ZCM and Identity


If we look at identity as being a number of characteristics that combine to provide definition to a person or entity, then both users and computers qualify. A computer will have operating system with one or more from anti-virus / spyware, firewall, management etc.. Together these become an identity. User identity is somewhat more obvious taking form from user name, group membership, LDAP details, required business applications etc..

How does this apply to system management? Read the definitions again and it becomes apparent that both are necessary in order to be truly effective. Computers need to have the correct identity to execute business applications and the user identity should provide which are required.

Many systems management solutions focus exclusively on the computer identity without paying attention to the user. They distribute an application out into the estate and hope that it is there when the user needs it. Would it not make more sense to for the systems management solution to provide identity management for the computer and the user?

ZCM allows exactly this. It is possible to define computer identity in terms of the operating system, anti-virus, vulnerability management etc.. Individual or groups of computers can have various identities depending on business function. For example, you may not want a server to be defined in the same way that a desktop would be.

User identity is taken care of by leveraging information held in a LDAP directory such as our own eDirectory or Active Directory from Microsoft. Typically this would use information like user group or department membership to which applications are then associated.

Using both sets of identities, ZCM will now make sure that computers are correctly configured but also that the installed applications match what is in the user identity. This is what makes ZCM unique in the system management solution market today, helping I.T departments align themselves with demands from the business.


How To-Best Practice
Comment List
  • I think this is exactly what we are looking for here. We need to issue
    certificates to our wireless workstations to enable EAP-TLS
    authentication wireless networks. From your blog entry, it looks like,
    with ZCM, we could define the identity of the computer, identify
    the user, and use the agent's certificate for the EAP-TLS identification.

    Now, if we could do this also with MACs (OS X) and various flavors of Linux,
    we would be home free!
Related Discussions