In early 2001, users kept dropping off of Kamie Bullins' radar. The tools in her Windows NT system didn't help...
Bullins, data security analyst at Wake Forest University Baptist Medical Center, track the hospital's 10,000 user accounts and over 7,000 global groups. "We had a very large problem with how to find out which users were in what groups," said Bullins. The culprit, she believed, was Windows NT's lack of a reporting feature. First off, Bullins and her team decided to migrate to Windows 2000. Then they began searching for a management tool that would facilitate user tracking and assist in the Win2k migration.
In addition to reporting and migration features, Bullins needed a management tool with strong privacy and security functions. The hospital was required to comply with the Health Insurance Portability and Accountability Act (HIPPA) by April 2003. HIPPA is a law that requires all health care providers that maintain and electronically transmit patient information to enforce new security and privacy regulations.
Winston-Salem, NC-based Wake Forest is a health care center that operates 1,291 acute care, rehabilitation and long-term care beds, outpatient services and community health centers. It also supports 20 affiliate hospitals and administers 87 satellite clinics throughout northwestern North Carolina. Currently in the process of migrating to a total Windows/Exchange 2000 shop, the medical center runs about 200 Windows NT/2000 servers, four Exchange servers and three Web servers. To end Wake Forest's configuration woes, Bullins and two team members, researched several products. They only found one that matched their requirements perfectly. One shunned product from NetIQ, for example, used an Access database that Bullins feared might max out at 10,000 users. Also, the vendor's technical support staff didn't respond quickly to her requests. "We support so many users, we don't have time to wait for days," she said.
A Wake Forest vendor then recommended Avatier Corp.'s Trusted Enterprise Manager (TEM). TEM contained many of the features Bullins was seeking, including task automation, role-based delegation, real-time auditing, policy-based management, and administration-enabled reporting. The GUI interface is very intuitive, Bullins added. She was also pleasantly surprised to find that it is customizable. "We learned quickly that we could change things to fit our environment," she said.
Using TEM, Bullins can see her entire user environment in one interface. For example, Bullins can show hospital department heads a spreadsheet listing the specific users of that department. The spreadsheet shows when users logged on, logged off and what groups they belong to. In the past, it's been hard to tell if a person has moved to another department, she said. Now, "we can tell when they have logged on somewhere else and make the appropriate security changes."
The hospital has high employee turnover, so Bullins valued TEM's help in cleaning up her domain. In fact, TEM's Admin by Report feature helped Wake Forest find over 2,000 user accounts of people who hadn't logged into the system in over 18 months. "That's great from a security standpoint," Bullins said. It helps her achieve her goal to provide users with different levels of authorization secure access to the system.
TEM's security feature, Enterprise Security Reporter, finds where users have access on all servers. "If we put in a user ID, we can see every file, directory, and subdirectory that user has access to and remove it," said Bullins. This is helpful in preventing terminated employees from hacking into and damaging the system.
TEM also allows user and group attributes to be updated in real-time. This feature allowed the Wake Forest staff to create network standards, such as user naming conventions, global group prefixing and user profile and home directory paths.
The technical support from Avatier is also excellent, said Bullins. Whether via e-mail, instant messaging or on the phone, the technical support staff responds immediately.
Having the user environment under control has eased the transition to Windows 2000 and Active Directory. In its Active Directory rollout, TEM shows Wake Forest's old and new domains, said Bullins. "It's our checks and balances." TEM shows Bullins which users have been migrated and if they have the same access in the new domain as they did in the old. Via TEM, Bullins can view both domains from one screen.
Currently, the Windows 2000 Active Directory domain lives side-by-side the Windows NT domain. Bullins hopes to have Active Directory up and running and all users migrated by July.
TEM is a tool Bullins now can't live without. "It's phenomenal," she concluded.