Novell® Storage Manager Leveraging Novell Storage Manager and Identity Manager for Provisioning and Compliance of Network Storage David Condrey Engineering Manager [email protected]
Dec 15, 2015
Novell® Storage ManagerLeveraging Novell Storage Manager and Identity Manager for Provisioning and Compliance of Network Storage
David CondreyEngineering [email protected]
© Novell Inc. All rights reserved
2
Agenda
• Introductions
• Role-based Provisioning and Compliance
• Novell® Storage Manager Overview
• IDM Entitlements and Storage Integration
• Role-based Provisioning
• Workflow Entitlements
http://www.storagemgr.com/nsm20/docs/presentations
Introductions
© Novell Inc. All rights reserved
4
Introductions
• David Condrey – NSM Engineering Manager
• Kamal Narayan – NSM Product Manager
• Dave Arnold – NSM Senior Engineer
• Behzad Anaraki – IDM Consultant
Role-based Provisioning and Compliance
© Novell Inc. All rights reserved
6
Relationship Begins
Role-based Provisioning & Compliance
Provisioning
Move Locations Change Roles
Forgot Password
Password Expires
Promotion
Password Management
Relationship Ends
De-provisioning
Workflow Entitlement
Access Resources
Access Management
Single Sign-on
Network Storage
Role-based Provisioning
Approval
© Novell Inc. All rights reserved
7
Monitor, Respond and Report
SecurityPolicies &Procedures
Security & Access Management
Roles and Access LifecycleManagement
Security Event & Compliance Monitoring
Monitor, Remediate, Report on all security events
Identity & Policy Management
User Account Provisioning
Password Management
Role-based Administration
Workflow & Approval
Systems & Resource ManagementInventory & Patch Management
Configure and Inventory
Event Management & Correlation
Unified Identity & Security
Management Foundation
Storage ManagementIdentity, workflow and policy-driven storage management
Comprehensive Solution That Lets You Expand As Needed
Novell Storage Manager Overview
© Novell Inc. All rights reserved
9
• Netware & OES Linux• Windows Storage• Novell Clustering Services• Novell Storage Services• iSCSI Support• Storage Area Networks
• Personal Storage Management• Group Storage Management• Trustee & Rights Analysis• Identity Driven Data Migrations• Data Manager Workflow• Analysis & Storage Trends• Cross-platform Support
Role Identity-drivenStorage Mgt
AD
Storage
Novell eDirectory
Microsoft Active Directory
Event
Event
Policy
Policy
• Provisioning / De-Provisioning• Role Based Management
Novell Storage Manager
Novell Storage Manager
Novell Storage Manager
Novell Storage Manager
Event-driven Storage Management
© Novell Inc. All rights reserved
10
The Common Thread: Identity
•HIPAA
•Sarbanes-Oxley
•Privacy Act
•Audit Requirements
•NCLB / AYP
•Fast employee ramp-up
• Do more with less
• Team Collaboration
•Eliminate redundant administration tasks
•Reduce helpdesk burden
•Trend Analysis
• Reduce Complexity
•Consistent storage policies
• De-provision access to critical data
• File Rights Analysis
•Intellectual Property
Identity-driven Storage Management
Regulatory ComplianceProductivity
Cost Reduction
Data Security
© Novell Inc. All rights reserved
11
Manage Storage Based on Policy
…and be done with it.
Put your policies in the directory...
… point your directory at your disk…
© Novell Inc. All rights reserved
12
Novell Storage ManagerPolicy Architecture
PolicyAssociations
Personal Storage Management
Rules
Collaborative Storage Management
Rules
© Novell Inc. All rights reserved
13
Event-driven Storage Management Across Novell Server Platforms
eDirectory
EngineeringMarketing
Novell Storage Manager
Identity
OES LinuxNetware
Eve
nts
• Create• Rename• Move• Add Owner• Add Member• Delete
© Novell Inc. All rights reserved
14
London Sales
Atlanta HR
Event-driven Storage Management for Windows Server Platforms
Windows 2003
Windows 2000
Identity
Novell Storage Manager
Active Directory
Eve
nts
• Create• Rename• Move• Add Member• Delete
© Novell Inc. All rights reserved
15
Provision Role-Based Data
Manage Renames
Provision Storage
CreateUser
TransferDelete User
Set RightsSet Attributes
Rights Analysis
Manage Quota
Queue to Manager
Vault
Reassign
Delete Storag
e
Lifecycle Storage ManagementBased on Identity and Policy
Vault Storage
Storage Reports, Data
Scrubbing
Inactive User Policy
Novell Storage Manager™ 2.1
© Novell Inc. All rights reserved
17
Novell Storage Manager™ 2.1
• OES Linux Deliverables and Requirements• Enterprise Storage Reporting• Auxiliary Storage Management• Collaborative Storage Enhancements• User Interface Restructuring• Novell® Identity Manager Integration
For more details on all features, please visit the Novell Storage Manager table in the solutions lab
© Novell Inc. All rights reserved
18
2.1 NSM for eDirectory Server Deliverables
Event Monitor
Agent (formerly NSM Sentinel)
Snapshot Reporting Agent
Snapshot Reporting Server
Engine
© Novell Inc. All rights reserved
19
Component Interaction
Event Monitors
Engine
Agents
Reporting Server
Reporting Agents
Data Volumes
© Novell Inc. All rights reserved
20
Event Monitoring
• SLES 10 SP1 or later• OES 2 or later• NW 6.5 / OES-NW SP6 or later
• eDirectory 8.7.3.9 or later• eDirectory 8.8 SP2 or later
© Novell Inc. All rights reserved
21
Agent
• OES 2 (with Patch)• NW 6.5 / OES-NW SP6 or later
• NW – NSS / Traditional• OES NW – NSS / Traditional• OES 2 – NSS• OES 2 – EXT3• OES 2 - Reiser
© Novell Inc. All rights reserved
22
Snapshot Reporting Agent
• SLES 10 SP1• OES 2• NW / OES-NW SP6 or later
• SLES 10 SP1 – Native EXT3• SLES 10 SP1 – Native Reiser• OES 2 – NSS• OES 2 – NCP/EXT3• OES 2 – NCP/Reiser• NW – NSS / Traditional• OES NW – NSS / Traditional
© Novell Inc. All rights reserved
23
Snapshot Reporting Server
• SLES 10 SP1• OES 2• Windows Server 2003• Windows Server 2003 SR2
© Novell Inc. All rights reserved
24
Engine
• NW / OES-NW SP7
• OES 2 – NSS• OES 2 – NCP/EXT3• OES 2 – NCP/Reiser• NW – NSS / Traditional• OES NW – NSS / Traditional
Novell® Identity Manager Integration
© Novell Inc. All rights reserved
26
Classic IDM / NSM Integration
Event Monitor
Engine Agent Data Volume
IdentityManager Driver
Policy
User/Group/Container Events
© Novell Inc. All rights reserved
27
Policy
• Contains rules and scopes for a predefined set of actions.
• Sets of actions are defined per event type (create user, move user, add group member, etc).
• Set of actions occurs in a defined order.• NSM process queue assures completion of each action in good times and bad.
© Novell Inc. All rights reserved
28
Maybe Policy is Not Enough
• Want to control the actions and the order in which they occur (roll your own).
• Taking action outside of the Policy construct.• Work with events and objects that are not connected to Policies.• Insert approval processes through workflow.• Drive atomic file system actions through the IDM Driver paradigm.• Do things we have not thought of.
NSM needs a command/control interface for developers.
© Novell Inc. All rights reserved
29
Choosing a Command/Control Interface
Considered– SOAP or Web Services– Local System API– RPC-Based API– others
Most IDM developers know how to work with Directory Services.
So, let’s use eDirectory as the Interface.
ActionObjects
© Novell Inc. All rights reserved
30
Novell Storage Manager
NS
M A
ction
Ob
ject
Novell Identity Manager
Wo
rkflow
Event Layer
Directory
RB
P
Action Object Architecture Diagram
© Novell Inc. All rights reserved
31
Action Object Command and Control
© Novell Inc. All rights reserved
32
IDM Entitlements & Storage Integration
Role Based
Storage Manager
IDM
Workflow Based
Role-based Provisioning (RBP)
Identity Manager Entitlement
HR System
Workflow Entitlement
NSM Action Object
© Novell Inc. All rights reserved
33
Role-based Provisioning
Role Based
Storage Manager
IDM
Workflow Based
Role-based Provisioning (RBP)
Identity Manager Entitlement
HR System
Workflow Entitlement
NSM Action Object
© Novell Inc. All rights reserved
34
Role-based Provisioning
Role Based
Storage Manager
IDM
Workflow Based
Role-based Provisioning (RBP)
Identity Manager Entitlement
HR System
Sales Role
Workflow Entitlement
NSM Action Object
© Novell Inc. All rights reserved
35
Role-based Provisioning
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Workflow Entitlement
NSM Action Object
Role-based Provisioning (RBP)
© Novell Inc. All rights reserved
36
Role-based Provisioning
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Department
Sales Role
Workflow Entitlement
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
© Novell Inc. All rights reserved
37
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Department
Sales Role
Workflow Entitlement
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
© Novell Inc. All rights reserved
38
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Workflow Entitlement
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Register New Client
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
© Novell Inc. All rights reserved
39
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Workflow Entitlement
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Approval
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
Register New Client
© Novell Inc. All rights reserved
40
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
Register New Client
© Novell Inc. All rights reserved
41
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
Register New Client
• Provision ABC Inc folder• Assign RW access and Flag RI DI• Copy Legal Template
© Novell Inc. All rights reserved
42
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Sales Share
Role-based Provisioning (RBP)
Register New Client
• Provision ABC Inc folder• Assign RW access and Flag RI DI• Copy Legal Template
© Novell Inc. All rights reserved
43
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
NSM Action Object
Sales Role
Sales Department
Workflow Entitlement
Approval
Sales Share
Role-based Provisioning (RBP)
Provision new client folder, assign RW access, flag RI DI, and copy Legal Template files
ABC Inc
Register New Client
• Provision ABC Inc folder• Assign RW access and Flag RI DI• Copy Legal Template
© Novell Inc. All rights reserved
44
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Role
Sales Department
Workflow Entitlement
Approval
Completion StatusNSM
Action Object
Sales Share
Role-based Provisioning (RBP)
ABC Inc
Provision new client folder, assign RW access, flag RI DI, and copy SOP files
Register New Client
• Provision ABC Inc folder• Assign RW access and Flag RI DI• Copy Legal Template
© Novell Inc. All rights reserved
45
Workflow Entitlements
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
Notification to User
Completion StatusNSM
Action Object
Role-based Provisioning (RBP)
Register Client Request
ABC Inc
• Provision ABC Inc folder• Assign RW access and Flag RI DI• Copy Legal Template
Provision new client folder, assign RW access, flag RI DI, and copy SOP files
© Novell Inc. All rights reserved
46
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Role-based Provisioning (RBP)
Disable Client Request
ABC Inc
Inactivate Client Data
Storage Vault
© Novell Inc. All rights reserved
47
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Role-based Provisioning (RBP)
Disable Client Request
ABC Inc
Inactivate Client Data
Storage Vault
© Novell Inc. All rights reserved
48
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Role-based Provisioning (RBP)
• Move client folder to vault
ABC Inc
Disable Client Request
Inactivate Client Data
Storage Vault
© Novell Inc. All rights reserved
50
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Role-based Provisioning (RBP)
• Move client folder to vault
Disable Client Request
Inactivate Client Data
ABC Inc
Storage Vault
© Novell Inc. All rights reserved
51
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
NSM Action Object
Role-based Provisioning (RBP)
ABC Inc
• Move client folder to vault
Inactivate Client Data
Storage Vault
© Novell Inc. All rights reserved
52
Role Based
Storage Manager
IDM
Workflow Based
Identity Manager Entitlement
HR System
Sales Share
Sales Role
Sales Department
Workflow Entitlement
Approval
Notification to User
Completion StatusNSM
Action Object
Role-based Provisioning (RBP)
• Move client folder to vault
Inactivate Client Data
ABC Inc
Storage Vault
Live Demonstration
© Novell Inc. All rights reserved
54
NSM Action Object
© Novell Inc. All rights reserved
55
© Novell Inc. All rights reserved
56
Action Object Driver Set
© Novell Inc. All rights reserved
57
Provision Client Folder Request
© Novell Inc. All rights reserved
58
Provision Client Folder Request
© Novell Inc. All rights reserved
59
Client Registration Approval
© Novell Inc. All rights reserved
60
Client Registration Approval
Q & A
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of
Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or
market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
© Novell Inc. All rights reserved
64
Color Palette
RGB224 0 0
RED
RGB230 120 20
ORANGE
RGB98 158 31
GREEN
RGB0 174 239
BLUE
RGB60 60 65
RGB90 90 100
RGB204 204 205
DK GRAY
Note:The gray dotted-line box represents the margins or “working area” into which all text and most graphics and diagrams should conform.
How to Add Novell Colors to Your OpenOffice Color Palette:1. Go to the “Tools” menu2. Select “Options”3. Expand “OpenOffice.org”4. Select “Colors”5. Delete existing colors (one-by-one)6. Add Novell Colors by giving them a name and entering RGB values7. Click “OK”
RGB50 118 109
TEAL
RGB255 221 0
YELLOW
MD GRAY LT GRAY
© Novell Inc. All rights reserved
65
Graphics & Typeface
RED
ORANGE
GREEN
BLUE
GRAY
Icons/Lines: This presentation refresh simplifies the current template and pushes focus on the content being presented. The icon library will continue to be utilized, but a refresh will be noticeable with the addition of the “Bubble” set of icons, and a subtle color shift. These icons are created to provide a professional, consistent look. When these icons are used sparingly, and in direct relation to the content on the slides, our presentations will communicate and work more effectively.
Note:
Typeface: Arial has been selected as the new typeface for all Novell communications. The following were considered.
1. Our typeface needs to be designed to carry information quickly to the reader.
2. It needs to be usable for Novell employees in company correspondence and presentations, as well as for outside vendors for marketing and promotion.
3. It needs to easily function on the Linux, Windows and Macintosh platforms.
4. And finally, Arial was created for these exact purposes.
Download Icon Library at: http://innerweb.novell.com/brandguide
How to Add Novell Icons to OpenOffice Gallery:1. Go to the “Tools” menu2. Select “Gallery”3. In the Gallery window select “New Theme...”4. With the “General” tab active name your new theme (ie.Red flat)5. Select the “Files” tab.6. Select “Find Files...”7. Find the downloaded folder containing the icons named and click “Select”8. Select “Add All” and then “OK”9. Repeat for all icon groups
RED
ORANGE
GREEN
BLUE
GRAY
Bubble
Flat 3-D
© Novell Inc. All rights reserved
66
Novell Storage Manager 2.1 Overview
• Identity-driven and Policy-based Storage Management– Second Level bullet (20pt)
> Third level bullet (16pt)» Fourth level bullet (14pt)
© Novell Inc. All rights reserved
67
Novell Storage Manager
NS
M A
ction
Ob
ject
Novell Identity Manager
Wo
rkflow
Event Layer
Directory
RB
E
Architecture Diagram