WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
65
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 65
are looked up and displayed. The file's owner is stored as a number--the user's UID--in
the properties area for the file on the UNIX computer. Since the ls command displays the
owner as a name, not a number, the ls command must look up actual user name
associated with the owner's UID. Since the UIDs and user names are stored in Active
Directory, this lookup must be serviced by the Active Directory system. If there are a lot of
files that are displayed when the ls command is executed, then there will be a lot of look
up traffic between the UNIX computer and the Active Directory system. DirectControl
reduces this traffic by caching the lookups so that the information does not have to be
retrieved from the Active Directory system every time a lookup is required. Commands
will look in the local cache first for the relevant information instead of retrieving the
information from Active Directory every time. Typical Open Source based solutions do not
have a caching capability. Therefore there will be substantially more network traffic and
load on the Active Directory domain controllers once UNIX computers are set up to use
Active Directory for authentication, authorization and other directory services.
Reporting and Auditing
One of the key strengths of the Centrify DirectControl solution is its robust reporting
capability. DirectControl includes several standard reports that provide summarized and
detailed information about your UNIX users, groups, computers, Zones, and licenses.
The "Running reports" guide in the Centrify DirectControl Administrator's Guide describes
the reports that you can produce with DirectControl and how to generate and export the
report data.
You can use the Centrify DirectControl Administrator Console to create reports about all
of the UNIX users, computers, groups, and Zones that you define and the properties
associated with each of them. In addition to providing detailed lists of user names and
properties, reports provide you with different views of the information. For example, you
can view computers grouped by Zone or users grouped by application license.
You can also use reports to periodically check the integrity of Zones across the Active
Directory forest and to verify which users have access to specific computers, Zones, and
applications. Reports can help simplify accounting and auditing of user access and
provide the information you require for business planning and regulatory compliance.
By default, reports include information for all UNIX users, groups, computers, or Zones
depending on the type of report you select. You can, however, filter report information to
include only specific Zones, specific user accounts, or other attributes.
After you generate a report, you export the report to a variety of formats. Because each
time you select a report, you generate a new snapshot of your environment, exporting a
report allows you to save the report content for comparison over time. Depending on the
format you select, you can then print, distribute, format, and manipulate the report
information. You can export the report to the following formats:
·
Microsoft Excel (.xls)
·
Microsoft Word (.doc)
·
Rich Text Format (.rtf)
·
Adobe Acrobat (.pdf)
For example, after generating a report with information on all the users that are enabled
in each Zone, you can export it to Microsoft Excel (.xls) format, and then import the
information into an Excel Worksheet to create a Charge Back report on account usage for
each department.