Updates to Centrify Server Suite and our Express for *nix Program

At Centrify we have more than 5000 customers — including nearly half the Fortune 50 — who use our Centrify Server Suite, not only as an “Active Directory Bridge” to UNIX/Linux/Mac but also for privileged access management across Windows and *nix systems, privileged user activity monitoring, as well as for dynamic isolation of cross-platform systems.  In fact industry analysts such as Forrester and Gartner say we are one of the top vendors in this high-growth area of identity management from a technology, vision and installed base perspective (e.g. see this Forrester report on Privileged Identity Management).  We are continuing to invest heavily in our market-leading Server Suite and are in the midst of a few major projects to integrate our Server Suite with our Centrify Cloud Service — stay tuned for exciting details in the coming months.

CSS-img1In the meantime we are also continuing in parallel to invest in a host of minor updates and features to our Server Suite, so with that said, I am pleased to say we released today Centrify Server Suite 2014.1.  This blog will talk about some of the new features in Server Suite 2014.1, but also discuss how we are evolving our freemium offering — Centrify Express — for UNIX and Linux platforms.

Quick Overview of New Features in Centrify Server Suite 2014.1

Let me start out and say with any new release of our Server Suite, we are always adding new operating systems.  Broad platform coverage is very important in this market, and we lead the industry in supporting more than 450 flavors of UNIX, Linux and Mac (other vendors barely hit 200, so we provide 2x the platform coverage vis a vis alternative solutions).  With Centrify Suite 2014.1, we are adding even more operating systems support including:

  • CentOS Linux 7 (64-bit)
  • Debian Linux 7.5, 7.6 (32-bit and 64-bit)
  • Linux Mint 17 (32-bit and 64-bit)
  • Linux Mint Debian Edition 201403 (32-bit and 64-bit)
  • Oracle Enterprise Linux 7.0 (64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Ubuntu Desktop 14.04 LTS (32-bit and 64-bit)
  • Ubuntu Server 14.04 LTS (32-bit and 64-bit)

Client support has been added for the following operating systems for Standard Edition (these operating systems were already supported on Enterprise Edition):

  • Windows 8.1
  • Windows Server 2012 R2
  • Support for various configurations of Windows Server Core has also been added.

Other new features added in Server Suite 2014.1 include:

  • You can now search DirectAudit for audit sessions by specifying a command name and the time (or a time range) at which the command was run
  • You now audit administrators in audit scenarios that could not be done in prior versions; for example, you can now audit a small group of users in a Zone while all other users are not audited by default
  • Numerous enhancements to Deployment Manager, including a new option that allows you to choose to persistently store UNIX credentials to the local database or temporarily cache them in memory for the duration of the current Deployment Manager session.  This enables the use of Deployment Manager even if your organization’s security policy does not permit storing passwords for highly privileged UNIX accounts.
  • Enhancements to the Deployment Report that can help you better analyze your Centrify deployment
  • Guidance on how to integrate Hortonworks Hadoop with Active Directory using Centrify
  • Smart card authentication is now supported on CentOS 5.x and 6.x

Visit this page to get more details on other new features we added in 2014.1 (support login required).

Changes to our Centrify Express for UNIX/Linux program

As part of our update to Centrify Server Suite 2014.1, we are also making some changes to our popular Centrify Express offering.

CSS ExpressCentrify Express for UNIX/Linux (aka “Express for *nix”) started with the simple idea that Centrify could help businesses centrally manage identities for a small number of UNIX/Linux servers within their existing Active Directory infrastructure, and do so in a better and easier way than current solutions that were and are available through a freemium offering.  Like any freemium model you see in the software world, the intent was that as the number of Express for *nix deployments grew, a certain percentage of users would want to upgrade to the paid version either for support and/or for enterprise-class features, thereby funding the ability for Centrify to continue providing a freemium solution.  Express for *nix became and still is incredibly popular — more than 130,000 IT administrators have downloaded it to better join their UNIX and Linux systems to Active Directory.

However, as the years went by we started seeing that this model was not working quite as intended.  What we have found is that some users wanted the benefits of our great support (which is one of the benefits of moving from the freemium to the premium version) but did not want to pay for that support, so they decided to buy one copy of the paid version in order to get a backdoor way of getting support for hundreds and even thousands of copies of our free offering.  We also found users who were using certain granular access control features that were intended to be only available in the paid/premium version, thereby limiting our ability to get customers to upgrade to the paid and more full-featured solution.

Given the value that Express for *nix provides to our thousands of users globally, we still want to continue to offer a robust free offering that lets users simply and easily join a Linux or UNIX system to Active Directory.  So with the release of Centrify Server Suite 2014.1 in August 2014, we have made a few changes to restore fairness to both our freemium and paying customers, as well as to Centrify itself so we can continue to provide this great offering to the industry.

First, we are now specifying in our End User License Agreement (“EULA”) that Express for *nix can be deployed only up to 200 UNIX/Linux systems for commercial and government organizations, and only up to 400 UNIX/Linux systems for educational institutions and non-profit organizations.  This is in line with our initial stated goals of providing a great free offering for small- and medium-sized deployments.  Changes such as this are very common in freemium offerings (e.g. Google Apps), and this is the first such change we have made since we launched Express for *nix many years ago.  Note this does not impact users of our Express for Mac solution, who can still deploy Centrify Express to an unlimited number of Macs.  Given the large number of servers we allow a customer to deploy Express for *nix onto, this change impacts only a very small percentage of Express customers who have very large deployments.

In addition, this deployment limit is not enforced by the software, so there should not be any impact to production deployments if an accidental over-deployment does occur, but we do fully expect Express for *nix customers to follow and respect the terms of our revised licensing agreement.  To help you determine how many systems you have deployed Express for *nix on, please click here to run a deployment report.

Also, if you are currently using Express for *nix, the End User License Agreement (“EULA”) changes governing Express Use apply to your existing and future deployments once you accept the new EULA (posted in August 2014). Acceptance of the new agreement amends and supersedes prior versions of the EULA, and applies to all Centrify Express for *nix (previously referred to as Centrify Express) software installed in your environment.  For more details see this FAQ.

Again these EULA changes vis a vis the number of servers you can deploy to apply only to Express for UNIX/Linux, not to our Express programs for Mac, mobile or SaaS.

Second, we are removing select access control capabilities previously available in Express for *nix and making them available only in the paid/premium version.  The list of features can be found in this FAQ.  By doing so it makes clearer the delineation between paid and Express freemium features.

Finally, as part of this change to the program, if you are a current Express customer and want to migrate to the paid version, we are also putting special incentive programs in place to help you move to the paid version to take advantage of these premium features.  Please send us an email describing your environment, and we will contact you with additional information on the Express Upgrade incentive program available through Dec. 31, 2014.  For a summary of reasons of why you should consider moving to a paid from a free version of our offering for UNIX and Linux, please click here.

We are very proud to offer the leading freemium solution for integrating UNIX and Linux systems into Active Directory, and hopefully you agree that after many years of offering this great solution, the steps we are taking now will help ensure we can continue to offer this solution in the future.