Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Clearly, a key value proposition of Centrify DirectControl is the ability to leverage Active Directory as the central identity hub/store to administer users and their access, as well as centrally control authentication. This centralization then enables single sign-on for users to non-Microsoft systems and applications.
Our VP of Technology, Mike Patnode, presented on the topic of integrating Linux (and UNIX and Mac) identity management in Microsoft Active Directory at LISA 2008 (aka the Large Installation System Administration Conference).
In this blog post I am going to drill down in more detail on why customers (especially in the Federal government) should leverage strong authentication for the Mac and how our solution works in this regard.
This is my fourth in a series in a series of blog posts on our great new product DirectAuthorize. In this blog post I want to discuss how DirectAuthorize compares and contrasts to the popular "sudo" utility found on most UNIX and Linux systems.
This is a third in a series of blog posts on our hot new product DirectAuthorize. In this post I will drill down on the architecture of DirectAuthorize and describe some of its unique architectural features including how it uniquely leverages Active Directory.
In this post I want to drill down in more detail on the customer challenges that DirectAuthorize addresses, specifically in the areas of improving security and addressing audit and compliance requirements.
Centrify is pleased to announce a brand new product called DirectAuthorize, a software solution that centrally manages and enforces role-based entitlements for UNIX and Linux systems, and we are also introducing the Centrify Suite, which is a comprehensive solution for cross-platform identity and access management.
I am happy to report that as of last week, after working with SAP Waldorf and the SAP Integration and Certification Center (ICC), we have officially certified the integration of Centrify DirectControl for SAP on UNIX 4.1 with SAP Netweaver via BC-SNC 4.0.
GroupLogic - one of Centrify's partners in the Enterprise Desktop Alliance has just released a very interesting survey detailing the major issues and concerns when faced with Mac integration within the enterprise.
I found it interesting to read that one analyst is predicting that Apple will ship 3 million Macs this quarter, which would put Apple on a glide path to grow global PC market share from to 4.2% in 2009 from 2.9% in 2007.
On the heels of winning WindowsITPro Magazine's "Best Pick" for interoperability, it looks like we won another award: Network Product's Guide Reader Trust Award for "Best in Identity Management." It is great to win an award from an analyst or editor, but we are equally proud (if not more so) when customers name us their top solution within security in the identity management market as is the case with this award.
As part of our continuing education series on leveraging Microsoft Active Directory for cross-platform Identity and Access Management to enable strengthened IT security and regulatory compliance, Centrify is pleased to announce a three part webinar series featuring Gartner Group analyst Perry Carpenter. Click here to learn more and register.
Last year I wrote a blog post what a great year we had last fiscal year. Well now that another fiscal year has gone by (our fiscal year ends June 30), I am pleased to report to our employees, customers and partners that we had another great year! The high-level summary is that Centrify is coming off of another year of continuing triple-digit growth in revenue and customers for the fiscal year. We increased sales into Global 2000 companies; the Centrify customer base more than doubled to over 500 organizations in all sectors and includes implementation by 38% of the Fortune 50.
I was pleased to notice in the recent issue of WindowsITPro Magazine that hit my desk that Centrify DirectControl won Editors' Best pick (i.e. the "Gold Medal") for Best Interoperability solution.
Centrify is pleased to announce that Société Générale Corporate & Investment Banking (SG CIB) - after a rigorous and comprehensive selection process of identity and access management solutions - has selected our DirectControl solution for a pilot deployment to optimize the efficiency and manageability of its UNIX - and Linux-based computing systems.
Today five enterprise software companies announced the creation of the Enterprise Desktop Alliance (EDA) to facilitate the acceptance of the Mac in environments managed with Microsoft Windows. Centrify is pleased to be one of these five software companies participating in the EDA.
I wanted to use this blog post to discuss the ways our DirectControl and DirectAudit solutions can be used to audit your UNIX and Linux environment. Many vendors bandy about that they do auditing, but many just simply interpret and/or write to log files regarding successful and unsuccessful logon attempts. What they don't do is deal with what today's auditors and security professionals must increasingly address which is auditing user-level activity. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires that organizations audit "all actions taken by any individual with root or administrative privileges"- not just their logon attempts. Fortunately Centrify can help with the both high-level and more detail levels of auditing required to meet organization's compliance requirements.
Having recently written about how DirectControl can integrate non-Microsoft web servers into Active Directory, I want to provide some insight into our efforts in extending Active Directory-based single sign2on to SAP ERP applications running on UNIX and Linux systems. This blog post on our SAP SSO solution is a complement to our upcoming webinar on SAP SSO using Active Directory (which I urge you to register for :-) ) and other resources such as our white paper on SAP SSO.
We are looking to immediately add 15+ great people to our sales team that represents the market leader in this hot market within security for extending Microsoft Active Directory across heterogeneous systems and applications. Positions are located all over the US and in the UK.
In my last few blog posts I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions, the architecture and key features of our DirectControl solution for web and Java/J2EE applications, and the specific use case of web SSO for intranet applications (applications where all of the users are "internal" users such as employees, contractors and consultants.) In this final blog post regarding DirectControl for Java/Web I would like to discuss the second use case regarding web SSO for extranet applications using ADFS and DirectControl for Java/Web.
In my last couple of blog posts I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions, the architecture and key features of our DirectControl solution for web and Java/J2EE applications, and how DirectControl addresses these challenges. In this blog post I will discuss the specific use case of web SSO for intranet applications (applications where all of the users are "internal" users such as employees, contractors and consultants.)
In my last blog post I discussed some of the challenges customers are trying to address with Web single sign-on (SSO) solutions that leverage Microsoft Active Directory. In this blog post I want to discuss the architecture and key features of our DirectControl agent for web and Java/J2EE applications and how it addresses these challenges. In future blog posts I will describe some use cases of our web/Java agent.
Most of our customers are familiar with DirectControl's core ability to seamlessly integrate non-Microsoft operating system platforms such as UNIX, Linux and Mac into an Active Directory environment. But over the years we have also heavily investing in building on top of DirectControl's OS-level capabilities some really solid technology that enables Active Directory-based single sign-on to custom web and java application servers running on a UNIX, Linux or Windows systems.
As part of our continued efforts to make UNIX and Linux systems more secure by getting customers to replace their old and insecure Network Information Service (NIS) directory service deployment(s) and onto a modern and more secure LDAP and Kerberos infrastructure, Centrify is pleased to announced it has created a NIS replacement and migration resource site: NIS-Migration.com.
As readers of my Centrify blog know, I usually use this blog as a forum to discuss Centrify's vision, customers, why our technology and our approach to interoperability makes sense, etc. In today's blog I am going to go "off topic" and discuss interoperability as it relates to Microsoft's recent announcements re: their "interoperability principals" and analyze how recently published Microsoft protocols map to US patents and US patent applications that are held by Microsoft.
On April 23rd for North America and on April 24th for Europe we are hosting a free Network Information Service (NIS) Migration webinar that explains how Centrify DirectControl can enable you to leverage your existing Active Directory-based LDAP and Kerberos infrastructure to replace NIS with a solution that meets regulatory requirements and streamlines your IT infrastructure and operations in the process.
Today we announced DirectControl 4.1. While a relatively minor release, it adds over 20 additional operating systems to our industry-leading list of non-Microsoft platforms (now over 135 platforms), Windows 2008 support, new web application support and also adds misc. support tools and utilities. It will be released by the end of April.
Recently we have seen a lot interest in our Java and J2EE integration capabilities with Active Directory. I wanted to use this blog entry to give some thoughts on why we do it and how we do it.
Recently one of our developers was visiting a customer and he told me the story that when one of the sys admins he was working with gave him a hostname to ssh to, he was presented with the following message: The authenticity of host 'hostname (172.27.20.32)' can't be established. RSA key fingerprint is 37:58:49:7b:da:8c:a9:61:44:3f:5c:35:81:20:b1:ff. Are you sure you want to continue connecting (yes/no)?
We have lots of stuff happening at the Directory Experts Conference, March 3-5 in Chicago, where we are a Gold Sponsor for the fourth DEC in a row. On Tuesday, March 4, from 6:00-8:30 we're throwing a party for DEC attendees in the Marquette Room. If you are at DEC, drop by for some refreshing cocktails and lively conversation with our identity management experts. You'll also receive a free Centrify t-shirt! Here's a list of customers, partners and Centrify experts who are among the featured speakers.
In support of today's launch of Windows 2008, Centrify is pleased to announce that DirectControl is the first (and only!) identity and access management solution to receive Windows Server 2008 software certification. We will be showing off DirectControl and its support for Windows 2008 at a number of "Heroes Happen Here" Microsoft launch events in cities throughout the U.S.
As many of you know Centrify DirectControl provides a comprehensive solution for global policy enforcement by extending Windows Group Policy services to Linux, UNIX and Mac systems. I want to use this blog entry to describe in a bit more detail how Centrify DirectControl implements Group Policy in a heterogeneous environment.
Back in October of 2007 I blogged about the launch of the Kerberos Consortium and how Centrify was a "Founding Sponsor" of the Kerberos Consortium, joining fellow sponsors and supporters such as industry vendors Google, Sun and Apple in supporting this important initiative. Since then a number of universities and US government agencies (e.g. NASA and the DOD) have joined the Consortium, but probably the biggest news of late is that Microsoft has also signed up as a Founding Sponsor and joined the Consortium's Executive Board.
Looks like Centrify is officially on a roll. We are pleased to see that we just won the 2008 Global Excellence Award for Best Identity Management Software from Info Security Products Guide.
We recently updated our Samba package on our support site to reflect some of the updates coming from the Samba team, and I wanted to use this blog to discuss what we offer with respect to how DirectControl can better integrate Samba into Active Directory.
Having recently blogged on how Wyeth Research migrated from Sun ONE Directory Server as to using Active Directory and Centrify DirectControl as the underlying identity infrastructure for their UNIX and Linux servers (as well as naturally for their Windows infrastructure), I want to discuss in this blog post how one of our customers is integrating their large number of UNIX-based desktop systems with their Windows environment leveraging Centrify DirectControl.
Now that I've posted on some of our recent awards, let me go back to focusing on some recent customer case studies ala how I highlighted Wyse. The first one I'll focus on is Wyeth Research. We recently posted a case study on Wyeth that discusses their migration from a Sun ONE Directory Server for their Linux and UNIX systems to using Active Directory and Centrify DirectControl as the basis of UNIX authentication, and I want this blog post to highlight a few interesting points.
Wow, right on the heels of earning a spot on Linux Magazine's "Top 20 Companies to Watch," we are pleased to see that SearchEnterpriseLinux.com has just named DirectControl its Security Product of the Year. In selecting Centrify as the Gold winner, the editors noted, "Centrify Corp.'s DirectControl 4 makes it drop-dead simple to incorporate Linux, UNIX, Mac, Web and database platforms into a pre-existing Microsoft's Active Directory (AD) schema, enabling Linux administrators to eliminate redundant identity management systems and standardize on a single enterprise-wide identity management platform."
It was neat to see that Linux Magazine has published its annual list of "Top 20 Companies to Watch" and Centrify was on the list. We were the only security software company and the only one focusing on delivering Windows and Linux interoperability on the list. Centrify was touted for helping Linux, Windows, and Mac OS X "all just get along" and providing "the glue" to enable interoperability between these heterogeneous systems. The editors further recognized Centrify's DirectControl solution by noting "…anything that fosters interoperability is going to be a hot technology."
In my last blog post I described the benefits of reducing identity "silos" and moving toward a single directory for your heterogeneous infrastructure. In this blog post I will describe some of the technical and business reasons why organizations should consider leveraging Active Directory to be "the" central directory for UNIX-based systems and applications, as well as non-Microsoft applications running on Windows.
I was recently interviewed by Art Wittman, Editor at InformationWeek, and one of the questions he asked me was regarding the technical soundness of leveraging Active Directory as the basis for Linux identity management. That question motivated me to articulate in this two-part blog entry the various technical and business reasons why customers should deploy our DirectControl solution on non-Microsoft platforms to enable Active Directory to become the central identity and access management "hub" for cross-platform systems (e.g. Windows, UNIX, Linux and Mac) and applications (e.g. IIS, Apache, JBoss, WebLogic, DB2, SAP, etc.). But before I do, let me first articulate why reducing identity stores and moving toward a single directory is highly beneficiary.
Back in October I attended the Goldman Sachs' "Building Great Security Companies 3.0" conference, which covered trends impacting the future of information security. One of the highlights for me was Sarah Friar from Goldman Sachs discussing the results of the fifth installment of Goldman's security spending survey that was published in September 2007. Over the holidays I had the opportunity to catch up on some reading material, and I was able to finally review the 2007 survey in detail, and was curious what had changed from the 2006 security spending survey edition that I blogged about previously.