|
As with every myth, the story starts with some element of truth. The idea is that in a Virtual Directory you always leave the data where it exists and you do not change it. This is a good and pragmatic concept. In fact, one ancestor of a virtual directory service could be found in the so called LDAP Proxy category. Essentially, you build a thin a protocol layer and then “proxy” the query to the underlying directories (“back-ends”). So far so good. But then the story starts to take on a life of its own stretching an initial idea to the point of incorrectly redefining the entire concept of a Virtual Directory.
In this scenario, people begin to equate the term Virtual Directory with “dynamic access” to heterogeneous back-end data sources.
With this approach, people believe that a “user initiated query” automatically means “real-time accuracy” while in fact it is just a form of “polling”. If the underlying source is changing at a fast rate, nothing can guarantee that your query will yield the latest result. The fact that you are wearing a blindfold when you are not querying does not mean that the rest of the world ceases to exist! Polling will always be less effective than change event notification directly from the data source.
Dynamic access to back-end data sources does not work for all Virtual Directory use cases.
If the virtual directory aggregates data sources that are slower than a classic directory (typically a database, or a Web Service), the Virtual Directory query speed is now determined by the slowest/weakest link. If the sources are not available, the data through the Virtual Directory is not available. Solutions can be devised but they are brittle: back-end fail-over configuration can quickly become very complex as the number of data sources increases.
Finally, in this dogmatic approach based on dynamic access alone, any processing adds overhead on top of the back-end performance so the game becomes minimizing the processing cycle…In the end, virtualization, transformation, remapping, and metadata translation are so reduced and minimized that nothing remains except a very thin veneer of abstraction. This so-called “Virtual Directory Service” is nothing more than a very simplistic aggregation of directory structures comparable to a first generation directory proxy. The dynamic access approach justifies the critics from classical synchronization and metadirectory protagonists.
This is not what we call a Virtual Directory Service at Radiant Logic.
What is a “true” Virtual Directory Service?
A Virtual Directory Service must provide several options in terms of providing accurate data from back-end sources:
- Real time access
- Guaranteed performance through a highly scaleable and flexible cache (both memory and persistent) based on an advanced cache refresh mechanism (event notification leveraging an Enterprise Service Bus or simpler Time-to-live if it is sufficient).
- Identity Correlation - without this component, Virtual Directories act only as a data aggregator and cannot truly address the requirements for authentication, authorization, and administration.
- Full Synchronization across systems where needed.
A complete Virtual Directory must not only provide readability, but update-ability with different levels of transactional integrity capabilities where needed. In addition, a Virtual Directory must make it easy to create and maintain multiple contextual views of the back-end data including the ability to reconfigure the existing DITs and provide various hierarchies based on the needs of the client applications.
Questions? Comments? Please direct them to info@radiantlogic.com.
|
