Centrify: Active Directory Meets UNIX and Linux
There’s a few players in the arena right now for getting your UNIX and Linux boxes to play nice with Microsoft Active Directory, but Centrify wants your attention. They take securing your network seriously but do it with what claims to be a simple solution that VARs and MSPs might want to take note at, especially if you’re a VAR setting up and managing data centers.
So let’s setup the scenario: You’ve got a data center environment that’s increasingly heterogeneous. Unix, Linux, Windows, maybe a few Mac OS X servers or desktops floating around. It’s getting big, it’s getting messy.
You’ve also got that problem where you’ve got a few IT people on staff and maybe they’re not all using their own user accounts. Maybe there’s a root password that’s shared for access to certain machines. It makes it hard to audit what’s going on and hard to keep track of who made what changes.
So how do you secure the systems, lock down user access and keep track of it? That’s where Centrify says they can help. It’s actually pretty simple: you install their software.
Centrify’s software is a client that runs on any non-Windows box that integrates the system with Microsoft’s Active Directory. Dubbed “DirectSecure,” Microsoft’s Active Directory is now hooked into and extended to the Unix and Linux systems, letting AD use Server and Domain Isolation technology plus end to end encryption and user-account security policies.
The magic happens, in part, by utilizing the native IPsec built into Unix and Linux OSes today. Centrify’s software also allows for zero changes to application or network topology. Ease of use, apparently, is the name of the game.
Of course, Centrify does face some competition. For instance, our media sites have noted recent initiatives from Likewise Software.
But Wait, There’s More
But there’s a bit more to it than that: Centrify’s traditionally offered a suite of software like this before, but this year, 2010 introduces not just DirectSecure, but DirectManage.
They’re calling it an industry first. DirectManage is an easy to use application that essentially allows you to point-and-click your way through managing all those UNIX and Linux systems you just setup with DirectSecure. It allows for real-time visibility of everything you’d want: access rights, policies, group relationships and user activities, all neatly packaged in a GUI that’s pretty friendly looking. When you’re looking for tight control around systems and access privileges, this could potentially be your best solution.
On a call with Centrify, they noted that whether you’re dealing with a large data center or you’re hosting your information on a cloud, like with Amazon, the procedure is the same. Just install the client. They also touted it as the perfect solution for resellers and partners that provide PCI services, noting it’s especially effective for pre-audits and remediation. More simply, if you’re a security-oriented VAR who’d like to add some extra value, Centrify’s toolkit could be good for you, too.
Centrify stresses that good user-based security shouldn’t go un-looked. Every user account can be tailored into zone-like membership groups, allowing for people who need elevated privileges to have them, but not necessarily need full root access.
Of course all that is good and well, except that you might be wondering what the price tag is. Centrify is looking to deploy this stuff February 16, 2010 and is asking $350 USD a server. It’s licensed on a per-guest OS basis, sorry VM’s, that’s the deal. Now, if you’re looking for an enterprise edition, that’ll cost you a few more bones. They’re asking $750 a system.
If you’re looking for something simpler, a desktop client license is only $60 a computer. Centrify noted, for example, that you can now easily integrate Mac OS X or Ubuntu systems to Active Directory with that $60 solution. With that price, it seems like a potential no-brainer add-on.
Even if your customers’ data centers aren’t ‘heterogeneous’ enough, you might want to give Centrify a solid look before you pass on them.