ARCHITECTURE

All components included.

WBSVision is an Open Source based in appliance architecture of Identity Management that features all the components that are necessary to have all its functionalities (kernel 64bits, operating system, applications, modules…)

Open Source Platform

The Appliance architecture of WBSAirback is based in Open Source components and open standards. We develop our own GNU/Linux distribution with kernel 64bits, containing strictly those packages necessaries for the platform functionalities.

Appliance platform

WBSVision can be deployed through any of the available hardware appliances (Soho andEnterprise). WBSAirback can also be deployed in many virtual platforms (VMWare, KVM, Citrix Xen…).

Management and monitoring

WBSVision has several management interfaces that serve to manage and administrate the appliance via web, CLI and REST.
It also includes several monitoring mechanisms (Syslog, SNMP Community, WatchDog and REST).

Security and availability

WBSVision includes a big range of mechanisms that assure the data security, confidentiality (secured access, multiple management roles, access audit…) and availability (cluster architecture, backup service…).

DIRECTORY SERVICES

Directory and federation services

WBSVision incorporates “Directory Services” that allow unifying the management of users, groups, directories (metadirectory management), etc., as well as advanced edition of directory objects and schemes (for advanced administrators) and a management hierarchy system for geographical distribution of users and remote delegations.
Directory Services are conceived to register, show, authenticate and authorize users inside one organisation.

LDAP Service

WBSVision is on itself a Directory Service based in the LDAP standard, through which it is possible to manage identities within an organisation. As any other type of directory, this component stores, organizes and grants access to the information stored in the system databases; therefore it allows value searching. These values, as a word in a dictionary, may have several definitions or different types of data translated to directory language.

Meta Directory Services

WBSVision has mechanisms in a native way to make Identity Management easier through integration with other directory services, allowing to manage them from a unique device, as well as to synchronize the information generated from any of them to WBSVision. The integration components are included in the base product and they do not require the purchase of any license.

Identity Provider Service

WBSVision allows to define the different providers of service that it will include in the security domain managed by the platform. Their configuration must be defined in the product. Configuration is made based in a SP type (based in SP of Simple SAML or based in a generic SP) and based in xms metadata that has to be uploaded through the interface to interact with the IdP service of the platform and the SP.

IDENTITY MANAGEMENT SERVICES

IdM Suite in-a-box

After the normalization process of the organisation in the Directory, it may be necessary to describe extended processes related to Identity Management. Sometimes, corporative environments do not admit the complete consolidation or normalization of identities in the associated directory services, so WBSVision offers added services that allow the provision of identities in different repositories of different natures.
Through different functionalities included in the platform we give a solution for the needs or an organisation in relation with its Identity Management processes.

Role and Profile Management

WBSVision provides role and profile management mechanisms, allowing normalizing the access that every user has depending on its roles.

User provision

WBSVision provides automatic user supply mechanisms on repositories managed based on the role and profile Identity Management previously established. This makes it possible to parameterize the supply, as well as the authorisation mechanisms associated to it.

Password Management

WBSVision, through the Identity Management services allows to synchronize passwords in all the applications and it also establishes rules to manage these passwords.

Delegated Administration

WBSVision has a portal oriented to Identity Management services for users. Graphic content (logotypes, stiles) can be parameterized by administrators. There is a safe access to the portal (https) with a user and a password, digital certificates or safety questions that the user had previously defined. In the access portal there may be aterms of condition or legal acceptance form that can be parameterizedto be shown each time there has been a modification.

Self-Service

The self-services on the portal allow users to access a set of general functionalities and to access personalized forms depending on the user role. Among others, the users access to functionalities such as visualization of personal basic information, visualization of corporative safety information or change of password mechanisms, both in their own accounts as in generic accounts the user is responsible for.

SECURITY SERVICES

Security and auditory services

WBSVision incorporates Security services that allow the management of authentication services based in multiple protocols and in digital certification.

Authentication Service

WBSVision allows a user or device to verify its identity and to grant its access to a specific environment and audit it. This authentication can be made through any of the following services included in WBSVision:

  • LDAP
  • Kerberos 5
  • RADIUS/802.1x
  • X.509 Certificate

These services offer interfaces that can be used in a native form by most applications, so it is possible to integrate it with the consolidated directory of WBSVision.

Certification and Validation Entity

WBSVision features a certification entity responsible for sending out and revoking digital certificates or certificates associated to registers and values of the directory, usually users and devices. The Certification Authority can verify the identity of the solicitor before its expedition or, in case where certificates should be sent out with the revoking condition, it eliminates the revocation of the public certificates sent by other certifying entities once the identity is verified. It is also possible to store the public certificates that have been sent out by other certifying identities with the object to be consulted by other users or to be validated through the RESTful web services by any application.

ADVANCED NETWORK SERVICES

Network Services

WBSVision incorporates “Advanced Network Services” that allow advance management of network services, such as DNS, DHCP, NTP and ZeroConf in an easy way.  We relation the main functionalities of the Advanced Network Services below:

DNS Service

The Domain Name System service uses the distributed hierarchic database, storing information associated to domain names. This service can be used in a standard way by any equipment in a private net(work) or in Internet.

NTP Service

This service synchronizes systemwatches based in a standard Network Time Protocol. This protocol uses the Marzulloalgorithm with the UCT time scale, including support for features such as intersperse seconds. Operating systems usually contain NTP clients so they can use this product to synchronize their time.

ZeroConf Service

WBSVision features “ZeroConfService” that allows that systems who use compatible protocols to find compatible services (Avahi, Bonjour, DNS-SD, etc.) can identify a WBSVision platform as soon as they connect the system to the network. With this service, two WBSVision are put together easily to create a high availability architecture and balance of charge.

DHCP Service

The Dynamic Host Configuration Protocol service provides the local network a network protocol that allows the nodes (or equipment) of an IP network to obtain its configuration parameters automatically.

INTEGRATION AND MANAGEMENT SERVICES

Integration and Management Services

WBSVision features several modules to obtain integration with the most common and used services in the net. Through these integrations, WBSVision allows to manage users and devices more efficiently.

WatchDog

Generically, this component is a kind of temporizer of hardware or software watching that activates a reboot of the system or any other corrective action when the main program, due to any failure (such as a block) refuses to communicate with the Watchdog. The aim is that the system goes back to the normal state of working. The Watchdog service puts together the knowledge of the support centre of first level, reason for which it watches the correct operation services. It canalso act based in specific protocols for each case and informing the administrators.

Update engine

The whole system is built in relation to components and packages. The WBSVision manufacturer, WBSgo, puts on disposal of the clients with active subscription a package repository that contains information with dependency between them; with what the system can make automatic updates if the administrator asks for them. The packages make automatically the whole update process on their own, without the administrator intervention, except to launch the process and review the available updates. In the updating process, the product connects automatically to our repository through a direct Internet connection or through a proxy server and presents the updates of packages available. Once the administrator decides to upgrade the product, the process is made automatically, communicating with the administrator just to inform that it has successfully concluded.

Backup engine

The system features two different methods of backup and restoration: “Bulletproof” technology (the product has an intern engine that makes snapshots of the database of the directory and the configuration of the services and the system. The shots can be launched by the administrator or automatically) and the Database copy (unlikely like the previous, in this it is only possible to recover database elements, not of the system configuration).

SNMP

WBSVision® llows monitoring SNMP through any standard tool in the market, such as Nagios, HP OpenView, BMC Patrol.

WADL Language

WADL Language is based in XML and subscripted to W3C committee. The purpose of this language is to allow REST web services to be described in a recognizableformat for a machine.

Authentication and http verbs

Security on these services is based in HTTP authentication, in which previously the request of HTTP the user is added with the password at the top of the message. The password is sent in base64 codification, which is decoded by this product for authenticating the user.

API RESTful

RESTful Web Services

Restful Web Services are an easier alternative to services based in SOAP and WSDL. The decision to incorporate this technology corresponds to REST gaining more adepts and it is a fundamental part in Java EE 6 through API JAX-RS. Nowadays, RESTful Web Services are used by organisations such as Google, Yahoo or Amazon to interconnect applications with their services.
WBSVision incorporates RESTful Web Services that allow integration of directory services from the applications in a native form. One REST interface (Representational State Transfer) offers software architecture for hypermedia systems distributed via Internet. The architecture has been developed in parallel with the HTTP 1.1 standard based in the HTTP 1.0 design. An implementation REST is the own World Wide Web.
The RESTful web services are implemented from the REST perspective and they offer a series of operations client-server based in the verbs or methods HTTP. Unlike SOAP, that is a protocol, REST is an architecture that offers much lighter services. The operating of this service is defined in a standard form via a WADL description. The RESTful Web Servicesempower using a great number of WBSVision services such as Cloud Services.

REPORT AND AUDITIONING SERVICES

Data analysis

This native module of WBSVision allows visualizing basic security information about modifications, passwords, directory entries and a big report number related to indicators, reports and auditioning. In addition to this module of indicators and reports, WBSVision counts with an advanced module of Business Intelligence to create personalized informs and dashboards. This module is integrated in the Users Portal and it is based in a strategic OEM agreement between WBSgo* and the Spanish company Datknosys. With this module the set of reports and the dashboard indicators requested in the technical prescription sheet are deployed.

FEDERATION SERVICES

Federation Services

WBSVision features a module of Federation Services that allows authenticating users of any repository in a security domain that the own user establishes. This makes it possible for an organisation to have the same authentication policy for users in heterogeneous intern services (local applications like Windows, Intranet, etc. devices), extern services (third organisations) and even the Cloud (GoogleApps, SalesForce, etc.). With this, it preventsthat access passwords for extern services or cloud services do not fulfil the password policyestablished by law and security holes. It also offers a Single Sign On service to avoid that users need to sign in multiple times for different applications, being it possible to do a Single Sign Out. WBSVision uses SAML2 standards and ADFS standardsso interoperability is granted when it comes to connectingmost of the services.