Novell's iChain is the only product tested that we would call a soup-to-nuts offering; it encompasses identity storage, identity management and access control. The system we installed used iChain to control access to our Web resources while integrating all our data repositories using DirXML. Management was performed via iManager and ConsoleOne, with eDirectory serving as the central data repository for user and configuration information. While the other vendors sent one technician to our labs, Novell sent four, each with expertise for one of the above products. This turned out to be a sign of things to come--the Novell products didn't always work as a whole as well as we would have liked.
As the name suggests, NDS eDirectory is a directory service--essentially NDS detached from NetWare. In addition to storing user data, it can manage information on applications, network devices and other data, such as configuration information for DirXML. EDirectory supports LDAP and scales to store millions of objects. After setting up eDirectory, we imported all our users from Active Directory. It would have been nice if we didn't have to change directory stores, but the DirXML component required us to port these identities to eDirectory.
Few organizations are lucky enough to have all their identities in one repository, which is where DirXML comes in handy. Using DirXML communication drivers, we could share and synchronize data between eDirectory and other applications, including SAP, PeopleSoft, Lotus Notes, Microsoft Exchange, Microsoft SQL Server and Active Directory. EDirectory remains the master directory and synchronizes with the others, but data must reside in the master directory for this to happen. The drivers indicate when a change in data occurs in any of the identity stores and propagates the information across the repositories via configurable filters and policies. Filters indicate which information will be used, while the policies indicate what should be done with that information. We set DirXML to use eDirectory as the authoritative repository for passwords. When a change occurred in eDirectory, our policy propagated the change to Active Directory and SQL Server. However, our policy stated that a change in the password within Active Directory or SQL was overwritten by the value in eDirectory.
|
|
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
