I mentioned in my previous post that one of the new capabilities in QAS 4.0 is auditing, alerting and change tracking. I thought I would give you some further information on this benefit. The best benefit being that auditing, alerting and change tracking is included with QAS 4.0 at no additional charge.
Q) Why would someone care about auditing, alerting, and change tracking in an AD bridge solution?
A) When organizations make the key decision to integrate Unix with Active Directory they expand the scope and strategic importance of Active Directory. As a result it is critical to provide visibility into the Unix-centric data, which is now managed by AD. Authentication Services 4.0 addresses this challenge by delivering the ability to audit, alert, and show detailed change history of this Unix-centric information being managed by Active Directory.
Without these capabilities AD bridge administrators are either blind to any changes made to Unix-centric information managed by Active Directory or are forced to implement/purchase a 3rd party solution, if one even exists.
Q) How does Authentication Services’ audit capabilities compare to other solutions?
A) This is a unique and critical differentiator for Quest. There are several competitive vendors in the AD bridge space but no vendor except Quest can offer these benefits as an integrated and included component of its AD bridge solution.
Q) How much does the audit capabilities of Authentication Services 4.0 cost?
A) There is no additional cost for audit, alerting, and change tracking, it is considered a new feature of Authentication Services 4.0 and is available to new customers and to existing customers that upgrade to the 4.0 product as part of their existing relationship with Quest.
Q) How does Authentication Services 4.0 handle the licensing for alerting, audit, and change tracking?
A) Quest Authentication Services 4.0 includes a special license key for Quest ChangeAuditor 5.0. When this license key is added to ChangeAuditor it unlocks a number of unique, Authentication Services-specific events.
Q) How does integration with ChangeAuditor work – technically?
A) Change Auditor 5.0 has been enhanced to support dozens of new events related to Authentication Services and Unix-centric information stored in Active Directory. When the provided license key is added these Authentication Services-specific events are unlocked and made available in the Change Auditor console.
Q) What are some sample use-cases for the ChangeAuditor functionality?
A1) Imagine that an organization is using Active Directory Group Policy to manage Unix systems and specifically has a policy that permits a Unix system administrator to access to every Unix machine. If someone edits this Group Policy and, for example, grants additional users this access, Authentication Services can now grant immediate visibility into these changes. An alert can be generated; organizations can audit who made the change, when, and from where; and a detailed history on what the policy was before and after the change can be provided.
A2) For any number of compliance initiatives assume an organization needs to be able to prove it has control over its Unix-centric data in Active Directory. With this new functionality an organization can now alert, audit, and show change history for events such as Unix systems being joined to AD, AD users or groups being ‘Unix enabled’, or even changes to NIS data stored in Active Directory.
Technorati Tags: Quest Software,QSFT,Quest Authentication Services,Vintela,QAS,VAS,Active Directory,strong authentication,OTP,audit,compliance,privileged account management,identity management,Jackson Shaw