Sunday, November 16, 2008

Is Centrify DirectAuthorize one of a kind?

I'm sure many of you read Dave Kearn's NetworkWorld Identity Management Newsletter. I certainly do and noticed something buried near the end of his most recent edition regarding Centrify's DirectAuthorize product:
"The new product centrally manages and enforces role-based entitlements for fine grained control of user access and privileges on Unix and Linux systems. If your organization has a mix of operating systems you need a product like this. And the “jungle drums” (Tom – Tom, get it? OK, you can groan now) assure me that this is the only product “like this”."

The "only product like this" comment jumped out at me because I'm wondering what Centrify actually means. If they are implying that it is the only product on the market that does fine-grained access management for Unix and Linux systems and is hooked into some sort of centralised Identity Management infrastructure, they need to do a bit more research because I can point to at least 2 products that can do the same thing:

If on the other hand, they simply mean that they have a nicer interface that is easier to use and tighter coupling with Active Directory then they have a very good point.

A blog post where I mention IBM and don't take some sort of "pot shot" at them would be incomplete. So I'll say this: If IBM ever decides to design user interfaces where the user doesn't scream "owwww my eyes" when they look at it, they might actually sell more software.

Update: Dave's left a comment in response to this post that clarifies things slightly. I'm still not 100% sure what "like this" means. However, I'm sure someone from Centrify could explain it in detail and sing about the benefits around how DirectAuthorize does whatever "like this" means.


Anonymous said...

I had the same reaction, Ian. Thanks for pointing it out in your blog!

Dave Kearns said...

If you had asked, I would have told you - it simply means that they believe theirs is the only such product (among the ones on the market including, also, those from Symark and Quest) that works in this particular way. In other words, other products may do the same thing but not in "this way".

Anonymous said...

I believe the context is the only product that leverages AD and AD's Authorization Manager for storing roles/rights for *nix privilege management.

Ian said...

Thanks for the clarification Dave, although I'm still not quite sure what they mean by "this way" :)

Anonymous said...

What they mean is they are the only ones who provide the ability to set and control granular permissions utilizing Microsoft's Authorization Manager API and the ability to centrally manage this utilizing Active Directory. Other products us local configuration files, use their own proprietary technology or make you modify the kernel. Their product does not touch the kernel.