TECH BRIEF

PowerBroker Identity Services:

Open vs. Enterprise Editions

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

2

Table of Contents

Active Directory Bridging .............................................................................................................3

PowerBroker Identity Services ....................................................................................................3

Two Versions – Open and Enterprise Compared ......................................................................3

Next Steps ...................................................................................................................................7

The PowerBroker Privileged Access Management Platform ........................................................8

About BeyondTrust .....................................................................................................................9

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

3

Active Directory Bridging

Unix, Linux and Mac have traditionally been managed as standalone systems – each a silo with

its own set of users, groups, access control policies, configuration files and passwords to

remember. Managing an environment that includes these silos – plus the Microsoft

environment – can lead to inconsistent administration for IT, unnecessary complexity for end

users and risk to the business. To overcome these challenges, and to achieve consistent policy

configuration compliance, a simpler experience for users and administrators, and less risk from

an improperly managed system, organizations typically deploy an Active Directory bridge.

PowerBroker Identity Services

BeyondTrust PowerBroker Identity Services is an Active Directory bridge solution that

centralizes authentication for Unix, Linux and Mac environments by extending Microsoft AD's

Kerberos authentication and single sign-on capabilities to these platforms. By extending Group

Policy to these non-Windows platforms PowerBroker provides centralized configuration

management, reducing the risk and complexity of managing a heterogeneous environment.

TWO VERSIONS – OPEN AND ENTERPRISE COMPARED

PowerBroker Identity Services is delivered in two options – a free community open version, and

a paid enterprise version. For a comparison of the two options, please see the table below.

PowerBroker Identity Services Features Open Enterprise

Active Directory Authentication

Allows users to use their Active Directory credentials (username

& password) to gain access using native Kerberos/LDAP

protocols to non-Windows systems such as Unix, Linux and Mac.

PowerBroker Identity Services is fully site-aware, performing

authentication with the same reliability as any Windows system.

✓ ✓

Multiple Domain and Forest Support

Users can authenticate and systems can be joined to multiple

domains in the same or different forests. PowerBroker Identity

Services supports all Windows trust types between Windows

✓ ✓

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

4

PowerBroker Identity Services Features Open Enterprise

2000 and higher domains - forests, external, 1-way, 2-way, SID

filtered, transitive, non-transitive, and more.

Single Sign-on

Enables SSO from desktop to remote machines or between

systems without the need to constantly re-enter credentials. By

leveraging Kerberos, Active Directory's authentication protocol,

single sign-on is easy regardless of platform.

✓ ✓

Distributed File System (DFS) Support

Provides location-aware connectivity to Microsoft DFS

namespace.

✓ ✓

Samba Integration

Enables easy connection to SAMBA shares without having to re-

enter credentials.

✓ ✓

Command Line Interface

Provides full system management from the command line. ✓ ✓

Centralized Account Management

By consolidating accounts into Active Directory, PowerBroker

Identity Services delivers a centralized username and password.

✓ ✓

Cached Credentials

Like a traditional Windows desktop if a user on Unix, Linux, or

Mac cannot communicate with Active Directory, PowerBroker

Identity Services keeps a cached copy of the user’s credentials to

allow for offline access.

✓ ✓

Customized UID & GID Mapping ✓

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

5

PowerBroker Identity Services Features Open Enterprise

All UID's and GID's for users and groups can be customized

based on existing systems, policy or other needs.

Simple Group-based Access Control

Allows native AD groups with computer accounts, user accounts

or groups containing accounts to directly control who can logon

to which servers.

✓

Group Policy for Unix & Linux

Extends the capabilities of the native group policy management

tools to include specific group policy settings for Unix and Linux

to attain a consistent configuration across the enterprise.

✓

Group Policy for Mac

Optional integration of Microsoft GPO with Apple Workgroup

Manager provides the most extensive options for managing

settings on Macs.

✓

Snap-ins for ADUC and GPMC

All day-to-day management of users, groups, and policy

configuration can be performed using native Microsoft

management tools like Active Directory Users and Computers

and Group Policy Management Console.

✓

RFC 2307 Compliant

Stores Unix information in Active Directory's RFC 2307 attributes

for users and groups.

✓

Flexible User Identification Model

The "cells" model allows for flexible options to have different

usernames, UIDs, GIDs and default shells for particular systems

based on application or technical requirements.

✓

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

6

PowerBroker Identity Services Features Open Enterprise

Cell Auditing

Integration with a free module of PowerBroker Auditor enables

the auditing of default cells and changes to named cells. When

any of the user personalities stored in the default cell or named

cells are modified, admins will have an audited event for those

changes.

✓

SNMP

Configure a wide array of success and failure SNMP traps via the

command line and/or group policy.

✓

Two Factor Authentication

Extensive support for one-time passwords (OTP) systems

providing a level of assurance when users access critical systems.

✓

Operational Dashboard

Easy access to system status and metrics from a management

console.

✓

Centralized Reporting

Out of the box reports that help with compliance and audit

requirements are all accessible through a single interface.

✓

Centralized Event Management

All audited activity is securely aggregated to a central event

database.

✓

Direct Smartcard Authentication

Requires and drives the authentication to systems with any

working smartcard system that is attached.

✓

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

7

PowerBroker Identity Services Features Open Enterprise

Remote Smartcard Reader Authentication

Tunnels a remotely connected smartcard reader (i.e. on a

Windows workstation) to the remote Unix/Linux endpoint as if

the reader was directly connected to the target host.

✓

BeyondInsight Integration

Offers a variety of auditing options, allowing for local logging,

syslog, the PBIS Management Console (SQL) or BeyondTrust’s

centralized reporting console, BeyondInsight.

✓

Web-based PowerBroker Management Console

Discover, deploy, upgrade, join and manage from a single,

intuitive management console.

✓

24/7 Support

Gain access to the BeyondTrust customer portal, BeyondTrust

University courses, professional services resources and more.

✓

Next Steps

For a demo or free trial of PowerBroker Identity Services Enterprise Edition, visit

https://www.beyondtrust.com/demo-request/#Active-Directory-(AD)-Bridging.

To obtain access to PowerBroker Identity Services Open Edition, visit

https://www.beyondtrust.com/powerbroker-identity-services-open-request/.

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

8

The PowerBroker Privileged Access Management Platform

PowerBroker Identity Services Enterprise Edition is part of the PowerBroker Privileged Access

Management Platform, an integrated solution to provide control and visibility over all privileged

accounts and users. By uniting capabilities that many alternative providers offer as disjointed

tools, the PowerBroker platform simplifies deployments, reduces costs, improves system

security and closes gaps to reduce privileged risks.

PowerBroker Identity Services:

Open vs. Enterprise Editions

© 2018. BeyondTrust Software, Inc.

9

About BeyondTrust

BeyondTrust® is a global security company that believes preventing data breaches requires

the right visibility to enable control over internal and external risks.

We give you the visibility to confidently reduce risks and the control to take proactive,

informed action against data breach threats. And because threats can come from

anywhere, we built a platform that unifies the most effective technologies for addressing

both internal and external risk: privileged access management and vulnerability

management. Our solutions grow with your needs, making sure you maintain control no

matter where your organization goes.

BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including

over half of the Fortune 100. To learn more about BeyondTrust, please visit

www.beyondtrust.com.