Group Management Server Scales for Enterprise

5 09 2012

Wait, what is Group Management Server?!

Group Management Server is Thycotic Software’s brand new self service Active Directory group management tool.  IT Admins can designate Group Owners to control Active Directory Security Group and Distribution Group membership.  Reporting and full audit trails are maintained throughout the system on group management activities including adding, deleting, editing user group membership. These audit trails can be used during security audits to demonstrate compliance.

Group Management Server can be installed quickly and does not require Active Directory Schema Extension.  Even very large Active Directory environments can be quickly synchronized and managed from an easy-to-use and secure web interface.  Implementing robust Role Based Access Control and an approvals workflow, Group Management Server can automate IT Admin functions to tighten security, minimize risk, and reduce labor costs associated with managing group membership.

Let’s get back to how Group Management Server scales for the enterprise…

One of the highlights in Group Management Server is the performance during Active Directory synchronization.  Active Directory synchronization is a process in which Active Directory data (groups and users) are populated in Group Management Server.  The synchronization process makes Active Directory group management tasks lightning fast, as opposed to waiting on the Active Directory Users and Computers application to slowly search for the correct group.  In our testing, synchronization with 6 domains (one domain contained nearly 150,000 groups and 100,000 users) was completed in well under 5 minutes.  See figures 1-3 below for before and after screenshots of Active Directory synchronization with Group Management Server.

In Figure 1, this Group Management Server instance manages groups in six domains.  These domains range in size from small (250 objects) to large (100,000+ objects).  Note that domain synchronization has been started at 11:34:08 AM (highlighted in red).

Figure 1

In Figure 2, synchronization has completed for all six domains at 11:38:55 AM.  The elapsed time for the synchronization was
4 minutes and 47 seconds!

Figure 2

In Figure 3, domain statistics are displayed for synchronization.  In less than 5 minutes, Group Management Server synchronized more than 160,000 Active Directory groups and nearly 100,000 user objects spread over six separate domains.

Figure 3

Setting up Active Directory synchronization with Group Management Server

To synchronize with Active Directory, log in as an Administrator for Group Management Server.  Then click Administration -> Active Directory.  Click on the New Domain button and fill out the fields with your specific domain information and click Save.  Group Management Server will begin to synchronize with the newly added domain.  As with test example above, synchronization will take a few minutes depending on the number of groups and other objects in your domain.

Group Management Server information and resources

Try it here: 
http://www.thycotic.com/products_groupmanagementserver_try.html

Support: 
http://www.thycotic.com/products_groupmanagementserver_support.html

Forums: 
http://www.thycotic.com/products_groupmanagementserver_forums.html


Comments : 2 Comments »
Tags: ,
Categories : Group Management Server, Releases

Thycotic Software (booth #2228) at VMWorld 2012 San Francisco

16 08 2012

Thycotic Software will be at VMWorld 2012!  Please join us at the Moscone Center in San Francisco, CA on August 26th through August 30th.  We will have demonstrations of Secret Server, Password Reset Server, and our newest product Group Management Server.  Stop by booth #2228 and you can meet the team and learn about the newest features in Secret Server.

VMWorld is an ideal opportunity for us to demonstrate our advanced IT admin tools.  Secret Server, Password Reset Server, and Group Management Server all perform well when installed in a virtual server.  We recommend leveraging virtualization technologies such as VMware with our tools not only for ease of management but also for meeting Disaster Recovery and High Availability requirements.

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  Secret Server is an encrypted, FIPS-compliant, and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. Password Reset Server is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions, image-matching, and text/phone verification.

Group Management Server is an end-user-facing Active Directory Group management tool that allows IT admins to delegate AD Group membership to the business owners. Group Management Server helps to lower the time your IT team spends on Active Directory Group membership changes by allowing your end users to do it themselves.

See you August 26th!


Comments : Leave a Comment »
Tags: , , , , , , ,
Categories : Events, Group Management Server, Password Reset Server, Secret Server

Thycotic Products installed in Windows Small Business Server

16 07 2012

Thycotic Software has received several inquiries about installing Secret Server, Password Reset Server or Group Management Server in Windows Small Business Server.  For those of you who aren’t familiar with Windows Small Business Server (SBS), this is Microsoft’s description:

“Windows Small Business Server is an affordable, all-in-one solution to reduce complexity and increase manageability of server technology in a small business environment.”

SBS is not an edition of Windows Server OS, but an OS bundled with pre-configured server technologies aimed at the small business sector.  SBS has a large number of strict requirements and here is a list of the important ones:

  • Only one SBS installation per domain (other Windows server OSes are allowed.)
  • Must be the Active Directory root server and cannot trust other domains or have child domains.
  • Maximum user/workstation count is 75.
  • There are licensing restrictions and RAM restrictions (differs in versions.)
  • The SQL Server 2008 Standard is the version included with SBS 2008.

Secret Server, Password Reset Server and Group Management Server share many of the same technical requirements.  Installing any of these products in SBS would likely have the exact same challenges.  Here are the steps taken make Secret Server function in the most basic form:

  1. Start with a typical installation of SBS 2008, followed by installing Windows updates (120 of them.)
  2. Check that .NET 3.5 is updated and installed.
  3. Run SQL Server Surface Area Configuration Tool to take ownership of the preinstalled and preconfigured SBS SQL database.
  4. Run the SQL Server Configuration Manager, editing Client Protocols, services and other settings.
  5. Install Secret Server in a folder isolated from the INETPUB folder due to stock SBS pieces interfering with Secret Server pages.
  6. Edit the permissions on the isolated application folder to allow users the ability to use the application.
  7. Set the App Pool pipeline to Classic mode as it is preconfigured for Integrated mode.
  8. Specify a non-standard port for Secret Server traffic (not 80 or 443.)  These ports were already configured for SBS functionality of SharePoint, Reporting and other sites.

After the changes outlined above, the Secret Server login functioned and information was able to be stored in the password database.  However, these changes to standard functionality in SBS will break functionality in other areas.   Additionally, some of the advanced security settings for Windows found in Secret Server were not applied nor were other typical Secret Server advanced features.

Altering SBS to allow Secret Server-like applications to function requires changes that cause SBS to function as a typical Windows Server.  There is a potential to minimize some of these changes by using a database external to the SBS server.  This would likely defeat the purpose of SBS in the first place.  In summary, the recommendation is to not use SBS as the host for installing Thycotic products.  However, this could be true of many .NET web applications with a SQL database.


Comments : Leave a Comment »
Tags: , , , , , ,
Categories : Group Management Server, Password Reset Server, Secret Server

Join Our New Reseller Program

27 09 2010

Over the past few months the Thycotic team has been working on creating a structured Value Added Reseller Partner Program. After a little help from some experts and a lot of hard work, we are proud to report our Reseller Partner Program is ready! We have included many useful tools to help our Partners around the world bring Secret Server password management software to their customers.

Here are a few examples of what you’ll get in our Reseller Partner Program:

  • Sales Presentations
  • Typical use case scenarios
  • Detailed target market information
  • Marketing campaign tools
  • Product FAQs
  • Recorded demos
  • Installation and configuration instructions
  • Accompanied professional services examples
  • Objection Handling

Now we need Partners passionate about Secret Server! So what’s in it for you? How about local leads and a generous commission structure? We have thought of everything and what we missed we hope to learn from you; feedback is welcome. The Thycotic team is confident in our products and wants to see our Partners achieve the same success with their customers as we have seen with ours.

If you are ready to get the ball rolling, please complete our Partner Application Form

Please contact us with any questions.


Comments : Leave a Comment »
Tags: , , , ,
Categories : Group Management Server, Password Reset Server, Secret Server


Follow

Get every new post delivered to your Inbox.