Active Directory and the Heterogeneous Data Center
With reduced budgets and fewer staff members to go around, wouldn't it help if you had some way of leveraging those remaining employees for your entire data center? It's rare to see a data center that hosts a single operating system within its racks and rarer still to have employees who can effectively manage the many different operating systems present there. Most data centers house multiple Microsoft Windows versions, various Unix flavors, multiple Linux distributions, hypervisors and possibly a few oddballs not mentioned in standard conversation. It's a management nightmare.Cover Your Assets: Help for Active Directory integration for Unix, Linux and Mac OS X has arrived. Here are three products to aid you in the travail.
But there's hope for those disparate systems and their desperate system administrators in the form of Active Directory integration. Active Directory provides a centralized management system where you configure and administer system, user and application settings. In Microsoft's own words:
Active Directory Domain Services is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications and other directory-enabled objects from one secure, centralized location.
To assist you in your centralized management efforts, I present three products worth knowing for this purpose. All three offer Active Directory integration products to corral those renegade operating systems, applications, databases and users into a manageable format. First, there's Quest and its single sign-on (SSO), reduced sign-on and centralized authentication solutions. Next up is Likewise, whose products range from Likewise CIFS to Likewise Enterprise and bring Active Directory security to networks of any size. Finally, Centrify, which offers the widest possible range of Active Directory integration for operating systems, applications, software and storage.
Quest Authentication Services (formerly Vintela Authentication Services) consists of an impressive lineup for enterprise authentication and integration management that deliver the following features and benefits:
- Active Directory for Unix, Linux and Mac
- NIS migration and directory consolidation
- Group policies for Unix, Linux and Mac
- Simple identity and access management
- Access control
Quest provides all of its products as trialware on its downloads page. It also lists several freeware packages on the same page. No product pricing information is available as of press time.
To start your migration to an Active Directory managed enterprise, Likewise makes its entry-level product, Likewise Open, available as a free, open source product. For a complete product feature and price comparison, check out the Likewise Software Solutions Pricing page.
For those who know a little something about Active Directory integration for Unix-based operating systems, the Likewise staff reports Samba or winbind code is not found in its products. Its Active Directory software is a de novo rewrite. If you haven't looked at the product line lately, you should. Not only can you manage your Active Directory resources from a Windows machine, you can also manage it from a Mac or a Linux system.
With more than 1,000 clients to its credit, Centrify just might be the 800-pound gorilla in this group with its Centrify Suite: DirectAudit, DirectAuthorize and DirectControl. It offers three editions for your Active Directory integration pleasure:
- Standard Edition (DirectControl, DirectAuthorize, OpenSSH and Kerberos Tools)
- Enterprise Edition (Standard Edition plus DirectAudit)
- Application Edition (Enterprise Edition plus Application Modules)
Centrify's solutions include the standard Active Directory integration with Mac, Unix and Linux systems plus IT Compliance and Auditing keeping you within regulatory constraints with SOX, HIPAA, FISMA and PCI audit trails and reporting. Their products also provide for desktop lockdown (all operating systems), virtualization security, and SSO for databases, web applications and SAP.
Centrify has a large customer base and holds several production certifications, including Novell and Microsoft. Its pricing is simple and based on the type of system on which the software is installed. It is $60 per workstation and $350 per server. Academic and non-profit institutions should contact the company directly for discount information. Large corporations also receive a volume discount.
I suggest setting up a test environment, perhaps a virtual one, to try the products side-by-side to determine which one works best for you. These integration products are all about leveraging your staff's knowledge. If your staff leans toward Microsoft products and they would rather not deal with Unix or Linux, now they can have their way. Similarly, if you have Linux and Unix experts who would rather battle a grizzly bear than work on Windows, the solution has arrived. With these Active Directory integration products, you can make everyone happy.
Have you tried one of the products mentioned in this article? What did you think? Write back and let us know.
Ken Hess is a freelance writer who writes on a variety of open source topics including Linux, databases, and virtualization. He is also the coauthor of Practical Virtualization Solutions, which is scheduled for publication in October 2009. You may reach him through his web site at http://www.kenhess.com.