© 2003, open systems management ltd (osm) cosuser version 3.1 - last updated 5th may 2004 cosuser...
TRANSCRIPT
© 2003, Open Systems Management Ltd (OSM)
www.cosuser.com
CO
Su
ser
CO
Su
ser
Version 3.1 - last updated 5th May 2004
COSCOSuseruser Presentation Presentation
COSCOSuseruser is a centralized user management is a centralized user management and access security application used by and access security application used by enterprises employing a UNIX, Linux or enterprises employing a UNIX, Linux or UNIX/Linux-with-Windows infrastructureUNIX/Linux-with-Windows infrastructure
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 2
CO
Su
ser
CO
Su
ser Why do you need user Why do you need user
management software?management software?Why do you need user Why do you need user management software?management software?
Security and audit lapsesSecurity and audit lapses To whom was access granted? To whom was access granted? Who granted access?Who granted access? Has access been revoked?Has access been revoked? Is strong password authentication enforced? Is strong password authentication enforced?
Poor service levelsPoor service levels Users waiting for new accounts or changes to existing accountsUsers waiting for new accounts or changes to existing accounts Administrators having to interrupt other workAdministrators having to interrupt other work
Increasing operations costsIncreasing operations costs Expensive, skilled staff perform user managementExpensive, skilled staff perform user management High cost of trainingHigh cost of training Physical and non-physical asset leakPhysical and non-physical asset leak
IT workforce skills shortages and turnoverIT workforce skills shortages and turnover Skilled staff get bored and move onSkilled staff get bored and move on Knowledge and skills are lostKnowledge and skills are lost
Excessive call loads from users forgetting passwordsExcessive call loads from users forgetting passwords Each application needs a user name and password to access itEach application needs a user name and password to access it
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 3
CO
Su
ser
CO
Su
ser User population is large and User population is large and
dynamicdynamicUser population is large and User population is large and dynamicdynamic
Complications:Complications: New joinersNew joiners LeaversLeavers MoversMovers
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 4
CO
Su
ser
CO
Su
ser
OS
Platform
Service Level
Business Process
Database
Middleware
User management: the User management: the reality?reality?User management: the User management: the reality?reality?
Template circulates around Template circulates around all departmentsall departments
ApplicationApplication support
NetworkLAN Support
UNIX Support
OS
Platform
Windows® supportUNIX/Linux support
Databasesupport
Helpdesk
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 5
CO
Su
ser
CO
Su
ser User’s account created or User’s account created or
change processed, but change processed, but User’s account created or User’s account created or change processed, but change processed, but
May have taken considerable timeMay have taken considerable time of skilled and expensive staffof skilled and expensive staff
Mistakes are often madeMistakes are often made
User accounts are often clonedUser accounts are often cloned users end up with access rights they should users end up with access rights they should
not havenot have
User account set-up/modification requires User account set-up/modification requires high security levelshigh security levels
Managers may have completed form with Managers may have completed form with errorserrors
No audit trails are recordedNo audit trails are recorded
Helpdesk
Application support
LAN Support
UNIX/Linux Support
Database support
Windows® Support
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 6
CO
Su
ser
CO
Su
ser
COSCOSuser user ….….
while delivering:while delivering: reduced operations costsreduced operations costs
automation and delegationautomation and delegation
improved service levelsimproved service levels automation, faster processes and fewer mistakesautomation, faster processes and fewer mistakes
enhanced securityenhanced security roles, centralized management, auditing and controlroles, centralized management, auditing and control
. . . makes the addition, deletion and modification . . . makes the addition, deletion and modification of user accounts much easier, more error free and of user accounts much easier, more error free and dramatically less time consumingdramatically less time consuming
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 7
CO
Su
ser
CO
Su
ser
100% organizational fit100% organizational fit100% organizational fit100% organizational fit
COSuser Target Knowledge Bases
(TKBs)
OSM Toolset
COSCOSuseruser adds, deletes and adds, deletes and modifies accounts on: modifies accounts on:
Operating systems (UNIX and Operating systems (UNIX and Windows)Windows)
DatabasesDatabases ApplicationsApplications DirectoriesDirectories
Every system, application or Every system, application or database for which COSdatabase for which COSuseruser provides user management, provides user management, is called a ‘Target’is called a ‘Target’
COSCOSuseruser needs to know how needs to know how user management should be user management should be performed on each targetperformed on each target
TKB Wizard
Achieved with COSAchieved with COSuser user TKBsTKBs
COSCOSuseruser TKB Wizard TKB Wizard facilitates quick delivery of facilitates quick delivery of new TKBsnew TKBs
TKB is abstracted from the TKB is abstracted from the Agent for quicker time to Agent for quicker time to marketmarket
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 8
CO
Su
ser
CO
Su
ser
COSCOSuseruser architecture architectureCOSCOSuseruser architecture architecture
COSuser Enterprise
Windows (PDC or ADS)MS Exchange
COSuser Windows Agent
UNIX or Linux Oracle
COSuser UNIX Agent
COSMOS User Interfacefor Windows
Administrator usingWindows-based PC
Administrator usingX Window device, CLI, CUI
COSuser Master Server
(UNIX only)
Linux or UNIX (Solaris, AIX, HP-UX, Red Hat ES)
UNIX TKBOracle on UNIX TKB
Oracle on UNIX TKB
UNIX TKB
Windows NT TKBMS Exchange TKB
MS Exchange TKB
Windows TKB
User or Manager using Web Browser interface
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 9
CO
Su
ser
CO
Su
ser
Roles and access controlRoles and access controlRoles and access controlRoles and access control
Roles determine who has Roles determine who has access to which targetsaccess to which targets
User can be assigned one or User can be assigned one or more rolesmore roles
Roles provide security, Roles provide security, efficiency and productivityefficiency and productivity
COSCOSuseruser roles are roles are dynamically reconfigurabledynamically reconfigurable
User account on UNIX system
User account on Windows system
User account on Oracle RDBMS
User account on MS Exchange
COSuser Role
Business rolee.g. Sales, Finance,etc. COSuser role
COSuser roleCOSuser role
COSuser roleCOSuser role
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 10
CO
Su
ser
CO
Su
ser
Dynamic rolesDynamic rolesDynamic rolesDynamic roles
COSCOSuseruser roles are dynamically reconfigurable roles are dynamically reconfigurable
COSuser Role
UNIX system
Windows system
Oracle RDBMS
MS Exchange
changes made here
. . . are translated via the role
. . . back to users’ profiles
Rather than being mere pre-set templates for simplifying the addition Rather than being mere pre-set templates for simplifying the addition of new users, COSof new users, COSuseruser roles are dynamically reconfigurable data roles are dynamically reconfigurable data objects. Changes to resources are automatically propagated back to objects. Changes to resources are automatically propagated back to user profiles and other managed objects.user profiles and other managed objects.
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 11
CO
Su
ser
CO
Su
ser
Role-based and policy drivenRole-based and policy drivenRole-based and policy drivenRole-based and policy driven
A role defines specific levels of A role defines specific levels of access rights for each target access rights for each target
A role can consist of any number A role can consist of any number of other rolesof other roles
Roles are typically built into and Roles are typically built into and map onto business rolesmap onto business roles
Roles define the organisation's Roles define the organisation's user provisioning policyuser provisioning policy
Implementation can start at Implementation can start at ‘leaves’ and mature into ‘trees’‘leaves’ and mature into ‘trees’
COSCOSuseruser does not add or delete does not add or delete specific accounts, only users and specific accounts, only users and roles (though role exceptions can roles (though role exceptions can apply)apply)
Accounts are modified only Accounts are modified only through changes in policythrough changes in policy
Role
Role
Role
Role Role
Role
Call centre op.
Business rolee.g. Call center operator
Role
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 12
CO
Su
ser
CO
Su
ser
Roles & Rules Roles & Rules Roles & Rules Roles & Rules
Larger sites can lead to many roles - Larger sites can lead to many roles - sometimes thousands - which can sometimes thousands - which can become unmanageablebecome unmanageable
Many roles will have some common Many roles will have some common feature (such as Sales Role)feature (such as Sales Role)
The only difference may be the The only difference may be the location of the office for examplelocation of the office for example
Combining Roles and Rules, reduces Combining Roles and Rules, reduces the complexity of the environment the complexity of the environment and the number of Rolesand the number of Roles
Rules can be used to change the Rules can be used to change the attributes (for example the home attributes (for example the home directory, email server etc)directory, email server etc)
+ USA Rule
+ UK Rule
+ A/P Rule
Sales Role
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 13
CO
Su
ser
CO
Su
ser
Roles reduce Roles reduce information information required to required to create a usercreate a user
Login name Login name creation policycreation policy Select from a Select from a
number of number of algorithmsalgorithms
Users can be Users can be added from a added from a HR System or HR System or through this through this interfaceinterface
Simplified user additionSimplified user additionSimplified user additionSimplified user addition
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 14
CO
Su
ser
CO
Su
ser
Web based user Web based user account requestsaccount requests
End user requests End user requests resources and resources and provides personal provides personal information then information then selects an approver selects an approver such as a line such as a line manager (can be manager (can be defaulted)defaulted)
Approver receives Approver receives request from end request from end user with ability to user with ability to add information such add information such as role or location or as role or location or correct infocorrect info
Once verified against Once verified against policy, accounts are policy, accounts are automatically automatically created through created through COSCOSuseruser
Delegated user additionDelegated user additionDelegated user additionDelegated user addition
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 15
CO
Su
ser
CO
Su
ser
User population User population is managed from is managed from central pointcentral point
A number of A number of ‘central points’ ‘central points’ can existcan exist
Different views Different views of population, of population, e.g. by login e.g. by login name, name, department, etcdepartment, etc
User account User account administration administration focused at user focused at user level, not level, not account levelaccount level
Centralized and consolidated Centralized and consolidated user managementuser managementCentralized and consolidated Centralized and consolidated user managementuser management
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 16
CO
Su
ser
CO
Su
ser
Users can be:Users can be: AddedAdded AlteredAltered ClonedCloned
User information and role(s) copiedUser information and role(s) copied
DeletedDeleted All user’s accounts are removed permanentlyAll user’s accounts are removed permanently
DisabledDisabled All user’s accounts are disabled until user is All user’s accounts are disabled until user is
ENABLEDENABLED
DisarmedDisarmed All user’s accounts are removed until user is All user’s accounts are removed until user is
RECREATEDRECREATED
Accounts can be:Accounts can be: Enabled or DisabledEnabled or Disabled
Powerful user managementPowerful user managementPowerful user managementPowerful user management
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 17
CO
Su
ser
CO
Su
ser
Benefits?
Transactions are exploded into Transactions are exploded into component tasks for executioncomponent tasks for execution
Scheduling may vary with Scheduling may vary with transaction typetransaction type
Order of scheduled transaction Order of scheduled transaction execution may be prioritizedexecution may be prioritized
Administrators may define Administrators may define new transaction typesnew transaction types
COSCOSbatchbatch job scheduler job scheduler provided for large customersprovided for large customers
Transaction engineTransaction engineTransaction engineTransaction engine
Allows staff to work in prime Allows staff to work in prime timetime
Provides optional deferment Provides optional deferment of work when network is busyof work when network is busy
Uses network at “quiet” timesUses network at “quiet” times Enables scalabilityEnables scalability
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 18
CO
Su
ser
CO
Su
ser
Password synchronizationPassword synchronizationPassword synchronizationPassword synchronization
• Users need only remember one user name and one password
• Passwords can be linked to TKB type e.g. all UNIX only
• Enables organisations to enforce stronger passwords
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Logon Name: oldfieldcPassword: alub256
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
Application
Database
OS
Platform
Service Level
Network
Business Process
Middleware
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 19
CO
Su
ser
CO
Su
ser
Credential Set 1Rule 1 UID > 7 chars
Credential Set 2Rule 2 UID <= 8 chars
Common Credential RulesCommon Credential RulesCommon Credential RulesCommon Credential Rules
Synchronization can Synchronization can occur across the 3 occur across the 3 sets of credentials sets of credentials as there is a as there is a common set of rules common set of rules between the 3 setsbetween the 3 sets
Credential Set 3Rule 3 UID <= 24 chars
Common UID Rule
UID > 7 chars,UID <= 8 chars,
UID <= 24 chars =
UID = 8 chars
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 20
CO
Su
ser
CO
Su
ser
Password SynchronizationPassword SynchronizationPassword SynchronizationPassword Synchronization
COSuser picks up the new password and checks that it is suitable
User attempts to
login to Windows
Network as normal
Windows Domain ages password and prompts for new password
COSuser synchronizes password with relevant
servers
Unix Server
Unix Server
Oracle Server
Oracle Server
Windows Domain
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 21
CO
Su
ser
CO
Su
ser
Password SynchronizationPassword SynchronizationPassword SynchronizationPassword Synchronization
COSuser picks up new password and checks that it is suitable
User changes
password on Unix system
COSuser synchronizes password with relevant
domains and other servers
Unix Server
Unix Server
Oracle Server
Oracle Server
Windows Domain
Unix Server
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 22
CO
Su
ser
CO
Su
ser
Run reports from 8 audit trailsRun reports from 8 audit trails
Run history reports for Run history reports for specific activities completed specific activities completed in in a period in in a period
Run reports for individual Run reports for individual usersusers
Management reporting and Management reporting and auditingauditingManagement reporting and Management reporting and auditingauditing
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 23
CO
Su
ser
CO
Su
ser
HR ConduitsHR Conduits HR department is HR department is
focal point for focal point for changeschanges
DutiesDuties Grant privileges to Grant privileges to
duties not usersduties not users Users are allowed to Users are allowed to
execute certain execute certain dutiesduties
UNIX-root privilege UNIX-root privilege delegationdelegation
DelegationDelegationDelegationDelegation
Password resetting and revokingPassword resetting and revoking
Duties extend COSDuties extend COSuseruser IT operations workflow featureIT operations workflow feature
A list of scheduled duties includ-A list of scheduled duties includ-ing duties for provisioninging duties for provisioning
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 24
CO
Su
ser
CO
Su
ser Generic TKB - Interactive Generic TKB - Interactive
DutiesDutiesGeneric TKB - Interactive Generic TKB - Interactive DutiesDuties
COSuser
Call CenterRole
TKB A
TKB B
TKB C
Gen TKB D
CU Web based Workflow &Authorization
Duty GroupSysadmins D
Transport mechanism
Transport mechanism
Transport mechanism
Benefits:• Quicker deployment (less technology)• Address Audit requirements (who, what,
when)• Opportunity to roll out automation at
manageable pace
• COSuser duty alert emailed to one or more trusted Sys Admins
• COSuser duty viewed via Web browser (secure & authenticated)
• COSuser duty presents user information to Sys Admin• COSuser duty captures confirmation of completion• Confirmation (who, when, what) returned to Audit DB
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 25
CO
Su
ser
CO
Su
ser
Password strengtheningPassword strengthening password historypassword history password constructionpassword construction
Password agingPassword aging force change.force change.
Privileged access managementPrivileged access management secure shell auditingsecure shell auditing restricted usagerestricted usage
Flexible controlsFlexible controls multiple UIDs per usernamemultiple UIDs per username multiple usernames per UIDmultiple usernames per UID multiple roles per objectmultiple roles per object
Unix access controls and Unix access controls and password managementpassword managementUnix access controls and Unix access controls and password managementpassword management
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 26
CO
Su
ser
CO
Su
ser COSCOSuseruser operating overview operating overview
Automation - Delegation - Automation - Delegation - ControlControl
COSCOSuseruser operating overview operating overview Automation - Delegation - Automation - Delegation - ControlControl
Control
History and audit reporting by user, target, roles and passwords, etc.
Audit Reporting
Auditing
HR Conduits
HR
Other System
Other Business Unit
Automation
Roles, targets, account templates, login name and password policy
User account additions, deletions, changes, disables, enables, password resets
COSuser Agent
TKBsCOSuser
AgentTKBs
COSuser Agent
TKBsCOSuser
AgentTKBs
COSuser Agent
TKBsCOSuser
AgentTKBs
OSM ToolsetTransaction and
Duty EngineDatabase and
Auditing
COSuser kernel
UI
Policy
PolicyManagement
IT User Management
User details and user events
User
http: self service
Delegation
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 27
CO
Su
ser
CO
Su
ser
Web browser based workflowWeb browser based workflowWeb browser based workflowWeb browser based workflow
User initiates a request for a new User initiates a request for a new account or Windows share account or Windows share request is emailed through to request is emailed through to
appropriate manager(s)appropriate manager(s)
Manager(s) can accept, reject or Manager(s) can accept, reject or refer a requestrefer a request
On acceptance, request is passed On acceptance, request is passed through to COSthrough to COSuser user engine for engine for processingprocessing
Users can change password or Users can change password or request help from help-desk if request help from help-desk if original password is forgottenoriginal password is forgotten challenge response mechanismchallenge response mechanism
Managers can lookup user Managers can lookup user accounts for which user has access accounts for which user has access rightsrights
Users can gain access to relevant Users can gain access to relevant COSCOSuseruser documentation documentation
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 28
CO
Su
ser
CO
Su
ser
Web browser self-registrationWeb browser self-registrationWeb browser self-registrationWeb browser self-registration
1 User contacts registration serverUser contacts registration server 2 User enters login name and password User enters login name and password
3 Self-registration form provides the Self-registration form provides the means for the user to register means for the user to register him/herself for the first time, or to him/herself for the first time, or to change registration details change registration details
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 29
CO
Su
ser
CO
Su
ser
A set of software building blocksA set of software building blocks user interfaceuser interface database toolsdatabase tools
Produces significant advantages Produces significant advantages in speed of developmentin speed of development
Allows for rapid prototypingAllows for rapid prototyping
Produces significant advantages Produces significant advantages in maintenance of codein maintenance of code
Produces common “look & feel”Produces common “look & feel”
Provides data sharingProvides data sharing
The OSM ToolsetThe OSM ToolsetThe OSM ToolsetThe OSM Toolset
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 30
CO
Su
ser
CO
Su
ser
• Lack of FocusLack of Focus
• Project SponsorshipProject Sponsorship
• Skill-Set Mismatch Skill-Set Mismatch
• Operational ReadinessOperational Readiness
• Unrealistic ExpectationsUnrealistic Expectations
• Bad Project ManagementBad Project Management
• Lack of Process DefinitionLack of Process Definition
• Lack of Ownership/ControlLack of Ownership/Control
• Scope — Too Much Scope — Too Much Detail/Too Little DetailDetail/Too Little Detail
20
30
50
40
%
Fail Partial Success
Source: Meta Group
Most NSM implementations Most NSM implementations do not achieve their do not achieve their objectivesobjectives
Most NSM implementations Most NSM implementations do not achieve their do not achieve their objectivesobjectives
RUMA Rapid User Management Analysis
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 31
CO
Su
ser
CO
Su
ser
COSCOSuseruser features featuresCOSCOSuseruser features features
FlexibilityFlexibility policy and procedure basedpolicy and procedure based allows for future changeallows for future change technology that’s extensibletechnology that’s extensible
DelegationDelegation empower the usersempower the users remove work from administratorsremove work from administrators
ScalabilityScalability transaction enginetransaction engine proven real-world use.proven real-world use.
Delegate
Automate
Control
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 32
CO
Su
ser
CO
Su
ser
COSCOSuseruser benefits benefitsCOSCOSuseruser benefits benefits
Improved efficiencyImproved efficiency automation - manage volume/reduce costautomation - manage volume/reduce cost delegation - balance the workloaddelegation - balance the workload centralize - one point of controlcentralize - one point of control
Improved service levelsImproved service levels user empowerment - better responseuser empowerment - better response reduction in cycle time - more productivereduction in cycle time - more productive
Increased securityIncreased security password control - no Post-it notespassword control - no Post-it notes restricted access - business rolesrestricted access - business roles
Protection from skills shortageProtection from skills shortage deskilling of processes - policy drivendeskilling of processes - policy driven
Off load the help deskOff load the help desk enfranchise the user communityenfranchise the user community
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 33
CO
Su
ser
CO
Su
ser
Recommended action planRecommended action planRecommended action planRecommended action plan
Commission RUMACommission RUMA define and agree policiesdefine and agree policies define roles, cleaning policies etc.define roles, cleaning policies etc. scope phased implementationscope phased implementation identify quick wins and big areas of hurtidentify quick wins and big areas of hurt
Implement chosen subset of “systems”Implement chosen subset of “systems” keep it simplekeep it simple clean data to level defined by policiesclean data to level defined by policies provide internal “reference” siteprovide internal “reference” site
Review RUMA report and policiesReview RUMA report and policies refine in light of reference siterefine in light of reference site
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 34
CO
Su
ser
CO
Su
ser COSCOSuseruser case study case study
Iams (Proctor & Gamble)Iams (Proctor & Gamble)
Iams CompanyIams Company Largest premium pet food manufacturer Largest premium pet food manufacturer
in the USAin the USA Now part of Proctor and GambleNow part of Proctor and Gamble
10 large AIX systems run from NT 10 large AIX systems run from NT workstations using COSMOS PC GUI workstations using COSMOS PC GUI ClientClient
User population close to 1,000 staffUser population close to 1,000 staff
Main driver was password controlMain driver was password control Password synchronisationPassword synchronisation Password strength controlPassword strength control
UNIX account management onlyUNIX account management only
No RUMA, 15 day implementationNo RUMA, 15 day implementation
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 35
CO
Su
ser
CO
Su
ser COSCOSuseruser case study case study
Lloyds TSBLloyds TSB
Lloyds TSB BankLloyds TSB Bank One of four major UK clearing banksOne of four major UK clearing banks
Initial implementation on 16 very large Initial implementation on 16 very large Sequent systems Sequent systems
Expansion to 213 AIX and Solaris under wayExpansion to 213 AIX and Solaris under way
Planned expansion up to 500+ serversPlanned expansion up to 500+ servers
Initial user population of 1,000 staff due to Initial user population of 1,000 staff due to growgrow
Interest driven by auditorsInterest driven by auditors Who had access to what?Who had access to what? Why were old accounts still presentWhy were old accounts still present
Stage 1: 10 day RUMA, 35 day Stage 1: 10 day RUMA, 35 day implementationimplementation
Stage 2: 80 day consultancyStage 2: 80 day consultancy
Managed service being providedManaged service being provided
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 36
CO
Su
ser
CO
Su
ser COSCOSuseruser case study case study
Northumbrian Water LtdNorthumbrian Water Ltd
Northumbrian WaterNorthumbrian Water Includes Essex & Southern WaterIncludes Essex & Southern Water Look after 4.3 million customers in UKLook after 4.3 million customers in UK
Will manage complete UNIX (IBM AIX) and Will manage complete UNIX (IBM AIX) and NT infrastructure including Oracle, Lotus NT infrastructure including Oracle, Lotus Notes & ISIS applicationsNotes & ISIS applications
Dynamic user population (2,000 staff)Dynamic user population (2,000 staff)
Efficiency and security are big driversEfficiency and security are big drivers Off-loading work to users via web browserOff-loading work to users via web browser Keep central operations staff small in numberKeep central operations staff small in number
Stage 1 (UNIX): 10 day RUMA, 35 day Stage 1 (UNIX): 10 day RUMA, 35 day implementationimplementation
Stage 2 (NT, Lotus): 60 day consultancy Stage 2 (NT, Lotus): 60 day consultancy contractedcontracted
“It is not always easy to prove a positive ROI for security software, but this is one area where it is demonstrable.” Malcolm Beckwith, Datacenter Manager
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 37
CO
Su
ser
CO
Su
ser COSCOSuseruser case study case study
Duke EnergyDuke Energy
Duke EnergyDuke Energy Fortune 500 companyFortune 500 company Gas transmission business looks after 1 Gas transmission business looks after 1
million customers in Canadamillion customers in Canada
Currently manages 45 UNIX (IBM AIX) Currently manages 45 UNIX (IBM AIX) servers and looking to roll out onto Oracleservers and looking to roll out onto Oracle
<1,000 computer users<1,000 computer users
Efficiency was big driverEfficiency was big driver Small team of administratorsSmall team of administrators Time to add a new user reduced from an Time to add a new user reduced from an
average of 45 minutes to 2 minutesaverage of 45 minutes to 2 minutes
Stage 1 (UNIX): 10 days of OSM Stage 1 (UNIX): 10 days of OSM consultancyconsultancy
Stage 2 (Oracle): 5 days consultancy Stage 2 (Oracle): 5 days consultancy quotedquoted
"COSuser is very complete in its design. We haven’t seen any areas to improve it yet," Wayne Sellar, Senior UNIX Administrator
T h e s y s t e m s m a n a g e m e n t s p e c i a l i s t s
© 2003, Open Systems Management Ltd (OSM) Slide 38
CO
Su
ser
CO
Su
ser COSCOSuseruser case study case study
West Interactive Corp.West Interactive Corp.
West Interactive CorporationWest Interactive Corporation Very large call centersVery large call centers Employ 23,000 staff based out of Omaha, Employ 23,000 staff based out of Omaha,
Nebraska, USANebraska, USA process more than 20 billion minutes of process more than 20 billion minutes of
telephony-related transaction time annuallytelephony-related transaction time annually
Have more than 2,000 SCO UNIX servers, Have more than 2,000 SCO UNIX servers, and some 3,000 UNIX servers in totaland some 3,000 UNIX servers in total
Will implement on AD as wellWill implement on AD as well
Approximately 6,000 user accountsApproximately 6,000 user accounts
Stage 1: 10 days to conduct a RUMAStage 1: 10 days to conduct a RUMA
Stage 2: 35 days consultancy to aid in roll-Stage 2: 35 days consultancy to aid in roll-out. Most work will be performed by out. Most work will be performed by customer staff.customer staff.