Network IT Provider Provisions Users Easily, Securely with Integrated Identity System

Situation

Enterasys Networks is a global provider of networking technology for enterprise customers. The company targets Global 2000 organizations with a wide range of solutions and products that include switching, routing, wireless, management, Virtual Private Network, and intrusion defense systems and components. Headquartered in Andover, Massachusetts, the company has about 40 offices worldwide and employs approximately 1,200 people.

The economic recession affecting the computer industry during the past few years challenged Enterasys to find ways of flexibly managing its globally dispersed workforce while retaining as much efficiency as possible in its internal operating processes. This challenge included enabling streamlining the process for giving users access to the network and the company resources that they need for their jobs. At the same time, the company needed a better way of safeguarding corporate data.

In particular, the company needed to find a way of streamlining the administrative functions associated with adding and deleting users who had authorized access to its system. This was an issue for Enterasys because it uses Salesforce.com—an online provider of customer relationship management (CRM) software—to interact with clients and potential customers.

The Salesforce.com software resides outside the Enterasys network, so Enterasys administrators were faced with conducting laborious manual processes to ensure that employees who left the company or were laid off no longer could access sensitive company information.

“The company attempted to address the issue with software that provided a directory solution. But this did not work well,” says Jim Mitchem, Database Administrator for Enterasys.

“That solution had a proprietary scripting language that required a pretty steep learning curve, so it was difficult to use,” Mitchem says. “It was not user-friendly, which made it very hard for us to remove a user’s authorization on the network in the event that they were terminated. Because we use Salesforce.com, that meant a former employee could go in through the Salesforce.com URL and still access our corporate information.”

The lack of operational efficiency in its Human Resources (HR) department led to wasted time and resources for both the HR and the IT departments.

For example, the company frequently spent administrative time and dollars trying to determine why a new employee did not receive proper authorizations for the corporate network. And, as the company struggled through the economic downturn of the past few years, it needed to augment its workforce with subcontractors, who were added and removed from the company at a faster rate than full-time employees. This increased turnover amplified the potential for network security issues.

“There were unexplained gaps in the provisioning and de-provisioning of users, which created both efficiency and security problems,” says James Mulvey, Technical Architect at Internosis, a Microsoft® Gold Certified Partner that worked with Enterasys on the problem.

“Another issue was that their HR system had no way of integrating users with a new data warehouse called the Operational Data Store, which is the hub for all company information.”

Solution

Working with Internosis, Enterasys decided to phase out its previous solution for managingemployee provisioning. In its place, the company deployed a Microsoft-based solution using Microsoft® Identity Integration Server (MIIS) 2003, Enterprise Edition, a centralized service that stores and integrates identity information for organizations with multiple directories.

MIIS provides organizations with a unified view of all known identity information about users, applications, and network resources, as well as the ability to provision and de-provision users,and to change their attributes on systems throughout the network.

Enterasys runs MIIS with the Microsoft Windows ServerTM2003 operating system, Enterprise Edition, and Microsoft Exchange Server 2003, both part of Microsoft Windows Server System TM integrated server software.

Benefits

The ability to provision and manage accounts across the enterprise helps Enterasys keep accounts synchronized throughout the company, on all the different systems that are integral to internal operations. MIIS allows the HR department to automaticallyprovision and de-provision accounts from its SAP HR system into several other systems, including Active Directory®service, Salesforce.com, and UNIX. This makes it much easier to provision users than it was under the company’s previous scripting-based solution, which it used for managing metadirectory services.

Better Synchronizing of Authorized Users

Bob Hamel, Director of Global Data Management Services for Enterasys, says the ability of MIIS to integrate seamlessly into the company’s enterprise architecture was a critical factor in its selection by Enterasys.

“MIIS allows accurate and up-to-date information to be shared among various directory systems, while keeping administration of these systems delegated to those who are best suited to maintain them,” says Hamel. “Overall, this effort has resulted in a reduction of administrative burden from populating multiple databases with similar information.”

MIIS is helping the company integrate all of its systems so that there is a more seamless connection between the authorized network users and the information they need to access. Currently, the company uses point-to-point integration to link the systems together through Microsoft Data Transformation Services (DTS). Enterasys uses Microsoft BizTalk® Server 2002 to integrate its SAP ERP system, and is in the initial phases of deploying BizTalk Server 2004 on top of the Operational Data Store (ODS) to enable greater integration of disparate types of data contained in the ODS through a new service-oriented architecture.

BizTalk Server 2004 helps to integrate systems by linking them together through various technologies, including XML.

MIIS also benefits the company in everyday use and management.“One of the key factors driving this solution was to find a way of integrating users effectively and efficiently with the ODS system and with Salesforce.com,” says Mulvey.

“With MIIS, we integrated user IDs quickly with the central data system. It took less than three days to implement the integration. That, in turn, provides Enterasys with a lot more operational agility.”

Redirecting 1.5 Days of Administrative Time for Each User Provision

The efficiency of the new system has reduced the amount of administrative overhead required to move users on and off the network.“In the past, there was a lot of diagnostic work involved every time a user was not provisioned properly,” says Kathy Guilmette, Managing Principal for Internosis.

“There would be a lot of diagnostic work done by administrators to figure out why the prior metadirectory solution failed to provision a specific user, or whether there was a problem in the Human Resources process that somehow prevented the proper user authorization.”

Now that MIIS is installed, Enterasys has eliminated most of the manual processing that used to take place in establishing new user accounts or removing user authorizations. When an employee is added or deleted in the SAP human resources application, an office information form transmits a database query that establishes a unique user identity, while simultaneously creating a user mailbox in Exchange Server and in the UNIX system.Network access is also updated through this process.

“Under our old system, this process took a lot of administrative time. Now it is done almost instantaneously, with automatic triggers. MIIS is 1,000 percent easier to administer than our old system, and is going to save a lot of administrative hours that can be redirected to more value-added work,” says Richard Casselberry, CIO Operations Manager for Enterasys. The company estimates that the increased administrative efficiency will save about U.S.$76,000 annually.

Enhancing Security in a Global Environment

Establishing better security for the network has also been a major benefit Enterasys achieved by deploying MIIS. “Naturally, security is a concern when employees leave the company,” says Mulvey. “With MIIS, Enterasys was able to quickly disable the ability of people to get into internal systems. But that still left Salesforce.com, where they could use external user logons to gain access to competitive Enterasys information. What we were able to do was leverage a Web service that is provided by Salesforce.com that enables user management. We developed a piece of code that works with the Web service to recognize any user changes and translate them into actions at the Salesforce.com site.”

Additionally, access to the network through the wired LAN, wireless LAN, and Virtual Private Network access is also updated automatically.“The security element has been a boon for Enterasys management,” says Hamel. “With MIIS, when we push a button, all of the actions are done for us, including the population of user data back in SAP and the provisioning of devices such as cell phones, pagers, and calling cards. If someone is terminated, MIIS helps us automatically send alerts to any managers who need to be aware of it, and now Salesforce.com will automatically decommission user accounts.

“We have downsized a lot over the past year,” Hamel continues. “MIIS really helps us when we have to provision or remove users. It saves us a lot of time, and that’s valuable for our business.”

Microsoft Windows Server System

Microsoft Windows Server System integrated server infrastructure software is designed to support end-to-end solutions built on the Windows Server operating system. Windows Server System creates an infrastructure based on integrated innovation, Microsoft's holistic approach to building products and solutions that are intrinsically designed to work together and interact seamlessly with other data and applications across your IT environment. This helps you reduce the costs of ongoing operations, deliver a more secure and reliable IT infrastructure, and drive valuable new capabilities for the future growth of your business.

For more information about Windows Server System, go to: