SUMMARY: CA Unicenter Single Sign On

From: Eric van de Meerakker (Eric.van.de.Meerakker@asml.nl)
Date: Fri Sep 17 1999 - 09:10:22 CDT


I've not received any more responses for several days now, so I guess it's
time to summarize...

Thanks to both Thomas Lester and Jason Feilbach for responding.

Original question:

> Do any of the readers of this list have any experiences with the CA
> Unicenter Security/Single Sign On module? Either negative of positive
> experiences/considerations are much appreciated. I know a similar
> questions was asked some time ago, but the summary was a little light on
> specific content...
>
> I'm working in a site here with lots of SUNs (anything from SS4s to
> E10Ks), lots of NTs (workstations and servers), SAP, Oracle, Netscape
> applications etc. etc.

Well, apart from four notifications from vacation/auto-reply tools
there were just the two responses from Thomas and Jason (and one
semi-commercial). I don't think it makes much sense to actually summarize
just two responses, I'll simply insert them as-is:

-------------

From: "Lester, Thomas" <Thomas_Lester@csx.com>
Subject: RE: CA UniCenter Single Sign On

Yeah.... it doesn't work. I've been in three installations (two that I
actually worked for) and neither could ever get the SSO option to work.
Also, don't attempt their security package. It will bring your network to
it's knees. You should use CA as a "cron" and "symon" and that's about
it.

-t

-------------

From: "Jason M. Feilbach" <jason@byu.edu>
Subject: Re: CA Unicenter Single Sign On

We are a very large CA shop. We are the only organization in the world
(AFAIK) that does not have to use CA's LicenseIT product for anything in
our
Organization. Having to use this product is a major pain. Although not all
products use this, they will eventually will. LicenseIT is the way (which
doesn't work) licensing is controlled if you use CA products. We have lots
of CA products installed.

Anyway, I can say that CA SSO (Single Sign On Option) is an awful product.
Our biggest gripe is it does not work with NDS. If you have a pure
UNIX/NT
shop it might be a good fit. There are no UNIX clients. Only 3.1/95/98/NT.

It sounds as if you are already using Unicenter, I hope that has not given
you a heart attack yet. SSO is an option that relies on Unicenter as its
security piece. The scripting language it supports is a port from some old
mainframe language that really sucks ... bad, it is totally cryptic. The
name escapes me right now. The API documentation is non-existent. The
server
piece that ran on our HP and SUN systems did not work correctly, it would
go
off and chew up 100% of a CPU and had to be killed manually. Oh .. it also
cannot take advantage of SMP and it not multi-threaded. I can go on but I
hope you get the point.

If you have never dealt with CA, it is ... umm ...not fun. They are very
light on tech support and heavy on sales force. I do not hesitate to say
stay away from CA at all costs. I am sure if you find other people who
deal
with CA that will say the same thing. We have more problems with their
products than you can possibly imagine.

--
Jason
jason@byu.edu

-------------

Regards,

Eric.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:26 CDT