Centrify DirectControl's Standard-Based Architecture

Centrify's standards-based architecture extends your existing Active Directory infrastructure without disrupting existing systems. Instead of adding another spaghetti-like layer of provisioning and synchronization, we enable you to simplify and streamline your IT infrastructure by eliminating redundant systems.

Deploying Centrify DirectControl consists of installing the DirectControl Agent on each managed system and the DirectControl Management Tools. Optional modules snap seamlessly into the DirectControl Agent to provide additional services such as web single sign-on or Samba support. In addition, the DirectControl Software Development Kit provides APIs and tools that enable in-house and commercial identity management and provisioning solutions to manage the UNIX identity information that DirectControl stores within Active Directory.

The DirectControl Agent

The Centrify DirectControl Agent turns a UNIX, Linux or Mac system into an Active Directory client. The DirectControl Agent is natively compiled for each supported operating system. It runs as a single, trusted daemon, making the managed computer look and behave like a Windows computer to Active Directory. (Watch our Product Demo to see how quickly and easily you can install the DirectControl Agent and begin managing a UNIX, Linux or Mac computer through Active Directory.)

The DirectControl Agent provides these services on the managed computer:

• Enables you to join the UNIX, Linux or Mac computer to your Active Directory domain.
• Communicates with Active Directory to authenticate users logging on to that system, and caches credentials for offline access.
• Communicates with Active Directory to authenticate users logging on to Java and web applications running on that system, thus providing single sign-on for systems and applications.
• Manages a Kerberos environment (which we set up on the system during installation) so that existing Kerberos applications automatically work transparently with Active Directory.
• Enforces Active Directory authentication and password policies. Our Product Demo does a great job of demonstrating how easy it is to extend Active Directory password management to managed systems.
• Maintains and enforces the security and configuration settings that have been deployed to the system via Group Policy. See Group Policy for UNIX for a detailed explanation of Group Policy.
• Maintains time synchronization with Active Directory.

For a deeper technical explanation of the DirectControl Agent's architecture and functionality, read our free white paper.

DirectControl Management Tools

DirectControl provides IT staff with the management tools of their choice: Windows-based graphical interfaces, UNIX command-line tools, and a browser-based management tool. DirectControl's Zone-based access control model, combined with Active Directory's privilege-management features, deliver secure, delegated administration and separation of duties.

On Windows, the Centrify DirectControl property extensions for the Active Directory Users and Computers MMC enable you to manage access to UNIX, Linux and Mac systems from within the native Active Directory interface. UNIX properties are displayed within the Centrify Profile tabs as you use Active Directory Users and Computers to set user, group, or computer properties.

DirectControl adds the Centrify Profile tab to your Active Directory Users and Computers interface. Here you can see our patent-pending Zone technology in action. This single Active Directory user account has been configured with a different user ID, login name, home directory, and other settings for each of several Zones — logical groups of computers that share a consistent set of properties. See Unique Zone Technology for more details on the many benefits of Zone-based deployment and management.

We also felt strongly that customers wouldn't realize the full benefit of managing non-Windows systems efficiently unless we gave them an interface through which they could view their entire UNIX and Linux environment.

The DirectControl Administrator Console gives Active Directory administrators a view of their entire UNIX, Linux and Mac environment so they can configure user, group and computer properties. They can also work with Zones, run reports and import user accounts.

Through our DirectControl Administrator console you can perform all management tasks you normally could through Active Directory Computers and Users. You also use it to:

• Set up DirectControl Zones and assign users or groups access to those Zones.
• Run reports that show who has access to what systems.
• Configure and manage your DirectControl Agents.
• Do centralized migration of accounts and groups from NIS and /etc/passwd, etc. into Active Directory.

UNIX administrators in particular may not have easy access to Windows-based administrative tools. Roving administrators also need a way to quickly perform some management tasks from systems where they may be logged in. DirectControl is the only cross-platform integration solution to deliver a browser-based administrator console.

While the Web Administrator Console is modeled to look and feel the same as the Windows-based Administrator Console, it has been more narrowly focused to specifically enable authorized IT staff to perform such day-to-day activities as managing Active Directory user UNIX properties and basic Active Directory user, group and computer properties.

From any web browser, IT staff can now control access to systems they manage and administer basic user, group and computer properties.

DirectControl also provides a comprehensive set of UNIX command-line tools designed to enable administrators to manage Active Directory accounts and groups. These command-line tools have also been carefully crafted to support different output options so that they can be integrated with in-house automation or provisioning scripts.

Have additional questions? See the Frequently Asked Questions for more details.