Monday, March 24, 2008

Getting up to speed on the new TAM ESSO

It's been a bit slow to get access to the Encentuate product so that I can finally start working with it. Business Partners have to sign up directly with Encentuate in order to become a partner and have access to resources more quickly. Otherwise you have to wait for the IBM machine to do it's thing which can sometimes be a little sluggish.

From what I've read on Partnerworld there are some nice benefits to the new product and the acquisition as a whole:

1.) IBM owns it, therefore the buck stops at IBM. When TAM ESSO was OEM'd from Passlogix, some of the tech support issues were not great. For instance if it was a Passlogix product we had to open a PMR through IBM, then IBM Support would have to open a ticket through Passlogix. Most of the time IBM Support could solve the problem. There are some really good support people there who really knew the product well. But every now and then stuff had to go back to Passlogix and it was not always quickly resolved.

2.) Functionality seems to be more complete in the new product. For instance Encentuate has over 300 proven applications that work. Some applications were tough to get working with TAM ESSO 6 or simply didn't work.

3.) There seems to be a wider list of supported and working 2 factor devices. Physical Access cards are also supported. They even support Sonar as a convenient sign-off option and active RFID so you don't have to "tap" in or out.

4.) There options for roaming and multiple users seems to be well documented and flexible.

5.) It has won several awards for most complete end point coverage, most comprehensive session management, widest choice of 2 factor authentication, and price for value proposition.

6.) Integrates with Active Directory and LDAP, but does not require schema extension. We don't get too many AD Admins objecting to schema extension, but every now and then it does happen. It also is sometimes an issue when the IT department evaluating an SSO solution does not actually own the AD environment therefore schema extension is not an option.

7.) Reports. There are audit reports built-in which tells you who accessed what application, etc.... I have yet to see these, but I know many customers I have spoken to recently desire this ability. This is not available in TAM ESSO 6.

8.) Works with Novell Client. I had a few customers running Novell so were using Novell's client. TAM ESSO 6 does not work with Novell. The new Encentuate product does.

Now some of the things that could be considered the down side:

1.) Requires a server (running Tomcat). TAM ESSO 6 did not require it's own server since it was largely a client side application. Encentuate uses a server to keep track of users, what apps they can access, credentials, and just about everything. It looks like credential caching is typically enabled so I do not know yet how critical the server is for end users accessing their applications, but it is likely very important and could be important enough that clustering this thing will be necessary.

2.) Because this Tomcat server is required for this solution, it would not surprise me to see IBM integrate this into WebSphere. I'm looking for some direction from IBM on this. This is not necessarily a bad thing at all, but it will be interesting to see what happens.

3.) The Windows GINA is replaced. This is also not necessarily a bad thing, just a big difference from before.

4.) Possibly more complicated to implement. Now this depends on how good the training and documentation is. The added functionality of Encentuate could make installing a bit more complicated, however the original TAM ESSO product was so poorly documented in my mind that it too was more complicated than it needed to be and in some cases the documentation was just wrong.

We'll see how it goes. More on this later...

5 comments:

Aparelho de DVD said...

Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If ossible gives a last there on my blog, it is about the Aparelho de DVD, I hope you enjoy. The address is http://aparelho-dvd.blogspot.com. A hug.

Craver said...

Charles, great post. And great comparisons. Enjoy the blog, keep it up. You're in my reader now!!!

Anonymous said...

Hi, just wanted to clarify something you have here about the GINA being replaced. It's actually chained. You can even choose not to use the TAM ESSO GINA.

Ralph said...

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.


Ruth

http://systemmemory.info

Anonymous said...

Can anyone recommend the well-priced Remote Management & Monitoring tool for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: [url=http://www.n-able.com] N-able N-central performance reporting
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!