There's a downside to adding Linux or Unix servers to a Windows shop: These orphan machines lie outside the protective...
umbrella of the centralized user authentication and authorization controls of Microsoft Active Directory. The result? Multiple user identifications and logins, higher risk of errors and security loopholes, and of course, more work for system administrators.But, according to John Enck, a research vice president at Gartner Inc. probably less than 20% of mixed Linux and Windows shops use a single authentication and authorization vehicle that covers Windows and non-Windows machines. "[Centralized authentication] is a new trend," Enck said. "Most are using Unix or Active Directory for access control and now are looking to gain efficiency with a common structure."
The maker of PowerBroker., which enables system administrators to implement user control policies system-wide, now has extended PowerBroker's reach with PowerADvantage, an action arm that approves or denies user access and authentication requests based on PowerBroker policies.
Think of PowerADvantage as Windows Active Directory, only it's cross-platform. To the user, PowerADvantage means a single login. For an administrator, PowerADvantage is a time saver, an automated security deployment and configuration tool. PowerADvantage inputs a user identification, maps it with multiple operating systems and carries out PowerBroker policies defining what a user can do, where and when -- all with a simple script from the systems administrator.
And instead of creating duplicate storage of data or rules, PowerADvantage simply extends soft, "nonintrusive" hooks into Active Directory so that the latter's rules about who can access data or run reports are extended to Linux and Unix machines, explained Ellen Libenson, vice president of product marketing.
"A unified login is reality now," Libenson said. "This solves headaches without compromising the freedom of Linux. We're able to take Active Directory and make lives easier."PowerADvantage also is a huge time saver with configuration or deployment, enabling system administrators to rotate encryption keys or deploy new security policies automatically, added Jeff Nielsen, Symark's senior product manager. Additional servers can be quickly configured to match the rest, he added. "We're leveraging all the nice stuff in Active Directory, like standard Kerberos-based network authentication, to Linux and Unix machines, all from the same console," Nielsen said.
Enck said the basic problem is that Unix "doesn't have a vision" for the future of authentication, so by default everyone has turned to Microsoft's Active Directory. If independent software companies such as Symark can present a reasonable alternative, though, it leaves the door open to fill the gap.
PowerADvantage and its competitors aren't by themselves an incentive to go to a mixed-shop environment but they do remove an irritant for system administrators, Enck said.
"These products make administrators' lives easier … and have resonated well in the market," he said. "They reduce administrative workload and security exposure, which are both drivers [in adoption]. In any regulated business, this is a big factor."As for the relative merits of the competing products, Enck said they are "a wash:" functionally, with differences at the granular level. A business might do well to choose the vendor with whom it already has a relationship to reduce overhead and license management, he said. PowerADvantage onetime licenses cost $290 per server and $45 per workstation, with optional 24/7 support, including free upgrades, for an annual fee of 20% of the onetime license.
Let us know what you think about the story; email Pam Derringer, News Writer .