Active Directory management: ITkeys
An easy way to delegate Active Directory management chores to those close to the coalface
Lacks integration with other network management tools
An excellent, user-friendly front-end for Active Directory that successfully delegates AD management chores back to managers and makes it look like child's play in the process. Not bad value, either
Active Directory (AD) is Microsoft's take on LDAP directory services by Microsoft for use in Windows environments. It allows network administrators to assign global, enterprise-wide policies, deploy programs to many computers and apply critical updates to an entire organisation. AD data is stored in a central, organised, accessible database. Active Directory networks can vary from a small installation with just a few hundred objects to millions of them. It is a key component when it comes to managing very large networks.
And therein lies the rub. AD isn't too hard to administer when you have just a few hundred users and workstations. Unfortunately above this level, the standard AD management tools provided by Microsoft don't really cut the mustard. It can be a slow, not to say cumbersome, task to remove or add AD objects or groups. Also, the management process for this task can be lengthy. Say a new member of staff joins the firm.
Their manager calls the help desk, which calls IT support to action the changes in AD. Once these are made, the manager is notified that the user has been set up. This can take hours, sometimes days. Not only does this process tie up IT with mundane admin chores, but it can mean that staff can't be productive during this hiatus. The other side of the coin applies equally - you can't remove a user's access rights immediately.
ITkeys offers a cost-effective solution. It neatly overcomes these AD admin headaches by effectively delegating AD object management to line managers. If changes have to be made, managers can make them on the spot, with changes going live in as little as ten seconds.
ITkeys uses a web-based AD management interface - it can be installed quickly through a company's internal network as there are no desktop clients to install, and the familiar web-browser user interface cuts the need for training. In fact, it's so simple and intuitive that most staff probably won't need any training.
ITkeys provides granular access control to entrusted staff with no limitations. Once logged in you're presented with a home page offering just three options: update access, view access groups and view audited history. Changes to the AD are made via a wizard. A search option is provided, useful if you have thousands of AD objects to contend with.
When you have finished making your changes you simply click the "update all groups" button and it's done.
Paperwork is kept to a minimum. Changes to working practices and user privileges are managed through workflow emails. As well as greatly simplifying AD admin for both line managers and IT support staff, security is also improved by automating a usually manual security process. All ITkeys updates are logged to allow for auditing, which is essential to meet compliance standards.
In fact, ITkeys directory management can be standardised worldwide and can be used as part of the enterprise's Quality Management. The audit history option on the home page lets you view log information by group/role, date or user. Data can be downloaded and displayed in Excel.
Although ITkeys is a standalone product and doesn't integrate with other network management tools, its web services programming interface (API) will allow the integration of separate systems. As a result, ITkeys can complement existing identity management or account provisioning solutions. At the moment, ITkeys can support up to 100,000 users. System pre-requisites include Windows Server 2000/2003, IIS 6,.NET Framework 1.1, an SMTP e-mail server and MS SL Server, either 2000, 2005 or Express 2005 - most organisations contemplating deploying ITkeys will most likely meet these criteria from the off.
Installation is a doddle - in fact, if you spend more than ten minutes on it, you're probably doing something wrong.
In conclusion, ITkeys is an AD management tool that's well-suited to organisations with more than 300 seats, as well as to managed-data centres looking for a painless and secure method of passing security management tasks back tothe client.
Not only is it reasonably priced, it offers an almost horizontal learning curve. A full 'live' demo version is available to explore on the ITkeys web site