ERPM and Windows Azure

ERPM Now Available on Windows Azure

At CSA Congress 2013 in Orlando, FL, we announced that our Privileged Identity Management (PIM) solution known as Enterprise Random Password ManagerTM (ERPM) is now available on Windows Azure, Microsoft’s cloud hosting platform. We added cloud-hosted support of our product in Azure because we believe that it is now mature and secure enough to run ERPM in highly sensitive and distributed workloads.

This announcement is significant because PIM is one of the most sensitive and mission-critical workloads in an enterprise. PIM solutions discover, manage and store superuser account credentials (keys to the kingdom such as root and administrator) as well as cryptographic certificates and keys. The integrity of the data, fault tolerance and the ability to scale to a worldwide deployment are key to its mission. Windows Azure not only delivers a trustworthy platform, it does so faster and at a lower price than on-premises solutions.

Our customer base is worldwide and includes clients in national defense, intelligence, governments, financial institutions, retail and manufacturing, as well as many organizations tagged as part of the critical national infrastructure of the United States. These customers demand uncompromising up-time, absolute security, transparency and performance. We believe that by providing both on-premises and public cloud based solutions - such as hosting ERPM on Windows  Azure - we can more quickly meet the needs of our client base without compromising quality or security.

Bringing Privileged Identity Management to Windows Azure

Because of the way that Windows Azure is built, we can bring up an enterprise grade privileged identity management solution worldwide in less than an hour, and have it appear as part of a client's existing infrastructure within this same time frame. Both Windows Azure and ERPM are designed for full orchestration using PowerShell, making them both friendly to manage by IT professionals.

One of the key reasons we decided on Windows Azure was because of its worldwide deployment of data centers. Azure's geo distribution allows our multi-national clients to spin up additional zone processors (for load distribution of our n-tier application) in different geographies within minutes. This architecture also allows us to distribute web portals, web services interface end points, as well as database replicas as needed rapidly.

Because capital expense cost is a big issue for most clients, they sometimes face sticker shock when they add up the cost of servers and perpetual licenses for Microsoft enterprise products such as Server 2012 and SQL Server 2012.  Since ERPM is designed as an enterprise grade / carrier grade solution, and also a core platform for managing VERY large environments that are highly distributed and sensitive, the amount of hardware needed to support the workload can be significant (ERPM is anything but a point solution).  For those organizations that are price sensitive, we see the zero license costs and zero hardware cost for Windows Azure as a game changer, because customers can use what they need and for as long as they need it without a large capital investment.

One other reason we selected Azure as our go-to-market public cloud platform is its integration with System Center 2012. This integration means that our existing on-premises customers can move any part of their existing ERPM solution up to Windows Azure immediately. It also allows a customer to mix and match on-premises and cloud components transparently.  No other platform has this level of flexibility between cloud and on-premises.

One question potential users of ERPM might have is whether this announcement means that ERPM is Microsoft-centric. In fact, the solutions we sell are agnostic to the platforms that our solutions manage, meaning that most every router, switch, embedded system, database, hypervisor, and the software and hardware of most everything in the enterprise is managed out of the box by our solutions (not just Microsoft products).  Given how many different platforms we manage, and at a massive scale, you can see where elastic computing in Windows Azure (spin up what you need) is a very appealing reason to support Azure.

Some people who came up to our booth at CSA Congress asked is this was a new SAAS solution and whether our solutions are multi-tenant? The answer is no and yes respectively. Since our solutions typically have root/administrator access to most every machine, appliance and application in your organization, it would be inappropriate for our company to have any direct or indirect access to your instances of our product. So, our offering is known as an Azure Infrastructure As A Service (IAAS) offering. We are running normal hardware and Microsoft licenses in the Azure cloud provided by Microsoft. The good news is that ERPM is multi-tenant and has been so since the beginning. The multi-tenancy is something that you control as to who can use your instance within your organization units.

We are also excited about the fact that for some Microsoft customers, the hosting of our solution may be free, or at least a very low cost. Many Microsoft partners and some customers have an existing entitlement each month in Windows Azure that can be used to run our products. Obviously, if you run a minimal number of servers with a small workload, you may be able to run our product in Windows Azure at zero net cost. However, given that you are probably doing serious workloads with ERPM, Windows Azure will cost you something, but it should be a heck of a lot less expensive and a lot quicker to set up on-premises.

Is Windows Azure Right For All Environments?

Is Windows Azure perfect for everyone? No. Having local servers will provide you with faster response times than the Windows Azure solution. Also, you do have to secure the instance keys for your Windows Azure implementation, and understand that the loss of Internet connectivity will impair availability of ERPM. There are also good reasons for an on-premises solution from a security perspective. Physical security is the ultimate end-game in security. We understand that Windows Azure is a multi-tenant environment with shared infrastructure between you and others. However, we believe that the risks of leakage and compromise as a result of multi-tenancy in Windows Azure are no longer significant risks for most customers.

What about national security usages of Windows Azure with our products? Microsoft has different versions of Azure for these customers that get around the leakage issue by purpose built clouds. If this is your use case, risk / rewards should be weighed appropriately in consultation with both Microsoft and us. The cloud, no matter how secure and resilient, is not suitable for all PIM scenarios.

Learn More About ERPM and Windows Azure

We invite you to try this for yourself. To evaluate ERPM using Azure as the hosting environment, contact us at sales@liebsoft.com.