The present invention relates to multiplatform computer system networks, and more particularly to providing distributed security for unobtrusive access across multiplatform networks.
In distributed computer networks, many operating system platforms may be employed on server and client systems within the network. Each different platform utilizes its own administrative rules for user login procedures. Thus, each platform typically has characteristic techniques for assigning user identifiers and passwords to control access to the resources and services of the system. In large, heterogeneous network environments, difficulty exists in providing user access to resources on a platform that is different than the one the user is logged-in to. Thus, the user is restricted from effectively and efficiently utilizing the resources of the network.
In an attempt to overcome such problems, Microsoft""s(trademark) Active Directory aspect of the NT-5 platform solves a technical problem that other directories in the past have not solved: distributed security. Other directories are aimed at making certain kinds of data more available. Active Directory is aimed at making distributed computing more available. Active Directory is Microsoft""s enabling mechanism for distributed security, Zero Administration Workstation (ZAW), and product suite integration. Through Active Directory, products see a common schema, common definitions for User and user and are able to exploit data of several different xe2x80x9cqualitiesxe2x80x9d: volatile, transactional, and xe2x80x9cclassicxe2x80x9d(where classic means low write to read ratio, relatively unchanging, and low ACID (atomicity, consistency, isolation, and durability) property requirements). Unfortunately, such a scheme for distributed security is extremely limited, since it is only operable on NT platform systems and services leaving other platforms and services still unable to provide effective and efficient utilization of resources across platforms.
Another technique, commonly known as global sign-on, provides a global security feature that alters local security administration. Thus, while providing cross-platform access, global sign-on increases administrative overhead by intruding upon local procedures and demanding conformance to the global security requirements.
Accordingly, a need exists for a mechanism to give the heterogeneous network enterprise a common user identity and to integrate the user""s (and server""s) experience among different platforms, without being intrusive. The present invention addresses such a need.
The present invention provides aspects for a heterogeneous computer network system with unobtrusive cross-platform user access. In an exemplary system aspect, the system includes a plurality of computer systems coupled in a network, each of the plurality of computer systems operating according to one of a plurality of operating system platforms, each operating system platform having an associated security mechanism. The system further includes an enterprise directory included on at least one system of the plurality of computer systems, the enterprise directory configured for security interception to allow an authorized user access among the services of the plurality of computer systems without affecting the associated security mechanisms of the plurality of operating system platforms.
Through the present invention, local security procedures and policies apply on each platform, thus allowing users to log-on to a single network operating system according to that system""s known log-in procedures. A user object is achieved that, when spanning all systems, provides a distributed user context that is useful in unobtrusively achieving access to separate platforms. These and other advantages of the aspects of the present invention will be more fully understood in conjunction with the following detailed description and accompanying drawings.