The emergence of software that manages authentication of different network directories from the Windows platform...
is drawing some interest from IT administrators, but more importantly, it has opened up a dialogue about the political feasibility in IT of
IT political boundaries -- between those who manage Windows and those who manage non-Windows systems -- are a major roadblock for companies that make cross-platform directory management tools, experts agree.
"Unix systems are usually controlled by people who think Windows systems aren't worth talking about," said John McGlinchey, an Active Directory administrator at a major pharmaceutical company. "But a lot of people would get value out of this. It's a nice integration mechanism."
Two companies with products in this market are Vintela Inc., which has Microsoft as a minority stakeholder, and Centrify Corp., which is based in Mountain View, Calif. Both companies make software that uses Windows and Active Directory to manage Linux and Unix identities, which can simplify the management environment of an enterprise, said Nick Nikols, an analyst at the Burton Group, a Midvale, Utah, consulting firm.
An eye on Linux deployments
There are plenty of organizations that fall somewhere between the diehard Microsoft camp and the non-Microsoft camp. Whether cross-OS directory management products catch on depends on how many companies eventually install a broader range of Linux software.
If an IT organization has both Linux and Windows, these tools can save on having a single infrastructure to manage Active Directory -- that is, if the company hasn't already made a large investment in the identity management of Linux or Unix. Vintela and Centrify redirect authentication information from the Linux environment to Active Directory, which does the authentication.
One of the reasons why the time may be ripe for directory integration around Active Directory is because AD is widely deployed and IT customers are looking for ways to leverage both AD and Group Policy, said Jackson Shaw, vice president of product management at Vintela, which has its headquarters in Lindon, Utah.
"Active Directory has such a rich capability around password control and security, and that's a key reason why people are trying to extend that structure into Unix," Shaw said. "And customers with heterogeneous environments are tired of having to duplicate infrastructures and want to rationalize this stuff and reduce their operational costs."
Novell and Tivoli are in the game
Other directory management platforms, such as Novell Inc.'s eDirectory and IBM Tivoli's Directory Server, are able to manage across platforms, Nikols said. The question is, "Do you want to do it?"
For some enterprises, there are emerging security reasons to run everything on Active Directory. American Medical Security Inc., a Green Bay, Wis.-based insurer, uses Vintela's software to integrate about 20 Unix servers into its Windows infrastructure. Greg Neveau, manager of systems engineering at American Medical, said politics wasn't a big problem for him since there are so few Unix servers in his enterprise. One of his main interests in using cross-directory software was to reduce his company's support burden when individuals forget their passwords or logons for different systems.
The software also helps make sure security policies are followed if an employee leaves the company, in that they were removed from access to all servers, Neveau said. The only caveat, he said, is to make sure that Vintela's software works with all third-party applications.
"DB2 won't work with Vintela itself because it expects the user's ID to be local, but you can configure DB2 to work with Active Directory," Neveau said. "So you need to test to make sure the applications work with [Vintela]."
One infrastructure not feasible for some
Many IT managers at large companies don't think it's realistic to have a single directory management infrastructure. "A lot depends on what kind of firm you are," said Arun DeSouza, manager of global computing technologies at Inergy Automotive Systems, in Troy, Mich. "A bank may have to run COBAL. You can wish it away, but it's going to be there."
An IT shop may need Unix, Novell's NetWare and Windows. CIOs that need to manage different systems might find cross-platform management software helpful but the company would still need administrators to run each site. "A CIO might want to sweep away all the directories, but it's just not practical," DeSouza said.
Another IT manager said he believes that the cross-platform directory authentication is interesting on the surface, but the fact that there are big differences in the integration of Linux and Windows make it unclear if both can be managed in the same way. "Microsoft is highly integrated and Linux is not," said Christopher Gervais, a technologist in information systems planning at Partners HealthCare System Inc., in Boston.
"We have all these separate groups operationally," Gervais said. "They will get the ingredients for a dinner from a central group. We don't yet have a standard Linux build of partners. We still need to understand if we can manage [Linux] the same way we manage Windows."