Group Management Server Scales for Enterprise

5 09 2012

Wait, what is Group Management Server?!

Group Management Server is Thycotic Software’s brand new self service Active Directory group management tool.  IT Admins can designate Group Owners to control Active Directory Security Group and Distribution Group membership.  Reporting and full audit trails are maintained throughout the system on group management activities including adding, deleting, editing user group membership. These audit trails can be used during security audits to demonstrate compliance.

Group Management Server can be installed quickly and does not require Active Directory Schema Extension.  Even very large Active Directory environments can be quickly synchronized and managed from an easy-to-use and secure web interface.  Implementing robust Role Based Access Control and an approvals workflow, Group Management Server can automate IT Admin functions to tighten security, minimize risk, and reduce labor costs associated with managing group membership.

Let’s get back to how Group Management Server scales for the enterprise…

One of the highlights in Group Management Server is the performance during Active Directory synchronization.  Active Directory synchronization is a process in which Active Directory data (groups and users) are populated in Group Management Server.  The synchronization process makes Active Directory group management tasks lightning fast, as opposed to waiting on the Active Directory Users and Computers application to slowly search for the correct group.  In our testing, synchronization with 6 domains (one domain contained nearly 150,000 groups and 100,000 users) was completed in well under 5 minutes.  See figures 1-3 below for before and after screenshots of Active Directory synchronization with Group Management Server.

In Figure 1, this Group Management Server instance manages groups in six domains.  These domains range in size from small (250 objects) to large (100,000+ objects).  Note that domain synchronization has been started at 11:34:08 AM (highlighted in red).

Figure 1

In Figure 2, synchronization has completed for all six domains at 11:38:55 AM.  The elapsed time for the synchronization was
4 minutes and 47 seconds!

Figure 2

In Figure 3, domain statistics are displayed for synchronization.  In less than 5 minutes, Group Management Server synchronized more than 160,000 Active Directory groups and nearly 100,000 user objects spread over six separate domains.

Figure 3

Setting up Active Directory synchronization with Group Management Server

To synchronize with Active Directory, log in as an Administrator for Group Management Server.  Then click Administration -> Active Directory.  Click on the New Domain button and fill out the fields with your specific domain information and click Save.  Group Management Server will begin to synchronize with the newly added domain.  As with test example above, synchronization will take a few minutes depending on the number of groups and other objects in your domain.

Group Management Server information and resources

Try it here:  http://www.thycotic.com/products_groupmanagementserver_try.html

Support:  http://www.thycotic.com/products_groupmanagementserver_support.html

Forums:  http://www.thycotic.com/products_groupmanagementserver_forums.html


Comments : 2 Comments »
Tags: ,
Categories : Group Management Server, Releases

Secret Server version 7.8.000061 Released!

17 08 2012

A new release for Secret Server is now available.  For full details, view the official release notes available here:  http://www.thycotic.com/Secretserver_releasenotes.html

Secret Server Release version 7.8.000061 is primarily about reporting features and enhancements.  The big announcement is Scheduled Reports.  Secret Server Administrators can now schedule their reports and also have them emailed to a subscription list.  Additionally, a feature called “Health Checks” has been built into Scheduled Reports.  Health Checks allows “if-then” scheduling for reports that should be delivered when user-defined conditions are met.  New parameters #STARTWEEK and #ENDWEEK have been added to the list of dynamic Report parameters.

Other features found in the new release include changes to make Active Directory Synchronization easier when dealing with large Domains.  We also added an Event Subscription for notification messages based on license expiration.  Cosmetic changes can be found throughout the application concerning search controls and maintaining consistency between different parts of Secret Server.  Aside from a short list of self-explanatory bug fixes, the Inactivity Timeout enhancement is the last notable addition.  Inactivity Timeout should now work when closing only browser tabs, but not the browser.  Specifically, when users have multiple tabs open for Secret Server, activity in any one tab will prevent a timeout.

Please tell us how these features help you, ask questions, or join the discussion in our forums:  http://www.thycotic.com/products_secretserver_forums.html


Comments : Leave a Comment »
Tags: , ,
Categories : Releases, Secret Server

Secret Server comes to the BlackBerry

5 05 2010

Here are a few teaser screenshots of our new Secret Server Password Management BlackBerry app  that will be going into beta within the next two weeks. The initial beta will only support viewing of data (no adding or updating of Secrets) but the final release version will have adding/editing capability.

iphone
iphone

The Secret Server Password Management BlackBerry app will work with your existing Secret Server or can be used with our Online Edition (hosted version).

The team has copied the design of the iPhone app for the most part with some differences to fit better with the BlackBerry platform (such as a context menu to jump to different screens in the app). We are also exploring options for offline caching within both the BlackBerry app and the iPhone app – stay posted for more on this.

Please click here http://www.thycotic.com/beta.html if you are interested in joining our Beta program.

iphone
iphone


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Mobile, Releases, Secret Server

Bringing Enterprise Password Management to the iPhone

23 06 2009

iphoneWhile there are many iPhone password managers available for home and personal use, Secret Server Password Manager iPhone edition brings privileged password management to the IT professional. And it’s free! With an already-established password management platform, Secret Server iPhone provides the security and convenience needed for you to efficiently manage and track your organization’s most critical passwords from your phone and PC.

Here’s a look under the hood

The Secret Server Password Management iPhone app allows you to view, edit, and create Secrets for multiple accounts. You can also see which Secrets were recently accessed, add favorites, and lock the application with a pin code. If you lose your iPhone, you are still be able to access your Secrets from a computer because the application synchronizes with both Secret Server (installed) and Secret Server Online.

The applications that Apple delivers with the iPhone all share a consistent UI and provide an intuitive user experience, so we went to great lengths to emulate this in our application. For example, when you press a table cell and are brought to a new screen, you expect to see a button in the top left that returns you to the previous screen. You also expect certain animations and screen layouts in other familiar situations. One of the challenges of programming the Secret Server iPhone application was meeting these expectations while still providing a powerful web-based application.

iphone

What makes iPhone programming different from .NET programming is that you have to be more particular about performance and memory management. iPhones are far less powerful than servers, and large memory allocations should be avoided at all costs. For example, in our application the same memory block is used whenever a Secret is created or edited. This may make the code a little harder to read, but it provides a great boost in performance.

In conclusion, writing the iPhone application was a creative, challenging experience and introduced us to a new language, API, operating system, and way of thinking about code. I am very excited about the Secret Server Password Manager iPhone edition, and will be using it on my iPhone every day.

Have an iPhone? Sign up for the Secret Server Password Manager iPhone app Beta today!


Comments : 3 Comments »
Tags: , , , , , ,
Categories : Mobile, Releases, Secret Server

Secret Server 4.0

7 12 2007

We are happy to announce that Secret Server 4.0 is scheduled for release on December 21st.

Search Panel One of the features that is often requested is the ability to search a folder *and* its sub-folders. Starting in 4.0, this feature will be available. On the home page, there will be a checkbox in the search region that will allow you to search in a folder’s children. Also, the performance of searching has been improved by reducing some of the logic needed.

One of the other features that we will be in 4.0 is inherited permissions for folders. With the confusion of how folder permissions currently work, we think this will allow users to better manage their secrets while also working more as expected (more like operating system permissions). Starting in 4.0, you can optionally inherit permissions from parent folders, and a secret can now inherit permissions from a folder. Say, if you choose to have a secret inherit permissions from it’s folder, it will also get the permissions from that folder, and all of it’s parents. If the parents’ folder permission changes, the new permissions will reflect on that secret.

Secret Server 4.0 is shaping up to be the biggest release of Secret Server yet, and we’re excited about the cool new features!

– Kevin


Comments : Leave a Comment »
Tags:
Categories : Releases, Secret Server

Minor Update on 11/16

13 11 2007

On November 16th we will be releasing a minor update for Secret Server. This update includes:

  • Ignoring the selected folder if the folder panel is collapsed when performing a search from the home screen.
  • Changing the import tool to allow duplicates if explicitly allowed. There will now be a checkbox called “Ignore Duplicates” that allows you to import secrets even if a secret with the same name already exists.
  • Some Active Directory Synchronization fixes. Recently a bug was discovered that may solve a large portion of the remaining active directory synchronization issues. As some may know, there have been some issues with Active Directory that we have been identifying and fixing. The particular issue we will we resolving is where some of the usernames contain certain characters, such as a comma or a backslash. Unfortunately, our development platform, the .NET Framework 1.1, has somewhat limited LDAP support. So the data that the Active Directory server returns to us is “raw”. In this case, we need to parse and handle this data properly. The second issue we are resolving is in the case that the Active Directory query returns more than 1500 results it only returns the top 1500 results.

This update does not include the migration to the .NET 2.0 Framework. This minor update will still be using the current version of the framework.

– Kevin


Comments : Leave a Comment »
Tags:
Categories : Releases, Secret Server


Follow

Get every new post delivered to your Inbox.