Guest column: What is the best directory management approach?

Before we can discuss the advantages and disadvantages of metadirectories and virtual directories, it is essential to understand what both are.

A true metadirectory combines middleware with an enterprise directory. The middleware integrates the enterprise directory with intranet and extranet systems such as e-mail, operating systems, human resources and security databases, as well as workflow systems. A single entry is created in the enterprise directory that contains, or points to, information in all connected systems.

A virtual directory, on the other hand, delivers a fat client that connects to all of the connected systems independently to read and manage their data.

Virtual directories struggle in environments with existing applications and directories because they lack the concept of "the join." The join allows a metadirectory to identify information about the same person or thing in different systems, even if the systems use different names. For example, HR applications use the full legal name Robert M. Smith and an e-mail system uses the friendly name bob.smith to identify the same person. Because the virtual directory does not have a central store it can use to consolidate objects, it cannot resolve this kind of naming discrepancy.

Proponents of virtual directories will often claim that a metadirectory requires an additional directory service. In reality, a well-designed metadirectory will use an existing directory as its central store.

Virtual directories are limited; basically, they can be used to independently manage different network operating systems such as Windows NT, Windows 2000 and NetWare. Metadirectories, on the other hand, can integrate HR, security and enterprise resource planning applications with a comprehensive set of user-oriented applications, including e-mail systems, network operating systems and workflow applications. Metadirectories can also deliver a tightly integrated directory foundation that provides a public-key infrastructure or directory-enabled network.

A metadirectory will typically be deployed in an organisation to provide not only a single point of access to administration of directory information, but also to provide an automated, intranet administration service. Many organisations are using metadirectories to integrate security or HR administration with intranet applications. When the HR or security administrator adds, updates or deactivates a user, the metadirectory will apply a set of business rules to create, update or deactivate/ remove the appropriate user accounts in all connected intranet applications. A virtual directory simply provides another management tool for administering a small set of the connected applications; it does not offer a rule- or policy-based integration mechanism.

The bottom line is that metadirectories are a low-impact approach to comprehensive enterprise intranet integration. Virtual directories are a narrow approach for deploying and managing a small set of new applications.

Goldsmith is director of product strategy at ISOCOR, a Santa Monica, California supplier of Internet messaging, directory and metadirectory products. He can be reached at +1-310-581-8100 or

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments