Requirement for Enterprise Directory Services

1
Requirement for Enterprise Directory Services

• A Customer Influenced Perspective
• TOG DCE Program Group

brian_at_gradient.com Amsterdam, January 1998
Brian Breton Gradient Technologies, Inc.
2
What are directory services?

• Mechanisms that allow clients to locate entries
  attributes about those entries
• Client people or programs
• Entries network resources, printers, web pages,
  etc

3
Enterprise Directory Services Requirements

• Logically centralize user management
• Complete interoperability
• Fault tolerance for high availability
• Internet scalability and interoperability
• Multi-vendor, standards-based services
• Bi-directional operational/managerial services
• Cross-platform support

4
Enterprise Directory Services Requirements

• Replication of directory updates in lieu of
  redistributing the entire directory database
• Hierarchical directory structures manageable by
  different administrators, with restrictions on
  admin privileges
• Segment database into multiple containers with
  their own replication schema to keep performance
  at a usable level
• Centralized account and security management

5
The Promise of DCE CDS

• Cross organizational
• Business-to-business
• Network-centric applications

6
DCE CDS Promised Positivesis it as bad as we
think?

• Extensive, integrated platform coverage
• Support centralized network account management
• SSO to DCE aware apps and services
• High availability of content and access
• Replication and synchronization
• Clients can keep full copies of directory locally
• Trust model allows for remote cell access
• Cross-organizational applications and security
  without knowing users in remote cell

7
DCE CDS Weaknesseswhere shall we start?

• Lack of service integration
• Inconsistent feature implementation
• Lack of third party support
• Lack of management tools
• Requires homegrown solutions
• Limited extensibility

8
The Promises of LDAPand the kitchen sink

• A single method for combing through directories
  for
• User names
• e-mail addressees
• security certificates
• other contact info
• Common access method to directories
• Flexible security model

9
LDAP Requirementsto go where no directory
service has gone before

• Server-to-server communications
• Improvements to directory searching
• Meta directory that will combine elements from
  other directories
• Standard for replication
• Management tools required

10
The Gradient Perspective

• CDS
• CDS is not a long terms answer
• LDAP
• LDAP is an access mechanism like ODBC
• Requires a standard implementation
• Separation security services from security
  repository
• Integrate and implement to customer requirements
  and standards

11
DCE LDAP Motivations

• Leverage DCE security infrastructure for securing
  LDAP
• Store security registry information in LDAP to
  consolidate management and access of security
  related info
• Remove CDS from client for smaller footprint

12
NetCrusader LDAP Motivations

• Internet accessible, industry standard directory
  service
• Store security information in LDAP to consolidate
  management and access of security related info
• Internet scalability

13
In Summary

• The requirements for Enterprise Directory
  Services must be defined and standardized
• DCE needs to support Enterprise Directory
  Services
• LDAP is not yet ready for prime time
• Gradients security solutions will evolve to
  support Enterprise Directory Services