Importing an ldif file is a common task that every engineer needs to create a directory service. This is also a task that some engineers need to perform when restoring an instance in their topology. DSEE 7 has introduced new innovations into the code has resulted in 5x improvements in performance.
Wajih Ahmed, this Wednesday, will detail how he used the new F-20's to improve import times using DSEE 7. This improvement results in real measurable time/cost savings. Since these tasks sometimes take place over weekends or during maintenance periods this means engineers will have more time to do other things. We want to know what are they doing with that time?
Here is a potential list of activities they might be doing with that extra time:
Perusing Facebook to find out what is going on with their friends today.
If you have other creative ideas on what engineers should be doing with this extra time that DSEE 7 has given back, please share below. I think everyone should be getting ready for the Olympics so I have included the latest video on the Torch Relay from the Vacouver Winter Olympics site.
This week we have been sharing the different ways customer's can use compression to improve performance and reduce cost within your Directory Server Enterprise Edition environment. On Wednesday, Brad Diggs, shared how customer's can use compression to reduce their storage footprint by 60%. Today, Ludo Poitou, Community Manager for OpenDS, wrote a great blog post on how to use compression in your OpenDS 2.2 instance. Ludo shows how OpenDS can reduce the overall size of your directory instance. He also gives pointers to how to configure in your directory environment.
Next week, Wajih Ahmed will be talking about how customer's can "Improving Import Speed Through ZFS Caching of LDIF import file". He will show import rate of ds7 and opends with and without primary and secondary cache disabled vs. enabled. This is another great example of the proven performance that Sun on Sun provides.
DSEE 7 launched in November and just after Christmas a couple of our Directory experts in the community at Sun took it for a test drive on the new F-20 PCIe flash drives at Sun. The results confirmed the internal testing we did in the improved performance in import times, the reduction in Directory footprint due to compression and the overall performance improvements for DSEE 7. This is critical for our customers because it will allow them to take advantage of growth in their business while bending the operational cost curve for their system. In some organizations, their operational budget is their biggest line-item so being able to meet growth targets while also addressing the time, cost and complexity of servicing the environment can release capital for investment in new product development.
The team that did this great work has agreed to share the results of their testing in a series of blog articles over the next week. The first article will be presented tomorrow by Brad Diggs, Principal Field Technologist. Here are just a few highlights from the results that Brad will share tomorrow on compression:
The storage footprint was reduced by as much as 66%.
We were able to cache greater than 50% more entries into the filesystem cache.
Compression almost completely negated average entry growth that is due to the natural addition of operational attributes and replication metadata over time.
The nsslapd-db-page-size could be smaller and more consistent with entry growth over time.
The other team members will be sharing insights that they learned during the testing so I encourage you to bookmark these blog's and take a look over the next couple of weeks. The team will be sharing not only the results but the lessons learned. One of the blog articles will discuss tuning to get better import times as well as how to set-up your own SLAMD environment to test your Directory infrastructure. Please bookmark the following blog locations to see the results:
Brad Diggs, Principal Field Technologist, here Ludo Poitou, OpenDS Community Manager, here Mark Craig, Directory Integration Team Manager, here Wajih Ahmed, Principal Field Technologist, here Nick Wooler, Directory Server Product Line Manager, here
As you look at your business goals for 2010 and are looking for ways to meet your growth goals while keeping your costs under control then take another look at Directory Server 7. Does your Directory Server provide you with the proven performance and continued innovation as Sun Directory Server Enterprise Edition 7?
One of the great things to look forward to this year is the Winter Olympics which will be held in one of the worlds most beautiful cities Vancouver, Canada. I am a huge sports fan and enjoyed the coverage via the web from China in 2008. The internet has revolutionized the way that people watch and participate in the Olympics. It was not that long ago that sports fans were only allowed to watch the content that was presented by the major network that had the rights to the event. Now users can choose to watch almost any event that occurs at the Winter Olympics either live or when their schedule permits. Sun technology sits behind the infrastructure that makes this possible. I am proud to work for Sun Microsystems! Here is a quick video where Ward Chapin, CIO for Vancouver Olympics Committee (VANOC) and Barry Caswell, Directory of IT Security for VANOC take you through what stands behind this incredible event.
Ugggh....last week we were reminded of how social media platforms are vulnerable to identity security problems. Two colleagues of mine were hacked in the twitter and an add was posted to my facebook account via cross-posting feature in Facebook (I love uggh boots, I just didn't plan on advertising them on my Facebook account. More about this later). One of the powerful aspects of social media sites is the extended conversation that users can have with their friends, colleagues and communities that participate. However, if social media sites don't work more aggressively to thwart security holes in their platforms they will undermine the credibility and trust they have worked hard to gain with the mobile IT generation. This is not a new problem.
The twitter hack is not a new one and in the short term can be rectified by changing one's password immediately. However, with the simplicity of being able to acquire the password there seems to be a problem that the twitter team needs to plug immediately. I have severely restricted my link clicking activities as a result of these vulnerabilities and tell family members not to click links when possible. However, this takes the fun out of getting access to content quickly or participating in events that are happening immediately (e.g. conferences, concerts, etc.).
As for the cross posting via Facebook, first let's talk about what constitutes cross-posting. Cross-posting is a great feature if used properly. It is a way for you to post to wider groups of people and this is useful as communities sometimes do not always overlap. Simply put, it is where a bot or user puts a comment in a blog that has been posted to Facebook or other social media site. Because a trust relationship has been established between the post and social media site comments are "retweeted" to the social media site it has been published.
I have three options to ensure that this does not happen in the future. One, do not post/share blog entries on Facebook; two, remove the trust relationship from Facebook to my blog; three, review all comments before allowing to be published to my blog. All of them are not good options. I will probably choose the third because it allows me to still share my blogs with my friends on Facebook but yet maintain some level of control over what is "retweeted" to my friends. Each of the blogging platforms allows a different level of control and easy access to the social media platforms so investigate and determine which is best for you.
Lastly, here is a quick overview of the top 8 social media hacks as of August, 2009 by Michael Eggebrecht from CIO Zone (thanks for the great picture top left). He outlines the top 8 social media hacks so far (e.g. Koobface, Twittercut, Best Video, etc.). If you are not reading Mashable already then I suggest taking a peruse as they have great coverage of different events and issues associated with this emerging space.
DSEE 7.0 is available for download today here with new documentation here. The critical document you want to look at is the upgrade and migration guide here.
Directory Server Enterprise Edition 7.0 Boosts Speed and Performance:
Considered one of the best extranet LDAP Directory Servers in the market today, the latest version of Directory Server Enterprise Edition allows enterprises to accelerate growth in a simplified way, improve performance and lower total cost of ownership. Directory Server Enterprise Edition 7.0 has been optimized to improve performance by more than three times when compared to its predecessor. In addition, this release provides innovations that improve authentication and modification performance by 60 percent, allowing customers to accelerate their applications without changing one line of code.
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
You can see a webinar we did recently on DSEE 7 and Role Manager 5 on why this release is important to your business and how this can help your company meet growth goals and reduce your total cost of ownership.
I recently attended Gartner IAM in San Diego and the topic of Cloud Computing permeated the titles of presentations throughout the conference. Eric Sachs, from Google gave a good presentation on applying IAM principles to applications in the cloud. RSA talked about network based security detection for companies leveraging the cloud. You might even argue, depending on your definition of the cloud, that Matthew Modica's talk on using Sun Role Manager at Express Scripts was about using role management to help provide better security to cloud based services. However, despite the good content and dialogue it seems that there is still some room for clarification as this space evolves. The one thing that seemed obvious was that performance requirements for IAM infrastructure is going to continue to grow and be tested by this evolving space.
At Sun, we worry about performance requirements every day as our customers push our existing technologies with demanding performance requirements. Directory Server Enterprise Edition with it's more than 10 years of experience in the market has had to deal with cloud based architectures in a number of ways. However, before we talk about how they intersect it is prudent for us to define the different types of clouds (prudent because there is still controversy over the definition of clouds). According to Wikipedia there are three different types of clouds: Public, Hybrid and Private.
Directory Server Enterprise Edition (DSEE) provides infrastructure for companies that primarily use private and hybrid clouds. In both the private and hybrid environments, these cloud based architectures reside in large enterprises using Directory Server to provide an authentication service for a portal and collaboration platforms for customer, employees and partner's. Additionally, Telco's and service providers have used DSEE to provide the identity backbone for private and hybrid clouds. In these deployments DSEE is used as the access and authentication layer and OpenSSO as the single-sign-on, federation or web services security layer. However, the most common use case that we see today is enterprises using DSEE as the identity backbone for the hybrid cloud environment. This is where companies are using federation or web services security on top of Directory Services to leverage Public Cloud services to extend the services they offer customers, employees and partners.
At the very least these architectures in cloud computing are pushing performance beyond traditional levels. This is also why we have seen a resurgence in interest in Directory Services. The Directory Server and specifically Sun's Directory Server Enterprise Edition provides proven performance that enterprises can rely on as they build, experiment and deploy these new services. We continue to push our existing products and new versions of the product to get the best performance out of the platform. Terry Gardner, building off the great work Brad Diggs has done, recently published an example of this in his blog post to report performance results on a 13,800,000 user Directory using DSEE 5.2, Solaris 10 Update 7 using ZFS and Sun Netra x4250. The deployment provided some impressive performance results below (taken from Terry's Blog here):
8,000 searches per second with simultaneous updates
maximum 800 milliseconds for any single search
minimum 70% CPU utilization (usr+sys)
As DSEE 7 is available for download today (here) with 3x performance improvements it is worth remembering the strong foundation and history DSEE 7 follows. I look forward to sharing with you over the next several months the performance figures of proven deployments as customers use DSEE 7. These future architectures that drive performance whether they be to serve private or hybrid clouds or critical enterprise collaboration platforms will continue to drive us at Sun to produce the best proven performance directory server on the planet.
The Sun Identity Management team will be giving a webinar next Wednesday to discuss the very important topic of Identity Management and healthcare. As the healthcare legislation moves through congress the increase of 36M patients on healthcare providers, insurance companies, and patients will be profound. The cost savings projected by the bills will rely on IT systems to provide increased access to information to drive productivity gains. As we have seen with recent high profile identity security breeches at hospitals identity security is critical in making sure the right people have access to the appropriate information, that information must be shared with all members of the value chain securely.
Sun's Identity Management Suite provides a powerful package of solutions to help with storing identity information with Directory Server Enterprise Edition; managing authorization, federation and web services security with OpenSSO; providing provisioning solutions with Identity Manager; and, defining and managing role based access control with Role Manager.
Join this free Webinar to learn how Sun's identity management solutions can help your organization to:
Automate management of digital identities for other providers, patients, physicians, clinicians, and payors Provide single sign-on (SSO) and secure federated access to privacy-regulated healthcare information while adhering to strict mandates
Comply with the Health Insurance Portability and Accountability Act (HIPAA), internal security policies, and corporate governance policies with complete auditing and reporting capabilities
Sun identity management solutions make it easier for healthcare organizations to manage and share digital information.
SAVE THE DATE - Wednesday, December 2, 2009 Sun Identity Management User Group Session Grammercy Park Room Sun Microsystems, 101 Park Avenue, New York, NY
The Sun Identity Management User Group will meet for its next session at Sun Microsystems, 101 Park Avenue, New York, NY on Wednesday, December 2, 2009.
We are still finalizing the agenda and I will publish in this blog as soon as it is ready.
This week Google launched a new service called Google Dashboard which can be found in the account settings in top right hand corner under "personal settings". The service is a great idea for a couple of reasons. One, it served as a reminder (at least to this user) of all the services that I had actually signed-up for from Google over the years. Which given the pace of their innovation and continuous beta approach and my propensity to try new things in the technology space was quite a few. The second reason and arguably the most important was that it offered you the link to go and manage your privacy settings from the dashboard to the services you have subscribed. This is critical and important for those customers and users that are interested in actively managing their identity at Google. Here are the reasons why!
In the world of Web 2.0, Mashups and Federation business's are constantly stitching together different applications to provide value to customer's and consumer's. Organization's need to give user's control of their privacy setting's to allow them to control what information they share when and where on the internet. Most user's don't mind providing the information or more likely are unaware of what they are sharing. This is why the Google Dashboard feature is a powerful tool for user's to improve their security. The ability to access these privacy setting's existed in each of the services that Google offered. However, as I mentioned above, I had forgotten about all the different services I had signed up for within Google Land. This consolidation in one spot, gave me information, power and most importantly choice in one spot making my ability to make better decisions about how my identity is managed on the internet.
Facebook has learned this lesson and has done a lot to put the power in user's hands of controlling how applications user their information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the Facebook Security Fan Page to get updates on different steps they are taking to improve the choices users have to manage their identity data. Another great step they have taken is also in the user experience they provide users in the pages that manage services and privacy by providing contextual help for users. Big improvements that contribute to better user decision making.
Next week, Nov. 9-11, the Identity Management Team travels down to Gartner Identity Access Management conference to showcase two of our latest releases DSEE 7 and Role Manager 5. Gartner IAM is a great event because it not only gather's together experienced practitioners in the identity management space but has a number of events that are small enough that you can have quality conversations about real problems. Last year, Verizon presented at this conference on the Directory and OpenSSO implementation that serves 50M users. The presentation is a great example of the proven expertise that Sun brings to Identity Management and the proven extranet scale our products can support---not a marketing benchmark.
Our team has taken a different approach to this even this year and we are participating in Gartner's Learning Lab's. Vendors, customer's and identity specialists are encouraged to come-by in a classroom style and learn about specific problem's Sun's product, partner's and customer's are using to solve their identity business problems. This is crucial today as the cost of failure or doing nothing rises exponentially. The best way to ensure success is to learn from real-world implementations not marketing based slideware presentations. This is why we have assembled not just the product teams but partners and real customer's to share their experience in these "learning labs".
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy!
Gartner IAM Sun Schedule
Monday, Nov 9th
Learning Lab:
12:40 - 1:05pm “Increase Speed &
Performance while reducing TCO with Sun Directory Server Enterprise
Edition” Speaker: Nick Wooler, Sr Product
Manager – Sun Microsystems
1:05 - 1:30pm “Changing the Rules of
the game; Raising the bar with Rule Life-cycle Management and
closed-loop remediation” Speaker: Neil Gandhi, Sr Product
Manager – Sun Microsystems
1:35 - 2:00pm "IAM Governance,
Risk and Compliance -- the future of IAM", Speaker: Sachin Nayyar, President -
BrinQa
2:05 - 2:30pm "Enterprise Single
Sign On for Sun Identity Management", Speaker: Stephane Fymat, VP of Strategy
and Product Management - Passlogix
12:30 - 2:30pm Mat Hamlin showcasing Identity
Manager
Tuesday, Nov 10th
Learning Lab:
12:10 - 12:35pm “Role based user
provisioning; using business roles for identity life-cycle management
and identity auditing”, Speaker: Mat Hamlin, Sr Product
Manager, Sun Microsystems
12:35 - 1:00pm “Three tough
challenges, one powerful solution: OpenSSO for web access management,
federation and Web services security”, Speaker: Daniel Raskin, Chief Identity
Strategist – Sun Microsystems
1:05 - 1:30pm "Privileged
Identity Risk Management: Mitigating the Insider Threat", Speaker: Richard Weeks, VP of Channels
and Business Development, Cyber-Ark
1:35 - 2:00pm "The WHO behind the
WHAT: Arcot Authentication and Sun OpenSSO Enterprise " Speaker: R 'Doc' Vaidhyanathan, Chief
Product Officer - Arcot
Sun Booth:
12:00 - 2:00pm Nick Wooler, showcasing DSEE
12:00 - 2:00pm Neil Ghandi, showcasing Role
Manager
Yesterday, Neil Ghandi, Matt Hamlin, Etienne Remillon and I gave a quick overview of what is new in Directory Server Enterprise Edition 7 and Role Manager 5. Here are just a few of the great highlights that were discussed during the presentation. Of course, you can get the full video embeded below. Lastly, if you are interested in seeing more events like this you can go to the webinar site here.
You can download the slides here. You can download the video here.
Sun's Identity Team have been busy over the summer! On Oct. 9, 2009 the Identity Management Team announced the release of Directory Server Enterprise Edition 7 and Role Manager 5. Next Wednesday, Oct. 21 at 8:00am PT, Neil Ghandi (Role Manager Technical Product Manager) and I will be giving an overview of some of the great features that exist in the new releases. Here are a couple of highlights:
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
What's New with Role Manager 5.0
• 360 Degree View of Assigned Access – A unified view of data related to user access that empowers reviewers to make more intelligent decisions concerning users access. • Closed-loop Remediation – A complete end-to-end solution for reviewing user access and removing inappropriately assigned access. • Rule Life-cycle Management – The first solution for managing the complete life-cycle of role assignment and SoD audit rules.
Interested in hearing more? Interested in hearing more about the release and what business problems it solves for your enterprise? Register here for the Webinar here:
Topic:
Improve Compliance, Access Controls, and Performance with Sun's Latest Releases of Role Manager and DSEE
If you haven't noticed, Oracle published this ad to Sun Customer's today in the Wall Street Journal. Just in case you missed it, you can see it here. As an ex-coach and former water polo player, the quote resonates. The Directory Server Enterprise team continue to deliver. Watch this space as we get ready to release DSEE 7.0.
|
|
|
|
DSEE 7 launched in November and just after Christmas a couple of our Directory experts in the community at Sun took it for a test drive on the new 
One of the great things to look forward to this year is the Winter Olympics which will be held in one of the worlds most beautiful cities Vancouver, Canada. I am a huge sports fan and enjoyed the coverage via the web from China in 2008. The internet has revolutionized the way that people watch and participate in the Olympics. It was not that long ago that sports fans were only allowed to watch the content that was presented by the major network that had the rights to the event. Now users can choose to watch almost any event that occurs at the Winter Olympics either live or when their schedule permits. Sun technology sits behind the infrastructure that makes this possible. I am proud to work for Sun Microsystems! Here is a quick video where Ward Chapin, CIO for Vancouver Olympics Committee (VANOC) and Barry Caswell, Directory of IT Security for VANOC take you through what stands behind this incredible event.
Ugggh....last week we were reminded of how social media platforms are vulnerable to identity security problems. Two colleagues of mine were hacked in the twitter and an add was posted to my facebook account via cross-posting feature in Facebook (I love uggh boots, I just didn't plan on advertising them on my Facebook account. More about this later). One of the powerful aspects of social media sites is the extended conversation that users can have with their friends, colleagues and communities that participate. However, if social media sites don't work more aggressively to thwart security holes in their platforms they will undermine the credibility and trust they have worked hard to gain with the mobile IT generation. This is not a new problem. 
I recently attended 
At Sun, we worry about performance requirements every day as our customers push our existing technologies with demanding performance requirements. Directory Server Enterprise Edition with it's more than 10 years of experience in the market has had to deal with cloud based architectures in a number of ways. However, before we talk about how they intersect it is prudent for us to define the different types of clouds (prudent because there is still controversy over the definition of clouds). According to 
The Sun Identity Management team will be giving a webinar next Wednesday to discuss the very important topic of Identity Management and healthcare. As the healthcare legislation moves through congress the increase of 36M patients on healthcare providers, insurance companies, and patients will be profound. The cost savings projected by the bills will rely on IT systems to provide increased access to information to drive productivity gains. As we have seen with recent high profile identity security breeches at hospitals identity security is critical in making sure the right people have access to the appropriate information, that information must be shared with all members of the value chain securely.
This week Google launched a new service called 
information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the 
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the 
