Welcome!

Microservices Expo Authors: Liz McMillan, Flint Brenton, Jason Bloomberg, Elizabeth White, Yeshim Deniz

Related Topics: Microservices Expo

Microservices Expo: Article

A Virtual Solution to Real Identity Issues

Repairing the fractures - virtually

To quote the Scarecrow from the Wizard of Oz, "There are pieces of me here. There are pieces of me there."

Thanks to years of independent evolution, user identity information also exists with bits and pieces in different places. This presents a challenge to application developers responsible for writing software that needs to take into account potential access from people across the enterprise who may be in any number of separate identity sources. It also presents a security challenge as allowing access to one application may open doors to others that are best kept shut.

Metadirectories like IBM's Directory Integrator (IDI) and Microsoft's Identity Information Server (MIIS) solve some identity problems by consolidating data from these multiple repositories into a new repository that contains the full picture. Consolidation is important because it reduces the management effort to maintain and improve the quality of attributes that exists for the same individuals across multiple enterprise data sources. Consolidation through the use of a metadirectory can be extremely powerful, but as those who have walked the yellow brick road to metadirectory know, consolidation brings new challenges.

One is data latency. Because they're drawing from other sources, metadirectories need to receive updates from the source directories on a regular basis. Often some of that data can be very old when dealing with batch export jobs that run at night. In some cases that may be acceptable. But what if you're looking at access rights to the network? A terminated employee may have his/her identity removed from the source databases. If it's left in the metadirectory until the batch run, however, that employee could have access to the network the entire day. That's a huge security risk, especially if the employee was terminated suddenly or under very negative circumstances.

Another concern is data ownership. Many large organizations use Web services to create portals for suppliers or employees. Those portals may pull data from a variety of sources. Suppose a portion of the data comes from HR, giving employees the ability to check on their 401(k), number of vacation days left, health benefits, and so on. If it's sitting in a metadirectory controlled by IT, the HR department loses a portion of its control over the data, and the organization is vulnerable to potential liabilities. Should a problem arise, such as confidential information about salary structures leaking out, it could spell disaster and/or lawsuits.

Another example would be regulated industries such as health care service providers, where a given user may be both an employee and a subscriber to the benefits. Both populations could have access to the same application(s); however, strict guidelines or laws mandate that subscriber data is contained in separate physical data stores.

Rather than being the wizard behind the curtain, virtual directories work to present data to applications directly. They are designed as middleware that takes requests using standard protocols like LDAP. They then rewrite and route the request in real time to one or more directories, databases, or other sources that contains the information necessary to fulfill the request. Once the operation is fulfilled, they simply dissolve like the Wicked Witch of the West when the water is thrown on her.

As middleware, rather than behind-the-scenes infrastructure, virtual directories eliminate the need to synchronize identity information to a central place. The application always works with the most current information because it's drawing from the source directory and not a copy of the information. Eliminating the need for replication and hard storage also assures that the data remains under the control of the original owners and that it complies with regulations that ensure data privacy. In the previous example, when the employee accesses the HR portal, the data is drawn and presented to that employee. When the employee is finished, the access point is closed and the data is again protected by HR until the next authorized query.

Another advantage is that virtual directories have the ability to present the same source information differently to different applications in much the same way that a database administrator can create multiple views of the same database tables. As a result, drawing and routing the information for new applications is greatly simplified. Finally, rather than a nine-month infrastructure project that could delay production rollout of portals and other key applications, virtual directories tend to have deployment cycles measured in days due to their non-invasive nature.

While fast, non-invasive deployment is usually great, there are places where metadirectories are still the right choice. For example, they are great for keeping key infrastructures such as NOS and e-mail in synch. These are special-purpose enterprise directories that need to be kept up-to-date with their own proprietary and application-specific data. The key is to determine the requirements of the job and its limitations, and then select the directory option that best fits the parameters.

The fractured nature of user identity information is a fact of life. Yet it doesn't have to be a barrier to accomplishing what needs to be done in the enterprise. Virtual directories provide Web services developers with the ability to take all the individual pieces of straw and rebuild the Scarecrow in new, more interesting, and more secure ways - all while speeding the development cycle. That alone makes them worth a look.

More Stories By Clayton Donley

Currently responsible for Oracle’s directory services product-lines, Clayton Donley’s technical background in this area includes experience in IT, consulting, and development in addition to authoring the book “LDAP Programming”. Prior to Oracle, Clayton founded Octet String, Inc., a developer of virtual directory technology that was acquired by Oracle in 2005. Previous positions have included a wide range of roles at Motorola and IBM. Clayton received a BA from DePaul University in Chicago.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost ...
Don’t go chasing waterfall … development, that is. According to a recent post by Madison Moore on Medium featuring insights from several software delivery industry leaders, waterfall is – while still popular – not the best way to win in the marketplace. With methodologies like Agile, DevOps and Continuous Delivery becoming ever more prominent over the past 15 years or so, waterfall is old news. Or, is it? Moore cites a recent study by Gartner: “According to Gartner’s IT Key Metrics Data report, ...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
"This all sounds great. But it's just not realistic." This is what a group of five senior IT executives told me during a workshop I held not long ago. We were working through an exercise on the organizational characteristics necessary to successfully execute a digital transformation, and the group was doing their ‘readout.' The executives loved everything we discussed and agreed that if such an environment existed, it would make transformation much easier. They just didn't believe it was reali...
"Opsani helps the enterprise adopt containers, help them move their infrastructure into this modern world of DevOps, accelerate the delivery of new features into production, and really get them going on the container path," explained Ross Schibler, CEO of Opsani, and Peter Nickolov, CTO of Opsani, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Archi...