|
An LDAP proxy service unifies multiple directories into a single LDAP source. By leveraging the underlying and existing data structures, a proxy service is quick and easy to deploy into your existing architecture without the risk of disrupting existing integration. An LDAP proxy service queries in real-time, keeping the data secure in the existing data sources, the need for replication or synchronization is eliminated further reducing deployment time.
The RadiantOne Identity and Context Virtualization Platform, a full spectrum, fully scalable, and flexible solution for all your IdM initiatives, provides numerous integration services that can be deployed as needed to support the growing needs of any organization. RadiantOne allows you to rapidly deploy directory-enabled applications, by eliminating the most painful aspects of directory-deployment. This includes the ability to provide a single consistent view of data from multiple directories as well as an LDAP interface to databases, all without the need for synchronization.
RadiantOne VDS takes requests that are submitted by an application using LDAP or DSML and related protocols. These requests are then routed, mapped, and transformed by the engine, and forwarded to the underlying data sources. Finally, the results are gathered, normalized, and returned to the requesting application.
NOTE: An LDAP proxy service is dependent upon certain deployment conditions. Unlike RadiantOne, most virtual directories on the market only have the functionality of an LDAP proxy service.
A unique value of RadiantOne is an organization can easily upgrade beyond the capabilities of an LDAP proxy service to open new features and enable additional services as service requirements develop.
LDAP Proxy Service is used when you have:
- » Multiple, primarily LDAP directory sources for identities
- » Existing data sources are of high-availability and overall high-performance
- » An identifier is present as a common key between data stores
- » An existing LDAP structure that can be re-used
And you need to solve these services:
- » Provide Authentication/Authorization Service Across Multiple Forests / Multiple AD Domains where Trust is not/cannot be enabled
- » Simplify Directory Access, to emulate a single LDAP model from multiple types of LDAP structures (Active Directory, SunOne, etc)
- » Join attributes from other Directories and Database Tables to current LDAP objects (extend standard object class)
- » Search (identification), credential checking (authentication), and Authorization Services across the multiple LDAP data sources as a single directory server
- » Consolidate identities into global profiles (aggregation leveraging the pre-existing common key)
If your environment does not match this scenario, and you would like to find out how RadiantOne solves more complex deployments please go to our product section (link platform?), or send us an email to asktheexpert@radiantlogic.com describing your case.
LDAP and DSML Compliant Server Interface
RadiantOne VDS provides a standard LDAP and DSML interface to client applications.
Directory, Database and Application Integration
RadiantOne VDS connects to all major industry directory servers including Microsoft Active Directory, Sun Directory Server, Novell eDirectory, IBM Tivoli, and and most relational databases. Also, by using custom adapters, VDS can expose any data source that can be accessed as a web service into the virtual namespace.
Directory Firewall and Proxy
RadiantOne VDS can be used to act as a directory firewall for client applications that are located in your network’s DMZ and need to access directory data within the corporate network. You can use VDS to provide Denial of Service protection and additional layers of access control security.
Single Source for Multiple Services
Many directory enabled applications require their own view of directory data. This can be something as simple as requiring data in a specific Directory Information Tree (DIT) structure or more advanced such as requiring specific attributes beyond the schema found in most directory servers.
A single instance of RadiantOne VDS can provide multiple different DIT structures based on the underlying sources using the LDAP proxy model. These different views of your directory data allows you to leverage your investment in existing infrastructure without requiring the installation of additional directory services, replication of identity data, and other related overhead such as managing high-availability & synchronization.
Virtually Unify Identities
If you are like most organizations, identities are scattered among multiple repositories including various directories and databases. To properly leverage and manage the identity data, you need to have a complete view of a person’s identity.
RadiantOne VDS is uniquely capable of solving this type of problem because it can generate a real-time view of a person’s identity without requiring synchronization. This means that you can avoid internal data-politics, regulatory issues around making copies of data, and speed up implementation time.
Aggregate and Join Identities
RadiantOne VDS can aggregate identities from multiple sources together using a pre-existing common attribute or identifier. Also, VDS can create joins of identity attributes stored in multiple data-stores to an existing or aggregated identities. For example, you can join base attributes such as username and email address from an LDAP directory with HR attributes retrieved from a database. Or you can store your user and group information in a non-Active Directory-based LDAP server while still leveraging your Windows passwords – without the need for synchronization.
Graphical Management Interface with easy to use Wizards
RadiantOne VDS is managed from a desktop-based, graphical user interface client. This allows rapid setup and management of multiple virtual directory servers from a single desktop. Built-in wizards guide the user through step-by-step setup of the Virtual Directory Server.
Simplified and Rapid Deployment
RadiantOne Virtual Directory Server (VDS) allows you to provide a single point of contact for your directory enabled applications in a simple, secure fashion from multiple directories and database tables. Because the VDS LDAP proxy model uses direct data access to query your directory data in real-time, there is no need for additional synchronization processes. This can reduce your deployment time for directory dependent applications such as portals or SSO from several months to just a few weeks or even days.
The RadiantOne GUI interface makes it quick and easy for the system administrator to design new requirements and aggregate different parts of the underlying DIT’s as needed to accommodate new requirements. No more waiting on a development team to design and test a new script or API for data silos, or build another directory service, replicating existing identity information.
Improve Compliance and Security
Because VDS is between your clients and your directory data-stores, it can act as a directory firewall. This means that it can reduce the risk of denial of service attacks against your directory stores, insure that only valid LDAP queries are passed through, and provide additional access control restrictions. VDS access logs also provide the ability to review directory access information centrally so that you can help insure compliance with such regulations as HIPPA or Sarbanes-Oxley.
Add Scalability to Directory Infrastructure
VDS can improve directory scalability in two ways. One is that VDS has the ability to multiplex requests to your back-end directories which allows them to maximize their processing potential.
VDS also can improve large group management by allowing you to off-load LDAP group management from your directory and into a RDBMS. The reason why this is beneficial is because replication and updating of large groups is a significant bottleneck in traditional directories.
The ability for VDS to present a consistent LDAP view, regardless of where the data came means that you can maximize your LDAP-based RBAC solutions.
Back to Top ^ |
