Post on 18-Jan-2016
www.novell.com
DirXML™ Competitive ComparisonsDirXML™ Competitive Comparisons
Ed AndersonDirector, Product ManagementNovell, Inc.eander@novell.com
Joe SkehanProduct ManagementDirectory Services and ProvisioningNovell, Inc.jskehan@novell.com
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Agenda
• Market Segmentation
• Technology Components
• Market Competitors
• Novell DirXML
ag
end
a
MarketSegmentation
EnterpriseApplicationIntegration
Meta-directory
Provisioning
DirXML
Market Segmentation
Enterprise Application Integration (EAI)
• Data oriented• Been around for a while• Very expensive (lots of consulting required)• Characterized by XML and other standards
• Square peg in a round hole…
Players Middleware Application Server Platform Custom Consulting
Meta-directory
• Consolidation of directory data (identity) to a central repository
• Most directory products have an associated meta-directory component
• Typically based on rote synchronization
Players Microsoft iPlanet Critical Path Siemens Maxware Metamerge
Provisioning
• Automatic account creation, deletion, and modification based on business policies
• Usually includes workflow• Auditing and reporting• Digital access rights and permissions are also
provisioned• Most support batch imports from HR systems
Players Access360 Business Layers
Novell DirXML
• Plays in all three segments EAI
• Integration of identities across applications• Complimentary with general-purpose EAI solutions
Meta-directory• Consolidation and reconciliation of common data into a
central repository Provisioning
• Use of workflow rules to define the behavior of integrated systems
• An extension to eDirectory Uses the event system and data replication engine
• Can connect to any system Connects without requiring a change to the existing
application or deployment topology
• 100% Standards-based
TechnologyComponents
Key Components
• Workflow• Reporting and Auditing• Management• Persistent Join• Real-time• Standards• Bi-directional synchronization• Connector suite• Extensibility co
mponents
Workflow
• Workflow pertains to five activities Design
• The tools that visually map out the provisioning process• This is where the business processes are represented
Initiation• From where an add, modify, or delete event is initiated
Escalation• Suspending the data operation to acquire approval before
proceeding with the operation Tracking
• The status of any operation can be extracted from the workflow process
Enforcement
Reporting and Auditing
• Status Current status on connector state Current status on provisioning process
• Auditing Data collection Logging Alerts Reporting Data analysis Policy enforcement
Reconciliation This function points out the differences between connected
systems
Management UI
• Web-based Accessible anywhere Administrators can’t be tied to an
office
• Real-time Up-to-date views
• Design interfaces Lay it out Model it Export it Configure it
Persistent Join
• Join engines combine data elements from different data sources
A ‘join’ is the same concept as that used in the database world
• The ‘joined’ data constitutes the ‘meta-data’• Meta-data stored in a directory constitutes the meta-
directory• Persistent join
Joined data committed to disk Exposed through an intermediate method (meta-directory)
• Non-persistent join Synchronize common attributes within the data elements but
don’t expose the joined data anywhere
Real-time (Event Driven)
• Push Events are generated by one location and then
pushed to all applications
• Pull Events are detected in the applications and
then pulled to a central meta-directory
• Bi-directional Events are detected at all points pulled to a
central join engine, and then redistributed out to all other applications
Good
Bad
Bad
Standards
• Application interfaces Some are standard, some are not…all moving to XML
• Protocols Important for remote connectivity LDAP is critical, LDIF can be useful HTTP/SSL and IP generally
• XML Many flavors (vocabularies) DSML—watch for an increased role for DSML SAML—security federation between systems will rely on
SAML in the future SOAP—Web Service enablement of integration will also
be important
Bi-directional Data Synchronization
Novell DirXML
Connectors
• Database• Platform• Application• Directory• Messaging• Security• Device
Extensibility
• Developer tools SDK
• Tools• Documentation• Validation
Scripting, default configuration, exception handling
• XML The Universal Connector
• LDAP• File-based synchronization
Market Competitors
Provisioning Landscape
NovellAccess360Business Layers
• DirXML, Identity Provisioning• eRole• eProvision, Day1
Access360enRole
Things they did right…• Workflow integrated• Web-based access and management• Sets security attributes in applications• Accommodates user self-serviceThings to watch out for…• Forces all passwords to be set to the same value• Available only on Solaris• Changes are synchronized uni-directionally• No security offering for authentication or SSO• Access360 must develop all connectors…the system is
only extensible by Access360
Business LayerseProvision Day1
Things they did right…• Good point solution for managing employees• Graphical workflow• All management web-based• Works well in a Microsoft environmentThings to watch out for…• Tied to Windows, won’t work with other platforms
Completely dependent on COM
• Changes must originate from the BL console Except for PeopleSoft, the exception
• Changes are synchronized uni-directionally• Limited connectors, no developer tools
Meta-Directory Landscape
NovellMicrosoftiPlanetCritical PathSiemensMetamergeMaxware
• DirXML• Microsoft Meta-directory Services• Directory Server, Integration
Edition• Meta-directory Server• DirXmetahub• Integrator• DSE
MicrosoftMeta-directory Services (MMS)
Things they did right…• Good management interfaces• Free (product only)Things to watch out for…• Works only on Windows• Uses a proprietary scripting language for coding
connectors• Requires an expensive consulting engagement• Not really integrated with Active Directory
Uses an intermediate data store (meta-views)
• Requires a common key for the join• Limited connectors, only mainstream applications
iPlanetDirectory Server Integration Edition
Things they did right…• Strong use of LDAP, directory integration• Licensed code from ISOCORThings to watch out for…• Hasn’t seen development until recently• Limited connectors, connector development is very
difficult• Limited platform support• Requires a common key between applications• Weak supporting programs
Consulting, technical support, developer support
Critical PathCP Meta Directory
Things they did right…• Acquired product from ISOCOR• Good management and configuration tools• Works with any LDAP serverThings to watch out for…• Forces all data to a directory view, not a good fit for
provisioning• Limited use of XML• Limited platform support• No way to implement business logic (outside of
consulting)• Custom translators must be built for all connectors
SiemensDirXmetahub
Things they did right…• Strong use of LDAP, directory integration• Good platform support• Pretty good management utilities• Good granularity of controlThings to watch out for…• Limited presence in North America• Data synchronization uses intermediate files to move
data• Based on IBM MQ-Series• Confusing product line• Uses Tcl as the scripting language
MetamergeIntegrator
Things they did right…• Event-driven• Integration with other message bus technologies• Good platform support• Good support for rules and transformationsThings to watch out for…• More like an EAI solution• No consolidated, persistent view of joined data• Separate connectors are required for bi-directional
synchronization• Focused on directories, databases, and HR applications
MaXwareData Synchronization Engine (DSE)
Things they did right…• Good integration of business logic during
synchronization• Directory agnostic• Provides a persistent, joined view of the dataThings to watch out for…• Uses an intermediate state for a two-stage
synchronization• Computes the “join” during each event (no indexing)• Limited connectors, connector development is very
difficult Limited to directories and databases only
Novell DirXML
The One Net FoundationNovell eDirectory
Novell eDirectoryNovell eDirectoryNovell eDirectoryNovell eDirectory
Identity Repository• Enforces policy through complex data relationships• Defines identity data through schema• Stores identity data in a scalable database and manages
the stored data• Organizes identity data in a hierarchical namespace• Distributes data through advanced replication• Provides access to data through standard protocols and
APIs• Controls access to data using authentication and
authorization• Secures identity data in storage and during transactions
eDirectoryeDirectoryeDirectoryeDirectory
Identity Integration(Integrated policy)
Micro
soft
Applic
atio
ns
Mes
sagi
ng
Applic
atio
ns
ERP
Applic
atio
ns…
DirXMLDirXMLDirXMLDirXML
Identity Repository(Policy)
Identity Identity ProvisioningProvisioning
Identity Identity ProvisioningProvisioning
Business Policies and PracticesBusiness Policies and PracticesBusiness Policies and PracticesBusiness Policies and Practices
Identity Management
Identity Management
DelegatedDelegatedAdministrationAdministration
DelegatedDelegatedAdministrationAdministration
User Self-User Self-ServiceService
User Self-User Self-ServiceService
Novell DirXML
• Workflow Graphical workflow will be available this fall
(Provisioning) Implements policy-based workflow in the
DirXML engine
• Reporting and Auditing DirXML now includes advanced logging (data
collection) DirXML events can be collected and audited
through a standard auditing facility (NAAS)
• Management DirXML includes a graphics management and
configuration utility available through iManager
Novell DirXML
• Persistent Join All data is represented in eDirectory in its “joined”
state
• Real-time Change events are detected real-time in
eDirectory and in the connected application
• Standards DirXML uses XML, DSML, LDAP, IP/SSL DirXML interfaces and data formats were
submitted to the W3C as DSML 2.0
• Bi-directional synchronization Authoritative data source(s) are enforced All communication is bi-directional Individual attributes can be managed separately
Novell DirXML
• Connectors
• Active Directory• eDirectory• NT Domain• LDAP• iPlanet• Critical Path• SecureWay• Exchange• Notes• GroupWise
•Delimited Text•PeopleSoft•SAP HR•Oracle•DB/2•SQL Server•Informix•x.500
Plus many others…
Novell DirXML
• Extensibility Training / Education Sample Code Developer Kit Driver emulation Developer support
http://developer.novell.com/dirxml
Conclusions
• Novell DirXML is the best choice for identity integration• DirXML has more features than any other product• No modifications are required to work in the existing
environment• DirXML integrates with everything• DirXML provides immediate return-on-investment• All the tools are available to make DirXML extend to
support any environment• Novell provides all the back-end programs and
services to ensure that DirXML will successfully solve any problem