It covers Centrify Enterprise Edition 2014 and provides a full product evaluation experience for security access controls (Authentication, Authorization, Auditing). Here are the evaluation objectives.
Category 1: AD Integration and Authentication - Standard Edition
- Does not require any schema extensions or software loaded in DCs.
- Not all AD users have access to UNIX/Linux systems by default
- Solution uses Standards and Frameworks (LDAP, Kerberos, PAM, NSS)
- Solution does not synchronize identities or passwords
- UNIX-enabled AD users can be controlled from AD (enabling/desabling, logon hours, etc.)
- Integrating UNIX/Linux systems can be performed from the GUI or command line.
- AD Security policy is enforced in UNIX/Linux Platforms.
- Multiple UNIX identities can be assigned to the same AD User
- UNIX secondary group memberships can be managed from Active Directory as well
- Authentication can be streamlined with SSO mechanisms.
- Provisioning/Deprovisioning of UNIX users and groups can be automated.
- Filer integration (Samba or NFS) - identity consistency for files and folders
- High-availability: Users should have access if AD is not available.
Category 2: Access and Privilege Management - Standard Edition
- Systems can be grouped using different criteria to enforce access.
- Access can be limited based on groups of systems defined above (role-based access control)
- Roles can be defined to control how the user signs into the system and the privileges that can be granted (Role-based access privileges)
- Provides mechanisms to verify who used their privileges
- Provides the ability to enforce separation of duties (operations vs. governance)
- It's intuitive to find out who has access to what system and what can they do
Category 3: Advanced Auditing - Enterprise Edition
- Provides a detailed view of user's activities (user, system accessed, duration, client computer, activities)
- Provides a contextual view of the actions performed (replay capability)
- Provides the ability to search sessions based on queries.
- Provides the ability to view when privileges are used across systems