Tuesday, February 17, 2009

To cache or not to cache?

Well it is time to dive right in to this blogging thing with a topic that always seems to come up with virtual directories and that is the subject of caching. It always seems to be a lively debate/discussion, so here are a few of my thoughts on two of the most common questions.

Question 1: Do you need to cache data with a virtual directory?

Being a consultant for many years, I have to give it my stock answer (and the right one IMHO) and that is "it depends". As with any application or system you are designing, the requirements and the environment should dictate the design. For example, some of our clients use the Virtual Identity Server for SharePoint edition of our virtual directory to quickly and easily stand up a SharePoint instance that can authenticate people from an External Active Directory forest and an Internal Active Directory Forest. For this type of cross-forest authentication deployment, there is probably not a need to cache this persistently or in memory.

Question 2: If needed, does this cache NEED to be persisted?

I know of one virtual directory vendor that is adamant that cache MUST be persisted. Yes there are times when a cache should be persisted, but saying that the cache always needs to be persisted just doesn't make sense to me. Perhaps they need to persist cache to overcome performance problems in their core engine and can't run sufficiently without it.

Yes, I believe a virtual directory should support both memory and persistent caching, but more importantly it should be architected correctly within the product and not be a hack add-on just to have a check mark on the features list. Keeping track of what each vendor supports can get confusing and sometimes it is misstated.

Mark Wilcox for example, posted in his blog that "OVD does provide a Cache plug-in that is granular - you can apply it globally or per adapter. It also doesn't require any other data-store (or software license, neither of which our competition can currently claim)."

While our Virtual Identity Server (VIS) virtual directory is focused on the more Microsoft centric shops, we are a virtual directory and therefore I suppose a competitor to OVD. With that said, the statement is not true. VIS does not require a separate data-store or software license to use caching. In fact, VIS doesn't require the installation of a custom plug-in to support caching. It is built right into the core engine and is a simple point and click configuration change in the GUI. VIS supports caching not only globally and per connection, but optionally down to which object classes you want to cache.

I think Matt Flynn sums it up well when he closes his post on the subject with, "My opinion is that it's a nice feature to have in the tool bag when needed, but it's not always needed."

Sunday, February 8, 2009


Greetings everyone. My name is Mike Brengs and I am a Managing Partner at Optimal IdM, a software and consulting company based in the greater Tampa Bay Florida area that specializes in identity management. We are also the developers of the Virtual Identity Server, which is a Microsoft .NET LDAP Virtual Directory.

This is the first of what hopefully will be many blogs that I post. Why am I blogging? Good question and I am glad that your reading. The old tree falling in a forest quandary comes to mind... One of the reasons I am writing is because I am the "resident IdM evangelist" at Optimal IdM and along with that job I spend part of my time doing workshops, speaking engagements, etc. This extra role suits me well because for those of you who know me, know that I do tend to speak my mind.

Of course speaking publicly on a subject matter where I have some expertise is one thing. Going on the record and posting your thoughts and beliefs for everyone to read is quite another. This must be how politicians feel, where words can be taken out of context and scrutinized. Hopefully I won't make to many goofs and if I do can find some syrup for my waffling. Almost daily I will see a blog posting, read a newspaper article, or talk to a customer or analyst and think to myself; "If I had a blog, that sure would be a good post..." So in the end, I believe I have some thoughts and comments that a few of you out on the Internet might want to hear and find valuable.

One of the main areas that I will focus on is LDAP Virtual Directories (our Virtual Identity Server product is an LDAP Virtual Directory). As I talk to people, I find that many people are either not familiar with or have the wrong understanding of what an LDAP Virtual Directory is or how this can be applied to solving real problems for organizations. I am always amazed when I talk to our customers at the unique ways they are using the technology and in the end I hope you will too.

So I hope you will enjoy reading my blog and find it useful and informative. If you don't like my blog, then please send me your name, Social Security number, date of birth, Mother's Maiden Name and your Bank Routing Information. I will issue a refund of your monies paid immediately.