Datasheet 
Download 
Resources 
Quotation
Buy online 
Support 
Print Page 
Email Page 
t:: +44-(0)1684-576343
f:: +44-(0)700-6020779 enquiries@purplerage.com
Experience seamless integration of Linux and UNIX with Active Directory
PowerBroker Identity Services Enterprise (formerly Likewise Enterprise) is an enterprise software solution that allows seamless integration of Linux, UNIX and Mac systems with Microsoft Active Directory. Organisations of all sizes running mixed networks and mixed identity management systems (such as non-networked authentication and Network Information System) can use PowerBroker Identity Services Enterprise to allow UNIX, Linux and other systems/applications to use Microsoft Active Directory for their authentication needs.
You can quickly realise the value of PowerBroker Identity Services Enterprise because it is the only solution that allows you to download and deploy to Active Directory with or without schema extensions in less than 5 minutes. PowerBroker Identity Services Enterprise will improve the efficiency of your IT staff, strengthen network security and help you comply with regulatory requirements and Sarbanes Oxley.
PowerBroker Identity Services has rich and mature features that provide you with the most complete control and integration possible. With these features you are able to overcome many of the barriers to integration Linux into Active Directory.
PowerBroker Identity Services makes it possible for Mac, UNIX, and Linux system administrators to manage Active Directory from a Mac or Linux machine. The PowerBroker Identity Services Administrative Console is a plugable framework that provides MMC-like functionality and runs on Mac OS X and any Linux platform. From this console and through console based command you are able to
Domain Join Command-Line Utility
PowerBroker Identity Services includes libraries that configure Linux, Unix, and Mac computers for seamless, error-free domain joins by automatically creating or modifying PAM, nsswitch, /etc/hosts, and Kerberos configuration files.
Command-Line Tools
PowerBroker Identity Services comes with a set of command-line tools, which are located in the /opt/likewise/bin directory on Linux, Unix, and Mac OS X platforms. The tools include utilities for finding users and groups in Active Directory, managing Kerberos tickets, troubleshooting connections to domain controllers, obtaining status and metrics, and diagnosing problems.
Custom Access and Compliance Reports
PowerBroker Identity Services empowers you to create custom reports about Linux and Unix users, groups, computers, forests, and domains within Active Directory. There are a variety of access reports to illustrate the state of your access control rules. You can also choose from an assortment of compliance reports to help demonstrate regulatory compliance.
Group Policies for Logon, Authentication, and Authorization
PowerBroker Identity Services lets you define group policies for computers running Linux, Unix, and Mac OS X. PowerBroker Identity Services includes more than 100 policies that are custom made for non-Windows computers. All the policies are integrated with the Microsoft Group Policy Object Editor.
Group Policies for Mac
PowerBroker Identity Services comes with more than 20 Mac-specific group policies. For instance, a Mac group policy can log firewall activity on target computers running Mac OS X.
Security Group Policies for Linux, Unix, and Mac
PowerBroker Identity Services offers a number of group policies to manage security, such as a group policy to specify a sudo configuration file for target computers running Linux, Unix, and Mac OS X. The sudo configuration file is copied to the local machine and replaces the local sudo's file. The sudo file can reference local users and groups or Active Directory users and groups.
Policies Targeted by Operating Systems
PowerBroker Identity Services can set the target platforms for a group policy, applying the settings to only the platforms that you choose. The target platforms can be set by operating system, distribution, and version. For example, target a group policy only at computers running SUSE Linux Enterprise Server. Or, you can target the policy at a mixture of operating systems and distributions.
Group Policies for Managing Interoperability Settings
PowerBroker Identity Services provides a range of group policies to manage the settings of Linux and Unix machines, including policies for specifying how Linux computers inter-operate with Active Directory. PowerBroker Identity Services integrates the policies with the Microsoft Group Policy Management Console so you can view reports and details about your policies.
Features
Platform support: PowerBroker Identity Services Enterprise works with more than 180 Linux, Unix, and Mac platforms.
Centralized management : PowerBroker Identity Services makes it possible to centrally manage the computers and applications in a mixed network of Unix, Linux, Mac, and Windows machines from Active Directory, bringing you an array of features and benefits unavailable with NIS, a custom LDAP solution, or an ad hoc Kerberos key distribution center.
One user, one ID: PowerBroker Identity Services lets you assign a unique ID to each person with computer access - a best practice and a requirement of such regulatory standards as the Payment Card Industry Data Security Standard. Active Directory makes ID assignment simple: one ID, one user. PowerBroker Identity Services extends that functionality to Linux, Unix, and Mac OS X users.
Kerberos authentication: PowerBroker Identity Services authenticates Unix and Linux user names and passwords with the Kerberos 5 protocol, a strong cryptographic mechanism that lets users and computers communicating over an insecure network prove their identity to one another in a secure way. By using Kerberos, PowerBroker Identity Services eliminates plain text passwords.
PowerBroker Identity Services Operations: Dashboard Screenshots The PowerBroker Identity Services Operations Dashboard runs on a Windows workstation to give you a graphical view of the security events that take place on the Unix, Linux, and Mac computers in your network.
Cell technology for identity and access management: PowerBroker Identity Services cells map a user to different UIDs and GIDs for different computers. Cells can provide users with a different primary and second group memberships on different machines. Linux and Unix computers that are in the OU (or an OU nested in it) use the cell to map AD users to UIDs and GIDs. PowerBroker Identity Services Enterprise modifies the Active Directory User and Computers MMC snap-in so that you can create an associated cell for an OU and then use the cell to manage UID-GID numbers.
Access control: Judicious use of PowerBroker Identity Services cells can provide a convenient way of controlling access to different classes of Unix, Linux and Mac OS X computers. PowerBroker Identity Services Enterprise includes additional methods for controlling access: setting an allow logon rights group policy, specifying logon hours, using logon lists, and disallowing logons by individual users.
Cached credentials: PowerBroker Identity Services Enterprise tolerates communication failures. The PowerBroker Identity Services agent caches user account information so that it can authenticate users even if the computer loses connectivity with AD domain controllers.
Single sign-on: When you log on a Linux, Unix, or Mac OS X computer by using your Active Directory domain credentials, PowerBroker Identity Services initializes and maintains a Kerberos ticket granting ticket (TGT). With a TGT, you can log on other computers joined to Active Directory or applications provisioned with a Service Principal Name and be automatically authenticated with Kerberos and authorized for access through Active Directory.
Group policies: PowerBroker Identity Services Enterprise includes more than 80 group policies that are custom made for Unix, Linux, and Mac workstations and servers. All the policies are fully integrated with the Microsoft Group Policy Object Editor and the Group Policy Management Console.
Gnome group policies for user and computer settings: PowerBroker Identity Services Enterprise includes several thousand group policies for Linux user and computer settings -- policies that are based on the Gnome GConf project to define desktop and application preferences such as the default web browser. These Gnome configuration settings can be applied to Linux computers running the Gnome desktop.
Targeted group policies: PowerBroker Identity Services Enterprise is the only solution that lets you target group policies at only the platforms that you want.
Mac-specific group policies: PowerBroker Identity Services Enterprise includes 20 group policies made specifically for Mac OS X workstations and servers, including energy saver policies for green offices.
Group policies for Mac Managed Client Settings: You can set Managed Client Settings for Mac computers with Workgroup Manager, a free server administration tool from Apple for remotely managing user, group, and computer settings on Mac OS X machines. PowerBroker Identity Services Enterprise integrates Workgroup Manager with Active Directory by saving Managed Client Settings (MCX) as standard Microsoft Active Directory group policy objects.
Flexible deployment model: PowerBroker Identity Services Enterprise is the only solution with a flexible deployment model that makes extending the Active Directory schema to RFC 2307 optional. Either way, you get full product functionality.
NIS migration: You can use the PowerBroker Identity Services migration tool to import Linux, Unix, and Mac OS X password and group files -- typically /etc/passwd and /etc/group -- and automatically map their UIDs and GIDs to users and groups defined in Active Directory. Or, you can choose to generate a Windows automation script to associate the Unix and Linux UIDs and GIDs with Active Directory users and groups.
Auditing and reporting to improve regulatory compliance: PowerBroker Identity Services empowers you to create custom reports about Linux and Unix users, groups, computers, forests, and domains within Active Directory.
Unix Support: PowerBroker Identity Services supports a variety of popular Unix platforms, including multiple versions of AIX, Solaris, and HP-UX.
Dual-factor authentication (DFA): PowerBroker Identity Services Enterprise extends smart card support to Linux so you can implement the benefits of dual-factor authentication across your entire network.
How does PowerBroker Identity Services work?
In a Windows environment, user accounts are created in Active Directory to be able to participate in AD authentication. For a user to access resources on a machine that also participates in Active Directory, the machine also must have an account in Active Directory. The process by which an account for the machine is created in Active Directory is called “joining” the machine to Active Directory. Joining a machine to Active Directory was restricted to Windows workstations and server machines only.With PowerBroker Identity Services Enterprise, you can join Linux, UNIX and Mac machines to Active Directory. Once the Linux/UNIX machines have been joined to AD, a user who has been provisioned for UNIX and Linux access can now interactively login to the Linux/Unix machine with his or her Active Directory credentials. The user can also access any kerberized services that the Linux/UNIX machine hosts.
1. The PowerBroker Identity Services Enterprise Agent is installed on Linux, UNIX or Solaris machines turning them into AD clients.
2. These machines are then joined to Active Directory from a graphical tool or through deployment scripts.
3. The PowerBroker Identity Services Enterprise Management Tools are used to configure AD to store UNIX and Linux information.
4. Existing AD management tools are then used to manage configure Group Policies for non-Windows systems.
You are here:: Home>PowerBroker Identity Services>Enterprise Edition