FRAMINGHAM (03/10/2000) - Once you have a network operating system directory service in place, the question remains: How do you ensure interoperability among directories?
The Internet Engineering Task Force has been working on a standard for how directories replicate data, but it's unlikely to increase interoperability, says Jamie Lewis, an analyst atThe Burton Group in Midvale, Utah. It's more likely to raise greater interoperability questions. "Microsoft has made it known it is not in support of the standard," Lewis says.
The answer to the management conundrum may lie in metadirectory services.
A "join engine" at the heart of a metadirectory service merges data on people, groups, roles, locations and other resources from application, network operating systems, e-mail and other directories and provides access to that data via LDAP, X.500 or the Web.
But a metadirectory service needs to store the merged information in a repository, and systems managers have balked at adding yetanother directory - especially one from a small vendor of metadirectory services.
Microsoft last year bought metadirectory vendor Zoomit Corp., while Novell scooped up Netoria Inc. Each company will integrate its purchased metadirectory services into its directory services. Instead of each metadirectory service using its own repository, the firms will integrate them into NDS or Microsoft's Active Directory.
A metadirectory service lets systems administrators make changes in users' security status, e-mail address or human resources profile, with changes automatically replicated to the individual directories. Similarly, a human resources manager with access privileges can make changes in the human resources directory, or database, and those changes will be automatically replicated to the metadirectory and related directories.
When junior adviser Jane Jones becomes senior adviser Jane Jones-Smith, the changes are entered once and propagated throughout all directories. Such replication is crucial for enterprises with multiple regional offices, each with constantly changing directories.
"I can't imagine that a large corporation could do without a metadirectory" to replicate, synchronize and manage its directories, says Sara Radicati, principal analyst at The Radicati Group in Palo Alto, Calif.
New York Life Co. began rolling out a metadirectory in 1998, starting with e-mail and payroll directories.
Today, the "white pages" for looking upe-mail and telephone information on any of New York Life's 100,000 employees is taken for granted, says the company's systems administrator Jack Heinz. The rollout is still rolling, he adds.
That's not unusual, Lewis says. It's a complex process. "It's not so much the metadirectory implementation - it's the data scrubbing; it's determining data ownership; it's a lot ofsociopolitical issues," he says.
"Companies that dive headfirst into the technology come up short because they haven'tfactored in the sociopolitical aspects," he says.
It's crucial to get buy-in from top to bottom and build a cross-functional team that includes all stakeholders to help in planning, but "there are compelling drivers - both internal and external - to make it work," he says. "There's nothing like economic pressure to bring consensus to an organization."
Who's On First
Installed base of directory users
20% Lotus Development Corp. (Notes Address Book and Domino Directory)19% Novell Inc. (Novell Directory Services)17% Microsoft Corp. (Exchange Directory Services)10% X.500 directory vendors (like Siemens AG, PeerLogic Inc. and Isocor Critical Path Inc.)9 % Netscape Communications Inc. (Netscape Directory Server)4% Remaining vendors