Identity and Access Management

Identity and access management (IAM), or Authentication, Authorization, and Accounting (AAA), for the VCE Vblock® Systems management layer regulates who can connect, what actions they can perform, and the extent to which those actions can be traced. While workloads running on a Vblock System can leverage existing AAA systems, those systems frequently lack the additional features necessary to tightly bind with the infrastructure layer. Although Microsoft Active Directory Services (ADS) is a good starting point for protecting the management interfaces for Vblock System components, there are often additional areas of control a customer may require due to the site security policy or audit and compliance requirements. Examples include:

  • Authentication model: centralization priorities; multi-factor, geographical, or risk-based authentication; “super-user” tolerances; audit requirements, etc.
  • Authorization and role management: organizationally-driven requirements; technically/tooling-driven requirements; separation of duties; audit requirements, etc.
  • Hierarchical administration requirements: such as multi-tenancy or other delegations of administrative functionality
  • Log detail requirements
  • Connectivity requirements downstream: e.g., administrator provisioning systems, and upstream, e.g., SIEMs or GRC

Specific requirements in many of these areas vary in the depth to which they are addressed, with some organizations tolerating procedural controls, while others require rock-solid technical controls.

In-house capabilities from VCE include a Solution Architecture, Secure Admin Access (SAA), that pieces together some typical responses to the above concerns and provides some structure for customers faced with those use cases. While the SAA Solution Architecture incorporates a number of partner products, VCE has also established partnerships with other software solution providers who can further tailor the implementation to specific organization or project needs.

VCE™ Select Program includes products from investor companies: EMC, RSA, VMware and Cisco. Products here include:

  • Cisco Secure Access Control Server is an access policy control platform that integrates with other access control systems to improve productivity for device administration, remote access, wireless authentication, and network admission control, among other scenarios
  • RSA Authentication Manager/SecurID is widely recognizable by the industry as the market leader in multi-factor authentication for IT environments large and small. It has been integrated with a wide range of software and hardware products.

VCE Technology Alliance Partner (TAP) Program extends the VCE security portfolio and offers a compatible partner-solution catalog via Vblock Ready certification. Partners here include:

  • CA Technologies Security Solutions address a wide range of IAM needs, both at the infrastructure management level and at the business application level. The solutions support virtualization security, multi-factor authentication, and privileged-user access, among other IAM categories. CA is rated in the leader quadrant of Gartner’s Magic Quadrant for User Authentication and User Administration and Provisioning categories.
  • HyTrust Appliance provides unified administrative-access control across virtual and physical layers, performs audit logging, and validates change requests via policy enforcement to the management planes.
  • Imprivata OneSign enhances care delivery by providing fast, secure access to patient information. OneSign provides Single Sign-On and is tightly integrated with both virtualization technology providers and EMR providers. With an end-to-end authentication solution, Imprivata simplifies HIPAA and HITECH compliance.