|
|
 | |
|
|
|
TESIS
Single Sign On - One password for all systems |
|
|
|
|
The
challenge |
|
|
|
Today's IT environments are characterised by the fact that a growing volume of applications is distributed over an increasing number of different systems. This means that each user has to log into different platforms and authenticate himself in each case.
Let us take the typical daily routine of an employee in a medium-sized company and count the number of passwords required. First he logs into his PC, entering a password to do so. Then he checks the e-mail and connects into the file system of a different computer. Again, he is requested to enter two further passwords. If he needs to do some Internet research for the next workshop, another password is required. And that continues the whole day. Again and again the employee needs a password: for database log-ins, to access his own applications and then again for to apply for a password change when existing passwords have expired.
|
|
|
|
Our researches have shown that an employee in an IT environment today requires an average of six computer authorisations and four different passwords. As a result, the passwords are either forgotten, written down somewhere on a piece of paper, or not regularly altered. This often represents a substantial threat to system security. In large companies, one to two employees do nothing else but reset forgotten passwords. In many companies the procedures required for this are often a major security gap in the IT sector.
The TESIS/SSO system provides a single password for all integrated systems and applications.
The advantage for your company: reduction of administration costs and an increase in security. The advantage for each employee: a single password accesses all systems.
|
|
|
|
Single
Sign On |
|
|
|
TESIS/SSO mode of operation
With TESIS/SSO you only have to remember a single password. If the password is changed, the new password is assigned automatically and securely to all systems and applications which you are authorised to access. For example, a password change on the OS/390 computer effects the immediate alteration of the password in Oracle, Lotus, NT, VM, Unix etc. The password being assigned is protected by the latest coding methods.
TESIS/SSO components
The TESIS/SSO system consists mainly of the SSO Maintask, agents for various systems, clients and servers for password authentication and alterations as well as exits for the security systems TSS and RACF. The Maintask is generally installed on the mainframe (OS/390) as a Started Task. WindowsNT, LDAP servers or secure Unix derivatives can also be used instead of the OS/390 as a platform for the SSO Maintask. In general, the master for the passwords is the security system of the computer on which the SSO Maintask is installed. It determines syntax, password history and expiry.
|
|
|
|
TESIS/SSO application login
After successfully opening the system, the program is ready for the application log-in. By simply clicking the mouse, the user can initiate an FTP transfer, open a host session or set up a connection to a database without having to re-enter the user ID and password.
TESIS/SSO database
The assignment of user authorisation to access the different systems is administrated by SSO in its own database. This is flexible, scalable and can be adapted to suit various requirements. The existing internal user database, an LDAP directory service or the user database of the target system can be used as a data source.
TESIS/SSO NT environment
As soon as you log in to the NT computer, a check is made as to whether the password is still valid on the host. If not, you are requested to alter your password. A password change is made on the host and, simultaneously, the corresponding password change on all the other computers and applications. Analogue programs are available for Unix and for Internet and Intranet applications.
The future of TESIS/SSO
TESIS/SSO will continue to develop in the future to support and integrate new systems and technologies: for example, SmartCards, one-off passwords or new coding methods. There are also plans for a separate SSO/PasswordServer which allows customisation of the password rules.
|
|
|
|
OS/390
authentication |
|
|
|
Instead of password propagation by the SSO system to the various systems and applications, central authentication may be more secure and efficient for some systems, particularly in the case of Intranet applications.
The number of Intranet applications used in companies is growing constantly: from telephone and mail directory right up to online order systems for supplies. Many of these applications require an authentication procedure (password, certificate) to identify a user and assign him his individual access rights. The TESIS/Security Server was implemented for this purpose. It allows central authentication on the OS/390 system thus integrating itself seamlessly in the TESIS/SSO system.
It is now available for all the usual web servers (e.g. Oracle ApplicationServer, Netscape iPlanet Webserver, MSIIS Apache).
|
|
|
|
The use of the OS/390 authentication leads to a direct cost saving, as no separate user and rights administration is required for the web server, i.e. administrative tasks such as the updating of user data and the resetting of forgotten passwords are no longer necessary. In order to be able to use the advantages of central authentication in your projects and programs, the corresponding APIs and Frameworks are available in various programming languages.
|
|
|
|
Who
we are |
|
|
TESIS – Gesellschaft für Technische Simulation und Software mbH – develops software and processes. We offer solutions for the design of processes in development and in data processing as well as innovative products for system management. As a pioneer in process-oriented thinking, the emphasis at TESIS is not on the individual function, but on the optimisation of the overall process.
TESIS SYSware GmbH, a member of the TESIS group, specialises in automation and security in the computer centre. We are particularly concerned with the combination of proven standards with new technologies. The actual challenge consists in successful integration of different computer environments: from the mainframe to Windows families right up to the Internet and the Intranet. Based on our principle of "the cevolution" our computer scientists and mathematicians are committed to continuous progress in information processing. Reasons for success include the high quality of our olutions and the benefits of the applications for the user in his everyday routine.
As well as product development, TESIS SYSware also offers company-specific consulting, services and software development. We realise host applications in conjunction with DB2, CICS, IMS, MQS etc., as well as Internet and Intranet applications with Oracle, Servlets, EJB etc. One of our strengths is the combination of existing host applications with the Internet/Intranet. We are always up to date on the latest developments and trends with access to leading edge software as partners of IBM and Oracle.
|
|
|
|
|
| |
TESIS
Home
