Virtual directory: Difference between revisions

In computing, a virtual directory or virtual directory server consists of software that offers a way to provide a consolidated view of user identities without having to construct an entire directory infrastructure. Implemented in the form of middleware, a virtual directory operates as a lightweight service that operates between applications and identity-data repositories.

A virtual directory receives queries and directs them to the appropriate data sources. When the user data comes back, the directory presents the data to the client application as if it all had been stored in one place all along. This ability to reach into native disparate repositories makes virtual-directory technology ideal for consolidating data stored in a distributed environment.

As of 2009^[update] virtual directory servers most commonly use the LDAP protocol.

Advantages of virtual directories

Virtual directories:

• provide faster deployment than available with synchronization
• leverage existing investments in security and high-availability for authoritative data-stores
• provide application-specific views of identity data which can help avoid the need to develop a master enterprise schema
• allow a single view of identity data without violating internal or external regulations governing identity data
• act as identity firewalls - preventing denial-of-service attacks on the primary data-stores and providing further security on access to sensitive data
• can reflect changes made to authoritative sources in real-time

Disadvantages

The major disadvantage is public perception of "push & pull technologies" which is the general classification of "virtual directories" depending on the nature of their deployment.

Vitual directories were initially designed and later deployed with "Push technologies" in mind, which also contravened with "Privacy laws" in the USA. The laws were not adaptable to the online digital structural paradigm when they were formulated. However, "availability of information by consent" clause in International law made "Pull" technologies more acceptable over time. Push technologies however still remain controversial.

Sample terminology

• namespace joining - The creation of a single large directory by bringing multiple directories together at the namespace level. For instance if one directory has the namespace "ou=internal,dc=domain,dc=com" and a second directory has the namespace "ou=external,dc=domain,dc=com" then creating a virtual directory with both namespaces is an example of namespace joining.
• identity joining - The creation of a user from various authoritative sources linked together by common data. For instance if the user joeuser exists in a directory as "cn=joeuser,ou=users" and in a database with a username of "joeuser" then the "joeuser" identity can be constructed from both the directory and the database.
• mapping - The transformation of data inside of the virtual directory. For instance mapping uid to samaccountname.
• identity routing - Virtual directories may support the routing of requests based on certain criteria (such as write operations going to a master while read operations being forwarded to replicas).
• authoritative source - A "virtualized" data repository, such as a directory or database, that the virtual directory can trust for user data.

Further reading

• Gifford, David K. (1991). "Semantic file systems". ACM SIGOPS Operating Systems Review. 25 (5). New York: ACM: 16–25. ISSN 0163-5980. Retrieved 2009-12-02. Compatiblity with existing file system protocols is provided by introducing the concept of a virtual directory. Virtual directory names are interpreted as queries, and thus provide flexible associative access to files and directories in a manner compatible with existing software. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)

External links

• Optimal IdM [1] Virtual Identity Server - A high performance LDAP Virtual Directory for a Microsoft environment.