SCO Identity Manager Supports Single Sign-on Across Environments

A new Microsoft initiative eases management headaches by building management features into products that can be accessed by a variety of enterprise management tools. SCO's Vintela Authorization may give us a glimpse into how Microsoft networks can finally play nice with other operating systems.

According to Accenture, IT and security managers spend an average of 70 percent of their time just maintaining existing systems. Here’s the problem: that approach doesn’t leave enough time for thinking the big-picture strategy thoughts organizations need to maintain top-notch IT and security programs.

A new program from Microsoft aims to ease management headaches by building management features into products from the ground up, able to be accessed by a variety of enterprise management tools. Could Microsoft networks finally play nice with other operating systems?

Time will tell, as Microsoft begins unrolling its own management products next year. In the meantime, SCO announced its Vintela Authentication software, version 2.2. The identity management software provides a single user ID, and password, for all of an organization’s employees, whether they’re accessing Linux, Unix, or Windows networks. In other words, users get single sign-on, and administrators organize it all in just one place: Microsoft’s Active Directory.

Vintela Authentication, able to use such standards as Kerberos and LDAP, eschews “having to maintain password synchronizers or perform user-administration tasks on multiple systems,” notes SCO in a statement. SCO’s Vintela Authentication is actually the latest, renamed version of its Authentication 2.1. “SCO has renamed its secure identity management product to reflect a closer relationship with its partner, Vintela Inc.”

The latest version of Vintela runs on Windows Server 2000 and 2003, and supports nine other platforms, including SCO OpenServer, HP-UX, and two 64-bit operating systems.

The Vintela software is part of a trend, backed by Microsoft, to—in broad strokes—improve software manageability, as well as Windows’ interoperability with other platforms and products. At the recent Microsoft Management Summit, Bob Muglia, senior vice president of the Windows Server Division at Microsoft, dubbed this the Microsoft Dynamic Systems Initiative (DSI), aimed at building manageability features into products during their development. Today, the paradigm is too often the opposite: roll out applications, then roll out separate manageability software.

“This is an issue where the industry has over-promised and under-delivered while our enterprise customers continue to feel the pain of managing their systems,” Muglia said. “Our approach with DSI is to help customers get every dollar out of their IT investments by making software more manageable from the ground up.”

The company has its Microsoft Operations Manager 2005 Express now in beta, which it describes as “a low-cost solution for organizations that require simple monitoring capabilities for Windows Server System.” Work is underway to develop plug-ins for Siebel’s CRM applications, VERITAS’s Management Pack, and also expect Microsoft connections to IBM Tivoli and HP OpenView.

“The need for a management vision like Microsoft's Dynamic Systems Initiative has been a long time coming,” notes Chris Skillings, CEO of Vintela. Software such as his company’s, he says, allows businesses “to leverage their Microsoft infrastructure investments across all platforms, while consolidating their resource expertise around a single set of management tools.” Fewer tools means less time spent learning to use management tools, and less chance of misconfigurations—liable to lead to security breaches—going unnoticed.

Today “IT managers struggle to maintain solid network security in mixed Unix and Windows environments,” notes Jeff Hunsaker, a SCO senior vice president. As a result, he says, “IT managers either do nothing to integrate Windows and Unix users—causing users to write down their multiple passwords to remember—or they deploy insecure synchronization scripts, sending password information across the network that may be intercepted.” With identity management software able to work on multiple types of networks, security managers can give users something better.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.