Upload
gregory-rice
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Case Study: DirXML Implementation at Waste Management
Rick WagnerSystems EngineerNovell, Inc.
© March 18, 2004 Novell Inc.2
one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.
The one Net vision
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
© March 18, 2004 Novell Inc.3
The one Net vision
Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably.
Novell Nsure™
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
Company Background
© March 18, 2004 Novell Inc.5
Company Information
Waste Management, Inc• HQ: Houston, Texas• Employees:
– 55,000 full time– 10,000 - 15,000 contractors
As the leading provider of comprehensive waste management services, Waste Management serves municipal, commercial, industrial and residential customers throughout the United States, Canada and Puerto Rico.
© March 18, 2004 Novell Inc.6
The Situation
History• Significant growth in 1998 through 2000• Acquired an average of one company per day• Each acquisition was run independently• No central application suite
Business Drivers• High level and Consistency of Customer service• Business process enabling• Single sign on • Consistent application of security policies
Formulating a Solution
© March 18, 2004 Novell Inc.8
The Solution
Novell DirXML/eDirectory• eDirectory 8.7 and DirXML 1.1a
PeopleSoft Enterprise Portal• Enterprise Portal 8.4, Upgrading to 8.8• HR 7.5 (Upgrading to HR 8.8)• Financials 8.4 (Upgraded from Financials 7.5)
Netegrity SiteMinder• Policy Server 5.5 SP1
9
Components That Make Up the System
SiteMinder
eDirectory
DirXML
WebServer
Netegrity’s SiteMinder supplies single sign on authentication and policy based resource authorization
IBM HTTP (Apache) and IIS Web Servers serve the applications
eDirectory is the Meta Directory
DirXML is the glue used for aggregating and synchronizing users and application roles
© March 18, 2004 Novell Inc.10
Automated User Provisioning
Users created in Active Directory and pushed to Meta Directory by DirXML
As Active Directory account (including password) is updated the change is automatically pushed to user’s account in eDirectory
Near Future – synchronize user information in PeopleSoft HR with Meta Directory
Future – automated security assignments
© March 18, 2004 Novell Inc.11
Synchronized Role Based Access Control
PeopleSoft security is maintained in the applications (Permission Lists)
Application roles pushed to the Meta Directory using DirXML
User’s role assignment(s) maintained in Meta Directory
© March 18, 2004 Novell Inc.12
Centralized Security Administration
Separation of roles from application access control management
Delegated administration
Consistent application of corporate security policies
Consistent interface minimizes training
Implementing the Solution
14
Putting It All Together
Meta Directory
DirXML
PolicyEngine
Policy Engine ReadsPolicies and Rolesfrom Meta Directory
Application
Security Store
Application Security Administrator defines the Application Roles and the Roles are pushed to the Meta Directory by DirXML
WebServer
User is served appropriatecontent and functionalityfor their Role assignments
Users are assigned Roles in the MetaDirectory using the Administration System
ApplicationServer
Web Server passesRoles to ApplicationServer as header variables
ActiveDirectory
Users are created inActive Directory and pushed to the Meta Directory by DirXML
User Requests access to Application
Policies enforced at web server
15
Security Process
eDirectory
SiteMinder
PolicyEngine
SiteMinder Authenticates theuser against theirDirectory Accountand checks the usersAuthorization forAccessing the Portal
PeopleSoft
Database
If the user is not already authenticated to SiteMinder, the Web Agent automatically logs into the Portal as DEFAULT_USER using a custom login.fcc file
ApacheWeb
Server
PeopleSoftServer
User enters their Useridand password and poststhe credentials to theSiteMinder login.fcc
User Requests http://wmvisorep.wm.comIn their browser
If the user’s account does not exist in the Portal it is created
The Portal Guest Page is displayed
The user is presentedwith theirpersonalizedview of theportal
SignOn PeopleCode in PS App
Server executes. User ID is passed to PS Server as header variable
The user’s roles, permission listsand things like email address and userdescription are dynamically added
Netegrity PeopleSoft Connector checks Portal and SiteMinder sessions to make sure that they are the same user
16
Software ConfigurationWebLogic
ApplicationServers
WebLogic 6.1 SP2
Web Servers
IBM HTTP Server1.3.19
Netegrity Apache Web Agent V5QMR2
SiteMinderPolicy
Servers
NetegritySiteMinder
Policy Server 5.5 SP1
eDirectoryLDAP
Servers
NovelleDirectory 8.7DirXML 1.1a
Database
BatchServer
Oracle 9.2.0.2PeopleTools
8.42.05Tuxedo 6.5
Oracle 9.2.0.2PeopleTools
8.42.05Tuxedo 6.5
Netegrity PeopleSoftConnector 1.2
PeopleSoftApplication
Servers
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.