Active Directory Migration Tool - Active Directory Migration Software

Active Directory Migration Tool - Active Directory Migration Software - Active Directory Mapping

Cell Technology

PowerBroker Identity Services, Enterprise Edition solves this one-to-many ID mapping for a user by defining the notion of a Cell. A BeyondTrust Cell is a grouping of Linux/UNIX computers where an Active Directory user will be mapped to a specific UNIX profile. PowerBroker Identity Services, Enterprise Edition associates Cells with AD organizational units (OUs). Linux/UNIX computers that are joined to a particular OU that is associated with a Cell are said to be members of the Cell.

To associate a PowerBroker Identity Services, Enterprise Edition Cell with an Active Directory organizational unit, the AD administrator downloads and installs the PowerBroker Identity Services, Enterprise Edition Management Tools. These tools add a set of extensions to the Active Directory Users and Computers snap-in. When the administrator selects the target organizational unit object and clicks on Properties, a new property page, PBIS Settings, is now available. The administrator then clicks on the button that says "Enable OU for Cell Access". Once this is done, a PBIS Cell is created and associated with the target organizational unit.

Adding a Linux/UNIX Computer to the Cell

In order for a Linux/UNIX computer to participate in the AD-to-UNIX-profile specified by a Cell, the computer must be joined to the AD OU with which the cell is associated. This OU can be specified during the join process or can be specified, in Windows, by using the Active Directory Users and Computers snap-in to create or to move the computer account in/to the appropriate OU.

Allowing an AD User to Access a Linux/UNIX Computer in a Cell

Before an AD user can access a Linux/UNIX computer, the user must be enabled in the Cell to which the computer belongs. Again, the PowerBroker Identity Services, Enterprise Edition Settings property page in Active Directory Users and Computers is used to do this. When the administrator enables an AD user to access a cell, the administrator provides the required UNIX settings for the user (a User ID, a primary Group ID, etc.) These settings will only apply when the user accesses a computer in that specific cell. From this point, when the selected user logs into any Linux or UNIX computer that is contained within the target organizational unit, he or she is assigned the specific properties that were set for this user within the cell.

Other Uses for Enterprise Cells

Although Cells are useful for migrating NIS server maps to PowerBroker Identity Services, Enterprise Edition, there are other valuable uses for Cells, too. A Cell is, essentially, a custom mapping of an AD-user to a set of UNIX attributes. Cells are useful anytime that we want to vary a user’s UNIX attributes according to which machine he or she is connecting. For example, Cells can be used to provide users with different primary and second group memberships on different machines. This can be used as a basis for "role-based access control". A user can be configured to be part of the oracle admins group in one Cell but not in another.

Audits can prove to be a costly and time-consuming yet often necessary part of many IT departments' responsibilities. Whether it is an internal audit to streamline best practices or a required audit to demonstrate regulatory compliance, PowerBroker Identity Services, Enterprise Edition can help reduce the time and cost spent on audit and reporting. BeyondTrust also helps enforce controls to prevent the risks that might put you in jeopardy of failing an audit.

The compliance and reporting tools found in PowerBroker Identity Services, Enterprise Edition help reduce the number of audit-control points to report on. It provides out-of-the-box templates and tools for creating your own reports.

PowerBroker Identity Services, Enterprise Edition exclusively offers a chapter-by-chapter approach to prescriptive regulations such as SOX and PCI. For descriptive compliance regulations such as HIPAA, GLBA, and FISMA, a graphical dashboard provides customized reporting. BeyondTrust captures more than 70 different audit-related events, including logon, logoff, privileged access, sudo commands, group policy application, Kerberos refresh data, system and service restarts, domain-join details, and many others.

DOWNLOAD FREE TRIAL

Who We Are & What We Do

BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. BeyondTrust offers consistent policy-driven, role-based access control, monitoring, logging, and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, public, private, and hybrid cloud environments.

(800) 234-9072
(818) 575-4000

Products
Resources
- White Papers
- Product Demos
Support
Partners
Company
- About Us
- Management
- Careers
- Offices
- Contact Us
- News & Events
- Blog
- Portal Login
- Privacy

BeyondTrust

Perimeter
Within

The Problem »

The Solution »

Cloud
& Virtual

PowerBroker® Virtualization »

Server
& Infrastructure

PowerBroker® Servers for UNIX »

PowerBroker® Servers for Linux »

PowerBroker® Express »

PowerBroker® Databases
Monitor and Audit »

PowerBroker® Identity Services
Enterprise Edition »

PowerBroker® Password Safe »

Desktop
& Mobile

PowerBroker® Desktops
Windows Edition »

PowerBroker® Desktops
DLP Edition »

Free
Software

PowerBroker® Identity Services
Open Edition »

PowerBroker® Desktops
Free Tool »