- Jamf Nation Community
- Products
- Jamf Pro
- Centrify vs BeyondTrust vs Quest
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 01:53 PM
Hi,
Looking for input from people who have used/are using the above products in conjunction with Casper. Which one is best in your opinion? Specific examples?
Thanks!
Solved! Go to Solution.
3 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 03:10 PM
We currently use Quest. Have been fairly happy with our relationship with the company and their products. Things to note:
- Updates can be somewhat slow. 90 day window after new OS Release
- Just purchased by Dell
- Works on more than just OS X. Almost any *nix client can have some type of support
- MCX Policies only. Although, I assume you will be really only using it for Authentication/Access Control
- GPO Management most "Windows-like" than other products we tested at the time
Edit: Let me know if you have any more specific questions about the product or if you want a flyover.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 04:04 PM
I only have experience with Quest (from about 3 years ago), and as mentioned, one major issue was 90+ days for them to provide updates. If your users expect fast support for new OS versions, look elsewhere.
With Casper and 10.7.3+, there should not be much/any need for additional products in my opinion. With the native AD plugin for domain binding and user login, everything else can be handled by Casper. Logins have been rock-solid since we switched (we had reliability issues with QAS).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 10:18 PM
Top benefits of having 3rd party AD plug-in?
(a) typically offers more than just authentication, e.g. offer group policy, smart card support, etc.
(b) consistent AD experience across more than just Mac, e.g. iOS, Android, Linux (depending on third party - Quest and Beyond Trust only support Linux/UNIX, Centrify offers that plus mobile/SaaS)
(c) typically work in more complex AD environments (e.g. one-way trusts, etc.)
(d) more focus vis a vis tech support, ie you call support, the person answering the phone just takes calls on AD integration vs. a generalist
(e) typically have pre-install checks that can debug/diagnose what problems may exist in your environment that may break AD interop
We actually use Centrify. Overall impressions:
It works/worked smoothly from authentication perspective. They also offer a free version called Centrify Express that you can try out
Very good set of GPs for Macs that do MCX and various other functions that are not offered as MCX. I hear of upcoming release will support profiles as well
Vendor also supports SSO to SaaS and does iOS/Android, we plan to look at free offering they have for SaaS and mobile
They did have same day support of 10.7 and 10.8 as we have some users who aggressively move to new versions -- no way can we wait 90 days like others are getting with other vendors.
If you don't want to pay, and want something more robust than native AD plug-in, I would simply try their free Express (www.centrify.com/express), and then if you want later upgrade to paid version with GP, etc. ...
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 03:10 PM
We currently use Quest. Have been fairly happy with our relationship with the company and their products. Things to note:
- Updates can be somewhat slow. 90 day window after new OS Release
- Just purchased by Dell
- Works on more than just OS X. Almost any *nix client can have some type of support
- MCX Policies only. Although, I assume you will be really only using it for Authentication/Access Control
- GPO Management most "Windows-like" than other products we tested at the time
Edit: Let me know if you have any more specific questions about the product or if you want a flyover.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 04:04 PM
I only have experience with Quest (from about 3 years ago), and as mentioned, one major issue was 90+ days for them to provide updates. If your users expect fast support for new OS versions, look elsewhere.
With Casper and 10.7.3+, there should not be much/any need for additional products in my opinion. With the native AD plugin for domain binding and user login, everything else can be handled by Casper. Logins have been rock-solid since we switched (we had reliability issues with QAS).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 06:39 PM
I have to somewhat agree with Alex - Depending on your client OS disbursement and needs it may not be worth the extra $$ to run a third party directory plugin. The 90 days isn't a deal breaker as we can usually stave off the hungry masses. However, for our new clients I am beginning the plan for a transition to Apple's native plugin as a contingency option.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 09:07 PM
Many thanks for the quick responses. If you had to pick something, what would you guys say are the top 2 or 3 benefits of having a third party directory plug in? Assuming OSX 10.8..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 10:18 PM
Top benefits of having 3rd party AD plug-in?
(a) typically offers more than just authentication, e.g. offer group policy, smart card support, etc.
(b) consistent AD experience across more than just Mac, e.g. iOS, Android, Linux (depending on third party - Quest and Beyond Trust only support Linux/UNIX, Centrify offers that plus mobile/SaaS)
(c) typically work in more complex AD environments (e.g. one-way trusts, etc.)
(d) more focus vis a vis tech support, ie you call support, the person answering the phone just takes calls on AD integration vs. a generalist
(e) typically have pre-install checks that can debug/diagnose what problems may exist in your environment that may break AD interop
We actually use Centrify. Overall impressions:
It works/worked smoothly from authentication perspective. They also offer a free version called Centrify Express that you can try out
Very good set of GPs for Macs that do MCX and various other functions that are not offered as MCX. I hear of upcoming release will support profiles as well
Vendor also supports SSO to SaaS and does iOS/Android, we plan to look at free offering they have for SaaS and mobile
They did have same day support of 10.7 and 10.8 as we have some users who aggressively move to new versions -- no way can we wait 90 days like others are getting with other vendors.
If you don't want to pay, and want something more robust than native AD plug-in, I would simply try their free Express (www.centrify.com/express), and then if you want later upgrade to paid version with GP, etc. ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-12-2013 06:20 AM
Thanks for that Jake, very helpful. Any BeyondTrust/Likewise users out there?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-12-2013 10:00 AM
If the use case includes Linux or UNIX freeware/paid versions, those are the only three choices.
Most ends users are on Windows or Macs rather than sitting at UNIX or Linux, so with Windows already covered, the majority of clients need Mac integration. Vendors who a year or two ago trumpted "100s of platforms" today mention UNIX or Linux as afterthoughts in their press.
Thursby's ADmitMac has long integrated well with Casper. Thursby are a Mac-Windows integration specialist, launching the Mac AD marketplace long before the other product existed, a decade ago, avoiding the need to split engineering and support across "100s of platforms", or borrow to buy market share with freeware or marketing.
Every use case is different, so recommend comparing the products and support themselves -- you can't always believe everything you read on the 'net :)
Ask hard questions like is a proprietary new server software required? How does it scale? What's the history? What happens if there's an issue with smart cards, or DFS, or SMB/CIFS etc. Is the vendor stepping up, or is the answer to call Apple and wait for the next update?
I work for Thursby.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-14-2013 04:05 PM
Thanks guys.
