One challenge network administrators face in implementing portals or other enterprise applications is that user identity is fractured, residing in multiple directories tied to individual applications throughout an organisation. As a result, it is difficult to provide enterprise applications with the comprehensive view of users they require to deliver their full value.
Virtual directory technology offers a way to provide that consolidated view of user identity without having to reconstruct an entire directory infrastructure. Implemented in the form of middleware, a virtual directory is a lightweight service that operates between applications and identity data.
A virtual directory receives queries and directs them to the appropriate data sources. When the user data comes back, the directory presents the data to the enterprise application as if it all had been stored in one place all along. This ability to reach into native repositories makes virtual directory technology ideal for consolidating data stored with two or more corporate divisions, between trading partners or within one entity that is using different directory services for different applications.
An important distinction between virtual directories and meta directories is that virtual directories loosely couple identity data and applications.
A meta directory provides a consolidated view of user identity by adding a layer of infrastructure that sits above native repositories, drawing user data from them and storing it in a new consolidated directory that faces an enterprise application. While this tight coupling is a good choice for situations in which data is not updated frequently, it is often insufficient to use with more agile applications such as portals and CRM systems, because synchronization delays could cause users to work with data that was minutes or even hours out of date.
Instead of creating new identity repositories, virtual directories handle identity queries on a case-by-case basis, drawing the required, authorised data (and only the required data) in real time from its native repositories around a network and presenting it to an enterprise application as needed. When the query is complete the virtual directory disappears; once again, the data exists only in its native repositories, under the control of the original owner.
A major way this capability comes into play is in heterogeneous server environments that use Lightweight Directory Access Protocol. Different parts of an organisation might have identity information stored, for example, in Microsoft Active Directory, Sun One, Novell eDirectory and IBM Directory. Many enterprise applications can't work with more than one directory source out of the box, making it difficult to obtain a unified view.
A virtual directory acts as a proxy, creating a single connection layer for enterprise applications. When an enterprise application sends a query, the virtual directory passes it to each of the native directories in the way those directories will accept it. When responses come back, the virtual directory presents a uniform view of the results, providing the enterprise application with data in the manner in which the application requires it, without having to rebuild physical identity infrastructure or synchronize all the data to one directory server.
This method of data consolidation offers three primary benefits. The first is the real-time operation. Because virtual directory technology goes right to the source, it is always working with the most current information. This approach, as opposed to keeping a separate data store, also assures that data remains under the control of the original owners at all times, avoiding internal political conflicts that can delay rollouts. Finally, virtual directories generally can be put in place in a matter of a few weeks, which let enterprise application initiatives begin delivering ROI quickly.
The emergence of enterprise applications has created a new set of challenges for network managers. If your company faces a user identity crisis because data is stored in too many separate repositories, virtual directory technology is worth a look.
Donley is CTO and founder of OctetString Inc. He can be reached at firstname.lastname@example.org.