Saturday, April 12, 2008
Why Microsoft should be at the center of the identity universe...
Have software vendors considered the possibilities of delighting their customers by supporting Active Directory more deeply...
Many enterprises have hundreds, if not thousands of Solaris and/or Linux servers yet administrators are still forced to provision users to each and every box. IT departments need these systems to "plug and play" so they don't have to spend their budget acting as a systems integrator or having to manually (and expensively) administer an ever-growing number of systems individually. Wouldn't it be great if the folks from Sun and Redhat put into their respective operating systems a way that they could participate in an Active Directory domain.
The benefits are huge if Solaris and Linux became Active Directory clients. Organizations can then secure those systems using the same authentication, access control and Group Policy services currently deployed for their Windows systems. Linux and Unix are the biggest perpetrators of propagating redundant identity stores.
Likewise, think about the productivity gains if Linux and Solaris could also coordinate with Active Directory Group Policy Objects so that access control is more standardized. Sun of course is championing their own LDAP which at some level makes sense but at another level is encouraging duplication where the focus should be on integrating and leveraging what you already have.
The odds are pretty good that there are more orphaned accounts in Solaris and Unix in most shops than there are in Active Directory. The ability to immediately and globally turn off accounts of departing employees is significant. Furthermore, the ability to identify dormant accounts centrally using AD is huge.
The real question that needs an answer is how can Microsoft help Oracle, EMC, Sun and others understand how to do the right thing. The conversation needs to move away from IDM Provisioning and towards directory consolidation...
| | View blog reactionsMany enterprises have hundreds, if not thousands of Solaris and/or Linux servers yet administrators are still forced to provision users to each and every box. IT departments need these systems to "plug and play" so they don't have to spend their budget acting as a systems integrator or having to manually (and expensively) administer an ever-growing number of systems individually. Wouldn't it be great if the folks from Sun and Redhat put into their respective operating systems a way that they could participate in an Active Directory domain.
The benefits are huge if Solaris and Linux became Active Directory clients. Organizations can then secure those systems using the same authentication, access control and Group Policy services currently deployed for their Windows systems. Linux and Unix are the biggest perpetrators of propagating redundant identity stores.
Likewise, think about the productivity gains if Linux and Solaris could also coordinate with Active Directory Group Policy Objects so that access control is more standardized. Sun of course is championing their own LDAP which at some level makes sense but at another level is encouraging duplication where the focus should be on integrating and leveraging what you already have.
The odds are pretty good that there are more orphaned accounts in Solaris and Unix in most shops than there are in Active Directory. The ability to immediately and globally turn off accounts of departing employees is significant. Furthermore, the ability to identify dormant accounts centrally using AD is huge.
The real question that needs an answer is how can Microsoft help Oracle, EMC, Sun and others understand how to do the right thing. The conversation needs to move away from IDM Provisioning and towards directory consolidation...
