Business Partner Connectivity
Remote Access Services
Business Partner Connectivity : Session Access Manager
Session Access Manager (SAM) provides an elegant solution to a major business partner access headache: Managing userids for all of your
partners' employees that access your systems is very difficult, time consuming and rarely maintained in a timely manner. SAM solves this problem by
separating administration of userids from access control and authentication functions.
SAM focuses on those situations where your applications do not or cannot record the identity of the individuals accessing it. IT application support is a good example. Many vendors maintain a single support account on your system, yet there may be many vendor employees that use the account to provide effective, timely support. Your security policy, though, most likely dictates that you record access information at the individual level. In a business partner environment, you have a contractual relationship with your partners, affording you the business opportunity to have them manage the userids of their employees that touch your systems if effective technology is available.
Traditional firewalls, even those that tout "business to business smarts" put the full burden of userid administration in your lap. That means the business partner must be diligent in informing you of all adds, changes and deletes to their employees that affect your systems, and you must update your firewalls accordingly and communicate userids back to the business partner. This is theoretically possible but extremely difficult to effectively manage.
With SAM, you define the application systems you will allow access to, and other authorization information, and the burden of userid administration is moved to the business partner. Your business partner then adds, changes and deletes userids to SAM just as they do for their internal systems. This allows you to manage security at the partner level, not the individual employee level.
SAM employs specially-designed firewalls that provide network-level connectivity between the user and your application systems. Most applications using the IP protocol through the standard Winsock API work with SAM. No direct IP routes are defined across the CareBridge network between your network and your business partner's network.
Periodic reports can be provided that detail who has accessed your systems, as well as the dates, times, durations and names of the systems they accessed.
Session Access Manager solves a major operational headache when you provide your business partners with interactive access to
your applications. It allows you to implement the security controls your security policy dictates while shifting some of the administrative burden to