• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Technology Network Architecture

  

Common
Criteria
Certification

Hitachi ID Password Manager Network Architecture

Hitachi ID Password Manager (formerly P-Synch) is designed for:

• Security:

  Password Manager is installed on hardened servers. All sensitive data is encrypted in storage and transit. Strong authentication and access controls protect business processes.

• Scalability:

  Multiple Password Manager servers can be installed, using a built-in data replication facility. Workload can be distributed using any load-balancing technology (IP, DNS, etc.).

• Openness:

  Open standards are used for inbound integration (SOAP) and outbound communications (SOAP, SMTP, HTTP, etc.).

• Flexibility:

  Both the Password Manager user interface and all functionality can be customized to meet enterprise requirements.

• Low TCO:

  Password Manager is easy to set up and requires minimal ongoing administration.

Figure [link] illustrates the Password Manager network architecture:

    Network architecture diagram (1)

• Users normally access Password Manager using HTTPS from a web browser.

• Multiple Password Manager servers may be load balanced using either an IP-level device (e.g., Cisco Local Director, F5 Big/IP) or simply using DNS round-robin distribution.

• Native password changes on some systems may trigger transparent password synchronization. A password change interceptor DLL, library or exit may capture such changes and initiate transparent password synchronization.

• Users may call an IVR (interactive voice response) system with a telephone and be authenticated either using touch-tone input of personal information or using a voice print. Authenticated users may initiate a password reset.

• Password Manager connects to most target systems using their native APIs (application programming interfaces) and protocols and thus requires no software to be installed locally on those systems.

• Local agents are provided and recommended for Unix servers and z/OS mainframes. Use of these agents improves transaction security, speed and concurrency.

• A local agent is mandatory on RSA SecurID servers.

• Where target systems are remote and communication with them is slow, insecure or both, a Password Manager proxy server may be co-located with the target system in the remote location. In this case, servers in the main Password Manager server cluster initiate fast, secure connections to the remote proxies, which decode these transactions and forward them to target systems locally, using native, slow and/or insecure protocols.

• Password Manager can look up and update user profile data in an existing system, including HR databases (ODBC), directories (LDAP) and meta-directories (e.g., WMI to Microsoft ILM).

• Password Manager can send e-mails to users asking them to register or to notify them of events impacting their profiles. Over 179 events can trigger e-mail notification.

• Password Manager can create tickets on most common incident management systems, either recording completed activity or requesting assistance (security events, user service follow-up, etc.). Over 179 events can trigger ticket generation. Binary integrations are available for 16 help desk applications and open integration is possible using mail, ODBC, SQL and web services.

© Hitachi ID Systems, Inc. . All rights reserved.