Active Directory and Linux guideAuthentication of Active Directory and Linux <<previous|next>> :Linux authentication troubles? Try Active Directory
Enterprise Linux News:
Symark joins crowded cross-platform management field
By Jack Loftus, News Writer
24 Sep 2007 | SearchEnterpriseLinux.com
This "suite play" by cross-platform management vendors is an interesting twist in the market, said John Enck, an analyst with Stamford, Conn.-based Gartner Inc. "The suite play is the key to this market," Enck said. "Quest has every AD tool imaginable; their authentication tool can be a lead-in or a value-add, but the strength of the suite swings a lot of customers. Centrify also has an adjacent cross-platform auditing tool; here again customers often buy the Centrify authentication tool as part of a broader solution."
Symark is following suit with a suite approach: Prospective customers will not just look at the authentication tool alone; they will compare the Quest suite to the Centrify combo vis-à-vis the Symark solution stack, Enck said.The market for cross-platform identity management products. emerged in 2006, when Centrify, Centeris and Quest launched their products. But Jeff Nielsen, a product manager at Symark, cited several differentiating factors that he believes set Symark apart.
"We took a Unix and Linux approach [to PowerADvantage]," Nielsen said. "All administration of the product can be done from the Linux and Unix command line; we wanted to make sure [IT managers] could work in the environment they like."
Gartner's Enck said Symark's Unix chops are something to consider when evaluating cross-platform management applications, as is the integration with PowerBroker.
PowerBroker is an authorization and access control tool for Linux and Unix IT environments. "The combination of PowerADvantage and PowerBroker enhances security and compliance by facilitating efficient management of end-user and administrator account access from Active Directory while controlling access and tasks performed using the root account password," Nielsen said.Sally Hudson, an analyst with Framingham, Mass.-based IDC, said the addition of PowerBroker integration bodes well for users looking for a more complete and secure environment. "Symark has done pretty well with PowerBroker and they can build on that," she said. Benjamin Brumaire, an IT consultant and systems integrator based in France, said the suite approach was a welcome addition for shops because Microsoft wasn't getting the job done. "I think PowerADvantage looks promising and can certainly offer the benefit of reducing systems administration costs across the entire IT portfolio," he said. "By integrating PowerADvantage [and] PowerBroker, an organization achieves additional access control and security for its Linux and Unix servers, which is something other products and Microsoft alone cannot provide." Managing Linux with AD and PowerBroker
Specifically, Symark's PowerADvantage allows users to extend Active Directory's centralized authentication, authorization, account access, policy enforcement and infrastructure management functionality to Unix and Linux systems. Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments. At the heart of the application is the PowerADvantage agent, which is installed on Unix and Linux machines and communicates with the AD's domain controllers, said Ellen Libenson, vice president of product management at Symark. During the installation, the Unix/Linux host is joined to the domain and the host is configured to route authentication requests through the agent, Nielsen added. This allows the agent to communicate with AD domain controllers to process authentication requests and access the AD's Group Policy Objects for configuration management, he said.
From start to finish, The entire process takes about 15 minutes and includes an installation wizard, Nielsen said.After installation, the computer object for each Unix/Linux host can be moved to different organizational units in the AD hierarchy, changing which set of Group Policy Objects applies to that host. The PowerADvantage context of each host can also be altered, which will then immediately change login configuration for all AD-based users logging in to that host, Nielsen said. These changes can be performed without rebooting the host or restarting the PowerADvantage Agent.
"The PowerADvantage Agent is configured by Group Policy, so changes in the configuration of the agents are performed through it without the need to visit each individual host -- typing in user parameters for thousands of users is not fun," he said.
PowerADvantage is currently in beta testing and will be available in January 2008, Libenson said. No price was given.
Email Jack Loftus with your comments and suggestions..