Example of Complete Removal of NIS from the Enterprise

An organization wants to completely remove NIS from their environment in a phased approach. An analysis is need of how each NIS domain across the enterprise is currently running. Users can be migrated either before, during or after NIS clients are joined to the domain. In all cases, authentication migration can be performed separately or at the same time as the standard NIS map migration and finally not used. Here are the major migration milestones to remove NIS from the enterprise:

Phase 1. Analyze Existing NIS domains

Phase 2. Migrate the Users to Use their Active Directory Credentials

Phase 3. Replace Standard NIS Maps

Phase 4. Decommission Custom NIS Maps

Phase 5. Remove NIS Servers

NIS servers can be removed earlier depending on what maps an organization is using. It can vary from one NIS domain to another within an organization. Like any migration. it takes time and careful planning, but it is possible to accomplish the removal of NIS.

These recommendations also work for NIS+ where possible. If the NIS+ domain can run in NIS compatibility mode, then the DirectControl Network Information Service can be used as part of the migration. If the NIS+ domain cannot be in NIS compatibility mode, then using Active Directory groups, along with DirectControl Zone technology and DirectControl utilities, a migration can be performed using the steps mentioned in the general guidelines of this white paper.

In summary, Centrify provides product, process, and tools to help customers perform NIS migrations according to their requirements.