BeyondTrust > 实例探究 > Major Telecom company Migrates from niS to active directory with beyondTrust®

Major Telecom company Migrates from niS to active directory with beyondTrust®

公司规模

1,000+

地区

America

国家

United States

产品

PowerBroker Identity Services Active Directory Bridge

技术栈

Active Directory
NIS
Unix
Linux

实施规模

Enterprise-wide Deployment

影响指标

Cost Savings
Digital Expertise
Productivity Improvements

技术

应用基础设施与中间件 - API 集成与管理
应用基础设施与中间件 - 数据交换与集成

适用行业

电信

适用功能

商业运营

用例

网络安全

服务

软件设计与工程服务
系统集成

关于客户

The customer is a major US-based telecom carrier. The company had just completed an internal security audit and found that their Network Information Service (NIS) directories were not compliant with Sarbanes-Oxley (SOX), and they needed to find a modern solution. The company had a very inefficient user on-boarding and off-boarding process due to the size and complexity of the environment. In its main datacenters, the telecom carrier had in excess of 4,000 Unix servers and 1,000 Unix and Linux workstations that were currently being administered with NIS. They also had over 137,000 user accounts, of which less than 40,000 accounts were active users in the company. In addition to the complexity of the Unix infrastructure and the large number of user accounts, the telecom company also managed the Unix attributes of each user in NIS. Each Unix attribute (e.g., password policy) corresponded to an individual NIS domain. In total the company had 155 unique NIS domains, meaning that for each of the 137,000 user accounts, there were up to 155 additional attributes to manage.

登录后查看完整内容

挑战

The telecom company had just completed an internal security audit and found that their NIS directories were not compliant with Sarbanes-Oxley (SOX), and they needed to find a modern solution. Microsoft® Active Directory was their ideal choice, but they needed to migrate their existing NIS user accounts and groups into Active Directory, as well as manage a vast array of non-windows infrastructure. In its main datacenters, the telecom carrier had in excess of 4,000 Unix servers and 1,000 Unix and Linux workstations that were currently being administered with NIS. They also had over 137,000 user accounts, of which less than 40,000 accounts were active users in the company. In addition to the complexity of the Unix infrastructure and the large number of user accounts, the telecom company also managed the Unix attributes of each user in NIS. Each Unix attribute (e.g., password policy) corresponded to an individual NIS domain. In total the company had 155 unique NIS domains, meaning that for each of the 137,000 user accounts, there were up to 155 additional attributes to manage.

登录后查看完整内容

解决方案

The telecom company looked at the various options available in the market for consolidating their NIS environment in Active Directory. They ended up choosing PowerBroker® Identity Services for a number of reasons, chief of which was the capability that specifically solved their migration challenge of moving to Active Directory. PowerBroker Identity Services solved the ID mapping issues for the organization using the notion of a “cell.” A cell is a grouping of Linux/Unix computers where an Active Directory user is mapped to a specific Unix profile. PowerBroker Identity Services associates cells with AD organizational units (OUs). Linux/Unix computers that are joined to a particular OU that is associated with a cell are said to be members of the cell. Simultaneously, PowerBroker has the ability to seamlessly migrate users into a single directory while eliminating downtime. The telecom company installed the PowerBroker agent on each of their 4,000 Unix servers and 1,000 workstations. These systems were then joined to the Active Directory domain. Then, using the migration capability in PowerBroker Identity Services, the NIS maps were imported and the Linux and Unix users were associated with their existing AD user accounts. The cells were automatically created to contain the ID mapping information stored in the NIS server.

登录后查看完整内容

运营影响