By Karin Cornils
(Originally published June 22, 2007)
And for those of you who have been holding out for some news on integrating other systems into the Windows World, here’s a few notes from the TechX World San Francisco, held in May.
Since almost all Windows IT organizations also support Mac, Linux, Unix, or other *nix (non-Windows) systems, there’s an increasing need for directory integration, cross-platform monitoring and management. And solutions for these needs are beginning to mature.
On the monitoring side you have options ranging from the high-end HP OpenView framework system to open source systems, of which Nagios is one of the more popular. In between those, some of the big players are Quest Big Brother, IPswitch Whatsup Gold and Netiq. One thing to keep in mind is that open source is already very good at component monitoring, but not yet good at the end-to-end transaction and state monitoring.
The world of monitoring is also starting to expand its scope — metrics are starting to be developed for SOA (Service-Oriented Architecture) and BSM (Business Service Management). SOA monitoring involves keeping track of loosely coupled, asynchronous applications communicating with each other. And BSM is starting to address an issue of growing importance these days – managing IT from a business perspective.
Moving over to the topic of Management solutions, I want to touch on directory integration solutions; since AD has taken such a dominant position, with an estimated 90% of IT organizations to have implemented AD by 2010, it makes some sense to develop solutions that play nicely with it. So many vendors have begun extending Group Policy to the management of *nix platforms.
Active Directory Group Policy (GP) is mostly used for security configuration, logon scripts, desktop lockdown, IE and Firefox configuration and software deployment. Its strength is that is very granular and scaleable. Its downside lies in how loosely coupled it is – you can’t say for sure when a machine has pulled down a policy, but future versions of Longhorn may bring task scheduling into GP. Since GP is essentially LDAP-enabled, it’s an architecture open to non-Windows platforms and easily extended to non-Windows configuration items. Some of the big players that have products which extend GP to Unix and Linux platforms are Centeris, Quest, and Centrify (which also supports Mac integration). None of these products require schema mods. It’s pretty impressive to see an install.sh from a Linux command prompt completing an installation and joining AD within 10 seconds, and then seeing that machine show up in the Active Directory Users & Computers console.
On the open source side, most of the integration approaches involve some form of Samba. With a combination of Samba3, Kerberos, OpenLDAP, and Winbind, for instance, you can join and provide single sign-on for Linux servers and workstations to a Windows AD domain. Open source solutions have not yet gotten to the level of extending AD group policy to non-Windows machines.