Serg Nvns - Fotolia


Restrict access to system resources with VMware Identity Manager

As virtualization becomes more ubiquitous, users have greater access to system resources. However, this can lead to potential security issues. So what's an administrator to do?

Virtualization enables companies to move workloads among systems more easily, however, such advances usually come with downsides, and virtualization is no exception. While moving processing tasks has become easier, securing those applications has become more difficult. Since users access systems in more ways, more potential security holes have emerged.

VMware is one of many vendors trying to close these holes. VMware Identity Manager enables technicians to ensure that only authorized individuals are able to access system resources. The system works well in VMware environments, but enhancements are needed to support global identification.

Different generational challenges

Logging in to a system has long been a burden for users. They typically need to remember a series of conflicting passwords, which are complex and prone to errors. Single sign-on (SSO) simplifies the process by enabling users to rely on one password to work with all of their applications.

Such tools have come in various iterations, according to Dan Blum, principal consultant at Security Architects LLC. First generation products provided employees with access to company applications. Recently, the need for access expanded to mobile and cloud offerings. One challenge here is identity extends beyond the corporate walls to partners and clients, users that businesses have little to no control over.

Because of these recent changes, interest in identity management has been rising. In fact, market research firm Pierre Audoin found that more than 93% of businesses plan to maintain or increase spending on identity management offerings in the next three years.

Identity management buying patterns change

The type of products companies are buying is changing. Demand remains high for first generation premises tools, but increasingly, enterprises are adopting identity as a service (IDaaS) products, which run in the cloud. In fact, market research firm Gartner expects the number of corporations using such services to double from 20% in 2016 to 40% in 2020.

VMware developed an SSO offering in VMware Identity Manager, which enables users to access cloud, remote and on-premises applications. The product is based on TriCipher technology. VMware acquired the product in 2010 and integrated it with its AirWatch mobile device management system, which came from a separate purchase.

To date, VMware has focused on integrating Identity Manager with other VMware offerings, such as vCloud Air and vRealize Suite. In June, the company introduced VMware Verify, a two-factor authentication offering that relies on users' smartphones and tablets to provide access to VMware Workspace ONE.

Locking down the endpoints

VMware Identity Manager has its strong points. "Endpoint verification, such as managing applications on mobile devices, is an area where the VMware product is strong", said Gregg Kreizman, research vice president at Gartner.

Such functionality may appeal to certain businesses. The tools mesh with a number of VMware products and let administrators establish and manage different groups of users.

"The VMware solution works well with private cloud networks," Blum said.

Facing significant competition

VMware Identity Manager has its limitations as well. As vendors have moved to the second generation of SSO, new standards emerged to connect different suppliers' offerings. Currently, VMware Identity Manager features a Security Assertion Markup Language identity provider but lacks support for OAuth and OpenID Connect, both of which are emerging SSO standards.

Whether or not VMware Identity Manager will gain significant traction is unclear. Currently, Microsoft rules the SSO space. The firm's Active Directory (AD) has been a popular choice for first wave applications, enterprises connecting their own systems.

Analysts estimate as many as 90% of enterprises use AD for on-premises authentication. Not surprisingly, Microsoft has been trying to grab a leading spot in the IDaaS space by convincing its customers to add Azure AD to their security toolkit. The industry behemoth said Azure AD has almost 5 million unique tenants, nearly 500 million users and processes 1 to 2 billion authentications on a given day.

In addition, many other suppliers moved into the identity management space. Established corporations, such as CA Technologies and Salesforce, have developed -- or acquired -- their own products. SSO-focused vendors like Centrify, CloudAccess, Covisint, ForgeRock, ILANTUS Technologies, iWelcome, Okta, OneLogin Inc., Ping Identity Corp., SailPoint Technologies Inc. and Simeio Solutions developed their own offerings.

SSO has become an issue as businesses have deployed mobile and cloud applications. VMware has taken steps to become a player in this rapidly evolving space. The vendor offers a solid product for VMware-centric businesses, but needs to do more to emerge as a market leader in this competitive market.

Next Steps

VMware reps discuss Identity Manager and the shift to SSO

Tips to make single sign-on simple and safe

VMware Workspace One comes with changes to Identity Manager

Dig Deeper on Troubleshooting VMware products