Lead

Password Vault: a password management system for IT support

Wipro Technologies’ Password Vault beats the traditional model of accessing customer premise equipment—it gives one time access to a sick system for which an incident ticket has been generated by creating an on-demand connection. Once the device is functioning normally, the ticket is closed and with it the on-demand session. By Akhtar Pasha.

Large companies traditionally outsourced only non-critical areas such as network security, hardware and software maintenance to third-party service providers. They hesitated to outsource their production systems fearing that information belonging to their customers would be tampered with resulting in serious consequences such as loss of face, customers and critical business information falling into their competitors’ hands. Wipro Technologies, in its quest to gain a business advantage while providing remote infrastructure services, came up with the concept of a Password Vault to tackle problems such as the unauthorised distribution of passwords, unauthorised access to and tampering of critical business applications belonging to its customers.

"With Password Vault, the aim was to make remote IT infrastructure more secure, delivery robust and scalable so that SLAs could be managed without compromising the customer’s trade secrets." - Suresh Kumar R Head, Engineering & Process Automation, Wipro Technologies

“In the traditional remote IT services model, servers or network devices are accessed by providing the username and password of a target system once the engineer has the logon prompt—it compromises security without any positive outcome vis-a-vis availability and performance,” says Suresh Kumar R, head, Engineering & Process Automation, Wipro Technologies. Wipro eliminated this potentially risky password management process by introducing Password Vault, which eliminates the need for the engineer to key-in a password while accessing a device, be it a switch or router, a server, an application—any of which happens to be malfunctioning or whose performance has deteriorated. Passwords are mapped to skill levels and stored in the Password Vault ensuring that passwords are safe and that only sick devices are accessed.

Supposing an engineer working for a remote IT infrastructure company on his last day in the organisation decides to take out a grudge against the company and logs into a customer’s IT infrastructure using a user id and password to steal information and sells it to the customer’s competitors. The repercussions of his action can be more damaging than one can imagine. To address this problem Wipro’s Global Command Centre (GCC) embarked on a project to create the Password Vault in late 2005. Kumar says, “The aim was to make remote IT service delivery more robust thereby providing us with a clear differentiator. The aim was to make remote IT infrastructure more secure and delivery robust and scalable so that SLAs could be managed without compromising the customer’s trade secrets.”

Simply put, a Password Vault gives one-time access to a restricted password so that a malfunctioning or sick device can be accessed. A sick device is one for which an incident ticket or an approved change request has been raised in the service management system. Systems that do not have a problem cannot be touched. A multi-location service delivery mechanism for robust risk mitigation and business impact reporting enables clients to see the live business impact of IT services on a 24X7 basis making the Global Command Centre (GCC) one of the most robust and secure remote management services platforms in the world.

Key components of Password Vault

There are three essential part of the Password Vault system—the incident token or ticket, the sick device or application and the Password Vault itself.

An incident token is generated by the incident ticketing system for sick systems using public-key cryptography algorithms. User IDs and passwords are encrypted using an RSA algorithm. For the incident token, Wipro uses off-the-shelf products.

Operations dashboard

The sick device application is the GCC standard operator dashboard used by all of its engineers provides a virtualisation console for level-one engineers wherein frequently accessed tasks are available at the click of a button. It is a Web-based interface that provides access only to sick devices. Based on the profile of the ‘operator’, ITO gives different levels of access to each engineer. ITO provides a single integrated view of information from multiple tools into a single dashboard eliminating the need for the engineer to open multiple application consoles. When there is a incident token or ticket is assigned to an engineer, the ITO application creates an on-demand network session with the sick device and when the sick device is restored to normal, the incident ticket is closed as is the network session.

Password Vault

The key role played by the Password Vault is that it stores all the necessary user IDs and passwords mapped against IT objects and tasks and then responds to ITO with the same information. This whole process happens in the background and the engineer does not get to see the actual transaction. Password Vault has a secure administrative user interface. This interface is used to create, update and delete user IDs and passwords. Only administrative users are permitted manage user IDs and passwords. Passwords in the Password Vault are changed using the change management process in Remedy. The user ID and password are stored in an encrypted format. Password Vault records all access in an audit trail file.

Working of Password Vault in real-time

The remote centre (GCC) has a perpetual connection (WAN) that connects to the Customer Premise Equipment (CPE). Tasks are executed in an asynchronous mode without giving the engineer a direct connection to the target device. The engineer with an incident token, keys in the parameter for a particular task in a Web form (ITO) and gets back only the result of the command under execution. Moreover, access to a sick device is granted only to the engineer who has been assigned a ticket and only to the specific device mentioned in said ticket and not to the entire network. Once the task is executed and the ticket is closed, ITO revokes the connection to the device (on-demand network connection). Thus the access is ‘one-time’. ITO provides a seamless access to the target device without prompting for a user ID and password. It picks this information from the Password Vault. Hence, a system administrator cannot connect to the device without a valid ticket.

The ITO provides a list of tasks that are specific to an engineer’s profile e.g. L1 does not have direct access to telnet or system shutdown. Based on the system privileges that are required to perform a task, the ITO uses a login id with the least privilege to execute the task e.g. (Show) ‘Dir’ task will use ‘domain user’ login and not ‘domain administrator’ login. The list of tasks displayed changes automatically based upon the OS running upon the malfunctioning device. E.g. While both UNIX and Windows task lists will have common tasks like create user, delete user, reset password, tasks such as clear Recycle Bin, launch Remote Desktop will appear only for Windows devices while tasks such as change owner will appear only if the device runs UNIX.

The ITO uses both the SOAP and SSL client libraries to access the Password Vault. Access to this module is only through the HTTPS protocol. To secure the connection up to the CPE from any outside hackers, the Password Vault is encrypted and a secure SSL session is created which makes it difficult to crack.

In 2005, Wipro institutionalised Engineering and Process Automation and since then it has been serving large companies such as Thames Water, Akzo Nobel, Aviva Life Insurance and the like with this concept.