Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
DirectSecure lets you dynamically segment and isolate cross-platform systems by not relying on user authentication, but instead uses machine authentication to ensure that only trusted systems on your network can establish network communication with each other. This end-point authentication of a computer's machine credentials is based on Kerberos, PKI certificates, or pre-shared keys. Optionally, encryption can be enforced to secure communications between end points. Microsoft provides this capability as a standard part of the Windows platform and refers to this functionality as server and domain isolation (SDI). DirectSecure extends this same capability to non-Microsoft platforms, thereby enabling comprehensive support of mixed UNIX, Linux and Windows environments.
DirectSecure enforces the logical boundaries that you define through end-point authentication policies that are created, distributed and managed through Active Directory Group Policy. Policy deployment occurs seamlessly when a computer joins the Active Directory domain. Through Centrify's support for Group Policy, the same policies that Microsoft provides for Server and Domain Isolation can be applied to UNIX and Linux systems.
Policies are enforced by the built-in IPsec functionality found in modern Windows, UNIX and Linux platforms. Instead of the traditional use of IPsec as a tunneling and network encryption protocol (such as remote access through VPN), both Microsoft SDI and DirectSecure employ IPsec "transport mode" for end-to-end security between computers, even across Network Address Translation (NAT). Because IPsec is a Layer 3 security protocol, it provides security for all IP-based traffic and operates transparently to users and applications. Therefore, applications don't need to support IPsec — and require no modifications — to be compatible with this form of authentication and encryption.
With these policies in place, trusted systems are now protected and can easily communicate with each other without any additional steps and/or login procedures. Unmanaged or rogue computers are not able to establish network communication with systems protected within the logically isolated network.