Last week we announced that The Kinkaid School of Houston has deployed Centrify’s User Suite, Mac Edition to better secure, control and manage Mac access for more than 1,000 users and their Macs. We also earlier this year published a case study (written by the respected analyst firm IDC) of how Grand Islands Public Schools, a public school district in Nebraska, deployed our Mac solution to over 10,000 users and over 5,000 Macs. Both case studies highlight the continued momentum we have in delivering enterprise device management for the Apple platform, and they dovetail with some of the new features we recently released on the Mac platform. In this blog post I will discuss what the case studies revealed about Centrify and highlight some of the new enhancements.
First, why do large Mac shops need Centrify? Here is what Grand Islands Public Schools (GIPS) had to say to IDC:
“To improve upon this distributed setup and improve the organizational efficiency of the school system, Gearhart [IT Director at GIPS] wanted to establish a centralized approach to the management of identity, access, password management, and authentication. Having a centralized system was also an important prerequisite for the school system’s goal of providing single sign-on (SSO) services and digital content curriculum systems across the organization’s 23 sites.”
Why Centrify? Again according to GIPS:
“According to Gearhart, while evaluating possible solutions, Centrify “kept coming to the top,” and GIPS began to view the Centrify for Mac and Mobile solution as the most comprehensive and robust product in the marketplace. Other solutions that the school system considered offered “parts and pieces” of the necessary functionality but could not match the rich functionality and features of the Centrify for Mac and Mobile solution. One major differentiator for the Centrify for Mac and Mobile solution was its holistic and easy-to-use management framework that would enable administrators to control preferences, handle authentications, administer policies, and provide single sign-on capabilities. Another important consideration was the solution’s marked ease of implementation and ability to be easily integrated and connected with Active Directory.”
In the case of Kinkaid Schools, “Kinkaid had been working with Apple which recommended Centrify.” They wanted a solution that could have Macs “authenticate and receive their “group policies” through the Windows Active Directory server.”
And how fast was the deployment of Centrify on Macs? Per Kinkaid:
“With Centrify we quickly and easily deployed the solution to more than 800 lab machines in just minutes,” said Joshua Godden, CISSP, IT Manager, The Kinkaid School. “Before Centrify our process took days, so now we can focus on other projects. Centrify’s support team has worked tirelessly with us whenever we had an issue, which wasn’t often.”
And per GIPS and their 5000 Macs?
“GIPS experienced a fast implementation that addressed all 23 facilities in approximately 3 weeks. The implementation was largely seamless and free from technical error and delays, in part due to the organization’s decision to prioritize ease of implementation and ease of integration during the selection process.”
That is impressive on how quickly and easily customers can deploy our solution on 1000s of machines and get the value of integrated identity management and device management in one single solution.
But we are not resting on our laurels …. So what type of features have we recently added to our Mac solution? Here are our top 4 recently added features (and thanks to David McNeely who runs product management for our Mac solution for providing the content below!):
#1 Seamless migration to Centrify with Apple UID / GID Support
We’ve introduced support for Apple UID algorithm within Centrify for Mac to eliminate the need for any user migration from Apple to Centrify for Active Directory user login. We have seen a number of customers who tried the Apple AD Plugin but later wanted to migrate to Centrify for Mac in order to get centralized configuration management via Group Policy. However, since we use a different algorithm to auto-convert an AD user’s SID to the Unix UID that the Mac needs, we previously required a migration from the Apple UID to the Centrify UID. We implemented this a new Group Policy to allow a smooth transition from managing Mac systems with Apple’s AD plugin to using Centrify. When Mac is managed by AD plugin, each user is assigned a user ID (UID) and a group ID (GID) based on Apple’s algorithm. A user logging in with Centrify will be able to access all of his files that he had previously stored in his home directory on Mac or on a remote network file system.
#2 Auto Enrollment for User Certificates
We have extended automatic enrollment of certificates to now support both computer and user certificates. When this new policy is turned on and an Active Directory user logs in, Centrify for Mac will automatically enroll the user with the on-premise Microsoft Certificate Authority and store the certificate along with its private key in the user’s Keychain, where the private key is so that it cannot be exported for security reasons. Once the certificate has been issued and stored in Keychain, other policies can then use that certificate for authentication to 802.1x wireless or wired networks or maybe for VPN or email purposes. Really any application that can leverage a user certificate stored in the user’s Keychain.
#3 Printer Management via Group Policy
We have enhanced the printer management via Group Policy by enabling Administrators to define the printer model along with the device URI in order to ensure that the Mac will use the specified printer driver. If you do not specify the Printer Model, then the Mac will automatically select the default printer driver, which is normally the postscript driver. You can see this new setting in the “Printing Settings” policy under the User Configuration for Mac OS X Settings.
#4 plist file Settings Management via Group Policy
Previously, Centrify enabled you to update a plist file by replacing the entire file using the file copy Group Policy, while this is still possible, we found many times that our customers really only wanted to update one or maybe a few settings within an existing plist file. This new Group Policy enables IT Admins to update an existing plist file with the changes specified within a plist file that the IT Admin specifies. So, if you want to add or change a setting within a larger plist file, just create a plist file with the specific setting that you want to change and Centrify will find the old setting and replace with the new one, or add the new setting to the existing file on the Mac. We created two new policies to accomplish this since you may have plist setting that apply to all users which will be a computer configuration or a plist setting that applies to an individual user at login.