Vanguard solves registration and enrollment problems with a universal password and intrusion detection solution for multi-platform environments.
Vanguard ez/SignOn™ is a single password sign-on solution for multi-platform environments. It redirects authentication from different platforms to the zSeries Security Server™ (RACF®), automatically collects user id information for administrators, and allows end users to utilize the same password to safely sign onto multiple systems in the enterprise, including Windows, Novell, Sun Solaris®, HP-UX™, Red Hat Linux®, AIX®, and others.
Vanguard ez/SignOn™ provides a single point from which a user's access can be controlled. Combined with the Enforcer intrusion management system, ez/SignOn™ increases security through real-time 24x7 intrusion management across the enterprise.
ez/SignOn™ is a prime example of how Vanguard Security Solutions™ can protect profits, enhance productivity, and dramatically increase enterprise security.
- Improved security for password administration through a single point of control - the most secure, most trusted computer on the network - the mainframe.
- Improved productivity is through fewer delays and fewer lockouts due to incorrect passwords.
- Real-time detection and prevention of attempted access with a fraudulently obtained password is provided through sophisticated intrusion management capabilities.
- Improved help-desk productivity by allowing technical staff to concentrate on solving other issues rather than password maintenance activities.
- Greater user acceptance of new platforms when new passwords do not need to be memorized.
- More easily administer, analyze, assess and report on cross-platform logon activities via the other members of the integrated Vanguard Security Solutions™.
- Improved company profitability due to higher productivity and lower costs throughout the enterprise.
Vanguard's ez/SignOn™ greatly simplifies computer access for end-users. It also reduces training time, as well as the dependency on technical support organizations and help-desk personnel. ez/SignOn™ makes it easy and convenient to manage passwords in multi-system environments.
Choose Your Level of Security
The security administrator can choose to configure Vanguard's ez/SignOn™ to operate in either of two modes:
Password Synchronization Mode
This level provides basic cross-platform capabilities only. It allows users to sign onto different systems utilizing a single password, with password synchronization. When users change their password on any one system, ez/SignOn™ will update other systems in the enterprise to keep them synchronized (While requested by some customers, Vanguard does not recommend this security level).
Intrusion Detection Mode
Through Vanguard's patented the Intrusion Detection mode users have the capability to sign onto different systems with a single password, without synchronizing passwords. Instead, it incorporates sophisticated identity intrusion management and detection capabilities that automatically detect anyone trying to sign onto any of the systems using a fraudulently obtained password.
The Costs of Password Management
Users lose productivity by not being able to immediately access the applications they need. Help-desk professionals also lose productivity by spending an excessive amount of time on password resets and other password management activities, instead of concentrating on solving technical problems. Vanguard's ez/SignOn™ eliminates these wasteful activities because the user only needs to memorize a single password. This leads to higher productivity, which leads to increased profitability.
ez/SignOn™ a Mainframe Strength Solution
Every time a user signs onto an enterprise system, Vanguard's ez/SignOn™ advanced technology automatically routes the sign-on process to the most secure and trusted computer on the network - the mainframe.
Single Point of Control
Since all logon requests on distributed systems are now routed through RACF on the mainframe, users that are revoked on the mainframe will likewise be revoked on all other systems.
Vanguard's ez/SignOn's single point of control feature not only strengthens enterprise security, it also saves time for the security administrator. If an employee is going on vacation for two weeks, for example, the security administrator can simply revoke the user in RACF on the mainframe, and the revocation will be in effect on all other systems.
Intrusion Detection Benefits
This powerful new security facility provides real time, 24x7x365 intrusion management across the enterprise; all monitored by the most secure system of them all, the mainframe.
If Vanguard Enforcer™ is installed, an email alert can be automatically issued to the security administrator or other personnel to alert them of the attempted intrusion detected by Vanguard's ez/SignOn™. With Vanguard Advisor™ available, complete reports can be generated and distributed to the appropriate personnel detailing the detected events.
ez/SignOn™ Works in Many Ways
- As a stand-alone multi-platform password solution
- Hand-in-hand with Vanguard PasswordReset™ providing a more complete identity management solution
- As an integral part of the Vanguard Security Solutions for complete control
ez/SignOn™ with PasswordReset
Password Reset Across the Enterprise
Vanguard's ez/SignOn™ is the perfect complement to PasswordReset™. PasswordReset lets end-users reset forgotten or expired passwords using their web browser. It creates a secure environment where users are granted limited, self-help password reset capabilities. Instead of waiting on hold with the help-desk for time consuming identification procedures, users can move quickly through PasswordReset's web-based interface to reinitiate system availability. The web-based transactions are fully secure and encrypted.
When used together, ez/SignOn™ and PasswordReset™ create an extremely capable and unified password environment where users can reset the password for all the systems they use via a few clicks on a web-based interface - all without the need for help desk intervention. This provides a tremendous boost to user and help-desk productivity as well as overall company profitability.
The Concept of Inheritance
Vanguard Security Solution products work together hand-in-hand. Vanguard calls this the "Concept of Inheritance." For example, if Vanguard Administrator™ is used to revoke or suspend RACF passwords, these actions will automatically be communicated to Vanguard's ez/SignOn™ so that the password is also revoked or suspended on the other platforms in the enterprise.
As another example, ez/SignOn's activities on the mainframe are logged to the System Management Facility (SMF) log file in real time. This means that the information is automatically made available to Vanguard Advisor™ for security event detection, notification, analysis, and electronic report distribution.
Intrusion Management through Password Protection through Patented Technology
To protect the unique technology inherent with Vanguard's ez/SignOn™ solution, Vanguard has received a patent from the United States Patent and Trademark Office on its Method and System for Detecting and Preventing an Intrusion in Multiple Platform Computing Environments. The process, known as Intrusion Management, helps eliminate password repository vulnerability. Thanks to the Intrusion Management authentication processes, the password repository on individual systems is no longer used to authenticate users. Its purpose is changed to one of identifying intruders and alerting responsible parties to their presence - with responsibility for authenticating the users shifted to a host computer. Intrusion Management represents a strong defensive tool, particularly in light of recent dramatic increases in infrastructure intrusion attempts.
The Intrusion Management patent application represents the second filing made by Vanguard in relation to its ezSolution's product line. Vanguard's patent pending Remote Desktop Interface (RDI) is included in its PasswordReset Internet-based reset offering. The RDI technology allows for no thin client software requirements on individual user workstations. With thin client software, manual and time-consuming updates are required on each workstation. With RDI, updates are required only on the domain controller. This results in increased user productivity and less time and money spent on computer system administration.
User Administration: What user IDs? Which systems?
Typical users in an organization have more than one user ID/password combination that they use throughout their day-to-day work on the different platforms in the enterprise. As the number of user IDs increases, user administration takes longer and becomes more difficult due to the fact that all user administration starts with these questions: "On what systems does this user have an ID?", and "What is the ID?" Depending on the size of the organization these questions can take hours or days to answer for just one employee.
Users have too many passwords to remember.
Along with the increased complexity of administration, the users themselves face the problem of remembering their different passwords on the different platforms. Since the password change intervals are almost certain to be out of sync or different lengths, there will be an increase in the number of password reset calls to the Help Desk as the number of unique passwords a user is responsible to remember grows.
Enterprise User Mapping and Reporting
ez/SignOn™ intercepts sign-ons on the different platforms in your organization and guides users through a self-registration process, allowing user logon authentication and authorization to be redirected to the mainframe. Once this process is completed the system/user information is stored in the IBM Security Server (RACF) database, giving administrators the ability to answer the "what user IDs?" & "what systems?" questions.
An additional result of the "mapping" process is that users will only use one password. Each user logs onto the different platforms using their local or domain user ID and their RACF password. Since they will be using the same password for each platform they are mapped to, they only have one password to remember.