Background
With the release of Centrify Server Suite 2015.1 and Cloud (CIS/CPS) 15.6 we have wrapped up another great year of introducing great capabilities to keep our existing customers happy and to help them solve the challenges of today and tomorrow.
I am biased towards functionality that help existing customers optimize their existing deployments, and in this article I will outline my personal top 10 Centrify features that promote operational efficiency for existing Centrify Server Suite or Centrify Identity/Privilege Service customers.
Finally, this would not be possible without product management that listens attentively and tries to understand our use cases plus our amazing engineering team. This is a very exciting time to be at Centrify.
1. UNIX/Linux/Mac Agent: Enhancements to adjoin
Release date: Apple Scheme (2014.1); ComputerRole (2015.1)
What is it: Facilitate OS X Migrations and optimize your automation scripts
How does it improve Operational Efficiency: When an existing OS X user moves from the Apple Directory Services plugin, extra steps eliminated. Reduced size of provisioning scripts for servers (Chef recipes, Puppet scripts).
What do I need to do to get the benefits: Upgrade to 2015.1 (5.2.3.x).
2. Identity Service: Application Provisioning
Release date: Preview started in April 2014 for Box, GoogleApps, Office 365, Salesforce and ZenDesk
What is it: Just add a user (or remove) to an AD group or CIS role, and the user will get provisioned (or deprovisioned), the proper license is applied and if supported, the proper role is assigned as well.
How does it improve Operational Efficiency: Use the normal cadence of group management and extend it to be the hub for your App provisioning and effective controls to disable access timely and control costs.
What do I need to do to get the benefits: Use the App Catalog and find apps ready for provisioning.
3. DirectAudit: Performance and Scalability Improvements for Enteprise Edition
Release date: July 2015 (Server Suite Enterprise Edition 2015.1)
What is it: Centrify invested significant development cycles to optimize all components of DirectAudit
How does it improve Operational Efficiency: Scalability, right-sizing, better compression, better optimization, this all translates in less effort to maintain DirectAudit deployments.
What do I need to do to get the benefits: Upgrade to 2015.1 DirectAudit.
4. Manageability: PowerShell Management for Centrify DirectManage and DirectAudit
Release date: DirectManage (Server Suite 2014), DirectAudit (Server Suite 2015)
What is it: Windows PowerShell to automate/orchestrate Access and Audit capabilities
How does it improve Operational Efficiency: The tasks traditionally performed in the DirectControl and DirectAudit MMCs now can be scripted, automated and orchestrated by leveraging PowerShell. All PowerShell commandlets leverage the DirectManage or DirectAudit APIs.
What do I need to do to get the benefits: Install the PowerShell Modules for your platform.
5. Windows PIM: SmartCard Support for Windows Privilege Elevation
Release: Server Suite 2015
What is it: In high-security environments, when a privileged AD user uses Centrify to perform Windows Privilege Elevation, the user can be prompted for the smartcard PIN.
How does it improve Operational Efficiency: By eliminating "-a" accounts and forcing Windows users to use privilege elevation, you are doing the proper due-diligence to limit the impact of advanced threats.
What do I need to do to get the benefits: Upgrade to Server Suite 2015 (3.2.x)
6. Kerberos: Infinite Kerberos Ticket Renewal
Release date: Server Suite 2015.1 (July 2015)
What is it: Kerberos tickets expire, but there are applications (e.g. Hadoop) that require jobs or credentials to be effective longer than the policy define din AD. These parameters and GPOs allow the UNIX agent to trigger a renewal based on AD principal (user or group).
How does it improve Operational Efficiency: Improves the supportability of these use cases.
What do I need to do to get the benefits: Upgrade to Server Suite 2015.1 (5.2.3.x)
7. LDAP Proxy: Support for TLS and Startup Scripts
Release date: Server Suite 2015 (March 2015)
What is it: Secure communications for our very useful LDAP Proxy.
How does it improve Operational Efficiency: Several apps and appliances only support LDAPS, in addition, now there's no need to do manual scripts to startup the slapd daemon.
What do I need to do to get the benefits: Upgrade to Server Suite 2015 (5.2.3.x)
8. Mac Agent: AD + Identity Service Combo Join
Release date: Server Suite 2014.1 and CIS
What is it: Macs in the enterprise are on the move and multiplying. Not only they need to be managed from AD to get unified identity, but being able to provide Enterprise Manageability and Self-Service.
How does it improve Operational Efficiency: Now you can empower your mobile Mac workforce with capabilities while decreasing calls to the help desk, this goes along with their existing iOS, Android or Windows devices.
What do I need to do to get the benefits: Enroll your Macs now using Identity Service. Just go to the Devices tab.
9. Identity Service: App Gateway (Per-app VPN, Secure Access)
Release date: Beta in 2014, live January 2015
What is it: App gateway eliminates the need to establish a persistent VPN to access an application or a resource (server, appliance)
How does it improve Operational Efficiency: Eliminate the need for VPN access for external users (consultants, external partners) for both apps and servers.
What do I need to do to get the benefits: Get Centrify Identity Suite App Edition
10. Identity Platform: Centrify Privilege Service
Release date: May 2015
What is it: Shared account password management (SAPM), secure remote access, privileged session monitoring (PSM), mobile-ready, deploy anywhere.
How does it improve Operational Efficiency: Built on the Identity Platform, complements Server Suite by providing SAPM and PSM plus more!
What do I need to do to get the benefits: Request a trial now!
This is a copy of a featured article written in the Centrify Community.
With the release of Centrify Server Suite 2015.1 and Cloud (CIS/CPS) 15.6 we have wrapped up another great year of introducing great capabilities to keep our existing customers happy and to help them solve the challenges of today and tomorrow.
I am biased towards functionality that help existing customers optimize their existing deployments, and in this article I will outline my personal top 10 Centrify features that promote operational efficiency for existing Centrify Server Suite or Centrify Identity/Privilege Service customers.
Finally, this would not be possible without product management that listens attentively and tries to understand our use cases plus our amazing engineering team. This is a very exciting time to be at Centrify.
1. UNIX/Linux/Mac Agent: Enhancements to adjoin
Release date: Apple Scheme (2014.1); ComputerRole (2015.1)
What is it: Facilitate OS X Migrations and optimize your automation scripts
How does it improve Operational Efficiency: When an existing OS X user moves from the Apple Directory Services plugin, extra steps eliminated. Reduced size of provisioning scripts for servers (Chef recipes, Puppet scripts).
What do I need to do to get the benefits: Upgrade to 2015.1 (5.2.3.x).
2. Identity Service: Application Provisioning
Release date: Preview started in April 2014 for Box, GoogleApps, Office 365, Salesforce and ZenDesk
What is it: Just add a user (or remove) to an AD group or CIS role, and the user will get provisioned (or deprovisioned), the proper license is applied and if supported, the proper role is assigned as well.
How does it improve Operational Efficiency: Use the normal cadence of group management and extend it to be the hub for your App provisioning and effective controls to disable access timely and control costs.
What do I need to do to get the benefits: Use the App Catalog and find apps ready for provisioning.
3. DirectAudit: Performance and Scalability Improvements for Enteprise Edition
Release date: July 2015 (Server Suite Enterprise Edition 2015.1)
What is it: Centrify invested significant development cycles to optimize all components of DirectAudit
How does it improve Operational Efficiency: Scalability, right-sizing, better compression, better optimization, this all translates in less effort to maintain DirectAudit deployments.
What do I need to do to get the benefits: Upgrade to 2015.1 DirectAudit.
4. Manageability: PowerShell Management for Centrify DirectManage and DirectAudit
Release date: DirectManage (Server Suite 2014), DirectAudit (Server Suite 2015)
What is it: Windows PowerShell to automate/orchestrate Access and Audit capabilities
How does it improve Operational Efficiency: The tasks traditionally performed in the DirectControl and DirectAudit MMCs now can be scripted, automated and orchestrated by leveraging PowerShell. All PowerShell commandlets leverage the DirectManage or DirectAudit APIs.
What do I need to do to get the benefits: Install the PowerShell Modules for your platform.
5. Windows PIM: SmartCard Support for Windows Privilege Elevation
Release: Server Suite 2015
What is it: In high-security environments, when a privileged AD user uses Centrify to perform Windows Privilege Elevation, the user can be prompted for the smartcard PIN.
How does it improve Operational Efficiency: By eliminating "-a" accounts and forcing Windows users to use privilege elevation, you are doing the proper due-diligence to limit the impact of advanced threats.
What do I need to do to get the benefits: Upgrade to Server Suite 2015 (3.2.x)
6. Kerberos: Infinite Kerberos Ticket Renewal
Release date: Server Suite 2015.1 (July 2015)
What is it: Kerberos tickets expire, but there are applications (e.g. Hadoop) that require jobs or credentials to be effective longer than the policy define din AD. These parameters and GPOs allow the UNIX agent to trigger a renewal based on AD principal (user or group).
How does it improve Operational Efficiency: Improves the supportability of these use cases.
What do I need to do to get the benefits: Upgrade to Server Suite 2015.1 (5.2.3.x)
7. LDAP Proxy: Support for TLS and Startup Scripts
Release date: Server Suite 2015 (March 2015)
What is it: Secure communications for our very useful LDAP Proxy.
How does it improve Operational Efficiency: Several apps and appliances only support LDAPS, in addition, now there's no need to do manual scripts to startup the slapd daemon.
What do I need to do to get the benefits: Upgrade to Server Suite 2015 (5.2.3.x)
8. Mac Agent: AD + Identity Service Combo Join
Release date: Server Suite 2014.1 and CIS
What is it: Macs in the enterprise are on the move and multiplying. Not only they need to be managed from AD to get unified identity, but being able to provide Enterprise Manageability and Self-Service.
How does it improve Operational Efficiency: Now you can empower your mobile Mac workforce with capabilities while decreasing calls to the help desk, this goes along with their existing iOS, Android or Windows devices.
What do I need to do to get the benefits: Enroll your Macs now using Identity Service. Just go to the Devices tab.
9. Identity Service: App Gateway (Per-app VPN, Secure Access)
Release date: Beta in 2014, live January 2015
What is it: App gateway eliminates the need to establish a persistent VPN to access an application or a resource (server, appliance)
How does it improve Operational Efficiency: Eliminate the need for VPN access for external users (consultants, external partners) for both apps and servers.
What do I need to do to get the benefits: Get Centrify Identity Suite App Edition
10. Identity Platform: Centrify Privilege Service
Release date: May 2015
What is it: Shared account password management (SAPM), secure remote access, privileged session monitoring (PSM), mobile-ready, deploy anywhere.
How does it improve Operational Efficiency: Built on the Identity Platform, complements Server Suite by providing SAPM and PSM plus more!
What do I need to do to get the benefits: Request a trial now!
This is a copy of a featured article written in the Centrify Community.