Vintela Authentication ServicesREVIEWER: Tushar Vaghode, senior UNIX systems administrator for Adaptec.
BACKGROUND: Adaptec provides a complete suite of solutions that simplify storage deployments and allow organizations to easily upgrade to higher levels of capacity, data protection and performance to meet their growing storage needs. Adaptec's broad range of interoperable chips, add-in cards and network storage arrays gives businesses a seamless migration path from internal to external storage. All the products use a common management tool to simplify storage administration and reduce related costs.
PLATFORMS: Windows Server 2000, Solaris, HP-UX and Linux.
PROBLEM SOLVED: With such a wide range of platforms spread across locations throughout the U.S., Singapore and India, authentication and identity management was a real headache. Because we have dedicated NIS environments at each location, it was very difficult to manage users across all the sites. Simply keeping UIDs and GIDs consistent was a big problem. We tried to do it with scripts, but it was still tough and we had lots of duplication. The goal was to reduce the number of servers, decrease the number of systems to manage, and consolidate passwords, UIDs and GIDs across the whole planet in a single management pane. Active Directory (AD) is already deployed for our Windows systems and uses our existing hardware. Vintela Authentication Services (VAS) allowed us to leverage this existing infrastructure for a single Active Directory-based authentication and authorization solution that covered Windows, UNIX and Linux.
PRODUCT FUNCTIONALITY: Fundamentally, VAS extends the scope of our existing AD deployment to include systems that previously couldn't take advantage of the security, scalability and efficiency of AD. VAS creates a true, single point of management for all systems (including Windows Solaris, Linux and HP-UX) within the Active Directory infrastructure already in place. Through VAS, as a user logs on to Windows with his or her Windows login, the Kerberos ticket issued by Active Directory for secure access to Windows resources is repurposed for the appropriate UNIX and/or Linux systems. If a user is added in India, the change takes effect across the entire company. Now, rather than spend an entire day terminating an employee's rights and access, we can do it in approximately 20 seconds. The help desk can reset passwords or do group creation and deletion for UNIX without being given root access. Additionally, we don't need to involve the UNIX team. Basically, VAS cut down on our administrative burden by approximately 90 percent and saved the cost of one very expensive UNIX administrator dedicated to password administration.
STRENGTHS: VAS leverages our existing AD infrastructure for authentication and authorization of our UNIX and Linux resources. It creates a single point of administration for the entire enterprise and streamlines identity management. We wanted to use auto monitor maps, and those were built in to VAS.
WEAKNESSES: VAS hasn't added 64-bit support for Linux running on Itanium and Optiron (X86_64), although I hear it is coming and VAS does support 64-bit on many UNIX platforms.
SELECTION CRITERIA: In addition to Vintela Authentication Services, we looked at LDAP solutions, Novell eDirectory, NetScape and Microsoft Services for UNIX (SFU). VAS was the right fit because it maintained all user authentication and identity information in Active Directory. Also, VAS supports the entire NIS domain right out of AD. With VAS, we can do Apache and Samba same-user authentication from AD as well.
DELIVERABLES: Vintela Authentication Services provides a native extension of Active Directory beyond Windows to also include our UNIX and Linux systems. The advantages of AD can now be delivered for the rest of our enterprise.
VENDOR SUPPORT: Vintela has been very responsive with support and development. The best thing about working with Vintela is that they "get it."
DOCUMENTATION: The documentation is thorough and accurate. I was able to install and run VAS based solely on the product's documentation.
Vintela Authentication Services
333 South 520 West
Lindon, UT 84042
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access