Virtual Directories Take Hold

Virtual directories let organizations gather information from many data sources and present that information from one interface, securely. Best of all, open-source options are lowering the entry cost for small

April 11, 2007

7 Min Read
Network Computing logo

Data only proliferates, never consolidates, so finding ways to access the increasing amount of customer, partner and employee data in databases and directories can be daunting. Virtual directories provide a way, regardless of where the data resides.

Until recently, this arena was dominated by commercial tools, but recent open-source innovations have shifted the landscape. Open-source groups MyVD Virtual Directory and Safehaus Software Foundation are offering options that may appeal to small companies.

The main advantages of a virtual directory compared with a metadirectory include faster deployment time, the ability to avoid synchronizing data from other sources and security efficiencies. Commercial virtual directories are less expensive over time than metadirectories or custom-built ones. Beyond that, open-source alternatives help smaller companies adopt the technology because they are less expensive than commercial products.One drawback of virtual directories is that they introduce a layer of middleware between the user and the authoritative system of record, which may translate into slower performance than users would experience with the authoritative system; this may be a problem only with apps that require a high service level, such as those for call centers. In addition, a virtual-directory application must be deployed with the same level of fault tolerance as the directory and database applications it will interact with.

Using The Data You Have

A virtual directory (and a metadirectory, for that matter) presumes two facts: The information users need exists in some enterprise application; and having users access that application directly is impractical, inefficient or inappropriate. In addition, companies may want to present data from multiple applications in a single view to give users all the information they need in one place. Without a virtual directory, companies would be faced with using a metadirectory to pull that information into an additional, more broadly accessible data store or with extending that information into an application to which users have been granted access--a customer-service program, for instance, through which users would see customer-contact information from a CRM application and shipping information from a logistics and supply-chain application all on a single screen.

With a metadirectory, IT admins must extend the metadirectory or application schema, then provide a mechanism that synchronizes data. The downsides of this approach include costly development, unreliable synchronization and information that is only as up-to-date as the last synchronization. In organizations subject to regulatory requirements, these changes also must be documented and justified for audit purposes.

Virtual directories, in contrast, let users access data structures already in place, regardless of format, while maintaining the authoritative app's security structure. Rather than replicate existing data as a metadirectory would, a virtual directory acts as a proxy to the authoritative app, passing security credentials, accessing records and transforming data so that it can be displayed to users in the proper context.Besides faster deployment and synchronization benefits, in comparison with metadirectories, virtual directories bring security efficiencies. They let companies work within the security parameters of existing directory and database apps rather than creating a new security model. The virtual directory also can act as a proxy to other apps. It can act as an identity firewall without forcing a company to invest in a federated ID-management product. A virtual directory lets companies re-architect how users view ID information without changing underlying apps. Although initial costs for virtual-directory software are comparable to metadirectory and custom-built products--typically about $50,000--the lower management and maintenance overhead makes it a cheaper alternative.

A practical application of a virtual-directory application would be to consolidate user data for an employee directory in a corporate portal. Portal information could be pulled from the human resources management system, an e-mail server, a knowledge-management application and CRM system, for instance.

Developer Roll Call

In June 2006, Safehaus Software Foundation launched Penrose 1.0, an open-source virtual-directory project. Penrose is a Java-based server that can run as a standalone application or as a back end for ApacheDS

TimelineClick to enlarge in another window

(Apache Directory Server) or OpenLDAP. Although Penrose doesn't directly integrate with specific database applications--it uses JDBC--it is an open-source product with a plug-in architecture, so companies should be able to build their own connectors or find third-party connectors.

Click to enlarge in another window

MyVD Virtual Directory is a Java-based open-source project hosted on SourceForge. MyVD is still in development (the .80 version was introduced in February), but it will support custom connectors, called inserts, to manage integration with other applications that hold ID data.

It's not surprising that Microsoft and Novell provide virtual directories, but many of the early third-party metadirectory vendors that created directory-synchronization tools also offer virtual directories. MaXware, Persistent Systems, Radiant Logic and Symlabs were among the first with virtual-directory products. Another early developer, Octet String, was acquired by Oracle in 2005. Oracle is making the Octet String products part of its suite of ID-management apps. Although IBM offers the middleware, database and directory products that should let it play in this space, partners such as Radiant Logic and Symlabs help IBM deliver virtual directories.

Despite bigger players such as Oracle entering the fray, dedicated directory management vendors, including Radiant Logic and Symlabs, are the market leaders in terms of share and innovation.

ID management is a fundamental application of the technology, and vendors with ID-management systems, such as Microsoft, also offer products. This means that conventional systems-management vendors, such as BMC Software and CA, also offer virtual directories through an OEM agreement or partnership with a virtual-directory software vendor.Michael Caton is a freelance writer with 18 years experience evaluating technology products for technology buyers at large organizations. Most recently he has been reviewing CRM and messaging and collaboration products. Write to him at [email protected].

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights