home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Powered by InformationWeek Business Technology Network
InformationWeek 500 Conference -- September 14-16, 2008 Registed Today!

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Technology Business Applications
R E V I E W  
RFI: Employee Provisioning Software: eProvision Has All the Right Moves

  August 19, 2002
  By Lori MacVittie


>> continued from previous page

Other Products Reviewed
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Self-Service
arrow
 Business Layers eProvision Software 3.0
arrow
 Other Products Reviewed
arrow
 RFI Scenario: Stuff4U
arrow
 Full Responses To RFI
arrow
 ROI Chart
arrow
 Report Card

Waveset Technologies Lighthouse 2.0 | Access360 enRole 4.2 | Novell Identity Provisioning for Employees

Waveset Technologies Lighthouse 2.0



With a large number of production systems, we needed a nonintrusive provisioning solution. Waveset Technologies' Lighthouse 2.0 fills that bill. This technology is truly agentless and employs a flexible, J2EE architecture. The product's unique metadata storage approach, which stores limited authentication information centrally rather than replicating it locally, saved storage space, but we were concerned about synchronization efforts and the implications for a truly distributed deployment model. We also were more impressed with the escalation procedures found in the offerings from Business Layers and Access360.

Lighthouse 2.0 has an abundance of deployment platform choices. Although it has flexible, role-based functionality, it also provides for enterprises that are not yet ready to migrate to a completely role-based solution, such as Access360's product. Waveset's solution, like the rest of the competitors, can import account and resource information from managed systems to reduce the time to implementation.


Like Novell's Identity Provisioning for Employees, Lighthouse offers mapping features that can match accounts from disparate systems to a single identity automatically, based on information garnered from attributes. Given employee John Smith with a social security number of 123-45-6789 and a distinct phone number, for example, both systems can try to match accounts to a single employee identity. For accounts that cannot be mapped automatically because of differences in name-space policies, the admin can assign the accounts to an employee. Lighthouse also lets employees identify accounts manually, by specifying the location of the account and entering the correct user name and password, something its competitors don't do.

With its agentless architectural model, Lighthouse also offers gateways in situations where secure protocols are not available for remote resource management, such as Microsoft Active Directory Services (ADS). These gateways are remote agents that can be deployed on servers and can manage multiple ADS installations.

Waveset quoted a $450,000 list price for the Stuff4U rollout and offers a 30-day money-back guarantee program for up to 5,000 users.

Lighthouse 2.0, Waveset Technologies, (512) 338-1818, (866)-WAVESET. www.waveset.com

Access360 enRole 4.2

Another completely Web-based solution, Access360's enRole 4.2 has excellent integrated workflow tools. The drag-and-drop interface is easy to understand and manipulate, making the creation of an approval process a breeze. But at $600,000, this product was too rich for our blood.

All four vendors indicated that their products could interface with existing workflow products; Waveset adheres to the workflow interoperability standards established by the Workflow Management Consortium.

EnRole lets you configure teams and groups for integration into the approval process, as does Business Layers' eProvision. EnRole requires an agent to communicate with every system, but like Novell's and Business Layers' products, does not require that the agent reside on the managed system. This is important because it is often neither desirable nor feasible to install an agent on the managed system.

The downside to employing an agent that resides on the provisioning server to manage a remote host is that security is often compromised. Access360 uses PKI x.509 certificates between server and remote agents, but this security measure is lost when deploying server-side agents as opposed to remote agents. Waveset uses PKCS5 cell padding, 168-bit 3DES encryption and full CHAP-like bidirectional authentication. Novell says it does encrypt data but did not describe its methods, and Business Layers uses either SSL or SSH.

enRole 4.2, Access360, (949) 255-3100, (877) 742-6400. www.access360.com

Novell Identity Provisioning for Employees

Novell Identity Provisioning for Employees is perhaps the most flexible of the systems we reviewed, but the solution requires the use of XSLT (Extensible Stylesheet Language Transformations) and would have taken too long to implement. Because it would be necessary to write the transformations by hand, the training time would be greater with the Novell solution than the other products.

As our remote sites are retail stores with a high level of turnover, we liked having the flexibility to fully manage remote sites as independent entities with only minimal attribute flow between each site and headquarters.

Novell's distributed architecture and granularity of control would have served our scenario well in this respect. Not only does the product allow for distributed LDAP trees, but each tree can be managed individually while the solution manages only the configured pieces of the system. This architecture beats Business Layers' and Access360's centralized storage models.

Novell's Identity Provisioning for Employees is based on its eDirectory and DirXML products, and can be deployed on Windows 2000/NT, Linux, AIX and NetWare. We liked the flexibility of deployment options.

Unfortunately, Novell's solution is missing password self-service and reporting features, so we took it out of the running for Stuff4U. We were also looking for an easy-to-use workflow process. While Novell's use of XSLT provided the highest level of flexibility, this implementation would hamper implementation because nontechnical business users must be involved. We were impressed with Novell's honesty. For example, only Novell admitted that some business-process change might be necessary at some point.

Novell Identity Provisioning for Employees costs $35 per user for a Phase 1 implementation. For our scenario, 5,000 users on four target systems, Novell put the price at $175,000. Although the price is lowest, that factor could not make up for the product's lack of password self-service.

Identity Provisioning for Employees, Novell, (801) 861-7000, (800) 453-1267. www.novell.com

Technology editor Lori MacVittie has been a software developer and a network administrator. Most recently, she was a member of the technical architecture team for a global transportation and logistics organization. Send your comments on this article to her at lmacvittie@nwc.com.


start top  Business Layers eProvision Software 3.0 RFI Scenario: Stuff4U 





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights