Directory technology has ascended to a starring role in the network infrastructure landscape as the emergence of Web services and an increased reliance on Web-based applications highlight the importance of identity management and easy access to user preference data.
Directory technology is not new, but it is growing beyond its historical role of collecting user information for use in applications.
According to Michael Hoch, senior analyst at Aberdeen Group, the budding Web services model is spawning a directory-level shift to digital identity management.
"What iPlanet is picking up on, and what other companies are doing around Web services, is moving from user management of directories to digital identity management. The difference is that a user is somebody who sits at a machine, whereas a digital identity is a person and the context around that person," Hoch says.
For example, a digital identity could dish up different services depending on whether a worker was logging in from home or working from a different city.
Allowing this digital identity to be flexible is a critical element to its success, according to Hoch.
"We've moved from isolated computers to network computers; now we are moving to a virtual network and you need to have a flexible identity from which to operate within that network," Hoch says. "You as an individual have the same identity, but directory services can customise or personalise access and control and monitor that access."
Another important function of directory services is its capability to unify user information stored in separate enterprise applications and data stores, such as human resources, ERP, and phone systems.
Attempting to tackle issues with policy and identity management, information unification, and directory deployment, vendors including iPlanet, NetPro Computing, and OctetString recently introduced directory infrastructure products.iPlanet E-Commerce Solutions, a Sun Microsystems and Netscape Communications joint alliance, rolled out two directory products targeting Web services and Web-based applications.
The iPlanet Directory Server Integration Edition 5.0 allows user profile information to be synchronized with proprietary services such as Microsoft. Active Directory, NT domains, Oracle, and others. The Integration Edition includes a meta-directory module that pulls together disparate directory information into a single view of enterprise user data, according to officials at iPlanet.
The Directory Server Access Management Edition 5.0 enables authentication and authorization based on centralized access management policies. The product includes a policy module for enabling single sign-on, a management module for delegated administration, and a certificate authority module for authenticating users according to required security level.
According to John Barco, senior product marketing manger at iPlanet, a comprehensive identity and access management platform is critical in handling profile information that is pulled from a variety of sources both within and outside corporations.
"The reason companies deploy [directory services] is to provide a comprehensive user-management infrastructure to help them maintain in real time a unified user profile created from multiple sources for every user it deals with," Barco says. "Businesses today not only have employees as their internal community but also need to manage an external community of partners, suppliers, and customers."
Christy Hudgins, an analyst at The Burton Group, says policy services are becoming an essential element of directory services. Going forward "it will become increasingly important to bundle those services both with the directory and with the operating system," she says.
Aiming to aid the process of deploying directory infrastructure, NetPro Computing recently unveiled DirectorySim, a predictive modeling and capacity planning tool for Microsoft's Active Directory service.
DirectorySim is designed to reduce the time and cost associated with deploying Active Directory by simulating directory performance and generating reports that estimate disk loads and user log-in time, say NetPro officials.
These reports can be used to make changes in design, which can save enterprises time and money in directory deployment, according to Kirsten Delaney, product marketing manager at NetPro. "The reports can prevent the purchase of equipment that might not be necessary, such as additional servers or routers," she says.
Meanwhile virtual directory software vendor OctetString announced Version 1.1 of its VDE (Virtual Directory Engine). VDE is an LDAP software engine that can be embedded in enterprise servers, appliances, and mainframes, according to OctetString officials, in Palatine, Ill. The virtual directory allows information to be shared among different applications and databases regardless of format or type. New features in Version 1.1 include replication, database read-only mode, automatic online backups, and automatic password encryption.