Steps you only take once

In most organizations, you only perform the following tasks once in preparation for the deployment:

  • Assemble a deployment team with Active Directory, UNIX, and other expertise.
  • Provide basic training covering Centrify architecture, concepts, and terminology.
  • Analyze the existing environment:

    • Find a target set of computers that share a common attribute, such as the same operating system or a similar user population.
    • Plan for permissions and the appropriate separation of duties for your organization.
    • Review network connections, ports, firewall configuration.
    • Identify computers for administration.

    Basic deployment—Access Manager

    Auditing—Audit Manager and Audit Analyzer consoles, collectors, audit databases and servers, and the installation management server

    Provisioning service—Zone Provisioning Agent and configuration tool

  • Design a basic zone structure that suits your organization.

    • Single or multiple top-level parents.
    • Initial child zones, for example separate zones for Red Hat Linux and Mac OS X or different functional departments.
  • Create organizational units or containers to define a scope of authority within Active Directory.
  • Create Active Directory security groups for the UNIX Login role and the listed role.
  • Create an Active Directory distribution group for provisioning groups and an Active Directory distribution group for provisioning users if using the provisioning service.
  • Install Access Manager on at least one administrative Windows computer.
  • Open Access Manager for the first time to run the Setup Wizard for the Active Directory domain.
  • Create a parent zone and the appropriate child zones as identified in your basic zone design.

    Creating additional zones is an infrequent administrative task that is performed when the need arises. The basic zone design should be sufficient for the scope of your initial deployment.

  • Prepare group policies to be applied.