Centrify Suite 2013.2 Release – Security Enhancement to Mac and Red Hat Smart Card

We are excited about the upcoming release of Centrify Suite 2013.2.  In particular, I would like to discuss DirectControl for Mac, and smart card support in DirectControl for Red Hat.  Our team’s focus in this release is to enhance the security of end points (Mac and Red Hat Enterprise Linux) further with Centrify DirectControl (CDC).  As my colleague Brian says, without further ado …

FileVault2GroupPolicy (for Mac)

File Vault 2 (FV2) is a MacOS feature to encrypt Mac’s entire hard disk (or Solid State Drive).  We provide a feature in DirectControl to control FV2 centrally.  Using a Group Policy, a system administrator can turn on FV2 on Macs she manages.

FileVault2GroupPolicy (for Mac)

PKI 802.1x Network Group Policy (for Mac) 

Many system administrators want to secure their networks using strong PKI credentials (i.e. certificates).  Using a Group Policy, a system administrator can implement the whole process:

  • Mac enrolls a computer certificate with Certificate Authority.
  • Mac downloads necessary certificate chain from Certificate Authority.
  • Mac configures Network profile to use certificate for authentication.
  • Mac authenticates itself to network using certificate, via 802.1x protocol.

This feature supports both WiFi and Ethernet configurations.

PKI 802.1x Network Group Policy (for Mac)

Smart Card Name Mapping, a.k.a. Alternate Identity Smart Card (for Mac and RHEL)

As I discussed in my previous blog post, “alternate identity” is a way to map different user privileges to one smart card certificate.

CDC now supports this type of smart card for authentication, screen lock, and so on, on Mac and Red Hat Enterprise Linux.

On login and screen unlock window, if you have this type of card (i.e. no UPN on certificate), you will be presented a username and password window.  User can specify the user he wants to log in as, and enter the PIN (although the field asks for “password”).

Miscellaneous

  • Add “Enable License Features” button back to AD Join UI (for Mac)
  • Fix limitation of AD Join UI about using special characters in password (for Mac)
  • Address login and screen unlock instability problem (for Mac)
  • And more, smaller enhancements and fixes.