Vintela Authentication Services – Deployment Flexibility to Meet Your Unique Requirements

Schema or no Schema – you decide

Vintela Authentication Services has always led the industry in the number of companies that have deployed the product in production and in the number of users deployed. The reasons for this success are many, but perhaps flexible deployment options sits at the top of the list. Vintela Authentication Services gives you more options for integrating Unix, Linux, and Mac systems with Active Directory (AD) than any other solution. And those options address real-world issues in ways that provide a logical and achievable path to best practices, and an optimized heterogeneous identity and access environment. What challenges do you face?

• Do you have a short-term compliance need and don’t have the resources or need to rationalize your Unix environment before integrating with AD?
• Do you have no control over the AD schema, or want/need to avoid using the schema at all?
• Would you prefer not to place large amounts of transient account data in your production directory during a migration project?
• Do you have neither the time nor resources to undergo a potentially lengthy rationalization project before reaping the benefits of centralized authentication from AD?

Quest understands that “one size fits all” is neither wise nor achievable and only Quest offers the flexibility to serve the widest range of needs.

More Options, More Flexibility  

What if there was a way to rapidly take advantage of centralized AD authentication with virtually no impact on your existing AD environment? One thing is clear when looking for an integration strategy: Migrating Unix authentication to AD is not disruptive, but migrating Unix identities to AD can be very disruptive. Vintela Authentication Services provides three flexible options:

• Mapped User – entirely non-disruptive, no impact on the AD schema
• Personality – highly flexible for managing multiple Unix “personalities” by user and group
• Standard – provides centralized authentication and identity consolidation as well as access to the entire range of Vintela Authentication Services functionality.

For complete details on each option view the Vintela Authentication Services migration functionality matrix. For more information on the various deployment options available please refer to the Quest technical brief titled Vintela Authentication Services - A Host of Deployment Options to Meet Your Needs 

Mapped User

Vintela Authentication Services provides the only non-disruptive solution for providing centralized authentication. With Vintela Authentication Services’ patent-pending Mapped User functionality the AD schema remains entirely untouched—no schema extension and no overloading existing attributes—and no changes are made to Unix account information. Mapped User supports local passwd files, NIS, NIS+, and LDAP. Hundreds of Quest’s customers have used Mapped User as a very successful phase of their overall integration project to achieve immediate benefits such as:

• The ability to centrally enforce AD password policies across the entire heterogeneous environment
• User self-enrollment at first Unix login
• A single place to reset passwords and de-provision accounts—for Windows, Unix, Linux, and Mac
• Enforcement of centralized access control policies for non-Windows systems
• Disconnected mode authentication—for situations when Unix systems cannot contact AD
• Single sign-on through a simplified Kerberos implementation across the environment
• Simplify management and efficiently integrate applications and databases running on Unix with AD
• Extend AD Group Policy to Unix, Linux, and Mac systems 

Dell used the Mapped User approach as the first step in a phased rollout of Vintela Authentication Services to several thousand systems with great success.

“In fairly short order, we have eliminated our security, compliance and management concerns with cross-platform identities. And I think we are not even using Vintela Authentication Services to it’s fullest yet. . . Vintela Authentication Services is the best product we have found on the market. It satisfies our needs and can help us expand where we need to in the future.”

David Taylor, Principal Linux Engineer at Dell 

Read more about Dell’s streamlines authentication and identity management project using Quest’s Vintela Authentication Services in the Dell case study.

Personality

Vintela Authentication Services Unix Personality Management mode provides a highly flexible model for managing multiple Unix “personalities” by user or group. Fundamentally, Unix Personality Management allows simple creation of alternate Unix "Personalities" to define profiles in AD for different systems – all using standard schema attributes based on the default AD schema definition. Unix Personality Management provides distinct benefits including:

• Ideal for collapsing large numbers of NIS domains into AD
• Efficiency in managing un-rationalized environments 

Standard

Vintela Authentication Services’ standard deployment model delivers full product functionality for rationalized environments with no changes to the Microsoft’s most recent releases of the AD schema. Recognizing the importance of the Unix-to-AD integration space pioneered by Quest, Microsoft included the required Unix attributes in the basic AD schema of Windows Server 2003 “R2”. A fully rationalized environment is the ideal and preferred end-state for organizations seeking to truly use these technologies to their fullest. Benefits of the standard deployment approach include:

• Provides centralized authentication and identity consolidation
• Embraces both the industry standard and Microsoft’s best practices of RFC2307
• Highly scalable – customers successfully running 5,000 to 10,000 Unix systems in production with tens-of-thousands of users 

Southern Company realized the benefits of rationalizing their environment to gain maximum benefit from their Unix-to-AD integration project. Read the case study here.

“We have a guiding principle to ‘Make it One’, which means doing everything one way (from a technology perspective) as often as possible. Vintela Authentication Services is a great step in that direction.”

Roger Park, Manager of Server and Desktop Systems at Southern Company.

Quest provides powerful tools to help organizations achieve this ideal, fully rationalized environment. The Vintela Authentication Services Ownership Alignment Tool simplifies the often difficult task of changing ownerships of files on each Unix system as they move to a rationalized environment. The Ownership Alignment Tool provides:

• The ability to preview the ownership changes
• The ability to roll-back any changes
• A more efficient and faster means of changing ownerships than a script that might use find and/or chown
• The ability to automatically read and use the mapped user file to know which local files need to change to match which UIDs in AD
• The ability to remove the local account when the file ownerships have been completed