Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?

As this is my sixth post on Identity Management I thought it would (first) be wise to explain (and link back to) my previous efforts.  My first post kicked off the series by outlining challenges associated with interoperability in the modern enterprise.  My second post explored  how the integration gap between Linux systems and Active Directory emerged, how it was formerly addressed, and what options are available now.  My third post outlined the set of criteria with which one is able to examine various integration options.  And my most recent entries, post four and five, reviewed options for direct and indirect integration, respectively.

Delving deeper into the world of indirect integration (i.e. utilizing a trust-based approach) – two of the biggest questions are often: “Where are my users?” and “Where does authentication actually happen?” As opposed to a solution that relies upon synchronization

Continue reading “Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?”

Top 3 Reasons to Run Container-Based Applications on Red Hat Enterprise Linux 7

As product manager for Red Hat Enterprise Linux 7, part of my job is to ensure that the latest version of our flagship product adheres to our promise of stability, reliability, and security.  In addition, as Red Hat Enterprise Linux 7 is Red Hat’s latest enterprise Linux platform, it also needs to incorporate new innovations in technology to help our customers gain business advantage, reduce costs, and increase efficiency without compromising their existing investments. With this in mind, the Red Hat Enterprise Linux team takes great care in evaluating new technology to ensure that it is introduced in a manner that is minimally intrusive (if at all) and is a natural fit for the platform. Support for Linux containers and the ability to host container-based applications are great examples of this and Red Hat Enterprise Linux 7 stands ready for the challenge.

Creating and operating application containers via process isolation is not a new concept. Red Hat Enterprise Linux 6 sowed the seeds for this way back in 2010 with the introduction of Control Groups (cgroups). Since that time there have been many exciting developments in this area with active participation from Red Hat. Building upon cgroups functionality, enhancements to the kernel combined with an easy-to-use container format (Docker) make now an opportune time to consider deploying container-based applications on Red Hat Enterprise Linux 7.

Here are the top three reasons to consider Red Hat Enterprise Linux 7 as the host for your container-based applications

Continue reading “Top 3 Reasons to Run Container-Based Applications on Red Hat Enterprise Linux 7”

Overview of Indirect Active Directory Integration Using Identity Management (IdM)

The main alternative to direct integration of Linux/UNIX systems into Active Directory (AD) environments is the indirect approach – where Linux systems are first connected to a central server and this server is then somehow connected to AD. This approach is not new. Over the years many environments have deployed LDAP servers to manage their Linux/UNIX systems (using this LDAP server) while users were stored in AD. To reconcile this issue and to enable users from AD to access Linux systems – users and their passwords were routinely synchronized from AD. While this approach is viable – it’s also quite limited and prone to error. In addition, there is little value in having a separate LDAP server. The only reason for such a setup is to have a separation of duties between Linux and Windows administrators. The net result is that the overhead is quite high while the value of such an approach is quite low.

When IdM (Identity Management in Red Hat Enterprise Linux based on FreeIPA technology) emerged, many environments were either considering direct integration or were “in-process” with respect to adoption. How, exactly, does IdM work? IdM provides

Continue reading “Overview of Indirect Active Directory Integration Using Identity Management (IdM)”

Transform Application Delivery with Containers | A Red Hat Virtual Event

Linux containers are disrupting traditional application development and deployment models, enabling businesses to explore new, better ways to deliver products and services. How are organizations like yours using containers?

top_benefitsJoin Transform Application Delivery with Containers | A Red Hat virtual event on March 12, and learn how containers can add value for your organization.

In this event, you’ll gain insights into

Continue reading “Transform Application Delivery with Containers | A Red Hat Virtual Event”

Overview of Direct Integration Options

As mentioned in my previous post there are multiple ways to connect a Linux system to Active Directory (AD) directly. With this in mind, let us review the following list of options…

  • The legacy integration option: this is a solution where (likely older) native Linux tools are used to connect to an LDAP server of your choice (e.g. AD).
  • The traditional integration option: this is a solution based on Samba winbind.
  • The third-party integration option: this is a solution based on (proprietary) commercial software.
  • The contemporary integration option: this is a solution based on SSSD.

Legacy Integration Option

In the case of the legacy integration option (see figure above), a Linux system is connected to AD using LDAP for identity lookup and LDAP or Kerberos for authentication. It pretty much solves the problem of basic user authentication. That said, such a solution has the following significant limitations:

Continue reading “Overview of Direct Integration Options”