Centrify's Solution for NIS Migration
|
|
- Gertrude Hudson
- 5 years ago
- Views:
Transcription
1 WHITE PAPER CENTRIFY CORP. Centrify's Solution for NIS Migration APRIL 2008 Leveraging Centrify s DirectControl and Zone Technology to Simplify NIS Migration ABSTRACT Sun Microsystem s Network Information Service (NIS, originally known as Sun Yellow Pages) has been the primary choice for managing Unix identity information in a networked environment for many years. Unfortunately, NIS has several shortcomings in the areas of security, manageability, and network dependency, and its successor, NIS+, was never widely accepted as a standard. Increasingly, NIS has proven unable to pass stringent security guidelines for user account management and access control, both from a simple IT best practices perspective and from a regulatory compliance perspective. This fact, combined with Sun's end-of-life announcement for NIS and NIS+, has prompted corporate security and compliance managers and IT administrators to look for a solution to replace NIS with a solution that is secure, manageable, and cost-effective. This white paper examines the challenges of migrating NIS deployments to a central repository, and explains in detail how a combination of Microsoft Active Directory and Centrify DirectControl can deliver a cost-effective solution that strengthens security while improving IT efficiency.
2 Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation. Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property Centrify Corporation. All rights reserved. Centrify and DirectControl are trademarks of Centrify Corporation in the United States and/or other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. [WP ] 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE II
3 Contents 1 Introduction About Network Information Service Limitations of NIS Alternatives to NIS How the Centrify NIS Solution Works in a NIS Environment Using the Centrify DirectControl Network Information Service Understanding the Servicing of NIS Client Requests Importing and Creating Additional NIS Maps Importing Network Information from Existing NIS Maps Creating New Network NIS Maps in Active Directory Creating Generic Custom Maps Maintaining Map Records in Active Directory Managing Automounts without Using NIS Discontinuing Use of Legacy NIS Servers Migrating NIS Clients Migration Approaches Example of Using NIS Clients with DirectControl Agents Example of Migrating Users Gradually Example of Complete Removal of NIS from the Enterprise How to Contact Centrify CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE III
4 1 Introduction Most CIOs and IT managers will say that security is the number one issue they have to deal with in keeping their company s IT systems running smoothly. Security is a broad term that applies to computing systems, people, applications, data, physical access and policies virtually every aspect of modern computing. In prioritizing their efforts, many IT managers are first concentrating on getting control over systems and people. As a recent Goldman Sachs security survey of IT managers at Fortune 1000 organizations found, Identity and Access Management is a top priority for spending. "As Identity and Access Management (IAM) solutions help limit the number of individuals who have access to sensitive materials as well as recording who accessed what, it is not surprising to see IAM solutions scoring highly in our survey for the third time running, with 78% of respondents expecting to increase spending in the area over the next 12 months." The survey reflects the fact that achieving a consistent, repeatable regimen for managing user accounts and controlling access to systems remains an unsolved challenge for many IT managers. Most organizations have deployed a variety of operating system platforms, each with its own methods of storing user account information and of using that information for authentication, authorization, accounting, and access control purposes. One of the most common and pressing security issues that IT managers have been forced to address in recent years is the Network Information Services (NIS) infrastructure that they have relied upon to manage their Unix and Linux environments. Unfortunately, NIS has proven unable to pass stringent guidelines for user account management and access control, both from a simple IT best practices perspective and from a regulatory compliance perspective. As IT managers build a strategy for replacing NIS, their first requirement is frequently to migrate the user account information held in NIS into a single, centralized repository. The benefits of a centralized repository are easily understood because they address not only security concerns but also the corresponding need to control expenses by simplifying IT infrastructure and streamlining IT operations. For a good overview of the benefits of adopting a single repository, see the Centrify white paper Centrify's Solution For Migrating Unix Directories To Active Directory. This white paper examines the challenges of migrating NIS deployments to a central repository, and explains in detail how a combination of Microsoft Active Directory and Centrify DirectControl can deliver a cost-effective solution that strengthens security while improving IT efficiency. 2 About Network Information Service This section provides some background on NIS for those who are unfamiliar with NIS or who want to learn more about how NIS works. This section is not comprehensive, but explains key concepts and definitions used in this white paper CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 1
5 Network Information Service (NIS), originally called Yellow Pages (YP), provides centralized storage and distribution of information that needs to be known throughout the network. The information accessed is stored in files called maps. NIS has a master-slave architecture: data can be updated only in a central, master server, where all maps are maintained. Slaves can handle client requests for map access, but the slaves can make no changes to the maps. Changes are made only at the master server, and then distributed through the master NIS server to the slaves. NIS is implemented through several daemons that handle NIS requests: ypserv on the server side, and ypbind on the client side. Updated maps can be transferred to NIS slaves either manually (using yppush) or automatically through ypxfrd (NIS slaves check timestamps on the master and update their maps as needed). In a typical NIS environment, the NIS server is used to centrally manage a set of database maps that correspond to the system configuration files that are commonly found on Unix systems such as the /etc/passwd, /etc/group, secret authentication hashes in /etc/shadow, /etc/hosts, and /etc/services files for a set of computers that make up a NIS domain. Each NIS map corresponds to a specific configuration file, such as the /etc/passwd or /etc/hosts file, and consists of a set of keys and values, and a version number for the data. When computers on the network require information stored in NIS maps, they send a NIS client request to query for the information. Each client computer that needs access to the information in the NIS database maps runs the ypbind process to identify and connect to the NIS server best suited to respond to its request. When the NIS server receives a request, it replies with the appropriate information from its set of NIS maps. Defining netgroups allows an enterprise to restrict access to hosts, NFS access and administrators by checking permissions when processing requests for remote mounts, remote logins, and remote shells in a NIS domain. The main database for netgroups is stored on the NIS master server in the /etc/netgroup file. For remote mounts, the information in netgroup is used to classify machines; for remote logins and remote shells, it is used to classify users. NIS clients can use netgroups to include the map entries for the members of a netgroup in the password file, /etc/passwd. The automount map, called auto.master, is typically used to share home directories on a NFS file share. The automount daemon reads the auto.master map to find out which directory to mount either at login or when a file is touched in the directory. A script can be used instead to mount a directory instead of what should be mapped. Communication between NIS servers and clients is based on the Remote Procedure Call (RPC) protocol, which uses the External Data Representation (XDR) standard and Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 2
6 2.1 Limitations of NIS Although NIS can be very efficient in responding to queries for network information, it is not a secure mechanism for providing authentication and authorization services. For example: If NIS clients use the broadcast service to locate NIS servers on the network, intruders can easily introduce their own NIS server with their own privileged accounts. Once a client binds to the rogue NIS server, the intruder can gain access to that client and perform unauthorized operations. The NIS server s only security policy is the securenets setting. The securenets setting identifies which NIS clients to accept queries from. If an intruder impersonates a client that the securenets setting allows the NIS server to accept, he can download all of the NIS data. Even if an intruder fails the securenets test, he could potentially inspect all of the NIS requests and decode the data to gain access. Netgroups are not effective when they are used for transparent access across the network utilizing rlogin and rsh. Syntax errors in /etc/netgroup files (,,) will allow all users and machines trusted access. If NIS is used for authentication, password hashes are sent around the network in clear text and can be easily captured and cracked, making client systems vulnerable. NIS performs no authentication at the RPC level; any machine on any network could easily create a fake RPC reply simply by pretending to be the NIS server 2.2 Alternatives to NIS Sun's end-of-life announcement for NIS and NIS+ support, and the recommendation to use LDAP, have given system administrators a need to deploy new network services or leverage existing directory deployments. As a recent Linux.com article observed: Sun is pushing LDAP as the replacement, but no two LDAP clients are implemented the same way. Sun doesn t talk to an LDAP server like a Linux machine does, or an AIX or HP- UX machine does for that matter. Every one of these platforms has one issue or another. For Linux, nobody appears to have written the client-side code to properly handle netgroups for all the things you might use netgroups for. For Sun, there's no start_tls implementation. NetApp just barely knows what LDAP is. Some within the Unix community believe that migrating to an LDAP server such as OpenLDAP, IBM SecureWay, Novell's edirectory, or Sun's SunONE directory server is the way to go. Many organizations favor using Microsoft s Active Directory and Group Policy system, which has been an integral part of Windows since the release of Windows 2000 Server. Active Directory is typically already deployed for managing Windows systems and users, and organizations have already invested considerable time and resources to set up a secure and robust domain controller infrastructure, and to create IT workflow and provisioning systems to manage user accounts. Thus, many organizations 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 3
7 are turning to Active Directory as the logical and cost-effective directory from which to manage more of their enterprise. 3 How the Centrify NIS Solution Works in a NIS Environment Replacing NIS with a combination of Active Directory and Centrify DirectControl is an excellent choice because many of the key features that IT managers are looking for are included with Active Directory and the Centrify DirectControl Agent. Centrify makes it easy to migrate a legacy NIS-based infrastructure to a modern LDAP- and Kerberosbased directory infrastructure that works across a heterogeneous environment comprised of Windows, Unix, Linux and Mac systems. In addition, the security risks are greatly reduced when the legacy NIS environment is replaced with Active Directory as the central repository of identity information and the Centrify DirectControl Agent (adclient) serves as the client requesting information. Active Directory and Centrify DirectControl provide more secure authentication, authorization, and directory services than NIS by using the existing features in Active Directory and using Centrify DirectControl Zone technology for authorization and the DirectControl Agent for authentication. Once a machine is joined to an Active Directory domain and placed in a DirectControl Zone, the Unix machine Name Service Switch configuration file, nsswitch.conf (AIX has a similar feature), is modified so that account lookup requests are passed to Active Directory through the Centrify DirectControl Agent, effectively bypassing the NIS client and server environment for password authentications. It may not be possible to completely replace NIS, or in large organizations there may be many NIS domains that require a phased approach. The following should be considered in any NIS migration of any size: Legacy NIS Servers. It may be necessary to keep a legacy NIS server that is configured with network information, such as netgroup or automount maps, to make available in response to client requests initially during a migration. Applications. Some applications may require access to a NIS server because they send requests directly to the NIS port and expect a NIS process to be listening there. Network Attached Storage Devices and Legacy Systems. Devices such as Network Attached Storage devices or computers with older operating systems for which there is no DirectControl Agent may also need access to information normally stored in NIS maps. Those devices or computers cannot join an Active Directory domain, but are capable of submitting NIS client requests. In these cases, a NIS server may be the only option for providing authentication and look-up services CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 4
8 3.1 Using the Centrify DirectControl Network Information Service Computers, devices, or applications that require access to a NIS server, on either an ongoing or temporary basis, can use the Centrify DirectControl Network Information Service to replace existing NIS servers. To support computers and applications that are capable of submitting NIS client requests to a NIS server, DirectControl provides its own Network Information Service server. The DirectControl Network Information Service (adnisd) is an optional addition to the Centrify DirectControl Agent and can be installed on one or more DirectControlmanaged computers as needed. It is very useful in environments where a phased migration is planned from existing NIS servers and clients or when the environment includes legacy systems that cannot migrate or upgrade to support the DirectControl Agent. The figure below shows how the DirectControl Network Information Service works when the NIS client is a remote machine. DirectControl Zone DirectControl-Managed NIS Clients NIS Cache Microsoft Active Directory DirectControl-Managed Server w/ DirectControl Network Information Service The DirectControl NIS Architecture. The DirectControl-managed NIS client requests information from the DirectControl Network Information Service running within its Zone. The DirectControl Network Information Service retrieves the information from its local cache and returns it to the client. Periodically, the DirectControl Network Information Service sends a request to Active Directory for updated NIS maps for the DirectControl Zone to which it belongs. Once installed and running, the DirectControl Network Information Service functions like a standard NIS server, but it responds to NIS client requests using the information stored in Active Directory, including any information imported from passwd and group NIS maps or from /etc/passwd and /etc/group files. When the NIS client is also a DirectControl-managed system, a secure directory service is provided through authenticated and encrypted connections between Active Directory and the DirectControl Network Information Service, and from the DirectControl Network Information Service to the NIS clients. When the NIS client is not managed by DirectControl (for example, on legacy systems not supported by DirectControl or during a phased migrations), it has 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 5
9 some of the same security limitations as a standard NIS environment, with an authenticated and encrypted connection only between Active Directory and the DirectControl Network Information Service. All user and group information is either found in cache or retrieved over encrypted LDAP connections, and user authentication is handled by Kerberos. The end result is that Unix authentication leverages Active Directory. This allows NIS password hashes to be replaced with protected Kerberos authentication in a phased approach. The DirectControl Network Information Service cannot be used with any legacy NIS servers in the same NIS domain. It can be used only in conjunction with Active Directory and the DirectControl-managed systems. The legacy server expects other servers to be either a master or a slave. The DirectControl Network Information Service does not support master-slave legacy NIS servers. 3.2 Understanding the Servicing of NIS Client Requests Together, the DirectControl Agent and DirectControl Network Information Services perform the role of a legacy NIS server and gateway for data stored in Active Directory. The NIS clients on the network communicate with the DirectControl Network Information Service using Remote Procedure Calls (RPC) sent to the NIS port on the DirectControl-managed computer. The DirectControl Agent is responsible for all communication with Active Directory and maintains its own separate cache of data from which the DirectControl Network Information Service can derive the user and group information for the DirectControl Zone. When the DirectControl Network Information Service receives a request from the NIS client, it checks its local cache of map data and then responds to the client that made the request. The local cache of map data is generated from the map data the DirectControl Network Information Service receives from Active Directory. Within the local cache, there are two types of maps: Explicitly-defined maps are NIS maps imported into Active Directory from an existing NIS domain or from text files, or created manually using the DirectControl Administrator Console. Derived maps are maps that are automatically generated from information stored in Active Directory. Derived maps access the same data using different keys. For example, the user and group maps in the local cache are not retrieved directly from Active Directory, but are generated based on the users and groups that have been enabled for the local computer s Zone. The maps derived from the Zone information are passwd.byname, passwd.byuid, group.byname, and group.bygid. These automatically generated maps are placed in the local cache, and can then be used to look up or authenticate users by user name or by UID value, and groups by group 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 6
10 name or by GID value. By default, the password hash in the passwd map is not populated because DirectControl does not need it for authentication. Periodically, the DirectControl Network Information Service connects to Active Directory to locate updates to explicitly defined NIS maps. It then synchronizes its local cache of NIS map data to mirror any changes detected in Active Directory. After polling Active Directory for updates to explicitly defined maps, the DirectControl Network Information Service retrieves all users and groups in the current Zone from adclient, and generates the derived maps for user and group information. The DirectControl Network Information Service also generates derived maps for explicitly defined maps when possible. If the DirectControl Network Information Service finds a NIS map defined in Active Directory with a name it recognizes as a common map name, such as netgroup or service, it automatically derives related maps; for example, the netgroup.byhost and netgroup.byuser for the netgroup map or services.byname and services.byservicename for the services map. The DirectControl Network Information Service stores all of the explicitly defined and derived maps in its own local cache of map data (in most cases, /var/centrifydc/nis/*). Because the DirectControl Network Information Service always responds to NIS client requests using the data in its local cache, it can respond even when Active Directory is not available. 3.3 Importing and Creating Additional NIS Maps Using the Centrify DirectControl administrator console, NIS maps can be imported from legacy NIS servers or new network maps can be created. Network information can be imported from standard NIS maps, such as automount, automaster, and netgroup databases. In addition to the user and group information, the DirectControl Network Information Service can be used to service NIS client requests for network information or to make information from custom maps available. Custom maps can be created as key/value pairs stored in a DirectControl Zone in Active Directory. The passwd.* and group.* maps are derived automatically from the information stored in Active Directory for the Zone. Therefore, these derived maps include account information for any passwd and group NIS maps or configuration files that have been imported and migrated to Active Directory using the Import from Unix wizard in the DirectControl Administrator Console Importing Network Information from Existing NIS Maps The DirectControl Administrator Console s import wizard can be used to import network information from standard NIS maps such as automount, netgroup, and automaster into the DirectControl Zone that will serve the NIS map data. There are also options to 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 7
11 connect directly to the NIS server and domain directly or to import the information from a text file Creating New Network NIS Maps in Active Directory If the maps cannot be imported from existing NIS maps, then new maps can be created by adding the appropriate information directly to Active Directory using the DirectControl Administrator Console. Once the information is added to Active Directory, the DirectControl Network Information Service will read the maps from Active Directory and store them in its local cache and make the information available to NIS clients. This can also be used to create netgroup, automaster, and automount network maps Creating Generic Custom Maps Generic maps can be created and published for any type of custom information that needs to be made available to NIS clients. Generic custom maps consist of a simple key/value format and optional comments. Generic maps can also be used to manually create standard NIS maps that consist of key/value pairs Maintaining Map Records in Active Directory Once NIS maps are stored in Active Directory, they must be maintained to ensure the changes in the records in Active Directory are reflected in the local map cache that the Centrify DirectControl Network Information Service uses to respond to NIS client queries. The DirectControl Administrator Console can be used to manually add, edit, or delete individual map records for any map. The specific fields available in each record, and which fields are required and which are optional, depend on the type of map this is being edited. For example, the fields in an auto.master map entry are different from the fields in a netgroup map entry CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 8
12 3.3.5 Managing Automounts without Using NIS Automount information stored in Active Directory can be accessed through the DirectControl Network Information Service or directly through an LDAP request that bypasses the DirectControl Network Information Service. Centrify has an alternative to using the DirectControl Network Information Service, with an optional adauto.pl script to get automount data (the script is located in the /usr/share/centrifydc/etc directory). The adauto.pl script gets mount point information directly from Active Directory using LDAP. With the adauto.pl script, the automount of the home directories will be performed by using the information from NIS maps without requesting them from the DirectControl Network Information Service. The adauto.pl script uses the information stored in the auto.home NIS map for the DirectControl Zone the local computer is a member of. After the script is added to the automount configuration, the automounter program invokes the script and passes it the user name of the user logging on. The adauto.pl script then uses the ldapsearch command to retrieve the mount point information from Active Directory and returns the path to the remote home directory for the user logging on. The automounter will then attempt to connect to that home directory. 3.4 Discontinuing Use of Legacy NIS Servers Once the NIS maps are stored in Active Directory, incremental updates of the NIS data stored in Active Directory can be done by using the DirectControl Administrator Console. Updates made are then propagated to all of the DirectControl Network Information Service servers automatically. For each NIS domain, the DirectControl Network Information Service deployed across the enterprise replaces the legacy NIS servers without changing NIS client configurations to complete the migration to Active Directory for secure, centralized directory service. 3.5 Migrating NIS Clients If the DirectControl Agent can be installed on the NIS client machine, a secure authentication will take place directly through Active Directory, and NIS maps will be requested and loaded using the DirectControl Network Information Service. 4 Migration Approaches There are multiple ways of approaching an existing NIS environment using the Centrify NIS migration features of DirectControl and the DirectControl Network Information Service. Customers have implemented NIS in many ways within their own organization to use some or all of the features of NIS CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 9
13 4.1 Example of Using NIS Clients with DirectControl Agents An organization has an existing NIS environment, and wants to do authentication with Active Directory and keep standard NIS maps and custom maps used by an in-house application on NIS. A simple approach is to install the Agents on the NIS clients for authentication to Active Directory and use the DirectControl Network Information Service to serve the maps. The following steps can be performed: 1. Create a DirectControl Zone in Active Directory with the same name as the NIS domain. 2. Install the Centrify DirectControl Agent on all NIS client machines. 3. Join each NIS client machine to Active Directory and add them to the DirectControl Zone. 4. Import all the users and groups into Active Directory using the DirectControl Administrator Console. 5. Import all NIS maps into the Active Directory using the DirectControl Administrator Console. 6. Schedule down time, and stop the legacy NIS servers. 7. Install the DirectControl Agent on the NIS servers. 8. Join the NIS servers to the Active Directory domain and add them to the DirectControl Zone. 9. Install and start the DirectControl Network Information Service (adnisd) on the NIS servers. All users will use their Active Directory credentials to authenticate to Active Directory, but get maps from the DirectControl Network Information Service via normal NIS requests. All user accounts are managed in Active Directory. 4.2 Example of Migrating Users Gradually An organization with an existing NIS environment wants to do authentication with Active Directory and keep standard NIS maps and custom maps used by an in-house application on NIS, but wants to migrate the users over time to Active Directory. This approach is similar to the previous example. The DirectControl Agent is installed on the NIS clients for authentication to Active Directory, but the users are not placed in the DirectControl Zone so that they can continue to use NIS authentication if they have not been migrated to Active Directory. The following steps can be performed: 1. Create a DirectControl Zone in Active Directory with the same name as the NIS domain CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 10
14 2. Install the DirectControl Agent on all the NIS client machines. This can be done before any users are migrated to Active Directory for the machines they use. 3. Join each NIS client machine to the Active Directory domain and add them to the DirectControl Zone. NSS switch should be configured something like this: passwd centrifydc files nis OR passwd compat (if +/- is used) passswd_compat centrifydc files nis At this point, all users are still authenticating against the existing NIS servers since no uses have been added to the zone. 4. Import all the users and groups into Active Directory using the DirectControl Administrator Console, but leave them in a pending state. This means a user or group is not in the DirectControl Zone until they are accepted. As soon as a user is accepted into the Zone, they will immediately begin authenticating using their Active Directory credentials. The groups should not be added until all the NIS users have been enabled in the Zone. The group membership and other maps will continue to be served by NIS until the user migration is complete. Users will use their Active Directory credentials to authenticate to Active Directory and have their account managed by Active Directory if they were migrated, but get maps from the legacy NIS server via normal NIS requests. All other users will continue to use their NIS credentials to login and get maps from the legacy NIS server using normal NIS requests. During the user migration, it is also a good idea to change the password prompt using DirectControl s Group Policy feature (which extends Active Directory Group Policy to non-microsoft systems) so that users know what machines require their Active Directory password and which require their NIS password. After all of the users are migrated to Active Directory: 5. Add all of the groups to the DirectControl Zone using the DirectControl Administrator Console. 6. Import all NIS maps into Active Directory using the DirectControl Administrator Console. 7. Install the DirectControl Agent on the NIS servers. 8. Join the NIS servers to the Active Directory domain and add them to the DirectControl Zone. 9. Schedule down time, and stop the legacy NIS servers CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 11
15 10. Install and start the DirectControl Network Information Service (adnisd) on the NIS servers. 11. Modify NSS switch to remove nis from the passwd and group lines. All users will use their Active Directory credentials to authenticate to Active Directory, but get maps from the DirectControl Network Information Service using normal NIS requests. All user accounts, group membership, and map entries are managed in Active Directory. 4.3 Example of Complete Removal of NIS from the Enterprise An organization wants to completely remove NIS from its environment in a phased approach. An analysis is needed of how each NIS domain across the enterprise is currently running. Users can be migrated either before, during or after NIS clients are joined to the domain. In all cases, authentication of individual clients can be done in a phased migration or at the same time as the standard NIS map migration until NIS is no longer needed. Here are the major migration milestones to remove NIS from the enterprise: Phase 1. Analyze Existing NIS domains Are there secure connections between the NIS clients and NIS server? Is it an isolated network? Is a test environment available and can it just be de-commissioned? What applications have custom maps? Are there network appliances that use NIS authentication? Does the network appliance support Kerberos? Does the network appliance support LDAP with a starting base DN? Does the network appliance support Active Directory authentication? What are the costs for replacing legacy network appliances? Phase 2. Migrate the Users to Use their Active Directory Credentials Create a DirectControl Zone in Active Directory with the same name as the NIS domain. Install the DirectControl Agent on all the NIS clients where possible. Join the NIS clients to Active Directory and add them to the DirectControl Zone. Import the users and groups and standard NIS maps into Active Directory using the DirectControl Administrator Console CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 12
16 Install the DirectControl Agent on the NIS servers. Join the NIS servers to Active Directory and add them to the DirectControl Zone. Schedule down time, and stop the legacy NIS servers. Install and start the DirectControl Network Information Service (adnisd) on the NIS servers. Phase 3 Replace Standard NIS Maps Use Centrify scripts to decommission automount map. Replace the netgroups map: Create Active Directory groups to manage pam/allow and pam/deny settings. Create DirectControl Zones and add machines and users to them. Set up any Active Directory groups needed as filters for access to different groups of computers in another DirectControl Zone. (DirectControl provides tools such as its ZoneGen utility to help with this task.) Decommission legacy maps such as rpc, services, and netid. Phase 4. Decommission Custom NIS Maps Modify or re-write applications that use legacy NIS data to use a standard LDAP interface to retrieve the information from Active Directory. Modify or re-write applications that use legacy NIS data to use a database or other technologies based upon the application Phase 5. Remove NIS Servers If all maps can be removed then NIS servers are no longer used If standard maps cannot be eliminated, another alternative is to use DirectControl s Group Policy: Add the needed maps to Active Directory sysvol and then use the DirectControl Group Policy feature to copy those files to the machines that require the maps. Make sure that NSS switch has files specified and remove nis. NIS servers can be removed earlier depending on what maps an organization is using. It can vary from one NIS domain to another within an organization. Like any migration. it takes time and careful planning, but it is possible to accomplish the removal of NIS. These recommendations also work for NIS+ where possible. If the NIS+ domain can run in NIS compatibility mode, then the DirectControl Network Information Service can be used as part of the migration. If the NIS+ domain cannot be in NIS compatibility mode, 2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 13
17 then using Active Directory groups, along with DirectControl Zone technology and DirectControl utilities, a migration can be performed using the steps mentioned in the general guidelines of this white paper. In summary, Centrify provides product, process, and tools to help customers perform NIS migrations according to their requirements. 5 How to Contact Centrify North America (And All Locations Outside EMEA) Centrify Corporation 444 Castro St., Suite 1100 Mountain View, CA United States Europe, Middle East, Africa (EMEA) Centrify EMEA Asmec Centre Merlin House Brunel Road Theale, Berkshire, RG7 4AB United Kingdom Sales: +1 (650) Sales: Enquiries: Web site: info@centrify.com CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 14
Centrify Infrastructure Services
Centrify Infrastructure Services Network Information Service Administrator's Guide August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this document
More informationDirectControl and RSA SecurID
WHITE PAPER CENTRIFY CORP. DirectControl and RSA SecurID NOV 2010 Enabling Active Directory users to authenticate to Unix/Linux using SecurID tokens ABSTRACT This document describes the steps necessary
More informationKerberos-enabled applications. Core services for UNIX shell programs and applications. Kerberos environment. Centrify DirectControl Service Library
Understanding Centrify DirectControl Agents The Centrify DirectControl Agent makes a UNIX, Linux, or Mac OS X computer look and behave like a Windows client computer to Active Directory. The Centrify DirectControl
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationAbout One Identity Quick Connect for Base Systems 2.4.0
One Identity Quick Connect for Base Systems 2.4.0 October 2018 These release notes provide information about the One Identity Quick Connect for Base Systems release. About New features Resolved issues
More informationTechnical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems
Technical Overview of in Windows 7 and Windows Server 2008 R2 Microsoft Windows Family of Operating Systems Published: January 2009 This document supports a preliminary release of a software product that
More informationVeritas Provisioning Manager
Veritas Provisioning Manager Automated server provisioning, part of the Veritas Server Foundation suite, automates server provisioning and management from physical bare metal discovery and OS installation
More informationInteroperability of Bloombase StoreSafe and Thales payshield for Data-at-Rest Encryption
Bloombase Interoperability Program P1 2015 Bloombase, Inc. Interoperability of Bloombase StoreSafe and Thales payshield for Data-at-Rest Encryption December 2015 Executive Summary Thales payshield enterprise
More informationCentrify Suite Enterprise Edition Self-Paced Training
CENTRIFY DATASHEET Centrify Suite Enterprise Edition Self-Paced Training Overview The process of installing, configuring, and troubleshooting the Centrify software is easy, once you understand the fundamentals.
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Evaluation Guide for Windows November 2017 (release 2017.2) Centrify Corporation Legal notice This document and the software described in this document are furnished under
More informationMicrosoft Office Groove Server Groove Manager. Domain Administrator s Guide
Microsoft Office Groove Server 2007 Groove Manager Domain Administrator s Guide Copyright Information in this document, including URL and other Internet Web site references, is subject to change without
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Deployment Manager User s Guide September 2017 (release 2017.2) Centrify Corporation Legal notice This document and the software described in this document are furnished
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Administrator s Guide for Windows November 2017 (release 2017.2) Centrify Corporation Legal notice This document and the software described in this document are furnished
More informationAuthentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide
Authentication Services ActiveRoles Integration Pack 2.1.x Administration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.
More informationSafe AutoLogon Password Server
Safe AutoLogon Password Server Product Overview White Paper Software version: 8.0 www.wmsoftware.com Contents Introduction... 1 Safe AutoLogon... 1 A Complete Solution: Safe AutoLogon + Safe AutoLogon
More informationIndependent DeltaV Domain Controller
Independent DeltaV Domain Controller The domain controller functionality can be de-coupled from the ProfessionalPLUS / Application stations in DeltaV systems version 14.3 and higher. Table of Contents
More informationMicrosoft Exchange Server SMTPDiag
Microsoft Exchange Server SMTPDiag Contents Microsoft Exchange Server SMTPDiag...1 Contents... 2 Microsoft Exchange Server SMTPDiag...3 SMTPDiag Arguments...3 SMTPDiag Results...4 SMTPDiag Tests...5 Copyright...5
More informationCentrify for QRadar Integration Guide
Centrify for QRadar Integration Guide November 2017 Centrify Corporation Abstract This integration guide is to help our Centrify Infrastructure Services customers easily integrate Centrify events into
More informationIncrease user productivity and security by integrating identity management and enterprise single sign-on solutions.
Security management solutions White paper Increase user productivity and security by integrating identity management and enterprise single sign-on solutions. April 2006 2 Contents 2 Overview 3 Rely on
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Administrator s Guide for Mac September 2017 (release 2017.2) Centrify Corporation Legal notice This document and the software described in this document are furnished
More informationSubtitle: Join Sun Solaris Systems to Active Directory with Likewise
Keywords: join solaris to active directory, solaris active directory integration, solaris AD, solaris active directory, solaris winbind, Sun Identity Manager, Unix authentication, solaris authentication,
More informationRED HAT ENTERPRISE LINUX: ACTIVE DIRECTORY - CLIENT INTEGRATION OPTIONS
RED HAT ENTERPRISE LINUX: ACTIVE DIRECTORY - CLIENT INTEGRATION OPTIONS TECHNOLOGY BRIEF INTRODUCTION For many organizations, Microsoft Active Directory is the hub for user identity management. Typically,
More informationRemote Support Security Provider Integration: RADIUS Server
Remote Support Security Provider Integration: RADIUS Server 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Configuration and Tuning Reference Guide August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this document are furnished
More informationIBM Spectrum LSF Version 10 Release 1. Readme IBM
IBM Spectrum LSF Version 10 Release 1 Readme IBM IBM Spectrum LSF Version 10 Release 1 Readme IBM Note Before using this information and the product it supports, read the information in Notices on page
More informationOne Identity Quick Connect for Base Systems 2.4. Administrator Guide
One Identity Quick Connect for Base Systems 2.4 Administrator Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Configuration and Tuning Reference Guide December 2018 (release 18.11) Centrify Corporation Legal Notice This document and the software described in this document are furnished
More informationDomain Isolation Planning Guide for IT Managers
Domain Isolation Planning Guide for IT Managers Microsoft Corporation Published: March 28, 2005 Author: James R. Morey Editor: Rosanne Newland Abstract Designed for enterprise IT managers who are investigating
More informationBull. AIX 5L Network Information Services (NIS and NIS+) Guide AIX ORDER REFERENCE 86 A2 56EM 01
Bull AIX 5L Network Information Services (NIS and NIS+) Guide AIX ORDER REFERENCE 86 A2 56EM 01 Bull AIX 5L Network Information Services (NIS and NIS+) Guide AIX Software October 2005 BULL CEDOC 357 AVENUE
More informationOne Identity Management Console for Unix 2.5.1
One Identity Management Console for Unix 2.5.1 October 2017 These release notes provide information about the One Identity Management Console for Unix release. NOTE: This version of the One Identity Management
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Express Administrator s Guide for Linux and UNIX August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this document
More informationAuthlogics Forefront TMG and UAG Agent Integration Guide
Authlogics Forefront TMG and UAG Agent Integration Guide With PINgrid, PINphrase & PINpass Technology Product Version: 3.0.6230.0 Publication date: January 2017 Authlogics, 12 th Floor, Ocean House, The
More informationCentrify for Splunk Integration Guide
July 2018 Centrify Corporation Abstract This guide is written for Centrify Infrastructure Services customers who want to integrate Centrify events with Splunk. Legal Notice This document and the software
More informationNetBackup Collection Quick Start Guide
NetBackup Collection Quick Start Guide This whitepaper is intended for IT professionals, IT managers, and IT personnel responsible for the planning, setup, and/or administration of Veritas Information
More informationCentrify Infrastructure Services
Centrify Infrastructure Services User's Guide for Windows August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this document are furnished under and
More informationNimsoft Monitor Server
Nimsoft Monitor Server Configuration Guide v6.00 Document Revision History Version Date Changes 1.0 10/20/2011 Initial version of Nimsoft Server Configuration Guide, containing configuration and usage
More informationRSA Authentication Manager 7.1 Help Desk Administrator s Guide
RSA Authentication Manager 7.1 Help Desk Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationCentrify for Google G Suite Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Google G Suite Deployment Guide Abstract Centrify protects against the leading point of attack used in data breaches compromised credentials. Centrify Application
More informationCentrify Infrastructure Services
Centrify Infrastructure Services License Management Administrator s Guide December 2018 (release 18.11) Centrify Corporation Legal Notice This document and the software described in this document are furnished
More informationAgent Installation Using Smart Card Credentials Detailed Document
Agent Installation Using Smart Card Credentials Detailed Document Publication Date: Sept. 19, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document is to
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationSymprex Out-of-Office Extender
Symprex Out-of-Office Extender User's Guide Version 7.0.0. Copyright 017 Symprex Limited. All Rights Reserved. Contents Chapter 1 1 Introduction 1 System Requirements Permissions Requirements Chapter On-Premises
More informationSRT210. The Pragmetic art of Administration. NIS Server. Raymond Chan
1 SRT210 The Pragmetic art of Administration NIS Server Raymond Chan Seneca College of Applied Technology School of Information & Communications Technology 2 What is NIS? A Name Service developed by Sun
More informationAimetis Symphony Mobile Bridge. 2.7 Installation Guide
Aimetis Symphony Mobile Bridge 2.7 Installation Guide Contents Contents Introduction...3 Installation... 4 Install the Mobile Bridge... 4 Upgrade the Mobile Bridge...4 Network configuration... 4 Configuration...
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More Quick Start Using Leostream with Citrix XenDesktop 7 and HDX Version 8.1 January 14, 2016 Contacting
More informationCentrify Infrastructure Services
Centrify Infrastructure Services Evaluation Guide for Linux and UNIX August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this document are furnished
More informationCA GovernanceMinder. CA IdentityMinder Integration Guide
CA GovernanceMinder CA IdentityMinder Integration Guide 12.6.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationProduct Update: ET82U16-029/ ET81U EventTracker Enterprise
Product Update: ET82U16-029/ ET81U16-033 EventTracker Enterprise Publication Date: Oct. 18, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Update: ET82U16-029/ ET81U16-033
More informationVeritas NetBackup Appliance Security Guide
Veritas NetBackup Appliance Security Guide Release 2.7.3 NetBackup 52xx and 5330 Veritas NetBackup Appliance Security Guide Document version: 2.7.3 Legal Notice Copyright 2016 Veritas Technologies LLC.
More informationReceive and Forward syslog events through EventTracker Agent. EventTracker v9.0
Receive and Forward syslog events through EventTracker Agent EventTracker v9.0 Publication Date: July 23, 2018 Abstract The purpose of this document is to help users to receive syslog messages from various
More informationIBM Tivoli Directory Server Version 5.2 Client Readme
IBM Tivoli Directory Server Version 5.2 Client Readme GI11-4150-00 IBM Tivoli Directory Server Version 5.2 Client Readme GI11-4150-00 Note Before using this information and the product it supports, read
More informationDameWare Server. Administrator Guide
DameWare Server Administrator Guide About DameWare Contact Information Team Contact Information Sales 1.866.270.1449 General Support Technical Support Customer Service User Forums http://www.dameware.com/customers.aspx
More informationInstallation Guide Advanced Authentication - Logon Filter. Version 6.1
Installation Guide Advanced Authentication - Logon Filter Version 6.1 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationTivoli Access Manager for Enterprise Single Sign-On
Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter Installation and Setup Guide GC23-6353-00 Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter Installation
More informationEnabling Smart Card Logon for Mac OS X Using Centrify Suite
DoD Public Key Enablement (PKE) Reference Guide Enabling Smart Card Logon for Mac OS X Using Centrify Suite 2012.4 Contact: dodpke@mail.mil URL: http://iase.disa.mil/pki-pke/ URL: http://iase.disa.smil.mil/pki-pke/
More informationLaserfiche Rio 10.3: Deployment Guide. White Paper
Laserfiche Rio 10.3: Deployment Guide White Paper January 2018 Table of Contents How Laserfiche Licensing Works... 4 Types of Licenses... 4 Named User Licenses... 4 WebLink Public Portal Licenses... 6
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager
VMware Identity Manager Cloud Deployment Modified on 01 OCT 2017 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The
More informationSun Certified System Administrator for the Solaris 10 OS Bootcamp
Sun Certified System Administrator for the Solaris 10 OS Bootcamp Student Guide - Volume 3 SA-997 Rev A (SA-202-S10-C.2) D63735GC10 Edition 1.0 D64505 Copyright 2008, 2010, Oracle and/or its affiliates.
More informationEnhancing VMware Horizon View with F5 Solutions
Enhancing VMware Horizon View with F5 Solutions VMware Horizon View is the leading virtualization solution for delivering desktops as a managed service to a wide range of devices. F5 BIG-IP devices optimize
More informationCentrify Suite Group Policy Guide. Centrify Corporation. June 2013
Centrify Suite 2013 Group Policy Guide June 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license
More informationDeploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)
Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) Microsoft Corporation Published: June 2004 Abstract This white paper describes how to configure
More informationPreface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.
Preface to the First Edition p. xv Preface to the Second Edition p. xvii Acknowledgments p. xix UNIX Operating System Environment p. 1 UNIX: Past and Present p. 2 History and Growth of UNIX p. 2 Flavors
More informationWatchGuard XTMv Setup Guide
WatchGuard XTMv Setup Guide All XTMv Editions Copyright and Patent Information Copyright 1998 2011 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, LiveSecurity, and
More informationInstallation Guide Advanced Authentication Windows Authentication Agent. Version 6.1
Installation Guide Advanced Authentication Windows Authentication Agent Version 6.1 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,
More informationEnabling Smart Card Logon for Linux Using Centrify Suite
DoD Public Key Enablement (PKE) Reference Guide Enabling Smart Card Logon for Linux Using Centrify Suite 2012.4 Contact: dodpke@mail.mil URL: http://iase.disa.mil/pki-pke/ URL: http://iase.disa.smil.mil/pki-pke/
More informationSymbolics Network File System (NFS) User s Guide. Introduction to Symbolics Network File System (NFS)
Symbolics Network File System (NFS) User s Guide Introduction to Symbolics Network File System (NFS) Symbolics NFS is a user-transparent remote file access protocol. Symbolics NFS is a fully symmetrical
More information4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access
4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access RADIUS Channel Integration Handbook Document Version 2.2 Released May 2013 hidglobal.com Table of Contents List of Figures... 3 1.0 Introduction...
More informationNetwork Protocols What is a stateless Network Protocol?
What is a stateless Network Protocol? All information about a connection is passed from client to server to client in messages No connection information is saved at the Server What is a stateless Network
More informationModule 5: Integrating Domain Name System and Active Directory
Module 5: Integrating Domain Name System and Active Directory Contents Overview 1 Lesson: Configuring Active Directory Integrated Zones 2 Lesson: Configuring DNS Dynamic Updates 14 Lesson: Understanding
More informationIntegrating FusionLayer Infinity With Microsoft AD. A White Paper by FusionLayer Inc.
Integrating FusionLayer Infinity With Microsoft AD A White Paper by FusionLayer Inc. June 2018 Copyright 2018 FusionLayer Inc. All rights reserved. No part of this publication may be reproduced, stored
More informationWhat s New in BID2WIN Service Pack 4
What s New in BID2WIN Service Pack 4 BID2WIN Software, Inc. Published: August, 2006 Abstract BID2WIN 2005 Service Pack 4 includes many exciting new features that add more power and flexibility to BID2WIN,
More informationInstallation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:
EventTracker Enterprise Install Guide 8815 Centre Park Drive Publication Date: Aug 03, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users install
More informationSecurity Provider Integration RADIUS Server
Security Provider Integration RADIUS Server 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationCONFIGURING SSO FOR FILENET P8 DOCUMENTS
CONFIGURING SSO FOR FILENET P8 DOCUMENTS Overview Configuring IBM Content Analytics with Enterprise Search (ICA) to support single sign-on (SSO) authentication for secure search of IBM FileNet P8 (P8)
More informationForescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2
Forescout Version 1.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationSecurity Provider Integration: Kerberos Server
Security Provider Integration: Kerberos Server 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are the
More informationRelease Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)
Release Notes IBM Security Identity Manager GroupWise Adapter Version 6.0.2 First Edition (September 13, 2013) This edition applies to version 6.0 of IBM Security Identity Manager and to all subsequent
More informationOverview. Business value
PRODUCT SHEET CA Top Secret for z/vse CA Top Secret for z/vse CA Top Secret for z/vse provides innovative and comprehensive security for business transaction environments which enable your business to
More informationOpen Text Notice. Deployment Guidance Solutions for Microsoft Office SharePoint Server 2007 and Open Text Services A Joint White Paper
Deployment Guidance for Solutions With Microsoft Office SharePoint Server 2007 and Open Text Content Lifecycle Management Services for SharePoint A Joint White Paper Published: July 2008 Open Text Notice
More informationOne Identity Quick Connect Sync Engine Administrator Guide
One Identity Quick Connect Sync Engine 5.5.0 Administrator Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationMigrating vrealize Automation 6.2 to 7.2
Migrating vrealize Automation 6.2 to 7.2 vrealize Automation 7.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationUpgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.
Upgrading to EventTracker v7.1 Enterprise Upgrade Guide 8815 Centre Park Drive Publication Date: Apr 11, 2011 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to
More informationEnhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise
Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise Publication Date: Oct. 28, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Update:
More informationIntegrating Nixu IPAM with Microsoft AD. White Paper January 2011
Integrating Nixu IPAM with Microsoft AD White Paper January 2011 DNS, DHCP and IP Address Management (IPAM) in Microsoft AD Environments Organizations running Microsoft DNS and DHCP services have traditionally
More informationDell Storage Compellent Integration Tools for VMware
Dell Storage Compellent Integration Tools for VMware Version 4.0 Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your
More informationSiebel Installation Guide for Microsoft Windows
Siebel Installation Guide for Microsoft Windows Siebel 2018 (Applies to Siebel CRM Updates 18.4 through 18.9) September 2018 Copyright 2005, 2018 Oracle and/or its affiliates. All rights reserved. This
More informationCentrify for ArcSight Integration Guide
July 2018 Centrify Corporation Abstract This guide is written for Centrify Infrastructure Services customers who want to integrate Centrify events with ArcSight. Legal Notice This document and the software
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Red Hat Enterprise Linux 5 Symantec ESM Baseline Policy Manual for CIS Benchmark for Red Hat Enterprise Linux 5 The software
More informationCentrify for ArcSight Integration Guide
Centrify for ArcSight Integration Guide November 2017 Centrify Corporation Abstract This integration guide is to help our Centrify Infrastructure Services customers easily integrate Centrify events into
More informationMarch 2011
Oracle Enterprise Single Sign-on Logon Manager Best Practices: Configuring the ESSO-LM Agent Release 11.1.1.5.0 21004-01 March 2011 Oracle Enterprise Single Sign-on Logon Manager Best Practices: Configuring
More informationTivoli Access Manager for Enterprise Single Sign-On
Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Web Viewer Installation and Setup Guide SC32-1991-03 Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Web Viewer Installation
More informationIBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM
IBM Cloud Orchestrator Content Pack for IBM Endpoint Manager for Software Distribution IBM IBM Cloud Orchestrator Content Pack for IBM Endpoint Manager for Software Distribution IBM Note Before using
More informationIntegrating FusionLayer IPAM with Microsoft AD. A White Paper by FusionLayer
Integrating FusionLayer IPAM with Microsoft AD A White Paper by FusionLayer June 2012 Copyright 2015 FusionLayer, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval
More informationCentrify Isolation and Encryption Service
Centrify Isolation and Encryption Service Isolation and Encryption Service Evaluation Guide August 2018 (release 18.8) Centrify Corporation Legal Notice This document and the software described in this
More informationTivoli Access Manager for Enterprise Single Sign-On
Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter User's Guide SC23-6342-00 Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 Kiosk Adapter User's Guide SC23-6342-00
More information