WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
18
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 18
If you have a large UNIX environment, you should consider the number and locations of
your Active Directory domain controllers. Your physical design should address the
domain controllers different sets of UNIX computers should use and whether additional
domain controllers should be added to handle the increased demand from UNIX
computers and users. Planning should be made for addressing network bandwidth and
latency as well as provisions for uninterrupted service in the event of the unplanned
failure of a local domain controller. Since DirectControl supports the caching of user
credentials, users will be able to continue to securely access systems that they have
previously accessed even if the domain controller is not available. This is consistent with
the behavior of a Windows XP system that has been joined to the domain and accessed
by a domain user at least once. This new capability should be taken into consideration
when building the physical design and location of domain controllers.
DirectControl supports the secure exchange of Active Directory credentials in cross
domain trusts and forests with multiple domains. This capability for example will enable
planners to securely share application servers across multiple domains in the
organization with the result of potentially reducing the number of physical servers.
Finally, the DirectControl credential caching capability enables some new potential
scenarios for the physical design of the network. The possibility now exists to have
roaming Linux or UNIX users that are now able to securely log into the domain accounts
on their systems, even if they are not on the same network as the domain controller.
Figure 1.7 is an example of a physical design that leverages DirectControl for providing
security and directory services to UNIX and Linux systems in a multi-domain
environment.
dept.example.com
example.com
WAN / VPN
Windows Client
UNIX/Linux Client
with DirectControl Agent
Centrify Solution
Single Username and Password for
Windows, UNIX and Linux Clients
Transparent Single Sign-On Access to
Windows, UNIX and Linux apps
Windows Server 2003
Domain Controller
Windows app server
Corporate LAN
Windows Server 2003
Domain Controller
with DirectControl
Windows Server 2003
Domain Controller
Windows app server
Sun Solaris Server
J2EE app server
with DirectControl
Branch LAN
Windows
Client
UNIX/Linux
Client with
DirectControl Agent
Replication
Cross domain trust
Active Directory
AuthZ, AuthN
Roaming UNIX/Linux Client
with DirectControl Agent
Single Username and Password and
cached AuthZ and AuthN for
disconnected
UNIX and Linux Clients
Windows Client
with DirectControl
Admin Console
and ADUC MMC
Figure 1.7. Example of a physical design for authentication, authorization and
directory services using Centrify DirectControl
Summary :
dept.example.com example.com WAN / VPN Windows Client UNIX/Linux Client with DirectControl Agent Centrify Solution Single Username and Password for Windows, UNIX and Linux Clients Transparent Single Sign-On Access to Windows, UNIX and Linux apps Windows Server 2003 Domain Controller Windows app server Corporate LAN Windows Server 2003 Domain Controller with DirectControl Windows Server 2003 Domain Controller Windows app server Sun Solaris Server J2EE app server with DirectControl Branch LAN Windows Client UNIX/Linux Client with DirectControl Agent Replication Cross domain trust Active Directory AuthZ, AuthN Roaming UNIX/Linux Client with DirectControl Agent Single Username and Password and cached AuthZ and AuthN for disconnected UNIX and Linux Clients Windows Client with DirectControl Admin Console and ADUC MMC Figure 1.7.
Tags :
unix,serer,controller,physical,client,directory,design,linux,controllers,centrify,actie,example,agent