Directory Redux

SAN MATEO (03/27/2000) - Directories have evolved from mere keepers of company passwords into all-encompassing infrastructure component, and they are being pushed slowly into the spotlight as their roles become more crucial to success on the Web.

Now, directories handle not only employee information but also security and access policies, external business partner data, and user profiles; they serve as the foundation for many e-commerce endeavors.

"The directory has spent the last 10 years in relative obscurity, as a sort of isolated application to generate user phone numbers and user IDs, or buried inside of things like a network operating system," says Richard Villars, director of networking software at International Data Corp. (IDC), in Framingham, Mass. "What changed all this was the Internet. What changed it even more than the Internet was the concept of personalization."

Still, directories have been hamstrung by the reluctance of companies to fully exploit directories' capabilities, and vendors are still searching for a way to show off the numerous benefits of directory services.

"If you don't understand the concept of what a directory is, it's real hard to tell whether or not it's going to do your company any good," says Stephanie Benoit, software and applications coordinator for instructional technologies at the Community College of Southern Nevada, in Las Vegas. "It becomes an awareness issue, of understanding what a directory is and what type of resources it provides you in terms of administration, applications, and tools you can provide for your organization."

But now, with the growing number of directory-enabled applications and services garnering the attention of e-commerce companies, directories may finally be taking root in the enterprise.

E-commerce explosion

The demands of e-commerce have been the impetus many companies needed to rethink rolling out an enterprise directory solution. Boundaries between internal and external networks are quickly falling, leaving companies in a new situation.

"All of a sudden, the relationship between a person and the network is not so much about where they are, but about who they are, what their role is, and their relationship to the organization," says Jamie Lewis, president of The Burton Group, in Midvale, Utah.

As the Internet links companies into a global economy, directories become a crucial part of how a company relates to the outside world; businesses must manage relationships across multiple systems and make sure each system's information is synchronized. A directory can also store access policies that control how much of a business's internal system is revealed to its customers, partners, or supply chain -- as well as storing e-business customer identity information.

"E-commerce is still just buying and selling; buying and selling is really just a matter of trusting," says Herb Hill, a network consultant and professor at Niagra College, in Ontario, Canada. "I trust that you will pay, you trust that I will provide the goods. A directory service is a way of providing identity proof and facilitating payment; think of it as an identity vault. You want a cashless society? You need a directory."

Along with identity management, directories play a large role in another critical slice of e-commerce: security. By managing internal and external user accounts, authentication processes, and access rights for VPNs and firewalls, directories have evolved into a central security management point and moved far beyond their former role of storing a company's internal user passwords.

"At one point 20 years ago, IT's primary focus was protecting information and preventing people from getting to it," Lewis says. "Today, IT's role is to make the right information available to the right people at the right time. That's a very different type of endeavor, and it requires a really solid underpinning of infrastructure. The directory is inextricably linked to security in both of these scenarios."

One is the loneliest number ...

Concerns over directory scalability appear to have been quelled, with major vendors Novell and Microsoft touting scalability into the millions and billions of directory objects.

"There's too much complexity and too much information stored in too many different types of repositories, databases, and applications for people to even approach the prospect of pulling all this together, reformatting it, and redistributing it into a centralized place," explains Dana Gardner, research director for messaging and directory services at Aberdeen Group, in Boston.

According to IDC's Villars, the e-commerce explosion and the push to get on the Net as quickly as possible means that some companies are running a "dual-directory" strategy to handle the volume of directory objects.

"The IT manager may not have known about it, but the guy running the corporate Web site, adding e-commerce or any kind of personalization services, has been building a directory that, from a size standpoint, is orders of magnitude larger than anything the corporate IT people have been envisioning," Villars says. "For design reasons, you want to actually begin to build multiple directories, and they need to operate independently but be tightly bound and coordinated."

Enter metadirectories, which link multiple directories with one another and various company systems, and provide another layer of directory function to distribute and synchronize information across networks.

Both Novell and Microsoft have metadirectory solutions on the launching pad; Novell's DirXML includes XML support, while Microsoft has acquired a metadirectory solution from Zoomit. However, metadirectories' functionality may eventually fold into regular directories because the linking capability is "too important for it to be completely external," The Burton Groups' Lewis says.

Policy propagation

Policy management also has a part to play in optimizing networks; directories can store load-balancing and bandwidth-allotment policies and act as a central point for distributing policy changes across the network. Directories are moving into network management as well, joining forces with policy servers to create a more granular division of network services, which is particularly attractive to service providers.

"Somebody might be willing to pay extra money in order to have a certain set of services on a network happen for them," Gardner says. "The only way you could do that on a network on a real-time basis is to allow a policy server that is directory-enabled to do it."

Even networking hardware isn't safe from the influence of directories, especially with quality of service (QoS) gaining importance.

"You won't be able to buy a router or switch without seeing 'directory-enabled' on the label," Niagra College's Hill says. "QoS based on directory setting is not any kind of leap; it's here now. The devices themselves get managed through a directory object interface."

Continued evolution

Technologies such as XML and other standards also bode well for the future of directories; incorporating XML into directory services will provide another way for directories and applications to communicate.

"Once an underlying protocol for the network becomes available, an XML-based protocol, then you may see LDAP overall fade in some importance over the long term in favor of XML-based protocols," Lewis says.

But if directories are truly to take root in the enterprise market, they need to become as plentiful as possible, a task vendors seem to have had a hard time accomplishing.

One solution is to offer free directory services to spark enterprise deployment and then sell the directory-enabled applications. Novell is following part of this path, by increasingly emphasizing its directory-enabled e-commerce and network management services. Microsoft slipped its Active Directory into Windows 2000, automatically including the directory "for free" with the operating system.

Even if a company knows what an enterprise directory can bring to the table, the technical tribulations of gathering information and linking multiple systems with directories can be discouraging.

Although it may be in a company's best interest to implement directories, "It's kind of like your mom saying, 'Eat your peas.' You know you're supposed to do it, but you don't always get around to it or you find reasons to avoid it," Abderdeen Group's Gardner says, adding that enterprises that get small directories or databases included in products may see implementing other larger directory services as redundant.

Directory vendors and third-party application vendors are caught in a chicken-and-egg conundrum: Vendors need the applications to make their directories useful, and application vendors require directories to run on.

Vendors often push the more glamorous, directory-enabled applications to catch a company's eye, and tout the directory as the foundation for attractive e-business and security services.

Stubbornness remains

Despite the added functionality, management, and services a directory can provide, particularly in the e-commerce arena, companies are still hesitant to deploy enterprise directory services.

"Traditionally, in IT organizations, your network is your most sacred prize," says Community College of Southern Nevada's Benoit. "It keeps your most vital documents, it keeps everything about who you are, what you do, where you're going ... relinquishing some of that security is hard for organizations to understand. This is something you hold near and dear, and you've spent a lot of money and time in keeping hackers and other things out of it, and here you're going to open it up to a global networking strategy."

Overcoming enterprises' resistance to sharing their networks may be the toughest barrier to widespread directory deployment, analysts say. However, directories have the benefit of their continual evolution into more and more business systems, with plenty of expansion predicted for the future.

"We have only scratched the surface of what directories can do," Lewis adds.

"People are really only in the early stages of actual deployment and leveraging these things."

Stephanie Sanborn can be reached at

Outsource it

Several outsourcing companies, encouraged by directories' increasing importance in e-commerce, are now offering hosted directory services along with the more familiar outsourced e-mail and collaboration services.

However, turning an entire directory and its mission-critical contents -- including security and partner-business strategy information -- over to an outside hosting company may give ultraprotective enterprises a serious case of the willies.

"There isn't a one-size-fits-all solution [for outsourcing directories]," says Jamie Lewis, president of The Burton Group, in Midvale, Utah. "I certainly think the smaller to midsize companies that don't have the expertise in-house to do this will be much more amenable to outsourcing directories than someone like General Motors, because of the degree to which you have to reveal sensitive information and what the latencies are," Lewis says.

Outsourcing directories to companies such as Critical Path, which gained directory services with its acquisition of Isocor, may be easier for companies that have experience outsourcing other business systems and are familiar with the hosting environment.

Businesses looking for a place to host-distributed applications and directories that are shared between organizations may also find hosting those pieces of their directory eases their workload, analysts say.

"I think what's more likely to happen is that the hosted directories will become coordinating directories, if you will, between and among other directories -- sort of a metadirectory function," says Dana Gardner, research director for messaging and directory services at the Aberdeen Group, in Boston.

"You'll have your directory information, but you might relay that off of a hosted kind of directory, and that provides just another level of interoperability between players out on the network, " Gardner says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Aberdeen GroupBurton GroupCritical PathDana AustraliaHolden- General MotorsIDC AustraliaIT PeopleMicrosoftNovellZoomit

Show Comments