Domain: centrify.com
Stories and comments across the archive that link to centrify.com.
Comments · 19
-
Centrify May Offer What You're Looking For
Ceck out http://www.centrify.com/cloud/...
-
Re:People still buy Office?
You can use GPO in a very limited way without any add-ons but you should take a look at this: http://www.centrify.com/directcontrol/group-policy-for-mac-os-x-desktops.asp
-
Re:A "Real computer"
Oh and there's the fact that Windows integrates nicely in to being centrally managed, and the iPad does not.
Oh and there's the fact that your biased editorial is wildly inaccurate.
-
Re:System restore stinks. Image your disk
pushing down group policies to a fleet of macs?
Workgroup Manager. Between that and Apple Remote Desktop there's practically nothing you can't manage on a fleet of Macs that authenticate against OD on an OS X Server. Software updates, backups of workstations, printers, etc...
Of course, if you have your little heart absolutely set on managing Macs with actual Microsoft group policy on a DC, you can use Centrify DirectControl.
~Philly
-
Re:Can't Lock Linux Down
Agreed. I've not seen anything like Windows Group Policy for Linux. But, then again, I've not looked too hard. If someone knows of something like GP for Linux, please let me know!
Is this what you were looking for: Group Policy for UNIX, Linux and Mac? I didn't know myself but a simple Google of linux group policies returned that as the second result.
Falcon
-
Re:What was wrong with Centrify?
I'm just curious -- Centrify claims to offer Windows group policy management for Unix, Linux, and Mac OS X. Aside from the cost, was there some reason why that wasn't going to cut it for you? Cuz I kinda doubt you'll find a cheaper solution that's more mature...
Other then that it is closed source and bloated. Hey if you like either... then surrre Centrify is a solution.
-
What was wrong with Centrify?
I'm just curious -- Centrify claims to offer Windows group policy management for Unix, Linux, and Mac OS X. Aside from the cost, was there some reason why that wasn't going to cut it for you? Cuz I kinda doubt you'll find a cheaper solution that's more mature...
-
Re:And what they don't say...
Its in the patent map, clear as day.
http://www.centrify.com/downloads/public/microsoft_protocol_to_patent_map_courtesy_of_centrify.xls -
Native Enterprise Authentication
I missed this post by a few hours, so this reply will be undoubtedly buried, but I'll post my $0.02 anyhow.
The problem with Linux on the desktop is not the lack of the "killer app", as so many people are trying desperately to solve. It isn't even the GUI interface selection, or any of the other standard responses as to why Linux is flailing without much penetration into the desktop world. The #1 reason why Linux doesn't have a bigger installation base is because it has yet to penetrate the business desktop market, and that fault can be summed up into one service: Native Enterprise Authentication (ie. Active Directory for Linux).
When Windows pushed out the mainframes of its day, computing was still in its infancy, and security/privacy laws hadn't yet adapted to the computing age. Active Directory came along much later in their lineup simply because it wasn't necessary at the time. Once MS saw that site-wide authentication with integrated single sign-on was the only route left to go, they hit the nail on the head with the biggest damn hammer available. They coupled LDAP with Kerberos into a single service that provided a company directory, user authentication, and single sign-on capabilities. Later their killer app became Exchange, and Exchange could never work the way it does without Active Directory. These days we have several Linux installations that are authenticating against Active Directory, as that is the currently installed authentication system within the enterprise. Hell, there are even companies that exist solely around the concept of making this setup work as easily and flawlessly as possible.
If you want Linux to really penetrate the Enterprise desktop market (which in turn has been historically proven to increase home desktop penetration), then what Linux really needs is its own native version of Active Directory. Even if we just cloned the service it would at least make Linux/Windows integration much cleaner, but ideally it would be more than that. Either way, it would need to at least provide the same data as Active Directory, as adding a method of authenticating Windows machines against it would be necessary. This could start as simply a mash-up of Kerberos and LDAP with a management front end, but the end goal should be a stand alone service that is easy to install and easy to maintain.
There. My $0.02. Don't spend it all in once place. -
Re:Attention: Not 1998.
This customer requests Solaris hosts that can authenticate natively to an Active Directory domain. Yesterday would be a good delivery date
In that case, what you need is Centrify. I saw a presentation and demo of it 6 months back and it was really neat. -
Another alternative - Centrify
Another alternative to a Golden Triangle is to use Centrify for the Mac if you have Windows sysadmins who just won't countenance a Mac server. Centrify uses the same underlying mechanisms as Workgroup Manager but lets a directory admin on a Windows server manage the Macs as though he were applying GPO's to Windows machines. While I think a Golden Triangle is preferable, Centrify works well when you just can't install a Mac OS X Server.
--Paul -
Mac Vs Window - My Experience
The school I work at is looking at integrating Macbooks into our exisitng Windows infrastructure. This is ONLY my experience, please do not read it as anything else.
To begin the evaluation process, I contacted Apple Canada to order a single Macbook. I had to jump through a lot of hoops setting up a new educational account, but that is understandable. finally, everything was in order and I sent in my PO. 40 days later, my Macbook arrived. Two weeks prior to the Mac order, I ordered 4 Dell laptops. They were here within 5 days. (btw, the $$$ was the same for each order.)
Out of the box, the Macbook and Dell took the same amount of time to enter user info etcetera.
I admit that I have been trained to work with a Windows environment. For this discussion, this is neither good nor bad, just a fact. Because of this training, I would like to manage an Apple environment in the same manner - specifically, GPO's.
While the Directory Access utility can kind of integrate the Mac into my environment, it was no where near what I am looking for. I began looking for third party methods of managing both systems and providing a Single Log On solution. The best one I have found so far is DirectControl by Centrify http://www.centrify.com/. They actually have
.adm files that get added in to Group Policy to allow me to manage the Mac the same way I manage a PC. The policies are still limited, but they are growing. Also supported is the ability to automount a Windows home directory as a Mac home directory. So I may not need to purchase Antivirus, but this utility is ~$60 per machine, plus a $1,000 admin console. And under my Microsoft licensing, I must count and pay for all the Macs in the school as well, so no savings there.In conclusion, we will be adding Macs. Not migrating to, just adding. I will continue to manage them the way I know how, as I learn the new OS. Also note that we intend to add a Linux lab in the future. The product mentioned above integrates a very large number of OS's into a single management framework using Active Directory. There are some tasks I grab the Mac for, and others that I grab a PC for. Depends on the task, both are useful.
-
Which third party solutions?What kind of ignorance does it take to state that there are third party solutions for integrating Macs into Active Directory, but doesn't list a single one of them?
Thursby's ADmitMac
Centify's DirectControl ... and that's two without me even doing a search... -
Informed parent poster? Hardly.
You also don't get things like group policy or centralized (to a server in your enterprise) updates.
OS X Server 10.4 has pretty decent client-management capabilities if you have an all-Mac shop. If you want to run Mac clients bound to a Windows AD, you can put in an OS X Server to manage them or subject them to your Windows group policy whims with a third-party product.
OS X Server 10.4 also has a centralized update server built in. It works great. Apple Remote Desktop, along with some scripting, gives me the ability to immediately push updates to the Macs under my control, or just set them to automatically download and install any available updates on a set schedule. I can even have the Macs power themselves up from a shutdown state in the middle of the night to do the updates if I want.
Th Windows field engineers in my company went crazy for the last couple weeks trying to get DST updates taken care of. I took care of all my Mac clients remotely, spending about 30-45 minutes a night while I watched TV at home. -
Re:Integrate not authenticate
If you want that kind of control it requires a third-party solution, but it is doable.
~Philly -
Yes they can!
With this: http://www.centrify.com/directcontrol/mac_os_x.as
p Shameless plug. -
Re:Why would one want to do this?
i work for a company that handles large enterprises single sign on and user id consolidation needs... (as well as small/medium ones as well)
you are right on... when it comes to compliance and SOX requirements, getting all of your machines authenticating against one directory (AD or otherwise) makes perfect sense. I am sure there are a few sys admins here who have been asked for login failure and share access permissions across all of their network machines. adding more 'directories' makes it even more fun to gather these reports, comb through logs, look for changes across all the flavors of *nix and then the msft event logs, even network syslog...
There are a few companies out there who have built product lines that allow unix machines to authenticate against AD, their machine accounts can have Windows Group Polices and managed under one single console, they have the ability to appear in SMS as any other machine for reporting and hardware inventory and also to send their performance metrics over to MSFT MOM...
Why in the HELL would anyone want to authenticate against AD? well, it is simple really.. MSFT DID do the LDAP/Kerberos thing right and have been doing it right for a long time. They also have the whole pass-through, single id thing going and it works just fine in AD (when its an all windows network)... and its EVERYWHERE... how many LARGE companies are using whitepages/ldap type directories for authentication and how many are using AD? its a valid question to ask and what is happening is that most ARE already on AD or are moving to AD and they ARE using Exchange and this put AD into a space of being one of the main components of an enterprise. So why not just toss the unix machines in there as well?
yes, it empowers windows AD... but the first solution below (from quest) does not take anything out of the unix guys bag of tricks... in fact it allows for the unix guy to actually do things against AD that before was a pain to setup/admin...
anyway... sunday, should be out walking the dog and playing frisbee with the kids or working on my short game... check out http://www.quest.com/landing/?ID=531 or http://www.centrify.com/ for some good info on two companies that are doing this for the *nix world now... -
Centrify or Vintela
-
Re:Fifty-Five nodes?C'mon, with the schema additions for *nix, AD looks like any LDAP to a pam/ldap client. That's all OD will ever look like.
Adding Vintella or Centrify to the mix allows to to manage not just sign-on authentication, but fine-grained network and client policy with the native AD controls. This is something OD doesn't come close to.
AD is the second best directory in the world - after NDS. NDS doesn't come close to the level of third-party application and tool support, any longer.