PowerADvantage is a tool that brings Active Directory functionality to Unix and Linux hosts. Specifically, PowerADvantage allows your users to authenticate (logon) to Unix and Linux hosts using their Active Directory username and password, which is the same username and password they use to logon to Windows. PowerADvantage also enables administrators to configure the user sessions, applications or the operating system on Unix and Linux computers using Active Directorys Group Policy functions and PowerADvantages RSoP Applicators. The combination of Active Directorys native functionality for Windows hosts and PowerADvantages functionality for Unix and Linux hosts provides a single point of control for the users and computers in your environment.

Yes, PowerADvantage integrates with Active Directory to provide a single point of identity management for users in your organization. When a new person needs computer access, an administrator can set up their access across Windows, Unix and Linux machines in one operation. Should that person leave the organization, access across all the Windows, Unix and Linux hosts can be disabled or removed in one step. If your organization uses a global directory that synchronizes data with Active Directory, PowerADvantage can add value as well. Once the global directory has created the Active Directory user accounts, the script adapter of the global directory can be used to create the Unix and Linux configuration for the user through PowerADvantages command-line interface. All user account configuration for PowerADvantage is stored in the Active Directory integrated with the Active Directory user accounts. PowerADvantage doesnt require any local user configuration on the UNIX or Linux hosts, effectively removing the problem of unauthorized access through orphaned accounts.

Yes, PowerADvantage can log all of the authentication operations it processes in both the Active Directory domain controller event logs and the local Unix or Linux hosts syslog. When logging on the domain controllers is enabled (using Group Policy), the authentication results for your Active Directory-based logons for Windows, Unix and Linux machines will all be recorded in the domain controller event logs. Based on how you configure the logging in Group Policy, both successful and failed logons can be logged.

PowerADvantage provides reporting for the entries in these event logs providing a clear audit trail of all the Windows, UNIX and Linux logon activity in your environment.

Yes. In addition to the event reporting mentioned above, PowerADvantage provides configuration and entitlement reports for the all the UNIX and Linux computers managed by PowerADvantage. This enables you to quickly see which users have access to each Unix and Linux computer in your environment. There is also configuration reporting for which groups are available on each computer, which groups are mapped to each user, and the login configuration context to which each computer is mapped.

Several features of PowerADvantage will help secure your environment and provide the proof of control you will need to pass most any audit requirement. In addition to the comprehensive reporting of events, configuration and entitlement, PowerADvantage provides centralized identity management for effective control of your user accounts. With PowerADvantage, you can quickly demonstrate what users are able to access, rapidly enable and disable access as needed, and provide a complete audit trail of all the access that has occurred.

Yes, in a large environment one user typically has many accounts on UNIX or Linux systems that are not entirely uniform in their configuration. The account names or UIDs maybe be different, or the shell, home directory or groups are not consistent. Often this situation arises from hosts being incorporated from an acquired company, or by changes in configuration standards over time.

PowerADvantage provides a powerful feature called Contexts to map to the various user environment configurations in your environment. Once a user has authenticated with their Active Directory username and password, PowerADvantage will determine which Context the host is in, and reconfigure the session accordingly. This maintains backward compatibility with the users account configuration, so they still own all their files, have the same access rights and all their applications should run the same way they always have. When implementing PowerADvantage, the only training you will need to provide to your users is that they will logon with their Active Directory username and password, instead of the old username and password. After logon, everything will work just as they expect.

Yes, one of the great strengths of Active Directory Group Policy and the RSoP Applicators is the ability to provide different configuration to different users and hosts in your environment. A specific instance of policy, called a Group Policy object (GPO), can be applied at the domain level (applying to all users or computers in the domain), at the Organizational Unit (OU) level, which contain a subset of objects in the domain, or at the Site level, which is based on IP address ranges. Organizational Units can be embedded under other Organization Units in a domain to provide more granular control of Policy.

When PowerADvantage applies Group Policy objects, it will first gather all the GPOs that pertain to a user or computer and apply a process called Resultant Set of Policy (RSoP). RSoP will apply precedence to the items in the Group Policy objects and determine the coherent set of policy items that should be deployed to each user session or computer. The RSoP Applicator will then apply those settings to the item being configured. The RSoP Applicators also maintain a history of the original settings before Group Policy was applied, so that if you decide to no longer configure an item through Group Policy, the item will be reset to the value it had before being managed by Group Policy.

The combination of Group Policy objects and the RSoP Applicators enables effectively delivering configuration to all users and computers in the environment, just one user or computer, and any combination in between.

Yes, Both Group Policy and the RSoP Applicator scripts are designed to be easily extended. If you want to configure an in-house developed application that resides on a Unix or Linux host, you will need two basic parts: a Group Policy Administrative Template and an RSoP Applicator script. The Group Policy Administrative Template is written in a simple template code and contains the settings and help text for the items you want to configure. The RSoP Applicator contains the logic of how to apply these settings on the UNIX and Linux environment. Samples of both Administrative Templates and RSoP Applicators are provided with PowerADvantage.

No. PowerADvantage stores data in the Active Directory using existing Active Directory data structures. When PowerADvantage is installed on a UNIX or Linux host, a standard Computer object, just like a Windows hosts Computer object, is created in the domain. The user and group context data is stored in Active Directorys Program Data area using standard Containers and Classes. All PowerADvantage data could be completely removed, leaving no traces. The benefit of this is no negative impact to the operations of your Active Directory, or to its stability down the road.

None. Nada. Zilch. PowerADvantage communicates with your Active Directory domain controllers using exactly the same protocols as a Windows host. There are no agents, protocols or device drivers to install or maintain. There is no impact on the maintainability of your domain controllers.

PowerADvantage does include Windows utilities that integrate with the standard Active Directory utilities (such as the Active Directory Users and Computers Console) that enable you to maintain PowerADvantage from a Windows machine. These components dont need to be installed on a domain controller unless you also want to maintain PowerADvantage from the domain controllers console (typically, this is recommended only in test environments). The PowerADvantage Windows utilities can be installed on any Windows host attached to the domain. The PowerADvantage Windows utilities can even be distributed to administrators hosts using Active Directory Software Distribution.

Installing PowerADvantage is a straightforward process that takes very little time and requires no professional services. An install script is run on your UNIX and Linux hosts that installs the PowerADvantage agent and supporting software. The installer script also joins the Unix or Linux host to the Active Directory domain, and integrates PowerADvantage into the name service configuration on the Unix or Linux hosts (via PAM, LAM or nsswitch). The Windows installer will install the Windows utilities on Windows hosts, and integrate them with the Active Directory and the Active Directory Consoles.

The final step is to import your existing UNIX and Linux users into PowerADvantage using the Import Tool. The Import Tool will connect to an existing UNIX or Linux host or NIS server and bring back the user and group definitions. The Import Tool will then automated the process of mapping UNIX or Linux user and groups to their corresponding Active Directory users and groups. Once the Import tool has imported the user and group data, your users can begin logging on using PowerADvantage. Its just that easy.

Nope. Like all Symark products, installing PowerADvantage is very non-intrusive and requires no reboots during install, or uninstall for that matter. PowerADvantage can be installed, and user and groups imported without any reboots or disruption to your production schedule.

No. PowerADvantage is configured as an additional authentication provider on your UNIX and Linux hosts. Other authentication providers, such as local files, NIS or LDAP can be active as well. This enables you to have an organized process of moving users over to PowerADvantage according to your business needs.

Yes, like a Windows host attached to Active Directory, PowerADvantage will securely cache Active Directory credentials on the UNIX or Linux host. If the network or Active Directory domain controllers are unreachable for any reason, PowerADvantage will allow any user who has previously logged in and whose credentials have not expired to log back into the host. PowerADvantage also provides the root account the ability to unlock a locally cached account should a user lock themselves out during a network outage.

Of course, if you would prefer PowerADvantage not to cache credentials, this can easily be configured through Group Policy.

PowerADvantage is licensed per UNIX or Linux host managed by PowerADvantage. There is no charge for the Windows utilities or per number of domain controllers. On the UNIX and Linux machines, there are two license types: a server license and a lower-cost workstation license. The server license provides for unlimited users to be authenticated through PowerADvantage. The workstation license allows for two simultaneous users to be authenticated through PowerADvantage. Each user can have as many sessions as they need.

The PowerADvantage license is implemented as a license key stored in the Active Directory that contains the number of servers and workstations the customer is licensed for. The customer can add or delete computers and reassign them between server and workstation, up to the limits of the license, without changing the license key or getting assistance from their vendor.