Tuesday, January 16, 2007

AD integration with Linux/Unix

Of course, I assume most of you know that I came over to Quest from Vintela. At Vintela we spent a lot of time figuring out how to extend Microsoft's infrastructure products and technologies (Active Directory, Systems Management Server, Group Policy and Microsoft Operations Manager) to Unix & Linux. Generally, not the easiest of tasks.

I was bopping around the blogosphere and came across Scott Lowe's blog where he has a number of posts on Linux-Windows integration. Good stuff. It's interesting to see that he surfaces a lot of technical detail around this integration and discussion around Samba also.

Scott clearly has done a lot of work in this area but you can see how difficult this integration is. It's like one of those Mecanno toys you'd construct and if you got one thing wrong you had to deconstruct it and start over again. That's the whole reason d'etre of the Vintela products. Automate all of these details across all of the various platforms that customers are using. Scott presents the nuts and bolts of doing the integration but enabling things like group policy for Linux/Unix, automating UID/GID assignments, building out the PAM stack, automating the configuration of Kerberos, LDAP & NSS are tricky and necessary pieces to enabling true interoperability of not just the identities but also the applications.

I can't tell you how many customers I have met with who all have a similiar story that goes something like this...

  • We were able to integrate x flavors of Unix & Linux with Windows in our lab (x is usually >5)
  • For the last y months we have been trying to roll-out that work in production (y is usually 6-18 months)
  • We can't keep up with the number of versions of Unix & Linux that we have and the differences between each one so it makes maintenance very difficult
  • We can't get what we did in the lab to scale-out and scale-up to meet our operational demands
  • We've had a bunch of really smart people working on this (always true)
This is exactly where Vintela Authentication Services can help and why we commercialized a product in this area. This is a tough area but imagine where we'd be if Microsoft (and Linux/Unix) didn't support standards like Kerberos and LDAP?

Technorati Tags:
, , ,

No comments: