• United States

Citrix’s secret ingredient

Nov 17, 20033 mins
Access ControlCitrix SystemsEnterprise Applications

* Citrix’s MetaFrame Password Manager has unexpected component

A couple of months ago I raved about a new release from Citrix called MetaFrame Password Manager, a single sign-on product. While researching that newsletter I was struck by how closely the operation of MetaFrame Password Manager resembled Passlogix’s v-GO, but I chalked that up as an homage to the classic design of the venerable SSO application (imitation being the sincerest form of flattery and all that).

Turns out, though, that it’s not imitation. Passlogix provided the SSO part of MetaFrame Password Manager. Citrix merely avoided mentioning that in the press release and marketing materials.

Still, that doesn’t change how I feel about MetaFrame Password Manager; in fact it makes my recommendation even stronger. Few, if any, companies have been doing SSO longer than Passlogix. Few, if any, do it better.

It’s the simplicity of v-GO’s design coupled with rock-hard security that makes it such a perfect choice.

While you can spend time teaching v-GO about the applications you use and the authentications they use, its also quite content to sit back, watch what you’re doing and learn everything it needs to know to do auto-authentication whenever necessary.

I know a lot of you are fans of (or at least familiar with) Terry Pratchett’s Discworld books. Imps play an important role in Discworld, and v-GO could be considered as an imp-inspired technology. The v-GO imp sits quietly in his little home inside your keyboard. When you access something that requires you to authenticate, a little alarm goes off, the imp becomes active and he watches what you do. Since this imp has perfect memory, he can repeat the authentication whenever you again need to access that resource. You could, of course, sit down with the imp and instruct him in the ways of authentication for the resources you need to use but – in my experience – you’d probably leave out an important step which would cause you to have to un-instruct the imp (and they don’t forget easily), then start over. It’s so much easier to simply let the imp observe and learn, since that’s what their job is. Now you understand, don’t you?

The latest news from Passlogix, by the way, is that v-GO has been “ADAM-enabled” – that is, it will work with Microsoft’s new Active Directory Application Mode.

According to Passlogix CEO Marc Boroditsky, there are still far too many enterprise firms where use of a directory to store information is hemmed in and controlled by office politics rather than by good business practices. ADAM gives forward-thinking identity managers the ability to institute good identity practices without having to cozy up to someone holding directory space hostage to their political ambitions. Sounds good to me.