Centrify Server Suite 2016 - New features in action!
12-28-2015 08:28 PM
Centrify Server Suite 2016 - New features, New Platforms, New Possibilities = All about the New Perimeter
- Server Suite
- Identity Service
- Privilege Service
Local UNIX User and Group Management
CSS+CPS - Automation Unleashed
Centrify Start Menu for DirectAuthorize Windows, CLI Tools, PowerShell, GPOs
New Supported Platforms (CDC)
Solved! Go to Solution.
01-07-2016 11:43 AM
01-07-2016 12:07 PM
Thanks for your feedback. We heard you loud and clear and that's why the feature was created. The Centrify Reports feature has at a basic level 3 components:
- An AD Sync: to write the RBAC data contained in Centrify zones into SQL.
- A SQL Server Database and Views: data storage, logical views.
- A set of SSRS reports (Classic, Attestation for SOX and PCI and Custom)
The first challenge was speed. Unfortunately LDAP is not an interface optimized for queries. Just like you mentioned, in fairly complex environment, certain complex reports will take a long time. This was a tradeoff to have very little requisites to get Server Suite installed. The way we solved it was by allowing customers to sync Centrify Zone data (roles, rights, assignments, etc) to AD into a SQL server database. Since add/moves/changes to role assignments (via groups or users) grants or revokes access, we need to be able to know what's changed since the last sync. This can be configured based on your attestation or report generation needs.
The benefit here is that now you'll have an interface that is really optimized for queries and reporting (a relational database) and you're being very nice to your domain controllers.
The report services control panel allows to set up how frequently data from AD gets sync'd to SQL, the first time it will do a full sync, afterwards it does a delta sync; you can also see status, do configuration and troubleshooting.
Once the data is in SQL, you have several options. You can "bring your own" reporting tool or use SQL Server Reporting Services. You can use SQL Express, SQL Standard/Enterprise. The Centrify bundles already include the bits for Express, you can leverage an existing SSRS infrastructure as well. Plenty of options here.
As an example: some of the beta customers did very interesting things with tools like Tableau.
In addition, we have documented all the database views in the Administrator's Guide for Reports.
Productivity and Security Attestation
The other motivation behind this feature (aside from speed and flexibility) was productivity. Most IT Ops told us that you had to drop everything you were doing just to produce attestation reports or when challenged by a security person or an audit. Now the security folks or auditors can get these attestation reports on their own via email or fileserver in different formats.
The reports when generated provide you with a summary (based on the type of report):
Here's a sample summary with data from one of my old demo environment:
Here's a sample detail for the users report:
All SSRS-based reports are customizable. You'll need the proper permissions on the SSRS side, IE or the SQL Server report builder.
Since most of you (enterprises, highly-regulated organizations) are required to do attestation exercises at least quarterly, this should be a good starting point.
Keep your ideas, feedback and suggestions coming. My expectation is that hopefully some of you also share report definitions down the line.