“We are primarily a Windows shop,” said an IT analyst at a federal financial institution whose rules don’t permit product endorsements. But the bank does have a few UNIX applications running two applications that allow outside banks to connect to it. To control the complete environment, it relies on software from Vintela. Vintela lets users manage Linux and late last year Microsoft made an investment in the company. It might be Microsoft’s first investment in Linux, and it came in response to customers, explained Kiril Tatarinov.
 |
| Vintela users who sign on using Microsoft Active Directory can work on UNIX and Linux computers too. |
“Customers are asking us to enable Microsoft technologies to integrate with non-Windows systems. Vintela’s leadership in delivering solutions to bring all systems together accelerates the ROI customers can expect from Microsoft products. These agreements will formalize an already strong relationship for the benefit of enterprise customers worldwide,” Tatarinov said.
Vintela is the first independent software vendor with solutions that let firms manage UNIX, Linux, Mac and Java through Microsoft technologies such as Active Directory, Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM) 2005.
Controlling access to a heterogeneous systems environment is a common challenge; rare is the financial firm that runs just a single operating system.
The federal financial institution is a case in point. The bank was approaching 30 UNIX boxes and needed a way for staff to work on them without creating a user account and password for each machine. The bank’s IT analyst wanted his UNIX technicians to log in just once.
“If we have 12 users with one account for each of these two UNIX applications, we would end up with 24 separate and unique accounts,” he said. “That doesn’t include the possibility of other UNIX accounts and their Windows account in Active Directory. Password administration and end-user support was becoming difficult. With multiple passwords to remember, if a user forgets his or her password, we would have to help them get access. If they needed access after hours and forgot, we’d have to still support them. We saw the problem coming and wanted to resolve it before it got too bad.”
The most cost effective solution was to extend Microsoft Active Directory. The bank’s 12,000 staff members were already using Active Directory through Vintela Authentication Services (VAS), which provides Active Directory-based authentication. With Vintela, as a user logs on to Windows, the Kerberos ticket issued by Active Directory for secure access to Windows resources is re-purposed for the non-Windows systems. VAS offers true single sign-on for UNIX systems from the scalable and secure Active Directory infrastructure already in place at the bank.
“People who have mixed operating systems can still look to SMS and MOM and the overall umbrella solution to provide one simple way to make sure they are taking care of their updating needs,” said Bill Gates at IT Forum 2004 when he announced the partnership with Vintela. “We have a broad relationship with Vintela including allowing our sales and support infrastructure to work with those products and an investment by Microsoft in Vintela so those companies can work together.”
The bank chose Vintela after testing it on-site.
“With Vintela, we got a full, working version of the product in-house and tested it ourselves in our environment,” he said. “Getting VAS up-and-running was very straight-forward. It was so easy to set up – you install a client on the UNIX boxes and a small MMC snap-in on Windows, and go to work. We were already familiar with Active Directory and were big fans of its capabilities, so seeing Active Directory extended out to our 30 UNIX systems really made the decision simple. And the price was so much less than the alternative.”
Vintela helps companies comply with Sarbanes-Oxley requirements for authentication, said Dave Wilson, the company’s president, who said compliance demands are pushing companies to centralize their identity management.
Windows XP offers a single sign-on through Active Directory. A large bank may have multiple applications running on different UNIX systems.
“If each of these is holding a local UNIX identity, the synchronization problem is enormous.”
The bank found Vintela’s solution made life significantly easier.
“Suddenly with VAS, we could centralize reporting and account requirements in one place – Active Directory,” said the analyst. “We trust Active Directory, and VAS allows us to be more secure for our non-Windows systems by taking advantage of Active Directory’s capabilities across-the-board. Password maintenance is much easier, and the whole thing is more secure because now we only access one Domain Controller for all assets.”
The idea of using Microsoft’s Active Directory to manage UNIX pieces of a large infrastructure has come as a surprise to many technologists, said Wilson.
“We integrate into the Microsoft management infrastructure. Microsoft uses a standards-based technology,” Wilson said. “We allow people to actually integrate directly so you don’t have to maintain those multiple identification stores. That has been a very big deal for us, especially in financial services – because of the drive for security, it has been one of our strongest market places. Half of Wall Street uses our systems. The return on investment is obvious; it’s all about getting rid of redundant infrastructure but also about simplifying your IT process. Users see a clear saving in terms of money. If you can manage based on common standard you take out massive amounts of complexity.”
www.vintela.com