Oracle Unified Directory Webcast Q & A
By Naresh Persaud on Jul 26, 2011
Question: If you are currently using OID, OVD 10.1.4.2 and EUS, what should be the future direction in terms of upgrade paths, roadmap etc?
Thanks to everyone who joined our webcast on OUD. Because we ran out of time, several questions were un- answered. I have captured answers to all of the questions asked for your reference. You can also view the webcast on demand.
· Answer: Support of OUD as another option for EUS deployment is on our future roadmap, but the support of OID and OVD for EUS will not change, so no upgrade needed.
· Question: How is OUD different from OUD and OID
· Answer: Architecturally, OID is based on an external Oracle database, and OUD is based on an embedded Berkeley database. Scalability wise, they have different approaches to support extremely large deployments, OID provides monolithic scalability in a single DIT and even leverages ExaData for large scale deployments, while OUD provides horizontal scalability by adding more instances with data partition and global index for performance and scalability on commodity hardware. These solutions provide options to customers to meet their different requires and preferences.
· Question: How does the tool work with OES 11g
· Answer: Supported as identity store
· Question: Will Identity synch be available in OUD Is there a feature compare between other OpenDS offerings
· Answer: Yes, refer to our differentiators slides
· Question: Can OUD Synch or replicate with AD
· Answer: Yes, using Directory Integration Platform (DIP) from Oracle
· Question: Is referential integrity for objects / attributes such as groups / roles and members provided OOTB, or would custom plugins be required?
· Answer: Available in product – must be enabled
· Question: What is the level of interoperability with 3rd party directories such as AD or Edirectory?
· Answer: Supported using DIP
· Question: Is it possible to include OID in a OUD replication agreement?
· Answer: Not supported
· Question: but if I don't have ODSEE deployed, do you recommend a pure OUD deployment, to cover all of my directory (and virtual directory) needs?
· Answer: Yes. ODSEE is not a pre-requisite in anyway. However, virtual directory capability is not available in current OUD 11g, so you need to use both OUD and OVD together.
· Question: Does OUD run on WebSphere?
· Answer: OUD server is a J2SE app and runs on any JVM. However its admin console ODSM and monitoring interface Enterprise Manager require J2EE container and are currently only supported on WLS.
· Question: How about Novell eDirectory?
· Answer: You can replace eDirectory with OUD and you can sync them with DIP.
· Question: Is OVD ever useful/needed for replication in an OUD-oriented deployment?
· Answer: Not needed for replication, but only when you need to virtualize a directory environment that has other LDAPs or databases.
· Question: Is OUD a LDAP v3 implementation?
· Answer: Yes
· Question: Looks like this is intended to completely replace ODSEE, right?
· Answer: OUD can completely replace DSEE – customers are not required to replace DSEE
· Question: I'm a Sun DS 5.2 customer and I'm really confused. Is Unified Directory the future? Or should be I migrating to DSEE 11g (7.0)?
· Answer: OUD is the future directory, but we will continue to enhance and support ODSEE. We encourage you to upgrade to OUD, but you still have the option to upgrade to ODSEE 11g.
· Question: Does the OUD replication gateway work with ODSEE 6.3.1? Or is it mandatory to upgrade to ODSEE 11g first?
· Answer: currently only works with ODSEE 11g. However, it is on the roadmap to make it work with ODSEE 6.3.x directly.
· Question: What's the future for ODS and OID?
· Answer: OID will continue and be an option in addition to OUD.
· Question: ODSEE provided a plugin API. Does OUD provide a similar plugin API? Will existing plugins convert easily?
· Answer: OUD does not yet have a plug-in API. But because OUD is in Java and DSEE is in C- plug-ins will most likely have to be rewritten. However, before rewriting – investigate OUD and OVD features – could be features that required customization in DSEE – are now standard features.
· Question: understand OVD will be converged into this product. Is this correct?
· Answer: Yes. Once it is converged in the future, you’ll have a new OVD with full-functioning and powerful local store.
· Question: What is the future of Oracle/Sun Directory Server?
· Answer: If you are asking about ODSEE, we will continue to enhance and support it, though OUD is the future focus of innovation and already fully compatible with ODSEE.
· Question: How do you get such great performance improvement using OUD vs. ODSEE, considering ODSEE is arguably the best of breed in terms of read performance in the enterprise DS market?
· Answer: Exactly, ODSEE has great performance and is already the best on the market. We further enhanced OUD with new threading model and other architectural improvements to make it perform even better.
· Question: Does synchronization include the ability to sync identity data to SaaS applications?
· Answer: Depends on what SaaS applications you are using, as long as we have a DIP connector, it will work.
· Question: Is the replication gateway a separate install?
· Answer: not a separate install, but a configuration step.
· Question: Any justification to replace non-Oracle LDAP directory products by OUD?
· Answer: Absolutely. There are many reasons I can list, but a few quick points – 1. Oracle is the only vendor with a complete and unified directory solution, so you have one strategic vendor to work with and get the integrated solution and experience. 2. OUD provides high performance and scales elastically according to your needs which will reduce TCO. 3. We provide tools to help you migrate. 4. You can count on Oracle to continue to innovate as we have demonstrated with the OUD release.
· Question: will there be a best practices for migrating sun dir 5.x , 6.x, and 7.x users?
· Answer: yes, we will have a whitepaper available on this.
· Question: Will this have synch with AD
· Answer: Yes, through DIP
· Question: How does licensing work? Is it per server?
· Answer: Per CPU
· Question: In terms of synchronization with other stores, do you have some sort of connectors or framework we can use to build integration with stores on mainframe and other types of application which has their own store..
· Answer: There is a custom API for DIP
· Question: How much do the stated performance numbers for OUD depends on datasets being cached in memory?
· Answer: Full cache. As with any database product – maximum performance requires to reduce the amount of disk IO and thus the more data in memory cache – the better the performance
· Question: Can OIM use OUD as a native user repository? (It can currently use OID, but not ODSEE).
· Answer: No. OIM requires a database
· Question: Is OUD <-> ODSEE replication perform as well as ODSEE replication? Or are there replication delays to be expected?
· Answer: Should be seamless without delays.
· Question: How is elastic scalability achieved? Also, what other DS is OUD interoperable
· Answer: Elastic scalability is delivered through data partitioning and global index. Sync using DIP support all major LDAPs and Oracle database.
· Question: How does this work with Identity Management/SSO?
· Answer: Oracle IDM 11g certified OUD 11g.
· Question: I know there are a few companies that have taken openDS and built products (e.g. UboundID sp?, forgrock, etc.). How is OUd better since those other guys have been out for years?
· Answer: The real point is that OpenDS was out for a few years. OUD is build on top of OpenDS, but added some other innovative capabilities like proxy, data partition, global index, ODSE web based admin UI, monitoring using Enterprise Manager Grid Control, replication gateway with ODSEE, etc that differentiates us from others.
· Question: Will there be new update versions after ODSEE 11 gR1? or are the customers encouraged to migrate to OUD ?
· Answer: Customers are encouraged to upgrade to OUD, although there will be update versions to ODSEE 11gR1.
· Question: How much control do we have with command line tools or we need to rely on administration console
· Answer: All functions in Admin console are available through commend line
· Question: All of the discussion is around Sun. Does this work on IBM AIX?
· Answer: Yes.
· Question: Where can we download OUD
· Answer: on Oracle Technology Network (OTN).
· Question: Is ODSEE the same as Oracle/Sun Directory Server?
· Answer: Yes.
· Question: Will this product follow the path of OpenDS and provide both an enterprise and and open source version?
· Answer: There will be no equivalent of open source version of OUD as there will be no new functional capabilities committed to the open source.
· Question: We are on Oracle/Sun Directory Server v7. What do you recommend for our future path?
· Answer: You can continue on ODSEE, but we encourage you to test OUD and plan upgrade if you like OUD better.
· Question: You just said there will be "a convergence across products". That sounds like you're saying Unified Directory is the replacement for DSEE and OID. I'm still confused
· Answer: Convergence is more about ODSEE, OVD and OUD. OID is still an alternative solution for customers.
· Question: So OVD remains separate from OUD? Can OUD instantiate LDAP views (like OVD does)?
· Answer: OVD is separate for now until it is converged. OUD currently does not have virtual directory capabilities.
· Question: If a client has Identity and Access Management Suite Plus, does this imply an OUD license?
· Answer: Yes.
· Question: What security certifications has OUD undergone?
· Answer: Following the vigorous Oracle security practice.
· Question: Can OUD provide any OTB connector similar to OID DIP to synchronize with external data sources such as LDAP, Databases, Flat files, etc?
· Answer: It leverages DIP, so with the same connectors.
· Question: Does the replication gateway work with older versions of Sun DS (e.g. 5.2, 6.x) or do you have to be on 11g?
· Answer: Answered above. Only work with ODSEE 11g today, but support for other old versions are on the roadmap.
· Question: Is it possible to access the changelog directly? Or is a plugin like RCL needed to write the changes into a separate subtree?
· Answer: Technically it’s possible to query the Change log – however, OUD to OUD server uses an optimized replication protocol. If needing to synchronize data between OUD and another source – it would be better to use DIP (or OIM) instead of querying the OUD change log.
· Question: If I have OID can I migrate to OUD?
· Answer: Depends on what applications you are using. If you are using OID for Oracle apps that require it, for example, EBS, OSSO, etc, it will not work. If OID is used as an enterprise directory not for specific Oracle apps, you should be able to migrate to OUD.
· Question: Isn't DIP a completely separate product or has it been integrated with Unified Directory as well?
· Answer: Integrated for interoperability.
· Question: When will CA Siteminder be certified w/ OUD?
· Answer: Please ask CA to certify it. We will also proactively work with them.
· Question: What will be driving factor for the enterprise already using Sun directory Server 7 or above to move to OUD?
· Answer: Better performance, more flexible elastic scalability, better availability and unified solution with built-in proxy, complete Java experience with OVD and DIP, improved admin and monitoring experience with ODSM and EMGC.
· Question: Is DIP part of the ODS+ bundle?
· Answer; Yes
· Question: What kind of API is available?
· Answer: There is no API in current version. An API is planned for future version. If needed some type of data transformation for current release – possible to use OVD to do the data transformation before passing to OUD.
· Question: Can I use OUD 11g as user store for both OAM 10g and 11g?
· Answer: Yes.
· Question: How similar is this product with OpenDS?
· Answer: The core LDAP server is similar, but with added innovative functions like proxy, global index, Admin UI as well as monitoring etc.