Get to One

1
Get to One
Integrating Heterogeneous Systems for Security
and Management

• February 21, 2006

Reto Bachmann System Consultant Quest Software,
Switzerland
2
Corporate Solutions Schematic
3
Infrastructure Management Solutions

• We simplify, automate and secure your
  infrastructure with management, migration and
  integration capabilities.

4
Unix / Linux
Quest Infrastructure Management
Secure
5
Get to One
6
Why Stay Heterogeneous?

• Some applications are only available on
  non-Windows platforms or simply work better on
  them.
  
• Maintain competitive pressures on vendors.
• Flexibility and protection from the pitfalls of
  relying on a single vendor.
  
• Legacy systems already paid for, implemented
  and running smoothly.
  
• The heterogeneous enterprise is here to stay!

7
The Pressure to Streamline and Consolidate

• IT departments are under pressure to
• Control costs
• Streamline management
• Reduce TCO
• Make a heterogeneous enterprise perform
  economically like a homogenous environment.
  
• Compounded by regulations
• Gramm-Leach-Bliley Act
• HIPAA
• Sarbanes-Oxley Act

8
Web Services
Configuration Management
Authentication and Identity Management
Systems Management
Health Monitoring
Messaging Management
IT InfrastructurePain Points
9
The Homogenous Network

• How Windows does access, authentication and
  authorization
  
• Active Directory (AD)
• True single sign-on
• Kerberos standard is the secret sauce
• Compliance is easy
• Single point of management
• The same applies for systems management,
  messaging, change and configuration management,
  systems monitoring, and so forth.

10
Web Services
Configuration Management
Authentication and Identity Management
Systems Management
Health Monitoring
Messaging Management
Microsoft Technology
.NET
Group Policy
AD MIIS
SMS 2003
MOM 2005
Exchange
Unix and Linux Technology
PHP Java CGI
Config Files /Ect. file systems .Profile, etc.
NIS PAM NSS
/Proc File sys Static Conf files OS-specific uti
lities
SAM, SMIT
/Proc SNMP OS-specific, application-specific eve
nt systems
Notes GroupWise
11
The Case for Standards

• Homogenous systems work well since all components
  speak the same language STANDARDS.
  
• Windows uniformly has implemented true industry
  standards in its infrastructure and management
  products
  
• Kerberos AD
• LDAP AD
• CIM SMS and MOM
• WBEM SMS and MOM
• Unix and Linux have no consistency
• Primitive standards or none at all
• PAM, NSS, NIS, SPNEGO, CGI, PHP and SNMP
• Each platform acts differently

12
Web Services
Configuration Management
Authentication and Identity Management
Systems Management
Health Monitoring
Messaging Management
Microsoft Technology
.NET
Group Policy
AD MIIS
SMS 2003
MOM 2005
Exchange
Industry Standards
No IntegrationBetween Systems
SOAP
Kerberos LDAP
WBEM
WBEM SNMP
Unix and Linux Technology
PHP Java CGI
Config Files /Ect. file systems .Profile, etc.
NIS PAM NSS
/Proc File sys Static Conf files OS-specific uti
lities
SAM, SMIT
/Proc SNMP OS-specific, application-specific eve
nt systems
Notes GroupWise
13
Using Standards to Integrate

• Both industry and de facto standards.
• Windows standards typically have nothing to do
  with Unix and Linux, and vice versa.
  
• Traditional solutions impose proprietary
  technology and add another layer of complexity
  
• Additional infrastructure
• Additional management for your management tool
• Lack key capabilities
• May not cover all required platforms
• The solution native-level integration of Unix
  and Linux standards with Windows standards.

14
Web Services
Configuration Management
Authentication and Identity Management
Systems Management
Health Monitoring
Messaging Management
Microsoft Technology
.NET
Group Policy
AD MIIS
SMS 2003
MOM 2005
Exchange
QuestMigration Suite for Exchange
Vintela Single Sign-on for Java
Vintela Authentication ServicesGroup Policy
Vintela Authentication Services
Vintela Management Extensions
Vintela Systems Monitor
Vintela Integration Architecture from Quest
Unix and Linux Technology
PHP Java CGI
Config Files /Ect. file systems .Profile, etc.
NIS PAM NSS
/Proc File sys Static Conf files OS-specific uti
lities
SAM, SMIT
/Proc SNMP OS-specific, application-specific eve
nt systems
Notes GroupWise
15
Pain Relief through Standards-based Integration

• Increased security
• Leverage secure Microsoft tools for non-Windows
  systems
  
• AD, Group Policy, SMS and MOM
• Enhanced compliance
• Extend the compliance of Microsoft tools (i.e.
  AD) to Unix, Linux and Java
  
• ROI
• Leverage existing tools for the rest of the
  enterprise
  
• Consolidation
• One tool/process/staff for all systems
• Simplification
• No additional infrastructure

16
Integration Available to the Masses

• Commercial Solutions
• Vintela Authentication Services
• AD-based access, authentication, and
  authorization for Unix and Linux
  
• Vintela Single Sign-on for Java
• AD-based single sign-on for Java/J2EE
  applications and services
  
• Vintela Management Extensions
• SMS for Unix, Linux and Mac
• Vintela Systems Monitor
• MOM for Unix, Linux and Mac

17
Vintela Authentication Services

• Native integration of Unix and Linux into AD
• Enables AD-based single sign-on for heterogeneous
  systems (Unix and Linux)
  
• Secure authentication and access management
• Integration, not synchronization, between diverse
  systems
  
• All credentials reside within AD
• Complete NIS replacement
• Very high priority in most Unix shops
• Unix identity management using RFC 2307 schema
• Standards-based storage of Unix and Linux
  identity information
  
• Built into AD R2
• Extensive platform support
• HP-UX, AIX, Solaris, RedHat, SuSE (virtually all
  OS versions)
  
• Extensible framework that extends Microsoft Group
  Policy to Unix and Linux clients through the
  native AD interface.

18
Integration in ActiveDirectoryVintela
Authentication Services
19
Integration in ActiveDirectoryVintela Group
Policy
20
Vintela Single Sign-on for JavaExtending Active
Directory to J2EE

• Natively integrates J2EE servers with Active
  Directory
  
• Enables true SSO for Java applications with
  Windows
  
• Utilizes LDAP and Kerberos for Web services
• Full Java implementation of Kerberos, gss-api
• Identity interoperability with .NET
• Foundation for ADFS
• J2EE platforms supported
• Tomcat JBoss
• BEA WebLogic
• IBM WebSphere
• Oracle AS (9i 10g)

21
SSO for Web Apps / SAP (Unix / Microsoft )
Windows
Kerberos
John Doo
SPNEGO
Browser
VSJ
22
Vintela Management Extensions

• Microsoft Systems Management Server (SMS) 2003
  snap-in that allows IT administrators to manage
  Unix, Linux, and Mac OS X systems within SMS
  
• Extends the existing SMS framework and
  administrative tools
  
• Vintela Management Extensions client acts like an
  SMS Advanced Client
  
• WBEM/CIM basedfunctionally WMI for
  UnixStandards!
  
• Reporting
• Unix, Linux, and Mac system information is
  included in the same SMS database as Windows
  information
  
• Fits into the standard SMS reporting paradigm
• Native systems management for non-Windows
  environments
  
• Solaris, HP-UX, AIX, Mac OS X, RedHat and SuSE

23
Vintela Management Extension Capabilities

• Client push install
• Software distribution
• Patch distribution
• Hardware/software inventory
• System discovery
• Software metering
• Collections
• Queries
• Web-based reporting
• Remote tools Unix, Linux and Mac

24
Vintela Management Extension
25
Vintela Systems Monitor

• Native Extension of Microsoft Operations Manager
  (MOM) 2005 to Unix, Linux and Mac OS X.
  
• Author and manage Unix, Linux, and Mac-specific
  Management Packs.
  
• Enterprise-class operations management.
• Uses existing MOM infrastructure for Unix, Linux,
  and Mac
  
• Consoles
• Reporting mechanisms
• Management Pack authoring and distribution
• Product Announcement IT Forum 05, GA Q1 2006

26
Vintela Systems Monitor Benefits

• Extend MOM to Unix, Linux, and Mac
• Achieve powerful full-enterprise monitoring
• Unix, Linux, and Mac-specific Management Packs
• Achieve optimal performance and maximum
  availability of all systems and services
  
• Reduce operational costs and complexity

27
Vintela Systems Monitor
Vintela Systems Monitor
28
Everithing is KERBEROS !
Windows
John Doo
Mac
UNIX / Linux
29
Summary

• Heterogeneity is here to stay.
• Standards offer an economical and do-able path to
  cross-platform integration.
  
• Microsoft does many things right standards.
• Native integration of these standards on
  non-Windows systems can allow Microsoft
  infrastructure and management tools to extend to
  Unix, Linux, Java and Mac.
• The result is
• Lower TCO
• Quicker ROI
• More control
• Tighter security
• Enhanced compliance
• Less complexity

30
Quest and Microsoft Relationship

• Vintela and Microsoft Partnership
• November 04 Microsoft invests in Vintela
• Microsoft CSS provides Vintela product support
• Microsoft CALs bundled with Vintela product
  sales
  
• Broad Business and Technical Relationship
• Windows Management (SMS and MOM)
• Active Directory/Group Policy
• Microsoft Identity Integration Server (MIIS)
• Services for Unix (SFU)
• Member of the Dynamic Systems Initiative (DSI)
• Active Directory Interoperability Program
• Prescriptive Guidance
• For validation references go to
• www.quest.com/

31
Customer Successes - Commercial