Centrify Server Suite 2016 - New features in action!

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#1 of 3 4,922
Accepted Solution

Centrify Server Suite 2016 - New features in action!

[ Edited ]

Centrify Server Suite 2016 - New features, New Platforms, New Possibilities = All about the New Perimeter

Just in time for the Holidays and the New Year Centrify delivered Server Suite 2016;  this release is focused on unleashing the power of the Centrify Platform:
  • Server Suite
  • Identity Service
  • Privilege Service
As well to continue to delight customers and prospects with product enhancements.
 
Here are a few short practice-run demos I just recorded:
 

Step-Up Authentication

Reporting Services

Local UNIX User and Group Management

CSS+CPS - Automation Unleashed

Centrify Start Menu for DirectAuthorize Windows, CLI Tools, PowerShell, GPOs

New Supported Platforms (CDC)

-  Windows 10 (x86_64)
-  Mac OS X 10.11 (x86_64)
-  Fedora 23 (x86, x86_64)
-  CentOS 6.7 (x86, x86_64)
-  Oracle Enterprise Linux 6.7 (x86, x86_64)
-  Red Hat Enterprise Linux Desktop 6.7 (x86, x86_64)
-  Red Hat Enterprise Linux Server 6.7 (x86, x86_64)
-  Red Hat Enterprise Linux Server 6.7 (ppc64 – no Power8)
-  Red Hat Enterprise Linux Desktop 7.2 (x86_64)
-  Red Hat Enterprise Linux Server 7.2 (x86_64)
-  Red Hat Enterprise Linux Server 7.0, 7.1, 7.2 (ppc64 – no Power8)
-  Scientific Linux 6.7 (x86, x86_64)
-  Ubuntu Desktop 15.10 (x86, x86_64)
-  Ubuntu Server 15.10 (x86, x86_64)
-  SUSE Linux Enterprise Desktop 11 SP4 (x86, x86_64)
-  SUSE Linux Enterprise Server 11 SP4 (x86, x86_64, ppc64, ia64)
-  SUSE Linux Enterprise Server 12 (ppc64 – no Power8)
-  Oracle Solaris 11.3 (x86_64, SPARC)
 
 In-Depth on Setp-Up Auth:
The MFA feature has been designed based on  your feedback:
a) Today's Multifactor authentication solutions feel a bit dated.  Expensive, bulky hard to manage and maintain.
b) They quite don't work with the principle that they exist to complement access control.  We have corrected that by integrating it with DirectAuthorize and with Centrify zones.
c) Provide relevant data:   Nowadays your coworkers can be anywhere in the world (same for your threat agents) having information like geo-location and being able to prompt for MFA based on different factors has been there from the begining with Centrify Identity Service.
d) On UNIX/Linux, no more dealing with PAM modules, Radius servers and odd-rules. 
e) We'll work internally for those who are "stuck" with a solution  (we have App notes for the major ones already).
 
mfa.PNG
 Enjoy!
Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant I
Posts: 4
Registered: ‎09-14-2015
#2 of 3 4,473

Re: Centrify Server Suite 2016 - New features in action!

We are running v.5.1.3. Run a report on our global zones sometimes takes hours even overnight. am definitely interested in Reporting Services. thanks for sharing. Local users/groups seem quick interesting.
Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#3 of 3 4,469

Re: Centrify Server Suite 2016 - New features in action!

[ Edited ]

DevOps,

 

Thanks for your feedback.  We heard you loud and clear and that's why the feature was created. The Centrify Reports feature has at a basic level 3 components:

 

  • An AD Sync:  to write the RBAC data contained in Centrify zones into SQL.
  • A SQL Server Database and Views:  data storage, logical views.
  • A set of SSRS reports (Classic, Attestation for SOX and PCI and Custom)

 

AD Sync

The first challenge was speed.  Unfortunately LDAP is not an interface optimized for queries.  Just like you mentioned, in fairly complex environment, certain complex reports will take a long time.  This was a tradeoff to have very little requisites to get Server Suite installed.  The way we solved it was by allowing customers to sync Centrify Zone data (roles, rights, assignments, etc) to AD into a SQL server database.  Since add/moves/changes to role assignments (via groups or users) grants or revokes access, we need to be able to know what's changed since the last sync. This can be configured based on your attestation or report generation needs.

 

The benefit here is that now you'll have an interface that is really optimized for queries and reporting (a relational database) and you're being very nice to your domain controllers.

 

The report services control panel allows to set up how frequently data from AD gets sync'd to SQL, the first time it will do a full sync, afterwards it does a delta sync; you can also see status, do configuration and troubleshooting.

control.PNG

 

SQL Server

Once the data is in SQL, you have several options.  You can "bring your own" reporting tool or use SQL Server Reporting Services.   You can use SQL Express, SQL Standard/Enterprise.  The Centrify bundles already include the bits for Express, you can leverage an existing SSRS infrastructure  as well.  Plenty of options here. 

As an example: some of the beta customers did very interesting things with tools like Tableau. 

 

In addition, we have documented all the database views in the Administrator's Guide for Reports.

 

Productivity and Security Attestation

The other motivation behind this feature (aside from speed and flexibility) was productivity.  Most IT Ops told us that you had to drop everything you were doing just to produce attestation reports or when challenged by a security person or an audit.  Now the security folks or auditors can get these attestation reports on their own via email or fileserver in different formats.

 

The reports when generated provide you with a summary (based on the type of report):

 

Here's a sample summary with data from one of my old demo environment:

summary.PNG

Here's a sample detail for the users report:

detail.PNG

 

All SSRS-based reports are customizable.  You'll need the proper permissions on the SSRS side, IE or the SQL Server report builder.

 

Since most of you (enterprises, highly-regulated organizations) are required to do attestation exercises at least quarterly, this should be a good starting point.

 

Lots of hard work went in to this from guys like Satish@SatishV, Albert @ac83124  and the whole engineering and QA crew.

 

Keep your ideas, feedback and suggestions coming.  My expectation is that hopefully some of you also share report definitions down the line.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: