Identity Matters

Virtual Directory technology is a cornerstone of the Symlabs Identity Management infrastructure. When my partners and I started Symlabs in 2001, we already had extensive experience with the directory infrastructures available at that time, and knew that we could address the shortcomings we saw in those technologies.

At the time, the term "identity management" was not really established yet, nor was the term "virtual directory". We were among the pioneers in that technology space, and our customers were thrilled by the new approach.

So, what is a virtual directory server, and how is it different from a "normal" directory server? In the dictionary, "virtual" has a few definitions, such as: " being such in essence or effect though not formally recognized or admitted" and  " being on or simulated on a computer or computer network". In fact, a virtual directory server is a bit of both. Of course, we are running on a computer, and we are in essence or effect a directory. But, there is an important distinction.

A "normal" directory server stores data and offers a query mechanism in order to access it. For accessing directories, the LDAP protocol is used, and has been standardized for that purpose. Directories are often also called "LDAP servers". A virtual directory (such as Symlabs Virtual Directory Server) is also an LDAP server, but it doesn't store data. Instead, it fetches data on demand from other data sources. Those data sources can be other LDAP servers, relational databases, or any other source of information that can be queried through one of the supported protocols, or through a client API.

Why would you need something like that? Well, in almost any company you never have just one super-LDAP server that has all the data readily accessible for all of the applications. Many times, data is stored all over the place, and in different formats. What's even worse is that many applications cannot be easily configured to fetch data from multiple sources in different data formats. That's where implementing a virtual directory comes in very handy.

Applications can talk directly to the virtual directory, using the LDAP protocol. The virtual directory then analyzes each request and fetches the corresponding data from the actual repositories. In that process, the intelligence needed to know where and how the actual data is accessed is configured only in the virtual directory, so that applications do not have to know those details. Of course, data can be reformatted, mapped and converted into whichever format the applications want.

This makes it really easy to integrate multiple applications - in fact it drastically reduces integration time from sometimes days or weeks to only hours. But that's not the only thing that virtual directories are good for. At the same time, they offer a way to put specialized, custom logic in between the request and the data. Then, when applications make requests, the virtual directory server can act on them in a customized fashion and put in special treatment for processing data, filtering requests, or handling requests in some special way. This allows you to create a fully intelligent directory that performs in a way that relational databases have offered for a long time through triggers and stored procedures.

Virtual directory technology is easy to deploy and use, extremely low on maintenance cost, and very useful in most enterprise environments. If you want to see it in action for yourself, please check out Symlabs Virtual Directory Server from our web page where you can download a fully-functional copy to evaluate.