Wednesday, March 27, 2013

ADFS is a Four Letter Word

ADFS = Active Directory Federation Service

In a recent blog post over at Okta they liken ADFS to be a four letter bad word. You can read the article but for the sake of completeness here are the most relevant parts:

Since its introduction with Windows Server 2008, Active Directory Federation Services (AD FS) 2.0 has been Microsoft’s answer to extending enterprise identity beyond the firewall. However, building an identity management solution with the AD FS toolkit has many hidden costs. While AD FS solves some identity challenges for Microsoft’s product family, as is typical from Microsoft, many more gaps exist when attempting to integrate with cloud or mobile applications from other vendors.

You might be considering implementing AD FS in your company, or maybe you already have.

For those of you considering it: AD FS is rarely free for enterprises. There are many hidden costs that creep up once companies decide to implement AD FS. IT departments must spend their time installing, configuring and maintaining each individual cloud application. That alone can easily cause headaches with IT.

For those of you have already implemented it: What if your company plans to scale from one application today to five, six or more in the next three years? Is your company’s IT department equipped to focus on tedious application installations instead of bigger projects?

Regardless, all the manually configured applications via AD FS require regular maintenance to ensure connectivity remains intact with corporate networks and infrastructure. In addition, there are server requirements and costs to consider and maintain.

The more you investigate @*F$ the more you might be interested in swapping it out for another four-letter word: Okta.
While I am not going to dispute what the author of the post states here I will pass along another four letter word that you can use for ADFS is FREE. Yes, that's right: FREE.

What's the context of that you ask? Well, it's simple. If I were a customer looking to buy a federation product - like the other four letter word Okta - I'd be using ADFS as a word to SAVE (another four letter word) money. How do you do that? Here's the conversation you can have:

You: I'm interested in your federation product. Here's my configuration. Can you give me a quote?

Them: Sure, based on what you've told me our product would cost you $XXX.

You: Are you kidding? Maybe I didn't explain my configuration or need correctly. Let me try again.

Them: No, that's the cost. $XXX.

You: Oh, well, you see, I can use ADFS for FREE.

Them: Well, nothing is free. Here, read this blog post, look at this ROI calculator, etc etc. (add other sales-type huffing and puffing here)

You: Yes, I understand what you are saying but ADFS is FREE. I might as well use ADFS at these prices.

Them: Well, maybe I have a little wiggle room. How about $Y?

Do you get the picture? My suggestion is when you talk to any of these vendors for federation software that you use a bunch of four letter words with them: ADFS, FREE and SAVE. You'll feel better and you won't have had to use a swear word once.

Saturday, February 09, 2013

Your Password Is Obsolete

I thought I would pass on this graphic I found at backgroudcheck.org!


Your Password is Obsolete

Monday, January 07, 2013

Integrating Quest Defender with Dell SonicWall for 2FA

I’ve been pretty busy over the last few months since the Dell acquisition. One of the things I’ve been wrapped up on is mapping out all of the potential Dell/Quest integrations across the identity & access management line of products and that leads to today’s blog post…

We’ve done some work with the Dell SonicWall team to integrate Quest’s two-factor authentication product (Quest Defender) with the SonicWall firewall/VPN appliance. As we expected, it wasn’t a difficult task and we’ve published the steps in a knowledge base article on our support site. You can access the doc by clicking here.

Now Dell SonicWall customers can leverage two-factor authentication and one-time passwords to protect their VPN connections now. In this day and age of enhanced security this integration enables that extra bit of assurance for our customers.

Happy New Year everyone!!!

Monday, December 17, 2012

Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available! …So what?

I’ve just read two articles over at ZDNet about the Samba 4.0 release:

Samba 4 released, brings Free alternative to Active Directory

Samba 4 is now slated for release on November 27

…and my reaction was literally: So what?

Samba has been around for years and they’ve been integrating with Windows from the beginning. So now they’ve just announced that they’ve landed on the moon but of our eyes are pretty much focused on Mars at the moment. It’s truly an amazing engineering feat ladies and gentlemen.

What do I mean? Well, having an Active Directory, plug compatible, non-Windows server might have been interesting 5-7 years ago but today it’s not. I’m not sure if anyone’s heard but many companies are extending to the cloud and that includes to Office 365. The reliance and need for Samba’s 4 “free alternative to Active Directory” is way too late to the party.

And, while I am on free I can just imagine the laughter coming from Microsoft’s support centers when some customer calls in with a problem they have with Samba 4’s Active Directory behavior. You get what you pay for ladies and gentlemen.

Oh, a small business might be interested in it? You’re kidding, right? A small business would be far more interested in using Office 365 or using Google than having the expertise to stand up a Samba 4 server.

Who cares?