Welcome!

Microservices Expo Authors: Elizabeth White, Liz McMillan, Pat Romanski, Aruna Ravichandran, Cameron Van Orman

Related Topics: Microservices Expo

Microservices Expo: Article

A Virtual Solution to Real Identity Issues

Repairing the fractures - virtually

To quote the Scarecrow from the Wizard of Oz, "There are pieces of me here. There are pieces of me there."

Thanks to years of independent evolution, user identity information also exists with bits and pieces in different places. This presents a challenge to application developers responsible for writing software that needs to take into account potential access from people across the enterprise who may be in any number of separate identity sources. It also presents a security challenge as allowing access to one application may open doors to others that are best kept shut.

Metadirectories like IBM's Directory Integrator (IDI) and Microsoft's Identity Information Server (MIIS) solve some identity problems by consolidating data from these multiple repositories into a new repository that contains the full picture. Consolidation is important because it reduces the management effort to maintain and improve the quality of attributes that exists for the same individuals across multiple enterprise data sources. Consolidation through the use of a metadirectory can be extremely powerful, but as those who have walked the yellow brick road to metadirectory know, consolidation brings new challenges.

One is data latency. Because they're drawing from other sources, metadirectories need to receive updates from the source directories on a regular basis. Often some of that data can be very old when dealing with batch export jobs that run at night. In some cases that may be acceptable. But what if you're looking at access rights to the network? A terminated employee may have his/her identity removed from the source databases. If it's left in the metadirectory until the batch run, however, that employee could have access to the network the entire day. That's a huge security risk, especially if the employee was terminated suddenly or under very negative circumstances.

Another concern is data ownership. Many large organizations use Web services to create portals for suppliers or employees. Those portals may pull data from a variety of sources. Suppose a portion of the data comes from HR, giving employees the ability to check on their 401(k), number of vacation days left, health benefits, and so on. If it's sitting in a metadirectory controlled by IT, the HR department loses a portion of its control over the data, and the organization is vulnerable to potential liabilities. Should a problem arise, such as confidential information about salary structures leaking out, it could spell disaster and/or lawsuits.

Another example would be regulated industries such as health care service providers, where a given user may be both an employee and a subscriber to the benefits. Both populations could have access to the same application(s); however, strict guidelines or laws mandate that subscriber data is contained in separate physical data stores.

Rather than being the wizard behind the curtain, virtual directories work to present data to applications directly. They are designed as middleware that takes requests using standard protocols like LDAP. They then rewrite and route the request in real time to one or more directories, databases, or other sources that contains the information necessary to fulfill the request. Once the operation is fulfilled, they simply dissolve like the Wicked Witch of the West when the water is thrown on her.

As middleware, rather than behind-the-scenes infrastructure, virtual directories eliminate the need to synchronize identity information to a central place. The application always works with the most current information because it's drawing from the source directory and not a copy of the information. Eliminating the need for replication and hard storage also assures that the data remains under the control of the original owners and that it complies with regulations that ensure data privacy. In the previous example, when the employee accesses the HR portal, the data is drawn and presented to that employee. When the employee is finished, the access point is closed and the data is again protected by HR until the next authorized query.

Another advantage is that virtual directories have the ability to present the same source information differently to different applications in much the same way that a database administrator can create multiple views of the same database tables. As a result, drawing and routing the information for new applications is greatly simplified. Finally, rather than a nine-month infrastructure project that could delay production rollout of portals and other key applications, virtual directories tend to have deployment cycles measured in days due to their non-invasive nature.

While fast, non-invasive deployment is usually great, there are places where metadirectories are still the right choice. For example, they are great for keeping key infrastructures such as NOS and e-mail in synch. These are special-purpose enterprise directories that need to be kept up-to-date with their own proprietary and application-specific data. The key is to determine the requirements of the job and its limitations, and then select the directory option that best fits the parameters.

The fractured nature of user identity information is a fact of life. Yet it doesn't have to be a barrier to accomplishing what needs to be done in the enterprise. Virtual directories provide Web services developers with the ability to take all the individual pieces of straw and rebuild the Scarecrow in new, more interesting, and more secure ways - all while speeding the development cycle. That alone makes them worth a look.

More Stories By Clayton Donley

Currently responsible for Oracle’s directory services product-lines, Clayton Donley’s technical background in this area includes experience in IT, consulting, and development in addition to authoring the book “LDAP Programming”. Prior to Oracle, Clayton founded Octet String, Inc., a developer of virtual directory technology that was acquired by Oracle in 2005. Previous positions have included a wide range of roles at Motorola and IBM. Clayton received a BA from DePaul University in Chicago.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, will discuss some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he’ll go over some of the best practices for structured team migrat...
As people view cloud as a preferred option to build IT systems, the size of the cloud-based system is getting bigger and more complex. As the system gets bigger, more people need to collaborate from design to management. As more people collaborate to create a bigger system, the need for a systematic approach to automate the process is required. Just as in software, cloud now needs DevOps. In this session, the audience can see how people can solve this issue with a visual model. Visual models ha...
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
Digital transformation leaders have poured tons of money and effort into coding in recent years. And with good reason. To succeed at digital, you must be able to write great code. You also have to build a strong Agile culture so your coding efforts tightly align with market signals and business outcomes. But if your investments in testing haven’t kept pace with your investments in coding, you’ll lose. But if your investments in testing haven’t kept pace with your investments in coding, you’ll...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lav...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
SYS-CON Events announced today that Cloud Academy has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the leading technology training platform for enterprise multi-cloud infrastructure. Cloud Academy is trusted by leading companies to deliver continuous learning solutions across Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most...
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
DevSecOps – a trend around transformation in process, people and technology – is about breaking down silos and waste along the software development lifecycle and using agile methodologies, automation and insights to help get apps to market faster. This leads to higher quality apps, greater trust in organizations, less organizational friction, and ultimately a five-star customer experience. These apps are the new competitive currency in this digital economy and they’re powered by data. Without ...
A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud so...
For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers bala...
With the modern notion of digital transformation, enterprises are chipping away at the fundamental organizational and operational structures that have been with us since the nineteenth century or earlier. One remarkable casualty: the business process. Business processes have become so ingrained in how we envision large organizations operating and the roles people play within them that relegating them to the scrap heap is almost unimaginable, and unquestionably transformative. In the Digital ...
These days, APIs have become an integral part of the digital transformation journey for all enterprises. Every digital innovation story is connected to APIs . But have you ever pondered over to know what are the source of these APIs? Let me explain - APIs sources can be varied, internal or external, solving different purposes, but mostly categorized into the following two categories. Data lakes is a term used to represent disconnected but relevant data that are used by various business units wit...