intrusively on any platform-based identity management solution. Specifically, Novell Account Management 3 provides support for security systems that run on the following network platforms:
Centrally manage user and group accounts With Novell Account Management you can centrally manage user and group accounts through a single directory. By using a single directory, you will have tighter control over user access, and you can effectively safeguard the network against intruders. Novell Account Management distributes any changes you make to account information to every server on your network-instantaneously. With Novell Account Management, the tedious tasks of account creation, account cleanup and account modification (when employees or business partners change roles) are automated. This automation saves time and reduces the opportunity for human error. For fault-tolerance purposes, Novell Account Management includes a journaling feature that logs a complete record of all account-information changes. If network or server failure occurs, the journaling feature will ensure that organizational changes are not lost before they are processed on all servers. The ability to instantly modify or remove user accounts across multiple platforms fortifies network security. If an employee is terminated, you can immediately turn off his or her access to all of your server platforms. Security methods may also vary from system to system, which can result in weak links within your network. With Novell Account Management, however, you can easily create a common set of security or access policies for each user in Novell eDirectory. This process simply requires you to redirect or synchronize the authentication mechanisms of the various platform security systems to the account managed in Novell eDirectory. Novell Account Management uses the DirXML engine to automate user account management, from adding and deleting users to modifying accounts as departments or roles change. Novell Account Management can be selectively implemented so security administrators can gradually increase the number of employees being automatically managed as they become more comfortable with the system. Legacy user accounts can remain manually managed, but the employee can still have a single enterprise-wide password.
Simplify password administration With Novell Account Management, you can provide your users with a single username and password to access all of the server platforms on your network. Because users only need to remember one password, they are less likely to write down their passwords, thereby increasing your network security. Administrators can establish and enforce policies for more complex, secure passwords, based on criteria such as length, combinations of letters and numbers and upper and lower case. Administrators can also require users to change their passwords more frequently. For administrators, being able to provide users with a single username and password eliminates many redundant tasks and simplifies the provisioning process. For example, to give a user access to all of the servers on a mixed-platform network, an administrator would traditionally have to create accounts for that user on each individual platform. With Novell Account Management, administrators only have to manage one account for each user. Administrators can also easily create security policies that are instantly applied and uniformly enforced throughout the network. Provide users with appropriate access Through its integration with Novell eDirectory, Novell Account Management enables you to provide users with access to the network resources you want them to have, based on their usernames, passwords and company roles. This enables you to secure your network by preventing users from accessing confidential information. Novell Account Management utilizes Novell eDirectory authentication features such as intruder detection. These features are incorporated into all servers in a process called authentication redirection. Authentication redirection enables employees to log in to mainframes and UNIX/Linux servers as well as applications running on these servers, using their unique Novell eDirectory userid and password. Novell Account Management also uses password replication to extend this feature to Windows NT4 and Active Directory systems. If a security breach is suspected or if an employee is terminated, all access to servers and applications can be turned off immediately by disabling the user account in Novell eDirectory. Employees also need user accounts on servers and in applications. Until now, creating and managing these user accounts has been a labor-intensive and often error-prone task. Novell Account Management brings the power of an enterprise-wide LDAP directory to all server platforms. Using Novell eDirectory as the central repository or “clearinghouse” for information about all enterprise users, Novell Account Management distributes User and Group attribute information to all managed servers. Novell Account Management enables you to create, delete, or modify user and group accounts on mainframes, UNIX servers and Windows NT4 and Active Directory systems. |
|||||||||
|
|||||||||
|
Who Uses Novell Account Management | |
|
|
|||
|
|
|
|
Novell Account Management is ideal for medium to large businesses that manage user accounts on more than one operating system. It offers these businesses a single point of administration for network resources, including Novell eDirectory objects, schema, partitions and replicas. It also enables businesses to grant user access across multiple systems and to deploy software faster. Because of these features, Novell Account Management is well suited for the Enterprise Commerce Management (ECM) industry, including Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), Supply-Chain Management (SCM), Product Lifestyle Management (PLM) and Business to Business (B2B). |
|||
|
|||
|
Features And Benefits | |
|
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
|
|
|
|
|||||||||||||||||||||||||||||||||
Novell Account Management provides consistent protection so your server platforms can work together reliably, as one Net. Novell Account Management allows you to manage and synchronize user accounts or identities across your NetWare, Windows, UNIX, mid-range and mainframe server platforms. With Novell Account Management you can simplify the management of your mixed-platform network, as well as enforce consistent security policies across your network. In addition, you can provide users with immediate access to the resources they need, improving productivity throughout your organization. New Features
Additional Features
**Windows and AS/400 do not support redirection |
||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
|
How Novell Account Management Works | |
|
|
|||
|
|
|
|
Novell Account Management unites heterogeneous network environments by allowing the various parts to integrate with Novell eDirectory. It represents servers, workstations, applications and users as objects in Novell eDirectory. With Novell Account Management in place, an administrator can manually give users and user groups access to anything in the network (applications, servers, domains, workstations, etc.) as long as it is represented as an object in Novell eDirectory. For example, when a company hires a new employee, that employee needs access to various parts of the network. On his first day at work, the new employee (or his boss) calls the helpdesk and tells the administrator he needs network access, Internet access and an e-mail account. The network administrator then manually creates a user identity object in Novell eDirectory. The administrator then gives this identity appropriate access rights to the network, specifically the server that stores information for the new employee’s work group. These rights can also include Internet access and rights to the post office server and e-mail application. Server platform administrators have control over how users and accounts are managed on their servers. They can determine which users are included or excluded from automated management, which users use authentication redirection and which use local authentication. Components There are two groups of components in Novell Account Management, Core Services and Platform Services, as illustrated in the following graphic.
Core services Core Services consists of an Event Listener, Manager Services and Agents. The Event Listener is a DirXML subscriber that monitors or listens for changes occurring in predefined areas in Novell eDirectory. When the Event Listener detects a change in a user or group object, it notifies Manager Services. Manager Services is the primary controller of Novell Account Management, especially in account provisioning. It is comprised of the following five services:
Novell Account Management Agents provide enterprise servers with a real-time interface to Novell eDirectory. This interface is used to check and change passwords during authentication redirection. The Agent also supports API calls to retrieve information about user objects, such as Group Membership and Security Equivalence, from Novell eDirectory. Because authentication and authorization services are vital to the operation of an enterprise, there should be multiple Agent servers in case of network outages or Agent server problems. Platform Services The other component group is called Platform Services. Platform Services reside on each server in the enterprise and provide user and group management and user authentication. During user and group management, the Platform Receiver receives event information from Event Journal Services over an SSL connection. The Platform Receiver creates Environment Variables and calls the appropriate Script to process the event. These scripts are written in the native scripting language of the platform and can be modified by the customer to address unique requirements in his/her company. When the script successfully completes its processing of the event, the Platform Receiver notifies Event Journal Services, causing the journal entry to be cleared. During user authentication, code called the System Intercept gains control of the platform’s password check or change process. It can also receive password changes from Novell eDirectory and replicate the new password in the Domain or in AD. The Platform Services Process (PSP) establishes an SSL connection with an Agent running on one of the servers. If the initial Agent is not available, the PSP will automatically fail-over to another Agent on a different server. During password check and change operations on mainframes and UNIX systems, the PSP sends the userid and password to an Agent. Here it is mapped to an appropriate user object and the password is checked or changed in Novell eDirectory. The Agent sends a return code to indicate success of the operation or the reason for failure. The PSP converts the return code into something the platform security system understands and the operation proceeds just as if everything was done using the local security database on the server. On Windows platforms, passwords are checked and changed in the Domain or in Active Directory, but the password will be the same as the Novell eDirectory password. The Platform Services Process also has an application program interface (API) that allows applications to perform Novell eDirectory password check and change requests as well as request other information about the user or group objects. This API is extremely useful for Web applications. |
|||
|
|||
|
Installing Novell Account Management | |
|
|
|||
|
|
|
|
Installing Novell Account Management on any platform is a quick and non-intrusive process. On Linux and Solaris systems, you can use the native package utilities to install Novell Account Management . This utility is located in the Setup directory on the Novell Account Management CDs for the Linux and Solaris platforms. For Windows and NetWare systems, you can install Novell Account Management by running SETUP.EXE from the Novell Account Management CD or downloadable file. For detailed instructions on installing Novell Account Management, go to the following Web site: |
|||
|
|||
|
Pricing | |
|
||||||
|
|||||||||
|
|
|
|
||||||
New License
Additional Price Options Qualifying customers may take advantage of price savings through the Novell Customer Connections® licensing programs. For more information, see www.novell.com/licensing/price.html. |
|||||||||
|
|||||||||
|
Novell® Nsure™ Solution | |
|
|
|||
|
|
|
|
Novell Account Management is a key component of Novell Nsure, the family of secure identity management solutions from Novell. Novell Nsure provides a complete security solution enabling an organization to extend its business infrastructure and services beyond its firewalls-without sacrificing security or admitting unauthorized users. The Novell Nsure Solution includes the following components:
With Novell Nsure, an organization can realize the one Net vision: its intranet, extranet and the Internet will work together securely as one Net, simplifying the complexities of eBusiness and providing the power and flexibility needed to succeed in the Net economy For information on the Novell complete range of products and services, contact the Novell Customer Response Center at (888) 321-4CRC (4272), or visit the Novell Web site at http://www.novell.com. Press may access Novell announcements and company information on the World Wide Web at http://www.novell.com/pressroom. |
|||
|
|||
|
|
|
|
|
|||
|
|
|
|
© 2002 Novell, Inc. All rights reserved. Novell, NetWare, BorderManager, DirXML and iChain are registered trademarks; Cambridge Technology Partners is a registered service mark; eDirectory, NMASS and Novell Secure Access are trademarks; and Novell Authorized Reseller is a service mark of Novell, Inc. in the United States and other countries. *Active Directory, Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. UNIX is a registered trademark of X/Open, Ltd. FreeBSD is a trademark of Wind River Systems, Inc. Hewlett-Packard and PH-UX are registered trademarks of Hewlett-Packard Company. AIX, AS/400, IBM, MVS, MVS/ESA, RACF and S/390 are registered trademarks of International Business Machines Corporation. Solaris and Sun are registered trademarks of Sun Microsystems, Inc. Linux is a registered trademark of Linus Torvalds. OpenVMS is a registered trademark and Tru64 is a trademark of Compaq Computer Corporation. Intel is a registered trademark of Intel Corporation. Red Hat is a registered trademark of Red Hat Software, Inc. All other third-party trademarks are the property of their respective owners. |
|||
|
|||
