gartner: setting objectives for a directory services project

www.novell.com

Gartner: Gartner: Setting Objectives Setting Objectives for a Directory for a Directory Services ProjectServices Project

John EnckVice President and Research DirectorServer and Directory StrategiesGartner, Inc.

Key IssuesKey Issues

• What business issues will be successfully addressed by directories?

• How can enterprises successfully address the integration of Active Directory and eDirectory?

• What roles will metadirectories and e-provisioning play in enterprises during the next five years?

The Ideal World: The Ideal World: One Directory for EverythingOne Directory for Everything

VoiceDirectory

Extranet/IntranetAuthentication

White Pages

ApplicationEnabling

Systems/User Management

CertificateEnabling

Legacy Connectivity

Platform Authentication

1

2

3

4

. . . . . .

VoiceDirectory Extranet/Intranet

Authentication

White Pages

Application Enabling

Systems/User Management

Certificate Enabling

Legacy Connectivity

Platform Authentication

1

2

3

4

. . . . . .

. . .

1

2

3

4

. . .

. . .

1

2

3

4

. . .

The Real World: The Real World: Multiple Directories!Multiple Directories!

Two Main Categories of Two Main Categories of DirectoriesDirectories

Extranet/IntranetNOS

Buying Center:

Rollout:

ROI Argument:

Scalability:

Design Goal:

Users:

Business unit

Months

Application enabling,Business agility

Millions of entries,Few servers

Authenticate/Authorize,Personalize

Customers, Partners, Employees, Contractors

Central IS

Years

Infrastructure, Security,Application enabling

Thousands of entries,Hundreds of servers

Authenticate/Authorize,Resource management

Employees, Contractors

TheNOS

Directory

TheEnterpriseDirectory

TheIntranet/Extranet

Directory

??

The Missing Link?The Missing Link?

DirectoryFunctionality

2001 20022000

Time

2003

Active Directory Extranet/Intranet Capabilities

Directory functionalitythat is “good enough”for typical enterprise extranet requirements

2004

Windows 2000

Windows .NET Server

Longhorn

Active Directory Active Directory as an Extranet/Intranet as an Extranet/Intranet DirectoryDirectory

Oracle Internet Directory

ChallengersChallengers LeadersLeaders

MicrosoftActive Directory

AbilityAbilityto to

ExecuteExecute

Completeness of VisionCompleteness of Vision

Sun-iPlanet

As of 1/02

Critical Path

IBM Domino

NovelleDirectory

Siemens DirX

IBM SecureWay

Niche PlayersNiche Players VisionariesVisionaries

DCE/CDS

OpenLDAP

Syntegra Aphelion

CA eTrust

Syntegra GDS

Nexor

Extranet/Intranet Directory Extranet/Intranet Directory Services Magic QuadrantServices Magic Quadrant

Number ofSupported Users

2001 20022000

Time

2003 2004

5,000

50,000

100,000

Mainstream (Type B)Active Directorydeployments(estimate)

Economic Slow Down

Original (2000) growth forecast

NT 4.0 Domain to AD MigrationNT 4.0 Domain to AD Migration

Active Directory as a NOS Active Directory as a NOS DirectoryDirectory

NDS ActiveDirectory

GroupWiseeDirectoryZENworks

DirXMLiChainSSO

Exchange 2000IntelliMirrorCertificates

PassportApp dev

IIS

Active Directory versus NDS?Active Directory versus NDS?A Complex QuestionA Complex Question

(e)Provisioning

Single Sign-On

Extranet AccessManagement

Directories

Password Synchronization/Reset

Access360Business Layers

Netegrity

Securant

NovellPassLogixRSA Security

WavesetCourion

M-TechBlockadeNovell

Meta-directories

iPlanet, Novell, Microsoft, Critical Path, Siemens

BMC Oblix

Directory Integration Directory Integration StrategiesStrategies

Metadirectories and Metadirectories and (e)Provisioning(e)Provisioning

Single Sign-On

Directories

Password Synchronization/Reset

Extranet AccessManagement

(e)Provisioning

Meta-directories

Generic text file

Native OS directories (e.g., Unix and

mainframe)

Oracle, Microsoft SQL Server, DB2 native access or ODBC

This is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountand the third line is different than the first two by some amount and some moreThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountThis is an example of a text file that is not meant to be read on the screen

Generic LDAP-enabled directories (e.g.,

Netscape)

ERP (e.g., PeopleSoft and SAP)

Active Directory

NDS/eDirectory

1

2

3

4

. . . . . .

Single point of administrationData accuracy and precedencePassword synchronizationSingle sign-on

Metadirectory ProductsMetadirectory Products

Niche PlayersNiche Players Visionaries

Challengers LeadersLeaders

MicrosoftMMS

AbilityAbilitytoto

ExecuteExecute iPlanetMetadirectory

As of 8/01

CriticalPathInJoin

NovellDirXML

Siemens DirXmetahub

MiddlewareMetamergeSyntegra

V-DirectoriesRadiant Logic

MaXware

Completeness of Vision Completeness of Vision

Metadirectory Services Metadirectory Services Magic QuadrantMagic Quadrant

(e)Provisioning(e)Provisioning

Provisioning is similar to metadirectory in that Provisioning is similar to metadirectory in that it it provides (in most cases) multi-directional provides (in most cases) multi-directional synchronization, however provisioning also synchronization, however provisioning also provides:provides:

Workflow features to tie in other business processes Workflow features to tie in other business processes (e.g., automated procurements, e-mail approvals, (e.g., automated procurements, e-mail approvals, etc.)etc.)

Security context mapping (e.g., knowing that a user Security context mapping (e.g., knowing that a user of type "sales" belongs to specific NOS groups and of type "sales" belongs to specific NOS groups and has specific levels of access in key applications)has specific levels of access in key applications)

Optionally synchronizing passwords between Optionally synchronizing passwords between respositoriesrespositories

The advantages and disadvantagesof a metadirectory solution PLUSthe option to embed business logic

Generic text file

Native OS directories (e.g., Unix and

mainframe)

Oracle, Microsoft SQL Server, DB2 native access or ODBC

This is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountand the third line is different than the first two by some amount and some moreThis is an example of a text file that is not meant to be read on the screenThe second line is different than the firstand the third line is different than the first two by some amountThis is an example of a text file that is not meant to be read on the screen

Generic LDAP directories

ERP (e.g., PeopleSoft and SAP)

YourCode Here!

APIs

Triggers

SDKs

File I/O

Change logs

Stored procs

Custom or commercial middleware

Active Directory

NDS/eDirectory

1

2

3

4

. . . . . .

The Do-It-Yourself AlternativeThe Do-It-Yourself Alternative

1 Survey data sources and assess the needs of people, applications and network infrastructures.

2 Rank all of the enterprise’s directories in terms of strategic importance. Look for the “80% solution.”

3 Identify the information stored in these directories and categorize unique and overlapping information.

4 Identify the authoritative sources of this information.

5 Design a name space that uniquely identifies user objects in each directory and develop cross-references between directories as needed.

6 Define specific projects and identify related products. White pages? Human Resources integration? Windows 2000 deployment?

7-99 Define the business value!!!

First Steps Toward First Steps Toward a Multiple Directory Strategya Multiple Directory Strategy

Tie to a new internal application (e.g., e-mail) Tie to a new extranet application (e.g., CRM) Tie to a defined TCO reduction project (e.g., ZENworks) Agility for future mergers and acquisitions Agility to deploy future applications Facilitate cross-communications (e-mail, white pages) Faster employee start time (hire) Reduce security exposure for exiting employees (fire) Support web services or portal initiatives

Reduced administration (are you ready to cut employees?)

Infrastructure upgrade

Selling Directory ProjectsSelling Directory Projects

Accept that a single directory is not achievable, and focus on the issues of directory management and synchronization

Recognize that if you are deploying Windows servers, dealing with Active Directory is unavoidable

Weigh the attraction of an “enterprise directory” strategy against the flexibility of an integrated metadirectory or provisioning solution

Be prepared to show real business value to a metadirectory or provisioning solution

Remember: Directory projects involve both politics and technology!

SummarySummary

gartner: setting objectives for a directory services project

Documents

multiple directories

nos directorybus200gartner

complex questionbus200gartner