Network directory services are emerging as a vital battleground in the struggle to support large enterprise networks and applications. Sathvik Krishnamurthy, vice-president and general manager of Worldtalk's Internet security subsidiary, talked to IDG's Matthew Woollacott and Michael Vizard about the directory marketIDG: Why are directory services suddenly getting this attention?
Krishnamurthy: The industry is trying to consolidate around the common Lightweight Directory Access Protocol [LDAP] because with all these different directory implementations, the operational costs were kind of misunderstood. It costs a lot more to manage the directories and keep them synchronised with one another than it does to go out and buy any new piece of software. The one critical piece that's still missing from LDAP is replication in the core specification. Worldtalk provides full replication capability across different directory implementations.
IDG: Does that mean there's a separate Real Talk directory that essentially functions as a manager of other directories?
Krishnamurthy: In essence, yes. Currently it's X.500-based; however, going forward we will be supporting the Active Directory Services Interface initiative from Microsoft. The directory we view as a total commodity. Our directory isn't necessarily going to be the master in all situations. In fact, more often than not, one of the large vendors' directories is in fact going to be the corporate directory of choice. But we can allow large organisations to deploy those technologies and then to manage the information within those directories, across the board. We have a high-end Unix-based product called Net Junction, which is an electronic mail switch as well as a directory switch. So we actually have bundled an X.500 repository in it. We have a much more scalable version with similar functionality called NetTalk, which is an electronic mail and directory switch that basically allows you, on a Windows NT platform, to do similar types of things.
IDG: Will we ever be able to deploy a single directory?
Krishnamurthy: Well, that's the apple-pie-and-motherhood answer that you get from all of the big vendors. The reality is that it is an extremely difficult proposition to migrate to a single directory.
Unfortunately, the LDAP spec is not at a position where it's the only thing necessary for total interoperability among all your directory implementations. The core spec does define schema and discovery - it doesn't define replication. There's now at least two camps, and I know of a third, that are introducing replication standards on top of the core LDAP B3 spec.
IDG: What about the rumours of the integration of LDAP with DNS, so your IP addressing directory is incorporated with your LDAP directory?
Krishnamurthy: It's a good idea. It doesn't solve any of the problems about what LDAP is addressing and what it's not addressing.
We actually participated with a number of key vendors, including Netscape, Microsoft, Banyan, and IBM, in defining the Lightweight Internet Person Schema, which was a definition of the core set of attributes you can expect in any directory implementation that supports LDAP. That was an important step because that didn't even exist. There was no definite schema that you could expect.
For further information on Worldtalk, contact:
Tel (07) 3259 2222 Fax (07) 3259 2259