Building an Enterprise Infrastructure to Securely Manage Access to Web Applications

Similar documents
IBM Tivoli Access Manager for e-business V6.1.1 Implementation

SAP Security in a Hybrid World. Kiran Kola

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

IBM Tivoli Directory Server

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

Service Mesh and Microservices Networking

Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0

IBM Exam IBM WebSphere Message Broker V8.0 System Administration Version: 6.0 [ Total Questions: 55 ]

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Architecture & Deployment

Federated Identity Manager Business Gateway Version Configuration Guide GC

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

App Gateway Deployment Guide

IBM C Exam. Volume: 65 Questions

IBM Tivoli Netcool Service Quality Manager V4.1.1

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Syncplicity Panorama with Isilon Storage. Technote

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SEAMLESS AND SECURE REMOTE ACCESS TO RESOURCES

Software Defined Perimeter & PrecisionAccess. Secure. Simple.

Centrify Identity Services for AWS

Introduction. The Safe-T Solution

WebSphere Application Server, Version 5. What s New?

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Using IBM DataPower as the ESB appliance, this provides the following benefits:

Tivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic

Microsoft Internet Security & Acceleration Server Overview

Challenges in Authenticationand Identity Management

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Novell Access Manager 3.1

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

Azure Active Directory from Zero to Hero

Blueprinting Questionnaire Sample

As you learned in Chapter 1, the architectural variations you can construct using

The Old is New Again Engineering Security in the Age of Data Access from Anywhere

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

C IBM. IBM WebSphere Application Server Network Deployment V8.5.5 and Liberty Profile, System Administration

New Features for ASA Version 9.0(2)

Warm Up to Identity Protocol Soup

IBM Security Access Manager Version December Release information

How Cisco IT Improves Commerce User Experience by Securely Sharing Internal Business Services with Partners

Lotus Learning Management System R1

ADFS Setup (SAML Authentication)

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Comodo Certificate Manager Software Version 5.0

Copyright

Hyperion System 9 BI+ Analytic Services

BEA WebLogic Server Integration Guide

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

IBM Tivoli Federated Identity Manager Version Installation Guide GC

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

CHUV CHUV. Vincent Bex Systems Engineer Patrick Zosso Infrastructure Project Manager

Oracle WebLogic Server 12c: Administration I

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

s390 zlinux at Citi Presented by Doctor P. Robinson June 5, 2013 Hillgang Citi Managing zlinux in a Heterogenous Enterprise

Ibm Websphere Application Server V6 1 Security Handbook

IBM Exam IBM FileNet P8 V5.1 Version: 6.0 [ Total Questions: 126 ]

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Shared Session Management Administration Guide

Softlink International Liberty Security

Comodo Certificate Manager Version 5.4

Oracle 10g and IPv6 IPv6 Summit 11 December 2003

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

the Corba/Java Firewall

John Heimann Director, Security Product Management Oracle Corporation

Sentinet for BizTalk Server SENTINET

Entrust Identification Server 7.0. Entrust Entitlements Server 7.0. Administration Guide. Document issue: 1.0. Date: June 2003

User Registry Configuration in WebSphere Application Server(WAS)

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Exam Questions C

IBM SecureWay On-Demand Server Version 2.0

Never Drop a Call With TecInfo SIP Proxy White Paper

Exam Name: IBM Certified System Administrator - WebSphere Application Server Network Deployment V7.0

Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

Smarter Business Agility with WebSphere DataPower Appliances Introduction

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Spotfire Security. Peter McKinnis July 2017

What's new in IBM Rational Build Forge Version 7.1

Busting the top 5 myths of cloud-based authentication

Designing an Enterprise GIS Security Strategy

WP710 Language: English Additional languages: None specified Product: WebSphere Portal Release: 6.0

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

WEBSPHERE APPLICATION SERVER

Vendor: IBM. Exam Code: C Exam Name: IBM Security Identity Manager V6.0 Implementation. Version: Demo

BlackBerry 2FA. Datasheet. BlackBerry 2FA

BraindumpsQA. IT Exam Study materials / Braindumps

Peering as a Cloud enabler for Enterprises

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

Vendor: IBM. Exam Code: Exam Name: IBM FileNet P8 V5.1. Version: Demo

Cover Page. Content Server Planning and Implementation Guide 10g Release 3 ( )

IBM LOT-825. IBM WebSphere Portal 6 Deployment and(r) Administration.

Advanced Deployment Architectures for Oracle E-Business Suite

WWPass External Authentication Solution for IBM Security Access Manager 8.0

ArcGIS for Server: Security

IBM Security Access Manager Version 9.0 October Product overview IBM

Transcription:

Building an Enterprise Infrastructure to Securely Manage Access to Web Applications Paul Munsen IT Architect Navistar, Inc. IIT Netsecure 09 March 12, 2009

About Navistar World class commercial truck and engine manufacturer Sells products through approximately 300 dealerships across North America most of which are independently owned and operated. Currently expanding into additional markets and regions across the globe 2 IIT Netsecure 09 March 12 th, 2009

Problems to Solve: How do we provide secure access to web based applications from our dealerships? How do we allow users to log in to all applications with a single user ID and password? How do we allow traveling employees to access web sites when at customer locations? 3 IIT Netsecure 09 March 12 th, 2009

Potential Solutions: VPN? Good for transport layer security Not easy to identify individual users Application specific security Good for some applications Saves on licensing costs Difficult to manage across multiple applications and development groups Very difficult to use with 3 rd party applications (ERP, Portals, etc ) Web access management product reverse proxy 4 IIT Netsecure 09 March 12 th, 2009

Web Application proxy Provides consistent single-sign on interface Provides transport layer security (SSL) No software needs to be installed on web servers or client PC s Allows for consistent access control mechanism Web applications only Not 100% transparent 5 IIT Netsecure 09 March 12 th, 2009

Benefits of Proxy Architecture Proxy architecture increases security by not allowing direct user access to web servers Source: IBM Redbook SG246014 6 IIT Netsecure 09 March 12 th, 2009

Navistar before use of Web Application Proxy About a dozen different dealer-facing web based applications Some required their own user ID s and passwords Most applications used Windows authentication All applications required custom user authentication/authorization code No applications were available over the Internet private network connections were required 7 IIT Netsecure 09 March 12 th, 2009

Technology in use at Navistar Wide variety of web technologies in use: Microsoft IIS/ Active Server Pages Java/ Tomcat Java/ IBM WebSphere Application Server CGI-based systems Mainframe, Windows, HP/UX, VAX, AS/400, etc 8 IIT Netsecure 09 March 12 th, 2009

Solution Implementation Decided to use IBM s Tivoli Access Manager similar products are available from other vendors Customized system to authenticate against Windows to be compatible with majority of existing applications Built Network DMZ to host Internet-accessible proxy servers Source: IBM Redbook: SG246014 9 IIT Netsecure 09 March 12 th, 2009

Building a scalable architecture Initial rollout Jan 1, 2000 1 application 1000 named users 3000 web hits per day Availability: Approximately 98% Current environment March 2009 Approximately 200 applications 55,000 named users 15,000 unique users will log in on a particular weekday 11 million web hits per weekday Availability: Approximately 99.95% (about 20 minutes of downtime per month) 10 IIT Netsecure 09 March 12 th, 2009

Infrastructure 11 IIT Netsecure 09 March 12 th, 2009

High Availability Load balancers in front of most components Multiple LDAP Servers Using peer to peer replication Multiple proxy servers for high availability and to handle load Proxy servers managed from a single management point Proxy servers can provide load balancing to provide high availability for application web servers Monitoring Availability Performance Trending for capacity management 12 IIT Netsecure 09 March 12 th, 2009

Application Integration Configuring an application to go through proxy Set up a junction or connection between proxy and web server Standalone Site: http://server1/index.html Accessed through proxy https://proxyserver/junction/index.html 13 IIT Netsecure 09 March 12 th, 2009

Application Integration Things to consider Security Transport layer (SSL or HTTP) Mutual Authentication of servers Propagation of user s identity (user ID) to application Passing of additional identity information 14 IIT Netsecure 09 March 12 th, 2009

Application Integration Things to consider (continued): Integration Can the application code be modified Do you trust the application? What configuration options are available within the application? Will this application run on multiple servers or a single server? 15 IIT Netsecure 09 March 12 th, 2009

Passing Identity Information to Applications Benefits to externalizing and centralizing identity information Extended attributes sent in HTTP header User Name Account Numbers Any other relevant information that may be shared across applications Particularly useful when integrating with applications hosted by outside providers Easy to retrieve attributes sent in HTTP header String userid = request.getheader( iv-user ); 16 IIT Netsecure 09 March 12 th, 2009

Future Directions - Federation Federation is a mechanism by which users can achieve single sign-on across companies using a standards based protocol such as SAML. 17 IIT Netsecure 09 March 12 th, 2009

Questions or Comments Contact information: Paul.Munsen@navistar.com 18 IIT Netsecure 09 March 12 th, 2009

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback