The FastPass Password Management solution is designed for:
- Security:
All sensitive data is encrypted in storage and transit. Strong authentication and access controls protect business processes.
- Scalability:
The FastPass Password Management solution can be installed to support a very large organization with high number of employees/employees.
- Building on your existing infrastructure:
Built for Microsoft Active Directory environments FastPass will let you take advantage of your current and running environment.
- Flexibility:
The FastPass Password Management solution is using the flexible SOA technology allowing for fast customization to individual enterprise requirements and integration to other systems such as for instance strong authentication devices or Help-desk systems.
- Low TCO:
The FastPass Password Management solution is inexpensive to acquire, easy to deploy and set up and requires minimal ongoing administration.
Architecture of the Password Manager Password Management solution
From a employee perspective the Password Manager is offering web based self-service password related features in the enterprise. This is what is illustrated below.
Logically the Password Manager Server is built of multiple sub components each offering its own set of functions for the total solution. The main components are listed in the table below:
| Component |
Description |
| Backend Server |
Implement the control of all end-employee transactions, communication to the Gateway Server, scheduled discovery of employees in the domain infrastructure, control and coordination of password synchronizations, invitations of employees and much more. |
| Client Server |
Implements the Web-interface for the end-employees and communicates with the Backend Server. |
| Gateway Server |
Implements the access to the domain infrastructure and other Password Sync target systems. |
All three main components are by default installed on the Password Manager Server and are directly configured to operate together. A full implementation can be built on additional Client Servers and Gateway Servers and this is shown on the illustration below.
The solution is built in a Service Oriented Architecture.All main components are web services implemented in Microsoft Internet Information Server (IIS) and communication using SOAP over HTTPS.
Integration to Microsoft Active Directory
Password Manager supports easy integration into multiple Microsoft Active Directories from a single implementation. The configuration is done from the Password Manager Administration Client implemented as part of the Password Manager Backend Server. The communication to the Active Directory infrastructure is done from the Password Manager Gateway Server. The integration is implemented using LDAP v3 communication and this can optionally be implemented to use either Secure mode or SSL mode. Secure mode is the default and the one used by Microsoft Active Directory internally for synchronizing passwords between Domain Controllers.
Password Manager requires the following parameters to be configured to be able to access a Microsoft Active Directory Domain.
| Parameter |
Description |
| Domain Name |
The full qualified domain name of the domain like mycorporation.com. |
| Domain Alias |
A label typically the same as the NetBIOS name for the domain which is what is shown in desktop login interfaces. |
| LDAP Base DN |
The distinguished name (DN) to use as the offset in the LDAP tree structure. This can point to an Organization Unit (OU) like in OU=Employess,DC=mycorporation,DC=com or to the root node like in DC=mycorporation,DC=com.
|
| Connection Mode |
The connection mode to use for the communication. Microsoft Active Directory offers the modes normal, secure and SSL but Password Manager only supports Secure and SSL mode. The secure mode used Kerberos for the authentication which is dependent on normal domain communication from the Password Manager Gateway Server and to the Domain Controller in addition to communication on port 389 (TCP). The SSL mode requires a certificate to be implemented on the Domain Controller which is not a trivial task but then as an advantage it only requires communication on port 636 (TCP) from the Password Manager Gateway Server and to the Domain Controller. |
| Domain Account Name |
The name for the account with privileges to read employee attributes and to reset passwords. |
| Domain Account Password |
The password for the account specified. |
In order to support a higher fault tolerance Password Manager can be configured to access multiple domain controllers in the same domain possibly with an offset from different Password Manager Gateway Servers. To configure in this way the following information must be configured for each connection to the Domain.
| Parameter |
Description |
| Domain Controller |
The fully qualified hostname or IP address for a domain controller. If SSL mode is desired for the communication then the fully qualified hostname is required. |
| Gateway Server |
The Password Manager Gateway to use as offset for the specified Domain Controller. |
All parameters are stored in the Password Manager Data Storage (ADAM) and sensitive information like account names and passwords are stored with strong encryption.
.png)
