One of the first tasks of the deployment team should be to define the goals you want to achieve and the criteria you will use to measure whether you have met those goals. As part of this process, you should define:
- The primary reason for deploying Centrify in your organization. For example, if providing centralized directory service or a single point of account administration is your most important goal, you may make different deployment decisions than if auditing and restricting user access to specific computers is your primary goal. That is, you want to be sure the deployment addresses your most pressing concerns first.
- Priorities for any additional goals you want to set for the deployment. For example, you may want to transition to a rationalized namespace over time, but this may be a lower priority for your organization than moving from decentralized computer administration to delegated administration of the tasks users can perform on specific computers.
- Any specific auditing requirements or security requirements that are unique to your organization or industry. For example, the way you organize computers into groups may be determined by specific reports you need to produce.
- Internal policies for how you update and distribute software. For example, you should define how frequently you apply operating system patches and whether you automate software distribution.
- Internal policies for how you assign UNIX attributes and Active Directory account information. For example, you should identify how you have assigned UIDs, GIDs, and other UNIX-specific attributes and whether there are existing naming conventions for Active Directory users and groups.
- Plans for who will manage UNIX profiles after deployment. For example, you should identify the group or groups that will manage which UNIX users and computers and whether there will be separate UNIX and Active Directory administrators with shared responsibilities or a clearly defined division of responsibilities. In most cases, Centrify recommends a separation of duties model that enables UNIX administrators to manage zones and Active Directory administrators to manage user objects and group membership.