Using Vintela from Quest Software
Many moons ago I was fortunate enough to stumble upon Vintela Authentication Services (although I don't think it was called that back then). Vintela is now a part of Quest Software and has expanded their product offerings, but the core VAS is still a great solution. What does it do you ask. Well, it makes a Unix, Linux or Mac system become a part of a Microsoft Active Directory domain, enabling centralized authentication and access control. You can then extend the benefits of Windows Group Policies to those non-Windows systems.
For an organization that has a majority of Microsoft Windows-based server operating systems, using Vintela VAS on those non-Windows servers saves the headaches of managing separate NIS or LDAP servers. You then get a centralized place for storing (and managing) user names, passwords, access rights, and more with no need for setup of an LDAP gateway. So, that Mac user over in marketing can now be managed via AD, as well as those new Linux boxes that keep finding their way into the datacenter.
While I'm on this subject, I've run across several instances lately where an application vendor wanted to store access control privileges in Active Directory to fields in the application database, which meant modifying the AD schema to fit a specific application. Well, Microsoft has a great way to overcome this by using Microsoft Active Directory Application Mode (ADAM) which can run on the application server or an XP PC and doesn't require a domain controller. I'll write a longer post about this later, but keep it in mind if you have legacy LDAP or X.500 integration needs or an application-specific security schema. ADAM integrates and replicates with AD, sometimes requiring MS Identity Integration Server 2003, but not always.
If you have a majority of Windows-based servers with an Active Directory domain and group policies, then check out Vintela for bringing those non-Windows boxes into AD.
No comments:
Post a Comment