Quest Software Inc. has added new end-user provisioning and cross-platform identity integration tools today that will expand on the ability of IT administrators to use Active Directory to manage several platforms and directories from a single Windows console.
Quest's ActiveRoles Server provides role-based security, automated group management, and change approval in an Active Directory-based identity platform. The new provisioning features are available starting today in ActiveRoles Server 6.0.
Also available today, Vintela Authentication Services 3.1 adds compliance and security features and tighter integration with other Quest products such as Reporter, Group Policy Manager and Active Roles.
There are few tools available for IT managers in the area of cross-platform or multiple directory management, said Peter Pawlak, senior analyst with consulting firm Directions on Microsoft in Kirkland, Wash. Other than Quest/Vintela, Centrify Corp., based in Mountain View, Calif., is the only vendor offering similar tools.
"With relatively small sales forces, these companies have been able to grow because IT pros are looking for ways to deal with this problem," said Pawlak. "They are intrigued at the idea of finding a product that maps all of their directories to a single directory," said Pawlak.
IT professionals may also be seeking out third-party software from the likes of Quest because an alternative directory that would provide them with the same functionality that can be found in Active Directory has yet to be made for the Unix environment, Pawlak said.
"There is a desire for a de facto directory to emerge, and that one is currently looking like it's Active Directory," Pawlak said.
One feature that Quest added to ActiveRoles Server automates the task of adding and deleting user access across multiple platforms. Chris Shannon, systems engineer at First Merchants Corp. in Muncie, Ind., said that task costs his company a decent chunk of change in man-hours.
"The more users you have, the more problems you have in terms of what group or individual has access to what," said Shannon, whose IT team supports 1,500 users across 130 servers. "A lot of the team's time is spent setting up and decommissioning users. Quest's tools can just do it for you, when it's supposed to happen instead of you saying, 'Oh yeah, I have to remember to de-provision that user or group.'"
On top of that, Shannon said, 80% of the calls that came into First Merchants' help desk were from users who had been locked out of their computers because they surpassed the password error limits set by Active Directory.
"We waste a lot of time resetting passwords on Active Directory and unlocking accounts," said Shannon. "That's why we got [Quest's] password reset manager [Password Manager] to automate that process. Our calls in that area dropped to 10%."
A migration wizard in the new version of Quest's Vintela Authentication Services lets IT managers migrate Unix identities to Active Directory. If the IT shop is not quite ready to make the shift, another tool allows for integration with Active Directory while still maintaining separate Unix identities.
Quest also added compliance and security features to the Vintela product, such as Windows Security Policy in Active Directory and Unix host access control through Group Policy.
With its products, the company is using technology and standards familiar to the Windows environment and applying them to Unix and Linux environments. It is applying standards such as Kerberos and LDAP for authentication to the Unix side, for example, said Dave Wilson, vice president of Vintela products for Quest in Aliso Viejo, Calif., and founder of Vintela.
Quest has praised the benefits of Active Directory as a de facto directory in a heterogeneous environment as it has built reporting, authentication and security management tools around the Active Directory platform.
Much of this technology came from some 35 acquisitions in the last six years. The Vintela acquisition, for example, brought cross-platform manageability from a single console.Provisioning was a big piece of creating a complete product line, Wilson said. "You have new people coming in from all over, the IBM mainframe, the HR systems, MetaDirectory," he said. "All of these can now be provisioned into Active Directory, and who can do what or has access to what can be managed from there as well."