Home Products DirectControl What's New in DirectControl 4

What's New in DirectControl 4

"The new secure web management console will make it easier to manage the UNIX identities on our systems from any workstation. We expect the new reporting to make it still easier to generate the who-has-access-to-what reports that are important for security and compliance to regulations."

Magnus Luebeck
Director of IT Operations, Accarda

With Version 4, Centrify DirectControl solidifies its position as the leading solution for secure access control and centralized identity management of cross-platform environments. More than 450 enterprise customers, including over 38% of the Fortune 50, have selected Centrify DirectControl for its proven ability to centrally secure and manage their UNIX, Linux, Mac, web and database platforms using their existing Active Directory-based authentication, authorization and Group Policy services. With DirectControl 4, Centrify is delivering new and enhanced features that enable enterprises to realize benefits in the following areas.

  • Cross-Platform Manageability. A new web-based administrative console and expanded command-line interfaces give UNIX administrators even more flexibility to administer accounts and work with UNIX data held inside Active Directory. Enhanced deployment features enable IT administrators to quickly roll out DirectControl within large, complex environments.
  • IT Security and Compliance. Enhanced cross-platform Group Policy features make it even easier for IT managers to apply security policies and implement fine-grained privilege management across their heterogeneous environment. The expanded Report Center enables them to provide IT auditors with both historical and up-to-the-second reports to meet regulatory compliance requirements.
  • Active Directory Integration. New platform support and enhanced NIS and LDAP integration solutions enable organizations to leverage their Active Directory infrastructure to secure even more of their non-Microsoft environment.

Cross-Platform Manageability

Centrify has built a rich ecosystem of management tools around DirectControl, including native MMC snap-ins and an Administrator Console for Windows-based IT staff, and command-line interfaces and an industry-leading set of DirectControl-enabled remote access tools for UNIX administrators. In Version 4, DirectControl adds a web-based Administrator Console and comprehensive set of CLIs designed at the request of UNIX administrators. Additional improvements to our Windows-based admin tools and new deployment features mean DirectControl by far delivers the most extensive and easy-to-use array of management tools for both Windows and UNIX IT staff.

Web Administrator Console

  • DirectControl is the only cross-platform integration solution to deliver a browser-based administrator console, a feature requested by UNIX admins in particular.
  • Designed to meet the "separation of duties" mandated by regulatory compliance regimens, the Web Administrator Console delivers delegated administration with no additional setup or configuration required. Authorized IT staff can administer:
    • Active Directory user UNIX properties
    • Active Directory user basic account properties
    • Group properties and memberships
    • UNIX computer accounts
    • Seamless access is provided to administrators logging in from any Active Directory-integrated system.

DirectControl Web Administrator Console. From any web browser, IT staff can now control access to systems they manage and administer basic user, group and computer properties.

Expanded Command-Line Interfaces

  • A comprehensive set of UNIX commands enable administrators to manage Active Directory accounts and groups and perform other management tasks interactively through the command line or via scripts.
  • New commands enable you to:
    • Query user and group data
    • Add, modify or delete users or groups
    • Set group options
    • Dump or check cache files
    • Display real and effective UID/GIDs for current or specified users
    • Force a reload of the centrifydc.conf file
  • Improvements and new options are included for many existing commands.

Improvements to Windows-Based Admin Tools

  • Zone management is now significantly easier and more flexible:
    • Create Zones in either Active Directory Users and Computers (ADUC) or the DirectControl Administrator Console.
    • Zones can be created as an organizational unit (OU) or container (CN).
    • Zone properties pages now appear in ADUC.
    • A master domain can be defined for a Zone to ensure proper administration.
  • Zone delegation now supports delegation of NIS maps.
  • Drag-n-drop is fully supported, enabling ADUC objects to be dropped into the Administrator Console.
  • Improvements to the account import process include the ability to modify data during import, and store pending data in Active Directory or an XML file.

Additional Deployment & Manageability Enhancements

  • Computer self-join enables rapid, scripted deployment of DirectControl Agents to new and existing systems. The DirectControl Administrator Console provides a wizard to step through the pre-creation process.
  • Pre-validated user accounts can be pushed to a system to enable offline login for users who have never previously logged in.
  • Performance and scalability enhancements for high-performance, multi-user environments include:
    • The NSS, PAM and LAM modules have been streamlined, with the DirectControl Agent doing much more of the work. All PAM messages are now configurable.
    • Reduced memory and disk footprint size.
    • Improved response time at boot and log in.
  • Additional features for complex environments include support for:
    • One-way trust through firewalls via NTLM
    • SFU Zones across multiple domains
    • Users from a MIT Kerberos realm
  • Documentation has been reorganized and expanded, with eight guides and over 1400 pages, including a new Planning and Deployment Guide, Group Policy Guide, and Mac OS X Guide.

IT Security and Compliance

Centrify DirectControl's built-for-compliance Zone technology and delegated administration features have set the standard for centralized access control and secure administration of non-Microsoft systems using Active Directory. With Version 4, Centrify now delivers new policies and enhanced cross-platform Group Policy features that give IT managers even more granular control over security configurations for both users and computers, coupled with expanded reporting that provides IT auditors a comprehensive view of the access controls in place and verification that they are working as expected.

Enhanced Cross-Platform Group Policy Features

Centrify DirectControl delivers the industry's most comprehensive support for extending Group Policy to non-Windows systems. It is the only solution to provide both user and computer policies, advanced workstation lockdown polices, Mac-specific desktop lockdown policies, and advanced features such as filtering and loopback processing. Enhancements in DirectControl 4 include:

  • A streamlined UI makes it even easier to create and edit Group Policies within the standard GPO Editor.
  • New and improved out-of-the-box policies give you tighter control over user and computer security settings. For example:
    • SSH Settings. Centrify is the only solution that lets you enforce best practices for remote access by centrally configuring and enforcing sshd settings. For example, you can specify which users can ssh to a set of systems, or not permit root logins.
    • Sudo Rights. Because sudo is a powerful tool for fine-grained privilege management, we made it even easier to edit sudo policies, with a free-form editor, the ability to insert all standard commands with a simple right-click, the ability to browse and select names of Active Directory objects, and a syntax checker.
    • File Copy. You can centrally store files, such as syslog and Samba config files, in SYSVOL for secure, centralized distribution to DirectControl-managed systems.

   

Group Policy for UNIX. Free-form editing, a syntax checker, and the ability to insert all standard commands and Active Directory object names make it even easier to manage Sudo Group Policies for fine-grained privilege management.

Expanded Reporting Center

DirectControl's built-for-compliance architecture has always made reporting a central feature, enabling IT auditors to report on user access to systems, Zone and group membership, and more. With DirectControl 4, Centrify has significantly expanded the Reporting Center with the following features:

  • You can now take snapshots at specific points in time for historical reporting.
  • Reports are generated from live Active Directory data for up-to-the-second authorization and configuration reporting. Right-click to drill down into details or to edit properties. For example, if you notice the access report for a specific computer contains a user who shouldn't have access, you can immediately open that user's UNIX properties and remove his access.
  • New reports are included for IT auditors and managers, such as the Zone Delegation report, which shows the administrators of each Zone and the permissions granted to them.
  • Expanded customization features let you select the data sets you need to create a wide range of ad-hoc reports. Choose and order data columns, set filters and sort orders, and change report formatting.
  • The new Report Wizard guides you through creation of custom reports.

DirectControl Reporting Center. Expanded customization features let you select the data you need and change report formatting.

Active Directory Integration

Centrify DirectControl offers the industry's broadest set of Active Directory integration solutions for non-Microsoft systems, web applications, databases and storage systems. With DirectControl 4, Centrify enables organizations to further extend their Active Directory infrastructure with expanded system support and new features that let you leverage Active Directory for secure NIS management and integration with LDAP-aware applications.

  • Support for new platforms brings the total to over 130:
    • Citrix XenServer 4.0.1 Express, Standard and Enterprise editions
    • Security-Enhanced Linux (SELinux) for: Red Hat Enterprise Linux 4 and later, Fedora 3 and later, CentOS 4 and later, Scientific Linux 4 and later, Oracle Linux 4 and later. This includes both 32- and 64-bit support.
    • Red Hat Enterprise Linux 4 on PPC & Itanium 64
    • AppArmor for: SUSE Enterprise Linux 10, openSUSE 10.1 and later
    • HP-UX 11.31 PA-RISC 32- and 64-bit, including Trused Mode (aka 11i v3)
    • HP-UX 11.31 Itanium 32- and 64-bit, including Trusted Mode (aka 11i v3)
    • Oracle Enterprise Linux 5, 32- and 64-bit
    • VMware ESX Server 3.0.2
  • The DirectControl NIS Server now supports existing NIS clients without any client modification, enabling full replacement of existing NIS servers with a secure, centralized Active Directory-integrated solution.
  • A new LDAP Proxy enables LDAP-aware apps to securely integrate with Active Directory; communication to Active Directory stays encrypted and mutually authenticated.