IBM Software Group Selling Tivoli directory solutions Building
IBM Software Group Selling Tivoli directory solutions Building an authoritative identity data foundation for your customers <Business Partner Name> © 2003 IBM Corporation
IBM Software Group | Tivoli software Agenda § Today’s directory challenges § Business benefits of establishing an authoritative identity data infrastructure § Building this identity data infrastructure Tivoli Directory Server Tivoli Directory Integrator § Information & Resources § Back up Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software The directory dilemma # of applications growing in an enterprise This creates complexity Distributed application resources Security Deployment of new technologies Web services Portals Proliferation of application specific directories e-business Heterogeneous environments What enterprises need And so today, enterprises … Authoritative identity data infrastructure Cannot efficiently manage identities Highly available/scalable solution Leverage existing data assets Face significant security & business risks Fit into heterogeneous/distributed environment Experience poor ROI Cannot quickly deploy new applications Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Goal: Establish an authoritative identity data infrastructure Aggregate user data across the enterprise to create a user identity that can be effectively managed and secured. § Reduce costs - Ease administration of identity data repositories - Facilitate application development and deployment - Minimize costs associated with redundancies and manual intervention with data § Increase productivity 1. Accelerate deployment of new initiatives and services 2. Improve user experience 3. Quickly respond to changing business requirements Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software IBM Tivoli Integrated Identity Management Solution Users & Applications Managing Users Managing Identity Data { { Identity Manager Access Manager Privacy Manager Directory Server Directory Integrator Systems & Resource Information www. ibm. com/software/tivoli/solutions/security/ Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software IBM Tivoli Directory Solutions § Tivoli Directory Server – Powerful Lightweight Directory Access Protocol (LDAP) infrastructure, provides a foundation for deploying comprehensive identity management applications and advanced software architectures, an enterprise directory § Tivoli Directory Integrator – Open-architecture, metadirectory solution for synchronizing and exchanging information between applications or directory sources to provide a consistent, enterprise-wide authoritative directory infrastructure. Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Questions to ask your customer… § § § § How do you store your identity data for applications today? How many directories do you have in your organization? Is some of the information in each of these repositories redundant? In some cases, do different applications own different attributes of an individual’s identity data? Is there redundant identity data on individuals in different repositories around your enterprise? How are you sure you are accessing the most current identity data? Are you rolling out a new web service, portal, security solution? How will you present identity data to this solution? Would you like to reduce costs and automate the process for enabling the availability of current identity data to your enterprise applications and services? Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Most companies will not implement a single Enterprise Directory, but will require a metadirectory Through 2008, fewer than 40 percent of midsize and large enterprises will be able to identify a single strategic directory Gartner Active Directory . . . Application Directory (e. g. Web. Sphere) LDAP Directory (e. g. IBM, Sun) Typical enterprise has over 100 directories! Native OS Directories (e. g. Z/OS, Linux, Novell) NDS IBM & non-IBM Databases Directory Solutions | Web Security Directory (e. g. Tivoli Access Manager) ERP Directories (e. g. People. Soft, SAP) © 2003 IBM Corporation
IBM Software Group | Tivoli software Why do customers need Directory Integration? § Customer’s identity data exists already in the organization in § § disparate directories Customer does not want to migrate to central data store Customer wants to save costs by leveraging existing data and tools Customer wants to reduce effort required to keep directories up to date yet desires to have the latest data at their fingertips Customer wants to build an authoritative source for identity information Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Directory Integration § Integrating existing enterprise identity data stores with new applications Broad range of applications: HR, email, security, CRM, ERP, etc. Example 1: Tivoli Access Manager with Active Directory Example 2: Portals § Integrating directories within an enterprise Example 3 : Directory integration § Building an authoritative data source Example 4: Enterprise directory Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Example 1: Integrating Active Directory with Tivoli Access Manager § Tivoli Access Manager requires changes to the Active Directory tree and schema. § If the customer does not want to make these changes then Directory Integrator can solve this problem. § When a user is added/changed/deactivated in Active Directory then Directory Integrator can cause the same to occur in Access Manager. This makes Access Manager less intrusive to a customer’s Active Directory deployment. No changes to Active Directory and you can manage users from a single user administration panel. Directory Integrator Portal, CRM, ERP, Web Solutions Access Manager Active Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Example 2: Portal Directory Integration email § When a portal is built it requires a directory to store user data. § Avoid creating another island of identity when you build the portal. § Use Directory Integrator to connect with other identity data in the enterprise and use these current identity stores to create and manage the portal identity store. Directory Solutions | Directory Integrator LDAP Portal Directory HR © 2003 IBM Corporation
IBM Software Group | Tivoli software Example 3: Directory Integration § Many corporations have a large number of directories that they manage today. They often have established a project to resolve this issue. integrate the directories together, build an infrastructure that will avoid adding additional directories when another project is started. Often the foundation for identity management projects to follow. Authoritative Identity Source § Customer Challenge: Out-of-sync data elements require synchronization User Mobile Phone Numbers ? User Cost Center Integrate Authoritative Identity Source for Division B Authoritative Identity Source for Division A Directory Solutions | ? Authoritative Identity Source for Integrate Division C § Customer Challenge: Accurately retain multiple corporate identity sources at minimum cost © 2003 IBM Corporation
IBM Software Group | Tivoli software Example 4: Enterprise directory § Some enterprises wish to have a central, physical repository that they can go to for an up to date enterprise view of all their identity data. Operating Systems HR Directory Integrator Enterprise Directory: Authoritative Identity Source Business Partner Directory email Directory Telephony Charge Centers Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Solutions Directory Server, Directory Integrator Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Server Tivoli Portal AIX Linux email HR CRM ERP … Directory Server § e-business applications require a powerful identity data engine Open across all major platforms including Linux Robust, high-availability configurations for 24 x 7 reliability Strong scalability as directories grow and consolidate Excellent performance Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software High Availability: key directory requirement § § High-performing and strongly scalable data engine Solid support for industry-standard LDAPv 3 interface Dynamic, extensible schema to easily deploy range of applications Rich multi-mastering and replication capabilities for high-availability Master 1 Master 2 Master 3 Replica 1 Replica 2 Replica 3 Replica 4 Replica 1 a Replica 2 a Replica 3 a Replica 4 a Replica 1 b Replica 2 b Replica 3 b Replica 4 b Directory Solutions | Master 4 . . . The Directory must support millions of entries and drive millions of operations per day with very high availability © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Server: Reliable, Scalable, Authoritative Identity Foundation § Broad Platform Support Important Linux Platform; Default Directory for Tivoli, Web. Sphere, and AIX § Powerful and Scalable Tivoli Directory Integrator Web. Sphere Tivoli § Very High-Reliability Supports Dozens of Masters, as well as Cascaded & Subtree Replication § Outstanding Functionality § Industry leading service & support Directory Solutions | z. OS AIX Trusted, Scalable DB 2 Engine Tuned for High-Performance; Supports Very Large Groups IBM Directory Server e-business applications Data Consumers Tivoli Directory Server for AIX, Linux, Windows, Solaris, & HP-UX OS/400 Domino IBM & non-IBM data stores Directories and Databases © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Server Web Admin interface: Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Server 5. 2 What’s New! § LDAPv 3 Certified by The Open Group IBM is founding member of Open Group Directory Interoperability Forum § Increased reliability Increased protection of directory data against Denial of Service attacks § Improved usability and serviceability Including user/group specific search limits Support Web Services security model for identity assertions (proxy authentication) § Enhanced performance Leverage strong DB 2 scalability § Enhanced platform support 64 bit AIX Server Windows 2003 Server Java 1. 4 New LDAP standards for authentication and transport layer security ISMP support for Linux p. Series e. Servers from IBM Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software IBM Tivoli Positioned in the Leader Quadrant of Gartner’s Magic Quadrant July 24, 2003 Research Note “Magic Quadrant for Directory Servers, 2 H 03” by John Enck Optimization Provisioning The magic quadrant is copyrighted July 2003 by Gartner, inc. And is reused with permission. Gartner's permission to print or reference its magic quadrant should not be deemed to be an endorsement of any company or product depicted in the quadrant. The magic quadrant is Gartner's opinion and is an analytical representation of a marketplace at and for a specific time period. It measures vendors against Gartner-defined criteria for a marketplace. The positioning of vendors within a magic quadrant is based on the complex interplay of many factors. Gartner does not advise enterprises to select only those firms in the leaders segment. In some situations, firms in the visionary, challenger, or niche player segments may be the right match for an enterprise's requirements. Well-informed vendor selection decisions should rely on more than a magic quadrant. Gartner research is intended to be one of many information sources and the reader should not rely solely on the magic quadrant for decision-making. Gartner expressly disclaims all warranties, express or implied of fitness of this research for a particular purpose. Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software A good example of an Enterprise Directory: IBM directory-exploiting applications Bluepages, Common Web Authentication, PBCs, Expenses, Mobility 2000, Sametime Messaging, etc. Master Directory Replicas Network Dispatcher Directory Replicas Boulder SDC 500 K+ entries 200 K clients 40 M Dir. Ops/day Directory Solutions | SWEDEN FINLAND DENMARK UNITED KINGDOM IRELAND HOLLAND GERMANY BELGIUM LUXEMBOURG AUSTRIA FRANCE SWITZERLAND ITALY SPAIN PORTUGAL GREECE © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Integrator Operating Systems HR Directory Integrator Business Partner Directory White Pages Telephony email Directory Charge Centers § Build comprehensive and authoritative identity data infrastructure Integrate and synchronize identity sources across the enterprise Local groups manage their own data Using the tools that make them most productive Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Integrator: how it works Assembly. Lines Event. Handlers Enable the system to respond to predefined events, thus enabling real-time integration Execute data flows based on the configuration of individual Connectors. Event. Handlers, Parsers and the business logic driving process Directory Event Systems Parsers Connectors Connect to a device, system or application and perform actions on data appropriately RDBMS LDIF File Interpret and transform incoming data into the desired format Over 25 Connected Systems ERP Messaging Databases (using ODBC, JDBC) Directories (using LDAP) Protocols and Formats Message Systems (using JMS) People. Soft, SAP R/ 3, Siebel Lotus Domino, Microsoft Exchange; POP 3, SMTP, IMAP 4 Oracle, Microsoft Access & SQL Server, IBM DB 2 & Informix, CA Ingres CA e. Trust, Critical Path, DNS, IBM (Domino/ Directory Server), IBM Operating systems AIX, OS 390(RACF), generic LDAP, i. Planet, Microsoft (NT Domains, Exchange, Active Directory), NEXOR, Novell e. Directory, Octet. String, Open. LDAP, Oracle, Siemens, Syntegra EDIFACT, HTTP, SOAP, SSL, XML IBM Web. Sphere MQ, TIBCO Rendezvous, Sonic. MQ and JMS compliant systems Frequently Asked Questions Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Integrator Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Integrator § Flexible, Open Architecture - Supports all major OS and Directory platforms - Data integration easily established by using either prebuilt connectors or using Java to create new connections - Does not require ripping and replacing of existing directory sources § Powerful and Scalable - Does not require central data store : not limited by the scalability of any one repository - The IBM Directory Integrator can scale to large size; multiple assembly lines can run concurrently without a single point of congestion. Most other meta-directory products consolidate the data in to a "meta or joined" view which is a single point of failure and can cause congestion. § Outstanding functionality - Password synchronization and propagation in Windows and other leading directories § Rapid Deployment - Allows quick deployment of new connectors. The IDE that is included allows quick configuration and deployment of new connections. Competitive metadirectory products have more complex development environments, which lead to long connector development times. - Industry leading service & support - Variety of support and services options available to help you design, implement and support your directory implementation. Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Integrator 5. 2 What’s New! § Strong synergy with IBM offerings Integrated with Tivoli Identity Manager, Lotus Workplace Messaging and Web. Sphere Express for i. Series e. Servers § Increased reliability and scalability Better recovery from service interruptions to support mission-critical, global applications. Improved MQ connector for reliable message transport. Better scalability to support very large implementations. § Improved change detection for databases Enhance data integration strengths beyond directory data § Improved synchronization with Windows environments Enhanced Active Directory event handler for real-time and scheduled events § Password intercept capabilities Capture and share Windows, Sun. ONE, IBM Tivoli Directory Server, and now RACF passwords securely across the enterprise § Usability enhancements Improved user interface and SNMP support Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Reliable and Scalable Directory Integration Honeywell Need • A reliable and scalable enterprise directory Solution Result IBM Directory Server IBM Directory Integrator • Integrates across multiple data stores on different computing platforms • Improves security and delivers advanced replication • Provides flexibility in the deployment of servers • Used together, IBM Directory Integrator connects disparate data sources to the IBM Directory Server data store to create a consistent view of enterprise identity data “The open, scalable, and flexible architecture of IBM z 900 Linux Directory Server and IBM z 900 Linux Directory Integrator delivers a stronger directory foundation for Honeywell and enables easy deployment of security and Web services. ” –Connie Whiteside, Strategic Architecture & Customer Service Delivery, Honeywell Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Tivoli Directory Server and Directory Integrator Intelligent Management Software for an On Demand World Automated for Productivity: Supports e-business on demand infrastructure by providing realtime synchronization between identity data sources so that enterprises can establish an authoritative, up-to-date, data infrastructure to serve as a platform for their business critical security and web services applications. Integrated for Efficiency: Supports flexible data integration with identity management , a wide variety of directory sources and applications, enabling end-to-end integration for customers, suppliers and partners. Optimized for Operational and Business Efficiency: Speeds deployment and reduces cost by enabling integration and synchronization with existing directory sources, maximizing flexibility in a heterogeneous environment without requiring the inflexible, physical centralization of this data or extensive custom development work. Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Information and Resources § Directory Server product page http: //www-3. ibm. com/software/tivoli/products/directory-server/ § Directory Integrator product page http: //www-3. ibm. com/software/tivoli/products/directory-integrator/ § IBM Tivoli Security products http: //www-3. ibm. com/software/tivoli/solutions/security/ § Other Tivoli family products http: //www. tivoli. com/products/ Directory Solutions | © 2003 IBM Corporation
IBM Software Group Thank You © 2003 IBM Corporation
IBM Software Group | Tivoli software Identity Management Blueprint Identity Federation • Trust Management • Trust Brokering • Single sign-off • Cross-enterprise identity mapping • Cross-enterprise provisioning Identity Lifecycle Management • User enrollment and provisioning • User self-care • User privacy preference management • User profile management • Credential management • Policy management Identity-Driven Control • Access control to applications, web services and middleware • Access control to private personal information • Monitoring and auditing user activities • Single sign-on and entitlements Identity Foundation • LDAP Directory • Identity Synchronization • High Availability, Scalability Directory Solutions | © 2003 IBM Corporation
IBM Software Group | Tivoli software Identity Management Blueprint Identity Federation • Trust management • Trust brokering • Single sign-off • Cross-enterprise identity mapping • Cross-enterprise provisioning Identity Lifecycle Management • User enrollment and provisioning • User profile management Identity Manager 4. 5 • User privacy preference. Tivoli management • Credential management • User self-care • Policy management • Workflow Identity-Driven Control • Access control to applications, Web services and middleware Tivoli Access Manager 5. 1 information Tivoli Privacy Manager 1. 2 • Access control to private personal • Monitoring and auditing user activities • Single sign-on and entitlements Identity Foundation • Identity synchronization • Scalability • Reporting Tivoli Directory Server 5. 2 • Directory services Integrator 5. 2 • High availability Directory Solutions | © 2003 IBM Corporation
- Slides: 33