Company: Navantis
City: Toronto
Province: Ontario
Provide a brief description of the Solution, Service Provided, or Initiative.
The client didn’t know what a big deal it was going to be when they asked a simple question. Can we find ways to reduce our licensing and maintenance costs for SiteMinder so that we can spend our money on better things? What they received for an answer was a retirement roadmap for SiteMinder, and a UAG solution that spans the globe enabling thousands of independent agents secure web access to a broad portfolio of products delivered as custom applications across multiple vendor platforms including Websphere, Tomcat and Apache. The solution was developed as a custom solution for the client, but is being deployed to enable Secure Single Sign-On for every independent agent across every product offering throughout their operation. While this solution is being used right across the client, it has impacted both ours and other partners ability to roll out complex UAG environments. We communicated frequently throughout this project with Erez ben-ari [email protected] sharing experience and challenges that we encountered and collaborating with him on best practice for UAG. Many of those methods have now been published by him in his landmark books “Microsoft Forefront 2010 Administrator Handbook” and “Microsoft Forefront 2010 Customizer”. This means that partners throughout the Microsoft eco-system can benefit from the code and methods that we discovered and developed delivering this solution for the client. the client™ is a life insurance provider with a difference. The fraternal benefit society, founded in 1874, supports family well-being through quality products, unique member benefits and inspiring community activities. the client shares its financial strength with almost 950,000 members in Canada, the United States and the United Kingdom. The custom code and product learning that we developed for the client has enhanced our Identity and Security practice and has been re-purposed at other significant clients this year including OCAS – Ontario College Application Services, Subaru and Home Hardware, a Canadian retailer with over 1,1,00 store locations.
Describe what makes this Solution, Service Provided, or Initiative original or innovative.
Navantis broke new ground helping illustrate the flexibility of UAG in their implementation at the client. Without precedence and with very little available documentation at the time on UAG customization, they created a highly customized, yet manageable solution, and helped to demonstrate some of the many benefits of deploying UAG. I was happy to have been involved with Navantis during this project, to collaborate with them as they sought to push the products limits. In developing the the client solution, Navantis has established a high standard for others to follow. They’ve definitely raised the bar as leaders in Identity Management. Erez Ben Ari, Senior Support Engineer for UAG, Microsoft A broad portfolio of products delivered across multiple platforms and accessed primarily by independent agents working outside of the brick and mortar walls of the client means combining robust security with single sign-on capabilities. This functionality was increasing in cost and complexity and the client wanted alternatives. Complicating matters was the strong relationship that the client has with CGI. the client outsources their IT operations to CGI and CGI were vested in keeping Siteminder as part of the the client line-up. With no UAG skills or strong Microsoft relationship, CGI did not want competitive vendors introducing new technology into the company. This opportunity began with a chance encounter between Forester Director of IT Architecture and Security, Kaleem Azhar and Microsoft UAG Product Manager, Alix Vilgain suggested that the client might want to explore Unified Access Gateway and he knew just the right partner with the skills to get involved. Navantis. Navantis met with Kaleem and his team and dialogued on the challenges they were facing. With a significant investment in Big Blue, the client had dozens of line of business applications – most of them built on Websphere. A loyal contingent of Open Source programmers meant that Apache and Tomcat had an equally strong presence. The camps around the table were divided and there were few voices raised in support of a Microsoft solution. Navantis suggested a Proof of Concept approach which enabled the team to implement the core product and test a specific set of use cases proving that with UAG they could replicate the same level of service and security in an easier to manage package. Navantis relied heavily on our partnership with Microsoft to ensure a successful POC and ultimately full customer adoption. With UAG in its infancy in the Microsoft product line-up, there was limited documentation and we were taking the client into uncharted waters. What we were attempting had not been done before. We communicated frequently with Erez ben-ari [email protected] sharing experience and challenges that we encountered and collaborating with him on best practice for UAG. His support, responsiveness and openness meant that we were able to deliver a best-in-class solution for the client and secure the UAG footprint. With Siteminder, sign-on was being managed at the application level. With UAG, SSO was now being managed at a server level – a huge improvement in efficiencies, time savings and a reduction in support costs. With the POC proven, the client began to roll-out support for other applications. Navantis did a tremendous amount of knowledge transfer to ensure that the client could be as self-sufficient as possible. “Navantis understood the complexity of our environment and brought experts who quickly proposed a low-risk, low-cost approach to our project. Beginning with a POC, we were able to answer all of the questions about the benefits of UAG in our environment before engaging in a full roll-out. A business case that clearly articulated the TCO over a 5-year period that streamlined our SSO platform, removed redundant VPN solutions and eliminated excess hardware, was put forth and approved with great help and expertise from the Navantis team. Our team is delighted with the results.” Kaleem Azhar, Director IT Architecture and Security, the client
Describe the improvement this Solution, Service Provided, or Initiative made to the customer’s sales or revenues. What changed?
Provide evidence of measurable improvements in sales, revenues, cost reduction, etc.
This solution was focussed on operational efficiencies. Our evidence answer is in the following question.
Describe the improvement this Solution, Service Provided, or Initiative made to the customer’s efficiency. What changed?
Provide evidence of how customer efficiency was increased.
Some of the benefits that the client has realized; • Full support of a multi-vendor environment using UAG • Better management capabilities and automation of tasks • Able to manage both Microsoft and non-Microsoft workloads from a single management console • Operational improvements reducing IT support time by 25% • Cost reductions by the retirement of multiple SSL VPN devices • Elimination of licensing and maintenance fees of Siteminder with product retirement – based on public domain pricing, this represents hundreds of thousands of dollars • Consolidation of multiple applications being serviced by UAG • UAG is now publishing Exchange server services to the Internet • Integration with Active Directory Federation Services • Can service Canada, the UK and the United States from a single data center.
How did this Solution, Service provided, or Initiative improve the customer’s ability to serve its internal and/or external clients?
Provide evidence of the improvement.
the client has many line of business web applications, some of them are using Form authentication while others are integrated (NTLM/Kerberos). But more importantly, some of these applications are not at all using AD as the authentication repository. With multiple user repositories inside the company, a physical user (a user object in AD) can be linked to many “users”, one for each application. Among the many advanced features of UAG, one of the core features we used is the ability to provide a strong “web single sign on engine”. Because all of the traffic goes back and forth through UAG, this engine takes care of “authentication requests”, and reacts on behalf of the users, providing the Web SSO experience. This involved several approaches that were custom developed, including an approach where the authentication elements were stored in a secure location and UAG was “loading” these in the user sessions. This enabled us to create an unique experience so that when a user clicks an application, the WebSSO locates the credentials in the session, and performs the single sign on without the user needing to supply credentials. Most importantly was the outcome. Many different applications, some AD integrated and others leveraging other authentications stores were tied together via UAG into a seamless portal that provides a single sign on experience. For financial services company with thousands of agents accessing secure financial client information across a broad suite of custom applications and products, this highly secure single sign on was mission-critical.
In what ways does this Solution or Service Provided go above and beyond industry norms and expectations?
As part of this project, we were able to introduce System Center to help manage their data center operations which enabled much better control and capabilities as they have been able to manage both Microsoft and non-Microsoft workloads from a single console. The power of System Center has enabled them to automate many manual processes freeing up staff to focus on other high value activiites. The client has been able to repurpose much of the money saved in licensing costs towards other projects and is currently working with Navantis on identifying new opportunities that represent a $5 million dollar pipe. With the money and time we have saved the client, coupled with our collaborative approach and deliberate knowledge transfer plan, we have gained “Trusted Advisor” status. Our account team now has several opportunities identified for other Microsoft technologies. The custom code and product learning that we developed for the client has enhanced our Identity and Security practice and has been re-purposed at other significant clients this year including OCAS – Ontario College Application Services, Subaru and Home Hardware, a Canadian retailer with over 1,1,00 store locations.
How does this solution further your customer’s green or environmentally friendly plans?
Consolidation in the data center has reduced power and footprint, furthering the client ongoing commitment to energy savings.