Directory Services December 14, 2005
Posted by Phillip in : work , trackbackI think hanging around / working with Darrell has turned me into a Directory Services junkie. Ever since I started working with Darrell to design, build and deploy a true Identity Management solution for Rackspace, I have been hooked on learning how to utilize Directory Services.
So for the last 8 months or so, Darrell and I have been working tediously to deploy Novell’s eDirectory and Identity Manager(formerly DirXML). These products actually allow you to tie in disparate data stores in which identities may reside such as Active Directory, OpenLDAP, phone systems, various HRISs, and all types of other nifty things. The beautiful thing about Identity Manager is the fact that it will allow two-way data flows between each of these connected systems so your data for each identity can be kept up-to-date in your identity vault, or wherever your authoritative source resides. For example, let’s say that joe.user@somecompany.corp logs into his Windows XP workstation that is a member of the Active Directory domain and hits the trusty CTRL-ALT-DEL to change his password. As soon as his password is changed within Active Directory, DirXML PassSync will notify Identity Manager of the change and push the new password into the identity vault, which will in turn flow down to the rest of the connected systems. Not quite true single sign-on, but getting closer.
So last week, as you can tell by the pictures, I was in snowy Utah. I was learning a product called Novell Audit. Audit (for short) allows you to log and audit just about everything that goes on in your eDirectory environment. It even allows you to audit your Identity Manager software policies. It can do some pretty wild stuff that Rackspace may, for obvious reasons, never utilize, like report access violation attemps to file shares, print shares, etc. The feature I do like is that you can use Audit to generate alerts by email, pager, or even send snmp traps based on your own custom defined criteria. This is going to be a must to ensure that when a new user is provisioned, their accounts are created in all the appropriate systems. Hopefully we can get this deployed in Q1.
Comments»
It is good to hear from somebody who is working with the real world IAM implementation. I have worked on a few IDM implementation and it is always a “fun” job. I have always been curious about what the hosting sites are doing w.r.t. Identity Management and federation. In that regards, if possible, I would like to know whether the project you are working is for integrating the internal systems at Identity level or a new service available to hosted websites around SSO, Authorization and Identity management and are there any plans for providing such services?
The stuff that I am referring to is purely internal at this point.