Enriched functionality and seamless access across hybrid environment
Reduced business complexity with seamless end-user experience
Introduced Cloud Bridge for full bi-directional communication in hybrid environment
Increased scalability, flexibility, and cost-predictability with AWS deployment

Challenge

Create a seamless end-user experience and streamline backend services while moving business-critical solutions to AWS cloud environment.

Details

Digital transformation drives move to a SaaS application model

OpenText (formerly Micro Focus), like many of its customers, is a large organization grown significantly through acquisition. This strategy brought a plethora of tools used in different divisions. To standardize its corporate identity management, OpenText (formerly Micro Focus) trusts its own suite of identity and access solutions, under the NetIQ banner. NetIQ identity manager and access manager were IT-managed in an on-premises environment and evolved more recently to include NetIQ advanced authentication for multi-factor authentication as well as effective website protection.

The merger between OpenText (formerly Micro Focus) and HPE software tripled the size of the organization and introduced new challenges around data hygiene, audit compliance, and security in general. At the same time, there was a definite market move towards a preference for SaaS-based solutions, to relieve the burden and cost of maintaining an on-premises IT environment. Jon Bultmeyer, CTO, Cybersecurity, runs the engineering teams involved in building Cybersecurity SaaS offerings. He works closely with other OpenText (formerly Micro Focus) teams on the customer delivery model as well as the internal delivery of SaaS versions. He explains: “We found that we were lagging a little in version-currency, just because of the workload involved in an upgrade. To secure, run, and operate a largescale identity management operation for over 12,000 staff is labor-intensive and time-consuming. This seemed a good opportunity to embrace the digital transformation at the heart of Micro Focus (now OpenText) and move our identity and access architecture to an AWS-hosted cloud environment.”

Introduce new functionality and comprehensive access reviews in hybrid environment

OpenText (formerly Micro Focus) took a wider view and introduced the SaaS Center of Excellence (CoE) organization, headed up by David Gahan, senior director, Cybersecurity SaaS. Rather than just make a ‘like for like’ move, the team chose to enhance the platform with NetIQ Identity Governance, as well as expanding the NetIQ Advanced authentication capability into a SaaS model. Pivoting from a ‘governance first’ principle with a focus on application access reviews, the project aimed to move via automated application access and approval to fully automated application access request and enablement.

The full solution would provide seamless connectivity to the company’s key applications: Salesforce to manage customer interactions and order processing; Workday as an integrated HR solution; and NetSuite, which manages business finances and operational support, as well as other business-critical applications. It would also provide the capability to conduct certification reviews. This automated process builds a comprehensive directory of who has access to what. Periodically, all process and solution owners are asked to review their access list for accuracy. Job roles determine the level of access to specific solutions required for individuals. This ‘least privilege’ principle ensures that only colleagues with the right access level can configure the finance platform, for instance, or reach confidential personnel data in Workday.

The project was part of the corporate digital transformation and as such had an executive spotlight on it, coupled with a tight delivery deadline of no more than 12 months.

Cloud bridge really streamlines the transition to SaaS and gives us the observability we need to ensure effective data flows between different systems.

Jon Bultmeyer
CTO, CyberRes

Cloud bridge: managing fully integrated identity governance in a hybrid environment

OpenText’s (formerly Micro Focus) own professional services skills and their specific expertise in building these systems for Cybersecurity customers was invaluable. The SaaS CoE team worked on creating the SaaS infrastructure, and Bultmeyer’s engineering teams were building the SaaS applications. Meanwhile, Professional services implemented NetIQ identity governance on premises to kickstart the application integration, which relied on many interconnected parts. Because the day-to-day business running takes ultimate priority, this was a ‘run and transform’ scenario with a hybrid approach. Key business systems moved in phases to the SaaS environment while others remained on premises for now. It is a challenge to integrate identity governance between on-premises and SaaSbased systems, and Cybersecurity wanted fully automated event-driven integration they recognized that the manual process of either CSV file transfers or site-to-site VPN connections that are offered by some market alternatives can cause firewall complexities.

As this, again, is not a challenge that is unique to OpenText (Micro Focus), Bultmeyer’s team turned its attention to creating the OpenText (formerly Micro Focus) cloud bridge, as he explains: “Cloud bridge is a singular communication bridge for all our Cybersecurity SaaS solutions. It allows secure bi-directional communication between on-premises and SaaS systems via a docker container. There are no special rules when configuring the Cloud bridge agent, so communication between on-premises and cloud-based systems can be up and running within just an hour. There is just a single location to monitor, so any issues are resolved quickly. Cloud bridge really streamlines the transition to SaaS and gives us the observability we need to ensure effective data flows between different systems.”

Reduced business complexity while navigating COVID-19 working practices

Once the CoE SaaS infrastructure was operational, the professional services team transitioned the on-premises NetIQ Identity governance implementation to the AWS environment. The identity governance environment now includes end-to-end integrated workflows between key systems, integrated password management, single sign-on, full visibility through cloud bridge, and advanced analytics leveraging OpenText™ Vertica™ capabilities. Gahan says: “Leveraging our own NetIQ solutions in a SaaS environment has allowed us to create a seamless end-user experience where we were once living in a world made up of different islands of access. The solutions our employees use to service our customers’ needs and our own internal needs have been standardized, drastically reducing business complexity across the board. It’s given us terrific backend benefits as well by helping simplify and standardize the concepts of identity and access across all of our business units.”

“The project timelines coincided with the COVID-19 pandemic, which presented us with the same challenges our customers experienced around the world,” adds Bultmeyer. “Suddenly we could no longer gather around a whiteboard to brainstorm, and we had to quickly adjust to working remotely. Thankfully, this didn’t deter our determination, and many teams—including our Micro Focus (now OpenText) IT team, the dedicated project implementation team, our product management teams, backline engineering teams, the newly formed CoE team, and our customer success teams—worked seamlessly together to adjust the implementation and manage any problems we encountered along the way.”

NetIQ solutions have simplified our identity governance and shortened our communication lines. We were excited to leverage our strategic partnership with AWS, giving us a scalable and cost-predictable model as we grow, and allowing us to roll out additional functionality much faster than we otherwise could have done.

Jon Bultmeyer
CTO, CyberRes

Enriched functionality and cost predictability in flexible AWS deployment

Gahan spearheads the SaaS CoE, a new global organization dedicated to supporting SaaS customers. Leveraging expertise on defining governance policies, designing the solution, and configuring this in a SaaS environment, the team created a truly hybrid identity governance platform where the end user does not know, nor need to care, whether the data they access resides on-premises or in the cloud. “And this is just how it should be,” Gahan says. “Our end users now benefit from much richer functionality such as seamless multi-factor authentication and sophisticated access review processes, drastically reducing manual processes.”

Bultmeyer concludes: “NetIQ solutions have simplified our identity governance and shortened our communication lines. We were excited to leverage our strategic partnership with AWS, giving us a scalable and cost-predictable model as we grow, and allowing us to roll out additional functionality much faster than we otherwise could have done.”

About OpenText with NetIQ

OpenText (formerly Micro Focus) is one of the world’s largest enterprise software providers. It delivers mission-critical technology and supporting services that help thousands of customers worldwide manage core IT elements of their business so they can run and transform at the same time. Cyberscurity is an OpenText line of business.