Novell Offers New Identity Management Tools

Novell on Wednesday rolled out a new identity management package for Windows, NetWare, and Solaris, an update to its 15-month-old DirXML manager that promises to streamline user administration processes.

Nsure Identity Manager 2 allows IT administrators to deploy an integrated identity management solution, rather than rely on a slew of stand-alone programs for such chores as ID provisioning, single sign-on, and password management, said Novell.

"There are a host of identity management products out there," said Bob Bentley, the product line manager for the Provo, Utah.-based company's identity management group. "But most of them do only one or two things really well. That forces companies to cobble together solutions from several vendors. We're starting from a pretty strong base in functionality, and adding to it to give it the full range of features that are required in an identity management suite."

Among the new manager's capabilities are identity provisioning, single sign-on, password management, role-based administration, and real-time monitoring and reporting, said Bentley.

Among the new features and enhancements tucked inside Identity Manager, Bentley touted the revamped approach to identity policy creation and management.In its precursor, DirXML, administrators created policies using XMLP and style sheets. Although Identity Manager 2 retains that capability, it's also added a browser-based, point-and-click configuration tool for building and managing policies.

"Frankly, there were few people who could use XMLP really well," said Bentley. "It's a fairly arcane art." Instead, the idea behind the switch to a Web-style rules creator "gives the average guy, the average administrator, a way to be productive."

At the same time, Bentley noted, the change will eliminate the need to bring in consultants versed in XMLP and Novell's DirXML, a stumbling block for some organizations, particularly smaller shops and enterprise departments.

Another new feature in Identity Manager 2 that Novell's hoping will give it traction is a suite of password functions it's added to the product.

To trim the time that IT spends managing users' passwords, Identity Manager allows employees to reset forgotten passwords themselves from a browser-based screen. The new password is automatically synchronized across all the connected systems, reducing the need for help desk intervention.Additionally, Identity Manager 2 acts as the organization's central password enforcer, handling all the applications and identity stores on the network. If a worker sitting at a Windows XP desktop is prompted for a new password -- because his existing one has expired -- no new agent or client code has to be installed to take care of the problem. Instead, the user simply enters a new password, and if it meets the policies established by Identity Manager, he's good to go. If not, the password is automatically reset to the last valid one, or to a default password defined by the Identity Manager. An e-mail is then sent to the user alerting him of the new password.

"Identity Manager will cut down on help desk calls, and cut down the cost of administering passwords," Bentley promised.

Analysts took kindly to Novell's new ID manager. "It offers a logical migration path for existing eDirectory and DirXML customers," said Gerry Gebel, an analyst with the Burton Group. "And its features and capabilities will also benefit non-Novell customers."

Novell's after a bigger audience with Nsure Identity Manager 2, whose precursor has done well at the enterprise level, but lagged in what Bentley dubbed 'tactical' deployments to departments and workgroups. That's the audience which Novell sees as having major potential.

"It's a key target," he said. "We want to move Identity Manager 2 from a very specialized enterprise solution down to one that's more palatable at the department level, to those administrators who may not be experts in XMLP and don't want to hire hordes of consultants."Novell has instituted a per-server pricing model for Identity Manager, something lacking in DirXML. For $75,000 per server -- with no limit on the number of processors on that server -- companies can roll out the solution.

Per-user pricing has also been dropped from $29 to $25, said Bentley.

Nsure Identity Manager 2 is available now for Linux, Windows, and Solaris operating systems.