Overview

Centrify DirectControl centralizes authentication and privileged user access across disparate systems and applications by extending Active Directory-based authentication, enabling use of Windows Group Policy and single sign-on.

With DirectControl, enterprises can easily migrate and manage complex UNIX-based environments, rapidly consolidate identities into the directory, organize granular access and simplify administration. DirectControl, through Centrify's patented Zone technology, allows organizations to easily establish global UNIX identities, centrally manage exceptions on legacy systems, separate identity from access management and delegate administration. DirectControl's non-intrusive and organized approach to identity and access management results in stronger security, improved compliance and reduced operational costs.

Features and Benefits

Centrify DirectControl centralizes authentication and privileged user access across disparate systems and applications by leveraging Active Directory.

Centrify DirectControl's core feature is its ability to enable UNIX, Linux and Mac OS servers and workstations to participate in an Active Directory domain. The Centrify DirectControl Agent effectively turns the host system into an Active Directory client, enabling you to secure that system using the same authentication, access control and Group Policy services currently deployed for your Windows systems. Additional seamlessly integrated modules snap into the DirectControl Agent to provide services such as single sign-on to SAP, web applications, and databases. The DirectControl Management Tools include extensions to standard Microsoft management tools, an administration console, out-of-the-box reporting, and an account migration wizard.

With the Centrify DirectControl suite, organizations with diverse IT environments can leverage their investment in Active Directory to:

• Move to a central directory with a single point of administration for user accounts and security policy
• Use DirectControl Zones to provide secure, granular access control and delegated administration
• Extend single sign-on to web applications, databases and ERP applications
• Simplify compliance with regulatory requirements
• Deploy quickly without intrusive changes to existing infrastructure

Move to a Central Directory with a Single Point of Administration for User Accounts and Security Policy
By consolidating user accounts in Active Directory, organizations can improve IT efficiency and move toward a more secure, connected infrastructure for their heterogeneous environment. Using DirectControl enables them to:

• Strengthen security by consolidating user accounts into Active Directory: one user, one account. Administrators and end-users have a single sign-on account to servers and workstations, with role-based access control centrally managed through Active Directory. This eliminates security risks posed by orphan accounts because IT managers can immediately and globally turn off the accounts of departing employees. And they can use Active Directory tools to identify dormant accounts.
• Reduce infrastructure costs by eliminating redundant identity stores, including legacy directories, unsecured NIS servers, dedicated application databases and locally managed /etc/passwd files. There is also no need to license expensive third-party synchronization products or to try building and maintaining in-house solutions.
• Streamline operations by standardizing on a single set of Active Directory-based tools, training and processes for provisioning, account maintenance and other administrative tasks.
• Establish consistent security and configuration policies across their heterogeneous environment. They can adopt a consistent, enterprise-wide standard for passwords by enforcing Active Directory's rules for password complexity and expiration for all users regardless of where they log in. And they can centrally enforce security and configuration policies across UNIX, Linux and Mac systems using DirectControl's integrated Group Policy feature, which provides more out-of-the-box policies, including user policies, than any other solution.
• Improve productivity and satisfaction for end-users, who now have only one password to remember. The result is that fewer Help Desk resources are needed to support unnecessary password resets and account updates.

Use Centrify Zones to Provide Secure, Granular Access Control and Delegated Administration
Centrify's patented Zone technology, with its unique hierarchy and inheritance model, provides the industry's only solution for using Active Directory to manage identities, grant access rights and delegate privileges across a diverse mix of UNIX, Linux and Mac computers and devices. Centrify Zones provide:

• The fastest and most efficient means of consolidating a set of complex and disparate UNIX and Linux identity stores into Active Directory
• The most flexible solution for creating least-access and least-privilege security models for a diverse set of users, systems and roles
• The most secure means of delegating user privileges in a highly granular manner

Extend Single Sign-on to Web Applications, Databases and ERP Applications
Centrify delivers Active Directory-based single sign-on for both intranet and extranet web applications, databases, and ERP applications at a fraction of the cost of older point solutions. Features and benefits include:

• End-users can now silently authenticate to the heterogeneous systems, applications and databases they are allowed to access without being challenged to re-type a user name or password.
• IT administrators and help desk personnel can now use a single administrative tool — Microsoft Active Directory — to define consistent security policies for and to control access to a mix of different vendors' databases, heterogeneous operating systems, and web-based applications within their organization.
• DirectControl leverages an organization's Active Directory infrastructure, accounts and groups for seamless integration into existing management processes. No additional servers or software are required.
• DirectControl supports web applications running not only on popular UNIX and Linux platforms but on Windows as well.

Simplify Compliance with Regulatory Requirements
DirectControl greatly simplifies the administrative, reporting and auditing tasks brought on by Sarbanes-Oxley, PCI, HIPPA and other government and industry regulations. The combination of Active Directory and DirectControl provides the following benefits:

• IT managers now have, in Active Directory, a single point of administration from which to reliably manage user accounts, set access controls, and enforce security policies across their heterogeneous enterprise.
• Centrify's patented Zone technology enables IT managers to limit administrative rights and end-user access to sensitive systems on a "need to know" basis. The Centrify Administrator Console provides a visual interface that enables IT managers to easily view and change role-based access controls and delegated privileges.
• Auditing requirements can be addressed by running the numerous out-of-the box reports that can prove to auditors, on-demand, what systems any specific user can access, and which users can access any specific system.
• By extending Active Directory's password requirements and Group Policy features to UNIX, Linux and Mac, DirectControl enables IT managers to enforce consistent, enterprise-wide security policies in a manner that can be verified by auditors.
• DirectControl ensures activity on UNIX, Linux and Mac systems is written to the proper Active Directory logs, providing an audit trail for system access. Centrify DirectAudit supplements logging with detailed user session capture and replay capabilities.

Deploy Quickly Without Intrusive Changes to Existing Infrastructure
DirectControl's support for open standards and its unified architecture make it far easier to deploy than any other Active Directory-based solution. DirectControl's Microsoft-certified technology offers IT managers the following benefits:

• DirectControl does not install any software on domain controllers, nor does it require any changes to the Active Directory schema to store UNIX identity data. DirectControl supports RFC 2307 via the Active Directory schema that Microsoft introduced with Windows Server 2003 R2.
• DirectControl can map multiple UNIX identities to a given Active Directory account without introducing any proprietary Active Directory schema modifications. IT managers can access this UNIX data in Active Directory using straight-forward ADSI and LDAP searches.
• DirectControl's unified architecture delivers identity management, access control and policy enforcement through an all-in-one Agent, making it the easiest Active Directory-based solution to deploy and manage. Additional modules for features such as SAP, web and database single sign-on or Samba integration also snap in seamlessly to the base Agent.
• Centrify accelerates an organization's productivity by delivering the industry's broadest set of free downloads of Open Source tools such as OpenSSH and PuTTY, which have been enhanced to work seamlessly with Active Directory via DirectControl.