By: Greg Shields from Redmond Magazine
Our industry has long suffered from an interesting yet potentially dangerous paradox. Its activities can be broken down into two discrete halves: building things and maintaining things. For good reason, our most experienced professionals get tasked with building things: new services, new servers, new integrations. Conversely, those least-experienced are usually responsible for keeping things running.
Active Directory represents what is perhaps the perfect example of this split. For most of us, our AD infrastructure was constructed a decade ago. It’s now stable; it works, and it has become so “platform” that its services are a utility. Senior staff has moved on to new activities, but someone still must keep it running.
At issue, however, are the controls AD natively contains for limiting which administrators can accomplish which tasks. Some exist, but they’re challenging to implement and are nowhere near comprehensive. As a result, IT shops are forced to hand incredible power to their least-experienced professionals. If you’ve ever watched a brand-new help desk person accidentally delete an entire OU of accounts, you know this pain.
Maintain More with Blackbird
The Blackbird Management Suite from Blackbird Group Inc. offers to resolve this paradox via a unified toolset for reining in those maintaining things activities. Its seven components — Auditor for Active Directory, Auditor for File System, Event Vault, Recovery for Active Directory, Privilege Explorer, Protector and Privilege Manager — are advertised separately but in reality are facets of a singular, unified platform. They introduce much-needed auditing, reporting, data protection, customizable workflow and permissions management to AD — and the file systems within it.
The skeptical IT professional might admit that point solutions for these activities already exist elsewhere. The greatest strength of Blackbird is perhaps in unifying each into a comprehensive platform.
Features that Follow Use Cases
Of particular note is how well the Blackbird functionality aligns with the typical AD use cases. Consider some examples of how the centralized Blackbird approach eliminates the dangerous in the AD paradox.
With it, changes to AD objects are alerted in real time. All changes on every domain controller (DC) are consolidated into a simple interface. Gathering everything into a single view eliminates the pain of searching across separate DC logs. The Blackbird interface also includes a “rollback” function to immediately undo any change considered inappropriate. The granularity is impressive, with even single values within a multi-value change able to be rolled back individually.
The auditing goes in reverse as well, resolving an important use case not easily fixed with other tools. In the reverse case, Blackbird will report on every change made by a specific individual. This feature enables you to swiftly roll back the entirety of one person’s maleficence.
The heavy lifting by Blackbird doesn’t rely on the native logs inside DCs. As you know, querying for anything within massive DC databases automatically impacts performance. Blackbird eliminates that impact by offloading the logs elsewhere, such as to a SQL or SQL Express database. This externalizing of AD data also fulfills a common auditing requirement for out-of-band controls on audit data. I hope this SQL offloading is augmented in future versions to support long-term archival of data.
Simplify Workflow and Auditing
Adding real workflow to AD is yet another notable area for Blackbird. Using an approach similar to Outlook mail rules, users outside IT can be given approval authority for actions. Inserting business rules into IT workflows solves a major IT use case that for too long required giant, expensive solutions. Advanced workflow items like multiple approval steps, scheduling and even commenting can be incorporated into the Blackbird workflows.
Auditing obviously extends past AD. Setting and validating file permissions are other activities not well exposed by the Windows OS. Blackbird also consolidates file-permissioning inventory, reporting and modification steps into its unified interface. Like the others, these grueling activities are often tasked to entry-level IT pros, giving them poor tools with which to make big mistakes. The Blackbird privilege management interface essentially replaces Windows Explorer, which reduces the potential for error as well as the impact.
Finally, when the worst occurs, data recovery is absolutely important. Incorporated into the Blackbird suite is a graphical AD backup and recovery solution that reanimates objects across Forests. Its reach extends past simple users and computers to include Group Policy Objects, Sites and Subnets, and even replication settings. A continuous data protection approach means any object is always restorable from just about any period of time.
Component Solutions, Unified Platform
The Blackbird DC agent links directly with AD APIs. Acting as a kind of “shim” within the AD eventing infrastructure, Blackbird is well-positioned to monitor for and report on changes. While a truly malicious attacker might, with difficulty, navigate around its protections, the separate Blackbird database means inappropriate changes can always be identified and rolled back. Copious reports, e-mail alerts and a wide range of interactive queries ensure changes get noticed.
The Makings of a Market Leader
The Blackbird Management Suite is licensed on a “per-heartbeat” basis, which effectively means per human with data in AD. As mentioned earlier, components can be purchased individually or as the entire suite. Components — irrespective of purchase — are always pieces within the unified platform, which means adding or removing them is a relatively seamless process.
It’s the unification of workflow, recovery, auditing and reporting into a single solution that defines the value proposition of Blackbird in a competitive market segment. While the features of its competitors may spread further across IT’s other services and applications — SQL Server, SharePoint, Hyper-V, vSphere and so on — Blackbird stands alone in meeting IT’s primary auditing use cases within a refreshingly unified framework.