Share the Love
Secure Shared Workstations and Fast User Switching with Novell SecureLoginSecure Shared Workstations and Fast User Switching with Novell SecureLogin
Written by Ken Baker
The following represents a sample action.xml that shows some of the basic functionality of a few of the Novell SecureLogin actions and triggers:
Sample actions.xml <?xml version="1.0"?> <application-runner-script> <action name="hidedesk"> <nds-logout /> <hide-desktop /> </action> <action name="showdesk"> <unhide-desktop /> </action> </application-runner-script>
In this example, the hide-desktop action hides the desktop, its icons and other programs after a user logs out of the directory and before a new user logs in to the directory. When a new user logs in to the directory, the unhide-desktop action can be used to display the desktop and its hidden icons and programs. It’s the behavior of these actions that facilitates fast user switching and logon for kiosks or shared workstations. Even though the workstation remains logged in as a generic workstation user, the desktop can remain hidden and locked until an actual user authenticates.
Depending on your needs, you can create a very basic or elaborate action.xml file. While you can create the file by hand, Novell SecureLogin provides a wizard that can help you construct the appropriate event triggers and actions for your shared workstations. When you launch the wizard, it allows you to select from a set of predefined actions and then customize them to address your specific needs. Likewise, it makes it easy to specify triggers for those actions.
When creating a sample action file that provides a quick login and logout for users, you might have it first test to see if the user has authenticated to a Novell eDirectory tree. If the user is not logged in, Novell SecureLogin can then hide the Windows desktop and launch Novell Client32 to allow the user to authenticate. When Novell SecureLogin detects that the user had logged into eDirectory, the script can initiate a new single sign-on session for that user, map drives and automatically launch several applications. When the user logs off, the action file can unmap the drives, shutdown the applications, end the user’s single sign-on session, and hide the desktop again. (See Figure 2.)
With one set of authentication credentials and fast user switching, Novell Secure Login can address the core IT challenges in your shared-workstation environment.
Complex Challenges, A Simple Answer
Even though every customer situation is a little bit different, Novell SecureLogin and DAS provide you the flexibility to adapt the actions and triggers to fit a variety of scenarios. One of the most typical use-case scenarios is the need to ensure that the previous user of a shared workstation is logged out, all the user’s applications are closed, and the workstation is ready for the next users without having to restart Windows or cause the new users to wait a significant amount of time for authentication. The bottom-line for this scenario is the need for fast user login or fast user switching, which Novell SecureLogin provides.
A common scenario in the healthcare industry would be that whenever nurses walk up to a workstation, they need to be able to log in quickly and be automatically authenticated to a certain set of applications. However, addressing the needs of the doctors might require you to handle things a bit differently, perhaps loading and authenticating a different set of applications. And since you want to make things as easy as possible for your doctors, you might create some custom shortcuts with big, easy-to-find icons that will quickly log them off or perform some other action.
To help ensure that sensitive information can’t be viewed or accessed by unauthorized individuals, you might use something like a pcProx sonar detector that can detect when logged in users walk away from their workstations. When that happens, it can trigger an action in Novell SecureLogin that starts the Windows screen-saver program and locks the workstation. After a pre-defined time interval of inactivity, you might have Novell SecureLogin automatically close down the user’s applications and log the user out. You can also configure it so if the user returns before the predefined interval, the screen saver will turn off and the user’s desktop will be displayed in its previously undisturbed state.
The flexibility in how you can employ the various event triggers and actions in Novell SecureLogin really make it easy to address a wide variety of shared-workstation and kiosk scenarios. In addition to the flexibility, Novell SecureLogin delivers the following key differentiating features:
- Shared credentials for Web single sign-on, enterprise single sign-on, and provisioning
- Automatic provisioning of single sign-on credentials through integration with the identity management system
- No additional hardware investment requirements, minimized administrative overhead, simplified user management, improved fault tolerance and increased enterprise interoperability through the ability to leverage existing directory infrastructures
- Support of multiple multi-factor devices
- Centralized management
- Minimal impact on workstations with Windows and Novell-workstation compatibility, a small client footprint, integration with Novell ZENworks and no modifications to the GINA
Still, the overriding message of the BrainShare session was a simple one. With one set of authentication credentials and fast user switching, Novell Secure Login can address the core IT challenges in your shared-workstation environment.