Ensim’s Blog

As a product specialist for Unify Audit Manager and having spent a number of years in the Auditing and Compliance sector, I thought it was about time, I put my thoughts and my questions on our blog.

I have had wonderful opportunities discussing auditing and compliance with various experts in the field and I have learned a lot from them. Also, from talking to many customers, it still surprises me how may still don’t pay close attention to the audit logs; not, because they don’t care about them, but simply because they don’t have the time to look at them.

In this economy where heads are on the chopping block, yet the ship must sail, everyone is doing the job of 3, 4 or 5 people. Whether you like it or not, it is a fact. At the same time, as Security Administrators, it is your responsibility to ensure security of your company’s infrastructure and its data.

Are you one of those Administrator’s, IT Security Specialist, Audit Manager or whatever your official title may be, who is fortunate enough to also be a juggler and wear many hats? If so, I would love to hear about your daily experiences. Let’s talk… -Neil Karnik

Neil Karnik Uncategorized

We are pleased to announce that Technology Marketing Corporation (TMC) has named Ensim Unify Service Provider Edition as a recipient of a 2009 Communications Solutions Product of the Year Award. Its always great when another organization as well respected as TMC notices what you are doing publicly with an award. You can view the 2009 Award Winners here.

A bit of background on the award: the Communications Solutions Product of the Year Award recognizes the vision, leadership, and thoroughness of the most innovative products and services. Ensim is proud to be chosen as winners of the Communications Solutions Product of the Year Award.

Scott Young Uncategorized Ensim Unify Service Provider, TMC, TMC Communications Solutions Award

In reviewing a blog by Eileen Ferectic about how Layoffs Threaten Security she spoke about the negative affects recent layoffs have had on IT security professionals. Her  question caught our attention: “Wouldn’t you think that protecting corporate and customer data would be every company’s top priority? What are these executives thinking?”

Most enterprises have the “if it’s not broken, don’t fix it” mentality. Until recently there has been the kind of focus you would expect in changing how we protected data. This data includes everything from customer and business data to personal data held by various entities that could cause harm if it were to fall into the wrong hands. This is compounded by the fact that “publishing” information to the internet is so easy.

Despite the risk, we still hear the famous “budget” excuse for not adopting an affordable and comprehensive system to protect their corporate intellectual property. We also hear the “I’ll do it myself” excuse. Well, we all know at the end of the day how this ends up; expensive and incomplete.

I think overall every company has a responsibility to protect corporate data, but I don’t think every company yet shares the same thoughts on how best to do this. So the result being “So now we’ve got a scaled-back, overworked IT security team battling against well-funded, tech savvy criminals.”

mgallegos Uncategorized Active Directory

It’s a great opportunity when a company get’s to tout its achievements. This blog post shares it’s enthusiasm for not just one of Ensim products but for both Ensim Unify Service Provider Edition and Ensim Unify Enterprise Edition.

Ensim Unify Service Provider Edition took home TMC’s 12th annual Internet Telephony Product of the year award.

“Internet Telephony is happy to recognize and honor Ensim for their development of IP communications technology. With Ensim Unify Service Provider Edition, Ensim has further proven its commitment to quality and excellence while addressing real needs in the marketplace,” said Rich Tehrani, CEO, TMC. “We look forward to more innovative solutions from them in the future.”

Ensim Unify Enterprise Edition has been recognized numerous times this month in industry articles, most recently by KMWorld, covering the latest in content, document and knowledge management. Ensim’s most recent release, SharePoint Manager …

“…ensures that when users are provisioned and managed, business and policy objectives are met on a secure, cost-effective basis.”

Thank you once again for all the great support!

mgallegos Uncategorized Ensim Unify, enterprise, Service Provider, SharePoint

There is nothing better then honest customer feedback in a news article. In eWeek this past week, Wayne Rash wrote an article called “For Change Management, First, You Need a Plan”. Find the full article here.

The article highlights, how a group of IT professionals approach change management from their individual perspectives. Rash also provided industry analysts viewpoints on this critical issue. We’d like to draw your attention to Network Engineer, Paul Smith at Metafore, who participated in the interview and is currently running Ensim Unify Enterprise Edition.

“It’s removed a lot of administrative overhead for my department,” Smith said, “and it’s saved a lot of time. We used to have a lot of manual steps for user management. We don’t have those steps anymore. From my own experience it has lowered [the number] of errors.”

We truly appreciate the feedback.

mgallegos Uncategorized Active Directory, Add new tag, change management, eWeek, Identity & Access Management, User Provisioning

We are pleased to be included in Eric Rux’s post reviewing 4 different AD management tools. You can find the article here.

The test parameters were pretty straightforward - running through five typical administration tasks that the build-in Microsoft tools (ADUC) either don’t do or don’t do very well. Those tasks were “user provisioning (e.g., AD, Exchange, BlackBerry, ERP), Exchange provisioning (e.g., data store based on last name/department), delegation of duties, user de-provisioning a user (e.g., scramble username, reset password, remove from external system), and reporting for audits.” These represent a good cross section of tasks that can become very time consuming in medium and larger organizations.

Eric notes that the four products have similar methods for helping you streamline the process of provisioning new users. If every new user needs to be a member of an ERP Application global group, for example. Another common example of user provisioning is integration with an HR database. AD is often populated with data from an HR database. This can work in one direction or in both directions depending on the requirements.

Of course we were thrilled with his Recomendation:

If you need provisioning outside of Active Directory that includes BlackBerry Enterprise Server, Exchange 2007 or 2003, Google Apps, and Microsoft Office Communication Server (OCS), look no further.

Scott Young Uncategorized

Apologies readers for the prolonged silence on this blog. Let me pick up the discussion from where I left in my last post.

We already talked about the need for request management and customized workflows. Next I want to talk about re-provisioning or maintenance of OCS configuration for user accounts.

On a typical day, IT help desk in a mid-to-large enterprise handles hundreds of support incidents related to user configuration updates. Depending on the business rules and regulations some of these updates can be continually complex and time consuming. These updates often fall into three broad categries:

1. Updating the use configuration settings for a user. A user may have been promoted or moved to a different project and hence the entitlements for the user have changed. Or, may be the user account was mis-configured to begin with and now needs to be synchronized with their entitlements and configured accordingly. In either of these scenarios an administrator has to manually fix the configuration settings for the user account.
2. Often system administrators do a phased roll out of various OCS features. They start with a initial set of features for a small group of people and then later expand the coverage to a bigger group with more and more features. Planning a phased rollout has always been a maintenance nightmare for administrators.
3. Additionally, system administrators are continually improving the business processes which eventually results in changes in entitlements for existing users or re-provisioning of user accounts with new configuration settings on different server pools.
   The provisioning system should be extensible enough to adapt to the enterprise’s specific needs not just from an initial on-boarding perspective but also as an ongoing update to enforce the rules and policies for all users.

Ensim Unify enables system administrators to automate several maintenance processes which can be configured to ensure that everybody’s entitlements are enforced in the account settings. For example – if the SIP URI for a user is configured to be same as their email address, the maintenance jobs will ensure that this rule is enforced at all times. Any inconsistencies or mis configurations in the deployment will be detected and corrected by the system without requiring any administrator intervention.

agupta Uncategorized

In my last post we discussed various considerations around request management and how administrators can use Ensim Unify to quickly integrate OCS user provisioning with their existing provisioning request management. Once administrators have overcome the integration with their request management systems, the next challenge they face is how to customize the provisioning workflow based on various business rules and policies.

Issue #2 : Customizable provisioning workflows
Most enterprises have various business rules and regulations which drive entitlements for all users. In regulated environments these rules can be very complex and strictly enforced. Typically these business rules define the various OCS options that will be enabled for each user and the OCS server pool on which the user account is provisioned. A global enterprise can have various considerations like - geographical location, SLA committed, department or project group in determining the server pool location while processing the provisioning request. Similarly, OCS entitlements could be a combination of some of these considerations.

The one-click template based provisioning from Ensim Unify allows system administrators to integrate Ensim Unify with their entitlement engine and at the same time hide the complexity from junior administrators . Additionally, Ensim Unify offers automated capacity management to implement OCS server pool location based on various internal rules.

Provisioning is not a one-time event. Re-provisioning and addressing daily moves, updates and changes continually takes up administrator’s time and attention. In my next post I will address some of the issues around change management and how Ensim Unify addresses those issues.

Amit Gupta
Director – Product Management
Ensim Corporation
Email: agupta@ensim.com

agupta Uncategorized OCS user provisioning, provisioning workflows

Over the past few months, we have helped several Fortune 100 customers get a handle on their OCS provisioning and ongoing management of user changes. Because the process was so interesting and insightful, I wanted to relay the key issues that we solved in some of these OCS deployments in the hope that many of you will be able to better prepare for these – you won’t be able to avoid them, but knowledge is half the battle. I’ll break each issue in an article of its own and try to provide as much details as possible.

Planning an OCS deployment and rollout for a mid to large enterprise (anything over 10,000 seats) is complicated at best, daunting at its worst. System administrators have to carefully evaluate the capacity requirements, network topology, telephony deployment scenarios and various other considerations before they can put together a project plan for OCS rollout. As administrators plow through various stages of this plan, they almost always neglect the provisioning or on-boarding process, which eventually becomes a gating item for their rollout.

While some administrators may be able to work around the provisioning challenges by working through the native Active Directory or OCS management interface, for most mid to large organizations it will be almost impossible to handle all the provisioning requests manually.

Issue #1: Integration with existing systems

Each enterprise has an existing mechanism for triggering the new-hire or on-boarding request and this request management mechanism should be updated to address OCS provisioning for new hires. System administrators, typically, would have a tailored request management system, however in most cases it is a variation of the following few scenarios:

• Often HR system is the first IT system that gets seeded with the new hire information and from there on a request is triggered to provision various IT services like mail, telephone, access card etc for the new employee. Some of these services might require some manual approvals and might be addressed offline. An administrator will have to augment this new hire process to further add OCS provisioning requests for new employees automatically based on their entitlements.

• Because of additional Microsoft CAL implications some enterprise may not want to roll out OCS for all employees and may want to implement a charge-back mechanism for business units or cost centers before OCS access is enabled for requested employees. Typically, in such cases an administrator has to update an existing (or build a new ) intranet website for managers to request OCS service for their direct reports or setup a self registration page for employees. These intranet pages should be further integrated with the charge back systems to make sure that the cost center or the business unit is billed accordingly.

• Additionally, an enterprise might have an ERP system or identity management framework implemented which will have to be updated to trigger OCS provisioning requests as new identities are created in the IT systems.

Ensim Unify OCS Manager has robust extensibility through web service APIs. These APIs implement most WS-* standards enabling inter-operability with any existing system and allowing system administrators to address any of the scenarios mentioned above. More technical details will follow in some of the subsequent articles.

While this is just the first aspect of OCS user provisioning, it is clear that system administrators should include user provisioning in their upfront planning to avoid any hiccups during the rollout.

Amit Gupta

Director – Product Management

Ensim Corporation

Email: agupta@ensim.com

agupta Uncategorized Identity & Access Management, OCS, OCS Deployment, Office Communicator 2007, User Provisioning

It’s now on my calendar, SysAdmins Day - its the last Friday of July and believe it or not - we just celebrated it. I found this in one of the blogs I often read. However, it was the comments that I enjoyed most; one said:

“I’m an IT guy, if you want to appreciate me, then for one day stay away from my desk, my phone number, and my email address. That will be appreciation enough.”

I laughed to myself, but I can see his point - just think about all the responsibilities a System Administrator has:

• staff training and support
• software installation, maintenance, and upgrading
• hardware installation, maintenance, and upgrading
• research and trouble shooting
• routing network administration and maintenance
• network documentation and network management in some cases
• database supervision
• etc. etc.

Depending on the size of your organization, the tasks, complexity and workload increase. So “hats off” to the IT professionals out there. There are companies out there trying to make your life easier. 

mgallegos Uncategorized Active Directory, Exchange