CA SITEMINDER® WEB ACCESS MANAGER (CA SITEMINDER WAM) PROVIDES A CENTRALIZED
SECURITY MANAGEMENT FOUNDATION THAT ENABLES THE SECURE USE OF THE WEB TO DELIVER
APPLICATIONS AND DATA TO CUSTOMERS, PARTNERS AND EMPLOYEES.
OverviewYour customers, partners and employees fully expect anytime, anywhere access to your critical applications, information and services. The proliferation of intranets, B2B extranets and e-commerce
Websites presents opportunities to increase revenues, manage costs and deepen relationships with users. But opening your organization via the Web also presents significant security, management and compliance challenges.
BenefitsCA SiteMinder WAM lets you manage and deploy secure web applications to:
• Increase new business opportunities
• Manage costs
• Improve security to mitigate risk
• Ease compliance
The CA AdvantageCA SiteMinder WAM delivers unparalleled reliability, availability, scalability and manageability.
The de facto gold standard for enterprise-class web access management, CA SiteMinder WAM is also a key part of the CA Identity & Access Management (CA IAM) solution, which automates the administration of user identities and ensures only properly authorized users can access critical IT resources from the Web to the mainframe. This in turn is part of CA’s vision for Enterprise IT Management (EITM).
CA SiteMinder WAM Centralizes Web Access Management and Security PolicyFor all the promise of the Web to increase revenues, manage costs and deepen relationships
with users, it also raises a new class of security, management and compliance challenges. As
your IT organization deploys applications with web front-ends and looks to build and manage
websites and portals to meet the information and access needs of potentially millions of users
both inside and outside your enterprise, a fundamental question looms: How do you let business
in while keeping risk out?
The answer is CA SiteMinder Web Access Manager. With advanced security management
capabilities and enterprise-class site administration, CA SiteMinder WAM provides the centralized
security management your organization needs to authenticate users and control access to web
applications and portals. Across Internet and intranet applications, it enables the secure delivery
of essential information and applications to your employees, partners, suppliers and customers.
It also scales to meet your growing business needs with flexible administration tools that can
support either centralized or distributed administration.
Use CA SiteMinder WAM to build and manage secure websites that offer a rich user experience,
simplified administration, enterprise-class security and 24 × 7 availability.
Key CapabilitiesSINGLE SIGN-ON (SSO) CA SiteMinder WAM eliminates the challenge of multiple user logins
by enabling single sign-on for seamless access across multiple diverse web applications,
portals and security domains. Seamless access to enterprise applications such as SAP, Siebel,
PeopleSoft and Oracle is also supported through the SSO capability of CA SiteMinder WAM.
Integration with CA Single-Sign-On (CA SSO), the enterprise SSO component of the CA Identity &
Access Management solution, enables users to authenticate only once and have access both to
web applications protected by CA SiteMinder WAM and non-web applications with access
controlled by CA SSO.
STRONG AUTHENTICATION MANAGEMENT CA SiteMinder WAM provides a unified authentication
strategy to ensure the right level of security across Internet and intranet applications. This
ensures that high value applications are protected by stronger authentication methods while
lower value applications may be protected by simpler user name/password approaches.
CA SiteMinder WAM provides access management support for many authentication systems —
including passwords, tokens, X.509 certificates, smartcards, custom forms, biometrics — and
combinations of authentication methods.
In addition, CA SiteMinder WAM enables authorization policies to incorporate authentication
context. For example, when two authentication methods are in use by a particular organization
(for example username/password and one-time password tokens) and the user authenticates
with the one-time password, the user can be granted increased application entitlements.
CENTRALIZED, POLICY-BASED AUTHORIZATION, AUDIT, AND REPORTING CA SiteMinder
WAM centralizes the access management for customers, partners and employees across an
enterprise’s web applications. This eliminates the need for redundant, application-specific
security logic and provides a lower cost approach for ensuring an enterprise’s ability to meet
compliance requirements. CA SiteMinder WAM policies are rules or rule groups that allow
or deny access to a resource. Access can be restricted by user attributes, roles, groups and
dynamic groups and determined based on location and time. Authorization can be conducted
at the file, page or object level. In addition, controlled “impersonation” — where one
authorized user, such as a customer service representative, can access what another user
can access — is also defined by policies. An embedded policy analysis engine, reporting
system, and out of the box reports support an organization’s evolving needs for compliance
and governance reporting.
Dynamic Authorization triggers security policies that evaluate data in real time from a variety
of local or external sources, including Web services and databases, to determine access
authorization or denial. Finer-grained authorization is achieved through contextual evaluation.
For example, limit access to a specific application (a certain banking service) to customers who
meet specific criteria (a minimum account balance). Authorization policies can also be applied
in conjunction with external systems, such as risk-based security systems.
ENTERPRISE MANAGEABILITY CA SiteMinder WAM provides enterprise-class system management
tools, which gives security personnel the ability to monitor, manage and maintain multiple
environments more efficiently, including the management of development, test and production
environments. These management tools include:
• Unattended installs
• Operational monitoring
• Rolling upgrades
• Centralized web agent management
• Application management abstraction
• Delegated and segregated management
• Web-based administrative UI
• Security policy migration
• Security zones
• Scripting interface capabilities
SCALABILITY AND RELIABILITY CA SiteMinder WAM can be scaled to meet enterprise-class
security requirements both in terms of the number of users and number of protected resources,
ensuring its ability to handle growth, including growth from acquisitions or partnerships.
Use CA SiteMinder WAM to deploy critical business applications to multimillion user populations
and be confident that its performance has been verified through independent testing to provide
significantly higher transaction rates, reliability and manageability than alternative solutions.
Reliability, availability and scalability are supported by features including:
• Dynamic load balancing
• Two-level caching
• Policy Server clustering and cluster-to-cluster failover
• Policy Store and user store replication
• Support for 4- and 8-way SMP servers
IDENTITY FEDERATION CA SiteMinder WAM also provides an architecturally integrated,
separately-licensed capability that enables browser-based federation whereby users can securely
traverse from home sites (identity provider) to websites hosted by partners and customers (service
provider). CA SiteMinder WAM customers can play the role of either website in a federation.
The federation functionality, called CA Federation Manager, provides a flexible and robust
platform for identity federation, enabling organizations to realize the benefits of connecting
distributed business applications across domains without sacrificing security. CA Federation
Manager supports a comprehensive set of federation standards, including the Security
Assertion Markup Language (SAML) and WS-Federation/Microsoft ADFS. It enables complete,
bidirectional federation from a single Web security system with maximum interoperability
among partnering enterprises. In addition CA SiteMinder WAM can be extended to provide
security for Web services through the addition of CA SOA Security Manager.
HOW CA SITEMINDER WEB ACCESS MANAGER WORKS
The process for securely accessing
web applications:
1 User attempts to access a protected
resource.
2 User is challenged for credentials and
presents them to the CA SiteMinder
web agent or to the Secure Proxy
Server.
3 The user’s credentials are passed to
the Policy Server.
4 The user is authenticated against the
appropriate user store.
5 The Policy Server evaluates the user’s
entitlements and grants access.
6 User profile and entitlement information
is passed to the application.
7 The user gets access to the secured
application, which delivers customized content.
CA SiteMinder WAM Supports Online Business, Enhances User
Satisfaction, Mitigates Costs and Increases IT Control and Security
The Web is open for business around-the-clock, and CA SiteMinder WAM reliably and
effectively enables your online presence to be secure, available and accessible to the right
users. Recognized for having the most advanced security management capabilities and
enterprise-class site administration, CA SiteMinder WAM can scale to support millions of
users and thousands of protected resources.
CA SiteMinder WAM allows you to meet the challenge of deploying resources via the Web
while maintaining high performance and high availability. It controls who is able to access
which applications and under what conditions, improves users’ online experiences and
simplifies security administration. By enforcing policies and monitoring and reporting online
activities and user privileges, CA SiteMinder WAM also eases regulatory compliance.
ENSURE THE RIGHT USERS HAVE THE RIGHT ACCESS With CA SiteMinder WAM, the secure
management of identities across diverse web systems means the system controls access by
leveraging the user’s context to the business (partner, consultant, customer, etc.) and their
rights to each application. CA SiteMinder WAM enables users to connect to the information
and applications they need to do their jobs, place an order or otherwise transact business.
INCREASE SECURITY TO MITIGATE RISKS CA SiteMinder WAM reduces the risk of unauthorized
access to critical resources and sensitive information, protecting the content of an entire web
portal or set of applications. Centralized security enforcement and FIPS certified cryptographic
algorithms means that there are no holes left open in a CA SiteMinder WAM secured web
environment.
PROVIDE USERS WITH A POSITIVE ONLINE EXPERIENCE CA SiteMinder WAM lets a user sign on
once to access web applications, engaging them in a unified, personalized online experience
rather than frustrating them with multiple logins.
INCREASE BUSINESS OPPORTUNITIES CA SiteMinder WAM lets you securely deploy web
applications to multiple different user communities, enabling increased business opportunities
that can enhance revenue. Extend CA SiteMinder WAM with identity federation and your
organization can improve collaboration with partners, further enhancing relationships to
increase revenue, manage cost and mitigate risk
MANAGE COSTS CA SiteMinder WAM mitigates IT administration costs. It also reduces the
security burden on users and thus the burden on the help desk caused by lost or forgotten
credentials. It also reduces redundant security-related application development and
maintenance costs.
EASE REGULATORY COMPLIANCE Central policy management, enforcement, reporting and
auditing support your ability to comply with IT impacting regulations.
The CA Advantage
CA SiteMinder WAM is part of the complete and proven CA IAM solution that helps you protect
your IT assets across all platforms and environments. As such, it contributes to your ability to
optimize the performance, reliability and efficiency of your overall IT environment. The next step
is to tightly integrate the control and management of distinct functions such as operations, storage
and life cycle and service management, along with IT security.
This higher level of management control is CA’s vision for EITM — a dynamic and secure approach
that integrates and automates the management of applications, databases, networks, security,
storage and systems across departments and disciplines to maximize the full potential of each.
CA’s comprehensive portfolio of modular IT management solutions helps the enterprise unify,
simplify and secure IT to better manage risk, costs and service, and ensure that IT meets the
business needs of the enterprise.
Next Steps
To fully leverage the reach and power of the Web, investigate the breadth and depth of
CA SiteMinder Web Access Manager. As the most comprehensive, scalable and reliable
Web Access Management solution on the market, it supports your organization’s ability to
increase new business opportunities, manage costs, improve security to mitigate risk and
ease compliance.
