Cross-platform ID management transforms IT infrastructure without replacing systems
By Staff -- Manufacturing Business Technology, 12/1/2005 12:00:00 AM
A change in management at RotaDyne also brought about a new attitude toward the use of IT. The world's largest manufacturer of rollers and related products for printing and other applications wanted to use IT as a competitive weapon.
To start, the entire IT infrastructure would be managed from a central data center at RotaDyne's Darien, Ill., headquarters, leading to a flexible IT infrastructure while also lowering overall IT costs. But Kirk Patten, IT manager, says this transition probably would not have been as successful—and definitely not as smooth—if not for the discovery of a program called Vintela Authentication Services (VAS) from Quest Software.
VAS enables single sign-on capabilities in heterogeneous computing environments by building secure bridges for ID management and authentication between Windows and UNIX or Linux operating platforms. Patten says VAS allowed RotaDyne to link its Windows and UNIX environments in a single day. "The alternative was a manual integration project that would have taken six or seven months," he says. "That didn't make financial sense.
"I tried to build the [UNIX to Windows] integration myself," Patten adds, "but several issues got in the way."
Chief among those issues was expertise in working with the multiple standards Patten later discovered embedded in VAS.
RotaDyne needed to link UNIX and Windows environments to avoid replacing its entire IT infrastructure to accommodate a switch to a central management model. Instead, the company connected existing resources to a new wide area network (WAN).
Microsoft Windows was chosen as the primary server platform for the new WAN, a way of making things easier for both network users and administrators. The selection created a slight problem, however. Even though users would access applications through Windows interfaces, most of those applications resided on servers running the AIX operating system—the IBM version of UNIX. "Companywide, we had 30 AIX servers at 30 locations," recalls Patten.
Network security—specifically, the task of ensuring anyone logging on to the network was using a valid ID—was the first issue addressed when RotaDyne went to connect those UNIX servers to the Windows-based WAN.
RotaDyne adopted Microsoft Active Directory to handle network ID management and authentication. This solution relies on industry standards such as Kerberos and Lightweight Directory Access Protocol (LDAP) to manage all resources on a network—including users, files, printers, and applications.
LDAP stores and organizes information about all of these resources, while Kerberos handles all network authentications. With Kerberos, if a user attempts to log on to the network, the request is routed to a central Kerberos server, which combs through the LDAP resource list to verify that the request is coming from a valid user. Once validated, the Kerberos server issues the requester a ticket, which can be used to access any server on the network. Because the central server grants the requester free access to all network resources, Kerberos is considered a single sign-on standard.
With VAS in place, RotaDyne now has a single "trusted zone" in which a Kerberos server handles all requests for access to network resources—whether those resources run on Windows or UNIX. In addition to making the IT infrastructure more secure, Patten says VAS has reduced help desk calls—particularly those related to password issues.
Patten admits to some initial skepticism about VAS's ability to solve RotaDyne's integration problem, but now he's a true believer.
"Their literature said plug-and-play," he says. "So I put them to the test with a 40-day proof-of-concept evaluation. Obviously, [VAS] lived up to the billing because I'm a customer today."
