Post on 01-Jul-2020
transcript
TECH BRIEF
PowerBroker Identity Services:
Open vs. Enterprise Editions
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
2
Table of Contents
Active Directory Bridging .............................................................................................................3
PowerBroker Identity Services ....................................................................................................3
Two Versions – Open and Enterprise Compared ......................................................................3
Next Steps ...................................................................................................................................7
The PowerBroker Privileged Access Management Platform ........................................................8
About BeyondTrust .....................................................................................................................9
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
3
Active Directory Bridging
Unix, Linux and Mac have traditionally been managed as standalone systems – each a silo with
its own set of users, groups, access control policies, configuration files and passwords to
remember. Managing an environment that includes these silos – plus the Microsoft
environment – can lead to inconsistent administration for IT, unnecessary complexity for end
users and risk to the business. To overcome these challenges, and to achieve consistent policy
configuration compliance, a simpler experience for users and administrators, and less risk from
an improperly managed system, organizations typically deploy an Active Directory bridge.
PowerBroker Identity Services
BeyondTrust PowerBroker Identity Services is an Active Directory bridge solution that
centralizes authentication for Unix, Linux and Mac environments by extending Microsoft AD's
Kerberos authentication and single sign-on capabilities to these platforms. By extending Group
Policy to these non-Windows platforms PowerBroker provides centralized configuration
management, reducing the risk and complexity of managing a heterogeneous environment.
TWO VERSIONS – OPEN AND ENTERPRISE COMPARED
PowerBroker Identity Services is delivered in two options – a free community open version, and
a paid enterprise version. For a comparison of the two options, please see the table below.
PowerBroker Identity Services Features Open Enterprise
Active Directory Authentication
Allows users to use their Active Directory credentials (username
& password) to gain access using native Kerberos/LDAP
protocols to non-Windows systems such as Unix, Linux and Mac.
PowerBroker Identity Services is fully site-aware, performing
authentication with the same reliability as any Windows system.
✓ ✓
Multiple Domain and Forest Support
Users can authenticate and systems can be joined to multiple
domains in the same or different forests. PowerBroker Identity
Services supports all Windows trust types between Windows
✓ ✓
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
4
PowerBroker Identity Services Features Open Enterprise
2000 and higher domains - forests, external, 1-way, 2-way, SID
filtered, transitive, non-transitive, and more.
Single Sign-on
Enables SSO from desktop to remote machines or between
systems without the need to constantly re-enter credentials. By
leveraging Kerberos, Active Directory's authentication protocol,
single sign-on is easy regardless of platform.
✓ ✓
Distributed File System (DFS) Support
Provides location-aware connectivity to Microsoft DFS
namespace.
✓ ✓
Samba Integration
Enables easy connection to SAMBA shares without having to re-
enter credentials.
✓ ✓
Command Line Interface
Provides full system management from the command line. ✓ ✓
Centralized Account Management
By consolidating accounts into Active Directory, PowerBroker
Identity Services delivers a centralized username and password.
✓ ✓
Cached Credentials
Like a traditional Windows desktop if a user on Unix, Linux, or
Mac cannot communicate with Active Directory, PowerBroker
Identity Services keeps a cached copy of the user’s credentials to
allow for offline access.
✓ ✓
Customized UID & GID Mapping ✓
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
5
PowerBroker Identity Services Features Open Enterprise
All UID's and GID's for users and groups can be customized
based on existing systems, policy or other needs.
Simple Group-based Access Control
Allows native AD groups with computer accounts, user accounts
or groups containing accounts to directly control who can logon
to which servers.
✓
Group Policy for Unix & Linux
Extends the capabilities of the native group policy management
tools to include specific group policy settings for Unix and Linux
to attain a consistent configuration across the enterprise.
✓
Group Policy for Mac
Optional integration of Microsoft GPO with Apple Workgroup
Manager provides the most extensive options for managing
settings on Macs.
✓
Snap-ins for ADUC and GPMC
All day-to-day management of users, groups, and policy
configuration can be performed using native Microsoft
management tools like Active Directory Users and Computers
and Group Policy Management Console.
✓
RFC 2307 Compliant
Stores Unix information in Active Directory's RFC 2307 attributes
for users and groups.
✓
Flexible User Identification Model
The "cells" model allows for flexible options to have different
usernames, UIDs, GIDs and default shells for particular systems
based on application or technical requirements.
✓
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
6
PowerBroker Identity Services Features Open Enterprise
Cell Auditing
Integration with a free module of PowerBroker Auditor enables
the auditing of default cells and changes to named cells. When
any of the user personalities stored in the default cell or named
cells are modified, admins will have an audited event for those
changes.
✓
SNMP
Configure a wide array of success and failure SNMP traps via the
command line and/or group policy.
✓
Two Factor Authentication
Extensive support for one-time passwords (OTP) systems
providing a level of assurance when users access critical systems.
✓
Operational Dashboard
Easy access to system status and metrics from a management
console.
✓
Centralized Reporting
Out of the box reports that help with compliance and audit
requirements are all accessible through a single interface.
✓
Centralized Event Management
All audited activity is securely aggregated to a central event
database.
✓
Direct Smartcard Authentication
Requires and drives the authentication to systems with any
working smartcard system that is attached.
✓
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
7
PowerBroker Identity Services Features Open Enterprise
Remote Smartcard Reader Authentication
Tunnels a remotely connected smartcard reader (i.e. on a
Windows workstation) to the remote Unix/Linux endpoint as if
the reader was directly connected to the target host.
✓
BeyondInsight Integration
Offers a variety of auditing options, allowing for local logging,
syslog, the PBIS Management Console (SQL) or BeyondTrust’s
centralized reporting console, BeyondInsight.
✓
Web-based PowerBroker Management Console
Discover, deploy, upgrade, join and manage from a single,
intuitive management console.
✓
24/7 Support
Gain access to the BeyondTrust customer portal, BeyondTrust
University courses, professional services resources and more.
✓
Next Steps
For a demo or free trial of PowerBroker Identity Services Enterprise Edition, visit
https://www.beyondtrust.com/demo-request/#Active-Directory-(AD)-Bridging.
To obtain access to PowerBroker Identity Services Open Edition, visit
https://www.beyondtrust.com/powerbroker-identity-services-open-request/.
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
8
The PowerBroker Privileged Access Management Platform
PowerBroker Identity Services Enterprise Edition is part of the PowerBroker Privileged Access
Management Platform, an integrated solution to provide control and visibility over all privileged
accounts and users. By uniting capabilities that many alternative providers offer as disjointed
tools, the PowerBroker platform simplifies deployments, reduces costs, improves system
security and closes gaps to reduce privileged risks.
PowerBroker Identity Services:
Open vs. Enterprise Editions
© 2018. BeyondTrust Software, Inc.
9
About BeyondTrust
BeyondTrust® is a global security company that believes preventing data breaches requires
the right visibility to enable control over internal and external risks.
We give you the visibility to confidently reduce risks and the control to take proactive,
informed action against data breach threats. And because threats can come from
anywhere, we built a platform that unifies the most effective technologies for addressing
both internal and external risk: privileged access management and vulnerability
management. Our solutions grow with your needs, making sure you maintain control no
matter where your organization goes.
BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including
over half of the Fortune 100. To learn more about BeyondTrust, please visit
www.beyondtrust.com.