Why Customers Choose Centrify DirectControl

Our Features and Benefits page provides a comprehensive overview of what the DirectControl suite does and the benefits you gain from it. In working closely through the years with our customers, who represent some of the largest and most diverse IT shops in the world, we've come to appreciate the essential features that customers need the most. We'd like to highlight for you the five distinguishing DirectControl features that, time and again, have convinced customers to choose and deploy DirectControl.

Click to learn how DirectControl is:

More Cost-Effective

Centrify DirectControl seamlessly and easily integrates non-Microsoft systems and applications with your existing Active Directory infrastructure, delivering significant cost savings over older, more complex solutions

Identity management is among the top security challenges facing IT departments today. Corporate officers are requiring IT personnel to closely manage, control and audit who has access to what key systems and applications — not only to make their IT environment more secure but also to address compliance requirements. End users also want this problem addressed because they are tired of dealing with multiple usernames and passwords. But the reality is that today's IT environment consists of a diverse set of applications running on a plethora of Windows, UNIX, Linux and Mac systems, with access controlled through multiple, non-integrated identity stores. Existing identity management products try to address this challenge by synchronizing data across identity stores. These highly complex and proprietary products are costly to deploy and often require painful changes to an existing IT infrastructure.

Centrify's vision and approach are different. Our DirectControl solution integrates heterogeneous systems and applications into a secure, connected computing environment with Microsoft Active Directory at its center. Active Directory is a standards-based, enterprise-class directory that most companies already own. Odds are your organization has already invested substantially in deploying Active Directory to provide all users with email and other basic services. Centrify enables you to leverage that investment in Active Directory to manage more of your enterprise and remove silos of identity, thereby making identity management not only simpler but more cost effective.

More Secure

Centrify's unique Zone-based access control is a "must have," delivering granular access control and centralized administration and reporting

Centralizing user account management in Active Directory eliminates common security exposures, such as the existence of orphan accounts and the proliferation of usernames and passwords that your end users need to remember. But you still need to bring the systems into Active Directory in a way that preserves existing security boundaries: you can't have users that should only have access to engineering systems logging into your HR systems. Centrify's patent-pending Zone technology leverages the power of Active Directory's access control mechanisms to provide even more granular access control within your mixed environment. Any logical collection of mixed UNIX, Linux or Mac systems can be segregated within Active Directory as a Centrify Zone. Each Zone can have a unique set of users, a unique set of administrators, and a unique set of security policies. For most customers, the Centrify Zones capability for advanced access control is the "must have" feature that enables them to meet SOX and other security requirements.

The beauty of the Centrify Zones technology is that this granular access control is managed centrally within Active Directory, not locally at each and every system. In addition, with the DirectControl Administrator Console you also have a visual interface that enables you to easily view and change these Zone-based access controls. Other products don't offer this ability to easily see who actually has access to what systems and applications within your environment; you need yet another tool to manage permissions, and auditing and reporting are clumsy data aggregation exercises. With DirectControl, you can address your audit requirements by running the numerous out-of-the box reports that can prove to auditors, on-demand, what systems any specific user can access, and which users can access any specific system.

Easier to Deploy and Manage

DirectControl's integrated architecture is easy to deploy and does not force you to "manage the management system"

DirectControl delivers a single, all-in-one Agent — designed for and delivered as a native executable for each platform — that in effect turns a UNIX, Linux or Mac server or workstation into a full Active Directory client. This single Agent handles all Active Directory interaction — authentication, access control and Group Policy — for both operating systems and popular web-based applications. The result: a unified installation, licensing and configuration scheme that makes DirectControl by far the easiest to deploy and manage. DirectControl's robust Administrator Console provides centralized management capabilities over our distributed deployment. And a rich set of command-line interfaces and APIs enable automation via scripts or, if needed, management at the local system level.

Other vendors offer a stack of CDs — that is, a collection of acquired point products for authentication, Group Policy, and application support, each with its own architecture, installation procedure and licensing mechanism. Many of these solutions don't even offer a basic centralized management console. You play the role of system integrator, and the time you thought would be freed up to manage your enterprise is instead eaten away managing your management software.

Non-intrusive

DirectControl works out of the box with existing systems and applications without forcing you to make intrusive changes

A key design goal for DirectControl is to snap seamlessly into your IT environment without forcing you to make changes to the underlying infrastructure. For example, unlike many other solutions that integrate with Active Directory, DirectControl does not install any software on domain controllers, nor does it require any changes to the Active Directory schema to store UNIX identity data.

With the release of Windows Server 2003 R2, Microsoft for the first time provided a "built in the box" schema for UNIX identity data that is compliant with RFC 2307. DirectControl's support for R2 includes the ability to store UNIX identity data using this R2 schema, and it can do so while providing the ability to map multiple UNIX IDs to a given Active Directory account and without any additional schema modifications. If you have not yet deployed R2, DirectControl gives you a choice: store UNIX identity data in Active Directory using the Services for UNIX schema extension, or store the data in standard attributes within Active Directory using the container that Microsoft provides precisely for third-party extensions. Whichever option you choose, and irrespective if you have deployed R2 or not, the UNIX account data that Centrify stores within Active Directory is easily accessible using off-the-shelf, industry-standard tools such as ADSI and LDAP. For example, because DirectControl stores data using non-proprietary conventional LDAP data representations, you can use simple and conventional LDAP searches to access the UNIX data that DirectControl stores in Active Directory. Bottom line: Centrify gives you the freedom to store and easily access UNIX data in a way that best meets your needs while supporting industry standards such as RFC 2307, ADSI and LDAP, and without requiring proprietary changes to Active Directory itself. And DirectControl does this while delivering the only solution that is also certified for Windows Server 2003.

On the UNIX side, other solutions also force you to make intrusive changes to your environment, such as undergoing a painful pre-deployment project to re-assign all users a single ID. In contrast, Centrify's Zone technology makes account migration quick and painless by enabling you to associate an Active Directory account with the multiple identities that a single user may have — without schema extensions. Some customers view this as a long-term solution; others see it as an interim step that gives them time to conduct an orderly migration to a one-person-one-ID policy which Centrify also fully supports. You choose; we support either scenario.

The leader in systems and application support

DirectControl offers the broadest range of operating system, application, and third-party support

DirectControl provides a single solution for more than 130 operating system versions, including not only Solaris, Red Hat, AIX, HP-UX (including Trusted Mode) and SUSE, but also Mac OS, VMware and Debian. This includes support for an extensive array of both 32- and 64-bit systems. DirectControl also supports the most popular J2EE and web application servers: Apache, JBoss/Tomcat, WebLogic and WebSphere. DirectControl is also unique in providing robust integrated support for the Open Source Samba file server.

In addition, to simplify deployment and accelerate your productivity, the Centrify Resource Center delivers the industry's broadest set of free downloads of Open Source tools such as OpenSSH and PuTTY that have been enhanced to work seamlessly with Active Directory via DirectControl. The Resource Center also provides documentation that helps you quickly configure commercial products such as AttachmateWRQ Reflections to work with DirectControl.

The bottom line is that no other vendor matches this lineup of operating system, application and third-party support.