SlideShare ist ein Scribd-Unternehmen logo
1 von 30
Downloaden Sie, um offline zu lesen
How to Implement
Novell Cloud Security Services
                ®


Nuts and Bolts




Dale Olds, Distinguished Engineer
Ben Fjeldstet, Sr. Engineer
Tom Cecere, Product Strategy
Novell Cloud Security Service
March 24, 2010
Key Takeaways

             SaaS adoption is projected to increase three-fold to
             US$14 Billion by 2012, according to Gartner.
             “SaaS sprawl” is causing IT administration and
             security nightmare for enterprises.
             Enforcing consistent policies for internal and cloud
             applications is key to effective governance.
             Novell Cloud Security Service allows organizations
                              ®



             to extend its internal policies, roles and workflow and
             manage a multi-SaaS environment consistently.
             Novell is a leading provider of identity and security
             solutions and has been for over 20 years.
2   © Novell, Inc. All rights reserved.
Agenda

      Why Novell Cloud Security Service (NCSS)?
                                          ®




      What Is NCSS and How Does It Work?


      Architecture


      Deployment Options




3   © Novell, Inc. All rights reserved.
Creating IT Administration Nightmare

                                          User data/
                                          permissions
                User data/                                                  User data/
                permissions                                                 permissions




         User data/                                                               User data/
         permissions                                                              permissions

                                                                 Users


       Enterprise Challenge
                                                                    Apps
          •                 IT Department
              Multiple usernames/passwords
          •   Multiple identity silos
          •   Disparate administration tools
          •   Challenge in timely deprovisioning accountsSystems/
                             Directory     User data/     of ex-employees
                                                   permissions      tools

4   © Novell, Inc. All rights reserved.
And Concerns Over Security

    •   DuPont: “When a sales person leaves the company, it
        takes 10 days to de-provision their account in
        SalesForce.com. Until then, the sales person has
        access to his account. This is a real problem.”

    •   International Fragrances & Flavors: At an executive
        briefing told us, “We cannot use SaaS until it uses our
        identity management systems.”

    •   “What’s keeping us from getting more large enterprise
        customers? Trust.” –David Carroll, Salesforce.com
        evangelist

5   © Novell, Inc. All rights reserved.
Agenda

      Why Novell Cloud Security Service (NCSS)?
                                     ®




      What Is NCSS and How Does It Work?


      Architecture


      Deployment Options




6   © Novell, Inc. All rights reserved.
How Does NCSS Work?

           Enterprise                                                                  Relying Party
           User Store                                                                   Participant
                                                         Novell Cloud       2
                                                       Security Services
                                              NCS             IdP          SAML 1,
                                              Secure                       SAML 2,
           User Store                         Bridge                                   SaaS Application
                                                        AuthN Service      WS-Fed




                                                         User                       User Access
                                          1     Authentication                   SaaS Resources
                                                                                                  3




              NCSS handles both use cases: A user directly logging into a cloud
       1
              service or user logging into their enterprise system first.

7   © Novell, Inc. All rights reserved.
NCSS Enterprise Connections with
    LDAP Identity Stores
    •    Secure Bridge Service
          –   SSH Tunneling Services for Identity Verification for NCSS
          –   Audit Reporting
    •    Secure Bridge Appliance (Post 1.0)
          –   Identity Federation to NCSS
          –   SSH Tunneling Services for Audit Reporting




        Identity Store(s)




                                                Secure Bridge             Enterprise Firewall




        Audit Server(s)

8   © Novell, Inc. All rights reserved.
NCSS Enterprise Connections with
    Existing AM Solutions
    •    Secure Bridge Service
          –   SSH Tunneling Services for Audit Reporting
    •    Access Management Solution Integration
          –   Quick Start Integration for Common Identity Providers
          –   SAML 2.0, POST capabilities required




        Identity Store(s)




                                                                      Enterprise Firewall




        Audit Server(s)                         Secure Bridge

9   © Novell, Inc. All rights reserved.
NCSS Provider Components

     •   Multi-tenant Director
          –   Console hosting
          –   Audit Collection/Reporting
          –   Cost Accounting Collection/Reporting
                                                                            Director     Provider Console
          –   Multi-tenant Operations Management
                                                                                         Customer Console
     •   Per-tenant Security Brokers                                                     Audit Collection/Reporting

          –   Identity Federation                                                        Cost Accounting
                                                                                         Collection/Reporting
          –   Event Routing for                       Security Brokers
                                                                                         Multi-tenant Operations
              Audit/Billing/Operations                                   Identity
                                                                         Federation
                                           Tenant A
                                                                         Event Routing


                                                                         Identity
                                                                         Federation
                                           Tenant B
                                                                         Event Routing


                                                                         Identity
                                                                         Federation
                                           Tenant C
                                                                         Event Routing

10   © Novell, Inc. All rights reserved.
NCSS SaaS Connections

     •   Quick Customer On-boarding
     •   Per-Customer Services
          –   Identity Federation (SAML 2.0)
          –   Audit Reporting

     •   Large Supported Platform Base
          –   Java Spring                                               SaaS
                                                                     Connections
          –   Apache
          –   ...
                                                          Identity

                                                        Events

                                           Hoster/MSP
                                             Firewall




11   © Novell, Inc. All rights reserved.
Agenda

       Why Novell Cloud Security Service (NCSS)?
                                      ®




       What Is NCSS and How Does It Work?


       Architecture


       Deployment Options




12   © Novell, Inc. All rights reserved.
CSS: Identity and Compliance
     Services System Architecture

                                                                 CSS Director
                                                                      Administration

      Secure Bridge                                                 Operations Mgmt                               SaaS/PaaS
        Services
                                           SSH Protocol Tunnel
                                                                                                                 Connections




                                                                                           Identity Federation
                                                                                            and RESTful APIs
                                                                     Cloud Security
             Protocol                                                   Broker
             Mapping                                                                                             PivotLink
                                                                      Authentication
              Event                                                                                              SharePoint
           Distribution                                                 Federation

            Workflow                                               Attribute Aggregation
            Initiation
                                                                    Event Distribution
                                                                                                                 GoogleApp
                                                                     High Availability                           Engine

                                                                    Limited Workflow

13   © Novell, Inc. All rights reserved.
Secure Bridge
           Services
              Protocol
              Mapping

               Event
            Distribution

              Workflow
              Initiation




                              Secure Bridge Services Stack

                                                             Event
                                                             Distribution

                                   LDAP Server   HTTP Svcs   Event          Limited
                                   Mapping       Mapping     Receptor       Workflow API


                                   CSB Connection Manager


                                   SSH Tunnel


14   © Novell, Inc. All rights reserved.
CSS Director
          Administration
           Operations Mgmt




      CSS - Director Stack
        Administration
                                                              Operations Management
                                           Customer
          Provider Consoles
                                           Consoles                                                             CABE
                                                                Operations Director     Security Manager
                                                                                                                Processors
          HTML                     JavaScript
          GWT                                                   REST APIs         Configuration Distributor    Event Receptor


        CSS Core
            Services             Instance             Event Receptor   Security            Session Broker     Data Store Mgmt
            Manager              Communication        (REST)           Manager             (Clustering)       (Clustering)


        CSS Service Foundation
            Apache / Tomcat                                                          Cloud Service Bus

            WS*            AXIS            XMLSEC     XALAN     XERCES      JPA (Hibernate)   JAX-RS     JMS/CMS    Log4j/cxx

        Infrastructure Service Foundation
            IaaS Management APIs               HTTP Stack                              Messaging Stack        SQL Database
                                                                   SSH Tunnel
            (Cloud Vendor)                     (Apache)                                (ActiveMQ)             (SQLite)
15   © Novell, Inc. All rights reserved.
CSS Director
          Administration
           Operations Mgmt

      CSS - Director Stack
        Administration
          Provider Consoles                Customer                    Operations Management
                                           Consoles                      Operations Director             Security Manager             CABE
          Customer Admin
          Identity Services                                                                                                           Processors
                                           Identity Services             CSB Registry                    Tenant Segregation
          CABE Services
                                           CABE Services                 Config Query APIs               Cert/Key Distribution        Report Generation
          Operations Management
                                           Security Auditor              Configuration Distribution                                   Event Correlation/
          Security Auditor
                                           Reports (billing, etc.)       SB Query APIs                                                Aggregation
          Billing Auditor
                                                                         Backup/Restore                                               Event Receptor/
          Help Desk                                                                                                                   Storage
                                                                         System Monitoring
                                                                         Service Migration/Upgrade                                    Billing Processing
          HTML                       JavaScript
          GWT                                                            REST APIs                Configuration Distributor          Event Receptor


        CSS Core
            Services              Instance                     Event Receptor       Security               Session Broker           Data Store Mgmt
            Manager               Communication                (REST)               Manager                (Clustering)             (Clustering)


        CSS Service Foundation
            Apache / Tomcat                                                                           Cloud Service Bus

            WS*               AXIS         XMLSEC              XALAN     XERCES           JPA (Hibernate)      JAX-RS            JMS/CMS    Log4j/cxx

        Infrastructure Service Foundation
            IaaS Management APIs                    HTTP Stack                                          Messaging Stack             SQL Database
                                                                             SSH Tunnel
            (Cloud Vendor)                          (Apache)                                            (ActiveMQ)                  (SQLite)
16   © Novell, Inc. All rights reserved.
Cloud Security Broker
           Authentication
             Federation
       Attribute Aggregation
         Event Distribution
          High Availability
         Limited Workflow




      CSS – Cloud Security Broker Stack
        Identity                                                     Event                            High                   Workflow
                                                                     Distribution                     Availability
                                                 Session
                                                    Event            Event Processors
         Authentication          Federation                                                             CSB & Services        Provisioning
                                                    Recptor
                                                 Attribute           (Audit, Billing, Operations
         Methods                 Protocols                            With Customer &                   Monitor/Scale         Triggers
                                                 Management          Provider Views)



        CSS Core
            Services             Instance           Event Receptor        Security                    Session Broker     Data Store Mgmt
            Manager              Communication      (REST)                Manager                     (Clustering)       (Clustering)


        CSS Service Foundation
            Java / Apache

            WS*            AXIS            XMLSEC   XALAN     XERCES           JPA (Hibernate)          JAX-RS    JMS/CMS      Log4j/cxx

        Infrastructure Service Foundation
            IaaS Management APIs              HTTP Stack                                           Messaging Stack
                                                                 SSH Tunnel                                              SQL Database
            (Cloud Vendor)                    (Apache)                                             (ActiveMQ)
17   © Novell, Inc. All rights reserved.
Cloud Security Broker
           Authentication
             Federation
       Attribute Aggregation
         Event Distribution
          High Availability
         Limited Workflow

      CSS – Cloud Security Broker Stack
        Identity                                                       Event                      High                  Workflow
                                                                       Distribution               Availability
          Authentication        Federation       Session               Event Processors            CSB Cluster           Annexation
          Methods               Protocols        Attribute                                         Director
                                                 Management
           Card Space                                                   Audit
                                                                                                   CSB Cluster           User
           LDAP                  SAML 1.1                               Billing                    Monitor               Provision
           OAuth                 SAML 2             Aggregation
                                                      Event             Operations
                                                      Recptor                                      Service Health        User
           X-509                 WS-*               Security            Customer                   Monitor               De-provision


        CSS Core
            Services             Instance             Event Receptor      Security            Session Broker        Data Store Mgmt
            Manager              Communication        (REST)              Manager             (Clustering)          (Clustering)


        CSS Service Foundation
            Java / Apache

            WS*            AXIS            XMLSEC     XALAN       XERCES        JPA (Hibernate)    JAX-RS    JMS/CMS      Log4j/cxx

        Infrastructure Service Foundation
            IaaS Management APIs              HTTP Stack                                   Messaging Stack
                                                                   SSH Tunnel                                       SQL Database
            (Cloud Vendor)                    (Apache)                                     (ActiveMQ)
18   © Novell, Inc. All rights reserved.
Enterprise                                         SaaS/PaaS
                                               SB                                    SaaS
                                                         Identity
                                                         Federation                  Services
                                                         Protocol
                               SB Daemon

                                                                       Identity Connector


                              AEB Mapping

                                                                 CSB   Event Connector


                             LDAP Mapping

        Enterprise
        Identity Store



                                           Secure Data
                                           Marshaling




19   © Novell, Inc. All rights reserved.
Enterprise Console
       Enterprise                                        SaaS/PaaS
                                               SB                                     SaaS
      Audit Store
                                                                                      Services
                               SB Daemon

                                                                        Identity Connector


                              AEB Mapping

                                                            CSB         Event Connector


                             LDAP Mapping

                                                           REST API
                                                           with 0Auth



                                           Secure Data
                                           Marshaling




20   © Novell, Inc. All rights reserved.
Enterprise                                        SaaS/PaaS
                                               SB                                    SaaS
      Audit Store
                                                                                     Services
                               SB Daemon                 Identity
                                                         Federation
                                                         Protocol
                                                                       Identity Connector


                              AEB Mapping

                                                               CSB     Event Connector


                             LDAP Mapping

        Identity Store                                    REST API
                                                          with 0Auth



                                           Secure Data
                                           Marshaling




21   © Novell, Inc. All rights reserved.
Enterprise                                         SaaS/PaaS                Provider
                                                                                  Data Store
                                               SB                                                SaaS
      Audit Store
                                                                                                 Services
                               SB Daemon                             CSSD


                                                         REST API                  Identity Connector


                              AEB Mapping                                   Federation

                                                               CSB                Event Connector


                             LDAP Mapping
                                                                            REST API
        Identity Store




                                           Secure Data
                                           Marshaling




22   © Novell, Inc. All rights reserved.
Agenda

       Why Novell Cloud Security Service (NCSS)?
                                      ®




       What Is NCSS and How Does It Work?


       Architecture


       Deployment Options




23   © Novell, Inc. All rights reserved.
NCSS Small Deployment

     •   1 Multi-tenant Director                                         Director   Provider Console

          –   With configuration backup/restore services                            Customer Console

                                                                                    Audit Collection/Reporting
     •   1-N Customers/Tenants, each with:                                          Cost Accounting
                                                                                    Collection/Reporting
          –   1 Secure Bridge and
                                                                                    Multi-tenant Operations
          –   1-2 Security Brokers connecting to
              1-20 SaaS applications


                       Customer                                                            SaaS
                      Connections                     Security Brokers                  Connections

                                           Tenant A




                                           Tenant B
                                                                                              ...

                                           Tenant C


24   © Novell, Inc. All rights reserved.
NCSS Medium Deployment
                                                                              Director      Provider Console
                                                                              Cluster
     •   Multi-tenant Director Cluster**                                                    Customer Console

                                                                                            Audit Collection/Reporting
          –   1-8 Directors
                                                                                            Cost Accounting
                                                                                            Collection/Reporting
     •   1-N Tenants, each with:                                                            Multi-tenant Operations
          –   1 Secure Bridge
          –   1-5 Security Brokers connecting to
                                                                                    Database
              1-50 SaaS applications                                                Cluster


                       Customer                                                                    SaaS
                      Connections                     Security Brokers                          Connections

                                           Tenant A




                                           Tenant B
                                                                                                      ...

                                           Tenant C


25   © Novell, Inc. All rights reserved.                                 ** Requires clustered DB server deployment
NCSS Large Deployment                                                             Database Cluster
     •   Multi-tenant Director Cluster**
          –   1-5 Directors
               >   Console hosting
               >   Multi-tenant Operations
          –   1-5 Audit Servers                          Director            Audit                Cost Accounting
                                                         Cluster             Cluster              Cluster
          –   1-5 Billing Servers
     •   50-N Tenants, each with:
          –   1 Security Broker
          –   1-5 Security Brokers connecting
              to 1-100 SaaS applications
                       Customer                                                                       SaaS
                      Connections                       Security Brokers                           Connections

                                             Tenant A




                                             Tenant B
                                                                                                          ...

                                             Tenant C


26   © Novell, Inc. All rights reserved.                                   ** Requires clustered DB server deployment
Novell Cloud Security Service
                                              (NCSS)
                                                Director     Provider Console
                                                Cluster
                                                             Customer Console

                                                             Audit Collection/Reporting   Deep Connectors to Rackspace
                                                                                          Internal and App Store Apps
                                                             Cost Accounting
                                                             Collection/Reporting
                                                             Multi-tenant Operations

                                                      Security Brokers
     Internal LDAP
     Directory Only.
     Uses NCSS                             Tenant A
     Secure Bridge


      Internal Identity
      management System                    Tenant B
      with Federation                                                                                     ...
      No User Accounts on                  Tenant C
      Customer Premises



                                                                            Novell
                                                                            Identity
                                                                            Manager

                                                                                          Surface Connectors to External
                                                                                          SaaS Applications, SSO Only
27   © Novell, Inc. All rights reserved.
Questions and Answers
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security Service
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.


General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.

Weitere ähnliche Inhalte

Was ist angesagt?

How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azureLuis Martins
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...Novell
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingLicensingLive! - SafeNet
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data CenterCisco Russia
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Day 3 p4 - cloud strategy
Day 3   p4 - cloud strategyDay 3   p4 - cloud strategy
Day 3 p4 - cloud strategyLilian Schaffer
 
Day 2 p2 - business services management
Day 2   p2 - business services managementDay 2   p2 - business services management
Day 2 p2 - business services managementLilian Schaffer
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityCA API Management
 
Securing and Governing Cloud APIs
Securing and Governing Cloud APIsSecuring and Governing Cloud APIs
Securing and Governing Cloud APIsCA API Management
 
2nd day 2 - bsm overview
2nd day   2 - bsm overview 2nd day   2 - bsm overview
2nd day 2 - bsm overview Lilian Schaffer
 
Jan Jackman Cloud as a Platform for Business Innovation and Growth
Jan Jackman   Cloud as a Platform for Business Innovation and GrowthJan Jackman   Cloud as a Platform for Business Innovation and Growth
Jan Jackman Cloud as a Platform for Business Innovation and GrowthMauricio Godoy
 

Was ist angesagt? (20)

How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azure
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOA
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the Enterprise
 
Novell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in GovernmentNovell Success Stories: Collaboration in Government
Novell Success Stories: Collaboration in Government
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
 
The Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based LicensingThe Revolution in Licensing - Cloud-Based Licensing
The Revolution in Licensing - Cloud-Based Licensing
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data Center
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Day 3 p4 - cloud strategy
Day 3   p4 - cloud strategyDay 3   p4 - cloud strategy
Day 3 p4 - cloud strategy
 
Day 2 p2 - business services management
Day 2   p2 - business services managementDay 2   p2 - business services management
Day 2 p2 - business services management
 
Configuring and deploying a private cloud with system center 2012
Configuring and deploying a private cloud with system center 2012Configuring and deploying a private cloud with system center 2012
Configuring and deploying a private cloud with system center 2012
 
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud SecurityLayer 7: The Importance of Standards for Enterprise SOA and Cloud Security
Layer 7: The Importance of Standards for Enterprise SOA and Cloud Security
 
Layer 7 SecureSpan Solution
Layer 7 SecureSpan SolutionLayer 7 SecureSpan Solution
Layer 7 SecureSpan Solution
 
Securing and Governing Cloud APIs
Securing and Governing Cloud APIsSecuring and Governing Cloud APIs
Securing and Governing Cloud APIs
 
2nd day 2 - bsm overview
2nd day   2 - bsm overview 2nd day   2 - bsm overview
2nd day 2 - bsm overview
 
Jan Jackman Cloud as a Platform for Business Innovation and Growth
Jan Jackman   Cloud as a Platform for Business Innovation and GrowthJan Jackman   Cloud as a Platform for Business Innovation and Growth
Jan Jackman Cloud as a Platform for Business Innovation and Growth
 

Ähnlich wie How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security Service

How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudCA API Management
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the CloudWSO2
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud BusinessACMBangalore
 
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)itnewsafrica
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudStanton Jones
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementCompliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementNoam Bunder
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategydrmarcustillett
 

Ähnlich wie How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security Service (20)

How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud Business
 
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
 
An enterprise journey in the Cloud
An enterprise journey in the CloudAn enterprise journey in the Cloud
An enterprise journey in the Cloud
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 
Enterprise Applications on AWS
Enterprise Applications on AWSEnterprise Applications on AWS
Enterprise Applications on AWS
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10
 
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementCompliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement Management
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
 

Mehr von Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq   finalWorkload iq   final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

Mehr von Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq   finalWorkload iq   final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security Service

  • 1. How to Implement Novell Cloud Security Services ® Nuts and Bolts Dale Olds, Distinguished Engineer Ben Fjeldstet, Sr. Engineer Tom Cecere, Product Strategy Novell Cloud Security Service March 24, 2010
  • 2. Key Takeaways SaaS adoption is projected to increase three-fold to US$14 Billion by 2012, according to Gartner. “SaaS sprawl” is causing IT administration and security nightmare for enterprises. Enforcing consistent policies for internal and cloud applications is key to effective governance. Novell Cloud Security Service allows organizations ® to extend its internal policies, roles and workflow and manage a multi-SaaS environment consistently. Novell is a leading provider of identity and security solutions and has been for over 20 years. 2 © Novell, Inc. All rights reserved.
  • 3. Agenda Why Novell Cloud Security Service (NCSS)? ® What Is NCSS and How Does It Work? Architecture Deployment Options 3 © Novell, Inc. All rights reserved.
  • 4. Creating IT Administration Nightmare User data/ permissions User data/ User data/ permissions permissions User data/ User data/ permissions permissions Users Enterprise Challenge Apps • IT Department Multiple usernames/passwords • Multiple identity silos • Disparate administration tools • Challenge in timely deprovisioning accountsSystems/ Directory User data/ of ex-employees permissions tools 4 © Novell, Inc. All rights reserved.
  • 5. And Concerns Over Security • DuPont: “When a sales person leaves the company, it takes 10 days to de-provision their account in SalesForce.com. Until then, the sales person has access to his account. This is a real problem.” • International Fragrances & Flavors: At an executive briefing told us, “We cannot use SaaS until it uses our identity management systems.” • “What’s keeping us from getting more large enterprise customers? Trust.” –David Carroll, Salesforce.com evangelist 5 © Novell, Inc. All rights reserved.
  • 6. Agenda Why Novell Cloud Security Service (NCSS)? ® What Is NCSS and How Does It Work? Architecture Deployment Options 6 © Novell, Inc. All rights reserved.
  • 7. How Does NCSS Work? Enterprise Relying Party User Store Participant Novell Cloud 2 Security Services NCS IdP SAML 1, Secure SAML 2, User Store Bridge SaaS Application AuthN Service WS-Fed User User Access 1 Authentication SaaS Resources 3 NCSS handles both use cases: A user directly logging into a cloud 1 service or user logging into their enterprise system first. 7 © Novell, Inc. All rights reserved.
  • 8. NCSS Enterprise Connections with LDAP Identity Stores • Secure Bridge Service – SSH Tunneling Services for Identity Verification for NCSS – Audit Reporting • Secure Bridge Appliance (Post 1.0) – Identity Federation to NCSS – SSH Tunneling Services for Audit Reporting Identity Store(s) Secure Bridge Enterprise Firewall Audit Server(s) 8 © Novell, Inc. All rights reserved.
  • 9. NCSS Enterprise Connections with Existing AM Solutions • Secure Bridge Service – SSH Tunneling Services for Audit Reporting • Access Management Solution Integration – Quick Start Integration for Common Identity Providers – SAML 2.0, POST capabilities required Identity Store(s) Enterprise Firewall Audit Server(s) Secure Bridge 9 © Novell, Inc. All rights reserved.
  • 10. NCSS Provider Components • Multi-tenant Director – Console hosting – Audit Collection/Reporting – Cost Accounting Collection/Reporting Director Provider Console – Multi-tenant Operations Management Customer Console • Per-tenant Security Brokers Audit Collection/Reporting – Identity Federation Cost Accounting Collection/Reporting – Event Routing for Security Brokers Multi-tenant Operations Audit/Billing/Operations Identity Federation Tenant A Event Routing Identity Federation Tenant B Event Routing Identity Federation Tenant C Event Routing 10 © Novell, Inc. All rights reserved.
  • 11. NCSS SaaS Connections • Quick Customer On-boarding • Per-Customer Services – Identity Federation (SAML 2.0) – Audit Reporting • Large Supported Platform Base – Java Spring SaaS Connections – Apache – ... Identity Events Hoster/MSP Firewall 11 © Novell, Inc. All rights reserved.
  • 12. Agenda Why Novell Cloud Security Service (NCSS)? ® What Is NCSS and How Does It Work? Architecture Deployment Options 12 © Novell, Inc. All rights reserved.
  • 13. CSS: Identity and Compliance Services System Architecture CSS Director Administration Secure Bridge Operations Mgmt SaaS/PaaS Services SSH Protocol Tunnel Connections Identity Federation and RESTful APIs Cloud Security Protocol Broker Mapping PivotLink Authentication Event SharePoint Distribution Federation Workflow Attribute Aggregation Initiation Event Distribution GoogleApp High Availability Engine Limited Workflow 13 © Novell, Inc. All rights reserved.
  • 14. Secure Bridge Services Protocol Mapping Event Distribution Workflow Initiation Secure Bridge Services Stack Event Distribution LDAP Server HTTP Svcs Event Limited Mapping Mapping Receptor Workflow API CSB Connection Manager SSH Tunnel 14 © Novell, Inc. All rights reserved.
  • 15. CSS Director Administration Operations Mgmt CSS - Director Stack Administration Operations Management Customer Provider Consoles Consoles CABE Operations Director Security Manager Processors HTML JavaScript GWT REST APIs Configuration Distributor Event Receptor CSS Core Services Instance Event Receptor Security Session Broker Data Store Mgmt Manager Communication (REST) Manager (Clustering) (Clustering) CSS Service Foundation Apache / Tomcat Cloud Service Bus WS* AXIS XMLSEC XALAN XERCES JPA (Hibernate) JAX-RS JMS/CMS Log4j/cxx Infrastructure Service Foundation IaaS Management APIs HTTP Stack Messaging Stack SQL Database SSH Tunnel (Cloud Vendor) (Apache) (ActiveMQ) (SQLite) 15 © Novell, Inc. All rights reserved.
  • 16. CSS Director Administration Operations Mgmt CSS - Director Stack Administration Provider Consoles Customer Operations Management Consoles Operations Director Security Manager CABE Customer Admin Identity Services Processors Identity Services CSB Registry Tenant Segregation CABE Services CABE Services Config Query APIs Cert/Key Distribution Report Generation Operations Management Security Auditor Configuration Distribution Event Correlation/ Security Auditor Reports (billing, etc.) SB Query APIs Aggregation Billing Auditor Backup/Restore Event Receptor/ Help Desk Storage System Monitoring Service Migration/Upgrade Billing Processing HTML JavaScript GWT REST APIs Configuration Distributor Event Receptor CSS Core Services Instance Event Receptor Security Session Broker Data Store Mgmt Manager Communication (REST) Manager (Clustering) (Clustering) CSS Service Foundation Apache / Tomcat Cloud Service Bus WS* AXIS XMLSEC XALAN XERCES JPA (Hibernate) JAX-RS JMS/CMS Log4j/cxx Infrastructure Service Foundation IaaS Management APIs HTTP Stack Messaging Stack SQL Database SSH Tunnel (Cloud Vendor) (Apache) (ActiveMQ) (SQLite) 16 © Novell, Inc. All rights reserved.
  • 17. Cloud Security Broker Authentication Federation Attribute Aggregation Event Distribution High Availability Limited Workflow CSS – Cloud Security Broker Stack Identity Event High Workflow Distribution Availability Session Event Event Processors Authentication Federation CSB & Services Provisioning Recptor Attribute (Audit, Billing, Operations Methods Protocols With Customer & Monitor/Scale Triggers Management Provider Views) CSS Core Services Instance Event Receptor Security Session Broker Data Store Mgmt Manager Communication (REST) Manager (Clustering) (Clustering) CSS Service Foundation Java / Apache WS* AXIS XMLSEC XALAN XERCES JPA (Hibernate) JAX-RS JMS/CMS Log4j/cxx Infrastructure Service Foundation IaaS Management APIs HTTP Stack Messaging Stack SSH Tunnel SQL Database (Cloud Vendor) (Apache) (ActiveMQ) 17 © Novell, Inc. All rights reserved.
  • 18. Cloud Security Broker Authentication Federation Attribute Aggregation Event Distribution High Availability Limited Workflow CSS – Cloud Security Broker Stack Identity Event High Workflow Distribution Availability Authentication Federation Session Event Processors CSB Cluster Annexation Methods Protocols Attribute Director Management Card Space Audit CSB Cluster User LDAP SAML 1.1 Billing Monitor Provision OAuth SAML 2 Aggregation Event Operations Recptor Service Health User X-509 WS-* Security Customer Monitor De-provision CSS Core Services Instance Event Receptor Security Session Broker Data Store Mgmt Manager Communication (REST) Manager (Clustering) (Clustering) CSS Service Foundation Java / Apache WS* AXIS XMLSEC XALAN XERCES JPA (Hibernate) JAX-RS JMS/CMS Log4j/cxx Infrastructure Service Foundation IaaS Management APIs HTTP Stack Messaging Stack SSH Tunnel SQL Database (Cloud Vendor) (Apache) (ActiveMQ) 18 © Novell, Inc. All rights reserved.
  • 19. Enterprise SaaS/PaaS SB SaaS Identity Federation Services Protocol SB Daemon Identity Connector AEB Mapping CSB Event Connector LDAP Mapping Enterprise Identity Store Secure Data Marshaling 19 © Novell, Inc. All rights reserved.
  • 20. Enterprise Console Enterprise SaaS/PaaS SB SaaS Audit Store Services SB Daemon Identity Connector AEB Mapping CSB Event Connector LDAP Mapping REST API with 0Auth Secure Data Marshaling 20 © Novell, Inc. All rights reserved.
  • 21. Enterprise SaaS/PaaS SB SaaS Audit Store Services SB Daemon Identity Federation Protocol Identity Connector AEB Mapping CSB Event Connector LDAP Mapping Identity Store REST API with 0Auth Secure Data Marshaling 21 © Novell, Inc. All rights reserved.
  • 22. Enterprise SaaS/PaaS Provider Data Store SB SaaS Audit Store Services SB Daemon CSSD REST API Identity Connector AEB Mapping Federation CSB Event Connector LDAP Mapping REST API Identity Store Secure Data Marshaling 22 © Novell, Inc. All rights reserved.
  • 23. Agenda Why Novell Cloud Security Service (NCSS)? ® What Is NCSS and How Does It Work? Architecture Deployment Options 23 © Novell, Inc. All rights reserved.
  • 24. NCSS Small Deployment • 1 Multi-tenant Director Director Provider Console – With configuration backup/restore services Customer Console Audit Collection/Reporting • 1-N Customers/Tenants, each with: Cost Accounting Collection/Reporting – 1 Secure Bridge and Multi-tenant Operations – 1-2 Security Brokers connecting to 1-20 SaaS applications Customer SaaS Connections Security Brokers Connections Tenant A Tenant B ... Tenant C 24 © Novell, Inc. All rights reserved.
  • 25. NCSS Medium Deployment Director Provider Console Cluster • Multi-tenant Director Cluster** Customer Console Audit Collection/Reporting – 1-8 Directors Cost Accounting Collection/Reporting • 1-N Tenants, each with: Multi-tenant Operations – 1 Secure Bridge – 1-5 Security Brokers connecting to Database 1-50 SaaS applications Cluster Customer SaaS Connections Security Brokers Connections Tenant A Tenant B ... Tenant C 25 © Novell, Inc. All rights reserved. ** Requires clustered DB server deployment
  • 26. NCSS Large Deployment Database Cluster • Multi-tenant Director Cluster** – 1-5 Directors > Console hosting > Multi-tenant Operations – 1-5 Audit Servers Director Audit Cost Accounting Cluster Cluster Cluster – 1-5 Billing Servers • 50-N Tenants, each with: – 1 Security Broker – 1-5 Security Brokers connecting to 1-100 SaaS applications Customer SaaS Connections Security Brokers Connections Tenant A Tenant B ... Tenant C 26 © Novell, Inc. All rights reserved. ** Requires clustered DB server deployment
  • 27. Novell Cloud Security Service (NCSS) Director Provider Console Cluster Customer Console Audit Collection/Reporting Deep Connectors to Rackspace Internal and App Store Apps Cost Accounting Collection/Reporting Multi-tenant Operations Security Brokers Internal LDAP Directory Only. Uses NCSS Tenant A Secure Bridge Internal Identity management System Tenant B with Federation ... No User Accounts on Tenant C Customer Premises Novell Identity Manager Surface Connectors to External SaaS Applications, SSO Only 27 © Novell, Inc. All rights reserved.
  • 30. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.