Monday, March 10, 2008

Another Virtual Directory to Market

Yes, I am a little behind in my postings.  Don't rant against me too much, I have a full-time job ya know!  :)  

I need to add my small voice to the cheers of yet another virtual directory added to the market. Optimal IdM has released their first version of their Virtual Identity Server (VIS)

The announcement was during last weeks' Directory Experts Conference in Chicago (mainly a Microsoft AD pow-wow, but definitely worth the time).  Although I was not able to attend personally, some of my co-workers did and they felt the event was worth the time.  I do have to note, it is has always been amazing to me how segregated Microsoft centric vs. non-microsoft centric IT shops are.  There were a lot of new people to meet instead of the usual groups that attend the other usual conferences that deal with Identity Management (like Burton's Catalyst, Gartner's IdM Conf, Digital ID World, etc). 

but I digress. .. back to VIS --- 

This newest virtual directory is based on .NET and totally Microsoft AD/ADAM centric.  Focusing mainly on the AD Forest problem (where enabling trust is not an option), the product offers a basic LDAP proxy solution for aggregating (although they call it "union", it appears to really offer aggregation, since I can not find the ability to merge same accounts from different directories into one profile, it requires unique members and identifiers in all connected sources).  They also offer a join, but since their use of "join" and "union" are a bit loose, it is hard to tell the level of sophistication and features they bring to the table.

The bottom line is its great to see another Virtual Directory on the market.  Here is how VIS fits in the overall VDS market...

Virtual Identity Server does:

  • LDAP Proxy
  • Merge and Join directories only
  • Designed for Active Directory / ADAM integration issues; forests, multiple domain controllers, etc
  • Merge of groups from multiple LDAP sources

Virtual Identity Server does NOT have:

  • fully LDAP compliancy local store (if a local store is needed, an instance of ADAM is used)
  • integration capabilities for databases, applications, or web services (at least outside Microsoft, and if it does offer it, it is not explained, although their solution would probably be to use ADAM between such services, which would add more points of failure and complexity, and undoubtedly performance and scalability issues).
  • ability to offer true union of data stores (where matching profiles can be mapped into a single view, they only merge and join) (if you need further technical explanation of this, esp for LDAP folks, let me know - I'm using mathematical definitions of these terms, more common in the database world).
  • meta-directory functionality and/or synchronization capabilities (again they would rely on ADAM, IIS, ILM, which brings nothing new)
  • data model (e.g. for creating new hierarchies / DIT structures)
  • cache (neither memory or persistent)

I am sure the product will evolve, and even though the initial offering is limited, they are offering a solution to a very significant problem, addressing compliancy issues and overcoming serious limitations of AD/ADAM. If you are a Microsoft shop, and don't anticipate the need to integrate from other branded products, then VIS is your choice.  If you have heterogeneous data sources (i.e. oracle, sun, novell) this is not your solution, you need to look at a product like Symlab's Virtual Directory (based on C++) for a more robust LDAP proxy or basic virtual directory for low to moderate volume, or the king of the virtual directories Radiant Logic's RadiantOne Virtual Identity and Context Platform, which offers more features and solutions than any other product I have found in its class by far.  RadiantOne also offers longer "legs" as it offers more features to scale to almost any level.