Directory appliance

By Dave Kearns
Network World Directories Newsletter, 04/22/02

Last week, I was talking to Stu Bailey, founder and CTO of InfoBlox and the subjects of Lightweight Directory Access Protocol; Universal Description, Discovery and Integration; DNS; and appliances came up.

That's not surprising, as InfoBlox makes a network appliance called DNS1, a " plug and play " Domain Name System/Dynamic Host Configuration Protocol server. Anyone who's spent time on the mind-numbing task of maintaining DNS records will appreciate that making an appliance to handle the drudgery is a stroke of genius.

Now he wants to do the same for directory services, so a stand-alone " appliance-ized " Lightweight Directory Application Protocol (LDAP) server seemed like a good place to start.

The more we spoke, the more I realized that what we were talking about was not just a virtual directory server, but one that - right out of the box - would be a lot more automated, had a lot more wizards and connect to a lot more data sources than most current virtual directory systems.

Once you've eliminated the political issues surrounding virtual servers (and that usually is a one-time, albeit a long-time, activity), and created the rules and policies for joins (also drudgery, but usually only a one-time operation), what remains are the discovery of data sources (which continues as new products and services are added to the net), the creation of connectors for them, and the formatting and synchronization of data (which is a continuous, ongoing need). Just the sort of things appliances do well.

Bailey was also interested in the progress of UDDI (which is new to him), seeing it as " DNS on steroids " (since DNS is old-hat to him). That is, it's just a latter day naming and locating service. But why shouldn't that be handled by the directory - by the LDAP-enabled directory you already have, or the one which you'll implement with a just-about-to-be-invented directory appliance?

That recalled a note I'd received from Computer Associate's Debra Novack pointing me to a white paper on CA's site (www3.ca.com/Solutions/Collateral.asp?ID=1584&PID=160) called " Leveraging Directory Technology for Enterprise UDDI " (and, yes, it's a PDF file, but I won't hold that against CA just now).

The theme of the paper is that UDDI, at least within the enterprise, should simply be another directory-enabled service. As co-authors Tom Bentley and Don LeClair put it: " ...the UDDI registry becomes a fundamental piece of an organization's infrastructure - an important Enterprise application - and therefore must provide the highest levels of security, performance, reliability and manageability. Directory technology provides an ideal foundation to support the stringent requirements of an Enterprise UDDI Registry. "

Of course, I wouldn't stop there. Current directory technology is sufficient that a global UDDI repository should be based on integrated directory servers. This is in many ways very similar to the way in which DNS developed, not surprisingly. And that brings us full circle back to Bailey and his idea for a directory appliance. We just need someone to step up and create the DSS - Directory Services Service.

I know that most of you aren't shy, so I shouldn't have to encourage you, but do feel free to send your thoughts (to ds@vquill.com) on DSS, UDDI, DNS, appliances and all the other things we've talked about today. Maybe we can change tomorrow.