"The LDAP Guys."

LDAPCon 2009 Session

An Analyst's view of the Directory Landscape

Submitted materials

• Submitted Paper

Abstract

LDAP Directories have evolved dramatically over the last decade - but not uniformly. A segmentation of the market space has happened early on when Microsoft decided to bundle Active Directory with Windows Server and obliged customers to use it in order to stay current. Through this move, Active Directory has all but squeezed Novell's eDirectory out of the market to become the most popular directory by far in the network/operating system segment. However, with Active Directory being the the only (compulsory) choice in that segment, little innovation is happening here - mostly from other vendors adding tools.

The "other" directory market segments continue to thrive and are highly innovative. After going through several "generations" of server software architectures, LDAP directories can nowadays deliver tens of thousands of operations per seconds, provide sophisticated data center and management features, and feature an impressive array of extensions to address real-life problems.

Many of the servers available today were originally based on the "grandfather" of directory servers - the University of Michigan LDAP server. Inherent performance and scalability problems started becoming real issues for those users with demanding requirements. Interestingly enough many of the servers originally based on the University of Michigan LDAP code base have had much of their code completely rewritten, and by doing so gained scales of magnitude in efficiency and scalability.

As LDAP directories became more popular, they often became silos of identity information. When more and more silos started "popping up", integration and management problems started becoming real headaches. Several solutions were designed to address this problem and allow enterprises to reduce the number of "silos", or at least keep data synchronised. Virtual Directories, Synchronisation solutions, Meta Directories and full-fledged provisioning solutions competed for a slice of the lucrative "identity integration pie", and the term "identity management" became popular. Nowadays, directory servers often contain some virtualization or synchronization features natively.

In the last few years it has become fashionable to talk about "Identity Services" and some have even go so far to suggest that LDAP directories would be supplanted by identity web services. Felix believes that the case for identity services is strong, but that those services will be built on LDAP directories, and hence require a solid directory infrastructure.

Felix looks at how the different segments have evolved, and how server software has changed through several "generations". He discusses different complimentary and related technologies, and risks a personal outlook where he thinks this may be heading.

Bio:

Felix Gaehtgens is Senior Analyst and Partner at Kuppinger Cole + Partner since January 2008. Before, was the chief architect of Symlabs Directory Extender 3.0, partner and co-founder of Symlabs. His responsibilities included management of Symlabs' flagship Directory Extender product, pre-sales efforts and developing strategic channel partnerships. He also helped their largest customers solve challenges in directory and identity management deployments.

Felix has more than 20 years of high-tech experience. Prior to founding Symlabs, he was an independent consultant and worked with large corporations and public institutions in the United States, Latin America and Europe. His projects included designing, deploying, developing and supporting systems for mobile telephone networks, Internet portals and unified messaging systems.

Felix's technical articles have appeared in publications including Unix Systems, Unix World, Springer Verlag, and Heise Verlag in English, German and Spanish.