Download presentation
Presentation is loading. Please wait.
SUSE LINUX 與 LDAP認證和單一簽入平台應用
黃成弘 Chris Huang Novell Taiwan
Agenda 設定目標, 讓我們有選擇的自由… 認識Linux的價值 認識SUSE LINUX Novell在開放原始碼世界做了什麼 ?
- 建立LDAP認證/整合與單一簽入平台
Linux是FREE的 ? Linux就像水一樣, 是免費的 ”Water is for free,
but there is a market for bottled water” 所以, 採用Linux方案要付的代價是 “maintenance + service offerings”
採用Linux最大的好處是 : Cost savings
Linux is the least expensive server platform to deploy and operate - 87,3% -55,9% Source: Robert Frances Group “TCO for Linux in the Enterprise". July 2002.
Meta Group : 採用Linux的 7 大理由
SUSE在Linux市場中的定位 SUSE是歐洲Linux市場銷售冠軍 SUSE在美國市場成長非常積極
SUSE在x86硬體上的Linux市場佔有率約20%, 排名第二 SUSE在64-bit硬體上的Linux市場穩坐領導地位 SUSE成功貢獻於non-x86的企業應用, 並獲得全球超過50% 的 IBM i/pSeries和80% S/390, zSeries的的硬體採用SUSE LINUX平台 “In every category, SuSE either held first place or tied Red Hat for that position” DH Brown, Linux Function Review, 2003
SUSE有那些獨步全球的優點 ? 遠見 : The Universal OS© 專注企業級Linux應用
一套原始碼, 產出多種平台 專注企業級Linux應用 一開始, SUSE主要的設計是為了企業的大型主機(mainframe), 讓 大型主機上的品質(99.999)轉移到其它平台 已被認證的Linux安全性(Security Certifications ) SUSE LINUX是開放原始碼中唯一通過EAL3+嚴格認證的Linux平台 SUSE建立全球Linux經濟體系發展的最佳典範 積極選擇策略合作夥伴以建立完整的Linux Solutions, 讓企業受惠 IBM, Oracle, CA, HP, SAP, BEA, DELL, … and on, and on, and on . . .
SUSE Vision : 企業的過去/現況 The Enterprise Yesterday (sadly)… ERP apps
Web apps Custom apps Db’s MS Windows XP MS Windows 2000 MS Windows 2000 Server MS Windows NT Sun Solaris 9 AIX HP UX OS2 OS/400 ZOS Linux OS’s Desktop Main Frame
SUSE Vision : “Universal OS”
The Enterprise Today … ERP apps Web apps Custom apps Db’s SuSE Linux Desktop / Enterprise Server Universal OS© Compaq Dell SUN HP IBM DeskTop Main Frame
Universal OS 的研發與生產過程 Autobuild
C o d e F a c t o r y Open Source Community SUSE Common Code Base Autobuild Quality Assurance + Documentation P R O D U C T I O N Configuration and Test X86 Manual Regression Automated Regression Feature Test Intel 64 AMD 64 S/390 zSeries 64 ~3,000 Packages PowerPC 64 ~6,000 Patches Automated System identifies incompatibilities ~ Lines of Code ~4, Lines of Code Fixes Fixes Since 1997 – a mature process
Novell SUSE LINUX 產品列表 企業應用產品 Novell Linux Desktop (beta)
SUSE Standard Server * SUSE Enterprise Server * 消費者產品 SUSE Personal * SUSE Professional 用同一套 source code 建造, 讓您的 desktop/laptop 擁有mainframe 等級的 穩定性和可靠度 ( * 自由下載試用(x86), Enterprise Server Standard Server Source Code Open- exchange Desktop
已被驗證的Linux高安全性 EAL(Evaluation Assurance Level)安全認證體系是國際公 認的ISO標準(ISO/IEC 15408),被很多國家、政府、組 織和專家採用做為為關鍵性軟體的安全衡量標準。 SUSE LINUX目前是開放原始碼業界中唯一通過EAL3+嚴格 認證的Linux解決方案。為使用者整體平台的安全性提供 無以倫比的保障。 Novell SUSE LINUX 與IBM一起在IBM xSeries/iSeries/pSereis/ zSeries全系列硬體平台完成認證路徑
全球軟/硬體大廠一致支持 SUSE LINUX
Application vendors Hardware vendors SUSE technology partners develop software, business applications and vertical solutions based on SUSE LINUX. They agree to check their developments in regular intervals for functionality and performance. Numerous hardware vendors also support the SUSE LINUX operating system. A list of certified applications for SUSE LINUX is available at:
The big feature set The YaST family YaST – 無痛安裝 YaST – 圖形化管理介面
YaST Online Update – 自動化的修補程式管理 AutoYaST – 自動化的例行性管理 Provisioning Media creation Net booting
SUSE LINUX有沒有解決您對Linux的顧慮呢 …
是否足够安全(secure) ? 是否容易管理(manage) ? Linux可靠嗎(reliable) ? 它可以執行我現有的應用系統嗎 ? 轉移到Linux會不會很複雜 ? 有誰可以 support 我 ? As one investment analyst firm stated, “We believe Linux is among the most powerful and disruptive emerging technologies in the world today.” While Linux and the open source community looks appealing, many organizations still have many questions before they are willing to adopt Linux within their IT infrastructure. Some questions you may be asking yourself might be: Is it secure? Is it easy to manage? Who do we call if we need support? Is Linux reliable? Will it run my existing applications? If I move to Linux, will it be painful for end users? With years of experience in understanding the needs of enterprise customers, Novell is committed to answering these questions to ensure that all customers can benefit from what Linux and open source have to offer.
Novell在開放原始碼的世界做了什麼 ?
Novell簡介 穩定的財務基礎 遍及全球的業務和支援體系 Novell的客戶 2002 會計年度的總收入為11.34億美元,銷售額成長8%
行政院研考會( 政府40/50 SmartBUY,英國國防部,英國電信,澳洲維多利亞政府,中 國信託銀行,台新銀行,上海銀行,旺宏,世界先進,B&Q,和泰汽車,中 華電信,宏基電腦、美國本田、Bank One、Blue Cross Blue Shield、 英國航空、CitiExpress、Canon Business Solutions、Cathay Pacific、洛杉機市、德國漢莎航空公司、Michelin、西南航空、加 利福尼亞州、三井住友銀行。
Novell Linux 策略的關鍵目標 2003 年 4 月, BrainShare 鹽湖城 2003 年 6 月 2003 年 8 月
宣布將會把基予NetWare作業系统的所有服務和特性完全遷移到Linux核心 上(2004年底),同時在NetWare 6.5中也提供關键的開放源始碼的軟體 依據Novell强大的全球教育訓練和認證體系,Novell宣布了Novell Certified Linux Engineer(CLE)計劃,以確保在業界提供傑出的Linux人 才 展示了 GroupWise for Linux 2003 年 6 月 發表第一套Linux的企業應用產品:Novell Nterprise Linux Services 可執行於 RedHat 和 SUSE 上 與 Dell、IBM、HP 合作 2003 年 8 月 Novell 收購全球领先的Linux桌面管理方案提供商 Ximian 2003 年 9 月 Novell 併購 SUSE LINUX 2004 年 1 月 Novell 宣佈Linux保障計劃, 保障客戶對Linux智慧財產權的挑戰
Open Enterprise Server (2004年底)
M / U M / U L N Open Enterprise Server Enterprise Services L N NetWare 7.0 Services NW 4.11 NetWare 6.5 Services M / U M / U M / U Alternative Upgrade Path N NW 5.1 M / U M / U L N Nterprise Linux Services 2.0 NW 6.0 New Purchase Premium M / U Nterprise Linux Services v1 New customers and NetWare customers not paying M / U M / U = Maintenance and Upgrade Protection Nterprise Linux Services 2 L 如果你有升級或轉移的問題, 我們有答案.
從PC桌面到伺服器, Novell都可以幫你
辦公室應用 協同辦公 管理 開發工具 伺服器 SUSE LINUX Novell Linux Desktop iFolder iPrint eGuide Virtual Office Evolution NetMail GroupWise eDirectory ZENworks for Desktop, Server, Handheld, Linux(Red Carpet) exteNd Director exteNd Composer Mono SUSE LINUX NetWare Storage Services Novell Nterprise Linux Services 基於Linux的顧問服務 基於Linux環境的安全服務
Novell將協助您做Linux Migration conceptual
Direction Setting Implementation
最近的消息 德國的Munich市政府和挪威的第二大城市Bergen選擇Novell SUSE方案
Novell在電子化政府的應用有那些方案 ?
Novell 在電子化政府的成功應用 Identity Management Access Management
- 建立電子化政府LDAP認證平台, 同步整合身份和帳號資訊 Access Management - G2G2C單一簽入平台, “一組ID, 行遍天下”, 存取的安全 性 Resource Management - PC和網路資源安全控管 4. Policy Management - 管理政策
1-建立LDAP安全認證基礎平台 Users and Devices LDAP認證管理平台 Services
So why is Secure Identity Management and Services-Oriented Architecture complementary ? Let’s understand how and why combining these technologies provides the right platform to solve the business and technological complexity. It gives you the edge required to stay ahead and is critical to how you leverage existing systems and use the information and capabilities of those applications to power the needs of the organization. First you enable these systems as services, irrespective of the kind and type of systems. This lets us assemble and re-use these services in different ways to solve different problems. Since these services are exposed using standards based Web Services, systems that were not capable of sharing data can now be integrated. No need for manual transfer of data or transactions. Services services Existing Systems
2-在平台上建立各應用系統間的關連 Authenticate 認證 Authorize 授權 Users and Devices
Validate your identity Determine your role Authorize 授權 Verify access rights Identity Store LDAP認證管理平台 Having services-enabled the systems, the next step would be to setup a robust and secure identity management layer. This enables management of users and services and their identities. Associating these services with identities ensures only the right users get access to the services based on their profile and role. The reason for managing identities is to apply its management for some system or other. This forms a critical aspect of the architecture to avoid security risks as more systems are exposed to more users. To do this, it is essential to authenticate the user so you know the user accessing information and then authorize them so they get access to only the appropriate information based on their roles. The identity management store enables sharing, integrating and synchronizing all user information so you can set manage these users across multiple applications. You can set policy for example, across all applications and not have to define them for each application. Web services Services Existing Systems
3-根據使用者身份自動提供資源與服務 自動提供資訊和授權 啟動 single sign-on Users and Devices
Provision & personalize appropriate services 啟動 single sign-on LDAP認證管理平台 The identity foundation not only helps provision users to these services so users can be automatically given access to services based on their role but also helps set context based on the user’s identity. This avoids overflow of information to users and enables personalization either explicitly or implicitly. Shared identity information across applications help setup single sign-on to avoid the need for users to sign in multiple times when they access various services. Services Operating Environments
4-考慮跨系統, 跨組織提供服務 B2B/G2G Users and Devices 跨平台, 跨組織自動提供服務 Provision services across organizations Identity Store LDAP認證管理平台 This could be extended within organizations and between organizations. So, identities across stores can be federated, enabling different types of users like partners and customers accessibility to applications through shared profiles. Users can directly log in to different portals and providers without the need to login several times. For example, a user could use their company portal and access a vendor site directly without requiring to log in, since identity information is federated based on an agreement between the two organizations. Services Operating Environments
5-啟動使用者自我服務 安全的進行管理工作 Secure Administrator level services
Users and Devices 安全的進行管理工作 Secure Administrator level services 個人化的服務 Personalized end-user services LDAP認證管理平台 And lastly enabling access to these applications and services through a self-service portal. The portal has different levels of access based on the user type. Administrators have a different level of access to services than end-users. Services Operating Environments
Novell Identity Manager (IDM2) 可整合的系統
Novell 在電子化政府的成功應用 Identity Management Access Management
- 建立電子化政府LDAP認證平台, 同步整合身份和帳號資訊 Access Management - G2G2C單一簽入平台, “一組ID, 行遍天下”, 存取的安全 性 Resource Management - PC和網路資源安全控管 4. Policy Management - 管理政策
iChain Authorization Server
Novell iChain 是如何工作的? 府 內Web網 路 資源 iChain Proxy Server Web AP1 User=xx Password=xx Security ACL Web 使用者 職稱=經理, 業務別=公文 Web AP2 1. 認證 Authentication- Who are you? ACL 2. 存取控制 Access Control What do you have access to? Web AP3 3. 單一登入 Single Sign On 4. 個人化應用 Personalization (OLAC) iChain Authorization Server (LDAP認證平台) 5. 資料加密和安全 Confidentiality
B2B/G2G, 跨機關單一簽入 其他單位 透過為iChain提供Liberty及SAML的能力,
機關間可以提供這些標準的支援卻不必改動既有的Web應用系統 其他單位 SAML Extension for iChain iChain SAML Extension for iChain 標準的web單一簽入 iChain
Novell 在電子化政府的成功應用 Identity Management Access Management
- 建立電子化政府LDAP認證平台, 同步整合身份和帳號資訊 Access Management - G2G2C單一簽入平台, “一組ID, 行遍天下”, 存取的安全 性 Resource Management - PC和網路資源安全控管 4. Policy Management - 管理政策
Novell ZENworks: 一套完整的 Resource Management & Integrity 方案
Data Images Patches hotfix Configuration Applications Reports In summary, ZENworks includes a comprehensive set of features that enable a holistic approach to the security and management of your IT resources, ZENworks enables your systems to be easily and rapidly implemented, protects those resources throughout their lifecycle, allows you to determine the security of individual system or the enterprise as a whole, and enables easy, rapid recovery in the event of virus attacks and system failures.
ZENworks: 自動管理伺服器、桌上型電腦、筆記型電腦及 PDA/WinCE
Solaris Linux NetWare® Windows 跨平台 軟體部署/管理/Patch Mgmt 組態管理 硬體/軟體庫存 遠端疑難排解 PC 個人化移轉 過去 3 年的投資報酬率 為 2,039% (IDC) 桌上型電腦 筆記型電腦 Objective of slide – Describe the capabilities of the ZENworks family. Key take aways are: 1) ZENworks is cross-platform, 2) ZENworks significantly decreases the total costs associated with managing servers, desktops, laptops and handheld devices by automating repetitive tasks WinCE/PDA 管理員 最終使用者
ZENworks 五大效益 For Desktop Management Windows PC或Linux Desktop集中安全控管
自動更新 鎖定工作站 單一簽入 (不需NT domain or AD) 安全無虞
iChain 和 BorderManager
網路資源控管架構示意圖 Internet 網 路 資源 府 內 網 路 資源 Outbound iChain 和 BorderManager 駭客 Deny iChain和 BorderManager 一般縣民 Allow 1 – The most basic function of a firewall is to deny undesired network traffic. 2 – Conversely, the firewall must also allow desired traffic. This example might be a partner accessing a secure Web portal. That is, iChain being accessed behind a BorderManager firewall. 3 – Because customers want to allow access to more than just Web-based applications – potentially all legacy resources – firewalls began adding VPN (Virtual Private Networking). Novell was one of the first major vendors to bundle firewall and VPN together, back in VPN provides a secure connection between the remote workstation and the firewall, protecting sensitive data from interception on the public Internet. 4 – The most popular capability of NBM is the ability to manage access by internal users to external resources on the public Internet, controlling and logging activity by user identity. This includes… 5 – The ability to block access to undesirable or potentially dangerous content. Now looking back at the VPN feature, we’ve actually created a security hole. The VPN remote client is typically an unmanaged machine, possibly a home PC. That machine, once connected to the private network by VPN, becomes an unregulated entry point into the private network. Therefore, to provide a complete solution, you must… 6 – Lock down that machine with a client-side firewall. Secure VPN, Client Firewall 員工在外 員工 來訪者
Freedom of Choice 選擇能給你的投資回報 最大化的技術 保持你的獨立性 靈活性
8月13日: Novell/IBM Linux 技術研討會
一天 8 小時的技術研討會, 一步一步以實作的角度說明以下 兩個主要產品和應用, 也是要取得Novell CLE認證的必修 課程 主題: SUSE Enterprise Server 8 Novell Nterprise Linux Services 報名: Novell Taiwan, Tel:(02) ext.801 王小姐
Similar presentations