with Centrify and SUSE

basheddockDéveloppement de logiciels

21 févr. 2014 (il y a 3 années et 3 mois)

81 vue(s)

Securing
the Anywhere
Enterprise

with
Centrify

and SUSE

Matt Hur

Senior Director, Product
Management

Centrify Corporation


Matt.Hur@centrify.com

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
2

Centrify Unified Access Management

Control, Secure and Audit Access To Your On
-
Premise and Cloud
-
based Infrastructure

Leverage infrastructure you already own


Active Directory


to


Control

Secure

Audit


U
ser access

A
ccess and privileges

User Activity

Cloud

Personal

Devices

Mobile

Devices

Hosted

Systems

SaaS


Servers

Apps

Centrify the Enterprise

On Premise

Software and

On
-
Demand Services

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
3

Trusted by Over 4000 Customers Worldwide

Defense & Government

Banking & Finance

Technology & Telecom

Automotive & Energy

Pharma

& Chemical

Retail, Media & Internet

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
4

Centralized
Management Presents
Challenges

Centralization
Goals


Centralized UNIX Identities


Establishing a global namespace


Limited access granted where needed


Locked down privileged accounts


Privileges granted to individual users


Audit privileged activities

Corresponding Challenges


Legacy namespace is complex and
different across many systems


Individual system differences make
centralization difficult


Access rights are typically

granted too
broadly


Granting privileges requires a

simple way to create and

manage the policies


Integration
with existing

management processes

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
5

The Centrify Suite

Direct
Secure

Server Isolation and Protection
of Data
-
in
-
Motion

Direct
Audit

Detailed Auditing of User Session
Activity for Windows, UNIX & Linux

Direct
Authorize

Role
-
based Authorization and
Privilege Management

Direct
Control

Consolidate Identities and
Centralize Authentication

Direct
Manage

Centralized Management and
Administration

Centrify Suite


Centralized Control


Visibility


Scale


Leverage and Integration


Flexibility & Extensibility


Automation

Mobile Security


Secure
iPad
, iPhone, Android


Cloud
-
based service
integrated w/on
-
premise AD


Single Sign
-
On
Modules

For Applications


Apache and J2EE web apps


SAP
NetWeaver
/GUI & DB2


Centrify
-
Enabled

Open Source Tools


OpenSSH
,
PuTTY


Kerberized

FTP and Telnet


Samba


375+ Systems


SUSE,
Red
Hat, Solaris


Mac, AIX, HP
-
UX, Etc.

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
6

Reduce Costs Through Identity Consolidation


“Islands of identity” need to be
managed and secured


Locally managed etc/
passwd

file


Legacy NIS or hand
-
built scripting


High cost & inefficient to maintain


With
Centrify
:


Consolidate disparate UNIX and Linux
identity stores into AD


Implement least
-
privilege security


Centrally enforce security and
configuration policies across UNIX,
Linux and Mac systems


Instantly terminate access to all
systems and applications centrally


© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
7

Mitigate Risks & Address Compliance


Active Directory

Fred

Joan

Active Directory

Administrators

Finance

Administrator

Finance Zone

HR

Virtual Server Farm Zone

HR

Administrator

Virtual Server

Administrators

Evolving threat landscape and
regulatory environment


Shared “root” password compromises

security & exposes intellectual property


Anonymous

access…


Audits require reporting that ties access
controls and activities to individuals


With
Centrify
:


Associate

privileges with individuals


Lock down privileged accounts


Enforce separation

of duties


Isolate sensitive systems


Protect data
-
in
-
m
otion


Audit all activity

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
8

Centrify

and SUSE


Announced
at
SUSECon

2012


Centrify

Express, the free version of
Centrify

Suite 2012, is pre
-
installed with
SLES and available on SUSE Gallery (built using SUSE Studio)


Delivers built
-
in Active Directory
authentication
and
single sign on
for SUSE
Linux Enterprise Servers in Amazon EC2 and VMware
Environments


SUSE Gallery appliances for EC2 and VMware:


http
://susestudio.com/search?q=
centrify


Centrify

DirectControl

Express For SLES 11 SP2 EC2


Centrify

DirectControl

Express For openSUSE12.1EC2


Centrify

DirectControl

Express For SLES 11 SP2
VMI


Press Release:

New SUSE Powered Virtual Appliances from
Centrify

Secure Linux Servers On Premise
and in the Cloud

http://www.centrify.com/news/release.asp?id=2012091801


Centrify

Express:
www.centrify.com/express


© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
9

Centrify

Zones


Simplify Complex Environments

Uniquely simplify integration and centralized management of complex UNIX
identity and access permissions into Active Directory


Support migration of multiple UNIX environments and namespaces into a directory


Provides unique ability to manage UNIX identity and access rights

Delegation for separation of duties


Natural AD boundaries for delegated UNIX administration of a group of systems

Seamlessly integrate administration into existing IDM systems


AD Group membership controls the provisioning of UNIX profiles granting access and privileges


IDM systems simply manage AD Group Membership in order to control the environment

Active Directory

WebFarm

Field Ops

Accounting

HR

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
10

Role
-
Based Authorization and Privileges

Centralized role
-
based policy management


Create Roles based on job duties


Grant specific access and elevated privilege rights


Eliminate users’ need to use privileged accounts


Secure the system by granularly controlling how the
user accesses the system and what he can do


Scoped using
Centrify

Zones

Unix rights granted to Roles


Availability


controls
when
a Role can be used


PAM Access


controls
how
users access UNIX system
interfaces and applications


Privilege Commands


grants elevated privileges
where needed


Restricted Shell
-

controls allowed commands in the
user’s environment

Role Definition

Backup Operator Role

Availability


Maintenance

window only

PAM Access


ssh

login

Privileged Commands


tar command as root

Restricted Environment


Only specific

commands

AD Users & Groups

Fred

Backup

Resources

HR Zone

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
11

DirectAudit



Detailed,
Realtime

Auditing


Address regulatory and audit requirements


Reduce threat of insider attacks


Detailed capture of user activity


Establishes accountability and advances compliance reporting


Record and playback which users accessed which systems, what commands they
executed, with what privilege, and
exact
changes
made
to key files and configurations


Improve security and modify user behavior through real
-
time surveillance of
privileged systems.


Automatically document vendor procedures and mitigate personnel transitions
and hand
-
offs


Highly efficient and scalable


Agent
-
based (not a proxy or gateway solution)


Encrypted communication and
storage

Capture

and Collect

Search

and Replay

Store

and Archive

Enterprise Ready
and Integrated

Session metadata and video capture

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
12

DirectSecure



Protect
Sensitive Systems & Data


Logically isolate sensitive
s
ervers on the network


reduce attack surface


Reduces scope of compliance audits through logical network segmentation


Protects as network boundaries become more porous


Encrypt data
-
in
-
motion without modifying older applications


Software
-

and policy
-
based approach
avoids expensive
VLAN and network
router ACLs
alternatives

Trusted

Isolated

Corporate Network

Rogue Computer

Managed

Computers

Managed

Computer

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
13

Application SSO Leveraging Active Directory

Active Directory


Joan.Smith

End
-
user


Better end
-
user experience


Single
sign
-
on for access to all enabled
applications


Faster
access through easier provisioning of
services and privileges


Administrators can do more with less


Authentication using existing Active Directory
infrastructure investment


Single point of management for personal
information and preferences


Audit
and security can be satisfied


Better audit reports on system accesses


Simplifies enforcement of authentication and
authorization policies across
applications

Admin

and Auditors

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
14

Learn More and Evaluate
Centrify

Yourself

WEB
SITE

www.centrify.com

FEDERAL SOLUTIONS

www.centrify.com
/federal


TECHNICAL VIDEOS & MORE

www.centrify.com
/resources

SUPPORTED
PLATFORMS

www.centrify.com
/platforms

REQUEST AN EVAL

www.centrify.com/trial

FREE SOFTWARE

www.centrify.com
/express


CONTACT US

shreyas.sadalgi@centrify.com



Head of Business Development


Thank you.

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
16

Centrally Manage Mac OS X Just Like Windows


Centrify

empowers the Windows
-
centric enterprise to manage
and support OS X using existing expertise, tools and processes


ADUC for user account, password and group management


GPMC/GPOE for system and user configuration management

MacBooks

iMacs

Active

Directory

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
17


Integrating and Managing Mobile Devices with Active Directory


Leverage existing infrastructure


G
roup Policy
-
based security settings (e.g. passcode policy, restrictions,
etc.)


Provide user with unlock and access experience similar to AD Login
for SSO


Device unlock provides access to PKI Certificates for SSO
to
integrated
services


Centrify

automates PKI Certificate issuance


PKI Authentication to Enterprise Resources


WiFi


VPN


Exchange ActiveSync

Centrify

DirectControl

for Mobile

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
18

Coming Soon


Centrify

for
SaaS



Q4 2012


Integrates
SaaS

Applications into
Active Directory


Leverages
existing infrastructure, knowledge and support
procedures


Provides Just in time user account
p
rovisioning


Enforces Role
-
based
authorization policies assigned to AD Users and AD Groups


Grants AD
-
based Single Sign
-
On access for users


Cloud
-
based service


Non
-
intrusive architecture; no open ports or
additional
infrastructure in
DMZ


User Self
-
Service portal provides SSO interface to authorized applications


Web
-
based Cloud Manager for Administration


Out of the Box support for several popular applications:


Salesforce.com
, WebEx, NetSuite,
Marketo
,
Postini
, Google Apps, Office365,
SuccessFactors
,
DropBox
, etc…


As well as any applications that support either
OpenID

or SAML
authentication

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
19


Cloud
-
based Mobile Device Management


User self service registration with Customer ID

and AD User account


Mobile Credential Management leveraging

Microsoft Certificate Authority


Over
-
the
-
air mobile policy enforcement

from Active Directory Group Policy


Non
-
intrusive architecture; no open ports

or additional infrastructure in DMZ



Active Directory integrated Cloud Service provides a platform for
future services


Mobile Application Management


Mobile Authentication Services


SaaS

Application Single Sign
-
on Services

Centrify

Cloud Services

DirectControl

for
iOS

DirectControl
for
Android

Cloud
Manager

Centrify Cloud Service

© 2004
-
2012 CENTRIFY CORPORATION. ALL RIGHTS RESERVED

SLIDE
20

Centrify Mobile and Cloud Architecture