DirectControl for Databases Postings
Hardening VMware vSphere Security and the ESX v4 Console Operating System with Centrify
Recently VMware published its official release of the vSphere 4.0 Security Hardening Guide. I was pleased to see that Centrify was the only third-party identity management vendor called out by VMware to "provide tighter integration with Active Directory" when it recommends to use a directory service product for authentication for the ESX Service Console. While Centrify was called out vis a vis the security requirements around Console OS password policies, in looking at the hardening guide it became readily apparent that the Centrify Suite can address a wide range of vSphere hardening requirements for enterprises, and this blog post gives an example of some of the additional value add Centrify can provide.
Comparing the NSS/PAM Implementations of Samba Winbind and Centrify for Active Directory Integration
Many of our customers want DirectControl to seamlessly integrate with Samba - the de facto industry standard CIFS File Server for Linux and UNIX - so I have blogged a few times about what we offer in terms of Samba interoperability as well as on the technical and architectural details around our Samba integration. But because there is a bit of overlapping capability with what Samba offers and what DirectControl offers, we occasionally get questions on how we compare to what Samba offers, so in this blog post I am going to drill down a bit into two areas of overlapping functionality with DirectControl and Samba's windbind capability.
PCI Compliance for UNIX and Linux Servers
With the release of DirectSecure earlier this year and the release of DirectAuthorize last year we have broadened our PCI footprint to address additional PCI requirements, so I want to use this blog post to talk about some of the added requirement we now address.
Introducing Centrify Suite 2010: An Active Directory Bridge to Privileged Identity Management
Five years and one week ago Centrify entered the market with the announcement of DirectControl version 1.0. Today, we are pleased to announce the release of Centrify Suite 2010. In five years we have gone from 1 product to 5 products, from a few beta sites to over 1500 customers including some of the largest enterprises in the world, and from a classic Silicon Valley startup to a mature, profitable software company with staff throughout the world. In this blog post let me talk about some of the new products and new features that make up Centrify Suite 2010.
As many of my blog readers may recall, for the last year or so I have been banging on the "superuser privilege management" drum which is all about "trusting, but verifying" what privileged users (e.g. systems administrators, DBAs, etc.) and their accounts (e.g. root) can do and auditing actions taken by those privileged/superusers. It was with a great deal of interest that I read in Network World that a financial services firm had to notify 1.2 million customers of a data breach - not because they found an actual breach of data, but because six usernames and passwords have been shared by administrators over the last 10 ten years.
Centrify Delivers First McAfee Compatible Solution for the Mac Platform
On Monday we announced that a special McAfee-certified package of Centrify DirectControl for Mac OS X is now available for use with McAfee's ePolicy Orchestrator.
Centrify Delivers CIFS File Server for Cross-Platform File Sharing
Centrify has released on our customer support site our latest CIFS Server for file sharing among UNIX and Linux systems and Windows. Based on the industry standard Samba file-and-print server, this release of our Centrify-enabled Samba represents a significant upgrade from our previous package, including the fact it has been upgraded to the latest stable release of Samba (version 3.3.9)
Enabling Active Directory Integration with VMware vSphere
Today we announced deep Active Directory integration with VMware vSphere, VMware's cloud operating system, making us the first ISV of its kind to support this platform.
Comparing DirectControl to the Apple Active Directory ("AD") Plug-In
I recently saw an article on options for integrating Macs in a Windows environment. The article noted that "Apple has offered an Active Directory plug-in ever since Mac OS X 10.3" but pointed out a key area that the Apple AD plug-in doesn't provide, namely Group Policy. I want to use this blog post to talk about the differences between our solutions and why some customers choose Centrify DirectControl over "what comes in the box."
VMware Virtual Security and Compliance
In this blog post I want to drill down in detail on some of the value we provide in terms of delivering identity and access management to VMware environments. I am going to first review what are some of the identity management challenges in VMware environments, discuss what VMware provides out-of-the-box in terms of Active Directory integration and its limitations, and discuss what Centrify uniquely offers.
Today we announced extensive support for heterogeneous, virtualized data centers with the general availability of the Centrify Suite 2008 update 3. With this release we help our customers securely and efficiently transition from a traditional, physical infrastructure to a dynamic, virtualized computing environment.
Centrify Suite 2008 Updated to Support Over 190+ Flavors of UNIX, Linux and Mac
Tomorrow we are announcing the release of Centrify Suite 2008 Update 3. The major news with this release has to do with what we are doing in securing heterogeneous virtual platforms. I will blog on our "virtual security" support tomorrow, but in today's blog want to focus on the other capabilities we added to this release, including the fact that we added support for an additional 40 flavors of UNIX/Linux/Mac, bringing the total count of platforms support to over 190 - well more than anyone else in the industry.
Identity Management 2.0 aka "IAM - The Next Generation"
Mark Diodati of the Burton Group recently published his thoughts on "Identity Management 2.0," discussing how the legacy world of identity management "suites" is calcified from an innovation perspective and how newer technologies such as Active Directory Bridge products and privileged account management solutions are taking off and offer quicker ways to ensure security and meet compliance needs. In this blog post I will offer some of my color commentary on Mark's superlative article and where the identity and access management market needs to head.
Interop Road Show Simulcast - May 6th
As you may recall from a prior blog post on this topic, Centrify DirectControl is being demo'ed in Microsoft's "Integrate Your IT Environment" Windows/UNIX/Linux interoperability road show being hosted at Microsoft offices in 15 cities throughout the United States (Centrify is also an event partner as well). As reported this weekend on Keith Combs' blahg, the event on May 6th is being simulcast live from Downers Grove, IL and you can virtually attend the event by visiting http://tinyurl.com/interop-webinar (the same URL lets you also view the replay of the session that will be available a few days later).
Integrating Your MIT Kerberos Realm with Active Directory
We have had a number of customers recently ask us how we could help them integrate their MIT Kerberos realm users with Active Directory. Given that one of the recent features we added in DirectControl v4.2 (shipped in December 2008) was in fact to support this capability, I thought it would be interesting to further elaborate on this feature in a blog post. Mike Patnode, our VP of Technology, was kind enough to write today's blog post, so take it away Mike!
Centrify Joins Microsoft in Evangelizing Windows-Linux Interoperability
Centrify is pleased to be an event partner in the Microsoft TechNet Event "Integrate Your IT Environment" being hosted at Microsoft offices in 15 cities throughout the United States. Microsoft and Centrify will demonstrate how Centrify's DirectControl software solution can extend Microsoft Active Directory to seamlessly manage and secure UNIX, Linux, and Mac platforms and non-Microsoft applications.
Centrify is pleased to offer insightful industry commentary with the respected analyst firm the Burton Group in the form of a podcast. Burton Group analyst Mark Diodati (the same person who wrote the "Active Directory Bridge" report that I previously blogged about) interviews our own David McNeely on several topics related to the appropriateness of leveraging Active Directory for cross-platform identity management. There is a particularly good exchange about Active Directory's group- and role-based management features, and how Centrify has leveraged those in DirectAuthorize for UNIX/Linux root access control.
Attaining FISMA Compliance for UNIX and Linux Systems by Leveraging Microsoft Active Directory
This week we are hosting a webinar on how Centrify's solutions provide a powerful, cost-effective, standards-based way to address the four key identity and access management provisions of the Federal Information Security Management Act (FISMA) in distributed, cross-platform environments. Federal customers should register for the webinar and in doing so will get a fairly comprehensive whitepaper on the topic. In this blog post I am going to talk about FISMA and give you an idea on how we can help federal agencies comply with it.
DirectControl and NFSv4 Security via Kerberos
Our partner NetApp in a recent blog post gave a shout-out to Centrify and how we can help secure NFSv4, so I thought I would return the favor and give our take on how a customer can leverage DirectControl's Active Directory integration and Kerberos support to implement NFSv4 with Kerberos authentication.
New Updates to our Web Application Support
I have been blogging a bunch lately on our Mac support and on the topic of UNIX privilege user management (aka superuser privilege management) that I have probably been remiss in giving updates on our web application support. We have been busy in this area as well. So here is a quick blog post on a recent update to our web SSO solution that provides authentication and security using Active Directory for Apache and J2EE application servers.
Top Mac Interop Challenge? Survey says ... Active Directory Integration
The Enterprise Desktop Alliance - which Centrify co-founded - just published a comprehensive survey of Mac usage within large organizations. Besides finding that 74% of IT organizations surveyed plan to add more Macs this year, it determined that the top interoperability challenge with Macs is ... integration with Active Directory.
CAC for Mac: Integrating DOD Common Access Cards (CAC) with Apple Macintosh
Centrify just released DirectControl 4.2.0 for OS X that enhances our Mac smartcard support as well as the release of two new informative "Video Chalktalks" on our smartcard support: Introducing Active Directory Integration with Mac Smartcards and Architecture and Authentication Flow for Smartcard login to Active Directory. This new release and the 2 Video Chalktalks are definitely a must have and view for Federal customers looking secure integration of their Department of Defense (DOD) Common Access Cards (CAC) with their Apple Macintosh computers running OS X 10.5 and above.
Securing Generic and Application Accounts on UNIX
How do you manage from a security perspective the generic and application accounts such as "oracle" that are created on your critical UNIX systems? For this blog post I turned to the expertise of Ken Montagna, one of our Consultants in our Professional Services organization.
Fannie Mae Incident Reveals Need to Manage and Monitor UNIX Root Access
Even though most of us in the IT industry know about the threat of insider attacks, it was still shocking to read the recent headlines that a former UNIX engineer at mortgage giant Fannie Mae was charged in federal court with planting a logic bomb that would have effectively shut down all 4,000 servers at Fannie. I am going to use this blog post to give some details from the affidavit regarding what happened at Fannie Mae and discuss how Centrify's products can help enterprises avoid something like this happening to them.
Burton Group on Active Directory Bridge Products
I was pleased to see that Burton Group recently published a fairly comprehensive report on the market for extending Active Directory across cross-platform systems and applications as a means to address regulatory compliance, improve security, reduce costs and improve operational efficiency. I think the key takeaways from my perspective is that a respected analyst firm has validated our AD-centric approach as mainstream and that Centrify is a "right vendor" to choose in this category.
It was definitely a busy holiday season here for the Centrify team with a number of major milestones reached. The first milestone reached was more company-oriented in that the December quarter represented our best ever fiscal quarter from a revenue and bookings perspective, and for the calendar year we showed significant revenue and bookings growth - in the face of a recession that started at the beginning of the year - when comparing CY 2008 to CY 2007. In addition our customer count now exceeds 750+ customers, another significant milestone. The final milestone reached was more product-oriented in that we shipped Centrify Suite 2008 on the last day of 2008. I am going to use this blog post to describe some of the new capabilities we added in the Centrify Suite 2008.
Superuser Privilege Management
Clearly, a key value proposition of Centrify DirectControl is the ability to leverage Active Directory as the central identity hub/store to administer users and their access, as well as centrally control authentication. This centralization then enables single sign-on for users to non-Microsoft systems and applications.
Strong Authentication for the Mac
In this blog post I am going to drill down in more detail on why customers (especially in the Federal government) should leverage strong authentication for the Mac and how our solution works in this regard.
How DirectAuthorize Leverages Active Directory to Enable Privilege Account Management on UNIX/Linux
This is a third in a series of blog posts on our hot new product DirectAuthorize. In this post I will drill down on the architecture of DirectAuthorize and describe some of its unique architectural features including how it uniquely leverages Active Directory.
How DirectAuthorize Addresses Root and Shared Account Management in UNIX/Linux Environments
In this post I want to drill down in more detail on the customer challenges that DirectAuthorize addresses, specifically in the areas of improving security and addressing audit and compliance requirements.
Introducing DirectAuthorize and the Centrify Suite
Centrify is pleased to announce a brand new product called DirectAuthorize, a software solution that centrally manages and enforces role-based entitlements for UNIX and Linux systems, and we are also introducing the Centrify Suite, which is a comprehensive solution for cross-platform identity and access management.
SAP Certifies DirectControl for SAP on UNIX and Linux
I am happy to report that as of last week, after working with SAP Waldorf and the SAP Integration and Certification Center (ICC), we have officially certified the integration of Centrify DirectControl for SAP on UNIX 4.1 with SAP Netweaver via BC-SNC 4.0.
I found it interesting to read that one analyst is predicting that Apple will ship 3 million Macs this quarter, which would put Apple on a glide path to grow global PC market share from to 4.2% in 2009 from 2.9% in 2007.
Centrify to Host Three-Part Webinar Series on Identity Management Featuring Gartner Group
As part of our continuing education series on leveraging Microsoft Active Directory for cross-platform Identity and Access Management to enable strengthened IT security and regulatory compliance, Centrify is pleased to announce a three part webinar series featuring Gartner Group analyst Perry Carpenter. Click here to learn more and register.
DirectControl Wins Best Interoperability Award for Windows/Linux Integration
I was pleased to notice in the recent issue of WindowsITPro Magazine that hit my desk that Centrify DirectControl won Editors' Best pick (i.e. the "Gold Medal") for Best Interoperability solution.
Centrify is pleased to announce that Société Générale Corporate & Investment Banking (SG CIB) - after a rigorous and comprehensive selection process of identity and access management solutions - has selected our DirectControl solution for a pilot deployment to optimize the efficiency and manageability of its UNIX - and Linux-based computing systems.
Auditing UNIX and Linux Systems
I wanted to use this blog post to discuss the ways our DirectControl and DirectAudit solutions can be used to audit your UNIX and Linux environment. Many vendors bandy about that they do auditing, but many just simply interpret and/or write to log files regarding successful and unsuccessful logon attempts. What they don't do is deal with what today's auditors and security professionals must increasingly address which is auditing user-level activity. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires that organizations audit "all actions taken by any individual with root or administrative privileges"- not just their logon attempts. Fortunately Centrify can help with the both high-level and more detail levels of auditing required to meet organization's compliance requirements.
Enabling SAP Single Sign-On (SSO) Leveraging Active Directory
Having recently written about how DirectControl can integrate non-Microsoft web servers into Active Directory, I want to provide some insight into our efforts in extending Active Directory-based single sign2on to SAP ERP applications running on UNIX and Linux systems. This blog post on our SAP SSO solution is a complement to our upcoming webinar on SAP SSO using Active Directory (which I urge you to register for :-) ) and other resources such as our white paper on SAP SSO.
Thoughts on Some of the Key Security Challenges Involving Web Single Sign-on (SSO)
Most of our customers are familiar with DirectControl's core ability to seamlessly integrate non-Microsoft operating system platforms such as UNIX, Linux and Mac into an Active Directory environment. But over the years we have also heavily investing in building on top of DirectControl's OS-level capabilities some really solid technology that enables Active Directory-based single sign-on to custom web and java application servers running on a UNIX, Linux or Windows systems.
NIS-Migration.com Is Now Live; New Resource Site for Replacing NIS
As part of our continued efforts to make UNIX and Linux systems more secure by getting customers to replace their old and insecure Network Information Service (NIS) directory service deployment(s) and onto a modern and more secure LDAP and Kerberos infrastructure, Centrify is pleased to announced it has created a NIS replacement and migration resource site: NIS-Migration.com.
Additional Resources on Migrating from NIS/NIS+ to LDAP
On April 23rd for North America and on April 24th for Europe we are hosting a free Network Information Service (NIS) Migration webinar that explains how Centrify DirectControl can enable you to leverage your existing Active Directory-based LDAP and Kerberos infrastructure to replace NIS with a solution that meets regulatory requirements and streamlines your IT infrastructure and operations in the process.
Centrify Broadens UNIX Authentication and Access Control with DirectControl 4.1
Today we announced DirectControl 4.1. While a relatively minor release, it adds over 20 additional operating systems to our industry-leading list of non-Microsoft platforms (now over 135 platforms), Windows 2008 support, new web application support and also adds misc. support tools and utilities. It will be released by the end of April.
Java and J2EE Integration with Active Directory
Recently we have seen a lot interest in our Java and J2EE integration capabilities with Active Directory. I wanted to use this blog entry to give some thoughts on why we do it and how we do it.
Group Policy for UNIX, Linux and the Mac
As many of you know Centrify DirectControl provides a comprehensive solution for global policy enforcement by extending Windows Group Policy services to Linux, UNIX and Mac systems. I want to use this blog entry to describe in a bit more detail how Centrify DirectControl implements Group Policy in a heterogeneous environment.
Back in October of 2007 I blogged about the launch of the Kerberos Consortium and how Centrify was a "Founding Sponsor" of the Kerberos Consortium, joining fellow sponsors and supporters such as industry vendors Google, Sun and Apple in supporting this important initiative. Since then a number of universities and US government agencies (e.g. NASA and the DOD) have joined the Consortium, but probably the biggest news of late is that Microsoft has also signed up as a Founding Sponsor and joined the Consortium's Executive Board.
Centrify Wins Best Identity Management Software Award
Looks like Centrify is officially on a roll. We are pleased to see that we just won the 2008 Global Excellence Award for Best Identity Management Software from Info Security Products Guide.
More Examples of Customers Leveraging Active Directory for Linux and UNIX Authentication
In this blog post I want to feature a few more of our enterprise customers who have graciously agreed to publicly share some of their experiences with Centrify DirectControl. The first Centrify customer I want to highlight is Wyse Technology. Wyse is riding the virtualization wave big-time and is a leader in thin computing, so it is not a surprise that Wyse is internally a big VMware shop. Faan DeSwardt is Wyse's Director of Enterprise Architecture, and Faan was kind enough to drive up from Wyse's headquarters in San Jose to San Francisco to be interviewed with me by InformationWeek on their experiences with DirectControl.
What's New in DirectControl 4, Part 2: Enhanced Cross-Platform Group Policy and Compliance Reporting
This is the second of a few blog posts on some of the highlights of DirectControl 4, which we shipped last week. In this post, I am going to highlight some of the enhancements we have made in the areas of Group Policy for UNIX, Linux and Mac, as well as improvements we have made to our DirectControl Report Center that delivers important compliance reporting capabilities.
What's New in DirectControl 4, Part 1: Interface of Your Choice
On Nov. 6, Centrify shipped DirectControl 4, a major update to our flagship solution that delivers secure access control and centralized identity management by seamlessly integrating your UNIX, Linux, Mac, web and database platforms with Microsoft Active Directory.
Today we announced some results from our second full fiscal year of selling products on the market. We run a July 1 to June 30 fiscal year, so our crack accounting team is now done counting the numbers for our last fiscal year. Suffice to say we are very pleased with the results, having basically exceeded our expectations across the board. Some of the highlights from the last 12 months include...
Bringing IBM DB2 under the Active Directory Umbrella
As you know, Centrify DirectControl provides secure access control and centralized identity management by seamlessly integrating UNIX, Linux, and Macintosh OS X computers, and J2EE and web platforms, with Microsoft Active Directory. Just recently Centrify shipped our DirectControl DB2 Agent, which extends this capability to IBM DB2, allowing users to access DB2 databases using their Active Directory user identity. Hence, you gain the benefits of centralized authentication and access control with a well established, secure solution.
The Centrify Vision (as of March 2007)
It has been quite gratifying to hear the positive responses we get from customers regarding our current product offerings, and sometimes this will lead to the question of "What's next from Centrify?" or "Where are you going with your products?" So I thought I would spend some time painting a high-level picture of our vision that can help answer those questions. Obviously I am going to hold myself back a good deal because this is a public forum and I don't want to tip our hat too much, but suffice to say we have a lot of great stuff coming down the pike, including some really cool new innovative products. In this blog post I will mention one such new innovative product that is now in beta called DirectAudit, which will ship in May. Given that we won't publicly announce DirectAudit until mid-March I will not publish this blog entry that I am now writing in February until we announce it.
By integrating non-Microsoft systems with Active Directory, Centrify helps organizations comply more confidently with government regulations such as Sarbanes-Oxley, because enterprise security policies can be enforced across all of their distributed systems equally.
Michael Dortch
Principal Business Analyst
Robert Frances Group