Q&A with David McNeely of Centrify - Page 2
VSM: What are the most significant threats to organizations’ information stored in virtual and cloud data centers?
DM: The rapid adoption of virtualization technologies, combined with the ability for business-critical guest systems to proliferate and seamlessly move across a data center, can lead to gaps in both management and security practices. In these dynamic environments, it is extremely difficult to secure data and control who has access to the underlying hypervisor platform, and strictly define what someone accessing the data can do based on their job role. Guest operating systems and potential access from VM communications pose significant threats.
VSM: What role does AD have with servers virtualized in a cloud environment?
DM: While most enterprises don’t think of using something like Active Directory outside the firewall, there are a few capabilities we’ve found that enable secured use outside the firewall – such as support for one-way trusts, as well as server and domain isolation. We can setup an external Active Directory environment to manage the cloud servers and establish a one-way trust with an existing Active Directory environment inside the company where all the user accounts exist. With this trust in place, the external Active Directory can be configured to grant users from the internal Active Directory the rights required to access the cloud servers. Additionally, you can use server and domain isolation policies to setup secured peer-to-peer communication between all servers that are joined to Active Directory for servers both on-premise and in the cloud.
VSM: What are some of the benefits an organization should expect to experience with your software & why are these benefits so important?
DM: The Centrify Suite gives IT managers a single point of administration for all of their heterogeneous systems and applications operating in virtual and physical environments. By enabling administrators to secure hypervisor platforms and guest operating systems using the same Active Directory-based tools and skill sets that are already in place, Centrify empowers organizations to leverage virtualization with a cost-effective solution that helps them simplify their environment while strengthening security and improving compliance. Requiring individuals to log in as themselves and assigning roles and rights to individual users or groups of users are typical examples of this.
VSM: How are you able to add security and audit functionality to UNIX and Linux virtual servers?
DM: The simplicity of the Centrify Suite integrated architecture means that all the control, privilege management and auditing capabilities of the solution can be leveraged once a server dynamically joins an Active Directory domain as a managed computer object within the directory. Centrify supports, for example, the ESX Server using a daemon service that directs all authentication requests and directory lookups to Active Directory. UNIX and Linux virtual servers are joined to the Active Directory domain with the same native client that supports physical servers. Once this is accomplished computers can be logically grouped using Centrify’s unique Zone capabilities. Zones allow organizations to group hosts by function, department or geography, enabling segregation of duties and delegated administration. For example, an administrator can have permissions to manage the access control to the hypervisor and any guest VMs within the HR Zone, but not the in the Finance Zone.