Challenge: Support Researcher’s User Access to Data Across Multiple Platforms
The University of California San Diego (UCSD) Physics Department has a long-standing reputation for award winning research activity in broad areas such as Astrophysics and Astronomy, Biophysics and Nonlinear Dynamics. Their faculty members have received many prestigious prizes including the National Medal of Science, Fermi Prize, E. O. Lawrence Prize, Compton Prize, Maxwell Prize, Heinemann Prize, Buckley Prize, Warner Prize, APS Biophysics Prize, and London Prize.
As with any research institution, collaboration between researchers is essential to the success of the department. The UCSD Physics IT team needed a way to support researchers’ user access to data and applications across multiple platforms like Windows, Unix and Linux. Department researchers were authenticating to individual workstations, which complicated their access to networked data resources. Lead System Administrator, Bryan Hill, wanted a solution that would help them streamline user management by leveraging the University’s Microsoft Active Directory (AD) instance to authenticate users.
Before we implemented PowerBroker, each researcher’s workstation was its own little island. Researchers had a separate username and password for each machine, which made for a really bad user experience, not to mention an administrative nightmare. At the time, we had no centralized authentication system in place – everything was standalone. The more our department grew, the more complicated it became to manage and support our users. PowerBroker solved this. –Bryan Hill, Lead System Administrator, UCSD Physics Department Computing
The IT team wanted to leverage the university’s Active Directory infrastructure. They explored open source solutions, which did not have the essential functionality they were looking for.
The IT team needed a solution that they could rely on to authenticate users the first time they logged into a workstation without fail. The solution had to allow IT to create and manage group policies and group access without impacting all users. And with all of the research groups joining the department with several terabytes of stored data brought with them from prior institutions, the solution needed to allow for mapping of custom user IDs from Unix and Linux. The team needed to easily match the previous user IDs that were associated with the auth system that was used at the former institutions. This eliminated the need to start from scratch with new UIDs and changing ownership of several million files, saving time in the process.
UCSD chose BeyondTrust PowerBroker Identity Services for its rich functionality, scalability and proven performance. In 2011, Bryan set up a pilot project for 12 months with one research group and has since expanded to full production with eight research groups at the university. It has been their de facto standard when a research group needs centralized authentication.
The biggest benefit I’ve seen with PowerBroker is time savings. I can manage multiple groups from one interface versus having to check multiple authentication systems and managing custom, one-off requirements. Having everything in one spot and managing multiple user groups has made things a lot easier. –Bryan Hill, Lead System Administrator, UCSD Physics Department Computing
THE POWERBROKER DIFFERENCE
- Empowers administrators: Provides a single familiar tool set to manage both Windows and Unix systems. Users perform account maintenance and password updates through a single directory administration tool (Active Directory Users and Computers).
- Reduces costs: Leverages existing Active Directory deployments to centrally manage heterogeneous workstations and users.
- Simplifies configurations: Enables one-to-many management of Unix, Linux, and Mac OS X configuration settings.
- Streamlines user management: Enables users to use their Active Directory credentials (Username and Password) to gain access to Unix, Linux and Mac systems, consolidating various password files, NIS and LDAP repositories into Active Directory and removing the need to manage user accounts separately on Mac workstations and server platform.
- Extends Active Directory: PowerBroker Identity Services is the only solution that does not have to modify your Active Directory schema to add Linux, Unix, and Mac OS X systems to your network.