With the exception of Novell, which offers only a reverse-proxy mode, all the vendors provide both agent and proxy approaches. To implement agents, you typically install an ISAPI/NSAPI filter on each Web server that will be part of the IAM infrastructure. In the long run, an agent approach might require extra maintenance, but it will provide more granular control. On the other hand, a reverse proxy, which is placed between the client and the Web servers, requires no server modifications. It's a good choice for shops using a Web server for which the vendor doesn't offer a Web agent, such as older versions or unsupported platforms. In addition to required changes in the network configuration, performance could be a problem with a reverse proxy unless you use a redundant/load-balanced architecture, because all traffic must be routed through the proxy rather than distributed across many servers.
Our Impressions
HP became a major player in the IAM market with its 2003 acquisition of Baltimore Technologies' Select Access identity-management product. Select Access won our Editor's Choice award in this review, with Novell a close second. Select Access offers a competitive feature set and a management interface second to none. With most products, we spent days trying to configure and implement tasks that with Select Access were quick and easy.
Although we found Novell's package comprehensive and powerful, it requires multiple Novell products and would be a big step for a non-Novell shop; several admins would be needed to maintain the Novell IAM installation. RSA's ClearTrust, on the other hand, is easy to use and would work well for organizations with staff programmers who like to tinker. However, though ClearTrust has most of the core features of an enterprise IAM suite, it lacks out-of-the-box support for multiple identity stores, something organizations should demand--especially since ClearTrust is among the more expensive products.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
