The enterprise-out approach is favored by organizations that are looking to leverage investments in policy logic residing with Microsoft AD, such as role definition expressed through group membership and entitlements, to manage access control to off-premises services and infrastructure.

Steve Coplan
Senior Analyst, The 451 Group

The ability secure and manage cloud environments and virtualized guest and host systems is critical as data center operations employ flexible models for private, hybrid and public cloud computing. Server virtualization platforms from vendors such as VMware and Citrix have made it possible to apply a specific platform based on cost and deployment requirements when and where they are required, but they have also increased platform heterogeneity and the need to have a mechanism for global security management.

This rapid adoption of virtualization technologies and the widespread acceptance of cloud computing combined with the ability for business-critical guest systems to seamlessly move from private to public cloud environments has led to gaps in both management and security practices. In these dynamic environments, controlling who has access to the underlying hypervisor platform and guest systems, and strictly defining what they can do based on their job role, becomes a critical requirement.

In addition, as organizations begin the migration from a private to hybrid or public clouds, IT managers need unified, global control over their evolving data center operations to meet security and compliance requirements — from management and segregation of duties to protection from external and internal threats — across any server instance.

The Centrify Suite addresses the need to secure the data center — no matter what hybrid state it is in along the migration path from private to public cloud — by giving IT managers a single point of administration for all of their heterogeneous systems and applications. By enabling administrators to secure the hypervisor platform and guest operating systems using the same Active Directory-based tools and skill sets that are already in place, Centrify is enabling organizations to embrace cloud computing models through a cost-effective solution that actually helps them simplify their environment while strengthening security and streamlining processes.

With the Centrify Suite you can:

  • Lock down root and other superuser accounts to ensure that only authorized administrators have access to the underlying hypervisor platform and its administrative interfaces.
  • Associate all access controls, privileges, and audit trails to definitive and centrally managed Active Directory identities, which both simplifies administration and provides the strict accountability required by security best practices and regulatory compliance.
  • Apply consistent role-based access controls across physical and virtual systems.
  • Add additional layers of security by isolating and protecting distributed systems, and encrypt data-in-motion to protect intellectual property.
  • Simplify security and compliance reporting through a global view of access controls across physical and virtual systems.
  • Globally enforce consistent security and configuration policies (via Windows Group Policy) across a heterogeneous enterprise.

And Centrify's "enterprise-out" approach establishes Active Directory as the center of trust between enterprise and cloud servers, whether private or hosted, to make them as secure and compliant with regulations as those in your data center. Centrify DirectControl will auto-join cloud VMs to Active Directory upon first boot when deployed in combination with Centrify CloudTools. Centrify DirectControl and Centrify DirectAuthorize ensure that superuser accounts are locked down, accounts and privileges are automatically provisioned, and consistent security policies are enforced. Centrify DirectSecure provides the unique capability to isolate specific groups of trusted systems so that they can communicate only with each other regardless of location, and to encrypt data-in-motion between them. Centrify also provides unique visibility into your cloud environment through Centrify DirectManage Deployment Manager, which auto-discovers and manages VMware vCloud servers and Amazon EC2 instances.

Once systems are deployed, Centrify DirectAudit can verify that privileged access controls are in place and working as expected. Enterprise single sign-on not only to systems but to SAP and web application can be implemented.

The result is a dynamically updating, hardened cloud infrastructure that is secure from inside your enterprise, out through the public network, and into your private or hosted cloud environment.

Learn More

WebinarFive Steps to Securing Cloud Servers
White PaperEnforcing Enterprise-Out Security for Cloud Servers
White PaperUsing Centrify DirectControl with VMware ESX Server
On-Demand WebinarAddressing the Unique IT Security Risks Posed by the Virtual Data Center
On-Demand WebinarCloud-based Servers: Getting Security and Compliance Right the First Time
Blog PostAuditing VMware ESX with DirectAudit and Hardening the VMware Infrastructure with the Centrify Suite
Blog PostHardening VMware vSphere Security and the ESX v4 Console Operating System with Centrify
Blog PostVMware Virtual Security and Compliance
Video ChalktalkSecuring a Cloud Computing Architecture
Video ChalktalkIntroducing Centrify DirectSecure Part 1: Server Isolation and Protection
Video ChalktalkIntroducing Centrify DirectSecure Part 2: Securing UNIX and Linux Systems with IPsec and Active Directory
Video ChalktalkIntroducing Centrify DirectSecure Part 3: Leveraging the Racoon Internet Key Exchange (IKE) Daemon
Video ChalktalkSecuring VMware ESX Server with Active Directory
Video ChalktalkSecuring Solaris Zones with Active Directory
Video ChalktalkSecuring Linux Systems Running on IBM System z with Active Directory

Next Steps