CA turns to Linux for integrated security

Nudging Linux toward adulthood, Computer Associates International Inc. is ramping up efforts to portage its core management products to the open-source platform.

By doing so, the Islandia, N.Y.-based software maker is strengthening its cross-platform systems management strategies relative to its arch-rivals IBM Corp./Tivoli, Hewlett-Packard Co., OpenView, and BMC Software Inc.

CA is also consolidating a complex set of third-party security products that would make it one of the few companies to offer an integrated security and management solution.

"We will have the ability to manage [security] across the enterprise, whether it is firewall related, network attacks, or viruses," said Sanjay Kumar, CA's president and CEO. "We will support ISS, Check Point, Cisco, Symantec, and McAfee with detailed product integration kits that can collect, reduce, and visualize data."

Not the first

Many companies have tried to develop solid, multiplatform management-and-security architectures, but few have woven Linux into existing Unix and Windows platforms.

"If a platform like Linux is to be seriously considered as part of the enterprise architecture, it has to be secured and managed like any other business asset," said Dan Kuznetzky, vice president in charge of software architectures and platforms at IDC, in Framingham, Mass.

Kuznetzky opined that CA has targeted Linux directly as a "significant opportunity" not only to satisfy the requirements of current users, but also to snare accounts from companies that had not previously considered CA.

Many observers consider only three or four companies capable of delivering a complete security and systems management solution, including CA, HP, BMC Software, and IBM.

Of that select few, IBM appears to have an early lead.

IBM has steadily portaged its bread-and-butter software infrastructure products to Linux over past several years, winning plenty of business along the way.

IBM's Linux-based security and management applications strategy was dictated by the rapid adoption of the open-source operating system by many of its larger customers, the company reports.

Enterprises initially adopted Linux to run low-level tasks -- such as file and print services and rudimentary Web services -- before they brought in higher-level applications to manage and secure those functions.

"Instead of making a big splash by porting all our products over at once, the approach we took with Tivoli was to time the release of various management and security capabilities at about the same speed that users were adopting those different capabilities," said Dean Zerhaeghe, IBM's director of market management for Tivoli in Austin, Texas. "So as Linux matured in the enterprise, the wider the scope of our portfolio became."

Show me the goods

The question for Computer Associates is now one of delivery, according to Michael Henderson, a systems analyst at a large transportation company in Houston. He thinks Computer Associates' Linux initiative may be more opportunistic than strategic.

"By embracing Linux at a high level, IBM is starting to get invited in to places where they were not previously," Henderson said. "I think CA is seeing this and is starting to ante up in this space a little more.

"[CA] saw an opportunity and has brought out versions of its core product for Linux and melded them in as part of their overall architecture," Henderson said.

One product that is key to CA's integrated systems approach is its eTrustCommand Center. The solution serves as the conduit that collects security event information and centrally manages and unifies its complete set of security offerings as well as third-party security tools.

Running on CA's CleverPath portal, Command Center assimilates data from a wide range of enterprise security hardware and software. And it does not require a plug-in in for CA's flagship Unicenter systems management platform.

By extending the system and network management and, more importantly, the mainframe and low-end systems management, CA is simplifying security management of a heterogeneous environment, said Chris Christiansen, program vice-president, eBusiness Infrastructure and Internet Security Software at IDC.

"Among large customers there's a great desire to assimilate security into a broader infrastructure platform. I don't think everyone is comfortable with anybody's solution, [be it] CA, IBM, Symantec, Cisco, or Microsoft," Christiansen said. "Even there, among that limited group there's going to be a high degree of centricity around certain products and orientations, but it [begins with] systems and network management."

However, Christiansen said CA must partner more to reach its desired goal of becoming "a manager of systems managers."

Kumar acknowledges the herculean task of integrating and managing traditionally disparate security products, even those from staunch competitors -- a feat requiring expertise that can't be gained overnight.

"One of the differentiators for CA is we've always focused on providing enterprisewide, heterogeneous support for managing the enterprise, and it's no different with security," Kumar said. "It is a big job. It is no different than the job we've always had with Unicenter in terms of managing all of the different environments."

Preparing for change

Some CA customers plan to use their unified security and management CA products as a springboard that will allow the vendor to guide their organizations through a Linux transition.

Karl Jackson, systems engineer at Brigham Young University, in Provo, Utah, is running a beta test of Command Center and is investigating CA's Linux support and systems management strength to mesh with his eTrust and Unicenter-heavy product shop.

"It only makes sense if you can have a single product that looks the same on Linux, Windows, HP-UX, on Solaris, and AIX to [simplify] the management and training of people to do security and systems management," Jackson said. "The nice thing would be able to say we only run one flavor of box and have everything around that. But everyone is always bringing in different applications. You just can't dictate everything that needs to be on the same platform. And that's another strength CA has. They're very much cross-platform."

Looking to move into Linux rapidly and on a large scale, BYU's IT infrastructure consists of 50 to 75 Unix boxes, primarily HP-UX.

BYU has deployed CA's eTrust Access Control, eTrust Audit, eTrust Policy, IDS, and firewall products.

Jackson said his organization has worked tirelessly over the last several years to eliminate people logging in as root on its Unix boxes. He plans to limit administrative use in order to track people as they change boxes, to secure access, and to tie in identity management and provisioning through Unicenter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BMC Software AustraliaBMC Software AustraliaCA TechnologiesCentricityHewlett-Packard AustraliaIBM AustraliaIDC AustraliaISS GroupMcAfee AustraliaMicrosoftSymantecTivoliTransportationUnicenter

Show Comments