Assessing the Active Directory Scene in 2011 with Centrify
There was a time — before the cloud redefined computing, and when cell phones were just phones — when managing Active Directory environments was uncomplicated and limited in scope. That era passed long ago, and the AD-integration market is now evolving into a new creature entirely. But where exactly is it headed? I recently sat down (virtually, of course) with representatives from Centrify for their take on the future direction of this channel. Read on for highlights of their vision.
First, though, let’s consider the situation in the early 2000s, when Windows XP was king and the IT world was still coming to terms with open-source business models. Back then, Microsoft’s market share on the desktop surpassed the ninetieth percentile with ease, while Linux and OS X remained almost invisible (even by the W3C’s count, in which non-Microsoft systems are probably overrepresented). Applications, meanwhile, remained largely offline and OS-dependent, and most networking infrastructures were limited in capacity.
In that world, managing an Active Directory environment mostly meant using native Microsoft tools to integrate Windows machines, while perhaps linking in a few Unix servers here and there. In environments where Mac or Linux desktops did exist, joining them to the AD domain was rarely an absolute necessity, since the resources that users needed were not yet centralized on the domain, and solutions centered around Samba worked well enough where basic integration was needed.
Ghosts of Active Directory-Present
Fast-forward to the here-and-now, and the picture looks very different from the one circa 2003. Active Directory resources have become must-haves for nearly all users, regardless of which operating system they happen to run on their workstations. And those operating systems, as Centrify representatives were keen to point out during our conversation, have become more diverse and heterogeneous than ever.
At the same time, the ubiquity of personal devices brought by employees onto the network has created access and security concerns that weren’t present a decade ago, when cell phones did little more than make calls and laptops were far less portable. Along similar lines, increased reliance on temporary employees and offshore contractors has contributed new complexities to the delivery and security of AD resources.
Citing feedback from customers, the Centrify folks also highlighted the increased rigor and strictness of compliance auditing as an important new trend with which AD administrators need to cope. That may be a blanket statement, and auditing policies and enforcement vary from organization to organization, but I suspect most IT managers would generally agree that audits have grown much more complicated in scope and serious in importance in recent years.
And last but not least, there’s the cloud, which has exacerbated all of the above by redefining network topography, making physical network perimeters a thing of the past and adding a new dimension to the way users access and administrators monitor hosts.
The Future
If such is the situation of the AD ecosystem at present, where can we expect it to head in the future, and how will it get there? For one, Centrify promised ever-increasing attention to the diversity of different operating systems — and different versions of the same operating systems — that need to be supported. Centrify’s latest release represents a clear move in this direction, with enhanced support for GNOME and OS X users.
Unsurprisingly, Centrify representatives also pointed to a focus going forward on the cloud — and the closely related field of virtualization. In practice, this means delivering support for the rapidly increasing number of servers which virtualization makes possible, and which cloud computing encourages; it also means paying more attention to the way in which AD-integration solutions handle network security in an environment where cloud-based hosts can’t hide snugly behind gateway firewalls, but instead must rely on host-based alternatives.
Finally — and this may be the most interesting area of all to keep an eye on — Centrify representatives promised we can expect to see their software being embedded within cloud hosts as a means of managing user accounts. From my perspective, such use cases seem particularly novel because they represent a step away from the traditional role of AD-integration software, which has been used in the past mostly to join hosts to the AD and share resources. But the role of Centrify in these new products is not to integrate them with an existing, external AD, but to provide a solution to a problem which is itself not inherently AD-related. Deploying Centrify, or suites like it, in such a manner could push this market in fascinating new directions.
It’s too early to share specifics on plans for such novel deployments of Centrify software, I’ve been told, but stay tuned to The VAR Guy for announcements on this topic in the near future — as well as some updates from the Likewise camp, Centrify’s chief competitor, on how its developers plan to handle the cloud and other emerging trends in their channel.
Sign up for The VAR Guy’s Weekly Newsletter, Webcasts and Resource Center. Follow The VAR Guy via RSS, Facebook and Twitter. Follow experts at VARtweet. Read The VAR Guy’s editorial disclosures here.
Chris – are you planning to sit down with representatives of other companies in this area like Quest and Likewise?
A balanced review would be really helpful. Like many SIs, we find every vendor sponsors their own review and it’s hard to separate fact from fiction and ads from editorial.
Please do the needful!
Systems Integrator: yes! Speaking with Likewise tomorrow, in fact. Stay tuned.
Ironically, I’m speaking with Likewise tomorrow as well, and that talk was triggered by your previous Centrify article.
We’re a smaller 2-year college that is looking to integrate more closely, read enforce group policies, into our network. I also like the natural progression of leveraging these solutions to make it more streamlined to bring in Linux machines as well.
Keep up this thread! It’s VERY helpful for me to not have to 1-off each of these products and be subjected to the marketing speak of each. I’d like simple comparisons of the similarities and differences in the implementation of the same basic concept; feature comparisons are a must. I think it would be good to get a statement from each as to how they feel that they differentiate their solution from the pack.
I’d also like to understand what of their solution is Open vs Closed source. I’m not too keen on bringing in a closed solution so I can better integrate my open source… it just feels a little wrong.
Keep up the great work!
Michael: glad you’re finding this material useful. I do have some intriguing material from Centrify on how its developers believe they stand out, which we should be writing up shortly, along with the Likewise take on the same topic.
I haven’t seen as much buzz around Quest as an AD solution for Unix machines. Have you looked into it as well as Centrify and Likewise?
Check out QAS – Quest Authentication Services. It integrates with AD.