It’s time to share my notes, quotes, and observations concerning a recent survey we did with our US customer base concerning Linux/Unix/Mac Authentication. This survey was targeted at customers who use Quest Authentication Services (QAS), a patented technology that addresses the authentication needs of more than 5 million installed seats by extending the security and compliance of Active Directory to Unix, Linux and Mac, as well as to many enterprise applications.
When asked about what versions of Unix/Linux/Mac hosts that Authentication Services is deployed on, over three-quarters were running on Redhat versions, with around 50% running QAS on Solaris and AIX, with additional strong showings of Suse Linux, HP-UX, and Mac. Overall, QAS supports over 100 flavors of Unix/Linux/Mac operating systems. Redhat dominates the Linux space in the US, but it would have been interesting to see the breakdown of Linux distributions using our product in Europe, where Suse has a much stronger presence.
When surveyors were asked about the impact that QAS has had on their organizations since deployment, the results showed a high degree of impact ranging from high ROI, to enterprise security and compliance. Let me share a few of the quotes –
- We have reduced our password resets, eliminated thousands of redundant accounts and make end users happy. ( Military Industry)
- Increased authentication security for disjointed UNIX environments, harmonized process workflows and new possibilities for securing data across platforms. (Airplane Manufacturing)
- Reduced our service calls from customers by about 25% as before QAS we got so many calls of accounts locked and passwords unknown, etc. Now everyone knows their password as it is whatever they have in AD. ( Large Manufacturing Company)
- Better SOX compliance (Auto Industry )
- In just 18 months, we have reduced the number of local user accounts from 500,000 to under 200,000! This centralization has allowed us to successfully pursue the implementation of a JRM (Job Role Matrix) - a definite Best Practice for any modern Identity Management organization. ( Large Healthcare Provider)
- Consider that before Quest, Mac workstations rarely joined Active Directory. There just wasn't that much management available without your product. Now speed forward today with QAS installed, out of a population of say around 2000 Mac workstations, in less than a year we are managing over 600 with QAS and QMX. Quest has been a major centerpiece of Mac Desktop Management effort. ( Large University )
The survey confirmed that there are multiple reasons why customers love the QAS Active Directory bridge solution. It solves the problem of compliance and security by allowing secure password policies setup in Active Directory to be used to authenticate on Unix/Linux/Mac, and at the same time allows for easy central administration and management ( via Group Policy) of these hosts.
It also confirmed a trend being touted by Gartner and IDC, that is, “Mac in the Enterprise”. We see more and more enterprises that are no longer able to “ignore” Macs, and they need a way to keep them secure and manage them centrally.
Authentication Services provides the Active Directory authentication for Macs, and allows your Admin to easily push out settings for drive mappings, application settings, security settings, and other Mac system preferences, all from standard Active Directory Group Policy settings. The same management tools that are used to manage Linux and Windows, can manage your Macs.
When asked about the products stability, quality and support, the results were highly positive with very few negative comments. Typically in the cases where customers ran into configuration or other support issues, they were able to quickly get a resolution. These are typical comments that were made –
- “The product has been very stable and the few support requests we've made have been top notch.”
- “The product has stabilized now, initially we had a few issues around hosts being delicensed, though the registering/licensing of agents seems to be redesigned in the latest version for the better.”
- “Support is excellent, time frame to resolution is phenomenal, soft skills/manners exemplary”
- “9.5 on 10 :)”
- “We've had great success with the Quest products, and where we have had challenges integrating the product the support from Quest has been amazing. We've had access to the developers, and done webex conferences to efficiently resolve issues. You guys are great.”
- “It is a very stable product and very easy to use.”
I am not touting the product is perfect – no software is, but the respondents overall were highly positive when speaking positive about the stability, ease of use, flexibility and support of the product.
The final question, asked about the reason for purchasing the product. The responses were similar to the answers given about the impact the product had on their organization. The following are quotes from the survey respondents:
- “To move away from legacy NIS infrastructure.” ( Communications Industry)
- “Binding macs to AD” ( Pharmaceuticals Company)
- “We purchased the QAS product to reduce the number of user accounts to: 1. reduce the risk of relaxed login credentials, 2. increase the efficiency of account and password management, 3. increase the efficiency of managing new user login requests, user account deletions and user access modifications.” ( Large Bank )
- “Centralized management of users regardless of platform.” ( Financial Services Company )
- “Security audit. Single-sign on and a requirement to move off deprecated hardware.” ( Large Bank)
- “To save time to reset password and make it easier for users who log on Unix with AD password. Users are happy to use AD passwords on Unix. Helpdesk people are happy that they don't have to reset Unix passwords since users are supposed to use AD passwords.” ( Healthcare Industry)
In most organizations, Active Directory is the standard database used for user authentication. It provides secure password policies, compliance and central administration of users, groups, workstations and servers. Bringing your Linux/Unix and Mac hosts into Active Directory can provide the same security, compliance and central administration enjoyed with Windows. The survey shared reveals real world responses from Fortune 500 companies that are using Quest Authentication Services today to bridge the gap between Unix/Linux/Mac and Active Directory.