New Utility Enforces Policies Across Linux, Unix and Windows Networks

Symark International on Tuesday released PowerADvantage, an integrated authentication and configuration tool that extends features of Microsoft (Nasdaq: MSFT) Windows' Active Directory to networks also running Unix and Linux systems.

PowerAdvantage adds centralized authentication, authorization and account access functionality to Unix and Linux systems. It's also designed to bolster policy enforcement and infrastructure management functionality in the two non-Windows operating systems.

Among the chief benefits of PowerADvantage are the reduction in administration costs and security improvement, according to Symark. The new software also helps system administrators meet regulatory compliance efforts by centrally managing user identifications, authentication, security policies and automatic deployment of configuration settings across heterogeneous Unix and Linux environments.

"Why introduce this product now? The enterprise world is now ready to trim costs and make their networks more secure. Compliance laws now make it imperative to deal with situations such as five different user names for each worker needing access to Windows, Unix and Linux systems on the network," Ellen Libenson, vice president of product marketing of Symark International, told LinuxInsider.

How It Works

PowerADvantage places an agent on Unix and Linux machines that communicates with Active Directory's domain controllers. During the installation of the PowerADvantage agent, the Unix or Linux host is joined to the domain.

Then the host is configured to route authentication requests through the PowerADvantage agent. This allows the PowerADvantage agent to communicate with the Active Directory domain controllers to process authentication requests and access the Group Policy Objects used for configuration management.

After installation, the computer object for each Unix and Linux host can be moved to different organizational units in the Active Directory hierarchy, changing which set of Group Policy Objects apply to that host. The PowerADvantage Context of each host can also be changed, which will immediately change the log-in configuration for all Active Directory-based users logging in to that host.

Both of these changes can be performed without rebooting the host or restarting the PowerADvantage agent. Additionally, the PowerADvantage agent is configured by Group Policy. Thus, any changes in the configuration of the agents can be performed through Group Policy without the need to visit each individual host.

"The context feature in PowerADvantage can map to each user environment that has different user names for each system," Jeff Nielsen, senior product manager of Symark International, told LinuxInsider.

Key Features

PowerADvantage provides cross-platform unified log-in -- users can have a single log-in and password for all Unix, Linux and Windows machines. This eliminates the need to establish separate access credentials for each system and in turn increases efficiency and boosts productivity for end users while reducing calls to the help desk related to misplaced passwords, Symark said.

Easy installation allows system administrators to deploy the product quickly without making any irreversible changes to the Active Directory schema. The agent installation process eliminates complex, time-consuming configuration changes. Additionally, PowerADvantage's intelligent import wizard streamlines and simplifies the importing and mapping of current Unix and Linux user information directly into Active Directory.

PowerADvantage provides corporate officials with detailed compliance reports. These help ensure that all activities performed on Unix and Linux systems are written to the proper Active Directory logs. It produces audit reports required by Sarbanes-Oxley, the Payment Card Industry Data Security Standard, and the Health Insurance Portability and Accountability Act, providing a comprehensive trail for auditors. This simplifies the compliance process and reduces overall audit costs, said Symark, and it allows for the more rapid discovery of anomalies as part of a sound security posture.

"An essential advantage is the ability to disable access of former employees from one spot to each account. Administrators don't have to worry about orphaned access," Nielson explained.

Reduced Overhead

Comprehensive centralized storage keeps all user and group information within Active Directory. This reduces infrastructure costs by eliminating redundant identity stores, including legacy directories, unsecured network information system servers and locally managed files. Storing information within Active Directory, along with integrated use of existing Windows administration tools, enables IT managers to utilize applications with familiar interfaces.

This eliminates the need to license third-party synchronization products or to build and maintain in-house solutions. Operations, training and processes for provisioning, account maintenance and other administrative tasks are streamlined by standardizing on a single set of Active Directory-based tools.

Standalone or Integrated

"PowerADvantage is a standalone product, but it can be added onto PowerBroker," said Nielson.

PowerBroker provides Unix and Linux workstations and networks with increased security and accountability by delegating administrative privileges and granting selective access to corporate resources without disclosing the root password. This reduces the risk of accidental damage and the threat of malicious activities.

This integration with Symark's PowerBroker enhances security and compliance efforts by facilitating efficient management of both end-user and administrator account access from Active Directory while controlling access and tasks performed using the root account, he said.

Using either custom-created administrative templates or those provided by PowerADvantage, administrators create configuration settings that are automatically stored in Active Directory. This facilitates the rapid automatic deployment and maintenance of configuration settings across a large number of hosts, reducing administrative time and cost.

These policies are reapplied to each host based on a predetermined interval. The feature insures that any unapproved changes to the configuration items maintained by PowerADvantage will be reset back to the approved settings at the next policy refresh interval.

PowerADvantage is available for both server and work station pricing, according to Libenson.

For server installations the product costs US$290 per server. For workstation installations the product costs $45 per station.