Virtualizing directories is an increasingly-deployed technique for handling some identity management issues, secure data sharing and centralization of data resources. Among other things, a virtual directory enables integration of user identity information in disparate applications in an enterprise.
In this post, I’ll share some info about why virtual identity technologies are being used today, gleaned from some Web resources (see links at the end of this post) and my recent conversation with Dieter Schuller, Radiant Logic’s Vice President of Sales/Business Development, and Dan Beckett, Technical Strategist.
Schuller, Beckett and I talked about the uses of virtual directories, and not specific products, although – of course – Radiant Logic has one in this area. I got a glimpse of Radiant Logic’s RadiantOne VDS product at the recent Burton Group Catalyst Conference in San Francisco. Radiant’s next SF stop will be the LinuxWorld/Next Generation Data Center Conferences Aug. 6-8.
For background, Becket and Schuller shared this sound bite about virtual directories from Burton Group analyst Dan Blum:
“As e-business usage expands, and as the enterprise evolves internally through mergers, acquisitions, and other change drivers, directory architecture inevitably drifts in and out of sync with the users and applications. The ability to ‘virtualize’ directory services — to not care which directory product (or database product) is employed or how many are employed — has become an important capability for IdM infrastructure, which must mediate between the changing applications and the stable directory services.”
Beckett further explained that virtual directories can be used to leverage identity management initiative by virtualizing information from several sources within an enterprise. Essentially, virtual directory technology consolidates data while removing inconsistencies and duplications within lists and enabling customization of authentication and modification functions. The end result should be reduction in memory used to store and share that data and, therefore, an increase in memory available to use for other purposes.
“Businesses have built up silos of data. Each silo is valuable and critical to the business, but the silos usually have restrictive rules about how that data can be used by other initiatives,” Beckett said. “Examples would be the security data inside a mainframe system or in Active Directory. To leverage that data for a portal or collaboration or another initiative would be difficult.”
Usually, said Schuller, the silos were built up because internal departments or individuals had a job to do, or a money-making initiative to deploy, and didn’t want to wait for corporate IT to set up their database or other application. Also, mergers and acquisitions create silos. He explained:
“Even if you build using legacy tools like Active Directory, you can end up with silos in a homogenous environment that can’t work with each other.”
So, how do you consolidate all that data without people having to give up the ownership of that data? Virtualization can make that data available to all, but the data owners are allowed to enact rules about how that data is shared and used.
“What’s needed is single directory with a single schema. Virtualization makes that data available via a single protocol, such as LDAP,” said Beckett. “Virtualization makes all the disparate silos look the same, and it’s easy to share and manipulate them to meet the needs of applications coming in.”
Usually when identity management problems came up, Schuller said, people took two approaches: use a metadirectory, which enables data flow between directory services and databases to maintain synchronization; or create an operational data store (ODS), a type of database in which contents are updated through the course of business operations.
Unfortunately, said Schuller, business requirements come down the pike faster than most IT shops’ infrastructure team can handle. ODS and metadirectories both create “a monolithic view that can’t flex with business requirements; but virtualization allows you to create multiple views that can flex for future apps and permutations.”
(Not everyone agrees with this assessment, as you’ll see in this post: Virtual vs. meta.)
Active Directory (AD) users, in particular, could benefit from virtual directories. “Active Directory isn’t going away anytime soon, so you need to leverage the data inside AD for all apps,” said Beckett. Schuller noted that AD isn’t designed to hold huge customer profiles, and people end us creating a huge database to do that. It’s easier, he said, to virtualize info from all silos. Also, people are reluctant to extend the AD schema. So, being able to virtually extend the schema is much less intimidating.
Schuller and Beckett told me about their work on a virtual directories project for a large cable services company, which had many separate authentication silos and many databases. Customer data was parsed out in separate databases by, say, customer name, address, location of devices (like set-top boxes) and services provided.
“They needed a unified picture of that customer, and that unified customer profile was only achievable via virtualization,” said Schuller. “There was no way –physically and politically — that they could create the mother of all databases and have that all in one place. Via virtualization, you can gather the data in one place and correlate each bit of data one to another.”
SearchEnterpriseLinux.com News Writer Jack Loftus will be covering this topic in more detail during the LinuxWorld and the Next Generation Data Center Conferences and afterward.c. So, drop Jack a line at firstname.lastname@example.org if you’re using virtual directories, know a lot about them or think they’re not what they are cracked up to be.
Here are some links to more information on virtual directories:
- How to find anything in LDAP.
- Virtual Directories in Apache
- Oracle virtual directory resources
- Microsoft virtual directory information
Please feel free to share more links with us.