Netegrity adds management, security to SiteMinder
- 19 March, 2002 08:00
With an eye toward helping its larger clients manage broad, distributed installations of the software, as well as adding security and e-business features, Netegrity Monday announced the release of SiteMinder 5.0, the new version of its access control tool.
SiteMinder allows businesses to protect data and applications with passwords, tokens, smartcards and other authentication mechanisms, and then grant access to resources based on rules and policies, said Bill Bartow, vice president of the access control business unit at Waltham, Massachusetts-based Netegrity.
When SiteMinder is installed at a company, applications and data are protected by the combination of a Web agent and a policy server, both parts of SiteMinder, Bartow said. The Web agent sits next to the Web server and intercepts requests for data and applications, he said, while the policy server communicates with the Web agent and with directories storing user data and permissions. When a request is made through the Web agent, the request is forwarded to the policy server, where the server checks to see if the request is for protected material, he said.
If the requested material is protected, the policy server prompts the Web agent for the type of authentication required, be it smartcard, password, biometrics or other means, Bartow said. Once the user has authenticated through the Web agent, the policy server then determines the level of permission and access the user has, he said.
Web agents can run on many Web servers, including Apache, Microsoft Corp.'s IIS (Internet Information Services) and Sun Microsystems Inc.'s iPlanet. The policy server can run on Windows NT and Solaris and can interface with standard application servers such as those from BEA Systems Inc. and IBM Corp.
SiteMinder 5.0, which will ship by the end of the month, beefs up the application's management features, its e-business capabilities, its ability to be customized and its interoperability with Microsoft applications, Bartow said.
First among a host of manageability additions is OneView monitoring, which will allow administrators to send system status information like failed log-ins and crashed applications or servers via SNMP (Simple Network Management Protocol) to management systems such as those offered by Hewlett-Packard Co. and Tivoli Systems Inc., Bartow said. SiteMinder 5.0 is not vulnerable to the SNMP implementation flaws which a number of computer security bodies warned about in mid-February, he added.
Version 5.0 also adds the ability to update and change Web agent configurations centrally, he said. Previously, each agent had to be modified individually, but with the new SiteMinder, all agent configuration information is stored in a template that can be changed and then published to each agent, he said. The improvement, according to Bartow, will allow companies to save time and money in maintenance and management.
The software bulks up its e-business features in the new version, according to Bartow, by adding eTelligent rules. ETelligent rules is the name Netegrity has given to its technology that will allow administrators to create deep, sophisticated security policies and use them during the transaction authentication process, he said. Part of those rules include the ability to draw on XML (Extensible Markup Language)-based Web services from third parties, he added.
To that end, Netegrity also announced a deal with credit rating firm Dun & Bradstreet Corp. through which Dun & Bradstreet's credit rating lookup service, which the company is now offering as a Web service, will be integrated into SiteMinder.
SiteMinder 5.0 also boasts a number of smaller enhancements, including the ability to access a command line interface and run Perl scripts to customize the applications, single sign-on for Microsoft applications, and Policy Lifecycle Management, a feature designed to smoothly transition new policies through their development cycle, Bartow said.
SiteMinder 5.0, which will ship by the end of March, is priced on a per-user basis and on the type of network used, Bartow said. Pricing starts at US$20 per user and can drop to as low as $1 per user in volume, he said.