Metadirectories and SSO (single sign-on) products tend to garner much of the attention in the directory arena, but directory virtualization is closing in. Virtual directories take data from multiple sources, including other directories and databases, and present that data as a single virtual directory. Rather than move data into a new database or directory, which is what a metadirectory does, the virtual directory presents data as links. As you might expect, a virtual directory could serve as a core component of an identity-based network infrastructure.
Among its many applications, a virtual directory can present customer data from an Oracle database as LDAP to support e-mail applications, or it can integrate data from databases with existing directory information. Virtual directories can present the data for millions of users without the performance issues of other directories. The challenge is to organize data and map what’s available in the different directories and databases to create a unified image. The tools in the two software products reviewed here make that much easier than it used to be.
Both MaXware’s Virtual Directory 7.0.9 and Radiant Logic’s RadiantOne 4.0 can gather data from multiple sources and present that data as a single virtual LDAP directory. Both display data in different formats, depending on the user. In a phone contact list, for example, interoffice users would see just an extension in the phone number field, whereas external users would see the full phone number.
Using these products will not be a simple process for most administrators. Data sources must be identified, fields selected, LDAP schemas created, and security models implemented in a process that combines the rigors of database design with those of directory creation. RadiantOne provides a schema inventory tool, a directory design tool, and synchronization capabilities with its virtual directory capability, for a more complete, all-in-one package. MaXware favors the component approach, with separate modules for data synchronization, metadirectory capability, provisioning, workflow, password management, and the virtual directory.
I tested both programs using a Microsoft Access 2000 database, Active Directory, NDS directories, and an LDAP directory. I mapped data between each directory and presented the data from the directories and the database as a single LDAP directory. Not having a million-plus record database, I couldn’t stress test these databases. Performance of these products is also difficult to characterize, especially in a lab environment. But after talking to customers and product managers, it is clear that either product will handle millions of database entries virtualized into a directory, as well as thousands of LDAP requests per second.
RadiantOne requires less low-level database and directory expertise, with discovery tools and an easier initial configuration. MaXware provides a broad range of capabilities at a lower initial cost in an à la carte configuration. Either product will allow you to present a broad range of directory and database information as a unified whole and to use it for a variety of applications. But only RadiantOne earns an Excellent rating by virtue of its greater ease-of-use and integrated set of tools.
MaXware Virtual Directory
MaXware Virtual Directory 7.0.9 is one piece of a suite of products that also includes a directory browser, directory synchronization engine, metadirectory engine, provisioning engine, workflow engine, and password management application. You can mix and match to get the capabilities you need for your particular application, or you can buy all the pieces and have a capable toolset.
Installing MaXware is not difficult. One catch is that a JVM is required but not included. I downloaded the free JRE v1.4.2. After the JVM has been downloaded, you must specify the path to the main Java executable.
This type of small-detail work is typical of the MaXware approach, which provides all the tools that a directory and database expert needs -- and would know how to use -- but may not be as straightforward for someone who isn’t an expert. When using MaXware, you have to know where the files are located and what they’re called, whereas RadiantOne finds the files for you.
If you want to integrate data from a database as well as from directories, you’ll also need JDBC drivers for the databases in question. That should be included with the database, but you’ll need to specify absolute paths to the connectors, as well as some specific low-level information about the database, such as the “sizelimittype” parameter.
After you have plugged in all the necessary configuration information, the tools to create an LDAP schema and map information from other directories or databases are actually easy to use. But detailed knowledge of data classes is needed here here as well.
After the appropriate supporting information is plugged in, organizing the directory tree is fairly straightforward. Anyone who has ever worked with a visual representation of a directory will find the data presentation clear. It’s easy to create directory objects, move them around, assign security attributes, and so forth.
There is a free browser tool that makes finding database and directory information easier, given that you don’t have to input server and directory information before you can access the data.
When you have entered all the information on databases and directories, it’s not difficult to create the virtual directory. Data can be imported from any JDBC-compliant database -- which includes virtually every commercial database in existence and almost all open source databases as well -- and from any LDAP-compliant directory, including Sun/iPlanet, Microsoft Active Directory, and Novell NDS or eDirectory.
Although MaXware’s directory synchronization product is not included with the Virtual Directory, it is easy to add, and the total cost for both products is the same as for RadiantOne. Administrators who need to present data but don’t need to synchronize multiple data sources will appreciate the lower cost of the MaXware product without the synchronization add-on.
User access to directory information can be specified at a granular level. Documentation is adequate but reflects the recurring MaXware notion that anyone using this product should already be an expert with both the directories in use and the databases. I was not able to test performance directly, but users of Virtual Directory told me they topped out at more than 3,000 LDAP lookups per second with millions of entries in the directory, a claim that surpasses what most directories can handle.
Radiant Logic RadiantOne
RadiantOne 4.0 shows a thoughtful approach to directory and database integration, reflecting the fact that in large organizations, the database administrator may not have anything to do with directories -- and vice versa. Discovery and design tools make it easy to integrate data from multiple sources without requiring in-depth expertise in directory or database design.
Setup is straightforward and simple. You’ll need to install a J2EE message queuing server for synchronization services. The Apache Tomcat open source application server is one of the possible choices, and it’s free.
The toolkit that comes with RadiantOne includes a schema manager that makes it easy to discover, capture, and analyze database and directory information and create an overall schema for the integrated virtual directory that will easily encompass all your requirements. The view designer then builds a tree (an LDAP directory) that reflects the schema and presents all the data as an LDAP or other directory. The directory is cached and presented as a snapshot, which dynamically refreshes only the changed items.
It’s simple to create scripts to join multiple entries using RadiantOne’s tools. For example, you can take a first name and last name and join them into a single name field. You can also build interception scripts to transform data from one format to another, either for authentication or to create SSO information from different sources.
The virtual directory is LDAP Version 3 by default but can also be configured in Active Directory application mode as NDS or as other directory types. A synchronization engine can then update multiple back-end directories or databases when changes are made to the virtual directory. MaXware can’t do these things without the separate synchronization engine product.
User access to information is easy to control at a granular level, with good security throughout. Documentation is excellent, with clear examples and easy-to-follow instructions for working with specific directories and databases.
As with MaXware, I was unable to test performance myself, but I spoke with admins who are supporting more than 2 million users on one RadiantOne server, with 5 percent to 6 percent CPU utilization and only 800MB of memory. One organization is using an Oracle database of customer information and delivering e-mail through an LDAP-based POP/IMAP mail system, all combined with the virtualized directory.
The $50,000 price tag for RadiantOne is twice that of MaXware, but RadiantOne’s additional capabilities are worth the expense. Of course, you can add directory synchronization to MaXware for an additional $25,000, making the products comparable in price.
Either of these products will present data from multiple sources as a single, unified LDAP image. Because its toolset is easier to use, RadiantOne is the better choice if you don’t have one person with both LDAP and database expertise. Admins with a single goal in mind may appreciate MaXware’s à la carte approach, which will allow them to buy only the pieces they need.
Overall Score (100%)
|MaXware Virtual Directory 7.0.9||9.0||8.0||8.0||8.0||8.0||9.0|
|Radiant Logic RadiantOne 4.0||9.0||9.0||9.0||9.0||9.0||8.0|
Having trouble installing and setting up Win10? You aren’t alone. Here are many of the most common...
It's all about knowing how to build an open source community -- plus experience running applications in...
Win7 Update scans got you fuming? Here’s how to make the most of Microsoft’s 'magic' speed-up patch
Sponsored by Puppet
Sponsored by Intel
Sponsored by Hewlett Packard Enterprise
From blockchain to SDN to container management, these rookies made big waves in open source
Working with functional programming requires a shift in your thinking, but has benefits in productivity...
Enterprises know the ability to adapt quickly is essential, but can that agility extend to the core,...
Crypto experts agree it's time to ditch SHA-1 if you haven't already, but also to know where the real...