Project ID-Vault

Nov 1, 2007 12:00 PM, By Jacqueline Emigh

It's no longer surprising to come across a situation where the same ID management system is used for controlling access to computers, buildings and grounds. But in Project Identity-Vault (ID-Vault), New York City Transit (NYCT) has created a single ID management system that extends computer and/or physical access controls from the home PCs of retirees to the subway trains and buses that roll throughout the giant metropolis.

Serving 14.6 million people, NYCT is the largest transportation network in North America. The agency also operates the biggest fleet of subway cars on the planet and the world's most expansive public bus agency.

The new ID-Vault system uses software products from Novell Inc., Waltham, Mass., as the underpinnings for a centralized and simplified ID management infrastructure deployed among 49,000 transit workers at thousands of NYCT sites, along with 36,000 retired workers and their spouses.

Computer-based ID management is not an entirely new concept at NYCT. Before the advent of the project, however, it was limited to software applications used within the agency's office environments.

In contrast, these days, the same role-based ID management system is deployed among permanent workers, temporary contractors and retirees alike, according to NYCT and Novell officials.

Access can now be provided to specific software applications, buildings and any of the 1,500 train control rooms, depending on roles and permission rights, which are carefully assigned to individuals. Perhaps even more importantly, these rights can be taken away just as quickly.

Why did NYCT decide to install these integrated controls over computer and physical access? One big catalyst revolved around a decision to replace the agency's long-standing manual train control switching with a more computerized alternative.

Officials also cite advantages ranging from improved quality-of-service, simplified management and reduced administrative costs to greater security, particularly around the agency's use of temporary contractors. These contractors include database consultants, temporary executive assistants and construction workers, explains Ben Goodman, Novell's Northeast area director of technology.

The system manages 18 different software applications, covering application areas that run the gamut from e-mail to benefits management to physical security. Much of this software consists of custom applications designed to meet specialized agency needs

Before the advent of Project ID-Vault, the applications were administered by multiple departments, which needed to do all of the work associated with providing and terminating access to the applications in their own areas.

Meanwhile, the agency also relied on multiple password management systems for governing access to software applications. With password management systems that operated in batch mode, the NYCT sometimes experienced lag times in adding and deleting access rights.

But with the expansion of the computer network to software used by remotely-located transit workers, NYCT needed an integrated ID management system capable of up-to-the-minute responsiveness.

“It's one thing for an e-mail account to be [stay active] for a few days after an employee leaves an agency. But with integration of [all 18] applications, you're looking at a different picture,” Goodman says.

Now that the new system is in place, the agency can provision and eliminate permission rights to specific applications on an immediate basis, based on the current access requirements of individual employees and contractors.

“The employer can also place a [time limit] on an account, so that if a contract only runs for 30 days, for example, the [permission rights] will be removed at that time,” the technology director says.

But employees, contractors and other PC users also gain from the new system, according to officials. For one, users can now access all of the various software applications simply by entering a single password.

Moreover, information such as the e-mail addresses, physical addresses and phone numbers of staff members is now located within ID-Vault.

“So if I work for the agency, I no longer need to go to two or three different places to get all of these things,” he says.

For their part, home-based retirees use a secure virtual private network (VPN) to log into a Web-based pension application running on the system.

“The pensioners can come in to check their balances and to do other types of account management,” Goodman says.

On the physical access side, the ID-Vault system is integrated with contactless cards as well as with card readers from Lenel Systems International Inc., Pittsford, N.Y., he says.

The contactless cards, which bear photos of the transportation workers, pull double-duty as ID badges.

In implementing Project ID-Vault, NYCT worked with Novell's consulting arm for about four months to integrate Novell's Linux-based eDirectory, Identity Manager and Access Manager with the 18 applications and with back-end systems running in a variety of other operating environments. They include Novell's own NetWare NOS (network operating system), Unix; Microsoft Windows and a variety of different mainframe and mid-range servers.

The resulting system coordinates and synchronizes ID management across all of these diverse software environments

Along the way, the integration team also used Novell's software to create approval flows and other workflows around ID management.

Consequently, workers can use the system to request additional software permission rights, based on their roles within the organization. Furthermore, managers can either approve or deny such requests, also directly within the system.

10 Myths and Misconceptions About GPS Vehicle Tracking

There are several common objections to GPS vehicle tracking, but the actual experience of users tells a different story. Here are 10 “myths” followed by responses based on actual user experience, drawing from data Navtrak, Salisbury, Md., a provider of GPS tracking systems for businesses with mobile workforces, has collected, as well as independent, third-party field research.

1. We don't need GPS tracking because we trust our people.

   GPS tracking is not about monitoring your employees' every move — it's about reducing operating costs and inefficiencies in the field in order to grow your business. GPS tracking systems have been proven to reduce fuel and maintenance costs, increase the efficiency of routing and dispatching, provide safety and security for drivers and increase the speed and accuracy of responses to customer questions.

2. All of our guys are going to quit if we get GPS tracking.

   Based on customer experience, this is simply not true. In fact, once field workers gain some experience with this type of solution, they very often come to depend on it — for routing information, roadside assistance, verification of work performed on time, etc. And in many cases, GPS tracking eliminates time-consuming paperwork and provides additional security for both themselves and their cargo while on the road.

3. GPS tracking systems are complicated to install and complicated to use.

   Most fleet-tracking systems are comprised of the same basic components: a GPS receiver installed within each vehicle, and some kind of software operating on office PCs that organizes and displays the information gathered. Both installation and usage of these systems are actually fairly simple — but may seem complicated to those unfamiliar with the technology. A relationship with a reputable, experienced GPS tracking vendor will enable seamless implementation. Knowledgeable, accessible technical and sales support can cover any service issues that may arise

4. GPS tracking is unnecessary — I can keep track of my fleet well enough using cell phones/handhelds.

   Though useful as communication tools, cell phones/handhelds cannot provide the kind of information useful to fleet managers: real-time vehicle location, engine status, history of stops and stop times and other metrics, such as mileage, fuel consumption or speeding patterns. In fact, cell phones and handhelds have proven to be an inefficient way of managing a mobile workforce because they can so easily be turned off, left at home or somewhere else, dropped/damaged, etc. And when they are functioning correctly, they are usually with a person, so that you end up tracking your people rather than your mobile assets.

5. All GPS tracking systems are essentially equal — you experience the same benefits regardless of who's providing the data.

   The business-enhancing potential of fleet management goes well beyond tracking dots on a map. Many users of GPS tracking services don't realize the full impact the information can have upon their organization until after they start using the system on a regular basis. Choosing the right GPS tracking provider helps users leverage the technology to transform the way you do business in both the short and long term.

6. A GPS tracking system is another product I can buy to help make my business more productive.

   GPS tracking should not be viewed as a product, as if it were an accessory you can purchase for your fleet. Rather, GPS tracking is a service you are, in effect, subscribing to — delivering information you lack the means to collect yourself, but know would greatly help to increase the overall productivity and profitability of your business. Service is the crucial factor when it comes to effective GPS fleet tracking.

7. My company can't afford a GPS tracking system.

   Many customers achieve a return-on-investment within the first few months of using the system, due to savings in overtime costs, fuel expenditures, lower insurance premiums, reduced vehicle maintenance and more.

8. GPS tracking is an unproven technology.

   GPS technology itself (the ability to locate and track objects at any time and in real-time using satellites and wireless communications) has been effectively used for many decades. The core technology is becoming prevalent even in the consumer market. The effectiveness of GPS fleet management systems in terms of increasing productivity and reducing operational costs has been well-documented.

9. Our company is so busy, we'd never use a GPS tracking system.

   Actually, a GPS tracking system makes perfect sense for a busy mobile operation, since it helps to better manage fleet activities and presents a clear picture of all that is going on in the field at any given time. The busier a mobile operation is, the more critical it is to have accurate information from the field — to ensure that money is not being wasted, work is being done on time and customers are being served effectively.

10. GPS tracking doesn't make sense for a small company.

    Any business with multiple vehicles to keep track of will benefit from having access to accurate, real-time information from the field. Furthermore, businesses that take advantage of this technology usually experience growth because of the increased revenue gained and the positive word-of-mouth generated by the resulting rapid customer response.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue