virtualization technology
Apere Logo
ApereProductsPartner SolutionsTechnologyAbout UsContact
ad virtualization,Guest ServerActive Directory Virtualization Agent Less Single Sign On, Client Less Single Sign on, SSOIdM for Unix, Identity Management for UnixIdentity Management, IdM, Id Managemententerprise virtualization
   
     

Corporate computing environments are becoming Enterprises today continue to deploy and expand Active Directories as centralized authentication source. As new organization units and work groups are created in Active Directory to manage users across the company, there is a need to have multiple system administrators to control and manage these set of users. This system administrator’s role should be limited only to a specific set of users or organization or a group in Active Directory. These system administrators could be front desk operators or managers who would like a simple and easy to use Graphical User Interface to manage the user accounts. Outsourced IT services pose yet another problem of limiting remote administrators to specific roles for security and compliance reasons.


IMAG's AD Virtulization
IMAG provides an easy to use interface to create groups of system administrators with different roles and privileges thus limiting them to specific tasks. Easy to use web interface masks the complexities of Active Directory management and limits the specific administrators to their role. Comprehensive Self Service portal enables end users to reset their passwords or request for new accesses. IMAG secures necessary approvals before creating or modifying accounts. Notification emails are sent to respective parties on account changes, audit trail is also maintained. IMAG also provides a protective layer between external facing SSLVPNs from causing account locks in AD by hacker logins. Extensive quarterly reports are generated for SOX and PCI recertification.

  
 
   
IMAG's

AD Virtualization

 provides virtualization layer for

Active Directory

 to enable segregation of duties for administrators and provide self service portal with workflow for end users.
·
Enable Self Service Password Reset for end users
·
Enable Self Service account request with approvals
·
Protect from external device authentications like SSL VPNs locking ADaccounts.
·
Enable and limit groups of administrators only to specific roles
·
Automated work flow based authorization for any updates to Active Directory
·
Enable unlimited simultaneous accesses to Active Directory with audit trail
·
Limit outsourced IT administrators to specific roles, with audit trail
·
Automatic Email trail on account changes
·
Centralize

AD

 reports and views for administrative management
·
Quarterly reports on activity for SOX and PCI
 
 



IMAG for Multiple ADs
IMAG can be configured to virtualize multiple Active Directories across LANs and WANs. Administrators can now generate comprehensive user profile reports across multiple ADs periodically without waiting for actual consolidation to be done.

 Guest group management by IMAG
IMAG can be setup to manage multiple guest groups in one or many Active Directories. IMAG provides complete guest user access life cycle management including password reset and user authentication.

 



Certain Limitations with Active Directory in today's Enterprises

  • Does not provide a self service account reset
  • Does not provide a help desk access to account resets, enable, disable and unlock without logging in to the Active Directory
  • Does not integrate with email environments to send reminders/notifications before/upon account expiry or password expiry
  • Does not provide simplistic way to identify the user and login time, login IP address, login successful/failure
  • Does not integrate to HR database to identify AD accounts and their information in HR such as employeeID, Telephone number etc.
  • Does not Centralize all AD integrated applications
  • Does not organize and generate reports for audit and compliance
  • Unified Web interface for different organizations to get an abstraction of AD
  • Does not indicate which group is used by what application

How IMAG addresses the problem

  • All AD passwords, their resets and all user account locks and un-locks can be handled from centralized web interface for help desk personnel.
  • Provides self service for account request, account authorizations and account creation and removal.
  • It brings Employees, user accounts and applications under one unified framework for reporting, management and logging.
  • IMAG provides radius authentication for Non-AD based applications
  • Notifications are sent to the users, administrators and respective managers
  • Reminders are sent to the users, administrators and respective managers
  • It provides Administrators a framework to perform group management for security, applications.
  • It provides a framework to auditors for generating reports about application access groups, ad users and their information and role in HR. It also provides auditors logs of authorizations and approvals
  • It provides users convenience of reminders and notifications for password management. It provides a centralized web framework for account requests and removal upon employee hiring and termination.
  • It brings applications access information, network domain users and HR information under one single framework thereby helping ease of management and for network forensics.
  • It provides methods to identify who are the current users in the network, their IP address and when they logged in to the network and when they logged out from the network.
  • It provides self service AD password when users cannot login to the network using GINA framework.
   
Copyright © 2007 Apere Inc.