Picking your Deployment Architecture

In the previous post I talked about Smart Card Support in Red Hat Enterprise Linux. In this article I will drill down into how to select the right deployment architecture depending on your constraints, requirements and availability of the smart card related functionality in different versions of Red Hat Enterprise Linux.

To select the right architecture for a deployment where users would authenticate using smart cards when logging into Linux systems you need to 

Continue reading “Picking your Deployment Architecture”

Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans”

Some time ago, two different projects were started in the open source community, namely: Ipsilon and Keycloak. These projects were started by groups with different backgrounds and different perspectives. In the beginning, it seemed like these two projects would have very little in common… though both aimed to include

Continue reading “Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans””

Identity Management and Application Integration

Identity management solutions integrate systems, services, and applications into a single ecosystem that provides authentication, access control, enterprise SSO, identity information and the policies related to those identities. While I have dedicated time to explaining how to provide these capabilities to Linux systems – it is now time to broaden the scope and talk a little bit about services and applications.

In some ways, services and applications are very similar. They are both usually

Continue reading “Identity Management and Application Integration”

RSA Security Conference 2015 in Review: Three Observations

As many specialists in the security world know – the RSA Security Conference is one of the biggest security conferences in North America. This year it was once again held in San Francisco at the Moscone Center. Every year the conference gets bigger and bigger, bringing in more and more people and companies from all over the world.

If you attended – you may have noticed that Red Hat had a booth this year. Located in the corner of the main expo floor (not far from some of the “big guys” like: IBM, Microsoft, EMC, CA Technologies, and Oracle) we were in a great location – receiving no shortage of traffic.  In fact, despite staffing the booth with six Red Hatters we didn’t have any “down time” –  everyone seemed to be interested in what Red Hat has to offer in security.

Over the course of the conference I made a few interesting observations…

Continue reading “RSA Security Conference 2015 in Review: Three Observations”

Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?

As this is my sixth post on Identity Management I thought it would (first) be wise to explain (and link back to) my previous efforts.  My first post kicked off the series by outlining challenges associated with interoperability in the modern enterprise.  My second post explored  how the integration gap between Linux systems and Active Directory emerged, how it was formerly addressed, and what options are available now.  My third post outlined the set of criteria with which one is able to examine various integration options.  And my most recent entries, post four and five, reviewed options for direct and indirect integration, respectively.

Delving deeper into the world of indirect integration (i.e. utilizing a trust-based approach) – two of the biggest questions are often: “Where are my users?” and “Where does authentication actually happen?” As opposed to a solution that relies upon synchronization

Continue reading “Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?”

Aspects of Integration

In my previous post I reviewed the trends related to the integration of Linux systems into environments managed by Active Directory (AD). In this post I will review two integration options, namely: direct integration and indirect integration.

The direct option is, not surprisingly, when your systems are integrated into AD directly (i.e. your Linux systems communicate directly with AD), while the indirect option leverages an intermediary server (see figure below).

Continue reading “Aspects of Integration”