United States (change)
Shortcuts: Downloads Fedora Red Hat Network
What is single sign-on?
Single sign-on (SSO) is the ability for a user to log in once, using a single password, and get authenticated access to all servers that user is authorized to use--without sending any passwords over the network. Single sign-on has immediate benefits for both the user and administrator. Users can gain access to multiple resources with a single login. For administrators, single sign-on simplifies maintenance across servers. It can also lower enterprise help desk costs by reducing the volume of calls concerning lost passwords.
Will Enterprise IPA be sold as modules (Identity, Policy, Audit) or as a complete package?
IPA is being built in a modular fashion to support separate plugins. The core IPA server will provide Identity, Policy and Audit service as a complete package but additional features may be available as separate modules. For example the core IPA server provides kerberos based authentication but we may offer a FreeRadius plugin.
What's the difference between Enterprise IPA and Red Hat Directory Server, aren't they both identity solutions?
IPA is not designed as a general purpose Directory. It's focus is as a simple to use easy to manage centralized Identity, Policy and Audit solution. Because of this focus it is intentionally less flexible than Red Hat Directory Server. Attempting to replicate between an IPA server and a custom configured DS could cause problems due to plugin, schema or configuration differences.
How is Enterprise IPA priced and supported?
Enterprise IPA is priced per server, physical or virtual at $7,500 per server per year. Support levels (SLA) are the same as the underlying Red Hat Enterprise Linux platform it runs on.
What are the systems requirements for Enterprise IPA?
Intel / AMD, i386 and x86_64 cpu- Red Hat Enterprise Linux 5.1 or later,
Intel / AMD, i386 and x86_64- Fedora 7 or later.
Server Memory Requirement: (Based on entries in LDIF file)
256 MB (> 250,000 entries),
512 MB (250,000 - 1,000,000 entries),
1 GB (1,000,000+ entries)
Disk Space: (Based on entries in LDIF file)
2 GB (> 250,000 entries),
4 GB (250,000 - 1,000,000 entries)
8 GB (1,000,000+ entries)
Sizing Directory or Identity infrastructure deployments is as much an art as it is a science. Numerous factors govern how many servers are required and large those servers need to be. An excellent starting point, including a number of good "rules of thumb" is the "Twenty Questions to Ask Yourself During a Red Hat Directory Server Deployment whitepaper."
Is Enterprise IPA client-server based? Does it require an agent?
Enterprise IPA is client-server based but uses standard kerberos and LDAP packages to handle authentication so no IPA agent software is required on supported platforms. Future versions of Enterprise IPA with configuration and policy management may require an agent.
Can I run Enterprise IPA server as a virtualized guest?
RHEL5 virtualization is currently supported for Enterprise IPA server.
Why do I need multiple servers/replicas when running Enterprise IPA?
Given the important functionality of identity services you'll typically have multiple servers/replicas for two reasons: fault tolerance and availability. By having multiple instances of Enterprise IPA hosted in different physical locations you will have a second copy of user/identity data if one server failed. Multiple instances of Enterprise IPA in different geographical locations can improve the response improve the response time for user authentication due to shorter physical distances and distributed authentication loads.
What is a kerberized application and how does Enterprise IPA use kerberized applications?
Kerberized applications are capable of taking advantage of Kerberos authentication by using kerberos tickets to verify identity and/or encrypting data. Most applications will require some custom coding for full kerberization. Expect an Enterprise IPA whitepaper outlining different methodologies for kerberizing applications in the near future.
How is traffic secured between the Enterprise IPA server and clients?
Sensitive information, such as passwords, are sent over encrypted connections. Configuration scripts are provided for Red Hat Enterprise Linux to simplify the set up of these secure links.