Centralized Identity Management: Enseva, achieved a unified authentication process across various services and cloud infrastructures by integrating ZITADEL as their primary Identity Provider (IdP).
Streamlined User Authentication: ZITADEL simplified the login process for Enseva’s clients with Single Sign-On, enhancing the overall user experience and reducing complexity in accessing multiple applications.
Cost-Effective Solution: ZITADEL Cloud provided a cost-effective alternative to other identity management solutions, aligning with Enseva's goal of maintaining cost efficiency without compromising on features.
Enseva, headquartered in Iowa, United States, is a specialized data center and cloud solutions and service provider with a global reach, extending services to customers with locations in countries like Germany and the UK as well.
Enseva primarily offers a comprehensive suite of services tailored to meet the diverse requirements of its customers. In our conversation with Greg Smith from Enseva, we gained deeper insights into the company's operations and offerings. The core of Enseva's operations revolves around its Tier 4+ data center, which is equipped with advanced colocation and private cloud technologies. Their services are designed to be highly reliable and secure, featuring locked cabinets, private micro-suites, and dependable network connectivity, all backed by on-site technical support.
The company's core product offerings include:
- SIEM Solutions: Enseva provides Security Information and Event Management(SIEM) solutions, crucial for modern cybersecurity and network health monitoring.
- Monitoring Tools: Their suite includes various tools for monitoring networks and systems.
- Cloud Services: Enseva's cloud infrastructure is a significant part of their offerings, providing scalable and flexible resources to clients.
- Physical Storage Solutions
- Internet and Network Services
- Virtual Hands Services: These services include remote assistance for various IT tasks, including deploying and managing cloud-based solutions on clustered servers for redundancy.
Greg’s role involves performing a diverse array of critical tasks centered around problem-solving and customer support. He is a Data Center Administrator assisting customers with their challenges, and testing new products that enhance Enseva's ability to automate tasks. Enseva also leverages open-source software, including ZITADEL, and innovative automation strategies to efficiently manage and scale their operations, ensuring top-tier service quality and reliability for their diverse clientele.
Enseva's customers span a diverse range of industries, each with unique requirements and applications for Enseva's services. Here's an overview of their user base and how these users utilize Enseva's products and services:
- OEM Product Manufacturers: Original Equipment Manufacturers (OEMs) likely use Enseva for reliable data storage, cloud services, and network solutions to support their manufacturing processes and data management needs.
- Civil Services: This includes hospitals, police departments, and construction companies. These entities require robust and secure data management and storage solutions. For instance, hospitals need to securely store sensitive patient data, while police departments require reliable data centers for their operational data and records.
- Apartment Complexes: Enseva provides internet services to apartment complexes, ensuring residents have access to reliable and high-speed internet connectivity.
The User Journey
- Customers start by setting up their domain, which is the foundational step in creating their network and IT infrastructure.
- Enseva provides the necessary server infrastructure, including AD/DNS servers. These servers are redundant, ensuring high availability and reliability.
- Depending on the specific needs of the customer, Enseva tailors its services. For example, a hospital may require additional security measures for patient data.
- All virtual machines and physical servers provided by Enseva are continuously monitored. This monitoring ensures optimal performance and quick response to any issues that may arise.
- Optionally, Enseva will provide ongoing technical support and maintenance services.
Enseva faced significant challenges in the area of identity and access management and they were:
Centralized Operations: In their day-to-day operations, Enseva's team frequently supports customers by accessing various applications to troubleshoot issues or monitor environments. This task often involves managing multiple logins across different customer systems, which can be quite time-consuming. To streamline these processes, Enseva was in pursuit of a centralized system, what they termed as Combat Information Centers (CIC), aiming to efficiently handle their identity and access management needs.
Complexity in Authentication: Managing a multitude of logins for various environments, especially with customers having large numbers of virtual machines and production toolsets, became a cumbersome task. The challenge was amplified by different password policies across environments, leading to a significant administrative burden. To paint a picture of the problem with numbers, consider a single customer. Enseva has to manage access to around 150 different virtual machines. Each virtual machine potentially requires a unique set of login credentials. In addition to the virtual machines, there are around 12 different production tools, such as web servers and file servers, each again potentially requiring separate authentication. Moreover, each virtual machine and toolset was likely part of different environments (e.g., development, testing, production). This complexity meant that Enseva's team had to manage a multitude of login credentials across these environments. With policies such as mandatory password changes every 30 to 60 days, the administrative burden of keeping track of credentials and ensuring they are updated regularly added to the complexity.
Cost-Effectiveness: Enseva required a solution that was not only effective but also cost-efficient. They needed to avoid solutions with multiple license requirements, which can be costly.
Enseva’s search for a new identity and access management solution led them to ZITADEL, which effectively addressed their challenges:
- ZITADEL served as the central point of operations that Enseva required. Its user-friendly interface and straightforward functionality made it an ideal choice.
- With ZITADEL, Enseva could manage user access more efficiently. The burden of handling numerous passwords and usernames across different environments was significantly reduced. ZITADEL streamlined the Single Sign-On (SSO) process and made user management more manageable, directly addressing the pain points related to multiple logins and varying authentication requirements. SSO significantly streamlines the authentication process, allowing users to access multiple applications with a single set of credentials. This not only enhances operational efficiency by reducing the time spent on logging in but also improves security. By minimizing password fatigue and simplifying the enforcement of security policies, SSO ensures a more secure and manageable system. Additionally, it offers a better user experience and scales effectively with Enseva's expanding service offerings and client base, making it a vital component in their operational infrastructure.
- ZITADEL Cloud offered a cost-effective solution with a pricing structure that suited Enseva’s budgetary constraints, avoiding the high costs associated with multiple licenses. Furthermore, it provided the reliability and ongoing support that Enseva was seeking.
Enseva discovered ZITADEL through professional forums and chose it over other vendors like Azure AD, Clerks, Ory, Okta, OneLogin, and Auth0 due to its functionality, ease of use, and cost-effectiveness. Opting for ZITADEL's cloud solution, Enseva was able to integrate a robust and efficient identity management system without the need for additional in-house maintenance.
Technology Architecture, Deployment, and Future Plans
Enseva's technology stack includes a cloud infrastructure based on server clusters and virtual machines in their physical data center storage, featuring rack units and private suites for additional computing power. Monitoring and analytics are integral, with a central logging server and tools for trace analytics and metrics monitoring. ZITADEL Cloud, residing separately, integrates as an external identity and access management solution, providing centralized user authentication and Single Sign-On (SSO) capabilities across Enseva's diverse infrastructure.
Enseva chose to use ZITADEL Cloud for their identity management needs. Managing numerous projects internally, they found value in delegating the responsibility of identity and access management to an external, specialized service. This approach allows them to focus more on their core competencies while ensuring that their identity management system is handled by experts.
They are actively configuring SAML (Security Assertion Markup Language) and OpenID Connect protocols with all their applications. This phase involves rigorous testing to ensure that the integration of ZITADEL with their systems is seamless and meets their security and operational requirements. The use of SAML and OpenID protocols suggests a focus on secure, standardized methods for exchanging authentication and authorization data.
Enseva's use of ZITADEL Cloud is a strategic decision aimed at enhancing their identity and access management capability without overburdening their internal team. The experience of implementing ZITADEL Cloud with Enseva's applications has been positive, primarily due to the clarity and comprehensiveness of ZITADEL's documentation. Enseva found the documentation easy to follow, which facilitated a smoother integration process.
“ZITADEL is a great platform for many applications. I have been at Enseva for the past 11 years and had an opportunity to work on different IDP software, and ZITADEL is on the rise. It's simple and easy to use, and I see ZITADEL becoming a top member in this IDP group. Not only for SSO but it has been a game changer for controlling user access to different organizations that we maintain. ZITADEL Cloud is a great feature for those who have enough to maintain on a daily basis.”