Fight user directory chaos
- By Florence Olsen
- Feb 10, 1997
Martin Smith, head of information services for a small federal agency, said as a
practical matter he could use a good tool to help him manage the half-dozen separate user
directories and address books for which he's responsible.
Directories have become important repositories of information about users, groups of
users and their associated access rights to servers, files and peripherals on the network.
But the reality of too many directories is placing government organizations at risk and
making network administrators a little crazy.
"It's a major pain," Smith said, this business of creating and closing out
accounts for people when they start and leave jobs with the agency. And inspectors general
are known to check up on how well agencies keep their "name spaces" cleaned up,
Smith is one of the first federal managers to try new software designed for that
purpose. The object software, called VIA, is technically a meta directory. It integrates
information from various network operating system directories, application-specific
directories and other directory sources.
The meta directory is a big step forward from the directory synchronization products
that Zoomit and other companies first offered to integrate a variety of incompatible
messaging application directories, Cameron said.
Zoomit's VIA, for example, is based on a specialized hashing database with flexible
schema and a relational memory, Cameron said. "It remembers relationships between
directories," he said.
The VIA management tools permit administrators to assign administrative rights to
different parts of the meta directory and to exercise fine-grained access control over the
meta directory's field-level attributes.
Users add to or delete information only once to update all directories connected to
the meta directory. "Once you've got the meta directory, you can create and delete
objects across directories," Cameron said. The administrator clicks on a group object
in the meta directory and drags that object to the Windows NT icon to create new accounts
on the Windows NT server, he said.
Smith sees a natural role for the directory in managing outsider access to network
resources. "We'll be getting demands to expose our databases to a varying and
selected group of outsiders under appropriate security," he said.
Managing those changing access requirements "is really a directory function and
a very natural one," he said, especially as the agency "gets dragged along into
Internet and intranet computing with just one little bitty firewall between us and the
Zoomit provides protected password authentication in VIA, which means no passwords
flow in the clear and no password can be replayed.
As a future upgrade, VIA users will be able to buy public-key strong authentication based
on X.509 Version 3 certificates and Microsoft Corp.'s cryptographic application
programming interface, Crypto API 2.0.
The VIA meta directory currently supports TCP/IP, the Lightweight Directory Access
Protocol, Hypertext Transfer Protocol and the Versit consortium's vCard specification for
business card information.
Pricing for Zoomit's VIA meta directory software is $2,500 per server, which
includes client and server software, search forms, tool kits, base-level security and two
connected-directory management agents. Users pay additional licensing fees for the
complete set of management agents, additional user licenses and certification-based
Contact Zoomit at 416-703-7442.