SAN FRANCISCO - Microsoft has made a dramatic change in its Active Directory strategy, saying it will ship a stand-alone version of the software separated from the operating system that finally provides network executives with a directory for Web-based applications.
At Burton Group's Catalyst Conference last week the company laid out a road map for Active Directory, including a version called Application Mode, a pure Lightweight Directory Access Protocol (LDAP)-based directory to support Web applications. Application Mode will be an option to the standard full install of Active Directory tied closely with Windows.
"It's about time," says Tom Gaylord, CIO for the University of Akron in Ohio. "There is great potential and obvious benefits for decoupling the directory. It can greatly simplify your architecture."
The company also says convergence of its directory and database is inevitable as it tries to create a universal data store and that it will ship Microsoft Metadirectory Services (MMS) 3.0 early next year as the first step in that convergence. Microsoft says it hopes the convergence will allow for more sophisticated data-driven applications, especially those built using Web services.
Application Mode gives network executives the flexibility to deploy the directory without having to set up an entire Windows.Net Server operating system environment, install it on a domain controller and activate services such as Kerberos, Domain Name or public-key infrastructure.
It also means users don't have to include Application Mode directories in their normal replication architecture or share the directory schema, the language that defines the directory, with other copies of Active Directory.
"What they are doing is making it easier to use Active Directory in an e-business role without having all the baggage of the network operating system," says Jamie Lewis, CEO of Burton Group. "E-businesses and extranets created a need for a general-purpose, vanilla LDAP directory to authenticate users. What Microsoft is doing is a sign of maturity."
Lewis says it also is the start of serious competition with directories from Sun and Novell.
"People have been turning to those vendors' directories because it has been too hard to deploy Active Directory as a general-purpose directory," he says.
Microsoft is reacting to Web-based directories from competitors including Sun ONE Directory Server and Novell eDirectory, which network executives have preferred as Web-based directories.
Sun made its own directory upgrades last week, releasing the final beta of Sun ONE Directory Server 5.2, which includes enhancements such as four-way multimaster replication across a WAN and support for 64-bit caching. Novell also announced that eDirectory would be the foundation of an identity management system called Project Saturn.
Network executives have asked Microsoft to offer a stand-alone version since Active Directory shipped.
Microsoft, without much success, had tried to convince users that by adding Web-based features, such as a standard LDAP user description called inetOrgPerson, its network operating system (NOS) directory was suitable for Web-based deployments.
"This is groundbreaking for us," says Jackson Shaw, product manager for directory services for Microsoft. "It's an LDAP directory to support applications."
In addition, Shaw says, the Application Mode directory would integrate with the NOS version of Active Directory to share user-authentication duties.
Application Mode will ship 30 days after Windows.Net Server, which is scheduled to ship by year-end. The first-release candidate of the .Net operating system is due next week.
Even though Active Directory now can run on its own, it still only runs on top of Windows, much like Microsoft's other server applications, and only with the .Net operating system and Windows XP Professional. The XP support lets developers install the directory right on their desktops.
The Application Mode directory is a near-term change for Microsoft, but the future holds even bigger changes as the company creates a universal data store around its Yukon technology.
Microsoft says it believes the directory and the database will be united in the future.
"How many people can program against a directory? A large number. How many applications use a database? A large number," says Kim Cameron, directory architect for Microsoft. "Right now your identity and authentication data is segregated in the directory with its own protocols; it is hard to join with the database." Cameron says a lot of challenges have to be overcome to converge the two, but that Microsoft eventually will integrate the two. He would not specify a time frame.
Competitor Oracle has its own directory and Internet File System built on a database.
Cameron says the convergence would have many benefits. As an example, he demonstrated at the Catalyst Conference an XML-based technology called Polyarchy that lets users create different hierarchical views of data, such as an organizational chart and a set of discussion lists. In essence, it is a sophisticated White Pages application that can display key relationships between people and data. The linchpin to creating such lists is that user identity information and data all reside in one repository.
"We wanted a new way to visualize and search and make directories more capable. Users want integrated views so we have to store data differently," he says.
The first crack at changing that storage will ship with MMS 3.0, which will display directory information as SQL tables. MMS 3.0 is a metadirectory that lets information be joined in a single logical entity. It includes a Preview mode that works much like a Print Preview, letting users see what changes will look like before they are made.
Microsoft also has integrated MMS 3.0 with Visual Studio.Net to create a standard development environment. Support for the Directory Services Markup Language, basically an XML representation of LDAP, is being added to provide XML application developers with easy access to directory services.
RELATED LINKS
