OSM News


Solutions	\| User provisioning \| Job scheduling \| Output management \| \| Operations workflow management \| Security \|
Products	\| COSuser \| COSbatch \| COSprint \| COSduty \| \| OSM toolset \| Secure shell auditing \|
Customer service	\| Support and maintenance \| Education and training \|
Resource library	\| Datasheets and brochures \| White papers \| \| Article reprints \| Presentations \| Press releases \|
Partners	\| Locate a partner \| Technology partners \|
About OSM	\| Our company \| Contact us \| Legal information \|

Skybot Software Announces the Acquisition of Open Systems Management more...

home | contact | COSbatch | COSprint | COSduty

Architecture overview

- For an overview of COSuser access the COSuser datasheet

- For a more complete description of its functionality, read the COSuser white papers

COSuser logical configuration diagram

COSuser logical configuration diagram

COSuser Master Server

At the center of any COSuser environment lie one or more COSuser Master Servers. They manage all object data (data about policies, users and access levels, for example) in the COSuser environment and are the point of interaction for the COSuser administrator(s). The main characteristics of the COSuser Master Server are:

Runs on the major variants of UNIX and Linux (Note: a Microsoft Windows port is expected shortly)
MS Windows, X Window system, command line and web browser user interfaces
Hosts the central repository of all user information for employees and contractors
Hosts the Policy Engine for defining roles, rules, templates and other organization specific variables
Hosts the Transaction Engine which incorporates technology from OSM's network-aware job scheduler, COSbatch (www.cosbatch.com)
Hosts the Reporting and Audit Engine which maintains and presents data on every activity carried out through COSuser
Hosts the server component of the communication methods and knowledge base required to provision applications residing on all major variants of UNIX, Linux and Microsoft Windows operating systems
Provides a single point of control for all user access information
Contains inbuilt failover capability so that work may continue in the event of a server going down
Comprehensive access controls
Delegation engine modelled on OSM's COSduty-SSA (www.cosduty.com) product
Integrated with BMC PATROL for proactive monitoring

COSuser Agent

By loading a COSuser Agent on any managed server, any user accounts on a UNIX, Linux or Microsoft Windows system within the enterprise, including the COSuser Master Server, can be managed by COSuser. The main characteristics of the COSuser Agent are:

Runs on all major variants of UNIX, Linux and Microsoft Windows operating systems
Needs to be loaded only on those systems where user registration is required
Supports OSM-specific encrypted communications and SSH
Lightweight, installable from the COSuser Master Server by OSM supplied software and requiring no host-specific license key
May be run on the COSuser Master Server rather than on a remote system in the event that a satisfactory communications method with inbuilt encryption is available on that remote system
Executes any task scheduled by a COSuser Master Server

COSuser Target Knowledge Base (TKB)

In order for COSuser to register, change or disable/delete user information on a particular infrastructure element such as an operating system, database or application, it requires knowledge of how to carry out the task. Each application will have its own command line interface, API or other method of communicating user information and this is encapsulated within COSuser via a Target Knowledge Base, or TKB. Unlike most of COSuser's competitors the TKB is abstracted from the communications method used to link with the application, so that they may be more easily and quickly developed.

OSM provides a number of pre-developed TKBs from its TKB Library, plus a TKB Wizard for quick development of new TKBs for customer-specific applications. OSM trained technicians can typically develop new TKBs in a 2-4 day timeframe using the Wizard.

COSuser Interactive TKB (iTKB)

For larger sites, or those needing to establish a central repository of user information quickly to meet audit requirements, OSM offers the iTKB. The development of automatic TKBs that will register, change or de-register user accounts without human intervention can be a time-consuming experience for users with many custom applications, even with the TKB Wizard. The importing, cleaning and linking of existing user information from applications can also delay implementation benefits. The iTKB can be used by users of COSuser to instruct responsible parties to manually provision/deprovision user information while automation progresses with all transactions being audited and the central repository updated. The main benefits of using the iTKB include:

quicker implementation time for those users whose main business driver is a central repository of employees/contractors and where they have accounts
integrated provisioning of applications which would provide a low RoI on the development of an automatic TKB
integrated provisioning of applications which would not allow automatic provisioning e.g. those without an API or CLI for user management functions
physical and non-physical asset management e.g. tracking of laptops, cell phones, home telecoms etc.

- For further information on the iTKB download the iTKB datasheet

Transaction engine

Large scale organizations with large user bases and significant numbers of user-related transactions require a background transaction engine to provide scalability and control. It is normally better to run only essential transactions, e.g. disabling a leaver, in real time while scheduling non-time critical transactions to occur in quiet time.

To that end, all transactions executed by COSuser are implemented through a scheduling module which uses technology from COSbatch (www.cosbatch.com), OSM's fully featured, network capable job scheduler which is available for general purpose use as a separate product.

Delegation engine

COSuser contains duty management and delegation functionality modelled on another OSM product, COSduty, itself available as part of a separate product, COSduty-SSA. This "delegation engine" complements COSuser's user provisioning functionality by providing management for interactive processes. Its main characteristics are:

Allows simple and complex administration processes to be captured and re-used from a simple to use GUI
Enforces best practice and standard policy
Supports the allocation of encapsulated processes to whomever is delegated to perform them
Allows processes that would normally require privileged access permissions to be run without the individual carrying out the task being granted privileged access
Provides fine control of who can run which processes, when they are allowed to and on which systems
Audits all activity and manages audit trails

- For a description of the functionality of COSduty-SSA, visit the COSduty-SSA web site.

Other modules

COSuser may also be integrated with BMC Software's PATROL by means of the COSuser Knowledge Module ("KM") for PATROL. This allows PATROL to pro-actively monitor COSuser resources and react to, or escalate any significant problems.

- For more information on the COSuser KM for PATROL download the COSuser KM for PATROL datasheet.

The COSuser web browser based workflow functionality allows users to request new accounts or shares, and change and request new passwords through a web browser interface. Requests are automatically routed to line and resource managers to approve before being committed.

- For more information on the COSuser web browser interface download the COSuser web browser based workflow datasheet.

Other sources of information

- Download datasheets (including those referenced above), white papers, case studies, and Microsoft PowerPoint presentations from the resource library.

Privacy

Legal

Contact