NIS-to-Active-Directory Migration

The Challenge

Sun's end-of-life announcement for NIS (Network Information Service) has spurred many organizations to look to replace their existing NIS infrastructure with a solution that is more secure and easier to manage. NIS fails security and compliance audits because traffic between a NIS server and client is not secure. And maintaining and reliably distributing NIS maps is a cumbersome task that introduces a separate, hard-to-maintain identity silo within an organization.

While Kerberos is the preferred method for securing and authenticating network traffic, it can be time-consuming and error-prone to implement, especially for organizations with heterogeneous platforms. And while LDAP is an attractive replacement for NIS maps, it is only more secure when paired with SSL over the network. LDAP also represents a separate identity store that represents added administrative burden, and in many cases requires UNIX ID rationalization before migrating from NIS. Knitting all of these technologies together for a long-term solution is beyond the scope of even some of the most sophisticated IT organizations.

The Centrify Solution

Centrify delivers a robust NIS-to-Active-Directory migration solution to fit a variety of customer environments. Active Directory is a scalable and fault-tolerant infrastructure that marries LDAP for identity management and Kerberos for secure and authenticated communication between itself and client systems. The Centrify Suite seamlessly joins UNIX and Linux systems to your Active Directory domain and automatically sets up and configures Kerberos on those systems. The result is a highly secure and easy-to-manage NIS replacement that simplifies your existing IT environment and streamlines IT processes by leveraging your existing Active Directory infrastructure, tools and skill sets.

Centrify provides a variety of tools and migration paths to fit different environments.

• For those who want to completely replace NIS, our patented Zone technology can be used to migrate disparate NIS identities into Active Directory without painful UNIX ID rationalization, and our free UNIX account migration wizard automates the process.
• A Centrify Zone can also store any information found in a NIS map in Active Directory and, through NSS, can present that information back to a calling application. One common use is to import netgroups into Active Directory, where the Centrify NSS module can present information back to the operating system as a netgroup. Or netgroups can be imported into Active Directory groups, including both users and computers. Converting netgroups into Active Directory groups can have an added benefit: it enables you to use our role-based privilege management capabilities and unique computer roles to set entitlement grants for netgroup members and the computers that were in their netgroup.
• If you have a NetApp filer or other devices where a Centrify Agent can't be installed, Centrify also provides a NIS Proxy service. A more secure alternative that eliminates NIS across the wire is to use our LDAP Proxy service, which can pass directory information back to legacy devices in RFC 2307 format.

Learn More

Next Steps