Working With Integrated Centrify Products
My testing focused on the administration of users, management of systems and the end-user experience, as well as the enhanced capabilities provided to network managers. Installation of the suite was straightforward and presented no real surprises, and the included documentation and support smoothed over any issues that arose, which were related more to the particular environment I was working in than to the product itself. As mentioned before, Centrify Enterprise Suite consists of several integrated Centrify products. Management takes place from a centralized console, which provides access to all the various features. In other words, I did not have to individually launch the products; I could access them all from the main console.The DirectManage component provides centralized management and administration and uses a logical progression to manage and administer several critical capabilities. I found that DirectManage provided easy-to-use tools to create roles for users, as well as define zones for auto provision. I used DirectManage to create specific roles for the access and administration of Linux and other systems.However, I was most impressed with the product's ability to discover systems and deploy software to Unix and Linux clients. Centrify calls the technology "Deployment Manager." Using Deployment Manager consists of discovering a machine, registering that machine with the system and then integrating that machine into Active Directory. The product automatically queries the system, figures out all of the users, the software installed and so on, to integrate the new system into Active Directory. The product offers several options during integration into Active Directory. For example, I was able to choose a zone, a container and other objects to bring the system into Active Directory. Once the system was joined to Active Directory, I was able to create a single-sign-on (SSO) paradigm for the users. While SSO benefits the end users, the real power of the product is the centralized management paradigm, where Active Directory becomes the primary repository for account information and machine inventory and OS-specific chores can be accessed centrally, instead of requiring an administrator to log on to each server individually. DirectControl is another key component of the suite. With DirectControl, I was able to centralize account administration, including user rights, policies and settings. DirectControl works by incorporating Unix/Linux/Mac users into Active Directory and then extending it to support those accounts. The product makes those once-alien systems part of Active Directory. With DirectControl, I was able to quickly define the rights and policies associated with a particular user, regardless of what system the user wanted to access. Simply put, DirectControl extends Active Directory capabilities to Unix/Linux/Mac systems, allowing administrators to centrally control user access.