One Identity Privileged Access Suite for Unix solves the inherent security and administration issues of Unix-based systems (including Linux and Mac) while making satisfying compliance requirements a breeze. It unifies and consolidates identities, assigns individual accountability and enables centralized reporting for user and administrator access to Unix. The Privileged Access Suite for Unix is a one-stop shop for Unix security that combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire Unix environment.
Achieve unified access control, authentication, authorization and identity administration for Unix, Linux, and Mac systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows resources to become part of the AD trusted realm, and extends AD’s security, compliance and Kerberos-based authentication capabilities to Unix, Linux, and Mac. (See Authentication Services for more information about the Active Directory Bridge product.)
The Privileged Access Suite for Unix offers two different approaches to delegating the Unix root account. The suite either enhances or replaces sudo, depending on your needs.
(See One Identity Privilege Manager for Sudo for more information about enhancing sudo.)
(See Privilege Manager for Unix for more information about replacing sudo.)
Privileged Access Suite for Unix offers two editions - Standard edition and Advanced edition. Both editions include: One Identity Management Console for Unix, a common management console that provides a consolidated view and centralized point of management for local Unix users and groups; and Authentication Services, patented technology that enables organizations to extend the security and compliance of Active Directory to Unix, Linux, and Mac platforms and enterprise applications. In addition
Quest recommends that you follow these steps:
Depending on which Privileged Access Suite for Unix edition you have purchased, deploy either:
See Install Privilege Manager Agent or Plugin Software in the online Help for more information about the two Privilege Manager client software packages available to install onto remote hosts.
See Install Privilege Manager Agent or Plugin Software for more information about the two Privilege Manager client software packages available to install onto remote hosts.
Note: Refer to Getting Started Tab for a better understanding of the steps to take to be up and running quickly.
One Identity Management Console for Unix is a web-based console that delivers a consolidated view and centralized point of management for local Unix users and groups, including:
Key features and capabilities of the mangement console:
Management Console for Unix enables administrators to use the same tool to manage all Unix account information regardless of its location (within Active Directory or locally on Unix systems). With the mangement console, administrators can remotely manage local users and groups on Unix, Linux, and Mac systems. This functionality is shipped with Authentication Services, Privilege Manager for Unix, and Privilege Manager for Sudo.
Management Console for Unix provides the quickest path to compliance by enabling organizations to quickly, easily, and inexpensively implement Active Directory-based authentication for Unix, Linux, and Mac systems. The mangement console allows remote Unix systems to be profiled and assessed to check their readiness for integration with Active Directory. Once deployed, Management Console for Unix even enables Unix accounts to remain where they are and yet use Active Directory for centralized authentication.
Management Console for Unix provides advanced management and reporting capabilities when used with One Identity Privilege Manager. You can install and configure the Policy Server as well as the PM Agent and the Sudo Plugin software to remote hosts. You can also join hosts to a policy group if you have activated it in the Privilege Manager settings. This gives you the ability to centrally manage policy and create comprehensive "keystroke logs" that capture forensic-level auditing.
Management Console for Unix streamlines deployment of client agent software by empowering administrators to remotely install the software packages and join systems either to Active Directory or a Privilege Manager policy group. The mangement console allows non-Unix administrators to administer and deploy the solution without ever touching the Unix command line.
Active Directory users and groups can now be granted access to the mangement console and given limited use of console features by means of roles. This means you can configure separation of duties for specific tasks.
Additional Privilege Manager Roles:
Management Console for Unix enables administrators to quickly and easily provide auditors with granular reports on Unix identity information, including the highly desirable access and privilege reports. By consolidating the generation and viewing of reports within the mangement console, Management Console for Unix reduces the time and effort required to generate key reports that traditionally required multiple data collation and manual processes across multiple Unix systems.
Management Console for Unix eases deployments of Authentication Services by providing a birds-eye view of all local Unix accounts and Active Directory accounts with Unix account information. When viewing local Unix accounts, administrators can determine which accounts to configure for Active Directory authentication.
Management Console for Unix allows you to access the server by means of Web Services, including Unix command line utilities and Windows Powershell cmdlets that enable you to script common local Unix user and group management tasks. For example, you can write a script to reset a local Unix user's password across multiple Unix systems.
Management Console for Unix has continued to add powerful configuration, administration, management, and migration capabilities through a Web-based console. The following is a list of the new features for Quest One Management Console for Unix 2.5.
Support for advanced, centralized Privilege Manager for Unix policy management, remote agent plugin installation and configuration, keystroke logging and replay, and reporting.
Support for limiting Active Directory user access to host systems by managing which Active Directory users and groups can access the host systems.
If you are upgrading from Quest Identity Manager for Unix 1.0 to Management Console for Unix 2.x, be aware of the following:
The following summarizes the differences between the core version of Management Console for Unix and what is available when it is used in conjunction with Privilege Manager or Authentication Services.