Active Directory as an Interoperability Rendezvous

As Active Directory rollouts enter the last mile, some industry figures are beginning to see Microsoft's proprietary directory service as a key route to interoperability among systems for user credentials and authentication.

It seems slightly odd at first because Active Directory runs only on Windows and Microsoft itself felt the need to launch a separate metadirectory product, Microsoft Identity Integration Server, to fill the multi-platform need.

There is logic to using Active Directory. That logic centers on the ubiquity of Windows servers; Microsoft's requirement that all servers after Windows NT 4.0 use Active Directory; and the difficulties of maintaining multiple identities for each user.

SPONSOR: Integrate Active Directory with Unix/Linux/Java/web platforms
Free webcast, whitepaper show how to extend Active Directory’s identity, access and policy management to non-Microsoft platforms. Enable single sign-on and centralize administration. Map multiple Unix/Linux identities to a single AD account without intrusive changes to existing systems.
View the free on-demand webcast and get the white paper.

Windows servers are almost everywhere. According to research from IDC, Windows servers account for more than half of new server unit shipments. Running a modern authentication network based on Windows 2000 Server or Windows Server 2003 domain controllers requires Active Directory. Several recent surveys, including one by ENT last year, indicate that the majority of organizations have Active Directory deployed by now.

Linux, too, is surging everywhere, and while purchases of Unix-based systems are on the decline, clearly the installed systems are working and will not be replaced soon. Even in heavily Windows-oriented shops, it's common to find non-Windows servers that users must log on to for some applications. But there's no single identity management solution for Unix or Linux that is, or will be, anywhere near as widespread as Active Directory on the Windows side. By default, Active Directory is becoming the omnipresent directory technology.

Meanwhile, several usability, security and management problems that have been around for years, continue to nag. Users continue to balk at maintaining multiple strong passwords. Password resets top the list of busywork that occupies help desk employees. Security is undermined by password-filled sticky notes at users' desks or by common username/password combinations used by entire workgroups.

Single sign-on solutions and metadirectories are some of the ways organizations have tried to fix these longstanding problems. However, the synchronization and maintenance efforts can make administration of these solutions seem like more trouble than simply letting the insecure and unmanaged current situation limp along.

SPONSOR: Good Technology. Information at the point of business.
Good Technology is the leader in wireless handheld computing software and service, providing enterprises the applications they need on the handhelds they choose over the networks they prefer. The company's GoodAccess and GoodLink products extend mission-critical enterprise applications—including Microsoft Exchange, Oracle, and Siebel—to mobile employees when and where they need them.
Click here for more information.

Recently, there's been a lot of activity in the interoperability market around Active Directory. In January 2004, Vintela released Vintela Authentication Services, which joins Unix and Linux servers to Active Directory forests so users sign on to non-Microsoft resources through their Active Directory credentials. Last month, another company, Centrify, introduced similar technology called DirectControl.

There are some indications that Microsoft might absorb this emerging market. In November, Microsoft made a minority investment in Vintela. Then, Vintela hired a main product manager for Microsoft Identity Integration Server, Jackson Shaw, as a vice president. In a news release about the hire, Vintela pointed out that Shaw had been part of the management team that groomed metadirectory firm Zoomit for acquisition by Microsoft. Centrify, meanwhile, is founded by Tom Kemp, formerly of NetIQ -- the firm that sold Microsoft Operations Manager to Microsoft.

On the other hand, there are similarities in the interoperability market to the data center market. In that market, Microsoft partnered heavily with major firms with enterprise credibility, such as IBM, HP, Unisys and EMC. Those firms did the front-end selling and took the support calls for some of Microsoft's enterprise-focused products, such as Windows Datacenter Server. Letting partners do the selling in a market where Microsoft had less credibility was a politically astute move. On interoperability, again, customers may have more trust in an independent agent with strong technical ties to Microsoft than in Microsoft itself.

With many things in IT, a set of problems by themselves may not cause people to jump on solutions. A problem, coupled with a fairly straightforward fix, can prompt a run on a technology. The emergence of widespread Active Directory deployments may mean it's easiest to cobble together a solution for unified authentication through that Microsoft-centric directory technology.

For the enterprise, retooled consumer antispyware tools won't cut it. Meet CounterSpy Enterprise: the ONLY antispyware product with three threat database update sources: Microsoft, ThreatNet, and internal research. CounterSpy Enterprise has policy-based deployment, AD support, an easy Admin Console for centralized management, and the best spyware database in the industry.
Try it FREE for 30 days!