Virtual directory servers that aggregate identity information from a variety of sources promise to solve problems with directories and databases while creating an identity “layer” that can provide identity services to any application.

Directories and databases act as identity storage for an enterprise’s identity-management system. In most enterprises, identity information is dispersed in multiple directories, which are often managed autonomously by a business unit. Over the years many enterprises have attempted to consolidate directories into “meta-directories” to reduce complexity and operational costs. Still, political issues regarding control of the information in the directories make it difficult to wrest control of all directories and put them under one single management.

The virtual directory server does not hold any identity info itself. Instead, virtual directory servers work by aggregating identity data from multiple sources, such as LDAP-enabled directories, Microsoft’s Active Directory, databases, and so on. When an application requests identity information, the virtual directory server will use a set of rules from its configuration to decide how to join the identity data from different sources.

Each different source may only have part of the picture: HR databases may contain a person’s name and title; an Active Directory server may hold the user’s memberships in various groups, and so forth. The virtual directory server can merge the information into a single virtual identity and present it to an application.

The benefits of virtual directory servers are significant:

Political - By leaving the identity information in the original data stores, there are no political arguments over control of the data. HR can still maintain and manage its own database of employees, while making that information available for all kinds of applications.

Application migration - New applications can be written to access identity information from the virtual directory server. This abstraction allows administrators to move or re-engineer the original data sources without any disruption to applications. This creates a much smoother migration and consolidation roadmap.

Availability - Virtual directory servers can source identity information from two or more equivalent sources. If one goes down, the request can be routed to another. This increases overall availability and allows for data migration work without downtime.