Linux, Unix devices benefit from a unified Active Directory environment

* Likewise Software provides the means to integrate non-Windows systems into a unified Active Directory system

An oil exploration company has numerous Linux and Unix devices that it's bringing into Active Directory through a unified directory tool. The project is already providing payback through operational efficiency, audit compliance and better security through privileged user access control.

Just the other day I was talking to Luis, a senior Unix administrator at an oil exploration company. He told me about an interesting IT project his company is undertaking. I thought his experience might be worthy of sharing with others who have similar challenges with authenticating and securing disparate platforms.

Like many other large companies, Luis’ employer has a mixed variety of Windows, Linux and Unix workstations. The Unix and Linux devices are necessary to support the vital scientific work the company’s geophysicists perform. These devices are located all around the world – some in main offices in places like Houston, London and Kuala Lumpur, and others in remote and inaccessible places like offshore platforms and vessels. What’s more, a single user could have as many as five or six login IDs to access various applications at different sites.

Luis readily admits this is an inefficient way to operate the total workstation environment. That’s one of the reasons they are now in the midst of rolling out a unified directory to provide better access control, single sign-on authentication, and group policy. The company is leveraging its investment in Microsoft Active Directory by bringing the Unix and Linux devices into the fold.

The product they’ve chosen to bring about the integration is Likewise Enterprise from Likewise Software. Luis says they preferred Likewise over other solutions because of the way Likewise allows them to do user identifier (UID) and group identifier (GID) masking across the different work centers. This enables them to authenticate users and groups by using UID/GID information from Activie Directory, and to centralize and simplify managing their Linux and Unix users.

The big benefit to the company is that they can now provision and de-provision users and be accountable for who has access to what system or application from one source. In addition, the end users get a single sign-on that works for every application they need to use.

Before implementing Likewise, Luis says the system administrators would send messages to their counterparts at other sites to let them know when someone has left the company and an account needed to be deactivated. Of course, the de-provisioning sometimes fell through the cracks, allowing for live accounts that posed a security threat.

Luis says he is now better able to support company audits and corporate compliance, especially for Sarbanes-Oxley. The audit reports that the company generates through Likewise validate that all of a user’s accounts have been closed as required when that employee leaves the company.

Likewise Software is one of several companies that provide the means to integrate non-Windows systems (including Apple Macs) into a unified Active Directory system. Centrify and Quest have similar unifying tools. All of them offer a great way to leverage a company’s investment in the existing Activie Directory infrastructure.

Companies that want to give Activie Directory authentication and single sign-on a try can ease into it with the free open source version of Likewise software called Likewise Open. It offers the opportunity to go from a chaotic state of no single identity store to a consolidated solution with authentication, authorization and an administrative console. Companies wanting more features like secure authentication, audit and reporting, and group policy management can upgrade to Likewise Enterprise.

Read more about Likewise Software in these Network World articles:

Likewise Software: sandwiched between Microsoft and open source

12 cool cross-platform tools for Windows, Macs and Linux

The Gap finds an IT tool that saves time, money

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in