TOM KEMP'S CENTRIFY BLOG
More Examples of Customers Leveraging Active Directory for Linux and UNIX Authentication
Friday, December 28, 2007
Back in an April of 2007 blog post I highlighted some examples of Centrify DirectControl deployments from customers such as Research in Motion (RIM), Automated Trading Desk (ATD) and Yodlee who share our vision of UNIX/Linux and Windows integration. In today's blog post I want to circle back and feature a few more of our over 500 enterprise customers who have graciously agreed to publicly share some of their experiences with Centrify DirectControl.
The first Centrify customer I want to highlight is Wyse Technology. Wyse is riding the virtualization wave big-time and is a leader in thin computing, so it is not a surprise that Wyse is internally a big VMware shop and has achieved a server consolidation ratio of 10:1. Faan DeSwardt is Wyse's Director of Enterprise Architecture, and Faan was kind enough to drive up from Wyse's headquarters in San Jose to San Francisco to be interviewed with me by InformationWeek on their experiences with DirectControl. A snippet of the interview is below:
As per the video interview, Wyse uses DirectControl on all their non-Microsoft servers, including VMware ESX (running Windows guests with DirectControl deployed on the ESX Server itself) as well as Red Hat Linux and HPUX. According to Faan, DirectControl has done a "terrific job" by providing a single point of controlling access leveraging Active Directory and has helped Wyse pass critical security review and external IT audits.
Another customer I wanted to feature is a Chicago-based company that is a leading provider of installed home furnishings and home improvements. The Senior Systems Engineer at the company blogged about his discovery of our software and his initial impressions, and I thought it would be neat to share some of his comments from his blog post. He starts his article with the following:
"I just finished evaluating an excellent piece of software for Windows / Linux hybrid shops: Centrify Corporation's DirectControl Suite. This is a fantastically well executed integration suite which allows administrators to bring their GNU/Linux and Unix boxes into the Windows Active Directory domain. This brings centralized control of UID/GID (like NIS), the mutual authentication of Kerberos, and centralized Group Policy control to Linux/Unix."
He describes how the install of the product was "a snap" and then focuses on the major area of DirectControl's functionality he really likes:
"One of the best parts of this software, however, is in their updated version of OpenSSH to support Windows Kerberos tickets for authentication of users. Single-signon to any Linux box from Linux or Windows (customized Putty for the same reason) without having to copy RSA keys across your network every time you build a box. Now my Oracle admins can log into the 10g databases seamlessly (yes, they support Oracle authenticating through AD as well)."
And really digs our Group Policy support for UNIX/Linux, calling it "spectacular":
"Of course, no solution that integrates into AD would be complete without support for Group Policy. As a huge user of Group Policy (I have 8 GPOs on my home domain), this is key for me. The thing that makes it so spectacular, is that they just install new ADM files to your console system. That's it - no new trees needed, just new ADM files with settings specific to Linux like "SuDoers entries" and "SSH settings." Just like GPO on Windows, they're applied every 90+-30 minutes, and when you remove the system from the policy, the settings get pulled. For the Sudoers settings, they are appended to the end of the existing file. Also, many of your security settings for Windows boxes are read directly by the Centrify systems as well, including password expiration notices, lockout policy handling, etc."
He then describes some of DirectControl's enterprise capabilities and its ability to extend to non-Microsoft web applications:
"There are so many other little features that show how well thought-out the system is. The client can be configured to cache logons similar to Windows, so you can control your Linux laptops, and still enable the users to log in when they're on the road. There are several scripts and other tools to help "suck" the users out of /etc/passwd and NIS into AD, to help keep your UIDs in check if you're installing the client into existing servers.
And that's just the operating system. JBoss, WebSphere, Apache and other applications and middleware can be AD-enabled, and anything that uses PAM is automatically AD-enabled, giving you the ability to set up true single sign-on everywhere in your network, if you so choose."
He ends his blog post by saying: "Needless to say, we purchased it, and I'll be integrating this into all my deployments from this point forward." This is something we definitely appreciate!
I have a couple more customer deployments that I will highlight in some of my upcoming blog posts, but as per always we appreciate our customers' willingness to share their experiences with others.
< Previous Article: Performing a NIS Migration the Centrify and Active Directory Way
> Next Article: No Surprise Here: Compliance Still Driving Identity Management and Overall Security Spending
About Tom
Tom Kemp is President and CEO of Centrify. He blogs regularly on the topics of Entrepreneurship and Centrify. (Full biography.)
Recent Posts
- SAP Certifies DirectControl for SAP on UNIX and Linux
- New Survey Details Top Mac/Windows Integration Needs
- Mac Shipments to Hit 3 Million This Quarter? And an Upcoming Webinar on "Managing Macs in a Windows Environment"
- Another Award: Best in Identity Management
- Centrify to Host Three-Part Webinar Series on Identity Management Featuring Gartner Group
- What Another Great Year!
Categories
- Centrify (48)
- Customers and Press (35)
- DirectControl for Databases (22)
- DirectControl for Systems (42)
- DirectControl for Web Apps (20)
- Group Policy (34)
- Partners (9)
- Regulatory Compliance (29)
- Mac OS X (17)
- DirectAudit (11)
- Open Source Tools (7)
- All (65)
Other Blogs
Subscribe
RSS Feed
