Copyright © 2006 Quest Software

Manage Your AD Infrastructure with Quest Tools

QDP/Microsoft Road Show

Lee Elliott – Quest Systems Consultant EMEA

2

Identity integrationinto Active Directory(Vintela AuthenticationServices and Vintela Single Sign-on for Java)

Enterprise Group Policy(Vintela Authentication Services)

SMS Integration(Quest ManagementXtensions for SMS)

MOM Integration(Quest Management Xtensions for MOM)

Event Log Management(InTrust)

Rules & Roles-based Administration(ActiveRoles Direct)

User Provisioning(ActiveRoles Server)

Diagnostics & Troubleshooting (Spotlight on AD)

Online, Granular Recovery(Recovery Manager for AD)

GPO Management(Group Policy Manager)

Self-Serve Password (Password Manager)

Password Management

(Password Manager)

Change Control & AD Lockdown(InTrust for AD)

Pre/Post Migration Reporting/Analysis(Reporter)

NT4.0 Active Directory(Domain Migration Wizard)

NDS eDirectory AD(NDS Migrator

AD AD(Migration Manager for AD)

E-mail Archival(Archive Manager)

Usage Analysis(MessageStats)E-Discovery(Recovery Manager forExchange)

Compliance Reporting(MessageStats)

Personal Folder Mgmt(Archive Manager)

Diagnostics & Troubleshooting(Spotlight on Exchange)

Message-level Recovery(Recovery Manager forExchange)

Multi-org Collaboration(Collaboration Services)

High Availability(Availability Manager for Exchange)

Exchange 5.5 Ex 2003(Exchange Migration Wizard)

Notes Ex 2003(Notes Migrator for Exchange)

GroupWise Ex 2003(GroupWise Migrator for Exchange)

Ex 200X Ex 2003(Migration Manager for Exchange)

Event Log Management (InTrust)

File / Folder User Access Reporting(Reporter)

Storage Analysis(Storage Manager)

File & Print Servers(Storage Consolidator)

Active DirectoryActive DirectoryManagementManagement

ExchangeExchangeManagementManagement

WindowsWindowsManagementManagement

SharePointSharePoint Unix / LinuxUnix / Linux

e-Discovery(Site Administrator for SharePoint)

Usage Analysis (Site Administrator for SharePoint)

Global Policy Management(Site Administrator for SharePoint)

Centralized Administration(Site Administrator for SharePoint)

Exchange Public Folders SharePoint 2003 / 2007(Public Folder Migrator for SharePoint)

3

Introducing Active Roles Server “The Practical Way to Provision, Manage, and Secure Active

Directory” • The Challenge– Providing employees secure access to resources needed across

the network (user provisioning) is complicated yet critical. Provisioning is not a one-time event. Reprovisioning and deprovisioning continually require administrators’ time and attention. Duplicate data entry into Active Directory and HR and ERP systems is time-consuming and error-prone.

• Quest Solution– ActiveRoles Server can help you automatically provision, re-

provision and more importantly, de-provision users quickly, efficiently and securely in AD and beyond. ActiveRoles Server provides strictly enforced role-based security,automated group management, change approval and easy-to-use Web interfaces for self service, to achieve practical user and group lifecycle management for the Windows enterprise.

4

So what is Provisioning anyway?

“New Boy”

Active Directory Domain

5

Provisioning Lifecycle

Reprovisioning (Promotion)- Promotions or Transfers- Project Assignments- Information updates

Deprovision (Retire)- Employment Status Changes- Disable Accounts- Disable Access to Resources- Assign Entitlements to others

Identity Administration- Information updates- Group and Distribution List

Membership Changes- Self-service

New User is Provisioned (Hire)- User Account Creation - Mailbox and Home Folders Creation- Group and Distribution List

Memberships

- Access to Applications Granted - Accounts in Connected Systems

Created- E-mail notifications

6

Business Issues

• Providing employees secure access to resources needed across the network (user provisioning) is complicated yet critical.

• Provisioning is not a one-time event. Reprovisioning and deprovisioning continually require administrators’ time and attention.

• Duplicate data entry into Active Directory and HR and ERP systems is time-consuming and error-prone.

• Native Active Directory tools can’t ensure administrative security or data integrity.

7

Business Issues – Bigger Picture

• Compliance

• Identity Management

• Process Management

• IT Efficiency

• User Productivity

• Lowers Total Cost of Ownership

• Decreases potential risk:

– After being terminated, a former administrator to a transportation services company deleted the company’s customer database and changed system passwords.

– After being fired, a former employee accessed his company’s servers, deleted 675 files, changed access control levels, altered billing records, and sent email with false statements about the company to hundreds of its customers

8

What does ActiveRoles Server do ?

ActiveRoles Server offers a practical approach to automated Active Directory user provisioning and administration, for maximum security and efficiency

9

Introducing Password Manager “Empower users, reduce support costs, and strengthen security”

• The Challenge– Password resets are the leading source of requests for help desk

assistance. The pain of password management is becoming more pervasive as organizations strive for more stringent security policies. Longer, more complex passwords that must be changed more frequently increase the likelihood that users will forget them and place a call to support. As a result, many organizations are caught between increasing security and reducing user support costs.

• Quest Solution– Password Reset Manager provides a simple, secure, self-service

solution that allows end users to reset forgotten passwords and unlock their accounts. It also allows administrators to implement stricter password policies while reducing the help desk workload. Organizations no longer have to sacrifice security to reduce costs.

10

I have forgotten my password!!

• User forgets their password• User tries various combinations of old passwords• Eventually User gives up and contacts helpdesk• If possible, helpdesk responds - if not issues “ticket”

– Common ratio for large companies – 1 helpdesk admin/6000 users!

• In the meantime User cannot access any resources ie e-mail, shares, printers etc

• Eventually the helpdesk resets the User password and the User is productive.

11

Business Challenges

• Increase security through comprehensive control over user account passwords

• Decrease costs by reducing or eliminating expensive password related help desk calls

• Increase productivity through a simple and secure self-service password management solution that is guaranteed to be used

• Provide a single location for all user to manage Active Directory or other passwords

According to the Gartner Group, 20% to 50% of all help desk calls

are for password resets

12

Technical Challenges

• Increase security with password complexity policies that go beyond those provided by Active Directory

• Select a simple and cost effective solution

• Enforce end-user participation to guarantee ROI

• Audit and alert administrators and users when relevant events or activates occur

Forrester Research states that the average help desk labor cost for a

single password reset is about $70

13

What does Password Manager do ?

Secure Authentication

Strict password policy enforcement

Auditing and alerts

Intuitive and easy to use and deploy

GINA extensions for pre-logon password reset

Or Help Desk

14

Introducing Spotlight on AD “Find and fix problems in Active Directory”• The Challenge

- Administrators spend too much time troubleshooting and reacting to problems in Active Directory (AD). Problems like out-of-date Group Policy Objects (GPOs), missing DNS registrations, failed AD services and performance problems on domain controllers. This can have wide-reaching effects, including system downtime and directory unavailability.

• Quest Solution– Spotlight acts as a real-time diagnostic tool for troubleshooting and

rapid resolution of replication, performance and availability problems in AD environments. Spotlight provides a clear view of domain controller processes, an easy way to identify resource bottlenecks, and a consolidated view of AD and system status

15

Technical Challenges

• Administrators cannot quickly identify the root cause of problems in AD and promptly resolve them.

• Administrators do not have a clear view of domain controller processes or an easy way to identify resource bottlenecks.

• Administrators do not have a consolidated view of AD and system status.

• Performance alerts are raised in a monitoring console, while related diagnostic information is available through a separate interface, requiring manual work to correlate and resolve issues

16

What does Spotlight on AD do ?

17

Live Topology View

18

Unified Diagnostic Console

19

Introducing Vintella Authentication Servives “Integrate Unix into Active Directory”

• The Challenge– Heterogeneity is the standard – Mixed Linux, Unix and Windows environments are a fact of life– Customers need to reduce IT complexity– Interoperability is a key business concern– Linux, Unix and Windows-based environments continue to grow– Specialized applications in these environments add to the problem

• Quest Solution– VAS extends Windows identity to encompass Unix and Linux. This

allows standardize x-platform password policies around AD and the ability to centralize user and group management within AD. The solution is also scalable supporting large AD deployments and forests.

– Quest Management Extensions for MOM and SMS extend the capabilities of these applications to Unix and Linux. Simplifies and improves management allowing a single point of management. No additional training or systems required

20

Web Services Policy Management

Authentication and Identity Management

Systems Management

Health Monitoring

Microsoft Products and Technology.NET Group Policy Active Directory

MIIS

SMS 2003 MOM 2005

Unix, Linux, Java, and Macintosh TechnologyPHP

Java

CGI

Config Files

/etc file systems

.Profile, etc.

NIS

PAM

NSS

LDAP

/Proc File sys

Static Conf files

OS-specific utilities

SAM, SMIT

/Proc

SNMP

OS-specific, application-

specific event systems

Quest Products & Technology

IT Infrastructure Pain Points

WBEM/SNMP

Quest Manageme

nt Extensions

WBEM

Quest Management Extensions

Kerberos/LDAP

Vintela Authentication

Services

Vintela Group Policy

Vintela Single

Sign-on for Java

?? ?? ?? ?? ??

21

Vintela Authentication Services

• Native integration of Unix/Linux into Active Directory– Enables Active-Directory based SSO for heterogeneous systems

• Secure authentication and authorization– Integration – not synchronization – between diverse systems– All credentials & identity information reside within Active Directory

• Complete NIS replacement

• Unix Identity Management using RFC 2307 Schema

• Extensive platform support:– HP-UX, AIX, Solaris, Red Hat, SuSE

• Foundation for Group Policy on Unix/Linux

– Ships with Vintela Group Policy

22

Vintela Group Policy (included with VAS)

Extensible framework that extends Microsoft Group Policy to Unix and Linux clients through the native Active Directory interface

• Extends policy-based management to Unix and Linux clients– Control access to client machines – Scripting– Single point of access for the entire enterprise– Supports native Unix utilities from Active Directory (Sudo, Cron, etc.)

• Extended cross-platform support – Solaris, HP-UX, AIX, and Linux (SuSE and Red Hat)

23

Vintela Management Extensions

SMS snap-in allows IT administrators to manage Unix, Linux and Mac OS X systems within SMS.

• Extends the existing SMS framework and admin tools– Uses the existing Management Points and Distribution Points

• VMX clients acts like an SMS Advanced Client• WBEM/CIM based – WMI for Unix

– Native systems management using SMS for Unix, Linux, Mac OS X • Solaris, HP-UX, AIX, Mac OS X, and Linux

24

Extending the Power of Microsoft Management Solutions

Only from Microsoft and Quest

25

Key Capabilities and Business Value

• Reduced TCO– One point-of-management / One console – Eliminate repetitive, platform – specific tasks

• Extends Microsoft Solutions to Heterogeneous Systems– Non-Windows systems act as MOM and SMS Advanced Clients– Extend core functionality of Windows solutions

• MOM/OM: Application & Server Monitoring, Event & Performance Management, Proactive Automated Response, Reporting

• SMS/CM: Software & Patch Distribution, Hardware & Software Inventory, Software Metering, System Discovery, Remote Management

• Leverage Existing Investments– Native integration means core tasks can be managed from within a single

infrastructure

• Simplify management– Complexity goes down, while ROI goes up

26

Extensive Platform Support

• RedHat Enterprise Linux – AS/ES/WS 2.1, 3.0 i386, 4.0*

• SUSE – 8, 8 Enterprise Server 9, 9.1, 9.3, 10*, Enterprise Desktop 10*

• Solaris – 8, 9 & 10 (sparc)

• AIX – 5.1, 5.2, 5.3

• HP-UX – 11i (11.11 PA-RISC), 11.23

• Mac OS X – 10.3, 10.4 (ppc and Intel)*version also supports 64-bit in 32-bit compatibility mode for Intel EM64T and AMD64 architectures

27

Non-Windows Collections

• QMX for SMS installs non-Windows Collections for support OS Platforms

• Collections can be created, modified or deleted based on your needs

• The QMX for SMS clients are SMS Advanced clients for Unix

28

Extending System Center Configuration Manager 2007

• Natively extend Configuration Manager 2007 to Unix, Linux and Mac OS X

– Support new User Interface including task menus and Wizards– Integrate with new infrastructure

• Extend CM functionality (end of 2007)– Hardware and Software Inventory– Software Distribution– Metering– Remote Tools– System Discovery– Client Deployment– Leverage core functionality

• Resource Explorer• Reporting

• Add New Functionality (throughout 2008)– Software Updates / Patch Management– Desired Configuration Management

29

Next Steps………..

• Visit:– www.quest.com– Download and evaluate the software

THANK YOU FOR YOUR TIME!!