Centrify Resource Center

Home  |  Centrify Resource Center  |  Blogs  |  Tom Kemp's Centrify Blog
Tom Kemp's Centrify Blog

Hello Centrify Express!!! ... Giving Users Much More than Free Active Directory Authentication for Linux

Thursday, July 22, 2010

Recently we announced Centrify Express, a free offering for anyone who wants to better integrate non-Microsoft systems with Windows. Please go ahead and visit www.centrify.com/express and download it — by simply entering a valid email address and you are on your way to cross-platform interop nirvana! We are very excited about this announcement as it delivers by far more free capabilities than any other Windows/Active Directory interop solution out there, and it is also the most mature and manageable solution out there. In this blog post I will discuss what Centrify Express is and why we released it.

So What is Centrify Express?

We firmly believe that Centrify Express is the industry's most feature-rich solution for quickly and easily integrating Linux and Mac systems with Active Directory from an authentication and single sign-on perspective. It is comprised of:

  • DirectControl Express — a subset of our DirectControl solution, DirectControl Express secures your non-Windows systems using the same authentication services deployed in your Windows environment.
  • DirectManage Express — a subset of our DirectManage solution, DirectManage Express centrally discovers your systems, checks their ability to integrate with Active Directory, downloads the required software packages and automatically deploys to your systems. DirectManage Express also provides you with a single pane of glass to quickly and remotely access any of your systems securely using your Active Directory credentials.
  • Centrify-enabled open source tools — our Centrify-enabled versions of OpenSSH, PuTTY, Kerberos tools and Samba that have been enhanced and tested to seamlessly work with Active Directory and support Kerberos while delivered as easy to install pre-compiled packages. We even make available WinSCP as a convenience.

And the beautiful thing is all this great stuff is free to use, non-intrusive, easy to deploy, robust in operation, and delivers more functionality and more to upgrade to than any other free Active Directory integration solution.

As hinted at above, Centrify Express is a subset of the capabilities provided by the Centrify Suite that layers on additional capabilities such as cross-platform Group Policy, role-based access control as an industrial strength replacement of sudo, privileged identity management, user-level auditing, server isolation and encryption of data-in-motion. Centrify Express customers can simply use Express for free or subsequently upgrade some or all of their non-Microsoft systems to various editions of the Centrify Suite that meet their needs.

So Why Did We Release Centrify Express?

Well, for a number of reasons.

First, we truly want to make end users' lives easier by giving them a single sign-on account, rather than having to remember different usernames and passwords for different operating systems. They have that in the Windows world, they should have that if they want to also use Linux or a Mac. We also think we can also make IT staffs' lives easier by allowing them to use a tool that they already have — Active Directory — to centrally control authentication. This will cut down on the time they spend provisioning accounts and helping reset forgotten passwords.

Second, we have extensively read analysts' reports that have concluded that identity and access management solutions have historically been too expensive and too complex for small to medium businesses. But these SMBs often have the same security and compliance requirements such as PCI as larger organizations. For example, there is a huge need for a cost-effective solution for ensuring authorized access by requiring users to log in as themselves rather than using shared accounts (e.g. root, oracle, etc.) or account credentials that are difficult to map back to a specific individual.

We believe that our approach of allowing organizations to leverage an existing technology (and skillset) that they already have — Active Directory — combined with our free Express offering will now allow those smaller organizations to easily improve security and compliance for their systems and layer on additional capabilities as their business evolves. And once these SMBs' comfort level builds with our approach and/or their needs expand (or their business itself expands), with Centrify they can easily upgrade to more fuller capabilities that go well beyond group policy and authentication but also into centralized role-based authorization, user-level auditing, server isolation, etc. via a common architecture.

Third, we were getting requests from many people who had tried other free Active Directory integration tools and found them very unreliable, difficult to deploy on a mass scale, and did not play with existing software such as Samba. We were getting tons of requests from Ubuntu and Red Hat and Mac users asking if we could do better. Our answer was Yes!

[Side note: Certainly there have been other free basic Active Directory authentication toolkits out there for years — e.g. PADL, Samba winbind, Apple's AD plug-in for the Mac to name a few, with some being open source and some not. But just because something was there first, is not an indicator of future success (e.g. think AltaVista vis a vis Google, eDirectory vis a vis Active Directory, Betamax vis a vis VHS vis a vis DVDs vis a vis BlueRay, Blackberry vis iPhone, etc.). Heck, my fellow co-founders even built the first commercial "Active Directory bridge" back in 2001 at a former company, but being first was no guarantee of success either. The vast majority of users don't care who was first or if a solution is this source or that source, at the end of the day they just want something that works well, is feature-rich and gives them an upgrade path to more capabilities (e.g. think Apple and the iPhone).]

So instead of providing a one-off toolset for Active Directory authentication, we decided to give away a subset of the same enterprise-hardened technology that our 2500+ customers have in production on hundreds of thousands of servers today. I think you will find our solution much more reliable and mature compared to other solutions, and be better optimized from a login experience perspective.

But even if you have AD authentication taken care of on your non-Microsoft systems, customers don't want to "manage the management system." That's why we are also providing DirectManage Express as part of our Express offering to centrally deploy and/or upgrade our agent on dozens or hundreds of systems. But before DirectManage Express even does that, DirectManage Express also provide a means to do a centralized and automated pre-install check. The net net is this is a huge time saver over sneakernet and manually checking if a system can become an Active Directory client. DirectManage Express also provides the ability to quickly login to those remote systems via integration with SSH/SNC/VPC, and to view local system accounts, etc.

We also heard that customers wanted a free AD interop solution that plays well with their existing software such as newer versions of Samba. That's why we provide OpenSSH and Samba interop as part of Express.

So that's why our free offering is actually 3x what other free Active Directory solutions give you – not only AD authentication for cross-platform systems, but deployment and management, and interop with popular connectivity tools and we even provide SMB/CIFS file sharing technology in the form of Samba. The bottom line is with Centrify Express we offer customers more functionality and more to upgrade to than any other free offering out there.

Fourth and finally, we naturally want to give a wide range of potential customers a taste of what Centrify can offer — not just software, but the experience of working with a company that goes the extra mile in providing customers with the expert support and resources needed to be successful. Naturally, we hope that based on this experience they will be interested in exploring our advanced solutions. The good news: because we are giving away a version of our current product, all that is required is a simple license-key upgrade to unlock advanced features.

But hey don't believe me, go ahead to www.centrify.com/express and register, acknowledge the EULA and download it yourself and see if it meets your needs. In future blog posts I will provide some more commentary on Express.

Categories: Centrify, Centrify Express, DirectManage, DirectControl for Systems, Open Source Tools, All
Submit Feedback
Bookmarks: del.icio.usDiggFurlNetscapeYahoo! My WebStumbleUponGoogle BookmarksTechnoratiBlinkListNewsvinema.gnoliaRedditWindows Live

< Previous Article: Hardening VMware vSphere Security and the ESX v4 Console Operating System with Centrify
> Next Article: Viva the Wild Rumpus!


Subscribe to RSS Feed
About Tom Tom Kemp is CEO of Centrify. You can follow him on his Centrify blog or his Secure Thinking blog on Forbes.com. Full Biography Follow Tom on Twitter
Recent PostsComing Very Soon … the Centrify Customer Conference! Register Today!How Centrify DirectControl for Mobile WorksWhat's New in Centrify Suite 2012.2DirectControl for Mobile in Action Centrify Introduces First Solution that Extends Active Directory to Mobile DevicesBuckle up with Cybersecurity ... It's the Law
CategoriesAll (187)Centrify (164)Centrify Express (14)Centrify Insight (3)Centrify Suite (67)Centrify Zones (2)Cloud (11)Customers and Press (65)DirectAudit (39)DirectAuthorize (34)DirectControl for Databases (54)DirectControl for Mobile (3)DirectControl for Systems (93)DirectControl for Web Apps (50)DirectManage (9)DirectSecure (12)Group Policy (55)Mac OS X (37)Mobile Security (4)Open Source Tools (13)Partners (21)Regulatory Compliance (66)Ubuntu (4)
Articles by Year2012 (8)2011 (32)2010 (30)2009 (45)2008 (44)2007 (28)