Posted by: Beth Pariseau
when relevant content is
added and updated.
Sun’s Chief Identity Strategist Sachin Nayyar and I had an interesting discussion today about Sun’s plans to bring together role-based access management with storage provisioning this year.
Nayyar, who was CEO of identity management software maker Vaau when Sun acquired it in late 2007, said that Sun is now looking to integrate role-based identity management software with storage provisioning. So, for example, when a new employee joins a company, provisioning of storage on a shared device could be triggered by a call from the software registering that employee’s identity on the network. When that employee leaves the company, the identity management software could also remove the employee’s data from production storage, migrating it to archival storage or making it a part of the employee’s supervisor’s storage capacity.
Nayyar said the identity management software has some data migration capabilities, so that it could handle that process, or it could integrate with other elements in the environment. Policies could also be set to migrate an employee’s data to archival storage when a project they’re involved with finishes, or a department they’re in is restructured.
“It’s something we already do today with Outlook,” Nayyar said. “We’re not sure on the details with the open storage software, if it would provide some of the migration capability, but our identity software has the ability to move content.”
There are always political ramifications within a data center’s staff when one piece of software from a certain discipline ( identity management is generally part of the security infrastructure) looks to control a task or device in another (in this case, provisioning storage). However, Nayyar pointed out users across data centers are already integrating with access management software such as Microsoft’s Active Directory. “Every provisioning process has set of approvals and the storage admin has to sign off before anything is triggered,” he said. “It’s similar to what’s done today when an account is created with Active Directory–the administrator has to approve it. It’s not a big jump in the identity space.”
Given the challenges that are facing Sun of late and the fact that the idea is still in the “discussion phase” within Sun, as Nayyar put it, it’s probably best to take it with a grain of salt, but as a concept I found it interesting. I wouldn’t be surprised to see similar offerings emerge from other companies with storage and security IP, like EMC and IBM. During a conversation I had with EMC CTO Jeff Nick last month, he emphasized the importance of linking data across repositories to individual users.
I can also see this potentially playing a role in multi-tenant cloud environments, particularly in the consumer and SOHO space, where storage needs to be organized according to an individual client’s identity. The automated process that would be involved is also supposed to generally appeal in sprawling cloud data centers. Meanwhile, Sun yesterday purchased a Belgian company called Q-Layer, whose software automates the deployment and management of public and private clouds.