Archive for the ‘Virtual Directory Server’ Category

The Overlooked Step in the Authentication Process: Bring Your Security to the Next Level with Improved Identification

Wednesday, April 21st, 2010

Part 1 of 6 on the subjects of authentication and authorization
By Lisa Grady, Product Marketing

In hopes of unraveling some of the complexities surrounding identity and access management, I’ll be writing a six-part blog series that digs into the challenges of authentication and authorization and uncovers solutions that may work for your company. To kick things off, let’s take a look at exactly how authentication works.

You Can’t Check My Credentials Until You Figure Out Who I Am

Authenticating users in today’s distributed, heterogeneous environments can be a complicated process. Put simply, authentication is the process of verifying the claimed identity of a unique user. This process is made up of two very important steps:

  1. Identification
  2. Credential checking

    3. Authentication Process

Both components are essential, yet credential checking often receives the bulk of the attention—which is a little like buying the lock before you have the door. Although it’s often overlooked, identification is the unsung hero of authentication.

Identification is the ability to locate a unique identifier for a user within a distributed system. So when a user logs into a system—say, a portal—the unique identifier for that user must first be located.

The Challenge: Heterogeneous Data Sources, Overlapping Identities

Now, if all your identities are stored in a single repository, finding that unique user is a relatively easy process. Unfortunately, this is almost never the case. Typically, you’ve got many user stores to handle all the different constituents—employees, partners, customers, suppliers—in your enterprise. These data sources come in many flavors, from LDAP to SQL, and even web services. Most companies, both large and small, find themselves managing a variety of disparate data stores, without the means to integrate them. This can be especially challenging if your company has gone through mergers or acquisitions.

So when a user enters a username, it’s no simple matter to return a unique identifier for them. The authenticating application must search through all your diverse data sources, each with its own schemas and protocols, including Microsoft Active Directory, ADAM, Oracle Databases, and many others. And what happens if one identifier is found in multiple sources? Do these multiple identities represent the same user? Or different users? How should applications handle these overlaps?

The Goal: A Unified Infrastructure

So how can you solve these identification challenges? End users want a seamless experience where they type in their username and password and get access. And IT professionals want a way to simplify the identification process, even as the identity landscape grows more complex. A unified infrastructure means a better experience for customers, partners, and employees. And an integrated environment  makes it much easier to recognize and validate a user’s identity efficiently.

We’ll dive deeper into the challenges of identification in my next post, then take a look at how to unify your infrastructure (and yes—it can be done!) in the one after that. So stay tuned for more on this topic—and add us to your RSS feed, so you can follow along.

How does your organization handle user authentication across disparate data sources? Join the conversation here or contact me at blog@radiantlogic.com.

Tags: , , , ,
Posted in Authentication, Authorization, Provisioning, Virtual Directory Server | 1 Comment »

Webinar: Three Building Blocks for Managing Cloud Applications

Friday, April 2nd, 2010

By Elle Fredericks, Marketing Communications

Cloud computing offers companies a world of new business and cost saving opportunities. Growth of this market continues at a rapid pace, with demand for the cloud growing at an annual rate of 40% per year (Market Research Media). But as companies add cloud-based services to their repertoire, many are discovering a slew of new security and identity integration challenges.

Using identity virtualization and federation to enable the cloud

In order to address some of these challenges, Radiant Logic teamed with Coreblox and Ping Identity. Our recent webinar features a demo showing how you can use the combination of identity virtualization and federation to successfully leverage information in an enterprise directory, Salesforce, and an internal company portal. Using these tools, we were able to:

  • Automate the provisioning and de-provisioning of users within the cloud, based on membership in an LDAP group.
  • Create a centralized view of internal user and customer information from LDAP, Salesforce, and accounts payable database sources.
  • Provide single sign-on into Salesforce through an internal portal.

To find out more about the challenges of working in the cloud, check out this article from InfoWorld: http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853.

To learn more about how these products can help you in your move toward using cloud applications, view the webinar, demo, or contact us at blog@radiantlogic.com.

Special thanks to our partners Coreblox and Ping Identity for helping to put this webinar and demo together.

Thanks for reading!

Tags: , , , , , , , , , ,
Posted in Federation, Identity Integration, Provisioning, Virtual Directory Server | No Comments »

The New RadiantOne Suite v5.2 by Radiant Logic

Monday, March 22nd, 2010

By Lisa Grady, Product Marketing

The new release of the RadiantOne Suite is officially here!

The new suite includes Radiant Logic’s Virtual Directory Server Context Edition 5.2 and Identity Correlation and Synchronization Server 5.2. The suite offers an intuitive new interface, along with many utilities that make designing and securing your virtual namespace easier.

Highlights of the new features:

Global ID and Profile Builder: This new tool allows companies to create integrated lists of identities and build profiles from data sources, including applications, directories and databases —all without having to centralize security.
Membership Policy Builder for SharePoint: Customers can now assign users to SharePoint roles based on attributes that can be found in their profiles—no matter where those attributes are stored. This enables SharePoint to enforce finer-grained policies, and eliminates the time-consuming task of defining and maintaining static role members.

Membership & Policy Builder

Synchronization Monitoring Console: This web-based console allows you to easily manage and monitor all of your synchronization processes. Check the status of synchronization, including the number of messages processed—all from a single interface!

Making identity integration easier through identity and context virtualization

To test drive the RadiantOne Suite v5.2, contact our Sales Department. If you already have RadiantOne 4.6 Suite, talk to your sales representative about updating your current version.

Please let me know if you have any questions about the new RadiantOne Suite. And I’d loved to hear how you use the new features and functionality—so leave a comment here or drop me a line at blog@radiantlogic.com

Catch us on Twitter or become a fan on Facebook.

Posted in Identity Integration, Virtual Directory Server | No Comments »

New VDS Context Edition 5.2 Delivers the Global View

Wednesday, November 11th, 2009

Manage Globally and Act Locally with RadiantOne Identity Virtualization

Big news from the Radiant product team—we’re thrilled to announce the new release of our flagship product. RadiantOne Virtual Directory Server Context Edition 5.2 is a data model-driven solution for complete identity integration and context management. And we’re very excited about what this will mean for enterprises like yours.

New Tools for an Increasingly Complex World

Think for a moment about the challenges you’re facing in your identity environment. Along with tight budgets and increasing demands, you’ve got:

  • New applications to support
  • High-value services to deliver—many beyond the firewall
  • And a whole mess of distributed and heterogeneous data sources

Now, Manage Globally, Act Locally is more than a slogan for us (although we’d have you all wearing Manage Globally, Act Locally t-shirts if we could)—it’s also a better way to deal with all this complexity.

Get the Unified View, with Security at the Source

Our latest release includes the new Global Identifier & Profile (GIP) Builder, a powerful tool that enables you to create a single, unified view of all identities and their profiles, without having to centralize your identity data into a single repository. So your enterprise can manage profiles globally and also act locally by enforcing security as close to the sources of service as possible.

Future-Proof Your Infrastructure

VDS Context Edition is a big leap forward, designed to help you solve today’s toughest identity integration challenges, while building a solid foundation for all tomorrow’s modern architectures, such as user-centric identity, IDaaS, and the cloud. So you’re covered for right now, and ready for whatever comes.

Explore how this new release will make a difference in your organization:

Oh, and I promise we’ll let you know as soon as there’s a Manage Globally, Act Locally t-shirt available. ;)

Lisa Grady – Product Marketing

Tags: , ,
Posted in Virtual Directory Server | No Comments »

Earl Perkins: “The Out is Now In”

Wednesday, November 11th, 2009

A Report from Day 1 of the Gartner IAM Summit

I’m attending the Gartner IAM Summit in San Diego this week. It’s always difficult to be inside in a hotel conference facility when the weather outside is 70 degrees and sunny, so the sessions have to be really valuable.

Fortunately, this morning’s keynote from Earl Perkins was particularly good. The session was entitled “The Death of IAM and the Loss of Identity Innocence — A Review of Program Maturity, Services-Driven Change, and New Era Threats.”

Scaling Up to Service-Centric Delivery

According to Earl, “the out is now in,” which means we need to architect and scale the IDM infrastructure not only for employees, but more and more for external constituents.

Earl mentioned that this move to a more service-centric delivery model means that separate architectures for extranet and intranet with IAM are blurring, with extranet-based access, protection, and reporting mechanisms being used to create one consistent, coherent IAM architecture. The scale that IAM is being asked to address is increasingly larger, as well. Where we once spoke of IAM implementations of 5,000, 10,000 and 100,000 users, today, we routinely discuss implementations exceeding one million users. The scale of applications (in type and count) is also increasing.

Bridging the Gap Between Databases and Directories

In fact, one of the key debates that Earl referred to, as enterprises begin to understand the requirements for external constituents, is whether to use a database or a directory. As a vendor of technology that bridges the gap between databases and directory, we’ve been involved in many of these discussions and the conclusion has always been that you need both.

In most enterprises, databases already hold most of the identity data—CRM, orders, billing, and more—that’s required to enable access for external constituents. Databases also provide facilities for transactional integrity and data normalization and are better for updates and reporting. SQL is the preferred protocol for application developers doing CDI (Customer Data Integration) or MDM (Master Data Management).

Directories, on the other hand, provide fast access, more granular security, and enable search without the need to understand the underlying schema. For these reasons, LDAP is the preferred (and often required) protocol for IAM initiatives.

The Convergence of CDI and IAM

These worlds are starting to intersect—and sometimes collide—as CDI/MDM focuses more on improving the partner or customer experience through the web and IAM focuses more on external constituents. In fact, we’re starting to see  the CDI/MDM guys trying to IAM-enable their initiatives, while the identity guys are hard at work making the IAM infrastructure CDI-compatible.

Identity virtualization bridges the gap between these two worlds by enabling you to separate the protocol (LDAP) from the underlying storage, so enterprises can leverage their existing RDBMS investments, which are designed for high-volume storage, and still derive all the speed and security benefits of the directory.

Looking Ahead: The Out is Now Win

The market is finally beginning to understand that the true value of IdM is not in compliance, but in enabling better interaction with the constituents who drive revenue and profits. This is an exciting time to be in this space and an even more exciting time to be working with technology that enables better identity administration and more effective risk management, and also empowers you to develop new initiatives that:

  • Generate revenue
  • Reduce costs
  • Improve the customer experience
  • Drive cross-sell and up-sell opportunities

The IdM and CDI worlds are beginning to converge, as everyone starts to realize that you can’t have one without the other. Identity virtualization provides that bridge…

- Dieter Schuller, VP Sales & Business Development

Posted in Analyst, Identity Integration, Market Trends and Analysis, Virtual Directory Server | 1 Comment »

Manage Globally. Act Locally.

Wednesday, November 4th, 2009


How identity and context virtualization will change the way we manage identities

My company invented the virtual directory to help take the complexity out of IdM. And now we’ve expanded on that idea to deliver a complete integration solution we call “identity and context virtualization.” I’d like to take the opportunity to explain what it is and why we developed it.

First off, when I say “IdM,” I mean it in its largest sense. While governance, risk, and compliance for internal populations is important, the larger and more rewarding task is helping you integrate high-value, heterogeneous identities for externally-focused initiatives, such as WAM, federation, SaaS, and more.

With that in mind, we’ve all got identities to integrate and new architectures to support.

But right now, the elements of identity are scattered across directories, databases, and applications. Reaching across all these heterogeneous, distributed data silos to aggregate and synchronize identities has proven nearly impossible.

So how do we solve today’s integration challenges and lay the groundwork for tomorrow’s modern architectures, such as user-centric identity, Identity-as-a-service, and the cloud? In short, we need to manage globally and act locally. By this I mean that we need to deliver a global view of identity, while we enforce security at the local level, as close to the sources of services as possible.

And this solution needs to be easily deployed and scalable, since nothing’s getting simpler in the world of identity, things are only growing more complex at every level.

But how can we fill such a tall order? Well, we begin with the idea that those who do not understand history are doomed to repeat it.

What won’t work: Wait and see vs. tear it down and start over

Some see the gap between the present and the future and urge caution, saying let’s wait and see what happens. Others want to throw away the current identity infrastructure and build something completely new.

But we can’t wait when it comes to staying productive and maintaining a competitive advantage. And we can’t afford to blow up what’s already there and build an entirely new infrastructure—yet another silo—to take us into the future.

Learning from the past to innovate for the present and future

So we took more pragmatic, evolutionary approach, using what we already have to develop an infrastructure with the future built in. To do that, we revisited an old idea—the metadirectory—and a newer idea—the virtual directory as a proxy—and combined the best of both worlds. The result is a solution that solves the identity integration challenges we’re facing now, while building the right foundation for all those potentially rich future applications, such as user-centric identity, IDaas, and the cloud.

Identity and Context Virtualization: The Best of Both Worlds

Rediscovering what’s old: Metadirectory

From the metadirectory, we learned the importance of building a global reference for each identity, through synchronization, correlation of global/local identifiers, and disambiguation (watch a video about identity and context virtualization). We also found tools that let us build a highly scalable solution.

The metadirectory also taught us what not to do: move every instance, every facet of an identity into a single directory. We cannot simply centralize identity to secure today’s distributed environments or enable tomorrow’s new services. For security’s sake, there are some categories of information that you cannot move around, such as primary credentials—especially passwords, the weakest link in the chain. Plus, when you try to centralize everything, putting all logic and all function in one place, you end up paralyzed by the complexity of the task.

Reinventing what’s new: Virtual directory as proxy

The “virtual directory as proxy,” which is Radiant-speak for what the market calls a “virtual directory,” solved this challenge of centralization by calling the underlying systems to check credentials. This lets security happen in the manner appropriate to each data source—by delegating the security checking, you’re “acting locally”—while providing an abstraction layer to shield applications from the complexity of the underlying silos.

But while we know the virtual directory delegates security quite elegantly, we also know that as a proxy alone, it cannot scale as the number of sources and volume of queries begin to rise.  As a consequence, the “virtual directory as proxy” remains confined to niche tactical deployments for a limited number of identities. And that’s unfortunate because the “delegation pattern” is a key requirement in many of today’s high-volume, heterogeneous, mission-critical identity deployments.

Finally, both architectures taught us that the more complete your abstraction, the better. Basically, metadirectory was not “meta” enough and virtual directory as a proxy was not “virtual” enough. The more comprehensive the model of your system, the more flexibility you have—making your infrastructure more adaptable and protecting it from unavoidable change.

Building a better platform: Identity and context virtualization

The key to delivering identity as a service is the ability to abstract identities with their corresponding security contexts, so you can deliver the best services according to your applications’ needs. The way to achieve that is by linking identity and security context through virtualization. Here’s how we do that:

  • Virtualization simplifies the entire process, acting as an abstraction layer between applications and data sources.
  • Global/local reference and disambiguation delivers one version of the truth by correlating identity overlap and building a global map of your identity. (The “manage globally” side of the equation.)
  • Proxy/delegation passes the credentials and password verification to the original source. (The “act locally” part.)
  • Synchronization provides the scalability, performance, and high availability required when data needs to be moved.

It’s not about the storage, it’s about the service…

This changes how directories are viewed. Now it’s not only about  storage, it’s also about delivering a set of services indispensable for the identity stack—and the directory is enabled to offer those services through the magic of virtualization. But this is more than a point solution that does a quick and dirty remapping of attributes and query routing; it’s a sophisticated virtualization that creates a complete model of your system.

Our approach to virtualization is all about flexibility and scalability. By building a single global data model out of all your existing systems, you have the flexibility to create unlimited new views of your existing data as your applications require. And synchronization between the logical layer and the physical layer is auto-generated, giving you a solution that scales, no matter how complex the integration, high the volumes, or heterogeneous the data sources composing the view.

The most critical element is no longer how identities are stored, but how they’re aggregated, synchronized, and disambiguated—in short, integrating identity first, then delivering it as a directory. This becomes a powerful new way to view directories: as a set of services you could package and deliver, using different protocols as needed—LDAP, of course, but also SQL, as well as newer protocols such as web services.

Delivering a global view of identity…and linking its contexts

Identity virtualization allows you to reach an individual user across all silos to enforce security and deliver other integrated services. But once you have a handle on that identity, you can also begin to look at that user’s interactions across silos—the actor and his context.

But that’s a topic for another post…

We’ll explore the context side of identity and context virtualization next time.

Tags: , , ,
Posted in Context, Correlation / Global Key Mapping, Data Model, Identity Integration, Market Trends and Analysis, Synchronization, Virtual Directory Server | 3 Comments »