Single sign-on, or simply SSO, is an emerging technology that is widely popular. It has the ability to log in once, and be authenticated to access all the applications and resources of the organization. With a growth in demand for a variety of e-business applications, they are becoming more and more sophisticated, with complex functional and technical requirements. Although new trends in e-business application development have made the development simple, the issues of integrating the applications with other applications or the existing e-business infrastructure are not trivial. The ideal and efficient solution to address these issues is an effective SSO strategy. Single sign-on is imperative to any organization that has a variety of disparate applications and resources. Organizations implementing single sign-on have realized the benefits, in terms of improved user productivity and simplified administration resulting in reduction of administrative costs. Although, a coherent a single sign-on framework has far reaching benefits, it can be difficult, time-consuming and expensive to retrofit to existing applications. Moreover, with security being non-negotiable, the emphasis on a robust single sign-on strategy has increased.
This white paper describes a single sign-on framework WebIntelligence®. The paper addresses the Integration of an e-business application that is built on a tool like WebIntelligence with other applications or the existing e-business infrastructure posing various technical challenges and issues. Although the single on solution discussed in the paper has single sign-on for WebIntelligence as the central theme, the solutisign-on is generic in terms of single sign-on. The paper can serve as a guideline for any SSO implementation. The paper describes the best practices, including the issues and challenges that single sign-on implementation brings to organizations with distributed, diverse applications and technologies.
WHITE PAPER
KALAMALLA M BASHA, GOPI VENKAPPA HOMBAL
WEBINTELLIGENCE
Table of Contents
INTRODUCTION ... 3 SITEMINDER OVERVIEW ... 3 WEBINTELLIGENCE OVERVIEW ... 5 J2EE OVERVIEW ... 6 USER FRAMEWORK ... 7 SECURITY FRAMEWORK ... 8 INTERFACE FRAMEWORK ... 9SSO IMPLEMENTATION FOR WEBINTELLIGENCE ... 9
SSO WITH WEBINTELLIGENCE AND SITEMINDER ... 12
WEBINTELLIGENCE OVER INTERNET ... 13
KNOWN ISSUES ... 14
FURTHER IMPROVEMENTS ... 15
CONCLUSION ... 15
ACRONYMS ... 16
REFERENCES ... 16
ABOUT THE AUTHORS ... 16
ABOUT WIPRO TECHNOLOGIES ... 17
INTRODUCTION
There are abundant reasons and advantages for a corporate to choose single sign-on (SSO). This may be to get rid off multiple passwords for different e-business applications, to succeed in saving users and developers from the issues of site membership and to provide increased security. However, the basic reason for implementing SSO is that a single identity serves numerous applications. Applications that lack SSO result in lost productivity and compromised security to the end-users. Efficient SSO can be very complex and a challenging task to implement for vendors and corporates as well.
Numerous applications and users form an e-business infrastructure and each application in the e-business infrastructure defines a list of users to access them. The result is a multitude of users, with different roles and responsibilities. Users can range from database administrators to application developers, security officers and database users. The main objective of the paper is to provide a methodology to integrate users in WebIntelligenceâ with users in the e-business infrastructure for the purpose of achieving single sign-on.
The integration discussed here is based on the knowledge and experience gained by implementation of SSO for WebIntelligence in a very large enterprise. First, the paper provides an overview of the technology required to integrate WebIntelligence for the purpose of achieving single sign-on. SiteMinderâ is used to create a centrally managed environment that provides a secure and personalized user experience across the e-business infrastructure. J2EE defines the standard for multi-tier enterprise applications. It also discusses certain aspects of WebIntelligence that are pivotal for achieving SSO.
Next, the paper attempts to present a framework that can be a starting point for achieving SSO for WebIntelligence. The framework is classified based on the three important facets of any e-business infrastructure, that is, users, security and user-interface. A proper user framework, a robust and reliable security framework, and seamlessly integrated and standardized interface framework is essential for any SSO implementation.
Last, the paper discusses various mechanisms for achieving single sign-on for WebIntelligence. The different approaches discussed are based on the complexity of the e-business infrastructure. The first approach, discusses integration of WebIntelligence with another e-business application. The second discusses achievement of single sign-on for WebIntelligence and e-business applications across the enterprise. The last and the most complicated approach is the deployment of WebIntelligence over the Internet. Each of these approaches add more value to the achievement of single sign-on as an enterprise moves from integration of disparate applications to a centrally managed and integrated e-business infrastructure.
Also, this paper attempts to bring out certain tool limitations that may lead to potential failure of SSO. It also discusses certain further improvements on the existing approaches that make the SSO more secure and robust. The paper concludes with a discussion on issues and challenges that are to be addressed for successful implementation of single sign-on.
SITEMINDER OVERVIEW
SiteMinder enables enterprises to manage user identity and entitlement information in a centralized security infrastructure. The SiteMinder platform of shared services is managed through a rules based policy engine, which enables administrators to define policies that the SiteMinder platform will use to deliver services such as single sign-on, authentication management, entitlement management and auditing.
SiteMinder installation consists of two primary components:
1. The SiteMinder policy server - The policy server is an NT or UNIX-based server that provides the following services: • Policy-based user management
• Secure portal management • Authentication services • Authorization services • User registration services • Password services • Session management • Auditing services
The SiteMinder Agent - The agent integrates with Web servers, Web application servers, or custom applications to enforce security and user management functions based on pre-defined policies.
SiteMinder supports the following types of Agents: • Web agents
• Application server agents • Affiliate agents
• Custom agents • RADIUS devices
Figure 1: A centralized security infrastructure with SiteMinder
Users Corporate Web
Server SM Web Agent Mail Server J2EE Application SM Policy Server HR/ Pay Roll Finance Employees Database SQL RDBMSLDAP NT Domain Sales Customers
WEBINTELLIGENCE OVERVIEW
The WebIntelligence system is the infrastructure on which the Business Objects distributed solution relies. This solution gives business users the ability to access, analyze and share information in intranet, Internet, and e-business environments. From an administration standpoint, it provides IT departments with the tools they need to effectively control and manage enterprise-wide user access. WebIntelligence distributed component architecture and light query applets available in either Java or ActiveX, eliminating the need for client-side installation and maintenance of application software and database middleware. WebIntelligence works with the most popular HTTP servers and application servers.
WebIntelligence is a CORBA service that can be triggered by different server-side technologies like ASP and JSP. The WebIntelligence architecture consists of three specific areas:
The client: The client: The client: The client:
The client: The Web browser, which provides the gateway to the WebIntelligence system. The middle tier
The middle tier The middle tier The middle tier
The middle tier: Comprises the HTTP server and WebIntelligence system components, linked together by CORBA calls in a distributed CORBA environment.
Database components Database components Database components Database components
Database components: Comprises the repository and corporate database. This is where much of the data is stored, and where system security is controlled.
Figure 2: Stand-alone WebIntelligence system Client HTTP Web Server Java Container WebIntelligence WISDK DWH BO Repository
J2EE OVERVIEW
J2EE defines the standard for developing multi-tier enterprise applications. J2EE specifications provide the frame of reference for components that can be used, extended and combined to deliver robust enterprise application. These applications require access to a set of services. Typical services included transaction processing, database access, corporate mail, messaging service and others. The J2EE architecture unifies such services in its enterprise service APIs.
J2EE takes advantage of many features like “write once, run anywhere”, portability and scalability. Another advantage of the J2EE is that the application model encapsulates the layers of functionality in specific types of components. Business logic is encapsulated in Enterprise JavaBeans (EJB) components. Client interaction is presented through plain HTML Web pages, through Web pages powered by applets, Java Servlets, or JavaServer Pages technology, or through stand-alone Java applications. Components communicate transparently using various standards: HTTP, SSL, RMI, IIOP, and others.
Figure 3: J2EE overview Client HTTP/ HTTPS HTTP Web Server Web Component EJB Component Java Component J2EE Container Application Server JNDI API JavaMail API JDBC API Directory Service Mail Server RDBMS
J2EE application model divides enterprise applications into three fundamental parts: components, containers, and connectors. Components are the key focus of application developers, containers are system vendors specific and connectors conceal complexity and promote portability. Figure 3 illustrates a simple J2EE application accessing different applications.
USER FRAMEWORK
To understand the intricacies of SSO implementation, it is essential to explore the user framework. Generally, in a corporate, the magnitude of users is normally high, the applications are more distributed and efficient user management is a complex task. Directory services such as LDAP (the Lightweight Directory Access Protocol) address these difficulties.
Figure 4 illustrates a simple user framework with a centralized directory service that serves distributed applications. In a distributed environment, a directory service manages a directory of entries in tree structure. An entry can refer to a person, place, service, or any other concrete object or abstract concept. An entry also has attributes associated with one or more values. These attributes describe the entry, and the exact set of attributes depends on the type of the entry.
Each entry is uniquely identified by a distinguished name. A distinguished name consists of a name that uniquely identifies the entry at that hierarchical level and a path of names that trace the entry back to the root of the tree. For example, it might be the distinguished name for ’xyz’ entry. The schematic hierarchy of a directory service is shown in Figure 5.
The user framework is tricky as BO stores user-information in a way different to LDAP. The users in BO are defined within the scope of the application and are stored in a repository installed on RDBMS. Moreover, the users in BO are independent of users in LDAP, to integrate these users into single entities; LDAP offers attributes with value attached to it. These attributes identify the user-role for the WebIntelligence application in LDAP, essentially each user-entity is defined twice once in LDAP and once in BO. The password authentication is not an issue as WebIntelligence in basic authentication mode ignores the BO password and authentication is managed within LDAP. However, later versions of WebIntelligence provide a mechanism to synchronize users in Business Objects with users in LDAP.
Figure 4: Corporate domain Directory
Service J2EE Application
SAP / PAY Rool
Mail Server
SiteMinder Policy Server
Figure 5: LDAP directory service hierarchy
dn:
o=wipro.com
dn: ou=people,
o=wipro.com
dn: ou=groups,
o=wipro.com
dn: ou=admin,
o=wipro.com
dn: uid=xyz, ou=people, o=wirpo.com
cn: xyz
mail: [email protected]
telephone Number: 2852408
uid:xyz
SECURITY FRAMEWORK
Once the user roles are set up, the next task is to integrate WebIntelligence in a security framework. WebIntelligence is CORBA (Common Object Request Broker Architecture) service installed along with a HTTP Web server. WebIntelligence in basic authentication scheme has only simple user authentication. This security anomaly has to be addressed in a robust, yet reliable security framework.
There are several aspects to the security framework that makes it unique. First factor is to integrate WebIntelligence with protected resources in other realms in a security framework. WebIntelligence interface is created as a web-context in a Web server and in SiteMinder. Policies are created for all the protected resources including WebIntelligence Web-context in SiteMinder policy server. Each request to WebIntelligence is validated in SiteMinder to determine whether or not the user has access to WebIntelligence.
A second factor is to provide protected resources with different authentication schemes. Since WebIntelligence is in basic authentication scheme that is different from authentication schemes in other resources, it is necessary to assign different protection levels to different authentication schemes. SM enables administrators to implement this authentication schemes with additional measure of security and flexibility for an SSO environment.
In addition, the ability to create and centrally manage models of access control for physical HTTP resources, as well as the ability to create and centrally manage application-specific authorizations on behalf of the user context and the ability to create and centrally manage a N-level model of delegation for LDAP directories are functions of the security framework.
INTERFACE FRAMEWORK
Applications with different user interfaces have become a reality. Although the content of these applications conform to a set of specifications, the user-interfaces are unique to each other. Providing a common user interface to different applications that results in a seamless presentation of the content in its uses, activities, and interactions is an aspect of SSO implementation. There are several factors to a common user-interface. The user experience is an important element of the interface framework; the approach is to provide a common “look and feel for user” across applications. All applications including WebIntelligence are standardized on a set of user interface guidelines. In addition, interface framework also takes care of the reading input parameters from e-business applications. These parameters are read from HTTP header or a form based request or a query string.
SSO IMPLEMENTATION FOR WEBINTELLIGENCE
WebIntelligence provides tight security required to protect data. By leveraging the existing Business Objects security infrastructure and using an architecture designed to work with standard authentication methods, the system provides access to corporate data only to users with the appropriate authorization.
WebIntelligence provides four different authentication schemes for identifying users and controlling access to them. • NT challenge/response (for Windows-only clusters)
• Basic authentication • Business Objects standard • No authentication
The main characteristics of these methods are summarized in the table below: Method
MethodMethod Method
Method SecuritySecuritySecuritySecuritySecurity BrowserBrowserBrowserBrowserBrowser PromptPromptPromptPromptPrompt NT Challenge/
Response
High Internet Explorer (IE) None
Basic
authentication
Medium IE + Netscape
Authentication system
User name and password
Business Objects standard
Medium IE + Netscape Business
Objects
User name and password
No
authentication
Basic authentication is discussed in detail, as it is important for the single sign-on implementation architectures discussed. Basic authentication is a widely used, industry standard method for identifying users. It results in the transmission of passwords over the network without data encryption. This method is preferred over other methods for as other authentication schemes are suitable for stand-alone WebIntelligence system. In Basic authentication scheme, only valid users in the WebIntelligence system are allowed access, and any anonymous user is denied. The various possible approaches to implement Single Sign-On are discussed in detail.
SSO for WebIntelligence can be achieved in the following architectures; the classification is based on the infrastructure and the turnaround time for implementation.
1. WebIntelligence without SiteMinder 2. WebIntelligence with SiteMinder 3. WebIntelligence over the Internet
In the first architecture, WebIntelligence system is integrated with other e-business applications without the SiteMinder. The architecture consists of WebIntelligence system that is configured in the basic authentication scheme. A centralized directory services where the users of the integrated environment are defined and the e-business intelligence environment to which WebIntelligence system is integrated. This is the simplest SSO implementation for WebIntelligence.
In this architecture, all the users are defined in the centralized directory service. The users who need access to WebIntelligence are defined in BO repository. The authentication is managed in the directory service. Any user request to WebIntelligence is first scrutinized in the directory service and the user name is passed to application. WebIntelligence only checks for the existence of the user in BO repository; it assumes that other user related information has already been authorized by the directory service. Figure 6 illustrates WebIntelligence application integrated with J2EE application.
The user-interface of WebIntelligence is customized through WebIntelligence SDK. WebIntelligence SDK (Software Development Kit) is an extension of WebIntelligence that enables customization of the look, behavior, and workflow of a WebIntelligence deployment. This customization enables alignment of WebIntelligence with current e-business applications. WebIntelligence is tailored to match the needs of a wide user audience while providing enhanced navigation and finer analysis. This type of customization is imperative for any type of intranet deployment, in which corporate users communicate with entire populations users through the web.
This architecture enables seamless integration of WebIntelligence system into the enterprise e-business infrastructure. However, it is not very robust, as WebIntelligence is not tightly coupled with the existing application security. Nevertheless, the SSO can be easily implemented with minimal infrastructure. The effective turn-around time for implementation is significantly less.
Figure 6: WebIntelligence without SiteMinder Client JNDI HTTP Web Server EJB Module Web Module Java Module HTTP Web Server Java Container WebIntelligence WISDK LDAP JDBC RDBMS BO Repository DWH
SSO WITH WEBINTELLIGENCE AND SITEMINDER
The second architecture is an extension of the first one, with additional security component, i.e., SiteMinder. SiteMinder binds all e-business applications and WebIntelligence into a powerful security framework. SiteMinder Web agent intercepts request to protected resources and determines whether are not the resource is protected by the SiteMinder policy server. This architecture also benefits from SiteMinder security services and technical capabilities.
The architecture integrates WebIntelligence and e-business applications to provide an efficient and reliable solution. The user identities are managed in an enterprise-wide logical repository, user information is actually stored in several user directories using a mix of technologies like RDBMS, LDAP. Any access to protected resources is secured using centralized access policies based on user-identities and roles. These policies are defined in the SiteMinder policy server. Policies are defined for group of application based on user–identities and roles. For instance, an access policy may state that users must have certain roles in order to be authorized to access an application. Figure 7 illustrates centralized single sign-on system.
Figure 7: WebIntelligence with SiteMinder
Client HTTP Web Server Reverse Proxy Roles Actions Context SM Policy Server LDAP RDBMS RepositoryBO DWH SM Web Agent HTTP Web Server J2EE Container SM Web Agent HTTP Web Server J2EE Container
The SiteMinder policy server has knowledge of both user identities and applications. It interfaces with the enterprise’s multiple user directories; information about a single user may be contained in several user stores that need to be queried to extract relevant user data. Security enforcement is provided by agents that intercept requests to any protected resource. Users can be authenticated against a specific user store and authorized against another user store configured with the policy server, thus leveraging existing user information wherever it is available across the architecture.
Web Service Containers host Web services on industry specific platforms such as J2EE technology. WebIntelligence and e-business applications are Web service containers, these web services container interfaces with SiteMinder through SiteMinder agents by exchanging user information. The agent authenticates this user information against a site minder policy. Once the authentication is done, access to all the applications in the domain is established.
SiteMinder integrates all the applications in an enterprise including WebIntelligence in a secure and reliable framework. SiteMinder enables SSO for WebIntelligence; it also protects WebIntelligence by providing a robust security framework. This architecture can be extended to provide Single sign-on for all applications within the enterprise.
WEBINTELLIGENCE OVER INTERNET
In the third architecture, the emphasis is on single sign-on for business applications deployed over the extranet. Generally e-business applications have evolved over time and have moved from the intranet to the Internet. Integration of these disparate applications is inevitable when deployed over the Internet. Single sign-on for applications has obvious advantages; it makes administration and manageability easy and it provides a single point access to the applications. Single sign-on for an application over the Internet encompasses a wide range of technologies like reverse proxying, firewalls, demilitarized zones (DMZ) and network segments. These technologies are discussed below.
The SSO implementation involves providing a multi-layer security framework. The multi-layer differentiation is based on the protection levels. Normally, any network can be classified into an external segment and internal segment, the classification is based on access privileges that have to be provided to the applications. All applications that are accessed over the Internet usually form the external segments.
An external segment is any network that operates in a low security zone environment. In other words, any network that connects the enterprises physical environment to another un-trusted network, such as the Internet. Standard HTTP Web servers and network firewalls form the enterprise network’s external segment. This Web server is configured as a reverse proxy. Reverse proxy refers to the ability to monitor and respond to request from the Internet on behalf of a Web server. Essentially, the proxy server impersonates the Web server to Internet users. Reverse proxy provides a second layer of security besides the firewall. There is another segment of importance called the demilitarized network segment (DMZ). This segment is mid way between the internal and the external segments. The DMZ hosts and provides Web or application service to other networks which are not trusted. In many cases, this type of network is considered external, since many of those services mapped directly to external segment. SiteMinder policy server, the e-business, ERP system, WebIntelligence, CRM and other Web services form the DMZ. The most secure environment forms the internal segment. This segment provides resources or services that are only for internal use. Most of the enterprises network falls under this category. The internal segment hosts LDAP, RDBMS, user stores, data warehouses and any other resource or service that requires the most comprehensive security.
Although the aspects discussed here are not very comprehensive, yet they encompass the architecture that is necessary for Internet deployment in any enterprise. The architecture serves as a guideline; it can be used as a road map for integration of Web services on the Internet.
Figure 8: Internet system
KNOWN ISSUES
The SSO implementation discussed in the paper is comprehensive, yet there are certain issues that need to be addressed. Single sign-on for WebIntelligence cannot be complete without a proper knowledge of these potential issues and the resolution for them.
These issues arise out of certain limitations in WebIntelligence. The first limitation is because of the ActiveX plug-in. ActiveX plug-in is used to view Business Object reports with WebIntelligence. This ActiveX plug-in fails to recognize the request from HTTP Web server when the HTTP Web server is configured in a reverse proxy mode. In reverse proxy, any request to the WebIntelligence server is routed through the HTTP Web server. The request routed through reverse proxy fails the ActiveX plug-in, as the ActiveX plug-in expects the request directly from the WebIntelligence Web server. Since the request information is different, the ActiveX plug-in prompts for re-authentication and that leads to failure of SSO. The solution is to provide ActiveX the correct HTTP request information. This can be achieved by system configuration changes. The first change is with WebIntelligence system, by defining the correct ‘default_HTTPServerURL’ variable for the ActiveX plug-in. The second change is with reverse proxy server; configure the reverse proxy server to allow the root servlet to run on WebIntelligence system. These
Internet User HTTP Web Server Reverse Proxy External Segment Corporate Web Server Corporate Web Server Employees DMZ Segment J2EE
Application SM Policy Server
WebIntelligence ERP Application Internal Segment LDAP RDBMS DWH BO Repository SAP
The next issue is with SiteMinder agent that runs on HTTP Web server. On successful authentication the SiteMinder Web-agent sets HTTP header variables on the client browser. These HTTP variables are dependent on the operating systems and the client browsers. Because of minor differences in numeric/character codes, header variables can slightly vary from one system to another, this can cause a malformed header variable. In such case, WebIntelligence system fails to authenticate the user. This issue is handled by changes to SiteMinder web agent configuration, by adding a configuration variable called ‘legacy variable’.
FURTHER IMPROVEMENTS
Although the single sign-on is accomplished as discussed earlier, the integration still provides a scope for improvement. In the integration, the underlying WebIntelligence application reads and interprets information from SiteMinder so that the application can login the user. But this integration can leave certain integration issues such as session timeout untouched. The integration can be improved in terms of increased security and better session tracking.
The WebIntelligence application fully trusts the information sent to it and does no verification. This is the minimum requirement for SSO. Normally, authentication is done by SiteMinder only once, that is initially when the users logs into the SSO system. Once the authentication is done, the SiteMinder web-agent sets the session information in the client browser. This information is then used by the applications in the SSO system to verify the user credentials that are stored in the applications own repository. The underlying applications cannot actually verify that, the information was sent by SiteMinder or not. In this integration, the point of trust is the HTTP web server that can reside in a DMZ.
The security of the integration can be increased, by providing the capability to verify that information sent by SiteMinder is actually sent by SiteMinder. Here, SiteMinder assumes complete responsibility of authentication and authorization for the users. The underlying applications do not rely on the session-information set in the client browser; rather the session-information always comes from SiteMinder. The point of trust is the SiteMinder policy server and the application server where the WebIntelligence is deployed, which does not reside in the DMZ.
Another improvement is in terms of the session tracking. SiteMinder provides an ability to associate the WebIntelligence session with SiteMinder session. Once associated, the WebIntelligence session can only be used by that particular SiteMinder session. Attempts by other SiteMinder sessions to use the same WebIntelligence session will be denied. The session timeout is addressed as the inactive period is defined in the SiteMinder.
CONCLUSION
The underlying reason for providing SSO for WebIntelligence is that the SSO integrates WebIntelligence with other pool of distributed e-business applications. This integration reduces human error and is therefore highly desirable in an e-business infrastructure. Additionally Single sign-on provides enhanced security and better end-user satisfaction for WebIntelligence. The architecture discussed provides a scalable, reliable and robust single sign-on solution for WebIntelligence. Single sign-on for WebIntelligence is achieved irrespective of the number of distributed applications in the e-business infrastructure. With SiteMinder the single sign-on can be extended across all the applications in the enterprise. Additionally reverse proxying and network segmentation provide increased security for single sign-on achieved over the Internet. Although the implementation is limited to SSO implementation for WebIntelligence, the architecture illustrated here can be tailored to achieve single sign-on for other Web-based applications.
ACRONYMS
SSO Single Sign-on
E-business Enterprise Business
ASP Active Server Pages
JSP Java Server Pages
HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure
CORBA Common Object Request Broker Architecture J2EE Java 2 Enterprise Edition
API Application Program Interface
EJB Enterprise Java Beans
SSL Secure Server Layer
RMI Remote Method Invocation
IIOP Internet Inter-ORB Protocol
JNDI Java Naming and Directory Interface JDBC Java Database Connectivity
LDAP Lightweight Directory Access Protocol
SM SiteMinder
BO Business Objects
WebI WebIntelligence
RDBMS Relational Database Management System
DMZ Demilitarized Zones
ERP Enterprise Resource Planning
REFERENCES
1. ‘WebIntelligence Technical guidance document’ published by Business Objects 2. ‘Single Sign-on and SiteMinder Technical guidance document’ published by Netegrity 3. ‘LDAP Technical guidance document’ published by JavaWorld
4. Consultative paper published by Oracle Magazine
ABOUT THE AUTHORS
Kalamalla M Basha is an EAI Consultant with Wipro Technologies. Kalamalla has worked in integrating J2EE Technologies for BI tools in positions varying from a programmer to architect.
Gopi Venkappa Hombal is a data warehouse and business intelligence Consultant with Wipro Technologies. He has worked in data warehousing and business intelligence solutions in various roles and responsibilities. He holds a Computer Engineering degree from Karnataka Regional Engineering College (KREC), Surathkal.
www.wipro.com
eMail: [email protected]
For further information visit us at:http://www.wipro.com/businessintelligence
For more whitepapers logon to: http://www.wipro.com/insights
© Copyright 2004. Wipro Technologies. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without express written permission from Wipro Technologies. Specifications subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. Specifications subject to change without notice.
ABOUT WIPRO TECHNOLOGIES
Wipro is the first PCMM Level 5 and SEI CMMi Level 5 certified IT services company globally. Wipro provides comprehensive IT solutions and services (including systems integration, IS outsourcing, package implementation, software application development and maintenance) and research & development services (hardware and software design, development and implementation) to corporations globally.
Wipro’s unique value proposition is further delivered through our pioneering Offshore Outsourcing Model and stringent quality processes of SEI and Six Sigma.
WIPRO IN DATA WAREHOUSING AND BUSINESS INTELLIGENCE
Wipro provides end-to-end Data Warehousing and Business Intelligence services to customers across verticals like Finance, Insurance, Utilities, Telecom, Retail, Logistics, Manufacturing and Healthcare. Wipro has implemented Business Intelligence and Data Warehousing solutions for over 90 customers worldwide including 30 Fortune 1000 clients. Wipro has evolved its ‘Insta Intelligence’ project management and delivery methodology around leading edge technologies in Data Acquisition, Data Modelling, Data Management, OLAP, Data Mining, and Meta-data Management to deliver innovative, sure-fire solutions to its customers. Worldwide HQ Wipro Technologies, Sarjapur Road, Bangalore-560 035, India.
U.S.A. U.K. France
Wipro Technologies Wipro Technologies Wipro Technologies 1300 Crittenden Lane, 137 Euston Road, 91 Rue Du Faubourg, Mountain View, CA 94043. London, NW1 2 AA. Saint Honoré, 75008 Paris.
Germany Japan U.A.E.
Wipro Technologies Wipro Technologies Wipro Limited Horn Campus, # 911A, Landmark Tower, Office No. 124, Kaistrasses 101, 2-1-1 Minatomirai 2-chome, Building 1, First Floor, Kiel 24114. Nishi-ku, Yokohama 220 8109. Dubai Internet City,