The Payment Card Industry Data Security Standard (PCI DSS) is not new. It has existed for several years and provides security guidelines and best practices for the storage and processing of personal cardholder data. This article takes a look at PCI DSS 3.2 (published in April of 2016) and shows how Identity Management in Red Hat Enterprise Linux (IdM) and related technologies can help customers to address PCI DSS requirements to achieve and stay compliant with the standard. If you need a copy of the PCI DSS document it can be acquired from the document library at the following site: www.pcisecuritystandards.org
In October of 2015 Red Hat published a paper that gives an overview of the PCI DSS standard and shows how Red Hat Satellite and other parts of the Red Hat portfolio can help customers to address their PCI compliance challenges. In this post I would like to expand on this paper and drill down into more detail about
Continue reading “Identity Management and Related Technologies and their Applicability to PCI DSS”
As the number of production deployments of Identity Management (IdM) grows and as many more pilots and proof of concepts come into being, it becomes (more and more) important to talk about best practices. Every production deployment needs to deal with things like failover, scalability, and performance. In turn, there are a few practical questions that need to be answered, namely:
- How many replicas do I need?
- How should these replicas be distributed between my datacenters?
- How should these replicas be connected to each other?
The answer to these questions depends on
Continue reading “Thinking Through an Identity Management Deployment”
Hello again! In this post I will be sharing some ideas about what you can do to solve a complex identity management challenge.
As the adoption of Identity Management (IdM) grows and especially in the case of heterogeneous environments where some systems are running Linux and user accounts are in the Active Directory (AD) – the question of renaming hosts becomes more and more relevant. Here is a set of requirements that we often hear from customers
Continue reading “I Really Can’t Rename My Hosts!”
In my Identity Management and Application Integration blog post I talk about how applications can make the most of the identity ecosystem. For example, a number of applications have integrated Apache modules and SSSD to provide a more flexible authentication experience. Despite this progress – some (people) remain unconvinced. They wonder why they should use Apache modules and SSSD in conjunction with, for example, Active Directory instead of using a simple LDAP configuration… essentially asking: why bother?
Let’s look at this scenario in greater detail. If an application supports
Continue reading “Why Use SSSD Instead of a Direct LDAP Configuration for Applications?”
Some time ago, two different projects were started in the open source community, namely: Ipsilon and Keycloak. These projects were started by groups with different backgrounds and different perspectives. In the beginning, it seemed like these two projects would have very little in common… though both aimed to include
Continue reading “Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans””
Identity management solutions integrate systems, services, and applications into a single ecosystem that provides authentication, access control, enterprise SSO, identity information and the policies related to those identities. While I have dedicated time to explaining how to provide these capabilities to Linux systems – it is now time to broaden the scope and talk a little bit about services and applications.
In some ways, services and applications are very similar. They are both usually
Continue reading “Identity Management and Application Integration”
In last year’s blog series, I covered both direct and indirect Active Directory integration options. But I never explained what we actually suggest / recommend. Some customers looking at indirect integration saw only the overhead of providing an interim server and the costs related to managing it. To be clear, these costs are real and the overhead does exist. But we still recommend
Continue reading “Why is Indirect Integration Better?”
Over last several months, in meetings with many Red Hat customers, I have been asked about best practices related to migration from an existing third-party identity management solution to Red Hat’s Identity Management (IdM) solution. In today’s post I will share some of my thoughts on this matter…
Continue reading “When to Migrate: Red Hat Identity Management vs. Third-Party Solutions”
Red Hat will once again have a booth at this year’s RSA Conference. This time, however, we will have a bigger presence and more staff – featuring a number of Red Hat security experts with a variety of backgrounds. We will be covering not only Identity Management (IdM) but the broader landscape of security related topics. Whether you’re interested in talking about high level security strategy, a vision for adopting IdM at your organization, or are simply seeking practical tips on how to solve specific problems related to risk assessment, governance, compliance, or
Continue reading “Red Hat at RSA Conference 2016”
Hello again! I have not had time to blog in awhile. What happened? I picked up some additional responsibilities and these consumed a lot of my time. But now… I am back and will be blogging once again.
Time goes on and there are (many) new topics that are worth sharing with you. The first subject that I want to cover is the new Identity Management (IdM) features in Red Hat Enterprise Linux 7.2. While the release happened nearly three months ago – it’s still worth me providing an overview of new features and functionality. Another subject that people often ask about nowadays is the conversion from 3rd party vendor solutions to the IdM offering from Red Hat. We see a lot of interest in this area and I want to share some hints for when it is a good idea to use what we offer and when it might not be. Finally, there are also some emerging technologies
Continue reading “Back to Blogging: New Identity Management Features in RHEL 7.2”