FRAMINGHAM (07/24/2000) - Parsons Corp., a global construction and engineering firm in Pasadena, Calif., has about 15,000 Windows NT identifications in use, says CIO John Thomas. They're assigned to the company's 11,200 employees, as well as to Parsons' contractors, clients and partners.
When people change or leave jobs, the information technology staff has to update the access permissions. Unfortunately, Parsons operates under steady personnel changes and a heavy IT workload. That means that someone somewhere, at some time, probably has had inappropriate network access permissions.
To solve the problem, Thomas brought in software tools from Oblix Inc. in Cupertino, Calif. He uses Oblix E-Business Solution to manage directories for the corporate intranet and to give external users the ability to manage their profile data within the corporate directory. The tools automate the company's user-profile management chores and keep access permissions up-to-date.
Thomas says he chose Oblix because of its architecture and design, and because Oblix's direction toward a single sign-on to corporate applications and Lightweight Directory Access Protocol-based access controls matched his plans.
Distributing Admin Tasks
"Our customers are in a hurry to open up information to people on the outside," says Nand Mulchandani, Oblix's vice president of product management. That means giving those people access permission through the corporate directory. But corporations must keep directory administration chores reasonable.
Oblix's key differentiator, says CEO Gordon Eubanks, is that the software distributes administration tasks among trusted subauthorities, such as a partner company's IT department and users. This allows the Oblix installation to scale as an organization adds employees or partners, and it keeps the IT staff from being overwhelmed by all the directory changes.
Thomas takes full advantage of the distributed administration feature. The ability to update items in a profile is split among those who have the biggest stake in their accuracy.
For example, employees can change their phone numbers, but office addresses are strictly in the hands of financial officers because of the tax implications of office locations.
At Tellabs Inc., a switching equipment manufacturer in Lisle, Ill., users are responsible for keeping part of their profile information up-to-date, says systems manager Huzefa Mustaly. These features and the ability to create an organizational chart out of the directory data sold him on Oblix, he says.
Managing the Future
Oblix is working on improvements to the user interface, says Eubanks, along with reducing deployment time. Right now, he says, customizing Oblix can be time-consuming.
The company is also working on better integration with other Web infrastructure products, such as BackWeb Foundation from BackWeb Technologies Inc. in San Jose and DataChannel 4.0 from DataChannel Inc. in Bellevue, Wash., so that Oblix can become a seamless part of the portal technology. And Oblix's NetPoint software, released this month, will give both internal and external users secure, single sign-on access to internal corporate applications, he says.
Oblix will release versions of its software that can handle layers of abstraction, so that the partners of your partners, or your suppliers' suppliers, can be integrated into the access directory. That's going to require an even greater emphasis on security, Mulchandani says.
Thomas says he's satisfied with Oblix but warns that these tools aren't plug-and-play. First, he had to compile a correct set of user addresses - no small task in itself. Then, he had to set up security through a single sign-on with the Oblix tools.
But the results were worth the effort, Parsons says. "People in remote offices for the first time have access to a complete corporatewide directory," enabling the IT department to easily implement a secure, single, sign-on interface, which he says will roll out in the fall.
Thomas says he doesn't intend to figure out the return on investment for Oblix.
It's infrastructure, he says, and there's no doubt that it adds value. "We knew that we needed a corporatewide directory and better security," he says. "It's a cost of doing business."
Johnson is a Computerworld contributing writer in Seattle.
Location: 18922 Forge Drive, Cupertino, Calif. 95014Telephone: (408) 861-6800Web: www.oblix.comNiche: User-profile and policy managementWhy it's worth watching: Tools automate user-profile management chores at external firms.
Gordon Eubanks, CEO
Nand Mulchandani, co-founder and vice president of product managementKumar Vora, co-founder and vice president of technologySandeep Johri, co-founder, chairman and vice president of customer careMilestones:
1996: Company founded
February 1997: First product introduced
July 1999: Version 3.6 with Novell Directory Services support releasedJuly 2000: NetPoint introducedEmployees: 143; 270% annual growth rateBurn money: $34 million from Cisco Systems Inc., CSK Venture Capital Co., the Intel 64 Fund, Kleiner Perkins Caufield & Byers, Lehman Brothers Holdings Inc. and othersProducts/pricing: E-Business Solution (starts at $25 per seat) and NetPoint (starts at $30 per seatCustomers: Tellabs Inc., BayCare Health Systems, Amdahl Corp., Morgan Stanley Dean Witter Online Inc.
Partners: Cisco, Novell Inc., Microsoft Corp. and iPlanet E-Commerce Solutions Inc.
Red flags for IT:
Systems that feed updates to Oblix require careful integration.
IT must clean up existing permission lists before implementing tools.