Friday, December 28, 2007
IDC has PassGo listed as #24. The PassGo acquisition set to close on January 1st, but if you add up Quest's and PassGo's revenue we jump from #15 to #10. That puts Quest Software solidly ahead of Microsoft and Sun.
My personal stretch goal is to get in the top 5 (software vendors) within the next 5 years...
Quest Software, identity management, PassGo
Monday, December 24, 2007
If you haven't already "Elf'ed yourself" give it a whirl! Hurry, elfing ends on January 2, 2008!
p.s. Here's ours - http://www.elfyourself.com/?id=1696536927
Tuesday, December 18, 2007
The author identified the problem pretty directly:
We have a couple of problems. The first is that our employee termination process is broken. Ideally, we would have an identity management tool tied into our various enterprise systems. When an employee left the company, all access to our infrastructure and applications would be quickly removed. Unfortunately, we have neither the budgetary nor the human resources to do that.
I'd say that's a problem! I wonder if they have budget now?
Monday, December 17, 2007
Oh those heady days...
I read an interesting blog post about Google "Profiles" this weekend. Here's the nut of the problem:
In the early days of Google Apps the only way to sign up was by linking to an existing Google Account, in the format of firstname.lastname@example.org. If you have one of those accounts, there is no way to tell Google that you are now email@example.com. This means that Google Apps think of your original @gmail and new, @domain identities and two different ones. You can directly access (via URL) your own Calendar, Docs, Groups ..etc. all under your own domain, however, programs that need to access those apps only find the other version, attached to your @gmail.com account. A simple example is trying to save an event from Upcoming.org, Zvents, or any other services: there’s no way to use them with your own domain.
Even the Google Groups is messed up: when I am logged in as firstname.lastname@example.org, Groups that I am a member of won’t recognize me. I actually have to have duplicate identities created in Google Groups: one to be able to send email (my own domain) and one to be able to access Group’s other features via the browser (@gmail format).
I'm not positive about this but I wonder if a federation-based solution using something like Microsoft's CardSpace on the front-end would help. That said, the bigger issue is the Google "namespace" on the back-end. I wonder if their directory supports aliasing? I think the ability for an end-user to have multiple aliases might solve the problem - user provisioned, of course. I'm sure Google isn't using Active Directory as their back-end server. Good thing because it doesn't support the concept of aliases. If Google wants to enable federation for their customers they have to solve this problem.
Of course, there is another alternative: Don't solve the problem. Hopefully, this option is not on the table.
Active Directory, Microsoft, Google, federation, CardSpace
Friday, December 14, 2007
Everything you would expect from a luxury hotel in a small space. Located uniquely inside the airport terminal buildings at London Heathrow’s Terminal 4 and London Gatwick’s South Terminal. Just moments walk from check in, arrivals and minutes from the other terminals. YOTEL opens at Schiphol Airport, Amsterdam in early 2008.
Tuesday, December 11, 2007
Quest Software attended again this year and signed up for next year. So we voted with our check book. It's a great conference!!
Dave Kearns, Gartner, identity management, Quest Software
Monday, December 10, 2007
While I was thinking about this I stumbled across a post and a video that shows how to create and add roles to Microsoft's Systems Center Operations Manager 2007. As I watched the video I was pleasantly surprised to see that they really did use Active Directory users to "fill" the roles that they demoed. A nice step forward but are they open to enhancing that capability?
What you have enabled in SCOM 2007 is the ability to define a static role and a static set of users who fit that role. Who is maintaining the role and the users? Well, the SCOM 2007 administrator is. Every time a new user needs to be added to a role or a new role is required that admin has to do the work. You've basically shuffled the work from the help desk or Active Directory administrator to the SCOM 2007 administrator - that's just a shell game with no real productivity gain.
I'd recommend that you virtualize the user side of this equation. Specifically, most users in Active Directory have a series of attributes attached to their object such as title, manager, office location, phone number, etc. A role should have the ability to have attributes and specific values assigned to them so that role can be checked dynamically at use to see if a user is authorized for that function. An example might be that you'd like everyone who has title "SQL Administrator" to be able to manage and operate the monitoring of the SQL servers. This is easier than every new SQL Administrator having to email you to be added to the role manually. And, when they get promoted to "Product Manager" they automagically get dropped from that role - again, without the need for an email to you, Mr. SCOM2007 Administrator.
This way you enable the directory to do the work for you. I call that improving efficiency - yours.
It bothers me that at Microsoft this stuff isn't leaking through faster into everyday design and architecture...
Microsoft, Systems Center Operations Manager 2007, Active Directory, identity management, authorization
Saturday, December 08, 2007
As I mentioned previously I visited New York City last week to meet with customers and partners. I'll post about those meetings next week but thought I'd post about my first experience with food poisoning. Why? The ensuing dialog - after the fact - with some of our local sales execs:
Sales dude: "Let's go down to the cafe and get some pizza."
Jackson (in a stage whisper): "Yah, they'll give you food poisoning like they gave me. It's included in the price."
Sales dudes all board the down elevator with me: "What happened?"
Jackson: "I ordered a peppered turkey sandwich with mayo and spent the night feeling like I was going to die."
Sales dude: "You ordered an already prepared sandwich out of the case or you had them make one in front of you?"
Jackson: "One from the case."
Sales dudes (all laughing): "Of course you got food poisoning! You don't get an already prepared sandwich from a New York City deli, you get one freshly made in front of your eyes. Where are you from anyway?"
Jackson (sheepishly): "Seattle"
Sales dude: "Oh, from the country, eh? First trip to the City? Welcome to New York."
Sales dude (as elevator door opens) to other sales dudes: "So it's to the cafe then for their freshly made pizza. Jackson, you up for a slice?" (insert sales dudes laughter here)
Friday, December 07, 2007
We asked the participants to write out a definition to a series of directory-related terms. We actually ran the focus groups in 3 cities (Chicago, New York and LA) and had 3 focus groups in each city (2 for enterprise-size companies and 1 for small/medium businesses). We filmed and taped the sessions which were professionally moderated. The participants did not know that Microsoft was "behind the glass".
When I presented the findings back in Redmond I did out-takes from the videos to highlight the unusual or interesting. The piece that drew that greatest laugh was when an attendee put up their hand to ask for clarification on the what we meant by the term "federation". His question:
"Do you mean like Star Trek?"
Have we progressed much further than that in the last 3-4 years? I'm not sure. I think the average IT director/administrator/manager, CxO, and CISO probably would ask the same question today.
What do you think? Scotty, will we ever get this bucket to warp speed?
Here's the gist of Jason Brooks' article:
Until Red Hat, Novell, or another party focuses around open-source directory services, Linux will be stuck playing catch-up with Windows 2000.
Well, how can I disagree with that? Especially since I was part of the Windows 2000 - and most specifically - the Active Directory launch team! However, it is a pretty sad commentary when basically you are saying that Active Directory is the thought leader. Yes, it is the market leader - absolutely and without a doubt. However, like any product Active Directory has its own set of warts that Microsoft hasn't cleaned up nor are they showing any particular leadership towards Active Directory V2. (Please! Don't get me started on schema modifications!!)
All that said, I'd recommend Jason - and others - take a look at what's going on over at Apache's Directory Project - I find it pretty intriguing. Lots of potential...
ApacheDS is an embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.
I love how they have bowed to incorporating two-factor authentication into the directory via their "Triple Sec" product along with an Eclipse-based directory studio. What better way to move to a services-oriented architecture than with a well thought out, Java-based directory service?
Microsoft, Active Directory, identity management
- It has an amazing view of the Manhattan skyline both day and, especially at night.
- It's on the Hudson River. Any more "on" and you'd be in it.
- It's "free", 3 bedroom, kitchen, TV, wi-fi, phone, multiple bathrooms and a balcony overlooking the river and the skyline.
- Grocery, liquor and drug store within a 2 minute walk.
- It's a $7 ferry ride from the foot of the apartment to Pier79 in Manhattan (39th Ave) or to the World Trade Center ferry terminal. Easy subway or cab from there. Free bus service from the ferry, too.
- Washington Street in Hoboken is a block away and it has lots of great restaurants and pizza places.
- Frank Sinatra was born in Hoboken - if it was good enough for him...
Also, I was shocked when our corporate travel folks booked me in the Sheraton Suites in Weehawken, NJ at ~$450/night. Manhattan hotels were +++$650/night! Even on an expense account I cannot stomach paying this much for a hotel room.
Interested in checking it out? Shoot me an e-mail, I'll hook you up!Technorati Tags:
- Quest to acquire PassGo
I am SUPER EXCITED about this acquisition!
- Forrester shows Quest Software as leader in their Active Directory Management Solutions wave
Nice proof point of the innovation and fine work that our product management team has been doing over the last few years.
- Lots of notes from my meetings in New York City including my bout with food poisoning (redacted version).
Quest Software, Active Directory, identity management, PassGo
Saturday, December 01, 2007
The situation for her was that she had some kind of a trojan that kept telling her machine was infected, slow or hijacked and then it would bring up a web browser that pointed to a site to download some software to solve the problem. I'm sure there's no connection between the trojan and the site/software that is brought up in the browser. Some interesting reminders came out of the house call:
- People, if you don't have an AV (anti-virus) program installed you are nuts. Get with the program. There are two types of computer users: Those that have been affected by a virus/trojan/malware and those that are about to be.
- Are you doing backups? If not why not?
- Are you checking that your backups actually work? Try restoring a file sometime and see what happens.
Oh, and a rant for Norton's product: I told my friend to drive over to Circuit City, grab Norton, install it and she'd be okay. I was wrong. COME ON YOU GUYS! Don't sit there telling me that the "hijack" has been taken care of and then have it pop right back up again. Idiots.
Raves for Microsoft. I went to their web site where they offered me a virus scan. They found the problem and eliminated it - for FREE. Stick that in your pipe and smoke it Mr. Thompson (CEO, Symantec) - looks like Microsoft one-upped you in your own back yard.
Technically, this is a picture taken in Bellevue, WA which is east of Seattle and closer to the mountains. However, it is very uncommon for us to get snow. That said, it was very nice to wake up to this scene.
I wonder if this winter we will see much more snow?