How Harry met Sally on our identity management test bed

We tested our six identity management solutions -- from Courion, IBM, Microsoft, Novell, Sun Microsystems, and Thor Technologies -- at the Advanced Network Computing Lab at the University of Hawaii, Manoa, which always serves us well, both in function and distraction. Much thought went into both the test environment and our test scenarios. We wanted to throw some curveballs at the participants, but we also needed to make completion possible within the three-day time limit given to each vendor. We also needed to be practical regarding the makeup of the test infrastructure -- but at the same time do our best to represent a real-world enterprise.

In order to quickly reset the environment for each vendor in turn, we opted to run almost the entire test infrastructure on a single HP ProLiant DL585 with four Opteron 252 CPUs and 32GB of RAM running Red Hat Advanced Server 3 and VMware GSX Server 3.1. This enabled us to quickly build, run, and revert the five Windows Server 2003 servers and two Fedora Core 3 systems that comprised our test infrastructure. Our backup platform was a Tyan-based dual-Opteron server from LZS Global Services running several extra Windows XP Workstation images under VMware GSX Server.

After much internal discussion and debate, we settled on Microsoft’s AD (Active Directory) as the foundation for our test. Our fictional company, named TCPIP Corp., would be largely Windows-based, with many core services running on Windows Server 2003, but with some key components running on Fedora Core 3, which is Red Hat’s community-supported Linux distribution. We chose this scenario to replicate organically developed infrastructures commonly found in production.

The AD layout was relatively simple, with an employee OU (organizational unit) that housed eight other OUs consisting of major business segments such as accounting, production, shipping, and so on. Each OU contained a significant number of users, with the total user count reaching 2,270. Each user object in AD came complete with a suitable number of defined attributes, including valid address, telephone, and department information, as well as AD schema extensions to include Social Security numbers and birth dates. Also on the TCPIP network were a Microsoft Exchange Server 2003 server, a Windows file/print server, and an IIS Web server. An Apache Web server ran on one Fedora Core 3 server, and the key HR and ERP applications ran on another.

Rather than opt for HR and ERP applications that all the vendors would have easily wrapped up, such as PeopleSoft or SAP, we implemented open source solutions that wouldn’t have the same familiarity: e-HRMS and webERP. Both of these applications are built on PHP and make use of a MySQL back end.