Centrify DirectControl for VMware ESX Server

Using Centrify DirectControl, IT departments can strengthen security and streamline operations by establishing a single point of administration—Active Directory—from which to securely configure ESX Server systems, control access to those systems, and provision and manage administrative and end-user accounts.

• Administrative accounts can be provisioned and managed through Active Directory.
• Administrators and end-users gain single sign-on to ESX Server virtual machines through their Active Directory account.
• ESX Servers can be grouped to ensure granular control over both ESX Server systems and the administrators and end-users who need access to them.

Centrify DirectControl for VMware ESX Server is part of a comprehensive suite of products that enable a secure, connected computing environment by seamlessly integrating your Unix, Linux, Mac, Java and web platforms with Microsoft Active Directory’s identity, access and policy management services.

How DirectControl Adds Value to VMware ESX Server Deployments

VMware ESX Server is a popular solution for running multiple virtual operating systems on a single Intel-based server platform. IT departments have embraced it as a means of controlling hardware and associated maintenance costs, and of efficiently managing the configuration and deployment of new systems.

However, deploying and managing ESX Server presents IT departments with several challenges. Setting up an ESX Server requires manual configuration that can “break” when changes are made to Active Directory domain controllers. And setting up and maintaining both administrative and end-user accounts frequently requires manually updating configuration files on a server-by-server basis.

Centrify DirectControl substantially improves the way administrators use and manage their ESX Server systems in the following ways.

Centralized, Active Directory-Based Authentication and Authorization.  Administrators logging into the ESX Server itself and end-users logging into the virtual machines are securely authenticated using their Active Directory credentials, eliminating manual, system-by-system setup.

Granular Access Control and Delegated Administration.  DirectControl’s unique Zone technology enables you to create access control groups of ESX Servers to streamline management and securely segment systems along geographic, departmental or functional lines. Administrative rights can be delegated for each Zone to ensure administrators can access just the systems they need to manage. Virtual machines can also be managed in Zones – useful when user groups need to be isolated and managed separately from an authentication and authorization perspective.

Centralized, Consistent Policy Enforcement.  DirectControl extends Active Directory Group Policy to ESX Server systems, giving administrators an efficient way to control access and configure session behavior on ESX Servers.

Native Active Directory Integration.  DirectControl configures ESX Server so it can communicate with Active Directory just as Windows systems do, enabling failover when domain controllers move or go offline. Caching of credentials also enables offline access both for administrators and end-users.

Secure Management of Root Accounts.  You can map the root user account for every computer to an Active Directory account. Root accounts and passwords can thus be maintained in a central place instead of managed on individual servers.

Automatic Provisioning.  Users can log in to any system in a Zone to which they are authorized, and DirectControl automatically provisions their home directory. Individual accounts no longer need to be created and managed on each ESX Server.

Features and Benefits

• Centralized, Active Directory-based control over authentication, authorization and administration of ESX Server systems and users strengthens security and enables streamlined IT operations.
• Zone-based management provides granular control both over ESX Server systems and the administrators and end-users who need access to them.
• Group Policy for ESX Server systems provides efficient, secure and consistent configuration of systems.
• Native Active Directory integration and off-line cached login support delivers high-level availability of systems.
• Single sign-on for end-users through their Active Directory account results in fewer Helpdesk calls for password resets and other account maintenance.
• Centralized access control and logging of system access enhances compliance with regulatory requirements.