Startup Extends Active Directory to Linux SystemsBy Steven Vaughan-Nichols | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Centrify's DirectControl lets Windows administrators manage Linux/Unix boxes using Microsoft's Active Directory.
Centrify Corp. has released DirectControl, a Microsoft Active Directory-based program that enables network administrators to use AD's identity, access and policy management for not only Windows, but also Unix and Linux systems.
According to Centrify CEO Tom Kemp, with DirectControl "administrators can reduce management costs associated with user account management, strengthen security throughout their organization and improve user productivity through the consolidation of multiple user IDs without having to go in and make costly changes to either their AD or Unix/Linux infrastructures."
Of course, this kind of integration can be done by hand using Server 2003, Microsoft's Services for Unix 3.5 and OpenLDAP on Linux. With this approach though, administrators must manually configure the user objects for the Linux users.
Other commercial products, such as Vintela Inc.'s Vintela Authentication Services, require changes to be made to the existing Linux identity and password management programs. Vintela's solution is to migrate users to AD, while Centrify's approach enables AD administrators to manage Red Hat Linux, Solaris, VMware ESX, and HP/UX users without having to modify the native Unix and Linux identity management systems, Kemp said.
Administrators can also use DirectControl to manage access to such server-based applications as Apache, JBoss and Tomcat. Kemp said Centrify is also working on adding system support for AIX, Mac OS X and Novell Inc.'s SuSE Linux, and application support for WebLogic and WebSphere.
With DirectControl, administrators map multiple Unix user IDs to a single AD account to provide users with a single sign-on while reliably controlling a user's access to all systems and applications. DirectControl also can be used to do the kind of auditing and reporting that the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act) require, Kemp said.
DirectControl is made up of two parts. The first is the DirectControl Agent that administrators install on a Unix/Linux workstation or server. The Agent allows an administrator to "join" that system to the Active Directory domain, provides authentication and authorization services and enforces AD's policy management capabilities.
The second component is the DirectControl Administrator Console, a suite of Windows-based utilitiesincluding extensions to the AD Users and Computers user interfacethat enables administrators to allow AD users to access Unix/Linux systems and Java-based Web applications using their Active Directory account credentials.
"In effect, DirectControl makes a Unix/Linux server or workstation an Active Directory 'client,' thereby allowing a system administrator to control access to that system and even configure it through Group Policy using the same tools and processes they use today to manage Windows systems," Kemp said.
DirectControl is available now. Pricing starts at $50 for a Unix/Linux workstation and $500 for a Unix/Linux server with unlimited users.
Check out eWEEK.com's for the latest open-source news, reviews and analysis.