About El Al
Established in 1948, El Al is Israel's national airline, operating a fleet of 38 Boeing aircraft that fly to 48 destinations across Europe, North and South America, Africa and Asia. The company employs more than 5,000 people and operates 77 sales offices around the world.
Challenge
A significant number of El Al's employees are pilots, flight attendants and engineers whose jobs require them to travel extensively. Since they spend most of their time away from the office, the company needed to find an effective way to communicate with them and give them secure access to appropriate IT systems.
The company also has many partners—travel agencies, cargo handlers, catering firms and so on—that support different aspects of its business throughout the world. These partners also need access to certain systems—for example, a travel agent might need to access the flight booking system, while a caterer might need to review passengers' meal choices on a certain flight.
El Al wanted to find a solution that would enable these different users to securely log in to its systems from anywhere in the world, using a standard Web browser and Internet connection. At the same time, it was critical to monitor and report on all access attempts in order to align with El Al's very stringent corporate security policies.
Novell Solution
El Al initially implemented Novell iChain® to handle secure access to a number of important systems, but as the number of users increased, the company decided to upgrade to Novell Access Manager™.
"Counting all our employees and external partners, we have tens of thousand of users, accessing 40 or 50 applications," said Guy Balzam, Information Security Unit Manager at El Al. "We are adding new applications all the time, and we are also considering extending some secure services to our customers, which could potentially increase the user-base into the millions. We wanted to increase the scalability of our access management landscape and enhance compatibility with Microsoft solutions such as Active Directory."
Working with ProLink Identity Management, the El Al IT team started work on an upgrade from Novell iChain to Novell Access Manager, running in a virtualised environment on VMware ESX Server.
ProLink is a Novell Gold Partner SM that specialises in identity and security solutions, and provides consulting and professional services for large and mid-sized organizations from all market sectors in Israel.
"ProLink did a good job of helping us select the software and plan the project—and Novell Access Manager is so easy to use that we were able to do the majority of the migration work ourselves," said Balzam. "We moved the applications onto the new platform one by one over the course of about a year, which enabled us to minimise disruption and ensure continuity of service for our users."
To enhance security, El Al is taking advantage of Novell Access Manager's support for multi-factor authentication.
"To log in to our most sensitive systems, users must use a two-factor authentication scheme," said Balzam. "This helps us achieve a very high level of security and keeps our systems protected against unauthorised access."
Results
El Al completed its transition to Novell Access Manager several months ago, and is already seeing the benefits.
"From the perspective of the IT team, Novell Access Manager gives us a simple, flexible and low-maintenance way to manage a very large population of users," said Balzam. "We have a central point of control over user access to all applications, whether they are based on Microsoft Active Directory, Novell eDirectory™, or other technologies. We can add new users very quickly, and define which systems they are able to access. It is also very easy to extend the solution when we introduce new applications."
There are clear advantages from the security perspective too: as well as its support for two-factor authentication, Novell Access Manager also provides advanced reporting capabilities.
"We can see exactly who is accessing which systems, and we have a full track of all user activity which we can use for auditing and compliance purposes," said Balzam. "We can also use these tools for performance management—to check availability levels and make sure that we are providing a good level of service for our users. This will be especially important in the future, if we decide to extend access to our customers."
Above all, by combining Novell Access Manager with VMware ESX Server, El Al has created a highly scalable solution. As user numbers increase, the IT team can extend the environment simply by creating additional virtual servers.
"Even if several million customers sign up for the company's online services, we are confident that Novell Access Manager and VMware ESX Server will be able to handle the demand," said Balzam. "We have built a solution that will be capable of meeting our access management needs for the foreseeable future."