By Cameron Sturdevant  |  Posted 2004-04-12 Print this article Print

Courion Corp.s Identity Management Suite 6.5 makes the hard tasks of handing out passwords and provisioning user accounts look easy. IMS 6.5 artfully ties together diverse databases, directory and certificate servers, and help desk and e-mail systems with a policy-based management interface. IMS 6.5, which recently was named the winner in the Authentication & User Management category of the fourth annual Excellence Awards program, also receives Analysts Choice honors based on eWEEK Labs review.

Click here to see all the eWEEK Excellence Award winners.
The IMS 6.5 suite comprises four modules: AccountCourier, which performs account provisioning; Password Courier, which provides self-service password reset and password synchronization capabilities; ProfileCourier, a self-service profile enrollment and management tool; and CertificateCourier, which provides digital security certificate enrollment and PKI (public-key infrastructure) management. Each module is available separately, and all are capable in their own right.

Read eWEEKs case study on Childrens Hospital Bostons use of IMS. Our tests show that Courions IMS 6.5 suite—which started shipping in October and costs between $15 and $40 per user for a one-time license fee—will work with most of the authentication- and password-secured systems that are likely to be found in any midsize or large organization. Annual support is 25 percent of the total software license cost.

In addition, the IMS 6.5 suite integrates with products such as BMC Software Inc.s Remedy Help Desk, Sun Microsystems Inc.s iPlanet Directory Server and Oracle Corp.s database systems.

This wide-ranging integration, along with new procedures that enable complex multiauthority approvals of new accounts and many new integration modules for third-party tools, makes IMS the best identity management system eWEEK Labs has seen.

And there is a competitive pack of products in this area. Novell Inc.s Nsure Identity Manager 2 is a strong alternative, although it requires Novells eDirectory. In the single-sign-on space, Passlogix Inc.s v-GO and Computer Associates International Inc.s eTrust Single Sign-On are tempting tools.

Both eTrust SSO and its v-GO rival do a fine job of ferreting out user log-ins and consolidating user credentials. And for some IT managers, these products will be enough to handle password resets.

Courions IMS is far more proactive, however, and its account creation capabilities will give IT managers big operational performance improvements.

Some of the tools with which IMS 6.5 integrates are also somewhat competitive offerings. For example, IT managers who are already using Netegrity Inc.s SiteMinder and are interested in IMS for certain functions should first make sure that there are no major redundancies between the two packages.

In addition, nearly every PKI vendor with which IMS integrates, including Entrust Inc. and RSA Security Inc., provides similar authentication and access control capabilities.

The keys to using IMS 6.5 successfully are planning and strategic execution. And just to be clear, this is planning that goes well beyond the usual IT project management scope; eWEEK Labs recommends that organizations set aside a significant amount of staff time and resources if they choose to implement IMS 6.5. The reason for all the preparation is that IMS 6.5s value is tied to its integration with systems already in place—most important, directory servers and domain authentication systems.

IMS 6.5—like any user management system—also requires a thorough application, network and system census along with detailed information about how users gain access to the resources held on these systems.

Companies that cannot dedicate this kind of time and manpower would be better off forgoing purchase of the product, as it would almost certainly not work well or well enough to justify its acquisition cost.

To its credit, Courion, in the companys site survey documents, recognizes that user account provisioning and access approval are as much political processes as they are technical ones. As a corporate buyer would, eWEEK Labs worked with Courion prior to testing to define the identity management project and to plan the IMS 6.5 implementation.

We recommend that IT managers involve C-level IT staff in at least one of the early planning meetings because a user authentication and management project of this scope will require high-level support.

After getting through the planning meetings, we tested the IMS 6.5 system at our San Francisco lab. We installed all the components, except for the certificate server, on a Windows Server 2003-based system. (Support for Windows Server 2003 is new in this release.) We also set up a Microsoft SQL Server database, along with an Active Directory domain and Exchange Server-based system.

After we got the IMS software up and running, we could easily provision new users and monitor the process in our Remedy help desk system. We had to make many adjustments and tweaks to get everything working properly, mostly because some of the applications with which we were integrating were not updated. (We highly recommend updating all relevant applications before starting an IMS implementation.)

We tested IMS by adding a new user who had to be approved by a superior before having accounts provisioned; making changes to accounts, including resizing the send and receive quotas; and disabling accounts.

It was only because of the hard work that went into planning and implementing the system that our ultimate interaction with IMS 6.5 was so productive. IT managers who put some elbow grease into the job will likely experience similar ease of use.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel