Using Centrify's DirectControl with Mac OS X - Cerberis
Using Centrify's DirectControl with Mac OS X - Cerberis
Using Centrify's DirectControl with Mac OS X - Cerberis
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CENTRIFY WHITE PAPERUSING CENTRIFY’S DIRECTCONTROL WITH MAC <strong>OS</strong> X1.3 Centrify and the Enterprise Desktop AllianceAs Centrify worked <strong>with</strong> large organizations todefine requirements for <strong>Mac</strong> integration <strong>with</strong>ina Windows-centric IT environment, customersfrequently also asked questions regardingadditional services that would further easedeployment and management of <strong>Mac</strong>s. As a result, Centrify decided to spearhead thecreation of the Enterprise Desktop Alliance (EDA), a consortium of <strong>Mac</strong>intosh vendorsthat are delivering enterprise-class software solutions for <strong>Mac</strong> integration andinteroperability <strong>with</strong> Windows environments. Along <strong>with</strong> Centrify’s identity and accessmanagement solution for the <strong>Mac</strong>, the EDA partners also offer solutions for systemslifecycle management, enterprise data protection, file and print services, andvirtualization. The EDA’s web site provides a wide range of white papers to helpcustomers research solutions, and the organization is sponsoring a series of onlinewebinars demonstrating how their solutions can be used in tandem to lower barriers toacceptance of <strong>Mac</strong>s <strong>with</strong>in the enterprise..The following sections describe the services provided by <strong>DirectControl</strong>, explain how<strong>DirectControl</strong> differs from Apple’s management tools, and details the unique features andbenefits of using <strong>DirectControl</strong> to manage populations of <strong>Mac</strong>intosh computers, bothlarge and small.2 Active Directory Authentication and Access Control for <strong>Mac</strong> <strong>OS</strong> XWhile every <strong>Mac</strong> <strong>OS</strong> X system that Apple ships comes <strong>with</strong> a built-in repository for userand group information stored in a local NetInfo database, any time there is more than one<strong>Mac</strong> <strong>OS</strong> X system in a network where the users will need to either access sharedresources or log in to other systems, it is best to configure a directory service to centrallymanage these accounts, making them available to all the systems in the network. Appleprovides many different options for configuring a network-based directory service, fromplug-ins that allow usage of existing LDAP directories to their own Open Directoryserver. Apple also delivers an Active Directory plug-in that provides the basic functionsof establishing a trusted relationship between the computer and Active Directory, whichenables Active Directory user accounts to be used for login to the <strong>Mac</strong> <strong>OS</strong> X system.However, this plug-in requires local configuration to define how the user’s UID and GIDwill be defined based on their Active Directory account; in most cases it is configured toautomatically generate UIDs and GIDs for Active Directory users logging into thesystem. While this may be acceptable for smaller deployments where the configurationcan be manually set for each system, it does not scale well for deployment in largerenvironments <strong>with</strong> larger numbers of <strong>Mac</strong> <strong>OS</strong> X systems.© 2006-2008 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. 3
Change language