Taming the directory hydra

Solutions for managing directories take shape, but are still no silver bullet

As the complexity of an organization's networks increases, so does the need -- and cost -- to manage them. Furthermore, coordinating all the network directories, which track the identities and locations of users and devices, can be daunting.

A study by Gartner Group Inc. showed that the typical Fortune 1000 company has more than 180 directories in daily use. In the federal government, sprawling organizations such as the Defense Department can have thousands of directories in operation.

The Holy Grail is a single, seamless directory that will span an entire organization. Realistically, however, organizations will have to manage a number of directory structures side by side for some time to come.

One stop-gap solution is the metadirectory, a central "master" directory that contains information for all of the networks' applications and identities, and coordinates updates of information to individual, separate directories.

"Every organization today is incurring an excessive cost burden in managing disparate data sources," said Lance Horne, program manager for directory services at Microsoft Corp. Those different sources "have led to islands of redundant data being managed separately and incurring separate costs."

That leads to "entropy" within organizations, Horne said, with data becoming "dirty" and increasingly inaccurate over time. That can compromise security when, for example, employees who were fired or quit remain as active identities on a network.

Metadirectories help avoid some of those problems, but they will also be necessary for Web-based applications, particularly as organizations seek to do more business electronically with the public and with their trading partners.

"If you want to play in the Web universe, you will have to implement a metadirectory, or something like it," said Dan Kuznetsky, vice president of systems software research at IDC. "You're involved in delivering and receiving information dynamically, so coordinating directories becomes essential, particularly for transaction-oriented applications. Metadirectories are one of the major [prerequisites] to doing business on the Web."

During the past few years, several companies have developed products they claim provide a metadirectory-type service. Critical Path Inc. and Oblix Inc., two leading Internet messaging software and infrastructure companies, offer products that companies such as IBM Corp. use to provide metadirectory capabilities to their clients. Sun Microsystems Inc. and Netscape Communications Corp. teamed up to provide directory coordination through their iPlanet alliance. And database companies such as Oracle Corp. and Informix Software Inc. have products that consolidate the management of directories.

Networking infrastructure giant Cisco Systems Inc. -- in collaboration with Microsoft -- several years ago developed an approach it terms Directory-Enabled Networking (DEN). With DEN, network resources such as devices, operating systems, management tools and applications use directory services to do such things as discover and obtain information about other resources.

While not a metadirectory approach in the strict sense, DEN provides a central repository of meta-information about a Cisco-based network. Last year, the company introduced its Cisco Networking Services (CNS), a suite of policy-based networking and intelligent network services based on DEN. Using CNS an administrator can, for example, make sure that a particularly important application, such as a videoconferencing call, gets priority on the network.

But Novell Inc., through its large installed base of the NetWare network operating system, and Microsoft are probably the two biggest gorillas playing in the government market, and both recently added metadirectory services to their portfolios.

Microsoft included Active Directory in its first release of Windows 2000 to answer demands for an integrated directory capability. The hope is that customers will eventually use Active Directory as a single, hierarchical scheme for all of their directory needs. Some are indeed looking at that possibility, but in the meantime, Windows 2000 and Active Directory will have to coexist with many legacy directories.

Microsoft sought to address that need last year when it bought Zoomit Corp. and that company's VIA metadirectory technology, which it renamed Microsoft Metadirectory Services (MMS). It works alongside Active Directory to enable that part of Windows 2000 to work with other vendors' directories.

"MMS supplies connectors for specific products such as Lotus Notes and [standard query language] servers," said Horne. "The user can also define their own connector space. Additionally, MMS provides the capability for building business tools so that users can manage the way [network object] attributes are mapped and applied."

Novell already had a step up on Microsoft in some ways. It's worked hard to make sure that the latest version of its Novell Directory Services (NDS) offering is compatible with a range of the most popular directory services products, including Active Directory. However, that isn't enough to cover the universe of interoperability that Novell needs, so late last year it introduced DirXML, which converts directory information into Extensible Markup Language, or XML, an emerging standard aimed particularly at data interchange on the Web. DirXML sits on top of NDS eDirectory 8.5 and basically enables data to be shared between NDS and a particular application. The network administrator can specify which data will flow between NDS and the other application, and because DirXML uses the applications' native application program interface (API), it achieves that synchronization of data without having to modify the application or use any NDS API.

"DirXML is really aimed at the initial stages of building a metadirectory architecture, and it's all about reducing the cost and providing a single, simple interface," said Loren Russon, product manager for eDirectory and DirXML at Novell. "We want to improve it to the point where it can use 'wizards' so it can be user configurable, to shorten the deployment cycle and improve the return on investment for users."

Ease of use may indeed be the key to the success of metadirectories, because there is general agreement that they are difficult to understand and construct.

Potential federal agency users readily admit their ignorance. The National Oceanic and Atmospheric Administration, for example, has a relatively long history of dealing with directories, beginning more than six years ago when directories for different e-mail systems were combined using Control Data Systems Inc.'s X.500 directory services. NOAA recently opted to standardize around Netscape's suite of X.500 and Lightweight Directory Access Protocol (LDAP)-compliant products, with the hope that this "will lay the foundation for a more rigorous and robust set of directory services applications," according to Rob Swisher, chief of the administrative systems division for NOAA.

What were never discussed during the planning for this project, he said, were metadirectories. "To my knowledge, the word 'metadirectories' has never come up in any of the meetings we've had over this," Swisher said. " 'Directories' has, as has the role of a central directory, but not metadirectory. It's just not a well-understood phenomenon, and the implementation of metadirectories is definitely not well understood."

The only broad announcement of an interest in metadirectories has come from the Defense Information Systems Agency, which has made several requests for information on products and technologies that could be used to build a Defense Department-wide online directory service. But it has not decided when and how to go forward with its plans.

"We haven't come across a lot of customers adopting metadirectories," said Dan Hurley, product marketing manager with BindView Corp., a company that specializes in multi- network management. "Metadirectory tools are not that pervasive, and most network administrators don't have the expertise to deal with the subject. Even consultants who know anything about metadirectories are not that common."

Robinson is a freelance journalist based in Portland, Ore.

MORE INFO

* Cuts the management and personnel costs associated with administering

numerous independent directories.

* Synchronizes network administration with an organization's personnel

changes, cutting down on potential security breaches.

* Enables organizations to quickly implement new services, such as policy-based

networks that give more bandwidth to certain applications.

* Provides a single directory from which to manage a public-key infrastructure.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.