Tom Kemp's Centrify Blog

Introducing Centrify CloudTools: Extending Active Directory to Linux Servers Hosted in "The Cloud"

Wednesday, May 4, 2011

OK, so we are all hearing about "The Cloud." Cloud this, Cloud that. Vendors talk about it all the time, but are they simply blogging about it and telling their investors about this hot new thing called "The Cloud" or are they also actually delivering products that are specific and optimized and useful to "The Cloud"? Well, Centrify heard all this talk of the "The Cloud," we talked to Cloud providers, and of course talked to our customers, and decided to actually do something about "The Cloud." So after a good deal of research figuring out what customers care about vis a vis securing "The Cloud," and after a good bit of development effort, the other day we released, for free, Centrify CloudTools. CloudTools represents our initial foray into helping customers secure and automate the enforcement of Active Directory-based authentication and access control policies for a variety of Linux servers running within hosted environments such as Amazon EC2. There is a lot more stuff for us to do vis a vis "The Cloud," but every journey begins with some initial steps, and in this blog post I want to discuss the steps we have started to take.

So what are the "Centrify CloudTools"? Centrify CloudTools is an integrated collection of free tools and enhancements to existing products that lets organizations dynamically apply Active Directory-based authentication and access control to Linux systems running within cloud hosting providers such as Amazon EC2 and the RightScale Cloud Management Platform. Centrify CloudTools are available for free to customers of Centrify Suite and are also a new component of Centrify Express 2011. Used in conjunction with the Centrify Suite or Centrify Express, Centrify CloudTools enables an "enterprise-out" approach that establishes Active Directory as the center of trust between enterprise and cloud servers, whether private or hosted, to make them as secure and compliant as those in an on-premises data center.

So why would someone even need Centrify CloudTools? i.e. what's the pain point here? Well, one of the primary benefits of cloud computing is the dynamic nature of the environment in which compute capacity can scale near infinitely to support the growing demands of the IT organization. But in order to manage these cloud-based systems, the security infrastructure must also be automated to allow critical security and compliance policies to be applied consistently as every new system is initialized within a hosted environment. So when Centrify CloudTools are enabled for a newly provisioned Linux server in the cloud, they will immediately secure the root account, lock down the server and join it to the customer's on premises Active Directory domain. In this way, only administrators defined by the licensor of the server, and not the cloud service provider, have access to and control over the server. All access to the server is provided through Active Directory credentials, enabling server activity to be associated with a specific user. Similarly, when a server is terminated from a hosted service, it can automatically be removed from Active Directory.

What's New in Express


So what comprises Centrify CloudTools? Key components of Centrify CloudTools include:

  • Centrify RightScripts™ that can be used in RightScale ServerTemplates™ to manage cloud deployments (servers or groups of servers). Using Centrify RightScripts, administrators can deploy any one of the wide selection of operating systems supported by Centrify Express and secure them automatically. You can check out the Centrify RightScripts here.
What's New in Express


  • New release of Centrify DirectManage Express that supports the cloud system. Besides managing on-premises servers, this free solution has been enhanced to allow an IT Administrator to discover an organization's Linux systems deployed in the cloud, check their readiness to participate within an Active Directory domain, and then deploy and/or upgrade the appropriate Centrify software to these cloud-based servers.
What's New in Express
  • New release of Centrify DirectControl Express that provides a number of enhancements to facilitate cloud server instances to be secured centrally through Active Directory. Capabilities for cloud-based systems include enabling management of local privileged accounts, providing authorized access and single sign-on to Active Directory user accounts and granting root privileges based on Active Directory Group membership. This configuration automatically enforces security best practices designed to help organizations adopt cloud computing more rapidly while mitigating the associated security risks.
  • Amazon Machine Images (AMIs) that include Centrify Express software pre-installed and configured on: Fedora 13, Amazon Linux 1.0, and Ubuntu 10.04.
What's New in Express


What's New in Express


As I said above, this is our initial foray with "The Cloud," and we expect to add more tools and best practice guides to our CloudTools in the weeks and months to come, especially as we start to get customer feedback. In my next blogs posts I will drill down a bit more on what we deliver with our Centrify AMI Images and RightScripts. In the mean time, if you want more information please see our white paper, Enforcing Enterprise-Out Security for Cloud Servers, for a full overview of Centrify's solution for dynamically extending an organization's existing enterprise security infrastructure out to cloud-based UNIX and Linux systems

< Previous Article: Introducing Centrify Express 2011: Free Just Got Even Better
> Next Article: Centrify's Rightscripts