OctetStrings VDE 3.0.2 has templates for Computer Associates International Inc.s eTrust Directory, which we used to simplify access to applications by users. VDE 3.0.2, which shipped in April, is priced at $20,000 to $45,000, depending on server configuration. This update gains templates for Siemens Information and Communication Networks Inc.s HiPath Security DirX. The updated product supports a wide array of popular directory and database platforms, as well as adapters to access identity information in applications.
Click here to read the full review of VDE 3.0.2.
2
OctetStrings VDE 3.0.2 has templates for Computer Associates International Inc.s eTrust Directory, which we used to simplify access to applications by users. VDE 3.0.2, which shipped in April, is priced at $20,000 to $45,000, depending on server configuration. This update gains templates for Siemens Information and Communication Networks Inc.s HiPath Security DirX. The updated product supports a wide array of popular directory and database platforms, as well as adapters to access identity information in applications.
In tests, VDE basically took LDAP calls from our applications and used joins that we built using a wizard supplied by VDE to transform data requests to the original identity sources. These were either LDAP-compliant directories or our Microsoft Corp. SQL Server database.
VDE, unlike RadiantOne VDS, relies on high-speed connections to the original data source to provide applications with access to identity information. We installed VDE on a Windows 2000 Server system with all the VDE components on one machine. We used information from a CA eTrust Directory, a Windows Active Directory and data from a SQL Server installation, along with Novell Inc.s eDirectory installed on a NetWare 6.0 server.
Using VDE, we could summon necessary data from a variety of these sources at the time a query was made in our test, as if all the data were stored in a single directory.
The consolidated application information—in this case, user data to authorize a simple log-on request that could be used to support a Web portal—was presented to the application. The key to using VDE to its fullest advantage is to understand that information is provided in real time, drawing from the original authoritative sources. A metadirectory product, in contrast, would have copied the data and provided the information from a secondary source.
Metadirectory solutions are well-understood, but this level of integration is usually politically sensitive and sometimes costly because data synchronization and replication procedures are required to keep information in the metadirectory current.
With VDE, the data stayed in the original source, and no extra effort was needed on our part to tell the test application where to find the necessary data, aside from directing it to VDE.
As with RadiantOne VDS, however, this isnt to say that creating a virtual directory is easy. Any IT manager who seeks to provide an identity management system based on data drawn from multiple directories, databases and applications must first have a clear idea of what information is stored where.
We used adapters provided by VDE to access our Active Directory data store. This immediately raised a serious question during tests: What attributes are needed to uniquely identify each user when required information is stored in multiple sources?
The lesson we learned is that substantial time must be allowed for system administrators to learn where identity data is stored and how to connect that information together for individual users. At Digital ID World, users of both VDE and RadiantOne VDS indicated that their virtual directory projects took at least six months to implement.
In Labs tests, we found that virtual directory tools, once in place, require heavy ongoing maintenance both to tune performance with existing applications and to accommodate new applications and systems coming into the network.
VDE can be installed on a wide range of platforms, including Windows, Solaris, Linux, HP-UX, AIX and Mac OS X.
Next page: Evaluation Shortlist: Related Products.
Page Three
Evaluation Shortlist
BMC Softwares Calendra Directory Management Creates virtual directories and facilitates user provisioning (www.bmc.com)
Maxwares Virtual Directory Provides a product suite similar to RadiantOne VDS (www.maxware.com)
Persistent Systems EnQuire One of the few hardware virtual directory appliances, which we dont see as an advantage (www.persistent.co.in)
Radiant Logics RadiantOne Virtual Directory Server Taps a well-designed, cache-based mechanism to quickly process requests for identity information (www.radiantlogic.com)
Symlabs Directory Extender Focuses on LDAP directory with little help for identity stored in databases (www.symlabs.com)
Labs Technical Director Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.