Working with Industry Analysts

In a previous post I discussed briefing industry analysts and a great article by Ron Exler of the Robert Frances Group titled "Top Ten Tips for Briefing Industry Analysts". Ron has a webinar coming up that would be worthwhile for anyone involved in product management, analyst relations or even development that would like to better understand how industry analysts (Garter, Burton Group, etc) work. Check it out and listen in if you can!

"Working With Industry Analysts: The Insider's View" in the Product Management View Webinar series.

Quest Compliance Suite: Follow The Rules

Nice review of Quest's Compliance Suite over at Redmond Channel Partner. I like the last paragraph of the review the most. Check out the whole article for a detailed discussion on Quest's Compliance Suite and its capabilities.

The Final Word: Your customers are facing budget pressures as they strive to comply with complex regulatory mandates as well as new initiatives to ensure their organizations adhere to IT best practices. A tool like Quest Compliance Suite for Windows can help them meet those challenges while keeping financial investments manageable.

Is compliance part of identity management or is identity management part of compliance? I can never remember...

Technorati Tags:
Quest Software, identity management

Adam the giant killer

Anyone using Active Directory Application Mode? Also known as ADAM? Soon - in Longhorn - to be known as ADLDS (Active Directory Lightweight Directory Service).

ADAM was released by Microsoft a number of years ago. It's a stripped down version of Active Directory that is a free download and will be shipped as part of the Longhorn Server OS. Stripped down doesn't mean anything bad - it means that the extra server "goo" that Active Directory provides to the domain (e.g., DHCP, DNS, etc) is all pulled out. The core of Active Directory is still there.

What do I like about it? Let me count the ways...

1. It's lightweight.
2. It runs on 32 and 64-bit machines.
3. It's the core AD code-base so all the scalability and replication capabilities are just there.
4. It's a free download.
5. It's license-free for ISVs so you can bundle with your application.
6. You can run multiple instances of ADAM on the same server.
7. It's viral. What does that mean? Well, anyone can download, install, setup and build LDAP/ADAM-enabled applications without involving corporate IT. With AD, you need corporate IT involved because you can't just introduce a new domain controller on your own. (Well, you can try but you'll get your fingers slapped or worse.)
8. It's multi-master. Can you believe that there are still directory servers out there than aren't fully multi-master?
9. If you are using Active Directory you pretty much know how to use, maintain, monitor and operate ADAM.
10. Did I say it was free? Can you believe there are still ISVs out there that sell their directory servers - usually per object?! Worse, can you believe that there are companies out there that still pay money for their directory servers when both ADAM and AD are essentially free?

It's amazing to see how much uptake ADAM has received since it was released. There isn't a customer out there that isn't using ADAM or planning on using it. You may even be using it without knowing it!

Technorati Tags:
Microsoft, Active Directory, identity management

Redmond Readers' Choice Awards 2007

Quest Software's migration products won awards this year! Thanks to all the folks who supported and voted for us!

Technorati Tags:
Quest Software

The Perils of Being Suddenly Rich

Interesting article on David Hayden who founded Critical Path in 1997. Back in my Zoomit days we used to compete against a company called ISOCOR - who we affectionately called "EYESORE" - which was acquired by Critical Path in 1999. There are some good lessons here about the stupidity of leveraging your investments, placing complete and total trust in someone else to manage your money and - dare I say - greed.

Here's a couple of other articles on the whole debacle:

• Third time unlucky for David Hayden
• Critical Path founder feuds with bankers

Simplifying IDM Seminar in Reston, VA

SimplifyingIDM

I'm just back from a week in the nation's capital. Main highlight was the "Simplifying Identity Management" seminar that we hosted with Microsoft and DeepWater Point out at Microsoft's facility in Reston, VA. I've uploaded the photos we took so just click on the picture above and you can see the album.

We had a great turnout with over 75 customers. I had two awesome presenters go on before me: Javier Vasquez from Microsoft and Scott Hastings from DeepWater Point. Both did an excellent job. I especially liked Scott's presentation because he had no slides!

Scott was formerly the CIO of the Department of Homeland Security. Scott was responsible for the implementation of the US VISIT program - you know that biometric/camera thingy that non-citizens have to go through when they arrive in the US? I have to say that I was impressed with the fact that the US VISIT program came in on budget, on time and on target with respect to what was expected of it.

Quest also hosted a cocktail reception that evening for our partners. All in all, it was a great event! I had the opportunity to visit with a number of customers while I was in the DC area. Next week I'll blog about my observations.

Technorati Tags:
identity management, Quest Software, Microsoft

Old friends

I'm in Washington, DC as my next stop of the reality tour. When I worked at Zoomit many years ago I used to spend a lot of time down here. If anyone remembers the "Defence Message System" (DMS) initiative of the mid-90s you'll remember it was based around X.500 and the OSI protocols. I knew that DMS was going to be a train wreck because it was based on X.500 when LDAP had just come out and the protocol stack was OSI-based versus TCP/IP-based. Anyway, DMS never did turn into the thing it was supposed to be.

I met one of my best friends down here as part of Zoomit's work on DMS, Banyan VINES and many other projects. Jerry Welch was then - and still is - with CPS Systems. CPS was one of the resellers of Zoomit's products.

Jerry's a real class act, a gentleman and an ex-Marine "Mustang" aviator who saw combat in Vietnam. It was great to get together to reminisce and talk about family and how much things have changed and how much things haven't changed! Jerry's still doing the identity management thing and now sells a product called "SimpleSync" that CPS built shortly after Zoomit was acquired by Microsoft.

Check out the license plate on his car...!

Technorati Tags:
Quest Software, Zoomit, identity management

Dell publishes the Quest/Vintela identity management case study

In my previous post How Dell Streamlined Authentication and Identity Management I gave you an early preview of the case study Dell is publishing. Well, Dell did release that case study on their web site. You can view it here.

Last August we also published an article in Dell Power Solutions about extending MOM to Unix and Linux environments so you might also want to check that out.

Technorati Tags:
Quest Software, Dell, identity management, Vintela, Microsoft Operations Manager

Quest Club - Day 4

Here are the pictures from the "Party Like a Rock Star Dinner and Theme Party". Just click on the image of Aggie and David below to see the album...

Club 2006_Day 4

Technorati Tags:
Quest Software

Quest Club - Day 3

Most of these pics are from the awards ceremony...

Club 2006_Day 3

Technorati Tags:
Quest Software

Quest Club - Day 2

Here are the Club 2006 Day 2 pictures. These are mostly from "The Survivor Tribe Challenge" that was held out on Chop Beach in front of the hotel. Just click on the image below to hop over to the album...

Club2006_Day2

Technorati Tags:
Quest Software

Quest Club - Day 1

I've posted the various Day 1 pictures from Club 2006 down here in the Bahamas...

Just click on the image below to head over to the photo album on Picasa.

Enjoy!

Club2006_Day1

Technorati Tags:
Quest Software

What did I do to deserve this?

I got an invite to attend "Club" this year. Club is Quest's annual event for the sales folks who exceed their quota. I'm not in sales so I was pretty surprised to get invited but I am happy to go! If you're wondering why there are no blog posts next week, less blog posts or incoherent blog posts you'll know why...

Technorati tags:
Quest Software

The enemy of my enemy is...

...my friend!

Yesterday, I enjoyed a very nice lunch with Barry Crist who is the CEO of Centeris. Barry gave me a call to invite me out for lunch and since I work down the road from him it was an easy invite to accept.

I've been around long enough to appreciate having competitors but one of the reasons I like competition is because of the marketing multiplier effect. What do I mean by that? When Vintela first shipped commercial product we were the first vendor in the Unix/Linux/Active Directory integration market. We were the sole voice pitching the benefits of integrating with Unix and Linux with Active Directory. By having Barry out there pitching a similiar message I'm benefiting from his efforts. Barry is also benefiting from Quest's marketing efforts. So it's a win-win for both of us.

We also had the opportunity to talk frankly about areas where we competebut also areas where we don't compete and how we might be able to work together in a few of these "adjacent" areas. We parted ways with a mutual promise to get together to discuss these areas in more detail. I hope we do.

Thanks for picking up the tab Barry and don't forget our bet...!

Technorati tags:
Active Directory; Centeris; identity management; Quest Software; Vintela

Seven Laws of Identity in a Nutshell

Kim Cameron from Microsoft wrote the Seven Laws of Identity white paper that has had popular acclaim since it was published. In the TechNet Magazine on "Managing Identity" he wrote a nice sidebar titled "Seven Rules in a Nutshell". Since I can't point you directly to it I thought I would transcribe them here for you viewing pleasure...

1. Technical identity systems must only reveal information identifying a user with the user's consent.

2. The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

3. Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

4. A universal identity system must support both "omnidirectional" identifiers for use by public entities and "unidirectional" identifiers for user by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. A universal identity system must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms, offering protection against identity attacks.

7. The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

I installed WinFX the other night on my Windows XP system and created my own Information Cards and then used one to logon to Kim's blog - it worked!

Now if I could get a Quest property or two to accept either OpenIDs or InfoCards...

Technorati Tags:
CardSpace, Kim Cameron, Microsoft, OpenID, identity management

Hello?? Anyone awake in there??

I've been purposefully ignoring this message as my passive/aggressive protest against the vendor who not only builds a federation product but also has built CardSpace. Either of which could be used so I don't have to remember yet another password that I have clearly already forgotten!

Well, dear Extranet Management Tool Team, "Shaw, Jackson," will not be contacting his sponsor (I feel like an alcoholic), his sponsorship manager or his sponsor delegate to get his account "Unfrozen".

Thanks, but no thanks.

p.s. Feel free to delete the account right now or, preferably, to stop sending me messages daily reminding me that I have a bad memory...

p.p.s. A number of interesting comments about this post over at Kim Cameron's blog - check them out!

Shaw, Jackson,

The account issued to Partners\JaShaw has been set to the status "Frozen". This account is now disabled and can no longer be used to access the system.

To re-enable this account, you will need to contact your Sponsor, Sponsorship Manager, or Sponsor Delegate to reset the account. If this account is not enabled by 04/18/2007 it will be deleted from the system.

For assistance, please contact your administrator, site owner or the Helpdesk.

Thank you,

The Extranet Management Tool Team
Enterprise Portal Platform (EPP)

Technorati Tags:
CardSpace, Active Directory Federation Services, identity management

Synchronization versus Virtualization

Interesting blog post over at Novell's Volker Scheuber about synchronization versus virtualization. Volker talks about one of the disadvatages of virtualization:

All data is always available as long as the central identity vault is available. In a virtual directory implementation, some of the delegated data source may not be available and requests may return no or only incomplete data.

EXACTLY!

And, how do most vendors get around this problem? Well, in most cases you get the option to cache the data in case the delegated data source is not available. If you cache the data then what do you have?? Answer = a metadirectory.

There are use cases for virtualization but don't think that virtualization is that different than a metadirectory. Volker does mention one very important use case: politics - the 8th layer of the ISO stack. It's typically easier to implement a virtual directory than a metadirectory since virtual directories pull from data sources whereas a metadirectory usually is implemented to both push and pull data but you have to engineer the virtual directory against failure or incomplete responses. Architecturally, having to rely on the network - and the underlying directories or databases - for real-time response is difficult.

Either way, a rose by any other name...

Technorati Tags:
Novell, identity management

MIIS 2003 SP2 now available...

What's New in MIIS 2003 SP2

Support for SQL Server 2005

Support for Visual Studio 2005

Updated management agent support:
· New management agent for Certificate and Smart Card Management.
· The management agents for Active Directory (AD) and Active Directory Application Mode (ADAM) now support Windows Server R2.
· The management agent for Microsoft SQL Server now supports SQL Server 2005
· The management agent for Lotus Notes now supports Lotus Notes® Release 7.0.
· The management agent for Oracle Database® now supports Oracle Database® Release 10g.
· The new ERP management agent for SAP® is available from the Microsoft web site.
· The new management agent for Certificate and Smart Card Management is also available from the Microsoft web site.

Updated security options
· The management agent for Active Directory (AD) now supports Secure Sockets Layer (SSL) in addition to Kerberos Sign & Seal.
· The management agents for Active Directory and Active Directory Application Mode (ADAM) now support certificate revocation checking for SSL.
Improvements
· Group processing is now 40% faster.
· The Generate and Commit options in Preview allow you to view the results of synchronizing an individual object, with or without committing the change to the metadirectory.

Technorati Tags:
identity management, MIIS, Microsoft, Active Directory

How Dell Streamlined Authentication and Identity Management

The May, 2007 issue of Dell Power Solutions will contain an excellent case study on how Dell uses Quest's Vintela Authentication Services for streamlining and consolidating their authentication and identity management around Active Directory.

The decision to use Active Directory came after Dell launched a project called Multi-Platform Management Integration (MPMI). Its goal was to make the Microsoft Active Directory directory service the authoritative authentication system and master source for all user accounts across all systems within Dell—those running Microsoft Windows, IBM AIX, Sun Solaris, and the various Linux operating systems. Dell chose not to create yet another directory or build a synchronization solution - they chose to consolidate and simplify their identity management infrastructure.

Yah, baby!

Dell has about 2,200 Linux and UNIX servers that they have now integrated with Active Directory. Dell tried the open source approach but, in the end, decided on a commercial solution. After evaluating and eliminating the competition they chose Quest. According to Dell, "One solution quickly rose to the top"...

“Vintela Authentication Services is the best product we have found on the market,” concludes David Taylor, Principal Linux engineer at Dell. “It satisfies our needs and can help us expand where we need to in the future.”

Technorati Tags:
Active Directory, Dell, identity management, Microsoft, Vintela