> developer > dnu > courses > building a secure infrastructure page 3
Building a Secured Corporate Web Application Infrastructure
May 2003
DeveloperNet University Course
Reader Rating    from ratings rate this article
View an eBook Version of this course - LARGE FILE! Send this page to a friend

one Net Solution, The Holy Grail

IT departments are constantly under pressure to meet the new changes of its corporate environment. As most corporations are spread around the globe, most employee are working at different locations. In order to meet those requirements, the new IT infrastructure needs to be flexible (i.e. information is accessible both inside and outside the firewall). Applications can be access from both intranet as well as Internet. Partners can access their own information securely without the risks of exposing to their competitors. Finally, new employee can be productive on their first day at work. Of course, every decision you make about giving people access to your business, and every effort you make to deliver services or content to people, is based on identity.

one Net vision solutions.

Figure 2: one Net vision solutions.

The Novell IS&T team had been tasked to meet these new requirements. They created solutions around the vision of one Net. There are three major initiatives, of one Net, being implemented by Novell IS&T. They are aimed to provide Novell with the following:

  • eBusiness Lifestyle: Through the creation of the Internet office; Employee can access their services and applications from anywhere.

  • More engaged and enlightened workforce: Through corporate portals that give each employee a personalized 3-dimensional view to their part of Novell's business.

  • Highly productive environment: By implementing a directory-based "Zero Day Start" system for resource access and changes.

Novell is an organization of over 5,000 employee, doing business in more than 40 countries. Novell probably has a higher PC to employee ratio than most, with some 20,000 PCs on our network. But we also have Sun SPARC systems, HP 9000s and new Linux machines. We run more than 60 applications that relate to varied business processes.

A key advantage in what we do is that we deploy all of this on an intelligent directory-based infrastructure -- on Novell eDirectory -- and then we use directory-based Net services applications from Novell, and others, to securely manage how these resources are deployed, configured, and accessed.

eDirectory and associated Net services make the move to one Net solutions possible. They're the enablers we used to build secured web applications.

Top issues related to workforce management.

Figure 3: Top issues related to workforce management.

There are many challenges that CEOs are facing. The top issue is related to workforce management, how to find and keep key people? Many companies believe people are the most important asset to their companies. Even though, if they managed to find capable people to work for them, the time for new employee to get productive is twenty four months.

At Novell, when a new employee starts on their first day, they need to go through twenty key process steps, five forms to be filled, enable login for nineteen different applications and seventy one interfaces to go through. This is a daunting task for both Novell HR and IS&T departments.

Each employee has many different passwords to remember. They end up having to put sticky notes on their monitor in order to remember their passwords. This poses a serious security risk. In addition, they need to use different URLs to access different applications and forms. There is no central place to access all the applications they need.

Many logins.

Figure 4: Many logins.

Figure 5 shows the old Novell IS&T infrastructure prior to the one Net solution. This was a nightmare and very costly to maintain the system. However, Novell is not alone. Many companies are suffering with even more complex infrastructure than Novell. The goal for CIO is to streamline and simplify this complexity.


Figure 5: The old Novell IS&T infrastructure prior to one Net.

Zero Day Start

As a result, Novell implemented the "Zero Day Start" infrastructure which resulted in dramatic changes across a variety of processes. Figure 6 shows the automated distribution of employee information between different directories and applications today. By using open standards, it simplified a very cumbersome process in the past and a more manageable infrastructure.

Automated distribution of employee information.

Figure 6: Automated distribution of employee information.

Wide adoption of important new standards are helping make one Net concepts such as Zero Day Start a reality.

They include:

  • LDAP: the lightweight directory access protocol.

  • XML: for data Interchange between dissimilar applications and directories.

  • SSL: as a security standard, and obviously IP, are also a factor.

This is an example of how Novell brings its new products up on the production network before the first customer ship. Some of the Novell's customers are already implementing similar solutions.

The central pieces for Zero Day Start are using eDirectory and DirXML to automate the synchronization of information between the relative systems and provide access to services. eDirectory and DirXML connects the enterprise data systems, like PeopleSoft, to the corporate directory Figure 7. This allows automatic synchronization and authorization between user information and disparate systems.

Automatic Provisioning.

Figure 7: Automatic Provisioning.

In Figure 8 we see an overview of what's going on. With the acceptance of a new job offer by a new employee, an event triggers the generation of a directory account followed by numerous automatic actions including: creation of e-mail, calendaring, instant messaging services, and building access rights timed for the appropriate start-date. An office phone number set to activate on the first day at work.

An event triggers the generation of a directory account followed by numerous automatic actions.

Figure 8: An event triggers the generation of a directory account followed by numerous automatic actions.

Once an account has been created in the Workforce Directory (eDirectory), the person's details will be available in the Novell Corporate Address Book, eGuide automatically. (eGuide is a directory enabled web based corporate address book.) When you initiate a search in eGuide, it will actually search through eDirectory for the records. If there is any changes, eGuide will reflect the changes immediately, see Figure 9.

Zero Day Start Identity Management.

Figure 9: Zero Day Start Identity Management.

DirXML continues the process by pushing the information from the Workforce Directory to the PBX phone system. By doing so, monthly phone bills can be generated for each user.

i-Login

New employees can start being productive by accessing the Novell Corporate Portal, i-Login. i-Login, see Figure 10, provides different applications and functionalities based on user's identity.

i-Login.

Figure 10: i-Login.

Managers at Novell get different information related to their role. For instance, Figure 11 shows the management information of Ken's team.

Manager View.

Figure 11: Manager View.

Novell Portal Services.

Figure 12: Novell Portal Services.

Novell Portal Services integrates enterprise applications --like GroupWise and Phoenix into an intelligent portal. The portal references the corporate directory to understand `who is who' and what services correspond to individuals based on their roles in the company.

eBusiness Portals provides corporations with significant savings from simplified systems management. Using web browser to access "line-of-business" applications means a greatly reduced application training requirement. Training costs approach the million dollar mark for a company of Novell's size. Yet browser access frees individual users from needing to know how to directly run applications, or generate reports from one. The policies linked to their identity as they are authenticated to the Portal can be set to trigger the delivery of a report from the application to the employee's personalized Web page.

Another example is software distribution savings. With browser access, client software is no longer required to input data to the application. Novell expects its savings from software distribution to be over a million dollars annually. With portal access to applications, software changes will be made at the data center and no longer pushed globally. These factors alone will spur Web based application hosting and browser access.

Novell's OnDemand and DeFrame Services allow client-server applications, like Vantive and CPP, to be available through the intelligent portal which reduces the burden of these applications on WAN connections.

Novell's iChain can extend services beyond corporate and private networks to the Internet, as shown in Figure 13. Slow WAN connections can be replaced with fast, inexpensive Internet lines. So all you need is the Internet to do your work.

Novell iChain extends services beyond corporate and private networks to the Internet.

Figure 13: Novell iChain extends services beyond corporate and private networks to the Internet.

Novell customers and partners can access Novell information related to them using Novell eLogin. With eLogin, they can access Novell support, education and partner information based on the identity and preferences.

To protect and identify a person's identity, authentication is required to access to the Corporate Portal. eDirectory is the centre piece for authentication, authorization and people information repository.

Previous Contents Next
download sample file