Making compliance management simple

The foundation for security and enterprise management

Utah’s NetVision was started a dozen years ago by a group of fugitives from Novell. The company’s unstated mission was to tie all sorts of other operating systems, services and applications to Novell’s eDirectory (then called NDS, Novell Directory Service). The main product line was called “Synchronicity” and way back in 1997 I touted NetVision’s Synchronicity for NT.

I’d last written about NetVision three years ago when I wrote about the free password reset tool it decided to hand out to anyone who asked.

Times - and management - change, and the new folks at NetVision realized that its Global Event Services (GES) technology was perfect to use as part of a compliance tool for directory and server access.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Utah’s NetVision was started a dozen years ago by a group of fugitives from Novell. The company’s unstated mission was to tie all sorts of other operating systems, services and applications to Novell’s eDirectory (then called NDS, Novell Directory Service). The main product line was called “Synchronicity” and way back in 1997 I touted NetVision’s Synchronicity for NT.

I’d last written about NetVision three years ago when I wrote about the free password reset tool it decided to hand out to anyone who asked.

Times - and management - change, and the new folks at NetVision realized that its Global Event Services (GES) technology was perfect to use as part of a compliance tool for directory and server access.

Last week, I spoke with NetVision’s new CEO David Rowe, who was formerly with Intel, and new Marketing VP Vance Skidmore, formerly with MaXware. They were touting the company’s newly revamped product line, which included the renaming of its worthy successor to Synchronicity, now dubbed NVIdentity. But it’s the patented GES engine that lies at the heart of the company’s future direction.

NetVision has great plans to become the center of compliance auditing for currently a Windows Server-based network and in the future for all operating systems, services and applications running on your network. Row realizes this will take time and acknowledges that a full solution will need the cooperation of vendors of those systems, services and apps. But as we chatted, I came to the realization that there might be a better way.

Rowe, as a veteran of the networking hardware environment at Intel, was quick to realize the potential when I suggested an SNMP-like arrangement for compliance auditing and monitoring. SNMP - Simple Network Management Protocol – is a way to keep track of the events occurring on your network as well as a way to control the devices present. If you’re an IT manager, you probably have an SNMP management console or two already. But suppose you could have something similar for services and applications?

As the excellent SNMP chapter in the Internetworking Technology Handbook by Cisco states: “[SNMP] is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.”

SNMP works through a configuration database called a Management Information Base (MIB), “a collection of information that is organized hierarchically,” just like an LDAP/X.500 style directory system. The MIB (overly simplified) specifies what can be managed and how to do it. The moribund Directory Services Markup Language Technical Committee of OASIS has already constructed methods for translating directory/identity data between LDAP/x.500 and XML. By synthesizing all of this work couldn’t we create a Compliance Information Markup Language (CIML) along with compliance management consoles speaking the Simple Compliance Management Protocol (SCMP) to monitor and gather compliance information?

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.