Centrify's Support for Windows Server 2003 R2

Centrify DirectControl suite supports Microsoft ADFS and new UNIX identity management solutions

Centrify continues to lead the way in defining best practices for integrating an organization's Active Directory services with its UNIX, Linux, Mac, Java and web platforms. With its Windows Server 2003 R2 Enterprise Edition, Microsoft provided a number of UNIX identity management solutions, and Centrify DirectControl supports them in the following ways:

• Microsoft ADFS + Centrify DirectControl for ADFS. The combination of Microsoft Active Directory Federation Services (ADFS) along with Centrify DirectControl for ADFS will deliver cross-platform web single sign-on (SSO) at a fraction of the cost of older, more complex products.
• Microsoft UNIX Identity Management Solution + Centrify DirectControl for Operating Systems. DirectControl simplifies deployment of Active Directory-based authentication and provides a higher level of security and more granular access control and administration.
• Centrify Solution Guides. The Centrify Resource Center includes new solution guides to support the implementation of enhanced UNIX interoperability with Windows Server 2003 R2.

Microsoft ADFS + Centrify DirectControl for ADFS

Centrify DirectControl for ADFS is the first solution that extends Microsoft's federated identity management services to web applications running on non-Microsoft platforms. The DirectControl web SSO modules snaps seamlessly into the DirectControl Agent, enabling you to use Microsoft ADFS to provide secure, federated identity management for applications hosted on Apache and popular J2EE web servers, including IBM WebSphere, BEA WebLogic, JBoss, and Tomcat. With its simple architecture and quick deployment, DirectControl for ADFS will be easier to configure, manage, and audit than older, more complex web SSO solutions because it leverages accounts and groups centrally managed in Active Directory. For more information:

Microsoft UNIX Identity Management Solution + Centrify DirectControl for Operating Systems

Windows Server 2003 R2's UNIX identity management solution includes Services for Network Files Services (NFS), which enables UNIX users to view Windows file shares, and new Active Directory attributes to store UNIX user and group information. For more information, see the description of R2's identity and access management features on the Microsoft web site.

Centrify DirectControl for Systems builds on these features to enable a robust, centralized, Active Directory-based authentication strategy throughout a heterogeneous enterprise. DirectControl's easy-to-deploy, native system Agent delivers Kerberized, Active Directory-based single sign-on "out of the box" for an industry-leading set of UNIX, Linux and Mac platforms. (See Supported Platforms for a complete list.)

R2's Active Directory schema extensions formalize Microsoft's support for the RFC2307 specification for using LDAP as a network information service. Centrify DirectControl fully supports these new schema extensions transparently when they are present in an organization's Active Directory implementation. This enables organizations to integrate non-Microsoft systems with Active Directory and to deploy RFC2307-aware applications without the need for proprietary, third-party schema extensions.

The value of Centrify's standards-based approach is demonstrated in our ability to support Microsoft's official UNIX attributes — without proprietary schema extensions — while delivering enhanced security through our patent-pending Zone technology. Centrify Zones deliver the type of granular access control needed by organizations with diverse heterogeneous environments. IT managers can also delegate administrative rights on a Zone-by-Zone basis and fine-tune administrators' rights within each Zone. See Zone-Based Access Control for a detailed overview.

DirectControl's Zone technology will also enable group-based administration of file shares managed through Microsoft Services for NFS. UNIX systems will be able to seamlessly automount Windows File Shares via Services for NFS.

Organizations using DirectControl will also benefit from an added level of Active Directory-based management control. The all-in-one DirectControl Agent delivers Group Policy for non-Microsoft systems at no additional cost. DirectControl also offers the unique ability to report on your UNIX environment; for example, you can run a report that shows which UNIX systems a UNIX-enabled Active Directory account has access to, which is essential for compliance with Sarbanes-Oxley and other government regulations.

Centrify Solution Guides

Centrify has also created new solution guides to support the implementation of enhanced UNIX interoperability with Windows Server 2003 R2. These solution guides are freely available on the Centrify Resource Center.

• Using DirectControl with Microsoft NFS Server provides customers with detailed information on how to create secure central file servers for UNIX clients using Windows Server 2003 R2. This solution uses the NFS file server technology included with Windows Server 2003 R2 and DirectControl's centralized Active Directory-based identity management solution.
• Using DirectControl to Enable Automounted UNIX Home Directories provides information on using Windows file servers for automatically hosting UNIX client home directories.