Centrify DirectManage Components

Here is a look at the individual tools that are included with Centrify DirectManage. These tools are available in all editions of the Centrify Suite, with the exception of the Audit Center, which is provided as part of the Enterprise, Platinum and Application editions.

Deployment Manager
Migration Wizard
Zone Provisioning Agent
Administrator Console and MMC Snap-In

Web Administrator Console
Group Policy Object Editor
Report Center
Audit Center

DirectManage Deployment Manager

Although installing Centrify on a UNIX or Linux system is a straightforward task, organizations that want to deploy to dozens — or hundreds or thousands — or systems will want to use the Deployment Manager to guide them through the process. With Deployment Manager you can:

Discover UNIX and Linux systems within your environment and select the list of candidate systems for integration with Active Directory.
Download the correct and most current Centrify Suite packages directly from Centrify.
Analyze the systems' readiness for integration with Active Directory. The Deployment Manager can, for example, identify DNS issues in your network that would prevent the system from reaching an Active Directory domain controller.
Deploy and install the correct Centrify Suite components.
Join the systems to Active Directory, establishing a trusted relationship between that system and Active Directory.

Deployment Manager is in use today by Centrify Professional Services as they assist customers with deployments. An early adopter version will be available for customer use in early April 2010. If you would like to try Deployment Manager, contact your Centrify support or sales representative.

DirectManage Migration Wizard

The Centrify Suite enables you to retire redundant and legacy identity stores by managing UNIX, Linux and Mac identities through Active Directory. The DirectManage Migration Wizard accelerates your deployment by helping you import user and group information from sources such as NIS maps and local files into Active Directory. The Migration Wizard checks for duplicate IDs and gives you options for resolving conflicts, such as creating new Active Directory user or group objects or mapping the incoming IDs to existing Active Directory objects. The Migration Wizard is included at no extra charge as part of DirectManage.

DirectManage Zone Provisioning Agent

Centrify's patent-pending Zone-based access controls provide a unique and powerful way to ensure sensitive business systems can be managed in a secure and consistent fashion. Each Zone of computers can have its own discrete set of users, groups, administrators and security and configuration policies, thus providing the granular access controls and separation of duties required by compliance regulations and security best practice.

The DirectManage Zone Provisioning Agent allows you to set up Active Directory groups that correspond to the access rights you want users to have on Zones of UNIX, Linux and Mac systems. As you add or remove users in the Active Directory groups, the Zone Provisioning Agent automates the assignment of those users into Centrify Zones. This means you can use any of your standard Active Directory group management tools to manage Centrify Zones. It also provides the ability to delegate Zone management to individuals by giving them rights to specific Active Directory groups.

The DirectManage Zone Provisioning Agent is available today. Ask your Centrify support representative for access to this tool.

MMC Administrator Console and ADUC Extension

Centrify DirectManage includes two Windows-based administrator's tools: our Administrator Console and an MMC-based Active Directory Users and Computers (ADUC) property extension. With these interfaces you can configure the UNIX profile of Active Directory users (such as their UNIX ID, home directory and shell), manage computer properties, and manage Centrify Zone membership. The ADUC property extensions are particularly useful for delegated administration. For example, Windows-based IT help desk personnel could be enabled to use ADUC to update users' UNIX profile without giving them administrative access to advanced Centrify features.

Through the Administrator Console you also have access to all Centrify advanced features, such as creating and managing Centrify Zones, importing identities and running reports.

Web Administrator Console

The Web Administrator Console is another tool for delegating routine management of UNIX, Linux and Mac systems. With it, IT help desk and other personnel can perform the same types of tasks that are available to Windows-based administrators through the Active Directory Users and Computers property extensions. Web Administrator Console users can, for example, configure the UNIX profile of Active Directory users (such as their UNIX ID, home directory and shell), manage computer properties, and manage Centrify Zone membership. The web-based interface is an ideal way to enable non-Windows-based system administrators to control access to systems they manage, or to enable roving IT personnel to make quick changes from any system with a web browser.

DirectManage Group Policy Object Editor

Centrify's advanced support for Group Policy for UNIX, Linux and Mac enables you to enforce consistent configuration and security policies across heterogeneous systems. DirectManage's streamlined Group Policy Object Editor interface makes it easy to create and edit Group Policies within the standard GPO Editor. It provides a rich editing environment for many policies where multiple lines of text need to be entered or edited after initial entry, such as firewall policies.

DirectManage Report Center

Centrify reports give you detailed, global visibility over access rights, privileges and security policies across heterogeneous systems. The DirectManage Report Center provides pre-defined reports that answer the most common questions asked by compliance auditors, such as who has access to a set of computers in a Zone, what systems a specific user has access to, and what privileged commands users have been granted on specific systems. You can define custom reports as well.

DirectManage Audit Center

Centrify DirectAudit collects detailed logs of user activity on UNIX and Linux systems, including not only the commands entered but system responses as well. The DirectManage Audit Center is useful for IT personnel with a range of responsibilities:

Compliance auditors can use it to verify that access control policies are being enforced, by building queries and reports; for example, reports that show activity on specific systems or activity by specific users.
IT security personnel can use it to search for specific types of activity, such as commands to change passwords or insert accounts, and they can monitor user sessions in real time.
Compliance auditors, security personnel and IT operations staff can replay historical or current sessions to do forensic analysis of suspect sessions or identify issues in sessions that may have contributed to a system outage.

The Audit Center is provided with Centrify DirectAudit, which is part of the Centrify Suite Enterprise, Platinum and Application editions.

Try It Out Request a Free Evaluation of Centrify Suite

On-Demand Webinar The 60-Minute IT Compliance Formula

On-Demand Webinar Implementing Least-Privilege Security Management in Complex Linux and UNIX Environments