Review: Direct Control for administering Macs in a Windows world
Computerworld - Centrify's Direct Control for Mac is a complete solution for Active Directory environments in which you have to support Mac clients and need secure access to Mac OS X system components or must manage the user environment.
Direct Control allows you to join Mac OS X computers, as well as other versions of Unix/Linux, to Active Directory. You can organize them and delegate administration via organizational units known as zones. And you can manage them using a series of group policies specifically designed to work with Apple's managed preferences model.
Direct Control for Mac fulfills a common need. Although Macs typically make up a small fraction of the total number of PCs in a corporate network, they often still need access to the resources of that network. And they still need to be controlled and secured according to company policies and government regulations.
Apple does include some Active Directory support in Mac OS X. But that support is limited to letting users log into a Mac workstation using an Active Directory account. It provides very little support for securing local resources -- although, by default, it doesn't grant Active Directory users local administrator access, so there is some safeguard. But it provides no support for configuring a managed user environment.
Another major limitation is that Apple's Active Directory solution uses LDAP rather than Microsoft's ADSI protocol when authenticating users, and it doesn't support signed LDAP communication. This means that you must lower the domain security policy for Windows 2003 Server to support Mac clients, which can expose an Active Directory domain to increased risk of network attacks.
Direct Control for Mac offers full support for signed communication with Active Directory, although it does rely on Apple's variation of Samba to provide access to file shares and print queue, and this version of Samba doesn't support signed communication. Also, Directory Access uses the ADSI protocol. Further, Direct Control extends Active Directory's smart-card authentication support to work seamlessly with Mac OS X.
More important, Direct Control offers several server-side components that allow you to fully support Mac users by assigning the user ID (UID) and group ID (GID) attributes that Mac OS X relies upon for user identification and file permissions.
While all the above features make Direct Control for Mac a tempting solution, the fact that it includes a range for group policies that can be used to secure and manage the Mac OS X environment is what makes it an excellent solution.
Direct Control for Mac uses group policies that integrate with the client-side components of Apple's managed preference environment. The icing on the cake for Windows administrators is that Direct Control integrates well with Active Directory; managing Mac workstations has the same familiar feel as managing Windows PCs.
- Edison Group - Economic Advantages of SmartCloud Entry for Power Systems This white paper provides an assessment of the business value of implementing IBM SmartCloud Entry for Power Systems versus comparable private cloud solutions...
- Clipper: Moving to a Private Cloud? Infrastructure Really Matters! This Clipper Group paper outlines the importance of the underlying IT infrastructure for private cloud environments and lays the groundwork for clients navigating...
- Transform Your Data Center from Basic to Strategic by Increasing Operational Efficiency and Optimizing Intelligence Find out how data center and facilities management are able to use DCIM solutions and a pioneering "zone" approach to bridge the information...
- Pre-Configured Physical Infrastructures Save Time, Aid Validation When Building or Expanding the Data Center To optimize data center deployments many companies are turning to Pre-Configured Physical Infrastructures that arrive on-site ready to be deployed, reducing the time...
- Zoning in on Energy and Physical Infrastructure Management In this Webcast you will learn how to develop and execute a strategy to optimize the energy efficiency of your data center.
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Infrastructure Management White Papers | Webcasts