Centralized account management of remote servers?

T

Typ6o_CycJIuk2019-10-08 10:04:30

System administration

Typ6o_CycJIuk, 2019-10-08 10:04:30

Good day, colleagues!
Our task is to manage admin accounts on different server platforms in "one click" (Win 2003 to Win 2019).
We have about 100 remote servers in administration, which are combined into a VPN network.
We need an administrator account management system. The difficulty that we now have is that the staff has administrative access to the servers, if an employee leaves us, we have to manually change the passwords of his account on each server ...
Perhaps we need to get away from using passwords altogether, I looked in the direction of two-factor authorization, looked in the direction of OTPkey, USB keys - so to say "this is what we need" has not yet been found. Share your experience, which solution is best to choose for this task?
Basic conditions:
1. The service must not be deployed in the cloud (there is its own hardware)
2. The service must work reliably (it will not work to double-check "did it change on server 127?")

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

rionnagel, 2019-10-08
@rionnagel

Puppet, salt. Ansible is not suitable due to the push model.
As noted above, ad is the most adequate option.
But if for some reason your clients agree to the same logins and passwords of incoming system administrators with other offices .... then I don’t even know.