Tuesday, May 20, 2014

Two Time Winner of Best of TechEd! - Back to Back Winners

I looked back at my blog posting from last year when we won Best of TechEd in the cloud computing category with our VIS for Office 365 solution and so many things remain the same.  Working the booth was long and tiring work, but again we had some great conversations with existing customers as well as prospects.

It is hard to imagine that a full year has passed.  So many things have happened.  We went on a bit of worldwide tour, where I spent about 8 weeks in Australia and New Zealand.  We sponsored both TechEd Australia and TechEd New Zealand.  We cosponsored this with our Australian partner and the shows were a huge success.  We landed some great business and the region is continuing to grow.

As was the case last year, the highlight of the conference was winning the Best of TechEd award.  Once again Optimal IdM was honored last week by winning the Best of TechEd award in Houston Texas.  Our Virtual Identity Server for SharePoint solution won in the SharePoint category.

I think i said it well last year that it is really exciting to have an independent panel of experts (editors of Windows IT Pro) select your product as the best!  This year they reviewed over 200 products and then narrowed that down to 3 finalists in each category.  Just making it as a finalist this year was great, but to win the award back to back  2 years in a row was simply awesome.

Last year I said that we would be able to brag (nicely of course) that we have award winning software and that it would be a badge we would wear proudly.  Now we will humbly but proudly wear two badges as back to back winners.

I think the editors said it best when they posted on their website the following summary.

"Optimal IdM Virtual Identity Server for SharePoint brings a new level of management and delegated administration to SharePoint, allowing both large and small installations to drive user and distribution list management and access rights down to the lowest admin levels where they need to be. Virtual Identity Server for SharePoint also allows users from multiple, disconnected identity sources to access common SharePoint sites whether they're inside or outside the company."

The posting can be found here on Windows IT Pro's website

Thursday, May 8, 2014

Best of TechEd Finalist!

I suppose it is pretty fitting that my last blog post was about winning Best of TechEd last year for the cloud computing category with our VIS for Office 365 solution.   We are once again honored to be a finalist for Best of TechEd this year!  This time we are a finalist in the SharePoint category for our Virtual Identity Server for SharePoint solution.

Our VIS for SharePoint solution is a combination of a number of components that when combined provides an excellent framework for SharePoint.   We support both SharePoint 2010 and SharePoint 2013and have some of the largest customers in the world using this solution for their SharePoint needs.

Here is a brief bullet of some of the things the solution provides.

  • Extensible Single Sign On
  • Easy and fast multi-forest or multi repository 
  • Dynamic Role Based Access Control
  • Comprehensive Audit, Compliance and Reporting
  • Fine grained claims entitlements with workflow approval
  • SharePoint Governance
  • Searchable People Picker to any repository in a federated deployment

Also be sure to stop by the Booth 129 at Tech Ed and vote for us for Best of attendees pick!

You can find out more information on our website at

Saturday, June 15, 2013

VIS for Office 365 - Best of TechEd Winner!

Virtual Identity Server for Office 365
Best of TechEd Winner for Cloud Computing!

Optimal IdM was again an exhibitor at Microsoft's TechEd conference last week in New Orleans.  It really is a great conference covering all sorts of technologies from Windows, SharePoint, Exchange, and Cloud/Office 365.  We also get to connect with existing customers, partners and of course meet new prospective clients too.

While working a show on booth duty is always tiring, I really do enjoy it.  I love talking to the folks who stop by with their given challenges and talking to them about how our solution might help solve those problems.   There are often common themes, but there almost always is something brand new that comes my way that gets me thinking.  It happened again this year but that is for another blog and another day.

I must confess, however, that while those conversations were great, that the highlight of the show for us was winning the Best of TechEd award for Cloud computing!   It was our Virtual Identity Server for Office 365 that won the award.  I know that we have a great product and it is great to hear that from our customers, but it is really exciting to have an independent panel of experts (editors of Windows IT Pro) select your product as the best!  Especially given the fact that they reviewed nearly 300 products. 

So now we get to brag (nicely of course) that we have award winning software.  It's a badge we will wear proudly.

Friday, September 21, 2012

Follow up post to - "A Virtual Directory is not just for "legacy" applications"

I have a short follow up post to my post titled: "A Virtual Directory is not just for 'legacy' applications".

I am sure some folks will read that post and still think that virtual directories are still only about LDAP applications.  On top of that they will probably say to themselves that Federation will solve these problems of abstracting the application from the directory.

To the latter point, yes Federation does provide a level of abstraction, but there are many other factors to consider.   The Federation server (what ever it is) still needs to authenticate the user somewhere.  In the case of Microsoft's AD FS server, it can only authenticate to Active Directory. 

If you utilize Optimal IdM's Virtual Identity Server for Federation Services, however, you can now have an AD FS infrastructure that can authenticate users ANYWHERE.  Our Federation component is an Identity Provider (IP) that leverages our Virtual Identity Server (VIS) virtual directory to authenticate users in whatever data store they reside.   It doesn't matter if they are in another directory such as Sun or eDirectory or even in databases. 

Have multiple Active Directory forests?  Yep, leveraging our solution we make that a snap too.  No need for a ton of AD FS servers, trusts, etc.  Think about it this way. With a virtual directory any application whether it is SharePoint, CRM, or ADFS no longer needs to worry about multi-forest or where users are stored for that matter.  That is a compelling statement when you think about it.

Also, a virtual directory makes it very easy to source identity data (Claims in the Microsoft world) from ANY data source.  AD FS can only source claims from AD or SQL. By plugging our solution in with ADFS, ADFS no longer needs to worry about getting the data from disparate data sources.  The same thing rings true for a host of other applications. 

Thursday, September 20, 2012

A Virtual Directory is not just for "legacy" applications

Recently I was talking to someone who is working on "future technologies".  In this conversation, I got the perception that they believe that virtual directories are used only for "legacy" applications. Now keep in mind what "legacy apps" means to folks building infrastructures for the "future".  To them, a legacy app is an application that is currently running in the enterprise right now, not ancient applications from years ago.

In my opinion, trying to pigeon hole a virtual directory as being legacy is flat out wrong.  Sure companies use a virtual directory to solve some very classic problems that applications struggle with (such as multi-forest), but that is only part of the reason they deploy.  It isn't just about their currently deployed applications, but about their future applications too. 

For example, we have some of the largest Fortune 500 companies in the world that are architecting
our virtual directory as a key component in the architecture they are building for the future.  They see the virtual directory as vital element that is absolutely necessary to meet their objectives both known and unknown. It is the unknown that kills you in the future.

Think about this for a moment.   When Microsoft first deployed Active Directory they told everyone to have an empty root forest, right?  Ooops!  Later they changed their minds and said nope you don't need that.  How many enterprises still have that "old" architecture?  How many have multiple forests?  Why? 

The answer is simple.  It is very hard to change.   Without a virtual directory, applications are tightly coupled to the data store.  This, of course, is a bad thing in any IT architecture.  We don't let application developers code directly to the database tables do we? No.  We give them a stored procedure or view.  With a buffer or "black box" that the applications use, we can now change out infrastructure without impacting the applications.  

Our enterprise customers see this and use the virtual directory as their buffer layer or black box.  This lets them architect for the future, now.  They are using this virtual layer to provide this buffer for both on-premise and cloud.    Also, we at Optimal IdM don't stop at just the LDAP support either.  For example, with our integration with Microsoft's Graph API we can translate LDAP calls into RESTful web service calls.  

Nobody can predict the future.  However, when it comes to computer architectures, I do know that we will need to make changes in the future.  A virtual directory enables organizations to make changes easier and without impacting applications.  The cost savings are enormous and very quantifiable. 

So while our customers are deploying the virtual directory on a enterprise scale into the present environment, the key point is that they are doing this to enable flexibility in the future environment too.

That is a key concept that is lost on this person...

Tuesday, September 18, 2012

Cloud Adoption - The 80/20 rule...

Over the years I have worked for several small companies. These companies were in the 100-150 person range.  Back then (late 90's/early 2000's) the "cloud" wasn't really there with the exception of Salesforce.com. These companies that I worked for all had an on-premise Active Directory with some sort of email system such as Exchange and collaboration portals to share documents, etc.  Each of them typically employed 2 to 3 full time IT folks to keep it all moving. 

In today's world, a 100 person company can easily find ALL of their services in the cloud, without requiring any on-premise infrastructure or servers.  This is the "low hanging fruit" for Microsoft.  The companies are small and can easily log in to a cloud portal application, create their users and passwords and get to the cloud. These are the easy ones. 

Now lets move on up the chain to the medium and large enterprises.  These companies likely have an on-premise environment (i.e. Active Directory) and as the organization grows in size, its complexity grows.  They will have more and more user repositories, multiple platforms, etc.  Moving these organizations to the cloud is more complicated and difficult.  

Here is the rub and the 80/20

While you may be able to grab "80%" of the companies in the world under the non-complicated low hanging fruit scenario, this only represents "20%" of the total user population.  While there are fewer of the medium to large customers, they have more users and thus a greater total population. That wouldn't matter if cloud services were sold on a flat server/company fee, but most cloud offerings sell per user/per month. 

Here is some quick math shown in the spreadsheet below.   In the example, I averaged the "small" company at 100 users.  That would be a mix of some companies that have 5 or 20 people and some with 200 or 300.  As you can see for Microsoft's middle of the road Office 365 plan that would equate to $168 million dollars in annual revenue in my scenario of getting 10,000 of these companies.

Now let's look at my second example.  In this scenario, I assume that only 2,000 companies sign up for the cloud offering.  However, these 2,000 companies have on average 30,000 users (some higher/some lower).   In this scenario, using the same middle of the road Office 365 plan would result in annual revenue of 10 billion dollars...

Which would you rather have?  80% of the small companies or 20% of the large companies?  Obviously these aren't hard and fast numbers, but the 80/20 model is the base premise here.

Now it is probably pretty easy to see why my company Optimal IdM, developed our Virtual Identity Server for Office 365 solution.  This solution eliminates many of the most common deployment barriers for Office 365.  In a nutshell, we make complex environments easier to manage and cloud adoption a snap!   We charge a percentage of what Microsoft charges for Office 365 but as you can see with each new customer (they are typically large) that represents substantial recurring revenue.

It is sort of like target markets in general.  You would far rather have a product that has a target market with anyone in the world, then to have a product geared towards a specific age/gender/ etc.  In terms of cloud, I would far rather have a smaller number of customers that represent the bulk of the user base.

By not supporting multiple AD forests in Office 365 or other data stores for that matter, Microsoft went after the low hanging fruit.  The easy, non-complicated customers.   That's where partners come into play such as us.  We fill the gap and make adopting Office 365 fast and easy. We can take a customer to the cloud in a matter of days regardless of the number of data repositories they have and without changing or touching their existing infrastructure.  It is the easy and no risk way to go to Office 365. 

Saturday, July 21, 2012

Half a million clear text passwords hacked on Yahoo

Recently it was reported that Yahoo had almost a half a million passwords hacked.  That is bad enough, but what is worse is that the hack exposed clear text passwords!  Really???  To quote tennis great John McEnroe. "You can't be serious!"

I understand that the code came from a company they acquired but that doesn't matter at all to me and is simply no excuse.  To me, that only strengthens the case for short selling the stock (not to mention 5 CEO's in 5 years)...  They clearly didn't do any technical due diligence.  While a full blown review of the code they were buying might have been overkill, you sure do think they would have found that the passwords were being stored in clear text...

Unfortunately password hacks seems to have been a theme lately (i.e. LinkedIn, eHarmony, etc.).   LinkedIn got a lot of grief for not salting their password hash. Apparently these developers aren't even advanced enough to know how to hash a password let alone salt it. 

A whole host of questions pop into my mind after reading this.  Here are a few.

  • Do you know what your cloud vendor is doing?  
  • Are they storing your password hashed? 
  • Is your sensitive data (i.e. credit card numbers) stored encrypted? 
  • Do they have off-site back up that is encrypted?  
  • Are their employees screened? 

Link to posting on CNN Yahoo