Centrify DirectControl's Architecture

Centrify's standards-based architecture extends your existing Active Directory infrastructure without disrupting existing systems. Instead of adding another spaghetti-like layer of provisioning and synchronization, we enable you to simplify and streamline your IT infrastructure by consolidating existing identity stores into Active Directory, enabling authentication, access control, privilege management and policy enforcement to centrally managed.

Deploying the Centrify Suite consists of two steps:

• Installing the Centrify DirectManage tools and using Centrify Deployment Manager to discover network non-Windows systems in your environment
• Using Deployment Manager to install the Centrify DirectControl Agent on target systems and join them to Active Directory

As an alternative, Centrify also provides a comprehensive UNIX command-line interface that can be used to deploy the Centrify Agent both one at a time or as part of a scripted procedure.

Centrify DirectManage Tools

Centrify DirectManage provides a set of tools that centralize the discovery, management and user administration of UNIX, Linux and Mac systems through integration into Active Directory-based tools and processes. It includes tools that supplement your existing standard Windows interfaces, such as an Active Directory Users and Computers MMC plug-in that enables you to manage the UNIX profile data stored in Active Directory. It also include tools such as the Centrify Administrator console, which can use to:

• Set up and manage Centrify Zones.
• Do centralized migration of accounts and groups from LDAP databases, NIS, /etc/passwd and other identity stores into Active Directory.
• Run reports that show who has access to what systems.

A key component is the DirectManage Deployment Manager, which automates deployment by discovering non-Windows systems, downloading the correct Centrify Suite components, installing them, and joining the system to Active Directory.

• Learn More About DirectManage and Deployment Manager

The DirectControl Agent

The Centrify DirectControl Agent turns a UNIX, Linux or Mac system into an Active Directory client. The DirectControl Agent is natively compiled for each supported operating system. It runs as a single, trusted daemon, making the managed computer look and behave like a Windows computer to Active Directory. (Watch our Product Demo to see how quickly and easily you can install the DirectControl Agent and begin managing a UNIX, Linux or Mac computer through Active Directory.)

The DirectControl Agent provides these services on the managed computer:

• Enables you to join the UNIX, Linux or Mac computer to your Active Directory domain.
• Communicates with Active Directory to authenticate users logging on to that system, and caches credentials for offline access.
• Communicates with Active Directory to authenticate users logging on to Java and web applications running on that system, thus providing single sign-on for systems and applications.
• Manages a Kerberos environment (which we set up on the system during installation) so that existing Kerberos applications automatically work transparently with Active Directory.
• Enforces Active Directory authentication and password policies. Our Product Demo does a great job of demonstrating how easy it is to extend Active Directory password management to managed systems.
• Maintains and enforces the security and configuration settings that have been deployed to the system via Group Policy. See Group Policy for UNIX for a detailed explanation of Group Policy.
• Maintains time synchronization with Active Directory.

For a deeper technical explanation of the DirectControl Agent's architecture and functionality, read our free white paper.

UNIX Command-Line Interface

Centrify also provides a comprehensive set of UNIX command-line tools designed to enable administrators to manage Active Directory accounts and groups. These command-line tools have also been carefully crafted to support different output options so that they can be integrated with in-house automation or provisioning scripts.