FAQ's

Q: Will evaluating Osirium affect our normal day-to-day operational work?
A: Deploying the Osirium solution will not impinge on current system management activities, because it can be installed allowing existing management connections to flow ‘in-parallel’ to using Osirium. A 'phased-in' approach can be taken to evaluate Osirium further reducing the impact on existing practices.

Q: Do you manage other devices or applications aside from IT Security?
A: Osirium's versatile Knowledge Templates allow for virtually any device to be added into Osirium control. Any device/server/application that has a privileged management interface which an organisation would wish to secure, control and audit can be added.

Q: Is the Osirium solution scalable?
A: Osirium has been designed for all sizes of organisations. Osirium is able to manage the security network of both small organisations and scale to the largest of enterprises. Because Osirium is run as a Virtual Appliance, additional resources can be allocated from the VMware Server without costly hardware replacements.

Q: How does the Osirium solution manage the virtual world and technologies such as Software as a Service (SAAS) that are becoming increasingly popular?
A: Osirium interacts with devices/servers/applications through interactive conversations. Devices/servers/applications that run within virtual environments or out in SAAS clouds can be managed and controlled in the same way Osirium manages and controls physical devices.

Q: What are the reporting capabilities of the Osirium solution? Are there any standard reports included in Osirium?
A: Osirium provides a number of standard built-in reports that provide auditing and compliance information. These reports can easily be filtered and searched as well as downloaded and saved to file.

Q: How can I purchase the Osirium solution?
A: If you are interested in purchasing Osirium, please contact one of our sales representatives via email at info@osirium.com or by calling +44 (0) 118 3242444.

Q: Are there any Osirium solutions video's/whitepaper's/demo's we can view?
A: Datasheets and video clips are available online on the Osirium website: http://www.osirium.com/product.php. If you would like to see a presentation and demo of Osirium, please contact one of our sales representatives via email at info@osirium.com or by calling +44 (0) 118 3242444.

Q: Will integration with Active Directory (AD) be available in the future?
A: We are currently working on our AD integration strategy, so please call to clarify any points you may have regarding interaction directly with AD.

Q: What is Privileged User & Infrastructure Management?
A: Osirium is the world’s first Privileged User & Infrastructure Management which transforms the way organisations manage, protect and implement change across multi-vendor infrastructures. Osirium reduces operational risk and drives IT service performance and compliance by providing role-based management controls and automation of system administration tasks. The solution determines who can access, what they can access, which tasks can be actioned and how best to manage alerts coming back from the devices within the Network Management Zone (NMZ).

Q: What are the benefits of Osirium?
A: The benefits of the Osirium are:
- Strengthens the security to devices within a Network Management Zone (NMZ).
- Places controls around and secures privileged user access to multi-vendor infrastructures.
- Strong authentication and single sign on, which secures device administration passwords.
- Accurate visibility over all privileged user activities on devices.
- Scheduling of automated and semi-automated tasks.
- Delegation of common as well as custom business process tasks.

Q: What is a Network Management Zone (NMZ)?
A: An NMZ is a secure network management zone within which security and network devices, servers and applications reside.

Q: How would the Osirium solution reduce operational risk?
A: Osirium reduces operational risk through:
- Governing and securing privileged user access to devices, eliminating unauthorised access and changes.
- Hardening devices.
- Fully and semi-automating privileged user tasks, eliminating human errors.
- Accelerates device failure resolutions, to lessen the impact on business.
- Audits which highlight operational gaps.
- Enhancing disaster recovery procedures.

Q: How does the Osirium solution help us achieve compliance?
A: Osirium supports compliance through:
- Audit reporting, gap identification and remediation.
- Logging user login information to all devices.
- Capturing sysadmin changes to devices.
- Rapid querying and auditing of device parameters.
- Eliminating the sharing of privileged passwords through strong authentication and Single Sign-on

Q: Can Osirium help deploy new devices?
A: Yes, Osirium provides a BluePrint functionality which can be used to apply a defined set of parameter configurations to a new device.

Q: How does Osirium strengthen the security of my devices?
A: Osirium strengthens the access to devices by:
- Utilizing strong authentication rather than static passwords for the login process.
- Providing easy access to revoke or change privilege user rights and roles with a few clicks.
- Securing the static passwords of security devices – administrators no longer need to know static passwords of the devices.
- Ensuring encrypted channels are used to the Osirium server and that the Osirium server utilises the highest possible encrypted channels to the devices.
- Auditing the device user account to determine what user accounts are and should be present on the device.

Q: How do I provision all my devices within the Osirium?
A: Osirium provides a Bulk Import mechanism which allows devices to be easily uploaded into Osirium.

Q: Is it possible to audit multiple devices against a defined configuration set?
A: Osirium provides a BluePrint functionality that allows you to create a defined set of parameter values which can then be used against multiple devices to audit configuration settings.

Q: Is it possible to reconfigure multiple devices?
A: Multiple devices can be reconfigured using either BluePrints or address books. BluePrints allow you to create a defined set of parameter values which can then be applied to multiple devices, whereas address books entries can be created on individual device parameters and applied across multiple devices.

Q: Can tasks be scheduled?
A: Yes, a wide range of tasks can be scheduled to run at a specific time, daily, weekly or monthly.

Q: What alerting features does Osirium provide to users?
A: Osirium provides the following alerting features to users:
- Pop-up balloons through the Desktop Client.
- Coloured status icons on devices within the Web Management Interface and the Desktop Client.
- Networks Operation Centre (NOC) Dashboard.
- Automatic emails to a pre-defined audience.

Q: What alerts are built into the system? Will Osirium have audit and alerting rules to inform management of unusual configuration changes?
A: Osirium can report on configuration changes that take devices outside of compliance or best practise policies, such as reporting on unauthorised user accounts appearing on devices. Osirium also monitors syslog alert messages from devices that have exceeded a specific threshold and requires attention.

Q: Will Osirium give me better visibility on who is doing what, where?
A: Osirium provides a real time view of connections through the Dashboard and Networks Operation Centre (NOC) screen for internal or external SysAdmin users. The Osirium dashboard provides an overview of the connections, users and devices that are currently being audited, whereas the NOC screen provides a real-time dashboard view, providing status monitoring and reporting of devices, tasks, syslog messages and connected users managed by Osirium. It can also be used to monitor alarms and conditions of the devices so early action can be taken on any that may need attention.

Q: How long does it take to deploy and configure the Osirium solution?
A: Osirium has been designed so that it can be deployed and running within a “Golden Hour” and without disrupting existing practices. Our No Touch approach to provisioning devices means that no agent software needs to be installed or changes made to the end devices.

Q: Doesn’t Osirium create a single point of failure?
A: Osirium has been designed to operate in a virtual operating environment, such as VMware, which means its deployment is not bound by operating system or hardware constraints. As a result, the Osirium can operate as a virtual and resilient pair, failing over safely to ensure uninterrupted service.

Q: What would the Disaster Recovery (DR) and Business Continuity Management (BCM) strategy be for the Osirium solution?
A: As the Osirium is deployed as a Virtual Appliance within a VMware infrastructure, the DR and BCM strategies within the VMware capabilities can be utilised.

Q: How long does it take to typically configure Osirium to start managing devices?
A: Osirium is simple to use, deploy, and configure, minimising the time you will need to spend configuring it. Once Osirium has been deployed the next step is to start adding users, devices and profiles through the Web Management Interface. The specific time it takes to configure these depends on how many devices, and users you have, and how many different policies you would like to associate to each device and user.

Q: What do I need to run the Osirium solution?
A: Osirium runs within a virtualised environment like VMware, so you would need some form of existing VMware infrastructure in place. And of course you'll need some devices to manage too. The following outlines the system requirements for the Osirium virtual machine:
VMware Infrastructure
- VMware ESX 4.0 or WMware ESX 3.5 with VMware vCentre Converter.
- Virtual Appliance
  - IP Address allocation.
  - 80gb storage.
  - Single cpu.
  - 512mb RAM.

Q: What are the other software requirements for Osirium?
A: As well as a VMware infrastructure, you will need the following:
Web browser for accessing the Osirium web management Interface:
- Internet Explorer 7 or above.
- Mozilla Firefox 3.6 and above.

Osirium Desktop client:
- Compatible with all Windows operating system so long as Microsoft .NET Framework Version 2.0 or higher is installed.
- SSH client – recommendation is PuTTY

Q: Is there a Linux, Unix, MacOs version of the Osirium Desktop client available?
A: Currently the Osirium Desktop client is Windows Only.

Q: Does the Osirium software require access to event logs?
A: Osirium is an alerting gateway for devices on the network. An overview of alerting status messages can be viewed via the Networks Operation Centre (NOC) screen, giving early warning status.

Q: Does Osirium require agents to be installed on all devices?
A: No, Osirium does not require any agents to be installed on the devices.

Q: What Strong Authentication solutions does Osirium support?
A: Osirium supports a variety of 'off-box' solutions through both standard protocols (RADIUS) and proprietary API connections. Some ‘off-box’ solutions that Osirium supports also have the ability to provision user accounts automatically, while other ‘off-box’ solutions use standard protocols (RADIUS) and allow for authentication only.

Q: Can Osirium define the password complexity for the end device – some devices support richer password features than others. How is this supported?
A: Osirium provisions the strongest possible passwords or keys that the end device allows. Typically SysAdmins will use a Strong Authentication method to authenticate so they will never need to know the password or keys for the end device. This provides for the strongest possible protection.

Q: What about the extent of the security of Osirium itself? This is always a concern for any centrally managed system and is two-factor authentication enough?
A: Osirium has been designed first and foremost as a security device. Currently the Osirium USIM supports Strong Authentication for SysAdmins and SuperAdmins to prove who they are. In the future, the Osirium could grow to support certificate and key-based communication channels as well as possible biometrics.

Q: What login types does the Osirium solution support?
A: Osirium is built on proxy based architecture and currently proxy's SSH, HTTP(S), RDP & Telnet management connections. In the future support will be available for Citrix as well as CheckPoint's CPMI and Microsoft SQL Enterprise Manager.

Q: What if I have a security device that Osirium does not currently support?
A: Right now we manage a range of devices from a selection of best-of-breed security vendors. If there is a device in your network that we do not currently support, we will be happy to create a template for you. Furthermore, we will continue to add new device templates to our present library of devices so if you can’t see a particular device template, please do not hesitate to enquire as to its availability.

Q: How long does it take to create an Osirium device template?
A: Each template varies in size and complexity and it depends on the depth of tasks and auditing required. Typically, our experience tells us that you could have a template for an otherwise unsupported device installed and successfully working within 1 week.

Q: What goes into an Osirium device template?
A: A basic template is enough to provision admin accounts and provide access control. More complex templates include auditable parameters and delegated tasks which can then be extended to include more complex custom business process tasks.

Q: What is a Custom Business Process task?
A: A Custom Business Process Task is a task which can be created using fixed limited parameters and default values within a template. It can be added to a template at anytime.

Q: What happens when vendors update or upgrade their devices?
A: We, at Osirium, enjoy strong working relationships with many of the best-of-breed companies for which we provide device templates. We work with our partners to ensure any product changes that may affect Osirium are addressed before they affect you. If there is a change that we don’t know about, we undertake to create an updated template for that vendor device so that you have minimal disruption to your infrastructure.

Q: How does the Osirium manage different software device versions?
A: Osirium uses xml template files for different versions of a device with some templates covering a range of device versions and when adding devices you select the correct template appropriate to that device version. When Osirium provisions devices it automatically checks that the selected template is correct for the version of the device and will warn the SuperAdmin if the template chosen is incorrect.

Q: Can groups be created for devices?
A: The Osirium management interface supports grouping using meta-data tags. The meta-data column within the table can then be used to filter and logically group the devices.

Q: How does the Osirium manage multiple backups?
A: Osirium can schedule device backups through its Profile page(s). Multiple device backups can be scheduled concurrently or different device groups can be scheduled for different times. Backups can also be scheduled to run daily, weekly or monthly.

Q: How are backup files viewed within Osirium?
A: The Osirium device template specifies the default location for storing the backup files on the device. Files can then be downloaded and saved to the Osirium for ‘local’ access and viewing through its Web Management Interface.

Q: Does Osirium support RDP connections?
A: The next release of Osirium will support provisioning of users to Windows Servers and automatic single sign-on of remote desktop connections.

Q: If a device isn’t supported can it be added in some way or do you have to request it and wait for its inclusion in an update?
A: Device templates can be created and added using the Osirium device template uploaded mechanism at anytime.

Q: Which device vendors are currently supported by Osirium?
A: The Osirium device templates that support vendor device types are continuously growing but currently the following vendors are supported: • Blue Coat SGOS v5 • Check Point Secure platform R60 – R70 • Cisco ASA v8 • Cisco PIX v6 – v7 • Cisco IOS v12 SSH • Cisco IOS v12 Telnet • F5 BIG-IP v9 • F5 BIG-IP v10 • Palo Alto • Juniper WXOS v5 • Foundry OS v4 • Nokia IPSO v4 – v6 • Windows Server

Q: Currently templates are to access devices but would future features allow access to applications?
A: Yes. Templates can be created to include application access in the same way we currently access devices.

Q: How does the Osirium solution handle temporary staff such as auditors and contractors?
A: Where temporary access is needed, Osirium can provide secure, audited and time limited access for third parties, such as auditors and consultants without having to reveal any authentication processes or passwords for each device. This prevents 'Privilege Credential Loss'.

Q: How does Osirium know it has full control of user accounts on end devices and how does it handle legacy accounts on the devices?
A: Osirium continually audits devices to ensure that only accounts and permissions that have been configured within Osirium exist on the end device. Any additional accounts that appear which aren’t Osirium user accounts, can then be removed. This applies to legacy accounts on a device as well as newly created un-authorised accounts.

Q: How are the users on the device tied to the users within Osirium?
A: When a user is created and given the permissions to access a device through a Profile, Osirium automatically provisions a personalised user account on the end device based on their Osirium username. The two are then linked by a single sign-on (SSO) process within Osirium when a user requests to logon.

Q: What if a SuperAdmin can’t access Osirium but needs to change a firewall or other device configurations – can they still access the device directly – what management controls are used to ensure genuine and assured change requests?– does this imply that a “control” user is created?
A: In 'parallel mode' it is possible to access devices both through Osirium using a Strong Authentication method and single sign-on (SSO), and to access devices directly using the default built-in admin credentials. When 'parallel mode' is turned off, Osirium will change the default built-in admin password and then offer two separate halves of this password to be printed and stored in the company fire safes as a 'break glass' emergency access password. Then all access to the device is required to go through Osirium.

Q: What will the hierarchy be of users, SysAdmins, and SuperAdmins?
A: SuperAdmins are the administrators of Osirium itself; they add users, devices, profiles etc. SysAdmins are the users of Osirium, connecting to and managing end devices. General network users within an organisation will not come into contact with Osirium as the solution is a privileged user tool.

Q: Would a change request process for user access requests be available in the future?
A: Osirium has the potential to incorporate a local change request system, such as Remedy, in the future. This could be used to manage change within Osirium itself i.e. such as SuperAdmins adding SysAdmins to profiles or for more general SysAdmin access and changes.

Q: How does Osirium govern what privileged users can do?
A: Individual tasks can be delegated therefore isolating tasks that SysAdmins can perform. However, if SysAdmins have full management interface access, then Osirium does not limit what they can do. Using Osirium allows administrators to be provisioned with only the roles and permissions required and not over permissioned.

Q: How do users perform tasks on the device through Osirium?
A: Users log on via the Osirium Desktop Client. Once successfully authenticated to Osirium, the system determines what devices the privileged users can access and the appropriate access rights for each device, and then the Osirium Desktop client dynamically updates with a list of authorized devices and tasks that can be performed on the device.

Q: How does the Osirium handle my external support providers who need to connect in remotely?
A: Osirium handles access for external support providers through:
- Time windowed access
Immensely flexible to accommodate a wide-range of remote management ‘styles’. For example, access might be given to specific devices for one particular day and then set to automatically disable at the end of that day or at a specified date/time.

- Role-based access
Personalised accounts provide role-based authority and accountability that allows partitioning of job-types for users configuring changes on a pre-defined range of devices.

- Specific delegated task access
Delegated task access means that the individual can complete certain tasks from a pre-defined action list.

- Visibility through the NOC dashboard
The NOC dashboard has been designed for viewing at a glance on a wall mounted large screen. It provides management operations teams with a dynamic overview of all privileged user activities, ensuring all actions and events are accountable, traceable and visible.