Multi-National Company Deploys eControl to Manage Network Growth and Prepare for IDM 3



By: tpoapst

April 25, 2007 9:13 am

Reads: 163

Comments:0

Rating:0

Overview

A leading multi-national marketing company is upgrading to eControl 2.5 to provide delegated user account management for the network systems it acquires during its  aggressive growth through acquisition strategy. This company is among the top global marketing companies with offices and business units on all continents except Antarctica.

“Our company bought eControl two years ago to manage the 7,500 users in our core global network system running Novell eDirectory,” said a company representative. “By deploying  eControl’s web-based delegated user management solution, we were able to centralize our help desk services to a single location and serve our global account management needs 24 / 7. eControl allowed us to secure our network by removing all trustee assignments from eDirectory and the file system for our help desk operators. As a result of deploying eControl, the only people with supervisor rights in our system are the senior network engineers. eControl’s audit function writes all account changes to an audit file that is available to help satisfy our internal and external audit and security compliance requirements.

The Challenge

“Our company is growing and diversifying through aggressive acquistion. The challenge faced by most companies that pursue this strategy is caused by the technology integration problems related to each acquired company having its own set of IT systems and processes. We needed to identify and implement a process that would overcome this challenge and deliver a centralized help desk, account creation and delegated user account managementsolution. The solution needed to scalable to meet our global growth requirements. “Prior to installing eControl 1.5, we had to assign supervisor trustee rights to a large number of staff members to allow them to create accounts and manage Novell eDirectory, GroupWise and file systems. With 7,500 users in our core network and plans to grow this to 30,000 accounts and more in the next year, we needed to implement a high-security system. Having multiple people with supervisor rights in our systems was a significant security and audit challenge.”

“We needed a solution that would allow us to eliminate excessive supervisor rights, generate comprehensive audit logs of user account management changes, and manage our extended eDirectory schema values. We also needed a system that was easy to use. Given the relatively high turn-over of our non-technical help desk staff, we needed a solution that would empower new, non-technical staff to securely carry out user account management tasks with minimal training. Another significant consideration was how deploying eControl would allow us to properly plan and deploy Novell IDM 3 as phase two of our global network strategy.”

The Solution

Omni eControl was chosen because it delivered:


  • Web-based, “ZERO Rights” solution: eControl allows junior administrators and service desk operators to perform a delegated, restricted set of user account management tasks – reset passwords, manage eDirectory group membership, manage extended schema values, release intruder lockout and others – without ANY rights in Novell eDirectory or the file system. eControl users usually require fewer than 15 minutes of training to master eControl’s intuitive web-based interface.


  • Improved security and regulatory compliance: eControl allows you to completely lock down your security environment. eControl users require NO Trustee Assignments, NO permissions, NO access to the file system, NO System Access Rights and NO access to ConsoleOne, NWAdmin or iManager. Disabling and expiring accounts can be securely delegated to HR personnel or junior support staff. Administrators can enforce strong password policies and reduce the risk of regulatory exposure and security liability.


  • Archivable audit log: eControl’s complete audit trail enables administrators to track and report on all account changes.


  • Extended schema value management: eControl’s configurable XML-driven interface provides complete flexibility to allow administrators to efficiently add fields or otherwise modify existing forms. This allows delegated staff to view and/or manage extended schema values that are populated from PeopleSoft or other HR solutions into eDirectory by Novell’s Identity Manager.

“Identity management continues to be a challenge given the number of different systems our company acquires,” continues the company respresentative. “We have finalised our identity management strategy and will deploy Novell Identity Management 3 over the next 12-16 months. We see eControl as the first step in our path to deploy Novell Identity Manager 3 (IDM). As accounts are created and changes are made to user accounts in our Novell Identity Vault with eControl, Novell Identity Manager will synchronize these changes to each of the local systems to provide access to the multiple eDirectory, Active Directory, Lotus Notes, Oracle and other systems used by individual business units.”

The Results

“As a result of the successful implementation of eControl for the past two years on our corporate network, plans are now in place to deploy eControl 2.5 across our global network to manage over 30,000 accounts,” continues the company representative. “We received an immediate return on our eControl 1.5 investment and look forward to deploying 2.5 across our global system. As an indication of how important eControl is in our global growth strategy, eControl has been identified as the most important globally strategic, mission critical application on our network. With eControl 2.5, we will deploy a second fail-over server in a different city to ensure 24/7, 99.999% uptime of eControl’s services.

“We have re-architected our global network around eControl’s help desk, account create and delegated account management services. eControl has profoundly changed the way we manage our systems by allowing us to securely delegate account creation and management tasks to non-technical staff. In the future, account creation could well be managed by Novell IDM 3, but for now, eControl is the foundation of our plans moving forward. Omni’s technical support has been excellent. Given the complexity and continuous changes to our systems, we had expected there to be problems with eContol’s flexibility and scalability. eControl has out-performed our expectations and I am looking forward to finishing the global deployment.

We highly recommend eControl as an ideal first step in unifying account management prior to deploying Novell Identity Manager. eControl is helping our company use technology to better pursue our global growth strategy.”

“Omni is particularly proud to have eControl be deployed as the enabling technology behind user account management for this company’s global IT growth and expansion strategy,” said Aldo Zanoni, CEO and Managing Director for Omni Technology Solutions Inc. “eControl delivers an immediate win to companies that need to deliver delegated user account management and decrease the number of accounts with supervisor rights on their complex systems.”

All trademarks are the property of their respective owners.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Expert Views

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment