Active Directory...without the Windows - the Centrify way
Centrify has a new way to let people benefit from Active Directory: with whatever client you want.
Last week I spent some time talking with Tom Kemp, CEO of Centrify. Centrify is not open source but, depending on how you look at it, either solidifies or dilutes Microsoft's hold on its customers. In Centrify's case, it extends Active Directory to platforms other than Microsoft, meaning that it:
...centrally secures...heterogeneous systems, web applications, databases and storage systems using Microsoft Active Directory. Centrify DirectControl secures...non-Microsoft platforms using the same authentication, authorization and Group Policy services deployed for your Windows environment.
In other words, it lets customers choose to leverage their Microsoft technology without being forced completely into the Microsoft ecosystem. This is a good thing. Choice is good.
Centrify opted not to develop a server-side clone of Active Directory, citing customers as the reason. Few want to risk identity management on a clone. Instead, Centrify decided to focus on enabling heterogeneity in the client world. In other words, Centrify allows administrators to deploy an Active Directory server but make it work with non-Windows clients (Mac OS X machines or Linux or...whatever).
As Tom noted, most enterprises have 50-60 identity stores, which requires users to have multiple logins to use their company's IT systems. Single sign-on systems (essentially, metadirectories) were then developed to solve the problem, but the solution created other problems: such schemes rely on big databases to provide replication and synchronization, which costs a great deal of money and introduces additional complexity.
So, instead of building a big database to replicate and synchronize (Tom noted that the underlying identity stores may not support synchronization, anyway), Centrify decided to embrace and extend Active Directory, allowing customers to reduce the number of identity stores, leveraging AD and putting in on steroids. It sounds very cool. I just wish it were open source. :-)
Centrify isn't trying to steer buyer behavior to or from Microsoft's Active Directory. It takes the world as is and provides an "out" for those enterprises (and they probably include everyone) that run more than Windows. It's something that Microsoft arguably would prefer not to touch - why provide choice when monopoly is so profitable? :-) - so I'm glad someone is doing it.
Keep an eye on the company. Looks interesting.