 |
Vanguard ez/SignOn™: Single Sign-On (SSO) Solution for
Multi-Platform Environments
Vanguard ez/SignOn™ is a
single password sign-on solution for multi-platform environments.
It redirects authentication from different platforms to the zSeries
Security Server (RACF), automatically collects user id information
for administrators, and allows end users to utilize the same
password to safely sign onto multiple systems in the enterprise,
including Windows, Novell, Sun Solaris, HP-UX, Red Hat Linux, AIX
and others.
Vanguard ez/SignOn™ provides a single point from which a user's
access can be controlled. Combined with the Enforcer intrusion
management system, ez/SignOn™ increases security through real-time
24x7 intrusion management across the enterprise.
ez/SignOn™ is a prime example of how Vanguard Security Solutions™
can protect profits, enhance productivity, and dramatically increase
enterprise security.
ez/SignOn™ Benefits
|
■ |
Improved security for password
administration through a single point of control - the most
secure, most trusted computer on the network - the
Mainframe. |
|
■ |
Improved productivity is
through fewer delays and fewer lockouts due to incorrect
passwords. |
|
■ |
Real-time detection and
prevention of attempted access with a fraudulently obtained
password is provided through sophisticated intrusion
management capabilities. |
|
■ |
Improved help-desk
productivity by allowing technical staff to concentrate on
solving other issues rather than password maintenance
activities. |
|
■ |
Greater user acceptance of new
platforms when new passwords do not need to be memorized. |
|
■ |
More easily administer,
analyze, assess and report on cross-platform logon
activities via the other members of the integrated Vanguard
Security Solutions™.
|
|
■ |
Improved company profitability
due to higher productivity and lower costs throughout the
enterprise. |
Vanguard's ez/SignOn™ greatly
simplifies computer access for end-users. t also reduces
training time, as well as the dependency on technical support
organizations and help-desk personnel. ez/SignOn™ makes it
easy and convenient to manage passwords in multi-system
environments.
Choose Your Level of Security
The security administrator can choose to configure Vanguard's
ez/SignOn™ to operate in either of two modes:
Password Synchronization Mode
This level provides basic cross-platform capabilities only. It
allows users to sign onto different systems utilizing a single
password, with password synchronization. When users change their
password on any one system, ez/SignOn™ will update other systems
in the enterprise to keep them synchronized (While requested by
some customers, Vanguard does not recommend this security
level).
Intrusion Detection Mode
Through Vanguard's patented Intrusion Detection mode users
have the capability to sign onto different systems with a single
password, without synchronizing passwords. Instead, it
incorporates sophisticated identity intrusion management and
detection capabilities that automatically detect anyone
trying to sign onto any of the systems using a fraudulently
obtained password.
The Costs of Password Management
Users lose productivity by not being able to immediately access
the applications they need. Help-desk professionals also
lose productivity by spending an excessive amount of time on
password resets and other password management activities,
instead of concentrating on solving technical problems.
Vanguard's ez/SignOn™ eliminates these wasteful activities
because the user only needs to memorize a single password.
This leads to higher productivity, which leads to increased
profitability.
ez/SignOn™: A Mainframe Strength Solution
Every time a user signs onto an enterprise system, Vanguard's
ez/SignOn™ advanced technology automatically routes the sign-on
process to the most secure and trusted computer on the network -
the Mainframe.
Single Point of Control
Since all logon requests on distributed systems are now routed
through RACF on the Mainframe, users that are revoked on the
Mainframe will likewise be revoked on all other systems.
Vanguard's ez/SignOn's single point of control feature not only
strengthens enterprise security, it also saves time for the
security administrator. If an employee is going on vacation for
two weeks, for example, the security administrator can simply
revoke the user in RACF on the Mainframe, and the revocation
will be in effect on all other systems.
Intrusion Detection Benefits
This powerful new security facility provides real time, 24x7x365
intrusion management across the enterprise; all monitored by the
most secure system of them all, the Mainframe.
If Vanguard Enforcer™ is installed, an email alert can be
automatically issued to the security administrator or other
personnel to alert them of the attempted intrusion detected by
Vanguard's ez/SignOn™. With
Vanguard Advisor™ available,
complete reports can be generated and distributed to the
appropriate personnel detailing the detected events.
ez/SignOn™ Works in Many Ways
|
■ |
As a stand-alone
multi-platform password solution |
|
■ |
Hand-in-hand with Vanguard
PasswordReset™ providing a more complete identity management
solution |
|
■ |
As an integral part of
Vanguard Security Solutions for complete control |
ez/SignOn™ With PasswordReset
Password Reset Across the Enterprise
- Vanguard's ez/SignOn™ is the perfect complement to
PasswordReset™. PasswordReset lets end-users reset
forgotten or expired passwords using their web browser. It
creates a secure environment where users are granted limited,
self-help password reset capabilities. Instead of waiting
on hold with the help-desk for time consuming identification
procedures, users can move quickly through PasswordReset's
web-based interface to reinitiate system availability. The
web-based transactions are fully secure and encrypted.
When used together, ez/SignOn™ and PasswordReset™ create an
extremely capable and unified password environment where users
can reset the password for all the systems they use via a few
clicks on a web-based interface - all without the need for help
desk intervention. This provides a tremendous boost to
user and help-desk productivity as well as overall company
profitability.
The Concept of Inheritance
Vanguard Security Solution products work together hand-in-hand.
Vanguard calls this the "Concept of Inheritance." For example,
if Vanguard Administrator™ is used to revoke or suspend RACF
passwords, these actions will automatically be communicated to
Vanguard's ez/SignOn™ so that the password is also revoked or
suspended on the other platforms in the enterprise.
As another example, ez/SignOn's activities on the Mainframe are
logged to the System Management Facility (SMF) log file in real
time. This means that the information is automatically
made available to Vanguard Advisor™ for security event
detection, notification, analysis, and electronic report
distribution.
Intrusion Management Through Password Protection through
Patented Technology
To protect the unique technology inherent with Vanguard's
ez/SignOn™ solution, Vanguard has received a patent from the
United States Patent and Trademark Office on its Method and
System for Detecting and Preventing an Intrusion in Multiple
Platform Computing Environments. The process, known as
Intrusion Management, helps eliminate password repository
vulnerability. Thanks to the Intrusion Management
authentication processes, the password repository on individual
systems is no longer used to authenticate users. Its
purpose is changed to one of identifying intruders and alerting
responsible parties to their presence - with responsibility for
authenticating the users shifted to a host computer. Intrusion
Management represents a strong defensive tool, particularly in
light of recent dramatic increases in infrastructure intrusion
attempts.
The Intrusion Management patent application represents the
second filing made by Vanguard in relation to its ezSolution's
product line. Vanguard's patent pending Remote Desktop
Interface (RDI) is included in its PasswordReset Internet-based
reset offering. The RDI technology allows for no thin
client software requirements on individual user workstations.
With thin client software, manual and time-consuming updates are
required on each workstation. Also, with RDI, updates are
required only on the domain controller. This results in
increased user productivity and less time and money spent on
computer system administration.
The Problems:
User Administration (What User IDs?
Which Systems?) - Typical users in an organization
have more than one user ID/password combination that they use
throughout their day-to-day work on the different platforms in
the enterprise. As the number of user IDs increases, user
administration takes longer and becomes more difficult due to
the fact that all user administration starts with these
questions: "On what systems does this user have an ID?", and
"What is the ID?" Depending on the size of the
organization these questions can take hours or days to answer
for just one employee.
Users Have Too Many Passwords to
Remember - Along with the increased complexity of
administration, the users themselves face the problem of
remembering their different passwords on the different
platforms. Since the password change intervals are almost
certain to be out of sync or different lengths, there will be an
increase in the number of password reset calls to the Help Desk
as the number of unique passwords a user is responsible to
remember grows.
Our Solutions:
Enterprise User Mapping & Reporting
- ez/SignOn™ intercepts sign-ons on the different
platforms in your organization and guides users through a
self-registration process, allowing user logon authentication
and authorization to be redirected to the Mainframe. Once
this process is completed the system/user information is stored
in the IBM Security Server (RACF) database, giving
administrators the ability to answer the "what user IDs" &
"what systems" questions.
Single Password - An
additional result of the "mapping" process is that users will
only use one password. Each user logs onto the different
platforms using their local or domain user ID and their RACF
password. Since they will be using the same password for
each platform they are mapped to, they only have one password to
remember.
back to top
Single Sign-On (SSO) Solution for Multi-Platform Environments. |
|
