Why are Multiple Directories are Deployed and Virtual Directories Ignored (Part 3)
The four reasons I mentioned in part 2 of this post I hope shed some light on why pure Virtual Directory solutions are not more widely deployed. In all four cases there is only a passing need for a single view of the multiple identity store information, but almost no need to directly interact with those storees from an administrative stand-point.
Virtual Directories do have their place and can help sometimes, but they also have their own set of challenges. One challenge is that since a virtual directory must connect to multiple data sources (yes some can go beyond directories and connect to databases, applications etc…) deployments can be complex. This complexity also may exclude the use of a virtual directory if the system must provide fault tolerance or failover capabilities. When data is written to or read from the Virtual Directory, not only must the Virtual Directory service be ready but so must all of the connected systems as well. If one connected system is off-line (or slow to respond) things can break pretty quickly. You may think caching may be an option here, but from experience the chances of viewing stale data become a strong possibility that no one will tolerate. I have seen only one Virtual Directory solution provide an answer around fault tolerance but even in that case the solution only worked multiple instances of a single vendor’s directory.
Another challenge is application compatibility. If you want your fax software or asset management software to be able to be able to make a call or make an update data through a virtual directory – you better make sure that application will work with the Virtual Directory you are considering. The three Virtual Directory products I’m familiar with all support LDAP and some have web-service extensions as well. But neither of those interfaces matter if your critical applications have not been tested and declared supported by the vendor. If the vendor doesn’t support the use of a Virtual Directory you may be better off using something more old fashion like directory synchronization.
My conclusion here is that if you looking for Directory Management solution a pure Virtual Directory probably isn’t going to be worth the trouble; especially if your central directory is Microsoft’s Active Directory. If you are a developer, however, and you need to the ability to read or update multiple data sources a virtual directory may give you the great plumbing you need.
2 Responses Leave a comment
So what is the best option for using an AD
That depends on if you are looking for a single place for authentication or for management. For management I suggest the product I am responsible for which is ActiveRoles Server from Quest.