Next week, Nov. 9-11, the Identity Management Team travels down to Gartner Identity Access Management conference to showcase two of our latest releases DSEE 7 and Role Manager 5. Gartner IAM is a great event because it not only gather's together experienced practitioners in the identity management space but has a number of events that are small enough that you can have quality conversations about real problems. Last year, Verizon presented at this conference on the Directory and OpenSSO implementation that serves 50M users. The presentation is a great example of the proven expertise that Sun brings to Identity Management and the proven extranet scale our products can support---not a marketing benchmark.
Our team has taken a different approach to this even this year and we are participating in Gartner's Learning Lab's. Vendors, customer's and identity specialists are encouraged to come-by in a classroom style and learn about specific problem's Sun's product, partner's and customer's are using to solve their identity business problems. This is crucial today as the cost of failure or doing nothing rises exponentially. The best way to ensure success is to learn from real-world implementations not marketing based slideware presentations. This is why we have assembled not just the product teams but partners and real customer's to share their experience in these "learning labs".
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy!
Gartner IAM Sun Schedule
Monday, Nov 9th
Learning Lab:
12:40 - 1:05pm “Increase Speed &
Performance while reducing TCO with Sun Directory Server Enterprise
Edition” Speaker: Nick Wooler, Sr Product
Manager – Sun Microsystems
1:05 - 1:30pm “Changing the Rules of
the game; Raising the bar with Rule Life-cycle Management and
closed-loop remediation” Speaker: Neil Gandhi, Sr Product
Manager – Sun Microsystems
1:35 - 2:00pm "IAM Governance,
Risk and Compliance -- the future of IAM", Speaker: Sachin Nayyar, President -
BrinQa
2:05 - 2:30pm "Enterprise Single
Sign On for Sun Identity Management", Speaker: Stephane Fymat, VP of Strategy
and Product Management - Passlogix
12:30 - 2:30pm Mat Hamlin showcasing Identity
Manager
Tuesday, Nov 10th
Learning Lab:
12:10 - 12:35pm “Role based user
provisioning; using business roles for identity life-cycle management
and identity auditing”, Speaker: Mat Hamlin, Sr Product
Manager, Sun Microsystems
12:35 - 1:00pm “Three tough
challenges, one powerful solution: OpenSSO for web access management,
federation and Web services security”, Speaker: Daniel Raskin, Chief Identity
Strategist – Sun Microsystems
1:05 - 1:30pm "Privileged
Identity Risk Management: Mitigating the Insider Threat", Speaker: Richard Weeks, VP of Channels
and Business Development, Cyber-Ark
1:35 - 2:00pm "The WHO behind the
WHAT: Arcot Authentication and Sun OpenSSO Enterprise " Speaker: R 'Doc' Vaidhyanathan, Chief
Product Officer - Arcot
Sun Booth:
12:00 - 2:00pm Nick Wooler, showcasing DSEE
12:00 - 2:00pm Neil Ghandi, showcasing Role
Manager
Yesterday, Neil Ghandi, Matt Hamlin, Etienne Remillon and I gave a quick overview of what is new in Directory Server Enterprise Edition 7 and Role Manager 5. Here are just a few of the great highlights that were discussed during the presentation. Of course, you can get the full video embeded below. Lastly, if you are interested in seeing more events like this you can go to the webinar site here.
You can download the slides here. You can download the video here.
Sun's Identity Team have been busy over the summer! On Oct. 9, 2009 the Identity Management Team announced the release of Directory Server Enterprise Edition 7 and Role Manager 5. Next Wednesday, Oct. 21 at 8:00am PT, Neil Ghandi (Role Manager Technical Product Manager) and I will be giving an overview of some of the great features that exist in the new releases. Here are a couple of highlights:
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
What's New with Role Manager 5.0
• 360 Degree View of Assigned Access – A unified view of data related to user access that empowers reviewers to make more intelligent decisions concerning users access. • Closed-loop Remediation – A complete end-to-end solution for reviewing user access and removing inappropriately assigned access. • Rule Life-cycle Management – The first solution for managing the complete life-cycle of role assignment and SoD audit rules.
Interested in hearing more? Interested in hearing more about the release and what business problems it solves for your enterprise? Register here for the Webinar here:
Topic:
Improve Compliance, Access Controls, and Performance with Sun's Latest Releases of Role Manager and DSEE
Our very own, Ludo Poitou will be presenting with other luminaries in the identity industry at The 2nd.International conference on LDAP, LDAPCon 2009 will be held on September 20th and 21st at Waterfront Marriot Hotel , Portland OR, USA.
LDAP is gaining renewed attention as the identity repository for enterprise, telco's, global partner networks, healthcare and education institutions. The LDAP repositories have been faced with massive growth over the last five years and the performance and availability they have come to rely upon is being tested.
New requirements driven by the growth of users, the explosion of security requirements imposing more "writes" and the access to web services security and policies are forcing LDAP experts to look at new innovations.
You should attend, if you want to be apart of hearing how LDAP experts are innovating and addressing these business and technical challenges. If you haven't registered yet, please register NOW here!
The registration fee includes access to the LinuxCon 2009 (Sep 21 - 23), and if you still need to be convinced that it's worth attending, you can check the agenda here.
I wanted to pass along a quick note about an upcomming webinar on Directory Services which will be held Wednesday, May 20. The webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services. The conversation will go over the following:
How to use save cost by consolidating identity sprawl in your enterprise
How to meet agressive time-lines on a merger and acquisition
How to federate faster with virtual directories
If you are interested, please sign-up here. Even if you are not able to attend, registering will give you access to the replay.
If you attend and want to see what I look like, the picture to the left was captured at the European Identity Conference by the very serious people at the Daily Mail the bastion of great journalism in the UK.
At this very moment, every company on the planet is trying to find ways to reduce cost. A creative and innovative member of the Directory Server team at Sun has come up with a way to do just that using the iPhone and LDAP. I am about to plagiarize from Ludo's blog post located here so please read it for more detail on how Anton put this solution together. I am going to focus on the business angle of this important innovation using LDAP. Again, I hope David Kearns is reading because this is really what "Pimping Your Directory" is all about.
More and more companies are having to support mobile workforces or employees that work a portion of their time at home. Sun has been one of the leaders in this space. Not only does it improve productivity but it gives knowledgeworkers more empowerment thus improving their quality of work and life and thus loyalty to the company that employs them. However, the tools that support these workers have been slow to catch-up. Company Directories are a good example. How many times do employees call the 1-800 number to get an employee number to make a phone call on the road? As a consultant, I used to do this all the time. As a Sun employee, I have used this feature more than once while traveling to different trade shows, between offices, etc. This ties up valuable resources who could be routing real customer calls! I have realized this paradox but when you have to get something done you go through the path of least resistance. And, let's face it voice portals have not replaced human beings in either efficiency or effectiveness.
Here is where the innovator at Sun, Anton Bobrov, filled the gap. The Sun IT and Directory Teams recognized this gap a long time ago and placed a limited version of the employee directory outside the firewall. It is a great tool if you have a web browser and don't want to VPN into the network. However, Anton realized there was a better solution via the iPhone. He has developed an iPhone App that is an LDAP browser that allows employees to connect to this Directory outside the firewall and quickly search, find an employee and make the phone call from one device. My vote for iPhone App of the Year would be for the LDAP app by Zen and our very own Anton Bobrov.
The Business Case
So hypothetically, using Company A with 33,000 employees as an example, imagine 5% of employees have an iPhone. Imagine that same 5% make one phone call a week or 52 calls per year to the 1-800 number to get a phone call. Imagine each call takes 2 min of productivity away from the call center employee then this simple application could save approximately 2,860 hours. Put another way this is 1.43 FTE per year worth of productivity.
Number of Employees
33,000 Employees
Percent that have iPhone
5% Employees
Number of Employees with iPhone
1,650 Employees
Number of calls made per year to 1-800 per week by one employee
52 calls per year per employee
Total number of calls made in a year
85,800 calls per year
Total number of hours taken (avg time per search 2 min)
2,860 hours
Number of Employees Needed to Cover this Task (50 weeks * 40 hours)
1.43 FTE's
Please see Ludo's blog for more detail on how the app works and what Anton did to build it. His bog is located here.
How do you get it?
Go to the App Store and seach "LDAP". You want to download the Zen version for $3.99. Refer to the cost savings table above if you balk at the price. Here are the configuration details for Sun's directory, as described in Ludo's blog here.
Here's the settings that I've used (once you've installed the Directory application, there is a "Directory" section in the Settings application).
Identity: cn=John Smith (12345),ou=people,dc=sun,dc=com
[your Sun ID should be enclosed in brackets and watch the spaces]
Password: My Sun password
LDAP: book.sun.com
(Keep the remaining untouched).
How do I get one for my company?
If you are employee at a company that has a large mobile workforce you should show this blog post to an IT Director, Call Center Director, or someone who can make this project happen. This is a quick win for most companies in improving productivity. You can use DSEE or OpenDS with replication to create the directory instance outside the firewall. Publish a configuration guide for employees and start improving productivity.
As I mentioned last week, David Kearns, wrote a great article a few weeks back titled "Pimp My Directory". It is rare that you can use a theme for a blog entry twice in the same seven day span but when you here results like this I hope you agree....Sun is pimping their Directory.
Benoit Chaffanjon did an interesting "Benchmarketing" (you have to read his blog to understand why he calls it that) that showed Directory Server Enterprise Edition may be able to support 450,000 + LDAP operations per second. The benchmarketing was done on a Sun Blade 6000 using the Intel Xeon x5560 on OpenSolaris. All the gory details can be read in Benoit's blog here. This is mind-blowing when you consider the cost of transaction per second and also what this might look like on an SSD. We are doing some further testing as Mark Craig mentions in his blog not only to validate these amazing results but also to confirm the performance using OpenSSO and on a SSD.
The team is back from our successful trip to the European Identity Conference. Ludo and Mark Craig did a great job on the Identity Bus and Virtual Directory panels. I will have more about this later in the week.
I wanted to pass along a quick note about an upcomming webinar on Directory Services which will be held May 20. The webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services. The conversation will go over the following:
How to use save cost by consolidating identity sprawl in your enterprise
How to meet agressive time-lines on a merger and acquisition
How to federate faster with virtual directories
If you are interested, please sign-up here. Even if you are not able to attend, registering will give you access to the replay.
David Kearns recently wrote an article for Network World called "Pimp my directory" so when Matt Swiftwrote me about some interesting results from OpenDS Performance Testing, I could not resist borrowing the title to show what we are doing at Sun to innovate in OpenDS. Now before I go to far into the detail I will offer the following disclaimer that the data being represented here are results from preliminary performance testing on OpenDS. It is indicative of true performance and we are proud of these early results but we also are doing more formal performance testing, like we always do at Sun, to ensure these are more than just marketing benchmarks.
Matt Swift and the OpenDS team deserve a lot of credit for thier great work because they are radically reducing the total cost of ownership for running a directory server. Here are some of the latest statistics. I will let Matt explain the gory detail on his blog but the bottom line is that with a 10M user test on a X4150 with 8CPU's and basic internal disks the team was able to perform between 12,000 and 14,000 modifications per second. Yes.....Modifications!!! Imagine what this would look like on SSD's. Watch this space as we pimp our directory.
Lastly, this is just a small example of why Sun Open Source is the best in the industry for enterprises that need commercial grade software. The unit testing and performance testing our teams do before we release a milestone or commercial version is the best in the industry. Every day we put our reputation on the line as we expose builds for people to use in production environments. Each daily build of OpenDS has 10M user test performed against it. Each Milestone build has a 30M user performance test run to ensure data centers have telco grade software to run in their environments.
Ludo Poitou and Mark Craig from Sun Microsystems will be a part of two illustrious panels at the European Identity Conference today. Ludo will be a part of the panel talking about the Identity Bus which is a topic that Felix Gaethens, Kim Cameron, and David Kearns talked about last year. The discussion should be interesting becasue Sun has some of the products necessary to create the "identity bus" today through OpenDS, DSEE, Virtual Directory, OpenSSO, Identity Manager Connectors, and Netbeans, You don't need all of these to create the bus but a standards based way of storiing and accessing identities and then leveraging them via other applications or into the cloud are all possible using the tools at Sun.
Mark Craig will be joining Oracle, Radiant Logic and Symlabs in talking about Virtual Directories and their importance to Directory Services. Sun includes it's virtual directory features as a part of it's core product and license so all customers who use DSEE 6.3 today have a virtual directory already as a part of their license. Mark will be explaining how customers are using Virtual Directory to do data center consolidation, simplify mergers and acquisitions, and federate faster using Sun's Virtual Directory.
Yesterday concluded the MySQL Conference for me. It conincided with take your Daughter to Work day in the United States so I took my daughter to see a presentation about OpenLDAP and MySQL Cluster. Howard Chu did a great job providing a technical overview of his use of LDAP to MySQL Cluster (content I wanted to hear) and playing the violin during his presentation (providing content my daughter enjoyed).
Yesterday, Ludo did a presentation for the Glassfish Aquarium project at Sun who use USTREAM to broadcast their content to anyone interested in engaging with the team via this medium. The content is interesting and this is a better way to make presentations more engaging as not only do they provide the video feed but also a twitter mashup for interactive feedback from the audience. If you agree and want to see additional innovators using the internet to engage with their community members in a more engaging way then you should check out Leo Laporte on Twit.tv. I have been following the work that Leo Laporte has been doing with FLOSS, MacBreakWeekly and SecurityNow where he is innovating how to provide video content via the web. He has in effect created his own broadcasting company. SecurityNow has done some recent podcasts on the conflicker worm and the recent cyberespionage that has been in the news which is interesting and informative.
For those of you that missed Ludo's presentation on OpenDS. Here is the video.
The third day at MySQL Conference was a lot of fun. We did a presentation on how to integrate MySQL into Enterprise Identity Management Framework. We talked about several of the following ways Sun Microsystems does this. We discussed the role of Virtual Directories as ways to access attributes within LDAP and MySQL applications to create a single authentication point. This could be used as organizations try to integrate applications within a merger or acquistion, for organizations attempting to Federate with partners, etc. Additionally, we talked about the role of LDAP to MYSQL within the new release of MySQL Cluster 7.0. It is now possible with OpenDS to store data within a clustered database to combine the best of LDAP and Transactional Clustered databases.
Additionally, we talked about the new adapter that the OpenSSO team is creating that will allow customers to use MySQL as a user repository. The Agent that the team is creating is on their roadmap for July release later this year. We talked also about the increasing need for webservices security inside companies and capabilities of OpenSSO to help organizations provided that added security.
Lastly, we talked about Identity Manager and Role Manager and the ability for Identity Manager to connect to MySQL and thus allow organizations to provision users into applications built on MySQL. Also, in Role Manager MySQL can be used as a datawarehouse for role mining and reporting.
Additionally, Felix Gaethens from Kuppinger Cole wrote an interesting article comparing the Oracle and Sun Identity Management offerings. It would be interesting to hear your thoughts on their analysis. It is as Felix says in the article and interesting mental exercise.
Are you a Directory Hero? We want to know. In the last three months I have heard from several of you via the IRC chat on OpenDS.org at identity conferences or at user groups around the world about the great projects that leverage the innovations from the OpenDS community. We have been able to share a few of the great stories via the blogs story site. Everyone learns from hearing about the ways in which you are using LDAP in your organization. It is this sharing in the open that makes being a part of an Open Source Software project exciting and a great learning experience. I am reminded of a truism "Share comes before success".
Therefore, we are annoncing a new opportunity for you to share your stories with us at Sun. If you have deployed OpenDS and are using it please send us a story at the following email address. Here are some suggested questions that you can answer. Alternatively, blog or create a video about your implementation and send us the link. We want to show our appreciation for sharing so for the top 30 stories we receive we will send you a free t-shirt. Please include an address in your submission.
Here is what to do:
Step 1: Download the questionaire.
Step 2: Answer the questions that apply to your deployment
Step 3: Create blog or videocast and post somewhere
Step 4: Share: Send us the link at the email address above and include questionaire, link to your blog or video and an address for us to send the t-shirt.
Here is the suggested questionaire to guide you through what information the community would like to hear about your implementation.
Questions (Download here) and you don't have to answer them all:
Can you tell us more about your company ?
Can you tell us about the application, site, or service in which you have adopted OpenDS? [ Note: this is where you can hopefully get some publicity for your own business or project. So consider including any hyperlinks, screenshots, etc. that you would like for us to use in that context. Also, are you embedding OpenDS in your application?]
How and when did you first find out about OpenDS?
Did you go through an evaluation process before selecting OpenDS? If so, can you tell us a little bit about the process and results?
What specific version of OpenDS are you using?
On what operating system do you run OpenDS? Do you use the same OS for both development and production deployment?
On what hardware platform do you run OpenDS? Do you use the same platform for both development and production deployment?
Have you purchased a OpenDS license? If not, have you thought about doing so and do you know it includes access to patches and sustaining releases (more details from http://wikis.sun.com/display/sunopends)?
What specific features of OpenDS are you using?
What do you like most about OpenDS?
What would you most like to see improved in OpenDS?
Does your application also use a database? If so, which one?
Are there any figures about the scale of your adoption which you would like to share (such as how much traffic is being handled, how many entries are stored in OpenDS, how many servers are used)?
How has OpenDS performed since your application/service went live? Have you run into any production issues which you would attribute to OpenDS?
Would you recommend OpenDS to others? Why?
How does OpenDS figure in your future plans?
How would your describe your participation in the OpenDS project (e.g. user only, submitter of bug reports and RFEs, developer who has contributed code)?
Is there anything else you think would be of interest in a story about your OpenDS adoption?
Why are these cat's dancing? They just downloaded the latest release of Directory Server Enterprise Edition 6.3.1 which was released yesterday.
The 6.3.1 release is a patch to existing 6.x deployment that provides customers with a way to apply the latest fixes and updates found in Directory Server, Directory Proxy Server and Directory Server Control Center components in one installation event. Specifically, the Directory Server 6.3.1 provides fixes to replication issues in mixed DS 5.2 and 6.x topologies, on Directory Proxy Server it improves support for Virtualization (Join and JDBC) and includes additional performance related improvements. Furthermore this patch release improves patches that improve overall quality and robustness of deployments. You can read a consolidated view of all the fixes and updates contained in the release in the Release Notes located here.
You can also read the Directory Services Blog with all the download links here.
I recently moved over to the Directory Services team to take on the Product Line Management position. I had a lot of fun working with the OpenSSO team and I am excited about the great things that team has released into the market place. Another exciting thing about the job change, besides continuing to work with the OpenSSO team as they embed OpenDS as the configuration store in their product, is that I get to work with another team that values the importance of User Experience when building software. Enterprise software for years has promulgated the myth that all that matters is innovation or features within new releases. User Experience has always been an after-thought.
OpenDS has worked hard to promulgate a different approach which puts User Experience at the top of the priority list. You can see this in the installation experience of the software. MySQL builds software with a design guideline Martin Mickos call the "15 minute rule". This is the rule that their enterprise version should be downloaded and installed in 15 minutes or less. OpenDS can beat this by being installed in less than 3 minutes. This is even true when you are allowing OpenDS to generate 2000 simluated Directory Entries. Powerful stuff. Not only do you get a great directory engine up and running quickly but if you are a Developer or QA Engineer you can get going quicker as well.
More to come on the performance data and some of our plans soon. See for yourself how great the User Experience is for OpenDS in the video below:
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy! 
|
|
|
|
Our very own, Ludo Poitou will be presenting with other luminaries in the identity industry at The 2nd.International conference on LDAP, LDAPCon 2009 will be held on September 20th and 21st at Waterfront Marriot Hotel , Portland OR, USA.
at identity conferences or at user groups around the world about the great projects that leverage the innovations from the OpenDS community. We have been able to share a few of the great stories via the blogs 
