Upload
ca-technologies
View
303
Download
3
Embed Size (px)
Citation preview
World®’16
Who’sMindingyourSSOStore?
JasonWilcoxSr.ServicesArchitect
SCX16E
SECURITY
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
AttheheartofyourenterprisesecurityinfrastructureisyourCASingleSignOnwebaccessmanagementenvironment.Sometakeitssimplicityforgranted,thesilentworkhorsethatprovidesagreatuserexperienceacrossyourappswithhighperformanceandreliability.ButwhoandwhatiskeepingtabsonyourCASSOapplication?
Inthissession,wewillexplorebestpractices,methodsandtoolsthatcanbedeployedtomonitorthehealthofyourmissioncriticalwebaccessmanagementsolution.Wewillcover:
ThekeyaspectsofwhatimpactstheperformanceandstabilityofyourCASingleSignOnsolutionHowtotraceaproblemtorootcauseusingtoolslikeCATraceLogReader,APMforSSO,Spylogix,andSplunk.HowtocreateamonitoringandalertingstrategyforyourCASingleSingOnSolution.HowtousemonitoringdatatotuneandoptimizeyourCASingleSignOnSolutioncomponents
JasonWilcox
CAtechnologiesSr.ServicesArchitect
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
WHO’STALKINGTOMYPOLICYSERVER,ANDWHYDOICARE?
MST=T/ATT(S),YESMATHMATTERS
ESTABLISHINGAPROACTIVEMONITORINGPROGRAM
WHATARETHESSOKPI’S
HOWDOIMONITORTHOSEKPI’S
BUYWHYDOESITMATTER?
1
2
3
4
5
6
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AgentsConnection
§ WebAgentopenstheTCPconnectiontothePolicyServer– Bydefault,underload,theweb
agentwillopenamaxof20sockets– Connectionsare“long-lived”
§ PolicyServerclosesconnections– IdleTimeout(minutes)in
SMConsole– Non-IdleTimeoutvia
AgentConnectionMaxLifetime inXPSObject
AgentsOpentheConnection,thePolicyServerCanClosetheConnection
Authoriza
tion
Authen
tication
Administratio
n
Accoun
ting
AdministrativeUIUserStore
PolicyServer
Protected Resources
PolicyStore
WebServer
WebAgent
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AgentConversation
§ Individualsocketsaresynchronousconnections
§ OncetheWebAgent“asksaquestion”tothepolicyserver,thatsocketconnectionis“busy”untilthePolicyServerresponds
TheConversationisaRequest/ResponseModel,NoInterruptionsAllowed
Authoriza
tion
Authen
tication
Administratio
n
Accoun
ting
AdministrativeUIUserStore
PolicyServer
Protected Resources
PolicyStore
WebServer
WebAgent
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AgentSecurity
§ AgentAPIinitiatesaconnectionwiththeTrustedHostNameandSharedSecret– Handshakeincludesestablishing
encryptedchannel– Retrievesoperationalparameters
fromtheHCO– Retrievesconfigurationparameters
fromtheACO(OrLocalConfig)
TheConversationStartswithAuthentication,andCreatedanEncryptedChannel
Authoriza
tion
Authen
tication
Administratio
n
Accoun
ting
AdministrativeUIUserStore
PolicyServer
Protected Resources
PolicyStore
WebServer
WebAgent
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TopicstheyDiscuss
§ OverthisTCPconnectiontheWebAgentsendsthefollowingAgentAPIcommands:– isProtected()– isAuthenticated()– isAuthorized()
§ NottheonlycommandsbutthosearetheprimaryfunctionsoftheAgent.
AgenttoPolicyServerCommunicationisPrimarilyRequest/Response
Authoriza
tion
Authen
tication
Administratio
n
Accoun
ting
AdministrativeUIUserStore
PolicyServer
Protected Resources
PolicyStore
WebServer
WebAgent
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ThePolicyServerresponds
§ Wecanseethereactorthreadtakingtheserequestsandputtingtheminthequeue
§ Nowontheotherendofthequeue,wecanseewhatarecalled“Workerthreads”tohandlethework
WhentheAgentComesKnocking,WhoAnswers?
WebAgent
ReactorThread
WorkerThread
PolicyServer
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ConfiguringWorkerThreads
§ Theworkerthreadsareconfiguredhereinthemanagementconsole– defaultisfor20worker
threadsinCASiteMinderR12.5x
§ Howmanydoyouneed?
ThreadsNeverDie,OnceReachedTheyWillAlwaysAtMax
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatDoWorkerThreadsDo?
§ Workerthreadsdothework!
§ Theworkerthreadstaketheitemoffthequeue,andgototheUserStore,PolicyStore,SessionStore,cache,etc…
§ Workerthreadsgenerateassertions
§ Workerthreadsprocessxml
§ Workerthreadsdoeverythingthepolicyserverneedstodo
BeforeICantellYouHowManyYouNeed,WeNeedtoKnowWhattheyareDoing?
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ThreadLocking
§ SimilartotheAgentsocketrequest,theworkerthreadwillcontinuehandlingtherequestuntilitiscomplete.– Forexample,iftheworkerthreadsneedtodoanisAuthenticate()call,
itwillgoouttotheLDAPdirectoryserver.Theworkerthreadwillbeblockeduntiltheldapsearch andbindiscomplete.
– IfanindividualworkerthreadneedstomakemultipleLDAPcalls,thosecallsareprocessedinasynchronousmannerwithinthatthread
– Thisthreadcannotbeusedforanythingelsewhileblocked
WorkerThreadsStartaTaskandareBusyUntiltheTaskisCompletedorTimesOut
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ControlWehavecontrolovertheagentconnections,thepolicyserversockets,andthenumberandlifetimeofeachofthem.
Wedon’thavecontroloverhowlongatasktakestocomplete.
AgentsAgentsinitiateasecureconnectiontothepolicyserver.
Eachagentconnectiontakesupasocketonthepolicyserver.
Eachagentconnectionperformsatask,andisbusyuntilthattaskiscompleted.
PolicyServerPolicyServersreceiverequestsfromtheagentswithareactorthread.Thereactorthreadputsrequestsinthequeueforworkerthreadstowork.Workerthreadsperformataskandareblockeduntilthetaskiscompleted
CheckpointWhatDoWeKnowSoFar?
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MST=t/att(s),YesMathMatters
§ Withtheinformationwehave,wecanbuildapredictivemodelforperformanceandcapacity.
§ Wemustalsounderstandtheimpactsofthroughputonthatmodel,andtheimpactsoflatencyonthroughput.
§ UsingthiswecanidentifyKeyPerformanceIndicatorsthatshouldbeproactivelymonitored,managed,andreportedon.
Rememberthatteacherwhosaidsomedaythiswillsaveyourlife?Yeahitwon’tbutmathstillmatters
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
BuildingOurModel
§ Throughput– Totaltransactionspersecondthepolicyserverisfulfilling(persecond)
§ Latency– Howlongdoeseachtransactiontaketobeprocessed
§ ThreadLatency – howlongbeforeaworkerthreadpullstherequestfromthequeue
§ ExecutionLatency– howmuchtimedoesthatworkerthreadtakeinprocessingtherequest
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TheRelationshipofThreads,ThroughputandLatency
§ Onanysystemwithasetnumberofthreads,throughputandlatencyareinterrelated– Aslatencygoesupthethroughputgoesdown– Asthroughputgoesdownadditionalrequestsarequeuedcausing
increasedlatency
MaximumServerThroughput= !"#$%&'()*!,-!./$('$1)
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WeControlThreads,butNotThreadorExecutionLatency
§ TherearetwoprimaryreasonsforPolicyServerslowdown1. ToomanyAgentAPIrequestscominginforthePolicyServer2. Responsetimefromtheuserdirectory
§ IftoomanyAgentAPIrequestsarecomingin,thethreadlatencywillincreaseiftherearen’tenoughthreadstoservicetheminatimelymanner.
§ Iftheresponsetimefortheuserdirectoryincreasesexecutionlatencyincreases,whichinturncausesthreadlatencytoincrease.
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TooManyAgentAPIRequests
§ Asinglewebpagedoesn’tmeanasinglerequest.
§ HCOsettingslimitingthenumberofagentconnectionsaren’tapplicabledependingontheapachethreadingmodel.
§ Iftheapplicationteamshaveconfiguredtoallow2000maxclients,butyouaresaying20maxconnections….itwillbe2000maxconnections.
§ Atpeaktimes,ifnotproperlymanaged,yourwebserverscanoverloadyourpolicyserverandsignificantlyincreasethreadlatency.
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DirectoryLatencyAffectsThroughputwhichAffectsSingleSign-OnPerformance§ Assumptions
– 15threads
– Averageof7LDAPqueriespertransaction– AverageLDAP(includingthenetwork)latencyis10ms
– Goal:125transactions/sec
§ Averagetransactiontimemustbeatleast70Ms(LDAP)+30msprocessing=100ms (0.1sec)
§ 15threads/0.1seconds=150transactions/secmaximum
§ WhenLDAPgoesto15msthemaximumthroughputdropsto111txns/sec
Using:MaximumServerThroughput=
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
KeepingLowTransactionalLatency
§ Rightsizeconnections,threads,andagentratio’sforloadandhardware.
§ Minimizecustom/thirdpartycodeandoptimizeanycalloutsthatcodemakestoremotesystems
§ UsesmartLDAPsearchesandoptimizeddatabasequeries
§ KeepAgenttoPolicyserverandPolicyservertouserdirectoryconnectionsoverfastconnections– possiblyinsamedatacenter
§ Workwithuserdirectoryteamstoensurethedirectoriesareperformingasrequired
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ThroughputWecanmodelthroughputtoproperlyplanforcapacity.
Wecanmodelwhatevenasmallchangeinthenetworkordirectoryperformancewilldo.
Wecanusethesemodelstobecomeproactiveandpredictive.
ThreadLatencyCanbeaffectedbyalargevolumeofrequests
Canbeaffectedbyhighexecutionlatency
Youmustdothemathinadvanceandrightsizefortheexpectedpeakloads
ExecutionLatencyPoorPolicyDesigncanincreasecallstothedirectorySSOisusuallythevictim,butunlessyoucanproveit,thatdoesn’tmatter.Increasingthenumberofthreadsisnotalwaystheanswer.
CheckpointWhatDoWeKnowSoFar?
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhataretheSSOKPI’s
§ Withtheinformationwehave,wecanbuildapredictivemodelforperformanceandcapacity.
§ Wemustalsounderstandtheimpactsofthroughputonthatmodel,andtheimpactsoflatencyonthroughput.
§ UsingthiswecanidentifyKeyPerformanceIndicatorsthatshouldbeproactivelymonitored,managed,andreportedon.
Knowledgeishalfthebattle,butyouwillstillloseifthat’sallyouhave.
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatdoyouNeedTrack?
UserStoreAccess PolicyStoreAccess Session StoreAccess
CacheSuccessRate CacheMissRate SocketCounts
Max QueueLength CurrentNormalQueueLength HighPriority QueueLength
Avg Authorization Time Avg AuthenticationTime Avg ValidationTime
Avg IsProtected Time MaxSockets TransactionCounts
AgentTransactionTimes AgentCachesettings
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HowCanWeMonitorSSOKPI’s
§ CASMTraceTool
§ CAOneView Monitor
§ CAAPMforSSO
§ SNMP(Splunk,UIM,AnytoolthatcanissueSNMPGET)
§ Spylogix forCASSO
It’snotabouthowyougetthedata,butwhatyoudowithit
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SMTraceToolUnlockingtheDatainYourCASSOLogs
§ LoadandparselogsfromallCASSOcomponents
§ Generatesreportsdetailingperformanceforthatpointintime
§ Identifiespotentialbottlenecks
§ Let’stakealook!!!
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OneView Monitor
§ CentrallyreportsKPI’s
§ Gathersdatafromagentsandpolicyservers
§ Youneedtorecordandgatherthedata
§ Let’stakealook!!!
TheDataisthere,ifYouGoandGetit
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAAPMWhenYouPreferthoseKPI’sWrappedupinaBow
§ BuiltinCASSODashboards
§ Knowinstantlyifthereisaproblem,drilldowntoRCA
§ Dataandanalysiscomestoyou.
§ Let’stakealook!!!
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SNMPIntegratewithYourPreferredTool
§ 60ObjectsaccessiblebySNMPGET
§ 17EventsavailabletobesentviaSNMPTrap
§ Presentthedatahowyouwantitpresented
§ Let’slookatsomesamplesfromSplunk!
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SpyLogix forCASSOCertifiedCASolution
§ FullAnalyticsplatformforCASSO
§ Builtindashboardsforperformance,systemsmanagementandutilization
§ FocusedonMTTRandMTBSI
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhyDoesitMatter?HowwillthisDataHelpMe?
§ User’sarecomplainingabout‘slow’SSOperformance– Whatisthedefinitionofslow?– CanyoushowwhattheperformanceofSSOistocombatthat
impression?– Doestheirdefinitionofslowincludetheloadtimefortheapplication
page?Howdoyoushowifyouareaffectingthat?– Canyoushowhistoricalevidenceofperformanceandstability?
§ MaybeSSOishavinganissue,canyoupinpointwhereitis?
Realworldscenario’s
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HavingAccesstotheDataImprovesYourResponse
§ Herearegraphsshowingthecustomerqueuedepth
§ Fromthesechartswecanseethequeuekeepsgrowing– Eithertheloadhasincreased,
or– Thebackendcannotkeepup
32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NowIKnowthereisanIssue,What’sCausingit?
§ Needtoanswertwoquestions– HowdowedeterminewhichofthetwoconditionsthePolicyServeris
in?§ Arewequeuingtherequestbecausetherearetoomanyincomingrequests?
§ Arewequeuingtherequestbecausethetransactionsaretakingtoolongtoprocess?
– Howcanweeasilyanswerthosequestions?
33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SMTraceToolisAbletoIdentifySlowLDAPResponseTimes§ Wecanseethedistribution
ofLDAPresponseswhichhaveamajorinfluenceonCASiteMinderthroughput
§ Wehadtogogetthisdata,whatifwehadbeenalertedwhentheaveragestartedincreasing,beforeuserscomplained?
34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
APMforCASSOShowstheSameTypeofSlowdowns
§ Weseeadifferentrepresentationofthesameproblem.
§ Butinsteadofbeingalertedtotheproblembyusers,APMforSSOcanalertusbeforebecomesaproblem.
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EstablishingaProactiveMonitoringProgram
§ Wecannotrelyonusererrorstotelluswhenthereisaproblem,itsoftentoolate
§ YoumusthavethedatareadilyavailabletoadvertiseSSO’ssuccess
§ YoumusthavethedatareadilyavailabletoactwhenSSOhasanissue.
Usersarenotyourfirstlineofalerting
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SingleSign-OnisMissionCritical
§ SingleSign-Ontouchesmanyapplicationsacrosstheenterprise– BothinternalemployeeandConsumertransactions
§ IfSingleSign-Onstops,theapplicationsstopaswell
§ Whenaproblemoccurswemustknowwhysoactioncanbetaken– Needtoidentifyproblemsthatareintermittent– Needtoidentifypossibleproblemsbeforetheycauseoutages
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OrganizationsNeedtoIdentifyProblemsQuickly
§ SingleSign-Oncancrossmanyorganizations– Applicationteams– Directoryteams– SingleSign-Onteams
§ Whenaproblemoccurswetendtoplayorganizationalblamegames
§ SinceSingleSign-Ontouchesmanycomponentsitoftengetsblamedevenifitisnotatfault
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ManyDifferentWaysto“Monitor”
§ “Monitor”canmeanmanydifferentthings– ComponentsUp/Down– System“health”– Useractivity– AdministrativeActivity
§ Yourprogrammustincorporateelementsofalltobemosteffective
39 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SyntheticTransactions(CAAppSyntheticMonitor)
§ ToolstoAutomatically“login”andaccessapage
§ Seesthesitefromanenduserperspective
§ Becarefulwhengeographicallydistributed– Themonitorbecomesthefailurepoint
§ Becarefulofmonitoringbecomingthebiggestuserofthesystem.
40 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SyntheticTransactions(CAAppSyntheticMonitor)
§ Whatittellsyou– Isyourwebsiterespondingtologins– Logintransactionandfirstpageloadtimes.
§ Benefits– Looksacrossentiresite
§ Drawbacks– Unknownwhatthepathisforthetransaction
§ Failover,roundrobin,internalcomponentfailuresarehidden– Cancreateextraloadonsystem
Tip:asinglewebsiteoneachpolicyserverwithasingleagentthatonlycommunicatestothatpolicyserver
41 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ServerErrorFile ACOSetting
§ ExistingACOsettingtoeitherdisplayafriendlyHTMLpageorredirectonaWebAgent Error
§ Usetheredirectabilitytoredirectuserstoafriendlypageonaseparatewebserver– Createaseparatelogforerrorsforallagentsinasinglespot– Collecttheerrorcode(Querystring)– Collectthereferrer(HTTPheaders)
§ Logtheseandanalyzeweekly.
42 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ServerErrorFile ACOSetting
§ Whatittellsyou– HasaWebAgentencounteredanerror
§ Whattheerrorcodeis§ Whichwebsite
§ Benefits– Realtimeinformation– cantriggeranalert– Usefulincalculatingintermittentissues– Canalsodisplayafriendlyerrorpage
§ Drawbacks– Ifyouaren’tanalyzingthedata,thereisnovalue
43 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NetworkVisualization(CAApplicationDeliveryAnalysis(ADA))
§ NetworkLayerMonitoringtool
§ PlugsintonetworkswitchesandlooksatTCPTraffic
§ Canexaminecommunicationsto/frommultiplesystemsandunderstandlatencyofthesecomponents
44 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NetworkVisualization(CAApplicationDeliveryAnalysis(ADA))§ Whatittellsyou
– Latencyofcommunicationsbetweenmultiplecomponents
§ Benefits– Canquicklyidentifycomponenthavetrouble– Canidentifyifitisthenetworkortheapplication
§ Drawbacks– NotincludedinCoreSingleSign-OnLicense– NotaSingleSign-Onspecificsolution– Overkillinsmallenvironments
45 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
KeyPerformanceIndicators
§ Oneview/APM/SNMP/SpyLogix
§ Onecomponentofacomprehensivesolution
§ Oftenthisisthemissingcomponentinacomprehensivemonitoringsolution.
46 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Step1– BaselineYourEnvironment
§ Onceyouhavechosenyourtoolsetidentifyyourbaseline– Capturedatawithoutalertingfor2– 4weeks
§ Focusonatimeframethatspanskeypeakusageperiods– Monthlyorquarterlyspikes
§ Discussthegoalswithyourcustomersandstakeholders– Theyoftenhaveinsightsintotheirusagethatyoumaynotknow.
47 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Step2– Createhabitstoreviewdata
§ Createhabitsandcarveouttimefordatatobereviewed– Thishelpsidentifynewarea’sforcoverage– Identifiespreviouslyunknownandunmonitorederrors– Themoreyoureviewasystem,thebetteryouknowit
§ Asnewerrorsarefound,createaknowledgebaseandkeepitupdated– Sharethatdataandstepstoresolve.Themorepeoplethatknowthebetter.
Thisisaboutensuringagoodcustomerexperience.
§ Incentivizefindingnewitems.Rewardyourteamforfindingnewissuesandtheirresolution,makeitcultural
48 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Step3– Createalertsbasedonthebaselinedata
§ Whenperformancedegradedmorethanx%warn
§ WhenperformancedegradesmorethanXX%alert
§ Warnyourteamsotheycanactbeforeaproblem
§ Alertbroadandwide.Transparencybuildstrust,trustbuildsconfidence.
§ Continuetofinetunealerts
49 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Step4– CreateDashboards
§ Createdashboardstohelpyourteamstayontopofthesolution.
§ Identifythemostcriticalitemsandputtheminfirst
§ Identifythemosttroublesomeandputtheminsecond
§ Makesureeveryoneknowshowtogettothemandhowtoreadthem.
50 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Step5– Advertise,Engage,andSell
§ Createdashboardsforyour‘customer’tosee– Generalonesthatareacrossthewholesolution– Specificapplicationbaseddashboardsforlargerapps
§ Createanexecutivereportandsenditoutregularlytoyourcustomers,theirchainofcommandandyourchainofcomment.– Advertiseyoursuccess.
§ Considerasubscriptionmodeltoyoursuccessesandchallenges– Internaltwitterfeedswherecustomerscansubscribeandjustseewhatis
goingon.
51 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCX12EPre-ConEd:FiveEasyStepsforMigratingtoCADirectory
11/15/2016at3:30pm
SCT44TWebAccessManagementandFederation–TwoGreatTastesthatTasteGoodTogether
11/16/2016at11:30am
SCX20SCARoadmap:Authentication,SingleSign-On,Directory
11/17/2016 at 01:45pm
52 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WeWanttoHearFromYou!
§ ITCentralisaleadingtechnologyreviewsite.CAhasthemtohelpgenerateproductreviewsforourSecurityproducts.
§ ITCSstaffwillbeatmostsessions.Ifyouwouldliketoofferaproductreview,pleaseaskthemaftertheclass,orgobytheirbooth.
Note:§ Onlytakes5-7mins§ Youhavetotalcontroloverthereview§ Itcanbeanonymous,ifrequired
53 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
54 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou.
Stayconnectedatcommunities.ca.com
55 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw