With the release of Windows Server 2008 early next year, Microsoft will start releasing a wave of products to improve on current modes of data protection and credential management.
The tools will make progress toward unseating the password as the primary means for end users to gain access to resources in the enterprise. For the past couple of years, Microsoft's chairman Bill Gates has predicted the death of the password. To that end, the company has grown its identity and access management portfolio.
Next year, IT managers will see new versions of Microsoft's Identity Lifecycle Manager (ILM), updates to Active Directory Federation Services as well as its Rights Management Services (RMS). Also, Windows Server 2008 has a feature called the Read-Only Domain Controller, which lets administrators install a domain controller that is only a replica of the domain databases.
In the Windows server enterprise, it is Active Directory that functions as the manager of identities. AD keeps track of not just people but any network resource too. Another password management technology built into Windows is the public key infrastructure called Active Directory Certificate Services.
This technology provides a certificate authority, which essentially binds credentials with an identity, said Doug Leland, general manager of Microsoft's Identity and Access Management Business Group. "As you move to certificates you have a stronger way to authenticate users who have not been in contact with each other before," Leland said.
Active Directory Federation Services, which also ships as part of the Windows Server license, lets companies federate or extend identities beyond the organization. The idea is to let corporations transact with a partner organization that lives on a separate trusted network.
Microsoft sells ILM and RMS as add-ons to Windows Server 2003.
ILM 2007, which shipped in May, determines who has the right to access a resource. This product decides what resources, applications, data and networks an employee should have access to, and it manages those privileges over time and cleans everything up should an employee leave the company so there are no lingering identities, Leland said.
ILM issues the end user strong credentials, such as certificates and smart cards, he said. A new version of ILM is due in the latter half of next year and is expected to offer improvements to the provisioning capabilities.
Rights Management Services, which is also licensed separately from Windows Server 2003, helps control permissions around a document. This technology provides protection that is persistent, Leland said. In other words, it protects "not just within the boundaries of the enterprise but also when it leaves the boundaries of the enterprise," he said.