This article describes the steps to install, configure and test the Centrify Reports feature included with Centrify Suite 2016. You will find this article useful if you're looking to accomplish the following goals:
- Increase the speed of Access and Privilege related reports
- Provide information to your Security or Audit counterparts for Access or Attestation purposes
- Automate Attestation report generation and delivery
- Provide a data source for custom report generation.
Disclaimer: This post is not a best practice, it's simply to aid you to study and test the feature before your consider it for production scenarios.
What is the Centrify Reports feature designed for?
It's designed to overcome the limitations of existing report generation via LDAP (speed), provide flexibility (SSRS or Bring your Own Reporting), and increase productivity (automate report generation and distribution).
Can you describe an example?
The typical scenario is that depending on your risk or regulatory profile you need to provide user entitlements (who has access to a server or collection of servers in a Centrify zone and what can they do with Privilege using DirectAuthorize). For example:
- Who has access to UNIX/Linux or Windows Server? What privileges do they have (dzdo/dzwin)? What AD object grants access?
- Who can access this collection of systems? What privileges do they have (dzdo/dzwin)?
These entitlement reports, are used typically in attestation exercises. Attestation may be done manually (you get together an ratify that these are the proper people that should have access) or automatically using a Security Governance tool (at that point, a feed is inserted to the tool).Read more...
Organizations can always count with the reliability of IBM hardware, operating systems and utilities for mission critical applications. That’s why Centrify has invested in certifying the product lines with IBM infrastructure.
This post discusses the DB2 SSO Module; this plugin (like the Apache HTTP and Java plugins) leverages the Active Directory integration capabilities and robustness of the Centrify agent to provide additional value and functionality to DB2 implementations.
The DB2 plugin provides the following benefits:
- No need to keep users local to the UNIX/Linux system to support DB2: When used natively, DB2 users need to have user accounts in the local /etc/passwd file. The DB2 enables AD users to access DB2 so the benefits of Unified Identity, Centralized Administration, Streamlined Authentication and Policy Enforcement are organically attained.
In practical terms: no more getting dinged by auditors when the account of a long-gone user is found active in the /etc/passwd of a DB2 system.
- Long login names: Support for logins that are longer than 8 characters
- Single Sign-on (SSO): Centrify enables SSO to DB2 leveraging the GSSAPI
- Active Directory Group Support: AD group memberships can be leveraged to grant entitlements inside DB2.
This is one of the best Database to AD integration models out there.
This article covers setup, configuration and testing of the DB2 moduleon Linux 64 bit in a lab environment. We will focus on the User/Password and Group Plugin first since they enable a UNIX/Linux admin to set it up without any AD requirements. In a follow-up post we'll cover the SSO GSSAPI plugin.
Like any other DBMS, a true production implementation requires planning and understanding of the current environment.Read more...