Virtual directory: Difference between revisions

In computing, a virtual directory or virtual directory server consists of software that offers a way to provide a consolidated view of user identities without having to construct an entire directory infrastructure. Implemented in the form of middleware, a virtual directory operates as a lightweight service that operates between applications and identity-data repositories.

A virtual directory receives queries and directs them to the appropriate data sources. When the user data comes back, the directory presents the data to the client application as if it all had been stored in one place all along. This ability to reach into native disparate repositories makes virtual-directory technology ideal for consolidating data stored in a distributed environment.

As of 2009^[update] virtual directory servers most commonly use the LDAP protocol.

Advantages of virtual directories

Virtual directories:

• provide faster deployment than available with synchronization
• leverage existing investments in security and high-availability for authoritative data-stores
• provide application-specific views of identity data which can help avoid the need to develop a master enterprise schema
• allow a single view of identity data without violating internal or external regulations governing identity data
• act as identity firewalls - preventing denial-of-service attacks on the primary data-stores and providing further security on access to sensitive data
• can reflect changes made to authoritative sources in real-time
• present a unified virtual view of user information stored across multiple systems so that it appears to reside in a single system
• secure all backend storage locations with a single security policy

Disadvantages

The major disadvantage is public perception of "push & pull technologies" which is the general classification of "virtual directories" depending on the nature of their deployment.

Virtual directories were initially designed and later deployed with "Push technologies" in mind, which also contravened with "Privacy laws" in the USA. The laws were not adaptable to the online digital structural paradigm when they were formulated. However, "availability of information by consent" clause in International law made "Pull" technologies more acceptable over time. Push technologies however still remain controversial.

Sample terminology

• namespace joining - The creation of a single large directory by bringing multiple directories together at the namespace level. For instance if one directory has the namespace "ou=internal,dc=domain,dc=com" and a second directory has the namespace "ou=external,dc=domain,dc=com" then creating a virtual directory with both namespaces is an example of namespace joining.
• identity joining - The creation of a user from various authoritative sources linked together by common data. For instance if the user joeuser exists in a directory as "cn=joeuser,ou=users" and in a database with a username of "joeuser" then the "joeuser" identity can be constructed from both the directory and the database.
• mapping - The transformation of data inside of the virtual directory. For instance mapping uid to samaccountname.
• identity routing - Virtual directories may support the routing of requests based on certain criteria (such as write operations going to a master while read operations being forwarded to replicas).
• authoritative source - A "virtualized" data repository, such as a directory or database, that the virtual directory can trust for user data.
• server groups - groups of one or more servers that contain the same data and functionality. A typical implementation is the multi-master, multi-replica environment in which replicas process "read" requests and are in one server group, while masters process "write" requests and are in another, so that servers are grouped by their functionality to external stimuli even though all share the same data.

Independent Vendors

• Optimal IdM (Virtual Identity Server) - A full-featured and high performning microsoft-centric solution. The only .NET Virtual Directory on the market.
• Radiant Logic (Virtual Directory Server) - Java based Virtual Directory - An LDAP integration & Synchronization Server.

Acquired Vendors

• Applied Identity - Acquired^[1] by Citrix in 2010. The product is no longer on the market.
• Identyx - Java based Virtual Directory acquired^[2] by Red Hat in 2008. The product is no longer on the market.
• MaXware - Java based Virtual Directory acquired^[3] by SAP in 2007. The product is no longer on the market.
• OctetString - A Java Virtual Directory acquired^[4] by Oracle in 2005.
• Sun - Java based Virtual Directory acquired^[5] by Oracle in 2009. Product is no longer on the market.
• Symlabs - A C/Java Virtual Directory acquired^[6] by Quest Software in 2011. The product is no longer on the market.

Open Source Vendors

• MyVD (MyVD) - Java based Virtual Directory.

References

1. http://www.commnexus.org/programs/special-interest-groups/event_2010050368730.php
2. http://blogs.kuppingercole.com/gaehtgens/2008/06/19/redhat-acquires-identyx/
3. http://www.sap.com/corporate-en/press.epx?pressid=7714
4. http://www.quest.com/newsroom/news-releases-show.aspx?ContentId=14460
5. http://www.oracle.com/us/corporate/press/018363
6. http://www.quest.com/newsroom/news-releases-show.aspx?ContentId=14460

External Links

• XPhone Virtual Directory | C4B Com For Business