Page Two

By Cameron Sturdevant  |  Posted 2005-06-06 Print this article Print

Directory information—name, address, employee number, salary, reporting structure, cube location, phone number and the like—is by its nature highly sensitive.

eWEEK Labs has found that in most organizations with which it has worked, control over identity information is highly political. Business managers are often reluctant to change access control systems that work, regardless of any possible cost savings that may accrue if exclusive control were to be relinquished.

This means that implementation of virtual directory projects will need to be phased in over a period of months, or even years—not for technical reasons but for organizational concerns. With this time frame in mind, IT managers should focus immediately on the nuts and bolts of virtual directories to ensure that such projects succeed.

We say "projects" because virtual directory products are really a platform into which applications and data sources are hooked. As projects are defined, what comes into focus is the great variety of attributes that create a unique identity. It also becomes clear that this information is stored in a great many places and that bringing this information together will not be easy.

Virtual directories use LDAP calls and SQL statements, along with a blend of scripting tools, to transform identity data and present that data correctly to applications and services.

For example, a CRM package used by an international company may expect user names in the United States to appear in the form "first name/last name" and in Europe to appear "last name/first name." Rules created by IT in the virtual directory make this data presentation happen correctly in both instances. Further, IT staff need to write these types of rules only in the virtual directory product, as opposed to in every API. By reducing the number of places IT staff need to make custom connections, virtual directory tools can significantly reduce application implementation costs.

Aside from these efficiency gains, virtual directories—with their ability, through either a cache or proxied connection, to provide rapid access to the most current identity data—will likely improve directory access reliability, scalability and security.

Virtual directory tools can augment only the capabilities of the data sources to which they connect, however. And these data sources must be in a redundant configuration to provide failover and load balancing capabilities.

eWEEK Labs tests have shown that if redundant systems are in place—in carefully architected data environments—virtual directory tools can make directories scale further by efficiently routing requests for identity data. For example, an application that asks for all user names starting with "s" could be routed at a low priority to protect directory bandwidth.

Similarly, virtual directories can act as a directory firewall by placing required data in a virtual space without providing direct access to all the data sources. A virtual directory implementation at Sandia National Laboratories shows that this configuration could more securely provide authorized identity data to trusted partner facilities while ensuring the protection of the directories and databases that store the data.

Labs Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel