We had a nice cross-section of customers include some from the healthcare, financial and energy industries. I’ve tried to capture some of my key takeaways below:
Don’t forget the mainframe identities
Each one of the customers reported that mainframe and midrange systems were still alive and well within their organizations. On the basis of the industries represented I was not surprised to hear this. However, each and every one of the customers talked about how these systems were still “islands unto themselves” when it came to identity management. There still was not enough integration of those systems within their existing identity management projects. It appears there’s a need to better integrate all of those RACF, ACF2 and TopSecret identities. Not just plain synchronization of those identities with other systems like Active Directory but alignment of password policies and integration of LDAP and Kerberos for single sign-on.
Federation underway or being looked at
Each of the customers stated they were looking at federation except for one who has already rolled out a federation project. No one mentioned using Active Directory Federation Services (ADFS) – everyone in the group has pretty much decided to go with a non-Microsoft implementation based on SAML. The customer that has already rolled out a federation project is using PingFederate to provide federation services to some of their key customers. So far, in the first nine months of their project they have had over 2.5 million “federated” transactions. Impressive!
Group Policy catching on
Each of the companies is starting to leverage group policy for more than the basic password strength policy. I probed around this a lot because I have always considered group policy to be the real value behind implementing Active Directory. Most of the customers attributed their new interest in group policy to the fact that they are either want to do more with AD or they don’t want to deploy SMS.
More questions than answers
Many of the attendees are confused about things like SOA (“it sure sounds great, but…?”), entitlement management and role mining. What are the benefits? Is role mining a soluable problem? When will software deliver these capabilities? Etc.
Clearly, there’s still a lot of work to be done in these areas.
The reality tour kicks off 2007 with customer roundtables in Paris (January) and San Francisco (February) along with the annual Quest Software sales kickoff event.
Active Directory, Active Directory Federation Services, ADFS, Gartner, group policy, identity management, PING, Quest Software, SAML