Monday, April 30, 2007
"Working With Industry Analysts: The Insider's View" in the Product Management View Webinar series.
Thursday, April 26, 2007
The Final Word: Your customers are facing budget pressures as they strive to comply with complex regulatory mandates as well as new initiatives to ensure their organizations adhere to IT best practices. A tool like Quest Compliance Suite for Windows can help them meet those challenges while keeping financial investments manageable.
Wednesday, April 25, 2007
ADAM was released by Microsoft a number of years ago. It's a stripped down version of Active Directory that is a free download and will be shipped as part of the Longhorn Server OS. Stripped down doesn't mean anything bad - it means that the extra server "goo" that Active Directory provides to the domain (e.g., DHCP, DNS, etc) is all pulled out. The core of Active Directory is still there.
What do I like about it? Let me count the ways...
- It's lightweight.
- It runs on 32 and 64-bit machines.
- It's the core AD code-base so all the scalability and replication capabilities are just there.
- It's a free download.
- It's license-free for ISVs so you can bundle with your application.
- You can run multiple instances of ADAM on the same server.
- It's viral. What does that mean? Well, anyone can download, install, setup and build LDAP/ADAM-enabled applications without involving corporate IT. With AD, you need corporate IT involved because you can't just introduce a new domain controller on your own. (Well, you can try but you'll get your fingers slapped or worse.)
- It's multi-master. Can you believe that there are still directory servers out there than aren't fully multi-master?
- If you are using Active Directory you pretty much know how to use, maintain, monitor and operate ADAM.
- Did I say it was free? Can you believe there are still ISVs out there that sell their directory servers - usually per object?! Worse, can you believe that there are companies out there that still pay money for their directory servers when both ADAM and AD are essentially free?
It's amazing to see how much uptake ADAM has received since it was released. There isn't a customer out there that isn't using ADAM or planning on using it. You may even be using it without knowing it!
Microsoft, Active Directory, identity management
Monday, April 23, 2007
Saturday, April 21, 2007
Here's a couple of other articles on the whole debacle:
Friday, April 20, 2007
I'm just back from a week in the nation's capital. Main highlight was the "Simplifying Identity Management" seminar that we hosted with Microsoft and DeepWater Point out at Microsoft's facility in Reston, VA. I've uploaded the photos we took so just click on the picture above and you can see the album.
We had a great turnout with over 75 customers. I had two awesome presenters go on before me: Javier Vasquez from Microsoft and Scott Hastings from DeepWater Point. Both did an excellent job. I especially liked Scott's presentation because he had no slides!
Scott was formerly the CIO of the Department of Homeland Security. Scott was responsible for the implementation of the US VISIT program - you know that biometric/camera thingy that non-citizens have to go through when they arrive in the US? I have to say that I was impressed with the fact that the US VISIT program came in on budget, on time and on target with respect to what was expected of it.
Quest also hosted a cocktail reception that evening for our partners. All in all, it was a great event! I had the opportunity to visit with a number of customers while I was in the DC area. Next week I'll blog about my observations.Technorati Tags:
identity management, Quest Software, Microsoft
Wednesday, April 18, 2007
I'm in Washington, DC as my next stop of the reality tour. When I worked at Zoomit many years ago I used to spend a lot of time down here. If anyone remembers the "Defence Message System" (DMS) initiative of the mid-90s you'll remember it was based around X.500 and the OSI protocols. I knew that DMS was going to be a train wreck because it was based on X.500 when LDAP had just come out and the protocol stack was OSI-based versus TCP/IP-based. Anyway, DMS never did turn into the thing it was supposed to be.
I met one of my best friends down here as part of Zoomit's work on DMS, Banyan VINES and many other projects. Jerry Welch was then - and still is - with CPS Systems. CPS was one of the resellers of Zoomit's products.
Jerry's a real class act, a gentleman and an ex-Marine "Mustang" aviator who saw combat in Vietnam. It was great to get together to reminisce and talk about family and how much things have changed and how much things haven't changed! Jerry's still doing the identity management thing and now sells a product called "SimpleSync" that CPS built shortly after Zoomit was acquired by Microsoft.
Check out the license plate on his car...!
Tuesday, April 17, 2007
Last August we also published an article in Dell Power Solutions about extending MOM to Unix and Linux environments so you might also want to check that out.
Quest Software, Dell, identity management, Vintela, Microsoft Operations Manager
Saturday, April 14, 2007
Thursday, April 12, 2007
Wednesday, April 11, 2007
Sunday, April 08, 2007
I got an invite to attend "Club" this year. Club is Quest's annual event for the sales folks who exceed their quota. I'm not in sales so I was pretty surprised to get invited but I am happy to go! If you're wondering why there are no blog posts next week, less blog posts or incoherent blog posts you'll know why...
Friday, April 06, 2007
Yesterday, I enjoyed a very nice lunch with Barry Crist who is the CEO of Centeris. Barry gave me a call to invite me out for lunch and since I work down the road from him it was an easy invite to accept.
I've been around long enough to appreciate having competitors but one of the reasons I like competition is because of the marketing multiplier effect. What do I mean by that? When Vintela first shipped commercial product we were the first vendor in the Unix/Linux/Active Directory integration market. We were the sole voice pitching the benefits of integrating with Unix and Linux with Active Directory. By having Barry out there pitching a similiar message I'm benefiting from his efforts. Barry is also benefiting from Quest's marketing efforts. So it's a win-win for both of us.
We also had the opportunity to talk frankly about areas where we competebut also areas where we don't compete and how we might be able to work together in a few of these "adjacent" areas. We parted ways with a mutual promise to get together to discuss these areas in more detail. I hope we do.
Thanks for picking up the tab Barry and don't forget our bet...!
Thursday, April 05, 2007
1. Technical identity systems must only reveal information identifying a user with the user's consent.
2. The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
3. Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
4. A universal identity system must support both "omnidirectional" identifiers for use by public entities and "unidirectional" identifiers for user by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. A universal identity system must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms, offering protection against identity attacks.
7. The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
I installed WinFX the other night on my Windows XP system and created my own Information Cards and then used one to logon to Kim's blog - it worked!
Now if I could get a Quest property or two to accept either OpenIDs or InfoCards...
Wednesday, April 04, 2007
Well, dear Extranet Management Tool Team, "Shaw, Jackson," will not be contacting his sponsor (I feel like an alcoholic), his sponsorship manager or his sponsor delegate to get his account "Unfrozen".
Thanks, but no thanks.
p.s. Feel free to delete the account right now or, preferably, to stop sending me messages daily reminding me that I have a bad memory...
p.p.s. A number of interesting comments about this post over at Kim Cameron's blog - check them out!
The account issued to Partners\JaShaw has been set to the status "Frozen". This account is now disabled and can no longer be used to access the system.
To re-enable this account, you will need to contact your Sponsor, Sponsorship Manager, or Sponsor Delegate to reset the account. If this account is not enabled by 04/18/2007 it will be deleted from the system.
For assistance, please contact your administrator, site owner or the Helpdesk.
The Extranet Management Tool Team
Enterprise Portal Platform (EPP)
CardSpace, Active Directory Federation Services, identity management
All data is always available as long as the central identity vault is available. In a virtual directory implementation, some of the delegated data source may not be available and requests may return no or only incomplete data.
And, how do most vendors get around this problem? Well, in most cases you get the option to cache the data in case the delegated data source is not available. If you cache the data then what do you have?? Answer = a metadirectory.
There are use cases for virtualization but don't think that virtualization is that different than a metadirectory. Volker does mention one very important use case: politics - the 8th layer of the ISO stack. It's typically easier to implement a virtual directory than a metadirectory since virtual directories pull from data sources whereas a metadirectory usually is implemented to both push and pull data but you have to engineer the virtual directory against failure or incomplete responses. Architecturally, having to rely on the network - and the underlying directories or databases - for real-time response is difficult.
Either way, a rose by any other name...Technorati Tags:
Novell, identity management
Tuesday, April 03, 2007
· New management agent for Certificate and Smart Card Management.
· The management agents for Active Directory (AD) and Active Directory Application Mode (ADAM) now support Windows Server R2.
· The management agent for Microsoft SQL Server now supports SQL Server 2005
· The management agent for Lotus Notes now supports Lotus Notes® Release 7.0.
· The management agent for Oracle Database® now supports Oracle Database® Release 10g.
· The new ERP management agent for SAP® is available from the Microsoft web site.
· The new management agent for Certificate and Smart Card Management is also available from the Microsoft web site.
· The management agent for Active Directory (AD) now supports Secure Sockets Layer (SSL) in addition to Kerberos Sign & Seal.
· The management agents for Active Directory and Active Directory Application Mode (ADAM) now support certificate revocation checking for SSL.
· Group processing is now 40% faster.
· The Generate and Commit options in Preview allow you to view the results of synchronizing an individual object, with or without committing the change to the metadirectory.
identity management, MIIS, Microsoft, Active Directory
Monday, April 02, 2007
The decision to use Active Directory came after Dell launched a project called Multi-Platform Management Integration (MPMI). Its goal was to make the Microsoft Active Directory directory service the authoritative authentication system and master source for all user accounts across all systems within Dell—those running Microsoft Windows, IBM AIX, Sun Solaris, and the various Linux operating systems. Dell chose not to create yet another directory or build a synchronization solution - they chose to consolidate and simplify their identity management infrastructure.
Dell has about 2,200 Linux and UNIX servers that they have now integrated with Active Directory. Dell tried the open source approach but, in the end, decided on a commercial solution. After evaluating and eliminating the competition they chose Quest. According to Dell, "One solution quickly rose to the top"...
“Vintela Authentication Services is the best product we have found on the market,” concludes David Taylor, Principal Linux engineer at Dell. “It satisfies our needs and can help us expand where we need to in the future.”
Active Directory, Dell, identity management, Microsoft, Vintela