We tested our six identity management solutions -- from Courion, IBM, Microsoft, Novell, Sun Microsystems, and Thor Technologies
-- at the Advanced Network Computing Lab at the University of Hawaii, Manoa, which always serves us well, both in function
and distraction. Much thought went into both the test environment and our test scenarios. We wanted to throw some curveballs
at the participants, but we also needed to make completion possible within the three-day time limit given to each vendor.
We also needed to be practical regarding the makeup of the test infrastructure -- but at the same time do our best to represent
a real-world enterprise.
In order to quickly reset the environment for each vendor in turn, we opted to run almost the entire test infrastructure on
a single HP ProLiant DL585 with four Opteron 252 CPUs and 32GB of RAM running Red Hat Advanced Server 3 and VMware GSX Server
3.1. This enabled us to quickly build, run, and revert the five Windows Server 2003 servers and two Fedora Core 3 systems
that comprised our test infrastructure. Our backup platform was a Tyan-based dual-Opteron server from LZS Global Services
running several extra Windows XP Workstation images under VMware GSX Server.
After much internal discussion and debate, we settled on Microsoft’s AD (Active Directory) as the foundation for our test.
Our fictional company, named TCPIP Corp., would be largely Windows-based, with many core services running on Windows Server
2003, but with some key components running on Fedora Core 3, which is Red Hat’s community-supported Linux distribution. We
chose this scenario to replicate organically developed infrastructures commonly found in production.
The AD layout was relatively simple, with an employee OU (organizational unit) that housed eight other OUs consisting of major
business segments such as accounting, production, shipping, and so on. Each OU contained a significant number of users, with
the total user count reaching 2,270. Each user object in AD came complete with a suitable number of defined attributes, including
valid address, telephone, and department information, as well as AD schema extensions to include Social Security numbers and
birth dates. Also on the TCPIP network were a Microsoft Exchange Server 2003 server, a Windows file/print server, and an IIS
Web server. An Apache Web server ran on one Fedora Core 3 server, and the key HR and ERP applications ran on another.
Rather than opt for HR and ERP applications that all the vendors would have easily wrapped up, such as PeopleSoft or SAP,
we implemented open source solutions that wouldn’t have the same familiarity: e-HRMS and webERP. Both of these applications are built on PHP and make use of a MySQL back end.
After more careful thought, we decided that our test environment could use a bit more variety, so we also threw in a z/OS
mainframe emulator from Cornerstone Systems (provided by IBM, however) and a Lotus Notes server (also graciously provided
by IBM). Our test scenarios wouldn’t require that these systems be provisioned, but we allowed vendors to do so for extra
credit. Each participant in the test was given the test parameters one month prior to the test and general information about
the test infrastructure: that it would be based on Active Directory, that e-HRMS and webERP would be our HR and accounting
applications, and that these apps would run on Fedora Core. This enabled them to prepare connectors ahead of time, helping
to speed along the integration of their identity servers into the TCPIP environment. Of course, we kept a few specific details
quiet until the test began.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
