2 Hitachi ID / BMC Partnership - RJR...
Transcript of 2 Hitachi ID / BMC Partnership - RJR...
1 Service Desk Express and Hitachi ID Password Manager (P-Synch)
Managing The User Lifecycle
With The Hitachi IDManagement Suite
MANAGEprofiles and rights
MANAGEprofiles and rights
SUP
PO
RT
acc
ess
pro
ble
ms
SUP
PO
RT
acc
ess
pro
ble
ms
TERMINATEaccess rights
TERMINATEaccess rights
HIR
Ee
mp
loy
ee
s co
ntr
act
ors
HIR
Ee
mp
loy
ee
s co
ntr
act
ors
User Lifecycle
Increasing the value proposition for help desk organizations.
Colin Duffy, Account Manager | Pierre Plante, NA Sales Manager | Scott Delaney, ManagerProfessional Services | 2009-07-22
2 Hitachi ID / BMC Partnership
© 2009 Hitachi ID Systems, Inc. All rights reserved. 1
Slide Presentation
2.1 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identitymanagement solutions.
• Founded in 1992, acquired by Hitachi,Ltd. in 2008.
• 780+ customers with a combined9.8M+ licensed users.
• Offices in North America and partnersoverseas.
• Approximately 140 employees.
Award: SC Magazine Best Buy for theHitachi IDMS.
2.2 Hitachi ID Value Proposition
© 2009 Hitachi ID Systems, Inc. All rights reserved. 2
Slide Presentation
2.3 Hitachi ID Advantages
2.4 Representative Hitachi ID Customers
3 Value Proposition
© 2009 Hitachi ID Systems, Inc. All rights reserved. 3
Slide Presentation
3.1 Help Desk Stats: Passwords
Problem Solution
• Gartner estimates that 30% of typical ITsupport call volume is password resets.(G00158133 2008-06-02).
• Typical direct costs are $3 to $18/incident,plus lost user productivity.
• Password Manager eliminates most ofthis cost:
• Synchronization:Eliminates 60% to 90% of incidents.
• Self service:Resolve 60% of help desk calls.
• Assisted reset:Reduce call duration to about 1minute/call.
3.2 Problem: Too Many Passwords
Every login account has its own: Password complexity creates businessproblems:
• Password value.• User interface.• Strength rules.• Expiration date.
• High call volume :Users forget or lock out their passwords.This can be 30% of help desk workload.
• Sticky notes :Users write down their passwords andmay leave them in public view.
• Bad passwords :Users choose simple, easily guessedpasswords.
3.3 Password Management: Functional Overview
Problem:
Users have too manypasswords.
Users still forget theirpasswords.
Users don’t want tochange passwords.
Users prefer to reusesimple passwords.
Global password policy,history.
Q&A has the right pricepoint - but we don’t have any data.
Manage a Q&A enrollmentprogram.
Password expiry,early warnings.
Need to authenticateusers with out a password.
Tokens, voice prints,personal Q&A data.
Self-service passwordreset.
Users are locked out ofWindows.
GINA Service,Secure Kiosk Account,Telephony access.
Synchronize them. Users still have to typetheir password intoevery app.
Auto-populate thesynchronized password.
START
Solution: Problem: Solution:
Problem: Solution: Problem: Solution:
Problem: Solution: Problem: Solution:
Problem: Solution: Problem: Solution:
© 2009 Hitachi ID Systems, Inc. All rights reserved. 4
Slide Presentation
3.4 Password Manager Benefits
Feature Impact Benefit
Password synchronization Solve the problem at itssource:Fewer passwords toremember.
Cost, Service:Fewer help desk calls.Improved user service.
Self-serve password reset Divert problem resolution:Self-service fix for loginproblems.
Cost:Fewer help desk calls.
Assisted password reset Shorten time to resolve issues:Help desk interface to helpusers over the phone.
Cost:Shorten help desk calls.
Policy enforcement Users must choose strongpasswords.
Security:Prevent password guessingattacks.
Password expiration All passwords changeregularly.
Security:Short time window forintruders.
3.5 The 50/50/50 Rule
A simple rule that illustrates cost savings from each Password Manager feature:
Feature ImpactNet help deskworkload reduction
Password synch: Eliminates 50% of problems. 50%
Self-service reset: Reduces call volume by 50%. 75%
Assisted reset: Shortens call duration by50%.
87.5%
Scenario ImpactNet workloadreduction
Conservative estimate: 50/50/50 87.5%
Optimized deployment: 80/60/60 96%
SSPR only, no synch.: 0/60/60 80%
4 Technology Details
© 2009 Hitachi ID Systems, Inc. All rights reserved. 5
Slide Presentation
4.1 Supported Target Systems
Password Manager ships with many built-in connectors, including:
Directories:LDAP (any), NT domain, AD,NDS, eDirectory, NIS(+).
Individual servers:WinNT, Win2K, Win2K3,OS/2, Samba, NetWare.
Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, Cache,Essbase, ODBC.
Unix:Compaq, DG, FreeBSD, HP,IBM, Linux, NCR, SCO, SGI,Sun, Unisys.
Mainframes:VM/ESA, MVS, OS/390,z/OS, BS2000.
Midrange:OS/400, OpenVMS.
Applications:JD Edwards, OracleApplications, PeopleSoft,SAP R/3, Siebel, BusinessObjects.
Collaboration:Lotus Notes, MS Exchange,GroupWise, BlackBerry,OpenMail.
Networking:RSA SecurID, SafeWord,RADIUS.
4.2 Access from Login Prompt
Problem Solution
Users who forget their network passwordcannot launch a Web browser to access the selfservice password reset application.
• Secure Kiosk Account (SKA): access toSSPR without client software ("guest"account).
• GINA service: access to SSPR from UIextension – no GINA DLL.
• Hitachi ID Phone Password Manager(ID-Telephony): turn-key telephoneaccess to SSPR.
• Temporary VPN: access to SSPR fromoutside the corporate network.
© 2009 Hitachi ID Systems, Inc. All rights reserved. 6
Slide Presentation
4.3 Integration with SDE
Password Manager ships with a pre-built integrations to SDE:
• Automatically create, update and close SDE incidents, in response to events that happen on thePassword Manager server.
• Flexible scripting language specifies when to write incidents and how to populate them.• Automatically updated incidents support a single point for reporting on key metrics such as:
– Successful/failed password resets.– Authentication problems, lockouts.– Self-service vs. assisted service.
• SDE can be extended with a button that launches a UI into Password Manager and pre-populates:
– The identity of the help desk analyst.– The identity of the caller.– The incident number.
• Password Manager can manage users and their passwords on SDE.
5 Market Differentiators
© 2009 Hitachi ID Systems, Inc. All rights reserved. 7
Slide Presentation
5.1 Why Hitachi ID?
Password Manager is not the only password management product on the market. Here are somereasons to choose it over competitors:
Lower Cost • Competitive license fees.• Deployment in 1–2 weeks.• Maintenance: about 1/4 FTE.
Lower Risk • Hitachi ID offers fixed-pricedeployments.
• Experience with 780 deploymentsmeans we’ve seen every weird problembefore.
Foundation for IDM • Customers get their feet wet beforediving into full IDM.
• Early ROI, early confidence.• Shared connectors, user profile
database.
Embedded in SDE • SSO and Password Managementembedded in SDE.
• Simple upgrade for existing customers.• Add-on solution for prospective
customers.• Bundled pricing with SDE.
© 2009 Hitachi ID Systems, Inc. All rights reserved. 8
Slide Presentation
5.2 Password Manager Cool Features
Problem Feature Why it’s cool
Cached credentials ActiveX control to refreshcache
Do not trigger intruder lockoutsafter a routine PW change.
Locked out users GINA Service Access SSPR from WindowsXP login screen withoutinstalling a (fragile, dangerous)GINA DLL.
Locked out users Secure Kiosk Account Access SSPR from WindowsXP login screen withoutinstalling any client software atall.
Off-site, locked out users GINA Service + TemporaryVPN
Access SSPR from loginscreen over a temporary VPN– addresses lowfrequency/high cost incidents.
Users forget their passwordanyways
Scheduled password expiry Avoid PW changes on Fridays,afternoons.
There is no pre-existingQ&A data
Managed enrollment Personalized invitations.Limited daily volume,frequency per user.
5.3 Password Manager "Hard" Target Systems
Problem Feature Why it’s cool
PIN resets Reset PINs on smart cards,tokens
Much more complextechnology than passwords.
Notes, PKI passwords Reset passwords used toencrypt cryptographiccertificates
How do you reset a passwordthat was used to encrypt 3copies of a cryptographiccertificate, stored on 2 PCsand a USB flash drive?
HDD key recovery Recovery forgotten HDDencryption keys
Users who cannot decrypttheir HDD cannot work.
5.4 Other Offerings
• BMC is currently sourcing Password Manager and Hitachi ID Login Manager (P-Synch/SSO) fromHitachi ID.
– Password Manager: synchronize, reset passwords.– Login Manager: automatically sign users into their apps.
• Other products that IT support or data center managers may be interested in:
– Hitachi ID Privileged Password Manager (ID-Archive): secure administrator passwords.– Hitachi ID Group Manager (ID-Access): self-service management of AD groups.
© 2009 Hitachi ID Systems, Inc. All rights reserved. 9
Slide Presentation
6 Animated Demo6.1 SSPR Integrated with BMC SDE
Animation: ../pics/camtasia/bmc-psynch-demo-sde/psynch-ad-sspr-sde-ticket.cam
7 Discussion
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: PRCS:presDate: July 14, 2009