Oblix NetPoint is described as an identity management solution for the enterprise. What this means is that it is designed to manage the multiple identities and permissions in a modern e-business environment where you must provide access to a huge variety of different people - many of whom will be entering the network from outside the corporate firewall. In a modern large e-business enterprise it can be a daunting task to do this securely.
Oblix NetPoint simplifies the management of user identities and permissions across multiple applications and provides single sign-on. It makes it easy to add or remove users, to change permissions, and to enforce password rules.
Oblix NetPoint is not an authentication product - rather, it works with nearly all the industry's popular authentication methods, whether they are password based or use multi-factor authentication.
Using a scalable architecture, Oblix NetPoint is made up of a number of modules. A minimal system would comprise the Oblix NetPoint COREid Server and the Oblix NetPoint access server, together with associated web server agents. These two server components run on Sun Solaris 8, Windows NT4 and Windows 2000.
Installation is fairly straightforward. You must already have a web server and a directory server before you begin. All popular LDAP directory servers are suitable, while Sun ONE, Microsoft IIS and Apache web servers are supported.
After installing the COREid Server, you would usually install WebPass on your existing web server. This is a plug-in software component that is required to provide communication between the web and COREid servers. More than one WebPass can communicate with the same COREid Server, and this is recommended to provide load balancing. Also included in the COREid portfolio is a Certificate Processing server, which performs as a local registration authority for PKI. This uses Verisign technology and can communicate with Verisign's CA Processing Center.
To complete the installation of the Oblix NetPoint Access System, you must install the Access Manager software on another machine that is not separated from the directory server by a firewall (there is a way around this restriction if you are prepared to disable connection time-outs on the directory). Then the access server can be installed on the same machine as the access manager, but one access manager can manage multiple access servers.
Finally, you need to install WebGate, which is a plug-in to a web server. WebGate must be installed on any web server that you wish to protect with the Oblix NetPoint Access System. WebGate communicates authorization and authentication requests to the access server, which makes the decision to allow or deny access to the host requested resource. It encrypts sensitive traffic, such as credentials, in transit.
Now, this all sounds fairly complicated but, in an enterprise environment, it need not involve significant additional hardware. However, there is the scope to add more servers for scalability, redundancy and load balancing - plus the ability to control access to an almost unlimited number of existing web servers.
The software components work together to manage authentication, authorization and access control. The first level of control is management of users and this can be achieved using nested groups to make common permissions easy to propagate to thousands of users. Even administration can be delegated in a multi-level hierarchy.
Another feature is self-registration, which allows users to register themselves on the system and then have their registration verified by a delegated administrator who can approve or deny their self-registration requests. This is a valuable time saver where large numbers of (new) users are envisaged.
Password management includes automating lost password recovery as well as the usual enforcement of strong passwords by very flexible rules. Multiple password policies can be established and applied to different groups of users.
It is no surprise to find comprehensive auditing and reporting facilities in a product like this aimed at the enterprise. For those that may wish to customize or integrate applications (particularly security applications) tightly, Oblix NetPoint is also supported by a full development environment and API.
Oblix NetPoint provides an excellent way to control access to web servers in the DMZ, which is typically sandwiched between two firewalls. The Oblix NetPoint servers are however well protected inside the inner firewall. This approach offers improved security because the LDAP directory server is not exposed outside the inner firewall. Of course, it provides no protection for common web server and operating system hacks, so these must be patched regularly.
What it does is ensure that users that have authority to access your web servers can easily obtain access to those services to which they are entitled, and yet cannot access anything for which they are not authorized. It does this in a cross-platform web server environment and can even use external third-party authentication systems (such as Microsoft .NET Passport, etc.) when required seamlessly to provide a single sign-on experience for the user.