Friday, February 20, 2009

Easily Manage Hundreds of Apple Mac settings with Microsoft's Group Policy

This is the third post in my series about the innovation around Apple Mac group policies in Quest Software's Authentication Services 3.5 product. For reference, the previous two posts were:

Apple provides the means to manage many system settings through Workgroup Manager. A wide range of settings can be managed from modifying which items appear on a user's Dock, to setting the URL of your software update server. The design of Workgroup Manager makes the configuration of all of these settings easy. The main settings management screen can be seen in the graphic directly below.

While Apple's interface for managing system settings is well designed and easy to use, it requires the Apple Open Directory infrastructure that may not exist in many enterprise environments. Quest now provides the option to easily manage the growing number of MAC systems in the enterprise through the familiar Microsoft Group Policy framework. The newest release of Quest Authentication Services (3.5) includes support for managing your OSX client settings using the Group Policy Object Editor (GPOE), while still providing the same look and feel as Workgroup Manager (see below). In fact, Quest Authentication Services can literally manage hundreds and hundreds of Mac settings and with our ability to extend this via preference manifests we can practically manage an infinite number of settings.

Quest provides a very similar policy management experience for administrators who are already familiar Apple's Workgroup Manager. For example, compare the Apple interface for managing Dock display settings with Quest's interface.

The similarity between the interfaces is not specific to the Dock policy. If you are already familiar with managing settings from workgroup manager, finding the setting you want to manage will be no problem at all with QAS.

Quest also provides a remote file browser that comes in handy when you need to specify OSX file locations from a Windows based management console. A good example of this can been seen when attempting to add a new application to the Dock for group of users. When attempting this operation from Workgroup Manager you are directed to browse for the application path on the local file system. As you aren't likely to find the OSX path for Firefox anywhere on your Windows management workstation, the remote file browser enables you to securely connect to a Mac over SSH and browse for the path.

After providing a username and password for a remote OSX machine, you can browse to the location of your application and select it.

The MAC policy support of QAS 3.5 is exceptional in sheer number of manageable settings, but what really sets Quest apart is the extent to which they make it easy to manage Mac systems with Group Policy.

Any OSX administrators should feel right at home when managing their clients with Group Policy!

Technorati Tags:
, , , , , , , , , ,

Thursday, February 19, 2009

Novell recognizes privileged account management

Novell Strengthens Identity and Security Leadership Position Through Strategic Acquisitions

One of those acquisitions was of a company called Fortefi. According to the website:
Novell Privileged User Manager limits corporate susceptibility to unauthorized transactions and information access by helping organizations rapidly deploy super user management and tracking across all UNIX/Linux environments. The result: organizations can reduce the cost, complexity and risk associated with managing superusers across the enterprise.
Novell is the first suite vendor to jump into this market in a serious way (no, I don't consider TAMOS serious). I wonder how long before CA and IBM jump in with both feet? Who are the likely targets?

One other interesting note in the press release was the fact that Novell acquired the technology assets of Fortefi. Generally, this usually means that the company was swirling around the bankruptcy bowl and Novell just bought the intellectual property. I always wonder what a company is getting when they acquire the assets - after all, it usually means the product was already difficult to sell otherwise they wouldn't have been swirling the bowl. I guess time will tell, eh?

In either case, if you have been watching Novell like I have, you've seen these guys continue to build out their identity management portfolio. They've been a steady horse in this arena since they announced DirXML back in my Zoomit days.

p.s. Shout out to my friend Nick Nikols over at Novell: Good job Nick!

Technorati Tags:
, , , ,

Better Together Redux

Yesterday, I posted about some of the work I've been doing around "better together" scenarios. Not to be left out, one of my product managers promptly pointed out the awesome work he'd accomplished integrating Quest Password Manager and Defender. Here's the scenario:

  • Quest Password Manager enables end-users to self-service reset their Active Directory password.
  • The self-service is the typical self-service that is driven off your answers to a series of questions such as "What's your hat size?", "What's your favorite cocktail?", "What is the airspeed velocity of an unladen swallow?", etc.
  • Many companies have come to the conclusion that these questions are generally subject to social engineering attacks. After all, it isn't that hard to figure out the airspeed velocity of an unladen swallow with a bit of Google detective work.
  • With the acquisition of PassGo's Defender we were able to add in the capability for an end-user to reset their Active Directory password based on their response to a one-time password challenge either on its own or in combination with the end-user's questions and answers.
The basic result is a much more secure way of enabling end-users to reset their passwords.

Better together!

Technorati Tags:
, , , , , , ,

Wednesday, February 18, 2009

Better Together

Yesterday, I blogged about the new release of Quest Privilege Manager for Unix (v5.5). One thing that I spend a lot of time on is working with the product management team on "better together" scenarios. In other words, what individual products are better when paired with another product?

The QPM4U product is a great example of a product that generates audit information and, as such, that information could be considered sensitive or confidential. So one thing we added to the 5.5 version of the product was an actual pointer to our Defender product so a customer would be presented directly with information on how they could secure the information within QPM4U by using Defender. Here's a screen shot...

After all, we can't always rely on everyone to read the release notes or manuals can we?

Technorati Tags:
, , , , , , ,

Tuesday, February 17, 2009

New release of Quest Privilege Manager for Unix

Today, we released the 5.5 version of Quest's Privilege Manager for Unix product. This is one of the products that we acquired through the PassGo acquisition last year. Not only have the guys done a great job of integrating this product with Quest Authentication Services over the last year but they've done an awesome job innovating new reporting tools. Here's an example of some of the cool work that has been done around predictive and trend analysis within the Privilege Manager product:

Some of the other work that was accomplished in this 5.5 release includes...

New failover and load balancing

  • Failover enables Privilege Manager to switch over automatically to a standby server if the active server becomes unavailable. Failover is transparent to the user and ensures a high degree of availability and reliability.
  • Load balancing enables Privilege Manager to spread the workload between two or more servers, in order to achieve optimal resource utilization and increased reliability.

New reporting console - to enable analysis of Privilege Manager information for reporting and identification of trends and anomalies.

Improved and extended documentation - The Privilege Manager documentation has been supplemented by a number of new guides designed to facilitate new installations and provide a better reference for existing installations. New books include a Quick Start, A to Z Reference Guide and an Introduction to Policy Scripting.

Integration with Defender - Privilege Manager can take advantage of the benefits of supplementary two-factor authentication through integration with Quest’s Defender product.

Integration with Intrust - Privilege Manager event log integration with the Quest InTrust product.

LDAP policy queries - Privilege Manager policies can now support LDAP queries, allowing integration with existing Identity Management Systems.

Policy script conversion - a range of conversion utilities is now available to help support migration of policy files from other tools, e.g. sudo.

Enhanced pmksh shell and support for additional shells:

  • pmsh - a Privilege Manager enabled version of bourne shell
  • pmcsh - a Privilege Manager enabled version of c shell.
If you're already a Quest Privilege Manager customer you'll soon be notified about the upgrade.

There's a great whiteboard session on this product available, too. In fact, we have a bunch of great whiteboard sessions related to our identity management products that you can check out here:

Technorati Tags:
, , , , , , , ,

Friday, February 13, 2009

Speaking of France...

Here's an ad we ran on the radio over in France. We had really good results (leads, web site visits) from it, too!

Sometimes it's easy to forget that the it is not just a Google AdWords world out there...

Technorati Tags:

Thursday, February 12, 2009

Cloud computing - Sizzle to Fizzle?

What is the #1 concern of IT pros regarding cloud computing? It's security. 53% of the folks who responded to the Information Week Analytics Cloud Computing Survey cited this as their #1 concern. The concern occupying the #2 and #3 spots? Performance (33%) and control (31%). Until these numbers get a lot closer to zero it is going to be difficult to achieve cloud lift-off.

As pointed out in the article:
18 percent of the 456 business technology professionals surveyed said they were using cloud services, compared with 34 percent who have no interest. More than half said they are very concerned about security, with performance, control, and concerns over vendor lock-in and support rounding out the top five worries.
The security, performance and control concerns have to be alleviated. If not, then I think we're looking at another one of those groundhog day type moments: "It's the year of cloud computing!"

Know what I mean?

Technorati Tags:

Wednesday, February 11, 2009

Best buy for the Quest One Identity Solution, 5 stars for Defender

As awarded to us by SC Magazine in the February, 2009 issue for the Quest One Identity Solution.
Top drawer product, easy to manage, and a real value for the money. We rate this as our Best Buy for the month. We find this product to be a great value for the money based on its solid capability and ease of management.
We also got 5 stars for Quest Defender, our two-factor authentication product.
The Defender v5.3 from Quest Software provides strong two-factor authentication through a variety of token options. This solution is all-inclusive delivering both client-side and server-based functionality and management.
Not bad!

Technorati Tags:
, ,

Tuesday, February 10, 2009

Highlights from the US Army Symposium at Microsoft

I thought I would jot down some mental notes from a few of the sessions I saw today here at the U.S. Army Symposium at the Microsoft Conference Center:

Some of the highlights from Bob Muglia's keynote session:
  • Not surprising to see significant discussion by Bob around virtualization supporting on-premises and cloud services workloads. "Applications themselves need to support these concepts. There's a lot of complexity in existing applications. There's a lot of work still to do here." - How true!
  • Bob talked about his use of Microsoft Direct Access (part of Win7) while he is traveling. DA leverages IPSec, IPv6 and strong authentication to enable an end-user to access corporate resources without the use of a VPN. - Cool technology but is every data center Windows only?
  • I twittered that I was surprised that I didn't hear Bob once mention "identity management" despite the fact that it was listed by LTG Sorenson (Army CIO) as a key priority (along with federation).
RADM Elizabethe Hight who is the Vice-Director of the Defense Information Systems Agency presented the "DISA Enterprise". Some interesting comments from her...
  • Social networking is becoming more and more important as a communications mean between the armed forces and NGOs (non-goverment organizations) so they can share information. You can imagine that the NGOs all use Twitter, blogs and instant messaging yet our armed forces don't have that capability. I thought this was cool to see the embracing of social networking as a tool to help communicate with the outside world in times of crisis.
  • Also interesting to see the launching of the military's source forge to support open source development within the services.
  • Oh, and more comments about the importance of identity to the overall mission!
A very interesting set of presentations and a very different view on IT from our friends at the Army. I'm glad I was able to attend!

Technorati Tags:
, , , , ,

Temporary relocation of the Reality Tour - to Paris!

My wife and I are moving to Paris for 3 months! So, from approximately April 15-July 15, 2009 I'll be authoring my blog posts from there. Hopefully, most of my posts will be written sitting by La Seine, or in the various cafés around our apartment.

We've started another blog to share our Paris experiences here in case you want to follow along. And, of course, if any of you happen to be passing through Paris while we are there I'd love to hear from you. I'll buy you a pression (draft beer) or a café au lait. À bientôt!