JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/archives/July2006/Software/Centrify.htm

 

DirectControl for Macs – Seeing the Forest

reviewed by Robert Pritchett

 

 

 

Centrify Corporation

444 Castro St.

Suite 1100

Mountain View, CA 94041

1-650-961-1100

FAX: 1-650-962-0307

info@centrify.com

http://www.centrify.com

http://www.centrify.com/directcontrol/mac_os_x.asp

Released: DirectControl Suite for Mac OS X 10.4. Tiger – June 6, 2005

$50 USD per workstation, $300 USD per server, $1,000 USD per System Admin.

Tour: http://www.centrify.com/directcontrol/directcontroltour.asp

Requirements: Macs in a heterogenous environment running under Microsoft Active Directory.

Strengths: Plays nice with Macs in the Enterprise environment.

Weaknesses:

Webcast: http://macenterprise.org/content/view/189/42/

Do you have Macs in an Enterprise situation where MicrosoftÕs Active Directory is Òin controlÓ? With CentrifyÕs DirectControl, you can ÒZoneÓ in.

I had the privilege of being ÒwebinaredÓ by David Neely (Product Management Director) for a while, as the app was shown to me and how Macs can coexist, nay, shine, in a Windows-centric environment. See, we actually have a Òfer-instanceÓ where I work where we could put this app to use, since many of the programmers use portable Macs connected in via Wireless technology, while developing software for a Windows-centric environment.

And I know of other Òfer-instancesÓ, mostly government-entities, where Centrify would be a boon and a blessing, so the IT-types would feel more comfortable if they knew they could ÒcontrolÓ the Mac-faithful in their midst. Centrify has been around for a while, but they made the Mac OS X hook recently, so now the Macs are no longer the Òlittle red-headed stepchildÓ and there are fewer excuses not to Òconnect a MacÓ into the legacy systems.

So instead of regurgitating what was said, without further ado, here is the spiel (http://en.wikipedia.org/wiki/Spiel):

"DirectControl ensures that all of the systems can be administered in the same way using Active Directory," said David McNeely, director of product management, Centrify. "Centrify's DirectControl delivers the full capabilities of Active Directory to Mac OS X Tiger users and empowers IT managers with centralized control."

Centrify DirectControl support for Mac OS X Tiger means that an administrator can, from a single console, manage user access and policies for Mac OS X, Solaris, AIX, HP-UX, Red Hat Linux, SUSE Linux, and Windows systems throughout an enterprise. This centralized management reduces administrative cost and ensures that a consistent security policy is enforced across all users and computers on the network. The Centrify solution is designed to work for versions of Mac OS X, from 10.2 and greater, including the new Mac OS X Tiger. Users experience the same set of policy, authentication and management services for all systems. The users get single sign-on access to Windows, other systems running DirectControl, and Kerberized applications and services.

Using Centrify's unique Zone technology, administrators are able to control which computers a user can log into, based on collections ("Zones") of computers, instead of the typical environment which lets any user with an account in the Active Directory forest access any computer in that forest.

Other solutions for integrating Macintoshes with Active Directory offer only limited integration. DirectControl is unique in its approach to providing enterprise-ready features for IT organizations responsible for managing large number of Mac systems.

á       DirectControl's unique Zone technology enables granular access control and delegated administration that is simply not available in any other solution. You can create collections of Mac systems that can each have their own set of authorized users and administrators. Universities find this feature particularly helpful in setting up security boundaries around Macintosh labs while not exposing Macs in administrative offices to unauthorized access, but any organization with Macs that are "owned" by different departments will find they can centrally manage them without compromising security or flexibility and without stripping current system admins of their privileges.

á       No other solution delivers the ease of use and robustness of DirectControl's Group Policy for the Mac. Other centralized management solutions require extensive Active Directory schema extensions or the deployment of additional server infrastructure. DirectControl leverages the native Active Directory interface and open scripting standards, giving IT managers a single tool for policy management. And DirectControl delivers a wide variety of policies tailored specifically for IT managers who need control over these workstations.

á       DirectControl for Mac is part of a comprehensive solution for integrating non-Microsoft systems with Active Directory. Instead of a point solution dedicated strictly to the Mac, you have a single solution for UNIX and Linux systems as well.

á       DirectControl consistently enforces password policies across all systems. Other solutions are limited in their ability to enforce periodic password changes, permit changes on all systems, or require passwords to unlock system screensavers.

á        

DirectControl provides true central management over UIDs and GIDs, which is critical to ensuring seamless access to shared network resources. Other solutions require you to manage these settings locally on each computer.

End-users will be glad to know that DirectControl brings them the following benefits as well:

á       You have only one user ID and one password to remember.

á       You can log in to any computer (Macintosh or Windows) that belongs to the management Zones to which you have been assigned, regardless of whether you have ever logged into that system before.

á       There is no affect on the way you work; the DirectControl Agent that is installed on your computer seamlessly and transparently connects you to the greater Windows world without affecting any other system components.

If you are a lone Macintosh user or part of a small group within a Windows-based organization, you can easily install DirectControl yourself and work with your system administrator to integrate your system with Active Directory.

Do your ÒNetwork NaziÕsÓ have a crying need to ÒcontrolÓ the Macs in their midst? Now they can embrace them instead of shun them. No more excuses!


About Us | Privacy Policy | Contact Us | ©2006 MPN LLC.


















Who links to macCompanion.com?