Centrify DirectControl's Features and Benefits

Centrify DirectControl's core feature is its ability to enable UNIX, Linux and Mac OS servers and workstations to participate in an Active Directory domain. The Centrify DirectControl Agent effectively turns the host system into an Active Directory client, enabling you to secure that system using the same authentication, access control and Group Policy services currently deployed for your Windows systems. Additional seamlessly integrated modules snap into the DirectControl Agent to provide services such as single sign-on to web applications, databases and ERP applications. The DirectControl Management Tools include extensions to standard Microsoft management tools, an administration console, out-of-the-box reporting, and an account migration wizard.

With the Centrify DirectControl suite, organizations with diverse IT environments can leverage their investment in Active Directory to:

Move to a Central Directory with a Single Point of Administration for User Accounts and Security Policy

By consolidating user accounts in Active Directory, organizations can improve IT efficiency and move toward a more secure, connected infrastructure for their heterogeneous environment. Using DirectControl enables them to:

• Strengthen security by consolidating user accounts into Active Directory: one user, one account. Administrators and end-users have a single sign-on account to servers and workstations, with role-based access control centrally managed through Active Directory. This eliminates security risks posed by orphan accounts because IT managers can immediately and globally turn off the accounts of departing employees. And they can use Active Directory tools to identify dormant accounts.
• Reduce infrastructure costs by eliminating redundant identity stores, including legacy directories, unsecured NIS servers, dedicated application databases and locally managed /etc/passwd files. There is also no need to license expensive third-party synchronization products or to try building and maintaining in-house solutions.
• Streamline operations by standardizing on a single set of Active Directory-based tools, training and processes for provisioning, account maintenance and other administrative tasks.
• Establish consistent security and configuration policies across their heterogeneous environment. They can adopt a consistent, enterprise-wide standard for passwords by enforcing Active Directory's rules for password complexity and expiration for all users regardless of where they log in. And they can centrally enforce security and configuration policies across UNIX, Linux and Mac systems using DirectControl's integrated Group Policy feature, which provides more out-of-the-box policies, including user policies, than any other solution.
• Improve productivity and satisfaction for end-users, who now have only one password to remember. The result is that fewer Help Desk resources are needed to support unnecessary password resets and account updates.

Use DirectControl Zones to Provide Secure, Granular Access Control and Delegated Administration

Only DirectControl, with its patent-pending Zone technology, delivers the granular access control that real-world enterprises need to securely manage their heterogeneous environments. With DirectControl, IT managers can:

• Segregate logical groupings of mixed UNIX, Linux or Mac systems into DirectControl Zones within Active Directory. Any number of systems can be organized by department, geography, function, or system type — whatever makes sense for a particular organization.
• Use Active Directory's role-based access model to authorize users and groups to log in only to systems in the Zones for which they are authorized.
• Grant system administrators privileges just on the Zones they need to manage without elevating their privileges for other systems or Zones.
• Enforce consistent security and configuration policies that are specific to the computers within a Zone.

Extend Single Sign-on to Web applications, Databases and ERP Applications

Centrify delivers Active Directory-based single sign-on for both intranet and extranet web applications, databases, and ERP applications at a fraction of the cost of older point solutions. Features and benefits include:

• End-users can now silently authenticate to the heterogeneous systems, applications and databases they are allowed to access without being challenged to re-type a user name or password.
• IT administrators and help desk personnel can now use a single administrative tool — Microsoft Active Directory — to define consistent security policies for and to control access to a mix of different vendors' databases, heterogeneous operating systems, and web-based applications within their organization.
• DirectControl leverages an organization's Active Directory infrastructure, accounts and groups for seamless integration into existing management processes. No additional servers or software are required.
• DirectControl supports web applications running not only on popular UNIX and Linux platforms but on Windows as well.

Simplify Compliance with Regulatory Requirements

DirectControl greatly simplifies the administrative, reporting and auditing tasks brought on by Sarbanes-Oxley, PCI, HIPPA and other government and industry regulations. The combination of Active Directory and DirectControl provides the following benefits:

• IT managers now have, in Active Directory, a single point of administration from which to reliably manage user accounts, set access controls, and enforce security policies across their heterogeneous enterprise.
• DirectControl's unique Zone-based access controls enable IT managers to limit administrative rights and end-user access to sensitive systems on a "need to know" basis. The DirectControl Administrator Console provides a visual interface that enables IT managers to easily view and change Zone-based access controls.
• Auditing requirements can be addressed by running the numerous out-of-the box reports that can prove to auditors, on-demand, what systems any specific user can access, and which users can access any specific system.
• By extending Active Directory's password requirements and Group Policy features to UNIX, Linux and Mac, DirectControl enables IT managers to enforce consistent, enterprise-wide security policies in a manner that can be verified by auditors.
• DirectControl ensures activity on UNIX, Linux and Mac systems is written to the proper Active Directory logs, providing an audit trail for system access.

Deploy Quickly Without Intrusive Changes to Existing Infrastructure

DirectControl's support for open standards and its unified architecture make it far easier to deploy than any other Active Directory-based solution. Certified for Windows 2003 Server, DirectControl offers IT managers the following benefits:

• DirectControl does not install any software on domain controllers, nor does it require any changes to the Active Directory schema to store UNIX identity data. DirectControl supports RFC 2307 via the Active Directory schema that Microsoft introduced with Windows Server 2003 R2.
• DirectControl can map multiple UNIX identities to a given Active Directory account without introducing any proprietary Active Directory schema modifications. IT managers can access this UNIX data in Active Directory using straight-forward ADSI and LDAP searches.
• DirectControl's unified architecture delivers identity management, access control and policy enforcement through an all-in-one Agent, making it the easiest Active Directory-based solution to deploy and manage. Additional modules for features such as web SSO or Samba integration also snap in seamlessly to the base Agent.
• Centrify accelerates an organization's productivity by delivering the industry's broadest set of free downloads of Open Source tools such as OpenSSH and PuTTY, which have been enhanced to work seamlessly with Active Directory via DirectControl.