Five identity management issues facing large enterprises

OctetString’s Phil Hunt (whose name does pop up here from time to time) has written a new and, I think, quite interesting white paper called “Supporting Large-scale Deployments through Virtual Directory Technology.” Not a catchy or snappy title, but it does tell you what the paper is about.

And what it’s about is solving the five major identity management issues facing large enterprises and their applications. The paper’s only 14 pages long (and really only 12 pages of “meat”) so it shouldn’t take you long to digest it. Not surprisingly, Hunt concludes that virtual directory technology is the solution to the problems.

The five issues identified by Hunt are:

1. Clogged Replication of Data – Large numbers of indexes, with regional directory “farms,” slow down the replication of data, overpowering the server’s ability to keep up. 

2. Transaction Failover – Despite fault-tolerant infrastructures, so-called “dumb” applications often replay invalid transactions on multiple directory servers. Alternatively, an application that fails once may not try to access the servers again. 

3. Connection Hog Syndrome – Some applications establish connections upon bootup, then maintain those connections whether or not they’re conducting any transactions, effectively bypassing load balancing, and tying up servers needlessly.

4. Everybody’s Talking at Once – The opposite of the Connection Hog Syndrome, in this scenario directory servers are often tied down by being forced to deal with too many connection requests at one time. Instead of performing core directory operations, the servers spend time establishing connections with thousands of clients. 

5. Too Much Data to Swallow – Sometimes, the sheer amount of data planned for the directory surpasses the capacity of any single server.

Phil does show how a Virtual Directory Engine (VDE) can overcome the problems these situations cause and hopes, I’m sure, that you’ll remember OctetString should your needs require the benefits of a VDE. You could also search previous issues of this newsletter (at https://www.nwfusion.com/newsletters/dir/) using the search term “virtual directory” to turn up other providers of this technology.

This paper is heavily illustrated, but with useful illustrations that probably justify using Adobe Acrobat to create a PDF file for it. Still, having a PDF so that people can print the file while providing an HTML version to be read online shouldn’t be all that difficult. In my case, it required I update my version of the Acrobat reader, which added a half hour (did I ever mention that I’m not particularly fond of Adobe?) to the time needed to read the paper. It’s possible that if I weren’t convinced ahead of time that it would be useful to read, I might have skipped it as too much trouble for what it might be worth. Just a word to the wise, Phil.