Major Telecom company Migrates from niS to active directory with beyondTrust®

• 应用基础设施与中间件 - API 集成与管理
• 应用基础设施与中间件 - 数据交换与集成

• 电信

• 商业运营

• 网络安全

• 软件设计与工程服务
• 系统集成

The telecom company had just completed an internal security audit and found that their NIS directories were not compliant with Sarbanes-Oxley (SOX), and they needed to find a modern solution. Microsoft® Active Directory was their ideal choice, but they needed to migrate their existing NIS user accounts and groups into Active Directory, as well as manage a vast array of non-windows infrastructure. In its main datacenters, the telecom carrier had in excess of 4,000 Unix servers and 1,000 Unix and Linux workstations that were currently being administered with NIS. They also had over 137,000 user accounts, of which less than 40,000 accounts were active users in the company. In addition to the complexity of the Unix infrastructure and the large number of user accounts, the telecom company also managed the Unix attributes of each user in NIS. Each Unix attribute (e.g., password policy) corresponded to an individual NIS domain. In total the company had 155 unique NIS domains, meaning that for each of the 137,000 user accounts, there were up to 155 additional attributes to manage.

The customer is a major US-based telecom carrier. The company had just completed an internal security audit and found that their Network Information Service (NIS) directories were not compliant with Sarbanes-Oxley (SOX), and they needed to find a modern solution. The company had a very inefficient user on-boarding and off-boarding process due to the size and complexity of the environment. In its main datacenters, the telecom carrier had in excess of 4,000 Unix servers and 1,000 Unix and Linux workstations that were currently being administered with NIS. They also had over 137,000 user accounts, of which less than 40,000 accounts were active users in the company. In addition to the complexity of the Unix infrastructure and the large number of user accounts, the telecom company also managed the Unix attributes of each user in NIS. Each Unix attribute (e.g., password policy) corresponded to an individual NIS domain. In total the company had 155 unique NIS domains, meaning that for each of the 137,000 user accounts, there were up to 155 additional attributes to manage.

The telecom company looked at the various options available in the market for consolidating their NIS environment in Active Directory. They ended up choosing PowerBroker® Identity Services for a number of reasons, chief of which was the capability that specifically solved their migration challenge of moving to Active Directory. PowerBroker Identity Services solved the ID mapping issues for the organization using the notion of a “cell.” A cell is a grouping of Linux/Unix computers where an Active Directory user is mapped to a specific Unix profile. PowerBroker Identity Services associates cells with AD organizational units (OUs). Linux/Unix computers that are joined to a particular OU that is associated with a cell are said to be members of the cell. Simultaneously, PowerBroker has the ability to seamlessly migrate users into a single directory while eliminating downtime. The telecom company installed the PowerBroker agent on each of their 4,000 Unix servers and 1,000 workstations. These systems were then joined to the Active Directory domain. Then, using the migration capability in PowerBroker Identity Services, the NIS maps were imported and the Linux and Unix users were associated with their existing AD user accounts. The cells were automatically created to contain the ID mapping information stored in the NIS server.

• Met organizational security and compliance standards
• Reduced workload for server and identity administrators
• Streamlined logon processes for users

• Reduced the number of NIS domains from 155 to 1
• Eliminated approximately 97,000 inactive user accounts