Giving network managers a way to provide access, single sign-on and provisioning controls in cloud-computing environments got a boost today from both Novell and a much smaller competitor, start-up Symplified.
Novell said its Identity Manager 4.0 product, expected out in the third quarter, will be able to work with Salesforce.com and Google Apps, as well as Microsoft SharePoint, and SAP applications to support a federated identity structure in the enterprise.
Symplified broke new ground with what it's calling Trust Cloud for EC2, software that provides access management, authentication, user provisioning and administration, single sign-on and usage auditing for enterprise applications running on the Amazon EC2 platform. It can be ordered through Symplified's Trust Cloud site and automatically deployed on the Amazon EC2 virtual-machine instances that customers request under an arrangement with Amazon.
Out and available now, Trust Cloud for EC2, "is a big deal," says Burton Group senior analyst Ian Glazer, because it offers what promises to be the most comprehensive approach yet to exerting identity management controls over enterprise data running in Amazon's EC2 infrastructure-as-a-service data centers. "You can put controls into the EC2 environment, even make the data always flow the way you want."
Symplified, which also has other proxy-based products for integrating enterprise identity management functions with Google and Safesforce.com applications, believes the central issue in tackling the security challenges in Amazon's EC2 environment is designing security for "multi-tenancy," says Eric Olden, Symplified CEO. "It's like an apartment complex."
Amazon's EC2 data centers, of which there are about 35 around the world, constitute a massive virtualized universe of primarily Xen hypervisor-based Linux-based machines, which Amazon refers to as the "Amazon machine image," or AMI, Olden says.
Like Google, and Safesforce.com, Amazon supports the Security Assertion Markup Language (SAML) protocol, seen as a standard building block for identity management interoperability. But only about 5% of the estimated 2,200 service providers in the burgeoning cloud-computing market appear to support SAML, Olden says, so Symplified also elected to support a variety of non-SAML-based protocols, such as those used at cloud-based recruiting and personnel management application provider Taleo, for example.
Analyst Glazer says cloud computing is having a profound effect on the vendors in the identity management arena, which spent years arguing and developing SAML, to find one of its most promising uses is not just in the fortress of the enterprise to control provisioning and other functions in corporate networks, but now also in the cloud.
While huge uncertainty yet hangs over how exactly identity management in the cloud can be put in the hands of enterprise managers, there are three basic approaches that have emerged, Glazer says.
There are hosted options for identity management for the enterprise, such as what IBM can provide, and secondly the cloud service providers themselves are beginning to offer security services, with Novell's Cloud Services among the vanguard in catering to service providers as a kind of middle tier. The third approach is represented by companies such as Symplified, as well as Ping and TriCipher, which "look at a weaving between the traditional on premises capabilities and the cloud."
Some of the larger players in identity management, such as IBM, Oracle and Siemens, haven't raced into the cloud-integration game as fast as smaller companies like Symplified, he notes. "The cloud opens up opportunities for smaller vendors like Symplified to absolutely go toe to toe against the established brand vendors."
One Symplified customer, Merit Medical Systems based in South Jordan, Utah, has not deployed the Cloud Trust option yet, but has experience with Symplified’s Identity Router appliance. And it was a decision made just a few months back to start using cloud-based applications, specifically Google Apps Docs as well as Telania's eLeap for sales training purposes, that propelled the firm to bring in the more sophisticated kind of identity management controls that hadn't been in place at the company before it turned to the cloud for these applications.
Lincoln Cannon, director of Web systems at Merit, which makes and sells medical devices, was brought in 10 months ago to help the company adopt new technologies. When Google and Telania were selected as the first cloud-based applications to try out, there was some pushback from the IT department which raised concerns about how it would be possible to maintain control of applications, Cannon says.
"We needed to resolve the concerns expressed," Cannon says. That was when Merit decided to deploy the Symplified Identity Router appliance to exert single sign-on and provisioning controls for about 200 internal users as well as 50 distributors.
Although Symplified can also provide the same functionality as a hosted single sign-on service, Merit staff felt more comfortable with an identity-management appliance on premise.
The planning for this took a number of months but actual deployment was fairly rapid. While no complications cropped up with the Google Docs side of things, there were a few bumps in the road associated with the eLeap training application because Telania needed to make a change by preventing any IP address except one designated one to get into the eLeap system. This arrangement has apparently contributed to a few glitches, which were a bit hard to sort out. "We didn't know if it was something on their side or our side," Cannon says.
But overall, the identity-management proxy arrangement has worked, and it's possible one day Merit could be using the Symplified Trust Cloud for EC2 since medical-device company has started using EC2 for non-production application development.
Novell intends to charge about $29.95 to $50 per user for Identity Manager 4.0, while Symplified's Trust Cloud for EC2 costs $1 per user per application.
Read more about wide area network in Network World's Wide Area Network section.