WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
48
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 48
Deploying the Centrify DirectControl Solution
After you complete the testing and stabilization phase, you are ready to place all
computer, user, and group accounts into Active Directory throughout your production
environment. After you complete the deployment phase, you can use Active Directory to
manage all authentication, authorization, and directory services.
Introduction and Goals
This section provides an overview of deployment-related tasks for the Centrify
DirectControl solution and is not intended to be a comprehensive deployment guide. For
complete information about deploying the Centrify solution, see the Centrify DirectControl
Administrator's Guide.
Major Tasks and Deliverables
In this phase, you perform the following major tasks:
·
Complete deployment preparations
·
Deploy the solution
·
Stabilize
the
deployment
Completing Deployment Preparations
You can install DirectControl software components at any time on both UNIX and
Windows platforms without extensive preparations because no changes are made that
impact the user or administrator experience on those computers. However, before you
begin the deployment, you should review the following sections and follow the guidelines
provided in each section if it applies to your organization:
·
Importing existing UNIX accounts into Active Directory
·
Using Zones to manage role-based access control mapping
·
Using Group Policy with DirectControl to manage GPOs
·
Applying security controls
·
Choosing the phased deployment option
In addition, all organizations should complete the following task as part of the deployment
process:
·
Preparing support staff and users
Importing Existing UNIX Accounts into Active Directory
Typically, you have existing UNIX account information that you need to map to Active
Directory users and groups. You can do this by importing the UNIX account information
into Active Directory and specifying how those existing accounts map to Active Directory
users and groups. If you have existing UNIX user and group information, you can use the
Centrify DirectControl Administrator Console to selectively import this information into
Active Directory.
Importing from Existing Identity Stores
Centrify provides complete documentation of the steps required to import existing UNIX
identity stores into Active Directory in the guide "Importing information from NIS maps or
UNIX files" in the Centrify DirectControl Administrator's Guide. This subsection provides
an overview of the importation process.