What users love (and hate) about 4 leading identity management tools

Four of the top identity management products on the market are Oracle Identity Manager, CA Identity Manager, IBM Tivoli Identity Manager, and SailPoint IdentityIQ, according to online reviews by enterprise users in the IT Central Station community.But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.Oracle Identity Manager Valuable Features: "The most valuable features are the attestation of identities and the robust set of identity analytics." - Mike R., Lead Solutions Architect at a media company with 1000+ employees "I feel the Provisioning and Reconciliation Engine as well as the Adapter Factory are the most valuable, apart from the standard features which most identity management solutions provide." – Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees "Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager." - Mwaba C., Identity and Access Management at a manufacturing company with 1000+ employees Room for Improvement: "With Oracle, it's always about the learning Continue reading

Cities, not cornfields, draw data centers

Google built a data center in an Oregon town with a population of about 15,000. Yahoo established chicken-coop style data center in New York state farm country. And Apple runs an iCloud data center in rural North Carolina.But building big data centers in rural areas may be more the exception than the rule. Most data centers are located in, or at least close to, major Metro areas, acording to a new study. flickr/Tony Webster Google Data Center - The Dalles, OregonTo read this article in full or to leave a comment, please click here

Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored)

Ethan and Greg speak with Olivier Huynh Van, CTO and Co-Founder of Glue Networks, and learn about its network orchestration solution, Gluware. Gluware is designed to build and re-use network models to provide abstraction and simplify network provisioning and configuration.

The post Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored) appeared first on Packet Pushers.

Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored)

Ethan and Greg speak with Olivier Huynh Van, CTO and Co-Founder of Glue Networks, and learn about its network orchestration solution, Gluware. Gluware is designed to build and re-use network models to provide abstraction and simplify network provisioning and configuration.

The post Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored) appeared first on Packet Pushers.

Why Would You Need BGP-LS and PCEP?

My good friend Tiziano Tofoni (the organizer of wonderful autumn seminars in Rome) sent me these questions after attending the BGP-LS and PCEP Deep Dive webinar, starting with:

Are there real use cases for BGP-LS and PCEP? Are they really useful? Personally I do not think they will ever be used by ISP in their (large) networks.

There are some ISPs that actually care about the network utilization on their expensive long-distance links.

Read more ...

“Split and smear” your security policies: Static Unidimensional vs. Dynamic Multi-Dimensional Policies

In my previous post I explained why current security architectures aiming at inspecting all inline traffic via hardware appliances are failing to provide proper segmentation and scale in modern day data centers.  As I described, this has nothing to do with the type of security technology being deployed but rather with engineering security services that can answer the requirements of scale, high bandwidth, micro-segmentation and distributed applications.

We have to remind ourselves why we are having these architectural discussions: the application and service landscape has been virtualized, generally in excess of 70%, while entertaining any cloud solution will force you down the path of moving to 100% virtualization.  Yes, there are still physical servers and legacy applications to which we will extend security services to.  But instead of being the norm, we now have to consider their place in the overall architecture as exceptions and design security and networking services around what makes up the bulk of the workloads, i.e. virtualized applications in the form of VMs and containers.

With this understanding, let’s discuss how years of deploying hardware security architectures have boxed us in a complex unidimensional, sequential approach to security policies and how we can now move beyond this implementation scheme with virtualization and the proper software tools. Continue reading

Pim Sparse Mode

Pim sparse mode – Multicast is used to send the data to the multiple receivers at the same time. Multicast reduces the load on the servers (Senders/Source in multicast term), provides efficient capacity usage on the network links. Figure – 1 Unicast vs Multicast Flows Multicast runs on top of UDP. Multicast uses Class D […]

The post Pim Sparse Mode appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Pim Sparse Mode

Pim sparse mode – Multicast is used to send the data to the multiple receivers at the same time. Multicast reduces the load on the servers (Senders/Source in multicast term), provides efficient capacity usage on the network links. Figure – 1 Unicast vs Multicast Flows Multicast runs on top of UDP. Multicast uses Class D […]

The post Pim Sparse Mode appeared first on Orhanergun.

Apple wants government to form commission over FBI demand

Apple CEO Tim Cook has asked the U.S. government to withdraw its court action demanding tools that will allow the FBI to hack the passcode of an iPhone, and instead set up a commission of tech, intelligence and civil liberties experts to discuss "the implications for law enforcement, national security, privacy and personal freedoms.""We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists," Cook said in an email Monday to Apple employees. Apple said it would gladly participate in the commission.The FBI has sought help from Apple for a workaround to the auto-erase function in an iPhone 5c, running iOS 9, which was used by Syed Rizwan Farook, one of the terrorists involved in the San Bernardino, California, attack on Dec. 2. The FBI is concerned that without this workaround from Apple it could accidentally erase data, while trying to break the passcode by "brute force" techniques.To read this article in full or to leave a comment, please click here

New products of the week 2.22.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Skytap Provider for VagrantKey features: The Skytap Vagrant plugin provides a common interface for all Vagrant resources, and offers software engineering teams the ability to instantly synchronize a local development stack with on-demand cloud-based environments. More info.To read this article in full or to leave a comment, please click here

New products of the week 2.22.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Skytap Provider for VagrantKey features: The Skytap Vagrant plugin provides a common interface for all Vagrant resources, and offers software engineering teams the ability to instantly synchronize a local development stack with on-demand cloud-based environments. More info.To read this article in full or to leave a comment, please click here

The disingenuous question (FBIvApple)

I need more than 140 characters to respond to this tweet:

It's an invalid question to ask. Firstly, it's asking for the emotional answer, not the logical answer. Secondly, it's only about half the debate, when the FBI is on your side, and not against you.


The emotional question is like ISIS kidnappings. Logically, we know that the ransom money will fund ISIS's murderous campaign, killing others. Logically, we know that paying this ransom just encourages more kidnappings of other people -- that if we stuck to a policy of never paying ransoms, then ISIS would stop kidnapping people.

If it were my loved ones at stake, of course I'd do anything to get them back alive and healthy, including pay a ransom. But at the same time, logically, I'd vote for laws to stop people paying ransoms. In other words, I'd vote for laws that I would then happily break should the situation ever apply to me.

Thus, the following question has no meaning in a policy debate over paying Continue reading
1 3,165 3,166 3,167 3,168 3,169 3,878