tag:blogger.com,1999:blog-86710423345002211732024-03-13T20:16:37.665-04:00Mike's Musings on Identity ManagementMike Brengs' thoughts, views and commentary on all things related to the identity management space.Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-8671042334500221173.post-788114411221150012014-05-20T10:25:00.000-04:002014-05-20T10:25:30.477-04:00Two Time Winner of Best of TechEd! - Back to Back Winners<br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh6wPo0rAY8ktk6dGtSaebBVT6billYANyLSbxZGAVWKunBsMVzdFwezjlv1kUimwZAFZtuRTxLT7m_G3zeXGL4EeuzzX1QPpCbJKo5Rf892_o1awkD9AduGtkY7BJ6PXn_uAtGmkKCEw/s1600/2129_BOTE_2014_Winner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh6wPo0rAY8ktk6dGtSaebBVT6billYANyLSbxZGAVWKunBsMVzdFwezjlv1kUimwZAFZtuRTxLT7m_G3zeXGL4EeuzzX1QPpCbJKo5Rf892_o1awkD9AduGtkY7BJ6PXn_uAtGmkKCEw/s1600/2129_BOTE_2014_Winner.jpg" height="320" width="287" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
I looked back at my blog posting from last year when we won Best of TechEd in the cloud computing category with our <a href="http://optimalidm.com/our-products/virtual-identity-server-vis-for-office-365/" target="_blank">VIS for Office 365</a> solution and so many things remain the same. Working the booth was long and tiring work, but again we had some great conversations with existing customers as well as prospects. <br />
<br />
<br />
It is hard to imagine that a full year has passed. So many things have happened. We went on a bit of worldwide tour, where I spent about 8 weeks in Australia and New Zealand. We sponsored both TechEd Australia and TechEd New Zealand. We cosponsored this with our Australian partner and the shows were a huge success. We landed some great business and the region is continuing to grow.<br />
<br />
<br />
As was the case last year, the highlight of the conference was winning the Best of TechEd award. Once again Optimal IdM was honored last week by winning the Best of TechEd award in Houston Texas. Our <a href="http://optimalidm.com/our-products/virtual-identity-server-for-sharepoint/" target="_blank">Virtual Identity Server for SharePoint </a>solution won in the SharePoint category.<br />
<br />
I think i said it well last year that it is really exciting to have an independent panel of experts (editors of Windows IT Pro) select your product as the best! This year they reviewed over 200 products and then narrowed that down to 3 finalists in each category. Just making it as a finalist this year was great, but to win the award back to back 2 years in a row was simply awesome.<br />
<br />
Last year I said that we would be able to brag (nicely of course) that we have award winning software and that it would be a badge we would wear proudly. Now we will humbly but proudly wear two badges as back to back winners.<br />
<br />
I think the editors said it best when they posted on their website the following summary.<br />
<br />
"<span style="background-color: white; color: #333333; font-family: Georgia, Times, 'Times New Roman', serif; font-size: 15px; line-height: 22.200000762939453px;">Optimal IdM Virtual Identity Server for SharePoint brings a new level of management and delegated administration to SharePoint, allowing both large and small installations to drive user and distribution list management and access rights down to the lowest admin levels where they need to be. Virtual Identity Server for SharePoint also allows users from multiple, disconnected identity sources to access common SharePoint sites whether they're inside or outside the company."</span><br />
<span style="background-color: white; color: #333333; font-family: Georgia, Times, 'Times New Roman', serif; font-size: 15px; line-height: 22.200000762939453px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Georgia, Times, 'Times New Roman', serif; font-size: 15px; line-height: 22.200000762939453px;">The posting can be found here on <a href="http://windowsitpro.com/windows/announcing-our-best-teched-2014-winners" target="_blank">Windows IT Pro's website</a></span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com3tag:blogger.com,1999:blog-8671042334500221173.post-80638433790528433042014-05-08T10:14:00.002-04:002014-05-08T10:14:22.102-04:00Best of TechEd Finalist!<br />
<br />
<br />
I suppose it is pretty fitting that my last blog post was about winning Best of TechEd last year for the cloud computing category with our VIS for Office 365 solution. We are once again honored to be a finalist for Best of TechEd this year! This time we are a finalist in the SharePoint category for our Virtual Identity Server for SharePoint solution.<br />
<br />
<br />
Our VIS for SharePoint solution is a combination of a number of components that when combined provides an excellent framework for SharePoint. We support both SharePoint 2010 and SharePoint 2013and have some of the largest customers in the world using this solution for their SharePoint needs.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDICPUYwY0-SteMbdb2QmAYDjUHe7AWnWRivvS70g8iJZ6XF-jTpsILflxr7bn_pCYSejfVNS4CjiVQx6-zv4WUoX0XS7DkcfGQTJ0Y625gbxy76yQIMsTQ1k_n1sJLWUs1y5_Lhyphenhyphen4RBM/s1600/2129_BOTE_2014_Finalist.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDICPUYwY0-SteMbdb2QmAYDjUHe7AWnWRivvS70g8iJZ6XF-jTpsILflxr7bn_pCYSejfVNS4CjiVQx6-zv4WUoX0XS7DkcfGQTJ0Y625gbxy76yQIMsTQ1k_n1sJLWUs1y5_Lhyphenhyphen4RBM/s1600/2129_BOTE_2014_Finalist.jpg" height="320" width="287" /></a></div>
<br />
Here is a brief bullet of some of the things the solution provides.<br />
<br />
<br />
<ul>
<li>Extensible Single Sign On</li>
<li>Easy and fast multi-forest or multi repository </li>
<li>Dynamic Role Based Access Control</li>
<li>Comprehensive Audit, Compliance and Reporting</li>
<li>Fine grained claims entitlements with workflow approval</li>
<li>SharePoint Governance</li>
<li>Searchable People Picker to any repository in a federated deployment</li>
</ul>
<div>
<br /></div>
<div>
<br /></div>
<div>
Also be sure to stop by the Booth 129 at <a href="http://northamerica.msteched.com/" target="_blank">Tech Ed </a>and vote for us for Best of attendees pick!</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
You can find out more information on our website at</div>
<div>
<a href="http://optimalidm.com/our-products/virtual-identity-server-for-sharepoint/" target="_blank">http://optimalidm.com/our-products/virtual-identity-server-for-sharepoint/</a></div>
<div>
<br /></div>
<div>
<a href="http://www.optimalidm.com/" target="_blank">http://www.optimalidm.com</a></div>
<br />
<br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com1tag:blogger.com,1999:blog-8671042334500221173.post-1811074323186716452013-06-15T10:57:00.000-04:002013-06-15T10:57:09.862-04:00VIS for Office 365 - Best of TechEd Winner!<br />
<h2 style="text-align: center;">
Virtual Identity Server for Office 365<br /> Best of TechEd Winner for Cloud Computing!</h2>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ1V7jpxN5Nc-Wsj-hFFVmWiRbS2c4to_0kzAQ-8cEy7SX0cKQ7K96JwwKVkNaphKkt5bnY_1wrT3QrmDyZ100aXXTiYeH60QWopOUyPTkCqJyWsTqW4o_l2E7wm7BO6-4lsD_m4yk1Wg/s1600/BestofTechEdWinner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ1V7jpxN5Nc-Wsj-hFFVmWiRbS2c4to_0kzAQ-8cEy7SX0cKQ7K96JwwKVkNaphKkt5bnY_1wrT3QrmDyZ100aXXTiYeH60QWopOUyPTkCqJyWsTqW4o_l2E7wm7BO6-4lsD_m4yk1Wg/s320/BestofTechEdWinner.jpg" width="298" /></a></div>
<br />
<br />
Optimal IdM was again an exhibitor at Microsoft's TechEd conference last week in New Orleans. It really is a great conference covering all sorts of technologies from Windows, SharePoint, Exchange, and Cloud/Office 365. We also get to connect with existing customers, partners and of course meet new prospective clients too.<br />
<br />
While working a show on booth duty is always tiring, I really do enjoy it. I love talking to the folks who stop by with their given challenges and talking to them about how our solution might help solve those problems. There are often common themes, but there almost always is something brand new that comes my way that gets me thinking. It happened again this year but that is for another blog and another day.<br />
<br />
I must confess, however, that while those conversations were great, that the highlight of the show for us was winning the <a href="http://windowsitpro.com/systems-management/congratulations-our-best-teched-2013-winners" target="_blank">Best of TechEd award</a> for Cloud computing! It was our <a href="http://www.optimalidm.com/Products/VIS/VirtualIdentityServerforOffice365/default.aspx" target="_blank">Virtual Identity Server for Office 365</a> that won the award. I know that we have a great product and it is great to hear that from our customers, but it is really exciting to have an independent panel of experts (editors of <a href="http://windowsitpro.com/" target="_blank">Windows IT Pro</a>) select your product as the best! Especially given the fact that they reviewed nearly 300 products. <br />
<br />
So now we get to brag (nicely of course) that we have award winning software. It's a badge we will wear proudly.Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com8tag:blogger.com,1999:blog-8671042334500221173.post-78878353949422628012012-09-21T14:08:00.001-04:002012-09-21T14:08:03.481-04:00Follow up post to - "A Virtual Directory is not just for "legacy" applications"I have a short follow up post to my post titled: "A Virtual Directory is not just for 'legacy' applications".<br />
<br />
I am sure some folks will read that post and still think that virtual directories are still only about LDAP applications. On top of that they will probably say to themselves that Federation will solve these problems of abstracting the application from the directory.<br />
<br />
To the latter point, yes Federation does provide a level of abstraction, but there are many other factors to consider. The Federation server (what ever it is) still needs to authenticate the user somewhere. In the case of Microsoft's AD FS server, it can only authenticate to Active Directory. <br />
<br />
If you utilize Optimal IdM's <a href="http://www.optimalidm.com/Products/VIS/VirtualIdentityServerFederationServices/default.aspx" target="_blank">Virtual Identity Server for Federation Services</a>, however, you can now have an AD FS infrastructure that can authenticate users ANYWHERE. Our Federation component is an Identity Provider (IP) that leverages our Virtual Identity Server (VIS) virtual directory to authenticate users in whatever data store they reside. It doesn't matter if they are in another directory such as Sun or eDirectory or even in databases. <br />
<br />
Have multiple Active Directory forests? Yep, leveraging our solution we make that a snap too. No need for a ton of AD FS servers, trusts, etc. Think about it this way. With a virtual directory any application whether it is SharePoint, CRM, or ADFS no longer needs to worry about multi-forest or where users are stored for that matter. That is a compelling statement when you think about it.<br />
<br />
Also, a virtual directory makes it very easy to source identity data (Claims in the Microsoft world) from ANY data source. AD FS can only source claims from AD or SQL. By plugging our solution in with ADFS, ADFS no longer needs to worry about getting the data from disparate data sources. The same thing rings true for a host of other applications. <br />
<br />
<br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com1tag:blogger.com,1999:blog-8671042334500221173.post-2579305250752765902012-09-20T11:55:00.000-04:002012-09-20T11:55:12.435-04:00A Virtual Directory is not just for "legacy" applicationsRecently I was talking to someone who is working on "future technologies". In this conversation, I got the perception that they believe that virtual directories are used <strong>only</strong> for
"legacy" applications. Now keep in mind what "legacy apps" means to folks building
infrastructures for the "future". To them, a legacy app is an application that is currently running in
the enterprise right now, not ancient applications from years ago. <o:p></o:p><br />
<br />
In my opinion, trying to pigeon hole a virtual directory as being legacy is flat out wrong. Sure
companies use a virtual directory to solve some very classic problems that applications
struggle with (such as multi-forest), but that is only part of the reason they deploy. It isn't just about their currently deployed applications, but about their future applications too. <br />
<br />
For example, we have some of the largest Fortune 500 companies in the world that are <span style="font-family: Calibri;">architecting<o:p></o:p></span><br />
our virtual directory as a key component in the architecture they are building <strong>for the future</strong>. They see the virtual directory as vital element that is absolutely necessary to meet their objectives both known and unknown. It is the <strong>unknown</strong> that kills you in the future.<br />
<br />
Think about this for a moment. When Microsoft first deployed Active Directory they told everyone to have an empty root forest, right? Ooops! Later they changed their minds and said nope you don't need that. How many enterprises still have that "old" architecture? How many have multiple forests? Why? <br />
<br />
The answer is simple. <u>It is very hard to change</u>. Without a virtual directory, applications are tightly coupled to the data store. This, of course, is a bad thing in any IT architecture. We don't let application developers code directly to the database tables do we? No. We give them a stored procedure or view. With a buffer or "black box" that the applications use, we can now change out infrastructure without impacting the applications. <br />
<br />
Our enterprise customers see this and use the virtual directory as their buffer layer or black box. This lets them architect for the future, <u><strong>now</strong></u>. They are using this virtual layer to provide this buffer for both on-premise and cloud. Also, we at <a href="http://www.optimalidm.com/" target="_blank">Optimal IdM</a> don't stop at just the LDAP support either. For example, with our integration with <a href="http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA322" target="_blank">Microsoft's Graph API</a> we can translate LDAP calls into RESTful web service calls. <br />
<br />
Nobody can predict the future. However, when it comes to computer architectures, I do know that we will need to make changes in the future. A virtual directory enables organizations to make changes easier and without impacting applications. The cost savings are enormous and very quantifiable. <br />
<br />
So while our customers are deploying the virtual directory on a enterprise scale into the present environment, the key point is that they are doing this to enable flexibility in the <strong>future</strong> environment too.<br />
<br />
That is a key concept that is lost on this person...<br />
<br />
<br />
<br />
<br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<br /></div>
Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com1tag:blogger.com,1999:blog-8671042334500221173.post-61100966739264758422012-09-18T08:08:00.000-04:002012-09-18T08:08:09.869-04:00Cloud Adoption - The 80/20 rule...Over the years I have worked for several small companies. These companies were in the 100-150 person range. Back then (late 90's/early 2000's) the "cloud" wasn't really there with the exception of Salesforce.com. These companies that I worked for all had an on-premise Active Directory with some sort of email system such as Exchange and collaboration portals to share documents, etc. Each of them typically employed 2 to 3 full time IT folks to keep it all moving. <br />
<br />
In today's world, a 100 person company can easily find ALL of their services in the cloud, without requiring any on-premise infrastructure or servers. This is the "low hanging fruit" for Microsoft. The companies are small and can easily log in to a cloud portal application, create their users and passwords and get to the cloud. These are the easy ones. <br />
<br />
Now lets move on up the chain to the medium and large enterprises. These companies likely have an on-premise environment (i.e. Active Directory) and as the organization grows in size, its complexity grows. They will have more and more user repositories, multiple platforms, etc. Moving these organizations to the cloud is more complicated and difficult. <br />
<br />
<strong><u><span style="color: #444444;">Here is the rub and the 80/20</span></u></strong><br />
<br />
While you may be able to grab "80%" of the companies in the world under the non-complicated low hanging fruit scenario, this only represents "20%" of the total user population. While there are fewer of the medium to large customers, they have <strong>more</strong> users and <strong>thus a greater total population</strong>. That wouldn't matter if cloud services were sold on a flat server/company fee, but most cloud offerings sell per user/per month. <br />
<br />
Here is some quick math shown in the spreadsheet below. In the example, I averaged the "small" company at 100 users. That would be a mix of some companies that have 5 or 20 people and some with 200 or 300. As you can see for Microsoft's middle of the road Office 365 plan that would equate to $168 million dollars in annual revenue in my scenario of getting 10,000 of these companies. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLaJDiQCrQPQQuFlpEUFHOKX-JXCjyZwgB_SILKEs-P5zzsOf8snNRJ_smfCfh9JV5EpyKYRivIRJQ7j7OkBfAs_5ccaqpvSP6saAHxlMF4_Su7J1ukQU6dYR0ObH0PsMRM4RY7kDdtAM/s1600/Small.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLaJDiQCrQPQQuFlpEUFHOKX-JXCjyZwgB_SILKEs-P5zzsOf8snNRJ_smfCfh9JV5EpyKYRivIRJQ7j7OkBfAs_5ccaqpvSP6saAHxlMF4_Su7J1ukQU6dYR0ObH0PsMRM4RY7kDdtAM/s320/Small.PNG" width="320" /></a></div>
<br />
Now let's look at my second example. In this scenario, I assume that only 2,000 companies sign up for the cloud offering. However, these 2,000 companies have on average 30,000 users (some higher/some lower). In this scenario, using the same middle of the road Office 365 plan would result in annual revenue of 10 billion dollars...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjje4zva_OSAh14lqEm62C2Rt45weP4pfwvFO0uxf4jzCrMbYZ035M8HFexxfqLp96auKX7CogDM1YDjNLpb93f6vjaWpBE3SLYXIr6nTrxuII3cMykoM5b9Qg-v67jon2jzBMfMDs-lLk/s1600/big.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="85" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjje4zva_OSAh14lqEm62C2Rt45weP4pfwvFO0uxf4jzCrMbYZ035M8HFexxfqLp96auKX7CogDM1YDjNLpb93f6vjaWpBE3SLYXIr6nTrxuII3cMykoM5b9Qg-v67jon2jzBMfMDs-lLk/s320/big.PNG" width="320" /></a></div>
<br />
Which would you rather have? 80% of the small companies or 20% of the large companies? Obviously these aren't hard and fast numbers, but the 80/20 model is the base premise here.<br />
<br />
Now it is probably pretty easy to see why my company <a href="http://www.optimalidm.com/" target="_blank">Optimal IdM</a>, developed our <a href="http://www.optimalidm.com/Products/VIS/VirtualIdentityServerforOffice365/default.aspx" target="_blank">Virtual Identity Server for Office 365</a> solution. This solution eliminates many of the most common deployment barriers for Office 365. <strong><em>In a nutshell, we make complex environments easier to manage and cloud adoption a snap!</em></strong> We charge a percentage of what Microsoft charges for Office 365 but as you can see with each new customer (they are typically large) that represents substantial recurring revenue.<br />
<br />
It is sort of like target markets in general. You would far rather have a product that has a target market with anyone in the world, then to have a product geared towards a specific age/gender/ etc. In terms of cloud, I would far rather have a smaller number of customers that represent the bulk of the user base.<br />
<br />
By not supporting multiple AD forests in Office 365 or other data stores for that matter, Microsoft went after the low hanging fruit. The easy, non-complicated customers. That's where partners come into play such as us. We fill the gap and make adopting Office 365 fast and easy. We can take a customer to the cloud in a matter of days regardless of the number of data repositories they have and without changing or touching their existing infrastructure. It is the easy and no risk way to go to Office 365. <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-11326129893930620002012-07-21T10:43:00.000-04:002012-07-21T10:43:05.852-04:00Half a million clear text passwords hacked on Yahoo<br />
<br />
Recently it was reported that <a href="http://money.cnn.com/2012/07/12/technology/yahoo-hack/index.htm" target="_blank">Yahoo</a> had almost a half a million passwords hacked. That is bad enough, but what is worse is that the hack exposed clear text passwords! Really??? To quote tennis great John McEnroe. "You can't be serious!"<br />
<br />
I understand that the code came from a company they acquired but that doesn't matter at all to me and is simply no excuse. To me, that only strengthens the case for short selling the stock (not to mention 5 CEO's in 5 years)... They clearly didn't do any technical due diligence. While a full blown review of the code they were buying might have been overkill, you sure do think they would have found that the passwords were being stored in clear text...<br />
<br />
Unfortunately password hacks seems to have been a theme lately (i.e. LinkedIn, eHarmony, etc.). LinkedIn got a lot of grief for not salting their password hash. Apparently these developers aren't even advanced enough to know how to hash a password let alone salt it. <br />
<br />
A whole host of questions pop into my mind after reading this. Here are a few.<br />
<br />
<ul>
<li>Do you know what your cloud vendor is doing? </li>
<li>Are they storing your password hashed? </li>
<li>Is your sensitive data (i.e. credit card numbers) stored encrypted? </li>
<li>Do they have off-site back up that is encrypted? </li>
<li>Are their employees screened? </li>
</ul>
<br />
<br />
Link to posting on CNN <a href="http://money.cnn.com/2012/07/12/technology/yahoo-hack/index.htm" target="_blank">Yahoo</a>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-49699493693915936822012-07-03T19:37:00.000-04:002012-07-03T19:37:21.575-04:00Microsoft's 6.2 Billion Dollar WritedownYikes! Microsoft reported <a href="http://www.reuters.com/article/2012/07/02/us-microsoft-charge-idUSBRE8611BR20120702" target="_blank">yesterday</a> that it took a 6.2 BILLION dollar charge almost entirely related to the acquisition of aQuantive. They acquired aQuantive back in 2007 for 6.3 billion dollars and at the time it was their largest acquisition. Since then they purchased Skype for 8.5 billion dollars making it now the largest acquisition to date.<br />
<br />
For those not familiar with a charge/write down such as this, allow me to explain. They basically said that they have NOTHING left from the acquisition. Nothing. Zilch. They basically burned 6.2 billion dollars and almost all of it due to the acquisition of aQuantive. <br />
<br />
Wow! That isn't just a small minor mistake. That is a major goof if you ask me. Lots of folks clearly missed the mark. The moral of the story for me is to take what a given vendor says to you with a grain of salt. When they lay out their vision and tell you "x is going to be the standard, etc." Know that it might not take. The public and industry at large might not adopt the technology or product. Lots of companies (not just Microsoft) are talking about cloud, saas, and private clouds, etc. Is there widespread adoption? These companies are spending millions/billions on what they see in the future, not what is here today and now. What if they are wrong? <br />
<br />
Microsoft clearly thought they were going to get something from this acquisition and they valued it to the tune of 6.3 billion dollars. To have just a few years go by and say we got nothing from it is staggering (to me). Also looks to me like they tried to bury the news on a slow week with the 4th of July.<br />
<br />
This also makes me look back at <a href="http://www.wired.com/business/2011/05/microsoft-buys-skype-2/" target="_blank">Skype</a> acquisition. I never blogged on that one but I sure had plenty of thoughts on it. It didn't make sense to me when it happened and it doesn't make sense to me now. In fact, with such a debacle as this it makes me second guess Skype even more. Microsoft largely had all of the basic <a href="http://www.wired.com/business/2011/05/microsoft-buys-skype-2/" target="_blank">technology</a>. Sure Skype had the apps for the phones (primarily iPhone and Android) and a substantial user base, but keep in mind the company also had a loss of 7 million dollars when it was acquired. Hmmm... Almost sounds like the fury back in the .dot com bust days. Lots of hype over business models that hadn't yet shown they could turn a profit. <br />
<br />
Microsoft does some pretty cool things, but they do make blunders. I believe recent history here will repeat itself and in a few years Microsoft will find out that the Skype acquisition was not worth 8.5 billion dollars. <br />
<br /><br />
A link to the press release can be found <a href="http://www.reuters.com/article/2012/07/02/us-microsoft-charge-idUSBRE8611BR20120702" target="_blank">here</a>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-26230170102981522902012-06-27T18:21:00.001-04:002012-06-27T18:21:45.922-04:00Internet Explorer is dead. Is Active Directory next?I saw a post on a colleagues blog the other day that <a href="http://www.thetechblock.com/articles/2012/google-chrome-surpasses-internet-explorer-as-worlds-most-popular-web-browser/" target="_blank">Chrome</a> just surpassed Internet Explorer as the worlds most popular browser. On the one hand it surprised me and on the other hand it didn't. Not only has Chrome gained ground but so has Firefox. The King is dead. Long live the King.<br />
<br />
So my question is the following. With all of the emphasis on the "cloud directory", is Active Directory on-premise going to suffer the same fate?<br />
<br />
It may not sound as far fetched as some of you may think... Let's look back at a few things in history. Take Novell’s dominance in the LDAP directory space in the 80’s and 90’s. Few would have predicted that Microsoft would release Active Directory and nearly squash Novell in just a very few short years. Novell was the largest deployed directory and tons of small, medium and large business ran Novell eDirectory and Netware. I was one of those folks who deployed and supported eDirectory and Netware having been a CNE (long since dropped from my resume).
<br />
<br />
Active Directory (even in its first version) was a very good directory/network operating system (NOS). My belief, however, is that the demise of eDirectory had more to do with the fact that Novell rested on its laurels too long. They did not continue to innovate and add significant features to eDirectory.
<br />
<br />
So the question still looms, is Active Directory, next? There have been very few enhancements to Active Directory in the last few years. Server 2012 does have some nice new capabilities but not what I would consider significant. So will competition wake Microsoft up, or will there be a new King of directories/network operating system (NOS) in this decade? While many have called for the death of the LDAP directory, I personally don't see it going away anytime soon (on-premise at least). <br />
Still think I am way off base? Let's talk about Apple. Apple was nearly kaput. Stick a fork in them. They were done. Microsoft (for fear of the big Monopoly word) made an investment in them and bailed them out. What happened next, we now know is nothing but pure genius. Apple is not a very large hardware or software maker. Nope. They are simply the richest company in the world with respect to market capitalization. Who would have made that prediction back then? I know I certainly wouldn't have!<br />
<br />
So what does this mean to me? Well, my team over at <a href="http://www.optimalidm.com/">Optimal IdM </a> is hard at work on a lot of very cool things that we believe will truly innovate the industry. A key mantra of ours is interoperability. We listen to our customers very closely. We learn from them and work with them to build the solutions they need, rather than building something in a vacuum and trying to sell that to them. <br />
<br />
Stay tuned for more exciting information from us on how we are revolutionizing how organizations manage their infrastructures. <br />
<br />
Who knows maybe Optimal IdM will be the new king of directories/NOS?<br />
<br />
<br />
<br />
<br />
<br />
<br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-58329741387364914342012-06-22T14:13:00.001-04:002012-06-23T13:17:25.189-04:00Microsoft Graph API for Windows Azure Active DirectoryShortly before Tech Ed, Microsoft announced their new Graph API for accessing the Windows Azure Active Directory (WAAD). The Windows Azure Active Directory is sometimes referred to as the cloud directory since it is used by Office 365. <br />
<br />
The Graph API is a set of RESTful web services that allows you to access the entire identity system that is running in Microsoft's cloud. Optimal IdM has been working with Microsoft under NDA to integrate with, and provide feedback on the API. <br />
<br />
Microsoft's Ed Wu did the official unveiling at his Tech Ed session and this is where I also provided a live demonstration of our integration with the Graph API. It should be noted that the API is in preview mode, which is Microsoft speak for public beta. It is also, not quite complete as it currently supports read-only operations. Update capability will be coming shortly, with the final release likely coming in a few months. <br />
<br />
As Ed points out in the session, the hope and plan is that all integrations with the cloud directory is performed via this API. The API is particularly interesting as it is a full fidelity interface that will allow anyone (customers/vendors) with an alternative way to provision/de-provision to the cloud other than using their Dirsynch tool. Dirsynch is their Forefront Identity Manager (FIM) product in a locked down configuration. They did have Power shell commandlets, but they did not offer all of the functions that are needed to truly provision/de-provision properly. <br />
<br />
For us over here at Optimal IdM, we are particularly keen on leveraging this API for our Office 365 solution. Our <a href="http://www.optimalidm.com/Products/VIS/VirtualIdentityServerforOffice365/default.aspx">VIS for Office 365</a> solution not only adds additional features and capabilities to Office 365 such as Denial of Service (Dos) detection and prevention, but also completely eliminates barriers that would have otherwise prevented customers from going to Office 365. A few good examples are multi-forest customers, or customers with a mix of user repositories. Leveraging our virtual directory, the synchronization components as well as the Federation components do not have to deal with any of the "ick". As soon as the full API is available, our VIS for Office 365 solution will use the API to manage all of the data in the cloud, without the need for Dirsynch. <br />
<br />
In the demo, I showed how we created a new adapter for VIS, that uses the new API. So while new applications can leverage the new RESTful API, we can allow any standard LDAP application to read/write to the cloud directory. That is pretty cool for all of those legacy applications! Keep in mind that this is not just Office 365 but also Azure as a whole. So if you are writing a new app check out and use the API, but if you want to hook up your existing LDAP application (whatever it may be), then leverage our <a href="http://www.optimalidm.com/">VIS </a> solution.<br />
<br />
In case you missed it at TechEd, check out the video here on <a href="http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA322/">Channel 9</a>
<br />
<br />
For any of you Microsoft folks, we are presenting this at the upcoming Microsoft internal event TechReady, so find the session and come see for yourself.Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-10266060051337183462011-06-15T13:27:00.012-04:002011-06-20T07:52:34.843-04:00Quest Acquires Symlabs Virtual Directory - And what EVERYONE missed about this acquisition!Quest recently announced the <a href="http://finance.yahoo.com/news/Quest-Software-Continues-bw-522294918.html?x=0&.v=1">acquisition </a>of Symlabs, a virtual directory vendor. There are several things that are interesting about the acquisition and I will explore some of them in this blog.<br /><br />First and foremost is what Quest says in their press release, as well as what they don't say. As they state in the press release, the major reason for the acquisition is to embed the technology into the existing products that Quest sells. In fact, they had already done this integration for their Defender application, allowing them to not extend the Active Directory schema by virtualizing this in the virtual directory. As many of you all know, a virtual directory can be used to solve a myriad of problems and this was just one of them. Of course this was not the only application that Quest has that will benefit from the virtual directory technology. Quest has a host of products and that is one of the reasons that this acquisition was so compelling for them, as it is not a one trick pony. <br /><br />Something that is specifically not said in the press release is any mention of Quest selling the virtual directory independently. All accounts are that Quest will not be selling the product independently. This is not a real surprise either since selling a virtual directory solution is a pretty technical sale and not one suited too well for an organization like Quest. <br /><br />Here is perhaps the most interesting thing about the acquisition that I believe <strong>EVERYONE </strong>has completely missed. It is no secret that Quest's Jackson Shaw was the primary influencer behind this acquisition. But now let's start with some history to see why this is so darn interesting (at least to me). Once upon a time (1999-to 2005) Jackson was a product manager for a fairly well known company called Microsoft. He was specifically in the Active Directory group. I even had the pleasure of working with him while working at a different Microsoft partner at the time, OpenNetwork.<br /><br />Now we are getting to the interesting part. How did Jackson come to find himself at Microsoft? The same way that Kim Cameron (recently resigned from Microsoft) landed there. <strong>A little old company that they were a part of called ZOOMIT. Yes, the company that basically invented the metadirectory. </strong>Of course this product has gone through many name changes over the years at Microsoft but the core is still there. It was MMS, MIIS, ILM and now it is called FIM. <br /><br />Jackson was a VP of sales at ZOOMIT, but as with many small companies that was just one hat he wore at the company. Suffice it to say that Jackson was very involved in the architecture and design of the worlds first metadirectory. I can tell you first hand that when you are involved in developing a product like this, you tend to be passionate about your product and technology. I know I sure am passionate when it comes to our <a href="http://www.optimalidm.com/VIS/">Virtual Identity Server </a>product and virtual directories in general. <br /><br />So why is this history lesson so important? Well, let's take a look at what Jackson thinks now. A little more than 10 years later and one of the fathers of the metadirectory is quoted by <a href="http://www.networkworld.com/newsletters/2008/0310id1.html">Dave Kearns </a>as saying <strong><em>"Let's be honest. The metadirectory is dead. Approaches that look like a metadirectory are dead".</em> <br /><br />Wow! That is a pretty big about face if you ask me! </strong>Insert your favorite analogy here... Such as the vegetarian who suddenly switches to meat only. <br /><br />The point of this is not to debate whether the metadirectory is dead. In my opinion, the bigger point is how this demonstrates that Jackson kept an open mind to new technologies. It would have been really easy for him to keep "blinders" on and to attack all problems with the same answer (synchronization). Instead, Jackson has seen that there is more than just synchronization and that virtual directory technologies often complement a synch process. I know many great technical people who are of the opinion that synchronization is ALWAYS the answer. <br /><br />Back in 2009, his <a href="http://jacksonshaw.blogspot.com/2009/11/gartner-directories-and-virtual.html">blog </a>had a pretty interesting quote as well. <br /><br /><strong><em>"Are meta-directory and virtual directory products melding – blurring the lines between themselves? Yes, and it’s high time that they did. <br /><br />Generally speaking, I think a customer can benefit from both of these technologies so why not use one product for that? Simple is always better. A virtual directory is the perfect veneer to stick on top of your directory infrastructure(s) because it allows you to swap underlying directory pieces in and out as your business changes." </em></strong> <br /><br />I think he pretty much nailed it with this quote and I believe every customer that is using a virtual directory would whole heartily agree with his statement. <br /><br /><br />Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com1tag:blogger.com,1999:blog-8671042334500221173.post-12868003101199200302011-03-23T14:40:00.004-04:002011-03-23T14:54:45.871-04:00RSA hacked!This brings back memories of that Alanis Morrisette song “Ironic”. A security firm being hacked is akin to the fire department burning down. It’s simply something you wouldn’t expect to happen. <br /><br />Now that it has, it is all about how big of a breach it was. As of today, that is not clear at all. The <a href="http://www.rsa.com/node.aspx?id=3872">CEO’s open letter</a>, was rather vague and didn’t give the details. I have seen a few blog entries from <a href="http://blogs.gartner.com/mark-diodati/">Mark Diodati </a>that speculate as to what might have happened. It is an interesting read, but conjecture for the moment. <br /><br />There are hundreds of the largest companies in the world using RSA’s SecurID product to provide two factor authentication into corporate networks. The ripple effect here could be huge. I know that many of <a href="http://www.optimalidm.com"> Optimal IdM's</a> customers utilize SecurID for their two factor authentication needs.<br /><br />The question in my opinion is how will RSA handle this in the next few days/weeks? Will they handle this like the Tylenol scare of 1982 where Johnson & Johnson did by most accounts an excellent job of handling a recall, or will this be a ValueJet disaster? In my opinion, right now no news is bad news. RSA needs to hit this head on with what happened and what the level of risk/exposure is there for customers.<br /><br /><a href="http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1528828,00.html?track=NL-102&ad=821270&asrc=EM_NLN_13511693&uid=7810758">SearchSecurity </a> quotes sources that say they believe the hack is limited. Again, this is simply conjecture at the moment. Let the FUD begin from RSA's competitors...Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-45425845197600874512011-02-17T19:02:00.002-05:002011-02-17T19:11:15.794-05:00Quest Software and recent acquisitionsI noticed on <a href="http://jacksonshaw.blogspot.com/2011/02/quest-software-acquires-e-dmz-security.html">Jackson Shaw’s blog </a>that identity management is big over at Quest these days with recent acquisitions and more to come. Interesting. Let me take you down a path and then pose a question.<br /><br />Back in 2004/2005 Oracle took an honest look at their identity management stack and realized that customers really did want a one stop shop (if it was possible). Sure it is a lofty goal to have every identity management tool, but they did look at their gaps of standard identity management tools such as Single Sign On and User Management (Oblix) , Provisioning/De-Provisioning (Thor), Virtual Directory (Octet String) and filled them via these acquisitions. There was a little overlap in the products, but actually very little. <br /><br />Sure Oracle could have gone out an developed them from scratch, but that would have taken many physical years (and a ton of "man" years) to get to the features and functionality (and stability) of these products that already had a solid customer base and were good, mature products. Buying the technology (and the people who built it) and re-tooling it for their purposes was the path they chose. I know most of these products have now had “Oracalized” versions released with greater integrations between them.<br /><br />So the question asked looking backwards is: Did Oracle make the right choice? Well I think the obvious answer is a resounding YES. I’ll give two reasons. One, look at the stock price from 2005 to now. Sure Oracle has made other acquisitions, etc. but overall they have performed very well and Wall Street has agreed. If I compare Oracle stock to say Microsoft’s over this period I believe it is a yes as well.<br /><br />Two, look at market share specifically in identity management. Oracle leap frogged ahead of the competition and took a resounding lead. Analyst firms clearly put them out in front.<br /><br />So now my question today is: Is Quest the new Oracle in identity management? And if they are, who are they going to take the business away from? Oracle, IBM, CA, Microsoft? Obviously we here at Optimal IdM partner heavily with Microsoft. Forefront Identity Manager (FIM) is selling well and we fill their virtual directory gap they have with our <a href="http://www.optimalidm.com/VIS/">Virtual Identity Server (VIS) solution</a>. While we aren’t Microsoft, our products are built with their technology and leverages & extends the existing investment that a customer has already made.<br /><br />So what is Quest’s strategy on identity management and who do you think has the most business to lose? <br /><br />BTW – I do believe that is truly a “lose” scenario. Sure, the identity management market gets bigger each year, but how much bigger? Not that much in a relative sense. Someone at a major un-named vendor told me once that they don’t have any way to track how much business they lose. When you look at it this way, it is really easy. It is simply the sum of revenues of your direct competitors. If a customer purchases Oracle's IdM solution over Microsoft's, well Microsoft lost that deal (even if they weren't aware of it). <br /><br />Come on folks, it’s not like we are talking rocket science, or developing a virtual directory, which is trickier than you might think!Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com3tag:blogger.com,1999:blog-8671042334500221173.post-73517175417210224002011-02-12T10:49:00.006-05:002011-02-16T09:29:37.025-05:00Part 2 - Optimal IdM’s Virtual Identity Server has saved customers over 1 Trillion Dollars to date!!!!This is Part 2 of why I believe implementing Claims security for Marriott is a poor choice. I'll try and keep this relatively brief and point out 3 main reasons.<br /><br />1. As I laid out in Part 1, basically Marriott giving discounts is a cost of doing business. The fact that they are giving it Microsoft or Quest is irrelevant. Implementing Federation and Claims does nothing to enhance their bottom line. Further, they would still have to maintain and support their existing User ID and Password authentication that they have today for all of the users companies that don't Federate with them. They wouldn't get 100% of all companies would they?<br /><br />2 - A key mantra that we at Optimal IdM have preached is the following. "When solving a given problem, minimize (and avoid if at all possible) creating new problems." There are several ways that implementing Federation and Claims would introduce other issues.<br /><br />Here is just one of them that came to mind. Here is the scenario to consider. Jackson is an employee of Quest and Quest implements Federation/Claims with Marriott. So as Jackson hits the Marriott website he is redirected to Quest to authenticate. He authenticates the local ADFS at Quest using his Quest's credentials and a claim is presented to Marriott. All is well in Jackson's scenario.<br /><br />Now let's suppose Jackson gets fired from Quest (don't see that happening but go with me here). Hmmm... When this grand Federation thing was underway, Jackson would have ultimately authenticated using his Quest credentials, right? So how in the world is Jackson going to authenticate and "prove" his identity to Marriott now? In a 100% pure Federation model you would have no way of authenticating. Sorry Jackson you just lost all of your Marriott points!!! Will the real Jackson Shaw please stand up?<br /><br />In my view, when it comes to you authenticating to Marriott it has a lot more to do with your "personal" identity and not your corporate affiliation. Of course one answer to that would be to use one of the public identity providers and not the individual companies, but then you are once again relying on Jackson to keep his profile up to date with his current company.<br /><br />3. In the end, the biggest reason is this. <strong>Federation is fundamentally a Single Sign On solution. </strong>Don't try and make it more than what it is. It is a great answer for on-premise to the cloud, but not this scenario. Marriott does not have a SSO issue.<br /><br />I believe the biggest reason for the confusion on scenarios such as this is that Claims ties authentication with authorization. That can make it very difficult to manage effectively in a decentralized fashion. Managing on-premise as well as cloud security is relatively in it's infancy and everyone is just now learning the limitations and issues.<br /><br />The team at <a href="http://www.optimalidm.com/">Optimal IdM </a>has been hard at work on our cloud solutions, working closely with key customers and partners. In fact, we will be announcing soon some of the new solutions we have developed to help organizations manage claims authorization. From what we are seeing, it looks like this will fundamentally change the way organizations manage cloud security. More on that subject when it is ready for public consumption.Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-47407772551278262692011-02-09T11:34:00.008-05:002011-02-09T12:01:03.719-05:00Optimal IdM’s Virtual Identity Server has saved customers over 1 Trillion Dollars to date!!!!I am back on the blogging bandwagon. Did that headline get your attention? I thought it might. So, what was the impetus for the headline? Well, it is in response to my colleague Jackson Shaw’s blog entry indicating that <a href="http://jacksonshaw.blogspot.com/2011/02/marriotts-lack-of-claims-based.html">Marriott</a> is losing millions by not supporting claims. <a href="http://360tek.blogspot.com/2011/02/business-case-for-claims-based.html">Matt Flynn </a>then chimed in and said that $$$ = motivation and perhaps that would spurn them on to support claims.<br /><br />Well, I have a different spin on this and I’ll attack this in a two part blog. Part 1 is here and outlines why Marriott (in my opinion) is not losing millions by not supporting claims. First of all, I want to say that I like the claims model and it works in many situations. In fact, <a href="http://www.optimalidm.com/">Optimal IdM</a> will soon announce some very interesting news around our further integration with the claims model, but that is a topic for another day.<br /><br />Now on to my theory. As with politics, two things are important to remember. One, follow the money. Two, the devil is in the details (Yes, you should read bills prior to passing them). Let’s look at Marriott’s business model. They sell hotel rooms. There are a finite number of rooms in a given hotel. There are fixed costs of the hotel (taxes, wages for staff, etc.). Whether Jackson stayed at this hotel that night or not is not going to change this hotels fixed costs. There are, however, variable costs. For a typical hotel like a Marriott Courtyard it costs about $20-30 to cover the costs of housekeeping, soap, coffee in room etc. That is “basically” the cost of goods sold. Therefore, selling any room over the variable cost makes good business sense as it is profitable. The only question is how much of a profit.<br /><br />The fact that Jackson used to work for Microsoft and they are giving him a $10 discount is moot. Why? Because if they set up this grand federation scenario where they would now Federate with Quest (his current employer), they would likely have to give that same $10 to Quest. There is NO net revenue gain. Only if they could guarantee that they would not have to give the discount would it make sense to spend the bucks to re-do what they already have in place. And then you would have to (or really should do) a cost benefit analysis and a payback scenario. Plus, in part 2 I will outline the gotchas that this would add.<br /><br />I almost always check the check box to get the AAA discount, but very rarely am I asked to prove it with my card at hotels. The fact of the matter is these discounts are factored into their business. Marriott would far rather have $10 less from me or Jackson then to have us go to Hilton or some other chain.<br /><br />One other thing to think about. Those discounts go out the door when the hotel is at maximum capacity. At that point, everyone including road warriors with the highest status pay the rack rate. It really is simply a matter of supply vs. demand. Sorry Jackson I agree with you on many things, but this is not one that I can agree with. This is one thing that claims will not solve!<br /><br />Stay tuned for Part 2 of all of the reasons I believe Federation/Claims is a poor choice for this scenario. I am sure I will use this as an example of when someone should not Federate in my speaking session at Quest’s The Experts Conference. My topic is <a href="http://www.theexpertsconference.com/us/2011/directory-identity-training/session-abstracts/">When to Synchronize, When to Virtualize and When to Federate – Which is the Right Solution and When? </a>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-41416050211821445792010-04-14T09:35:00.005-04:002010-04-14T10:08:31.096-04:00When to Synchronize, Virtualize and Federate data in the Enterprise<span style="font-family:verdana;"></span><br /><span style="font-family:verdana;"></span><span style="font-family:verdana;"></span><br /><span style="font-family:Verdana;">So I am getting back on to the blogging bandwagon... Why?</span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;">A primary reason is that in any given day I seem to get asked similar questions by partners, prospects and partners. Of course getting asked the same question isn't necessarily a bad thing, but it does indicate that these folks (and I am sure others) don't know the answer. I am sure there are a whole other group of people who have the same question but never ask the question. </span><br /><br /><br /><span style="font-family:Verdana;">So I hope to cover from time to time some of the "FAQ's" on not only our product the Virtual Identity Server <a href="http://www.optimalidm.com/vis/">http://www.optimalidm.com/vis/</a>, but also virtual directory questions and how they relate to other areas of identity management. </span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;">Along those lines today, I am posting this blog entry to highlight a new white paper available on our website today. The title is "When to Synchronize, Virtualize and Federate data in the Enterprise" and can be on our website here: <a href="http://www.optimalidm.com/products/VIS/Downloads.aspx">http://www.optimalidm.com/products/VIS/Downloads.aspx</a>.</span><span style="font-family:Verdana;"> It is basically a summary of a session I did a few years ago at The Directory Experts Conference (now The Experts Conference <a href="http://www.theexpertsconference.com/">http://www.theexpertsconference.com/</a>). Optimal IdM is a Gold Sponsor this year, so please do stop by and see us at the show April 25th to the 28th in Los Angeles. </span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;">Comparing these technologies and figuring out when to use which is still one of the most frequently asked questions that I see. </span><span style="font-family:Verdana;">This white paper doesn't dive into all of the details, but does give you the highlights. If you are interested in diving into this in more detail, then you will want to attend one of our upcoming Webinars that we are doing on this topic. Check out our website <a href="http://www.optimalidm.com/">http://www.optimalidm.com/</a> or drop me a note if you are interested.</span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;">BTW - I should point out that any decent sized enterprise likely needs to leverage ALL of these technologies. I am not the only one saying this, but more on that later.</span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;"></span><br /><span style="font-family:Verdana;"></span><br /><br /><span style="font-family:Verdana;"></span>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-85251515589318547472009-02-17T09:20:00.024-05:002009-02-17T11:08:21.365-05:00To cache or not to cache?<span style="font-family:verdana;font-size:85%;">Well it is time to dive right in to this blogging thing with a topic that always seems to come up with virtual directories and that is the subject of caching. It always seems to be a lively debate/discussion, so here are a few of my thoughts on two of the most common questions. </span><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><span style="font-family:verdana;"><span style="font-size:85%;"><strong>Question 1: Do you need to cache data with a virtual directory?</strong> </span></span><br /><br /><span style="font-family:Verdana;font-size:85%;"></span><span style="font-family:verdana;"><br /><span style="font-size:85%;">Being a consultant for many years, I have to give it my stock answer (and the right one IMHO) and that is "it depends". As with any application or system you are designing, the requirements and the environment should dictate the design. For example, some of our clients use the </span><a href="http://www.optimalidm.com/products/VIS/VISforSharePoint.aspx"><span style="font-size:85%;">Virtual Identity Server for <span class="blsp-spelling-error" id="SPELLING_ERROR_0">SharePoint</span></span></a><span style="font-size:85%;"> edition of our virtual directory to quickly and easily stand up a <span class="blsp-spelling-error" id="SPELLING_ERROR_1">SharePoint</span> instance that can authenticate people from an External Active Directory forest and an Internal Active Directory Forest. For this type of cross-forest authentication deployment, there is probably not a need to cache this persistently or in memory. </span></span><br /><br /><br /><p><span style="font-family:verdana;"><span style="font-size:85%;"><strong>Question 2: If needed, does this cache NEED to be persisted?</strong> </span></span></p><br /><p><span style="font-family:verdana;font-size:85%;">I know of one virtual directory vendor that is adamant that cache MUST be persisted. Yes there are times when a cache should be persisted, but saying that the cache always needs to be persisted just doesn't make sense to me. Perhaps they need to persist cache to overcome performance problems in their core engine and can't run sufficiently without it. </span></p><p><span style="font-size:85%;"><span style="font-family:Verdana;">Yes, I believe a virtual directory should support both memory and persistent caching, but </span><span style="font-family:verdana;">more importantly it should be <span class="blsp-spelling-error" id="SPELLING_ERROR_2">architected</span> correctly within the product and not be a hack add-on just to have a check mark on the features list. Keeping track of what each vendor supports can get confusing and sometimes it is misstated. </span></span></p><p><span style="font-family:verdana;"><span style="font-size:85%;">Mark Wilcox for example, </span><a href="http://blogs.oracle.com/mwilcox/2009/01/responding_to_virtual_director.html"><span style="font-size:85%;">posted </span></a><span style="font-size:85%;">in his blog that "<span class="blsp-spelling-error" id="SPELLING_ERROR_3">OVD</span> does provide a Cache plug-in that is granular - you can apply it globally or per adapter. It also doesn't require any other data-store (or software license, neither of which our competition can currently claim)." </span></span></p><p><span style="font-family:verdana;"><span style="font-size:85%;">While our </span><a href="http://www.optimalidm.com/products/vis/"><span style="font-size:85%;">Virtual Identity Server</span></a><span style="font-size:85%;"> (<span class="blsp-spelling-error" id="SPELLING_ERROR_4">VIS</span>) virtual directory is focused on the more Microsoft centric shops, we are a virtual directory and therefore I suppose a competitor to <span class="blsp-spelling-error" id="SPELLING_ERROR_5">OVD</span>. With that said, the statement is not true. <span class="blsp-spelling-error" id="SPELLING_ERROR_6">VIS</span> does not require a separate data-store or software license to use caching. In fact, <span class="blsp-spelling-error" id="SPELLING_ERROR_7">VIS</span> doesn't require the installation of a custom plug-in to support caching. It is built right into the core engine and is a simple point and click configuration change in the GUI. <span class="blsp-spelling-error" id="SPELLING_ERROR_8">VIS</span> supports caching not only globally and per connection, but optionally down to which object classes you want to cache. </span></span></p><p><span style="font-family:verdana;"><span style="font-size:85%;">I think Matt Flynn sums it up well when he closes his <a href="http://360tek.blogspot.com/2009/02/weighing-in-on-persistent-cache.html">post </a>on the subject with, "My opinion is that it's a nice feature to have in the tool bag when needed, but it's not always needed."<br /><br /></span></span><span style="font-family:verdana;"><br /><br /><br /></span><br /></p></span>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com0tag:blogger.com,1999:blog-8671042334500221173.post-25395391773309569682009-02-08T13:51:00.014-05:002009-02-08T15:38:36.475-05:00Greetings<span style="font-family:verdana;font-size:85%;">Greetings everyone. My name is Mike Brengs and I am a Managing Partner at <a href="http://www.optimalidm.com/">Optimal IdM</a>, a software and consulting company based in the greater Tampa Bay Florida area that specializes in identity management. We are also the developers of the <a href="http://www.optimalidm.com/products/vis/">Virtual Identity Server</a>, which is a Microsoft .NET LDAP Virtual Directory. </span><br /><span style="font-family:verdana;font-size:85%;"></span><br /><span style="font-family:verdana;font-size:85%;">This is the first of what hopefully will be many blogs that I post. Why am I blogging? Good question and I am glad that your reading. The old tree falling in a forest quandary comes to mind... One of the reasons I am writing is because I am the "resident IdM evangelist" at Optimal IdM and along with that job I spend part of my time doing workshops, speaking engagements, etc. This extra role suits me well because for those of you who know me, know that I do tend to speak my mind. </span><br /><span style="font-family:verdana;font-size:85%;"></span><br /><span style="font-family:verdana;"><span style="font-size:85%;">Of course speaking publicly on a subject matter where I have some expertise is one thing. Going on the record and posting your thoughts and beliefs for everyone to read is quite another. This must be how politicians feel, where words can be taken out of context and scrutinized. Hopefully I won't make to many goofs and if I do can find some syrup for my waffling. A</span></span><span style="font-family:verdana;"><span style="font-size:85%;">lmost daily I will see </span></span><span style="font-family:verdana;"><span style="font-size:85%;">a blog posting, read a newspaper article, or talk to a customer or analyst and think to myself; "If I had a blog, that sure would be a good post..." So in the end, I believe I have some thoughts and comments that a few of you out on the Internet might want to hear and find valuable. </span></span><br /><span style="font-family:verdana;font-size:85%;"></span><br /><span style="font-family:verdana;"><span style="font-size:85%;">One of the main areas that I will focus on is LDAP Virtual Directories (our Virtual Identity Server product is an LDAP Virtual Directory). As I talk to people, I find that many people are either not familiar with or have the wrong understanding of what an LDAP Virtual Directory is or how this can be applied to solving real problems for organizations. I am always amazed when I talk to our customers at the unique ways they are using the technology and in the end I hope you will too. </span></span><br /><br /><span style="font-family:verdana;font-size:85%;">So I hope you will enjoy reading my blog and find it useful and informative. If you don't like my blog, then please send me your name, Social Security number, date of birth, Mother's Maiden Name and your Bank Routing Information. I will issue a refund of your monies paid immediately. </span><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><br /><br /><br /><br /><span style="font-family:verdana;"><span style="font-size:85%;"></span></span><span style="font-family:verdana;font-size:85%;"></span><br /><br /><br /><br /><br /><span style="font-family:verdana;font-size:85%;"></span>Mike Brengshttp://www.blogger.com/profile/10610359402718439007noreply@blogger.com1