Centrify Corporation, a provider of Microsoft Active Directory-based auditing, access control and identity management solutions for non-Microsoft platforms, today announced that it is delivering the first solution to offer Microsoft Active Directory-based authentication and access control to over 100 versions of UNIX, Linux and Mac platforms.
The latest release of Centrify DirectControl adds over 25 new supported versions of UNIX and Linux, includes enhanced Group Policy-based Apple Mac OS X desktop lockdown capabilities, and delivers the industry’s first solution to leverage Group Policy to enable bulk configuration of distributed OpenSSH deployments. These new capabilities further enhance Centrify customers’ ability to secure and streamline their heterogeneous environments by centralizing identity and policy management within their existing Microsoft Active Directory infrastructure.
“By extending its authentication and access control to the widest range of non-Microsoft operating systems, Centrify has made Microsoft Active Directory an appealing directory in which to centralize identity management in a multi-platform environment,” said Jon Oltsik, Senior Analyst, Enterprise Strategy Group, in the press release.
Centrify DirectControl effectively turns a non-Microsoft server, workstation or device into an Active Directory client, enabling an organization to secure that system using the same authentication, access control and Group Policy services currently deployed for its Windows systems. Centrify DirectControl supports Linux distributions such Red Hat Linux, Novell SUSE Linux, Fedora Core and Debian Linux, as well as UNIX platforms such as Sun Solaris, IBM AIX, HP HP-UX, and Silicon Graphics IRIX, plus VMware ESX and Mac OS X.
With this release, Centrify also further extends DirectControl’s support for Active Directory Group Policy, with well over 200 out-of-the-box policies that enable organizations to globally apply consistent security and configuration settings for UNIX, Linux and Mac computers and users. DirectControl is the first and only solution generally available on the market today to offer Group Policy support for Mac OS X systems as well as UNIX and Linux systems.
This release now also makes Centrify DirectControl the first solution that lets security personnel leverage Group Policy to centrally configure the security settings of the OpenSSH open source network connectivity tool running on UNIX and Linux systems. Examples of new OpenSSH Group Policies include: controlling who is allowed to SSH to a set of computers; controlling the time allowed for a successful login; displaying a security notice at login; and preventing root user login via SSH. DirectControl also adds Group Policies for the PuTTY open source SSH (“Secure Shell”) client for Microsoft Windows. New policies have also been added for the Mac OS X platform, including the ability to control login and logout scripts with Group Policy as well as improved mobile user configuration management capabilities.
This new release of DirectControl also offers enhanced integration with Apple Remote Desktop Administrator as well as Workgroup Manager.
DirectControl’s new platform and Group Policy support is being released on August 15, 2007. More info here.
D’Backs rule!!
Oh wow – GPOs applied to Macs and being able to manage them in AD? This could potentially turn out to be a huge help in getting Macs into the enterprise…
I have very mixed feelings about this. Good from an interoperability standpoint, but putting Macs under AD control is a travesty.
-jcr
I have very mixed feelings about this. Good from an interoperability standpoint, but putting Macs under AD control is a travesty.
-jcr
I have very mixed feelings about this. Good from an interoperability standpoint, but putting Macs under AD control is a travesty.
-jcr
I have very mixed feelings about this. Good from an interoperability standpoint, but putting Macs under AD control is a travesty.
-jcr
I really wish Apple had a killer alternative to Active Directory and/or Exchange server. While this middleware is cute, it only solidifies Microsoft’s entrenchment of Active Directory as the backbone allowing them to further lock-in more Windows desktops as the “natural fit” (via Group Policy, SMS, etc) to an AD based directory infrastructure. In comparison, the deployment costs, administrative overhead, and manageability of OpenDirectory just isn’t there yet for a global directory containing millions of directory objects replicating across hundreds/thousands of sites worldwide. Here’s hoping that may one day change…
@JCR
Yeah, it’s a mixed up world we live in, but what can ya do?
Steve was oh so right back in that famous keynote back in ’97 bout “thinking differently”. Unfortunately it’s not Apple v M$, so much as do anything, make compromises to get Apple into the enterprise, or back then even just to survive.
But yeah, it’s a travesty.
I’m with devnull – as much as I wished the Exchange server worked better with my Mac and Entourage when it came to managing calendars and other items for multiple people, I certainly don’t want M$ to be holding all the cards to the backbone of the whole thing.
Uh, what?
Exchange killer is coming… Be patient my little padawan´s… The Death Star will be destroyed… It is called The Leopard Server…
I’m thoroughly convinced that there is a significant percentage of Mac users who don’t have the slightest idea of what Exchange is or does.
I agree with some of the sentiment about Macs being controlled via AD being a mixed blessing, but I still think that for now, anything that gets more Macs in the enterprise is a plus, even though this isn’t my ideal way of seeing that happen.
Now that Leopard is UNIX03 certified, perhaps we will see more Xserves begin to show up. That along with more Macs thanks to AD integration, may eventually lead to more Mac-centric enterprise deployments (and this will take quite some time).
At least that’s my wishful thinking.
I agree. Can you explain it and/or point to a good reference to explain it ?
I also though that Leopard Server will bring much of this functionality to the the Mac.
“Microsoft Exchange Server is a messaging and collaborative software product developed by Microsoft. It is part of the Microsoft Servers line of server products and is widely used by enterprises using Microsoft infrastructure solutions. Exchange’s major features consist of electronic mail, calendaring, contacts and tasks, and support for the mobile and web-based access to information, as well as supporting data storage.”
http://en.wikipedia.org/wiki/Exchange_Server
And then:
http://www.apple.com/server/macosx/leopard/
And more:
http://www.apple.com/server/macosx/leopard/directory.html
And even more:
http://www.apple.com/server/macosx/leopard/icalserver.html
There you go Samurai…
The d’backs don’t have the horses to stay in the hunt for the long term. Let’s chat after September, when the d’backs have faded to 3rd and either the Dodgers or the Padres have won the west.
I wish I saw something in there that looked like an Exchange killer, but I don’t see it. There needs to be a significant measure of integration that isn’t in the various components of Leopard. There would also need to be a Windows client (or Outlook connector) and OTA sync with iPhones, Blackberries and Windows Mobile devices. And mail.app needs a whole lot of work to make it as complete an application as Outlook or Entourage.
There’s a lot to hate about MS, but Exchange is one of their decent products, especially the 2007 flavor. I’d love for there to be a workable Apple alternative, but Leopard isn’t it.
And you think that the Microsoft is the only one that can do it?
Interesting…
Do you really think that these guys and girls are incompetitive?
http://www.calconnect.org/mbrlist.shtml
I don´t think so…
Is Microsoft the only one who can do it? Hell no.
But your argument was that Leopard is an Exchange killer, my argument is that it is not.
And Exchange isn’t just about calendars in any event. All those companies are doing is trying to come up with an interoperative calendaring protocol. They’re not touching e-mail or tasks or public folders or contacts or OTA sync of any of the above, the total combination of which is what makes Exchange powerful and ubiquitous.
If you guys are looking for an Exchange killer (and who isn’t?) the answer is:
http://www.zimbra.com
There is lot´s of things that are coming with Leopard.
You will see.
Okey doke.
But nothing that’s replacing Exchange. Which isn’t necessarily a bad thing, because that’s really not the kind of thing Apple needs to be concentrating on right now.
Exchange will be gone. It is what everybody want´s.
Exchange is ridiculously expensive and everybody want´s an alternative to that. That is what they are doing. Apple also needs that and that is not a hard task to do.
This is a good comment: “I have very mixed feelings about this. Good from an interoperability standpoint, but putting Macs under AD control is a travesty.” I don’t necessarily agree, but a good line nonetheless.
Yes, if you want Macs in the enterprise (for real, not just token workstations here and there), then you need some kind of management framework. Now, obviously since OS X is UNIX based, you could use much of the existing tools being used in UNIX and Linux shops (e.g., NIS, LDAP, NFS, automated application deployment), but as a workstation, Macs have a lot more play if they can be more tightly integrated into AD.
This is good for the Mac.
—
Dustin Puryear
Author, <a >Best Practices for Managing Linux and UNIX Servers</a>
<a >http://www.puryear-it.com</a>
Oh, and don’t forget that there are other players in this space as well. Centrify though is the “GPO” enabler here.
—
Dustin Puryear
Author, Best Practices for Managing Linux and UNIX Servers
http://www.puryear-it.com