SecureLogin Solution for Hospital Environments Keith Lewis Novell Consultant Novell, Inc. Troy Drewry Protocom Consultant Protocom
© March 9, 2004 Novell Inc. 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :
© March 9, 2004 Novell Inc. 3 The one Net vision Novell Ngage services provides real-world experience from consultants around the world. Novell's service professionals make sure every Novell solution you implement is based on best practices, customized to meet your needs, and capable of delivering the highest possible return on investment. Novell Ngage SM Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :
© March 9, 2004 Novell Inc. 4 Session Rules The success of this session depends upon audience participation. Your best opportunity to learn is to be involved. Questions should be asked when the subject matter is being covered or at the end of the session. Questions should be related to lesson being discussed. Other questions can be handled after the session is complete.
© March 9, 2004 Novell Inc. 5 Session Overview Common issues in hospital environments that inhibit the implementation of a single sign-on solution. Discuss how SecureLogin can be used alone or with other products to provide solutions. Provide demonstrations of some of the solution discussed. Q & A
© March 9, 2004 Novell Inc. 6 What is a Complete Solution? A solution that provides capabilities in a wide range of environmental and work-flow conditions. A customizable solution that has options. A secure solution. A solution that you can actually implement within a reasonable timeline and budget. A solution that you can maintain. A solution that adheres to current and is customizable for future HIPAA requirements.
© March 9, 2004 Novell Inc. 7 Factors Inhibiting a Complete Solution Ambiguous requirements. Lack of situational knowledge. Project Personnel availability. Infrastructure requirements. Budgetary concerns. Corporate Climate.
© March 9, 2004 Novell Inc. 8 To Build a Complete SecureLogin Solution One Must Consider The Applications (Authentication Methods, Access Points and their use) The Solution Distribution Method Existing or New Password Policies The User Environment OS and Platforms Current and Future HIPAA Regulations Help Desk Training User Training Solution Documentation Ongoing Maintenance
Can SecureLogin Alone Be a Complete Solution?
© March 9, 2004 Novell Inc. 10 What SecureLogin brings to the table Infrastructure Flexibility Integrates with Novell ® eDirectory™ and NDS ® Integrates with Microsoft AD and MS Windows NT Domains Integrates with NetScape iPlanet / SunOne directories Integrates with any other LDAP v3+ compliant directory NO additional infrastructure requirements Support for mobile and disconnected users Community (nursing) workstation support Full Citrix and Microsoft Terminal Server capabilities Microsoft Windows 9x, NT/2000 and XP workstation agents Linux and hand-held agents in development
© March 9, 2004 Novell Inc. 11 What SecureLogin brings to the table Continued... Application Integration Microsoft Windows 16/32 bit support Web HTML support Terminal Emulator Support Java support (Sun Java not that other company's junk!) Advanced recognition and response features Robust scripting language Ability to run external scripts and applications Capable of leveraging directory and environment variables Ability to share credentials with Novell Portal and iChain ® Integrated SNMP auditing and reporting
© March 9, 2004 Novell Inc. 12 Security Utilizes 3Des to secure credentials, settings and scripts Open SSL used in LDAP mode Full NMAS integration ‘Advanced Authentication’ support – Biometrics devices – SmartCard readers – Tokens – Etc… Secondary Key for offline security Integrates with OTP (One Time Password) for mainframes Integrates with SSPR (Self Service Password Reset) What SecureLogin brings to the table Continued...
© March 9, 2004 Novell Inc. 13 A Complete SecureLogin Solution will include some or all of the following: Securelogin SecretStore NMAS™ The NetWare ® client ZENWorks ® or MSI Advanced Authentication Devices Special Securelogin utilities, DLLs and Configurations
Applicable HIPAA Regulations
© March 9, 2004 Novell Inc. 15 Physical Safeguards Required Safeguards Workstation Use ( (b)) Workstation Security ( (c))
© March 9, 2004 Novell Inc. 16 Technical Safeguards Access Control (a)(1) Unique User Identification Emergency Access Procedure Person or Entity Authentication – (d)
How it Works Some Quick Demos
© March 9, 2004 Novell Inc. 18 Windows Applications 1 Identify the application in memory 2 Identify the active form 3 Provide the credentials
© March 9, 2004 Novell Inc. 19 Web Applications 1 Identify Domain 2 Provide Credentials 3 Auto Submit
20 Terminal Emulation Applications 1 Create Tlaunch Configuration 2 Use Trigger/Respo nse 3 Exit
Citrix Solution Overview and Demos
© March 9, 2004 Novell Inc. 22 An Overview – Citrix Configurations Citrix MetaFrame v1.8+ Support Citrix XP Support Citrix NFuse Support Citrix Servers with NetWare Client Citrix Servers without NetWare Client Published desktops Published applications Web portal applications
© March 9, 2004 Novell Inc. 23 Citrix Desktops 1 SecureLogin Runs in the session startup 2 Connects to Directory 3 Provides Credentials MS Terminal Server or Citrix Farm
© March 9, 2004 Novell Inc. 24 Citrix Published Application & Nfuse 1 The published application is started with SLLauncher 2 SecureLogin connects to the directory 3 Provides credentials MS Terminal Server or Citrix Farm
Citrix Demo
PDA Solution Discussion and Demo
© March 9, 2004 Novell Inc. 27 PDA’s and SecureLogin Required Components Wireless Capability Citrix ICA Client for PocketPC MS Terminal Server or Citrix Farm
PDA Demo
Nursing Station Solution Overview and Demonstration
© March 9, 2004 Novell Inc. 30 A Complete SecureLogin Solution for a Nursing Station Might Use The NetWare client NMAS (SecureWorkstation) ZENWorks Biometrics
© March 9, 2004 Novell Inc. 31 Factors Inhibiting a Complete Solution at a Nursing Station Multiple people sharing a single desktop. HIPAA Requiring that each user must have a unique login. HIPAA requiring that the user authentication must time out after inactivity. Another user accessing the workstation after the workstation is locked. Authentication time.
© March 9, 2004 Novell Inc. 32 The SecureLogin Complete Solution in a Nursing Station Provide Credentials for each user accessing the shared workstation. Use NMAS and the Post Login Method Secure Workstation to lock or logoff the user after a specified period of inactivity. Use the NetWare client version 4.9 and configure it to provide the user the force logoff command button. Use ZENWorks to map drives and display applications only if the user has access to the applications if the login script is slowing authentication. (Java and VB scripts can also be used)
Nursing Station Demo
Other Solutions
© March 9, 2004 Novell Inc. 35 Hospital Environmental Challenges?
General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.