Centrify Server Suite, Standard Edition

Centrify DirectControl Features

Centrify DirectControl's core feature is its ability to enable UNIX, Linux and Mac OS X systems to join an Active Directory domain. The Centrify DirectControl Agent effectively turns the host system into an Active Directory client, enabling you to secure that system using the same authentication, access control and Group Policy services currently deployed for your Windows systems. Additional seamlessly integrated modules snap into the DirectControl Agent to provide services such as single sign-on to web applications, SAP and databases.

Move to a Central Directory with a Single Point of Administration for User Accounts and Security Policy

  • Strengthen security by consolidating user accounts into Active Directory: one user, one account. Administrators and end-users have a single sign-on account to servers and workstations, with role-based access control centrally managed through Active Directory. This eliminates security risks posed by orphan accounts because IT managers can immediately and globally turn off the accounts of departing employees. And they can use Active Directory tools to identify dormant accounts.
  • Reduce infrastructure costs by eliminating redundant identity stores, including legacy directories, unsecured NIS servers, dedicated application databases and locally managed /etc/passwd files. There is also no need to license expensive third-party synchronization products or to try building and maintaining in-house solutions.
  • Streamline operations by standardizing on a single set of Active Directory-based tools, training and processes for provisioning, account maintenance and other administrative tasks.
  • Establish consistent security and configuration policies across their heterogeneous environment. They can adopt a consistent, enterprise-wide standard for passwords by enforcing Active Directory's rules for password complexity and expiration for all users regardless of where they log in. And they can centrally enforce security and configuration policies across UNIX, Linux and Mac systems using DirectControl's integrated Group Policy feature, which provides more out-of-the-box policies, including user policies, than any other solution.
  • Improve productivity and satisfaction for end-users, who now have only one password to remember. The result is that fewer Help Desk resources are needed to support unnecessary password resets and account updates.

Use Centrify Zones to Provide Secure, Granular Access Control and Delegated Administration

Centrify's patented Zone technology, with its unique hierarchy and inheritance model, provides the industry's only solution for using Active Directory to manage identities, grant access rights and delegate privileges across a diverse mix of Windows, UNIX, Linux, and Mac computers and devices. Centrify Zones provide:

  • The fastest and most efficient means of consolidating a set of complex and disparate UNIX and Linux identity stores into Active Directory
  • The most flexible solution for creating least-access and least-privilege security models for a diverse set of users and roles across Windows, UNIX, and Linux servers
  • The most secure means of delegating user privileges in a highly granular manner

Simplify Compliance with Regulatory Requirements

  • IT managers now have, in Active Directory, a single point of administration from which to reliably manage user accounts, set access controls, and enforce security policies across their heterogeneous enterprise.
  • Centrify's patented Zone technology enables IT managers to limit administrative rights and end-user access to sensitive systems on a "need to know" basis.
  • Out-of-the-box and custom reports help prove to auditors, on-demand, what systems any specific user can access, and which users can access any specific system.
  • By extending Active Directory's password requirements and Group Policy features to UNIX, Linux and Mac, DirectControl enables IT managers to enforce consistent, enterprise-wide security policies in a manner that can be verified by auditors.
  • DirectControl ensures activity on UNIX, Linux and Mac systems is written to the proper Active Directory logs, providing an audit trail for system access. Centrify DirectAudit supplements logging with detailed user session capture and replay capabilities for Windows, UNIX, and Linux servers.

Deploy Quickly Without Intrusive Changes to Existing Infrastructure

  • DirectControl does not install any software on domain controllers, nor does it require any changes to the Active Directory schema to store UNIX identity data. DirectControl supports RFC 2307 via the Active Directory schema that Microsoft introduced with Windows Server 2003 R2.
  • Through Centrify's unique Zone technology, DirectControl can map multiple UNIX identities to a given Active Directory account without introducing any proprietary Active Directory schema modifications.