NIS-to-Active-Directory Migration
Replace NIS with Active Directory — a fault-tolerant LDAP database that seamlessly integrates Kerberos-based authentication — to enhance security while simplifying your environment
The Challenge
Sun's end-of-life announcement for NIS (Network Information Service) has spurred many organizations to look to replace their existing NIS architecture with a solution that is more secure and easier to manage. NIS fails security and compliance audits because traffic between a NIS server and client is not secure. And maintaining and reliably distributing NIS maps is a cumbersome task that introduces a separate, hard-to-maintain identity silo within an organization.
While Kerberos is the preferred method for securing and authenticating network traffic, it can be time-consuming and error-prone to implement, especially for organizations with heterogeneous platforms. And while LDAP is an attractive replacement for NIS maps, it is only more secure when paired with SSL over the network. LDAP also represents a separate identity store that represents added administrative burden, and in many cases requires UNIX ID rationalization before migrating from NIS. Knitting all of these technologies together for a long-term solution is beyond the scope of even some of the most sophisticated IT organizations.
The Centrify Solution
Centrify delivers a robust NIS-to-Active-Directory migration solution to fit a variety of customer environments. Active Directory is a scalable and fault-tolerant infrastructure that marries LDAP for identity management and Kerberos for secure and authenticated communication between itself and client systems. The Centrify Suite seamlessly joins UNIX and Linux systems to your Active Directory domain and automatically sets up and configures Kerberos on those systems. The result is a highly secure and easy-to-manage NIS replacement that simplifies your existing IT environment and streamlines IT processes by leveraging your existing Active Directory infrastructure, tools and skill sets.
Centrify provides a variety of tools and migration paths to fit different environments. Our free UNIX account migration wizard automates the importing of NIS identities into Active Directory, and our unique Zone technology can be used to migrate without painful UNIX ID rationalization. Centrify also delivers an Active Directory-integrated NIS server. Together, these tools allow you to plot a migration path that makes sense for your organization:
- Complete NIS removal (see our NIS Migration and Management webinar for an example of a 15-minute migration using the Centrify UNIX account migration wizard)
- Gradual NIS migration to Active Directory for large or complex environments
- NIS replacement with Centrify's more secure NIS Server for legacy systems that can't be directly integrated into Active Directory
Learn More
| White Paper | Centrify's Solution for NIS Migration |
| White Paper | Centrify's Solution for Migrating Unix Directories to Active Directory |
| On-Demand Webinar | NIS Migration and Management |
| Video Chalktalk | NIS Migration and Interoperability |
| App Note | Using the DirectControl NIS Service |
| Blog Post | Performing a NIS Migration the Centrify and Active Directory Way |
| Web Site | NIS Migration Resource Center |
Next Steps
The team [in Microsoft's Linux and open source lab] spent a lot of time improving how Linux systems can talk to Microsoft's Active Directory and finally settled on a third-party application called Centrify. "Getting authentication to work correctly with Active Directory is not simple," admitted Hilf [lab director]. "It's often fragile and to do it in a broad way is a non-trivial technical task."
vnunet.com
August 11, 2005