Nove
Access Gateway for the CloudLecture
www.novel l .comNovell Training Services
A T T L I V E 2 0 1 2 L A S V E G A S
N I Q 1 9ll, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
ZEN03-Troubleshooting the ZENworks Configuration Management Imaging Environment / Lecture
Novel
Legal NoticesNovell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see the Novell Documentation Web page (http://www.novell.com/documentation).
Novell TrademarksFor Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html).
Third-Party MaterialsAll third-party trademarks are the property of their respective owners.
Copying all or part of this manual, or distributing such copies, is strictly prohibited.To report suspected copying, please call 1-800-PIRATES.
Version 12
l, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Simplifying the Security and Administration of Cloud Applications
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 2
Pressure Has Increased on IT Departments
2
• How do we increase security, reduce risk and support compliance activities?
• How do we respond to demands for new access points, while maintaining levels of control?
• How do we extend IT policies to the cloud without impacting its benefits?
• How do we support revenue objectives and maintain levels of service?
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 3
No reporting
IT Department
Compliance reporting
Cost
Business user experience
Security
Problem
Manual process
No single sign-on or strong authentication
SaaS
Business flexibility
Corporate credentials in the cloud
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 4
Disparate Focus Will Impact Your Business
Business User
CSO/CIO
Focus: security and compliance policies
Focus: business agility Result: silo-ed security, little compliance reporting
Reports
Security
Monitoring
Reports
Security
Monitoring
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 5
Current Example of Business Impact
• Hillary Clinton announced that Google notified the state department that they suspected a campaign that Google passwords of government officials were stolen.
– http://www.dailymotion.com/video/xkgqli_sec-of-state-hillary-clinton-on-google-s-stolen-email-accusations_tech
• Why should you care? – It is not uncommon for business users to use their corporate
passwords when accessing applications on the Internet to simplify login
– Whether SaaS is a corporate strategy for you or not, you could be vulnerable to SaaS security issues that are out of your control.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 6
SaaS
IT Department
Single sign-on and strong authentication
Automated process
Full reporting
Solution
Corporate credentials secured
Access Gateway for Cloud
Compliance reporting
Cost
Business user experience
Security
Business flexibility
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 7
Enforced Security to SaaS without Impacting Existing Infrastructure
Strong AuthN
IAM for Saas Appliance
LDAP Directories
Onsite IAM
Federated
SaaS
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 8
Complexity Brought to Simplicity
Identity Synch
Audit
I D P
HTTP
Proxy
ID vault
Policy Mapper
Management Tools Appliance
Admin. Business
Mgmt
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 9
Virtual Appliance Configuration Installed and Configured in One Hour
1. Start the Appliance (5min)
2. Configure the network settings (5min)
5. Map business policies (30 min)
Nothing installed in the Business or SaaS apps, No Pwd synch required
• Group memberships
• Roles • Business
workflows • SoD 3. Pull in groups, roles, etc
from the business apps (10 min)
4. Pull in groups, roles, etc from the SaaS apps (10 min)
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 10
Quick Time to Value Brings High ROI
• Low entry costs – Minimal implementation costs
– Minimal training required
• Quick business adoption – Enhance the business users experience with SSO
– Enable seamless integration of PDAs/PADs/Phones
• Extend security to SaaS – Enterprise credentials do not ever go to the cloud
– Complete visibility of how the business is using the cloud
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 11
Ask Yourself 1. Do you want to ensure enterprise passwords do not make it into
the cloud?
2. Are you trying to get back control of who is provisioned and de-provisioned to SaaS?
3. Do you need to streamline management and provide single sign-on to SaaS?
4. Are you worried about the lack of visibility as users make use of SaaS in the context of your existing processes?
5. Do you need to enable businesses to use PDAs, virtual desktops, Tablets, etc without compromising security?
11
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 12
Access Gateway for Cloud Summary
• Integrates with existing management tools to automate user provisioning and de-provisioning to SaaS
• Provides single sign-on to SaaS and includes Integrated Windows Authentication and Advanced Authentication Methods
• Provides detailed event tracking to monitor SaaS usage and facilitate compliance activities
• Streamline management – point and click configuration
• Quick time to value through fast deployment via Virtual Appliance
12
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
NetIQ Access Gateway for Cloud Installation and Configuration
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 2
Access Gateway Server Screen
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 3
Access Gateway Initial Configuration – Step 1
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 4
Access Gateway Initial Configuration – Step 2
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 5
Access Gateway Initial Configuration – Step 3
Users and Groups Context
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 6
Access Gateway Initial Configuration – Step 4
• Public DNS – DNS name of the Gateway • Admin Username – Someone in the search
context provided in step 3.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 7
Access Gateway Initial Configuration – Step 5
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 8
AG4C Login Screen
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 9
AG4C Administration Overview
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 10
Appliance Administration
• Register Appliance – License registration • About – Version of your Appliance • Get Health – Health information screen • Configure – IP address and DNS • Enter Troubleshooting Mode – Troubleshooting
Tools
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 11
Troubleshooting Tools
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 12
Identity Store User Attributes
To successfully provision Active Directory users to SaaS applications, each Active Directory user must contain the following attributes.
– First Name
– Last Name
– Full Name
– saMAccountName or Logon Name (Pre-Windows 2000)
– User Principal Name (UPN)
– Email Address
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
NetIQ Access Gateway for Cloud Google Apps for Business Connector Salesforce Business Connector Kerberos Configuration
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 2
Google Connector Configuration
• Username – Google Business Account Administrator
• Domain: Business account domain
• Application Owner – User that exists in the Identity Store to approve or reject requests from Google Apps.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 3
Google SSO Settings
Automatically will be populated when enabled in the Google connector.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Salesforce
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 5
Salesforce Connector Configuration
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 6
Salesforce SSO Configuration
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Kerberos Authentication
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 8
Kerberos Configuration
• Create a new user according to the Host and DNS of the appliance.
– Example, First Name: ag4c
User Login Name: HTTP/ag4c.acme.com
• Associate the new user with service principle name.
• Generate the keytab file using the ktpass utility.
• Login to the Appliance and configure Active Directory. – Click Authentication
– Check Integrated Windows Authentication
– Browse to keytab file and save.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 9
Configure End User Browsers
• Add the appliance domain as a local site domain in IE.
• Verify that Enable Integrated Windows Authentication is enabled.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
NetIQ Access Gateway for Cloud Managing Authorizations, Approvals and Reporting
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 2
Managing Authorizations
• Policy mapping allows you to map groups in Active Directory to authorizations. Example of those in SaaS applications are:
– Groups
– Roles
– Profiles
• Mappings give you the ability to control access to the SaaS resources through Active Directory Groups.
• The policy mapping URL is: – https://dns_of_appliance/appliance/PolicyMapping.html
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 3
Policy Mapping
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 4
Loading Authorizations
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 5
Salesforce Authorizations
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 6
Policy Mapping Example
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Approvals
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 8
Approval Process
The Approval Process URL is: https://dns_of_appliance/appliance/Approval.html
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Reporting
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 10
Reports
The Reporting URL is: https://dns_of_appliance/appliance/Reporting.html
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 11
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
© 2011 NetIQ Corporation. All rights reserved. 12
+1 713.548.1700 (Worldwide) 888.323.6768 (Toll-free) [email protected] NetIQ.com
Worldwide Headquarters 1233 West Loop South Suite 810 Houston, TX 77027 USA
http://community.netiq.com
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright © 2011 NetIQ Corporation. All rights reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.
Novell, Inc. Copyright 2012-ATT LIVE-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.