When Sandia National Laboratories decided that identity information for some 20,000 scientists, contractors and other staff needed to be more readily available, the organization started looking at virtual directory tools.
"The biggest driving force is a project called Enterprise Person, where we will establish a central point of reference to identify all the attributes that have to do with a person who works at Sandia," said Bill Claycomb, a software analyst in Sandias Infrastructure Computing Services organization, in Albuquerque, N.M.
Sandia identity information is stored in many places, including Oracle Corp. Oracle databases and PeopleSoft human resources systems, as well as in LDAP directories and Microsoft Corp.s Active Directory and SQL Server. Claycomb said he and his team wanted to find a way to leverage all that information to create a single access point for identity information.
"One challenge for us is that duplicate data is stored in many sources," Claycomb said. "So, determining the authoritative source is a big question. Once we have the data, presenting the right information only to the people who need it is crucial."
After looking at several virtual directory solutions, Claycomb and his team decided to go with Radiant Logic Inc.s RadiantOne Virtual Directory Server because the data presented to different administrative users could be easily customized.
Claycomb said it took several months to master the product and to plan how best to integrate the virtual directory data into applications used by Sandia groups.
Sandia currently has two groups using data provided by RadiantOne VDS to update identity information in production. Three other groups are in talks with Claycomb to determine how they can best use the RadiantOne VDS system.
According to Claycomb, potential customers at Sandia are quite interested in gaining access to cached identity data, against which they can then run LDAP queries and have information pushed into SQL Server databases. "SQL [Server] to LDAP is our big push right now," said Claycomb. "We are also using RadiantOne to provide virtual directory information in a persistent cache."
Although he grants that upfront implementation of RadiantOne VDS can be time-consuming, Claycomb said he and Sandia programmers think working with RadiantOne VDS Java-based transformation scripts is quite easy.
"I like the synchronization and the speed of RadiantOne—the fact that the data I want is up-to-date pretty much in real time," said Claycomb. "I especially like not having to worry about a flat file being processed once an hour and dumped into script that parses the data and shoves it into a database. RadiantOne does that for me quickly."
While Sandia currently uses RadiantOne VDS to supply identity data to internal users, the products future use will likely be guided more by how it can help Sandia work with outside organizations. Because virtual directory tools including RadiantOne VDS can present identity data to applications without giving those applications access to the authoritative data source, the virtual directory functions as a type of "directory firewall."
Claycomb is especially interested in this aspect of RadiantOne VDS feature set. "We are looking at ways to use RadiantOne to provide identity information to our sister labs [Los Alamos and Lawrence Livermore National Laboratories]," he said.
Putting this information in a virtual directory at the edge of Sandias network while at the same time protecting the information is a central part of Claycombs future work with RadiantOne VDS.
Sandia is also using RadiantOne Synchronization Services to facilitate communication of identity data between otherwise-isolated networks. Synchronization Services sends data source changes immediately into the virtual director cache maintained by RadiantOne VDS.
"Regardless of the role RadiantOne plays in the Enterprise Person project," Claycomb said, "I envision setting up a protected server that can handle LDAP queries through a secure connection between networks."
Labs Technical Director Cameron Sturdevant can be reached at firstname.lastname@example.org.