Will Schneider of the University of Texas Health Sciences Center at Houston (UTHSC-H) was facing a challenge. The manual provisioning of users across the network of the academic health center, supporting more than 3,800 students and 5,000 faculty and staff, was eating up too much time for his 150-person IT staff and the process was prone to errors.
With numerous regulatory requirements and state laws requiring that access to IT resources be assigned appropriately, the task fell to Schneider, the university's senior systems administrator. The school, which Schneider says is number one in research in child health and human development, is a component of The University of Texas system and, for the most part, located in the Texas Medical Center in Houston. Its stated mission is to educate health science professionals, discover and translate advances in the biomedical and social sciences, and model the best practices in clinical care and public health.
Schneider (left) formed a small committee to review the commercial solutions and evaluated them across the university's requirements. They considered options from Novell, Microsoft, Sun, and even a home-grown system developed by the IT staff.
Cost was a significant factor in the team's deliberations, but in the end, Schneider says it was functionality and flexibility that led them to choose Novell Identity Manager 3.0.1. Simply put, the tool is a data sharing and synchronization service that allows applications, directories and databases to share information. It links scattered information and enables users to establish policies that govern automatic updates to designated systems when identity changes occur.
"It's a comprehensive identity management suite," says Rick Killpack, ISM (identity and security management) business line lead at Novell. "It allows organizations to manage the full user lifecycle – from initial hire through ongoing changes to ultimate retirement of the user relationship."
The suite includes capabilities for automated provisioning and deprovisioning of user accounts, approval workflows, managing passwords, and managing user data throughout an organization's directories, applications, databases and OS platforms. In addition, says Killpack, the Identity Manager helps organizations reduce management costs, increase productivity and security, and comply with government regulations through streamlined user administration and processes.
Deployment of the tool at UTHSC-H went smoothly, Schneider says. "It is very easy to extend the infrastructure and we often can add a connected system in just a couple of days." And, after some time spent using the system, Schneider says it is exceeding expectations.
Killpack explains that the solution differentiates itself from the competition by offering design tools and preconfigured policies that simplify administration and implementation. Also, he says, it provides real-time synchronization of events across connected systems and integration of identity and access management with security information and event management. Further, the out-of-the-box integration between Novell technologies reduces the costs and time required to deploy solutions.
"Our solutions integrate all of the key capabilities you need in order to create an optimal environment that meets both your identity and access management and compliance management needs," says Killpack. "This integration helps users streamline the process of managing their identity infrastructure and securing access resources – even across domain and business boundaries."
The tool includes integration modules for several common customer systems: Novell eDirectory, Active Directory, Windows NT, LDAP v3 Directories, Novell GroupWise, Exchange and Lotus Notes. Other integration modules are included with Identity Manager, but require a separate purchase to activate.
In fact, Killpack says that Novell solutions are built with interoperability in mind. "They support most applications, websites and terminal servers, as well as popular directories and clients." Users can leverage investments in existing systems and avoid expensive hardware upgrades, he adds.
IDM is built on a robust real-time event bus, says Killpack. It has connectors to most applications in the enterprise that leverage the applications' native interfaces. The connectors have the ability to listen to and detect changes within an application, he says. When change is detected, a modify event is generated. The Novell Identity Policy engine then tracks what other applications need to know about this change, and sends real-time updates to the other applications that need the shared data. "This creates a real-time, bi-directional, multi-authoritative source environment," Killpack says.
The need to meet compliance demands was key to the implementation, says UTHSC-H's Schneider. "We fall under almost every regulatory body you can imagine. We are a state-owned, educational health care organization that does research funded by the federal government. Pick a regulation and it probably applies." Trying to manually comply with all the various requirements would be a nightmare, he adds.
In addition, education customers have different needs than corporate customers, he says. While these customers have to deal with massive changes in organization and personnel, they also need real-time updates to all systems in question at the very lowest cost possible. Enterprise customers are often focused more on security- and compliance-driven issues.
The good news, says Killpack, is that in both cases, the functions and technology of Novell IDM solve both cases. "To be successful in these markets, Novell leverages partners that are focused on the verticals that can provide out-of-the-box policies and best practices that are directed toward the different value propositions," he says.