Monday Apr 26, 2010

Iron-Clad Cloud: Secure Cloud Computing

As organizations continue to leverage the cloud for essential business applications and services the provisioning and security of identity data becomes an essential compliance requirement.  Oracle's new Security Newsletter  has an article that provides information on critical approaches to security in the cloud.

One solution to the security problem with cloud services can be overcome using Service Oriented Security.  The Oracle approach to using Service Oriented Security allows developers to pull from a centralized, authoritative source of identity services.  This allows developers to build security into every application from the inside-out.   This is critical to ensuring this is done in a standardized manner and most importantly it allows developers to develop without being security experts.

The "Iron-Clad Cloud:  Secure Cloud Computing" article in this quarter's Security Newsletter is a great place to start when looking for information on how to use these tools to improve the security for your organizations cloud services.  You will also find articles on database security and other bloggers who are sharing data about the security industry and Oracle's thought-leadership.

Monday Feb 15, 2010

From 0 to 100MPH in 10 sec... How fast can you do it?

Like in car racing,  for directories, being super fast is one of the driver in decision making, but when handling large amount of data with SSD and in-memory technologies,  this is not enough!

How do you go from initial service cold startup to full speed?
How long will your users and applications have to wait until end of warm-up?

Brad Diggs  in his latest post is explaining in details strategies to bring DSEE to full spee
d by using the most ad-hoc data priming strategy.

Monday Jan 25, 2010

DSEE 7 Gives Engineers More Free Time: What do they do with it?

Importing an ldif file is a common task that every engineer needs to create a directory service.  This is also a task that some engineers need to perform when restoring an instance in their topology.  DSEE 7 has introduced new innovations into the code has resulted in 5x improvements in performance. 

Wajih Ahmed, this Wednesday, will detail how he used the new F-20's to improve import times using DSEE 7.  This improvement results in real measurable time/cost savings.  Since these tasks sometimes take place over weekends or during maintenance periods this means engineers will have more time to do other things.  We want to know what are they doing with that time?  

Here is a potential list of activities they might be doing with that extra time:
  1. Spending time with their families
  2. Downloading and creating a POC for OpenSSO
  3. Attending a soccer game for their daughter
  4. Setting up their Super Bowl pool favoring their favorite team
  5. Finding cheats to get promoted in HALO ODST.
  6. Arranging a family movie night
  7. Learn about Fine Grained Access Control with OpenSSO here
  8. Writing a blog post on why they should allow dedicated server versions of Modern Warfare 2
  9. Checking out the IT platform that will manage, capture and deliver the Vancouver Winter Olympics
  10. Perusing Facebook to find out what is going on with their friends today.

If you have other creative ideas on what engineers should be doing with this extra time that DSEE 7 has given back, please share below.  I think everyone should be getting ready for the Olympics so I have included the latest video on the Torch Relay from the Vacouver Winter Olympics site.

Friday Jan 22, 2010

OpenDS and DSEE 7 Offer Compression

This week we have been sharing the different ways customer's can use compression to improve performance and reduce cost within your Directory Server Enterprise Edition environment.  On Wednesday, Brad Diggs, shared how customer's can use compression to reduce their storage footprint by 60%. Today, Ludo Poitou, Community Manager for OpenDS, wrote a great blog post on how to use compression in your OpenDS 2.2 instance.  Ludo shows how OpenDS can reduce the overall size of your directory instance.  He also gives pointers to how to configure in your directory environment.

Next week, Wajih Ahmed will be talking about how customer's can "Improving Import Speed Through ZFS Caching of LDIF import file".  He will show import rate of ds7 and opends with and without primary and secondary cache disabled vs. enabled.  This is another great example of the proven performance that Sun on Sun provides.  

Tuesday Jan 19, 2010

DSEE 7 Reduces Cost of Storage Using F-20 PCI Flash Drives

DSEE 7 launched in November and just after Christmas a couple of our Directory experts in the community at Sun took it for a test drive on the new F-20 PCIe flash drives at Sun.  The results confirmed the internal testing we did in the improved performance in import times, the reduction in Directory footprint due to compression and the overall performance improvements for DSEE 7.   This is critical for our customers because it will allow them to take advantage of growth in their business while bending the operational cost curve for their system. In some organizations, their operational budget is their biggest line-item so being able to meet growth targets while also addressing the time, cost and complexity of servicing the environment can release capital for investment in new product development.  

The team that did this great work has agreed to share the results of their testing in a series of blog articles over the next week.  The first article will be presented tomorrow by Brad Diggs, Principal Field Technologist.  Here are just a few highlights from the results that Brad will share tomorrow on compression:

  • The storage footprint was reduced by as much as 66%.
  • We were able to cache greater than 50% more entries into the filesystem cache.
  • Compression almost completely negated average entry growth that is due to the natural addition of operational attributes and replication metadata over time.
  • The nsslapd-db-page-size could be smaller and more consistent with entry growth over time. 

The other team members will be sharing insights that they learned during the testing so I encourage you to bookmark these blog's and take a look over the next couple of weeks.  The team will be sharing not only the results but the lessons learned.  One of the blog articles will discuss tuning to get better import times as well as how to set-up your own SLAMD environment to test your Directory infrastructure.  Please bookmark the following blog locations to see the results:

Brad Diggs, Principal Field Technologist, here
Ludo Poitou,  OpenDS Community Manager, here
Mark Craig, Directory Integration Team Manager, here
Wajih Ahmed,  Principal Field Technologist, here
Nick Wooler, Directory Server Product Line Manager, here

As you look at your business goals for 2010 and are looking for ways to meet your growth goals while keeping your costs under control then take another look at Directory Server 7.  Does your Directory Server provide you with the proven performance and continued innovation as Sun Directory Server Enterprise Edition 7? 

Wednesday Jan 06, 2010

Sun Directory Proxy Server 6.3.1 Update 1 released

Credit: User:SadorDirectory Proxy Server 6.3.1 Update 1 is a patch to be applied to an existing Directory Server Enterprise Edition 6.3.1.

This multi-platform patch provides fixes in the Directory Proxy Server component of DSEE as well as enhancements in the administration part of Directory Proxy server more specifically in the connection handler and monitoring.

Picture credit: Sador.

For more details, see the Directory Server Enterprise Edition 6.3.1 Release Notes which describes the list of fixes and the new administrative properties.

This Directory Proxy Server 6.3.1 Update 1 patch 141958-01 is available  from the My Oracle Support Site:

Patch 141958-01 is designed to be applied to an existing installation of Directory Server Enterprise Edition 6.3.1. Please read the "Directory Proxy Server 6.3.1 Update 1" chapter in the DSEE 6.3.1 Release Notes to proceed with version prior to 6.3.1.

Directory Server Enterprise Edition
Marketing Team

Monday Dec 14, 2009

New resource for Sun Partners

New resource for Sun Partners on Directory!

If you are enrolled in the Sun Partner Advantage program you now have access to our partner library which now includes information on our directory service product line.

Click here
to get access.
Make sure you subscribe to the Watch functionality (under the Tool menu) which will enable you to be notified of updates.

Sun Partners, please use the same login you use for

Tuesday Nov 17, 2009

Directory Server 7.0 Released: Download and Upgrade today

Sun  Directory Server Enterprise Edition 7.0 just released.

The 7.0 release is a new version for Directory Server Enterprise Edition.

Directory Server Enterprise Edition 7.0 allows companies to grow faster and easier. The significant improvement in performance allows companies to accelerate their applications while reducing their total cost of ownership. Companies can reduce cost by improving serviceability with faster import times, new easy upgrade in place, and with the only solution in the market that gives customers a directory server, virtual directory, proxy server, web console and synchronization with Active Directory available all in one license.

This updated release improves overall quality and robustness of deployments. Among other features, by downloading DSEE 7.0 you will get:

    • Up to 3 time performance improvement
    • In place upgrade from previous DSEE 6 versions
    • Reduced disk space and memory footprint
    • Optional Data compression
    • Instant Restore capability
    • Advanced tuning capability
    • More use cases and increased performances with views through Directory Proxy Server virtual directory capabilities
    • Improved control over traffic going through Directory Proxy Server
    • New distribution algorithm with Directory Proxy Server
    • Updated list of supported Operating Systems as well as IP v6 supported on all platforms
    • Directory Service Control Center supported on broader list of application servers

Release Notes are available from here. Full documentation is available from here.

Information on Sun Directory Server Enterprise Edition are also available on:

You can download Sun Directory Server Enterprise Edition 7.0 software from the following location:

The download page serves as a starting point to direct you to the proper downloads depending on the distribution type you need to download.

Directory Server Enterprise Edition 7.0 is available in the following full distributions.

  • ZIP Full distribution (Solaris, OpenSolaris, Red Hat, SuSE, HP-UX, Windows) - standalone delivery to install Directory Server Enterprise Edition 7.0. For upgrade from 6.x please refer to Installation Guide.
  • Native SVR4 packages for Solaris. For upgrade from 6.x please refer to Installation Guide.

Identity Synchronization for Windows is not delivered in the Directory Server Enterprise Edition 7.0 distribution and have to be selected from the download page:

Directory Server Enterprise Edition
Marketing Team


Friday Nov 13, 2009

Identity in Healthcare Webinar Nov. 18

The  Sun Identity Management team will be giving a webinar next Wednesday to discuss the very important topic of Identity Management and healthcare.  As the healthcare legislation moves through congress the increase of 36M patients on healthcare providers, insurance companies, and patients will be profound.  The cost savings projected by the bills will rely on IT systems to provide increased access to information to drive productivity gains.  As we have seen with recent high profile identity security breeches at hospitals identity security is critical in making sure the right people have access to the appropriate information, that information must be shared with all members of the value chain securely.

Sun's Identity Management Suite provides a powerful package of solutions to help with storing identity information with Directory Server Enterprise Edition;  managing authorization, federation and web services security with OpenSSO; providing provisioning solutions with Identity Manager; and, defining and managing role based access control with Role Manager.

Join this free Webinar to learn how Sun's identity management solutions can help your organization to:

  • Automate management of digital identities for other providers, patients, physicians, clinicians, and payors Provide single sign-on (SSO) and secure federated access to privacy-regulated healthcare information while adhering to strict mandates
  • Enable delegated, self-service password management
  • Comply with the Health Insurance Portability and Accountability Act (HIPAA), internal security policies, and corporate governance policies with complete auditing and reporting capabilities

Sun identity management solutions make it easier for healthcare organizations to manage and share digital information.

Register here.

Topic: Topic: Sun Webinar Series - Identity Management for Healthcare
Date: Wednesday, November 18, 2009
Time: 10:00 am PDT / 1:00 pm EDT / 19.00 CET (check my timezone)
Duration: 1 hour

Sun Product Manager Suresh Sridharan

Monday Nov 02, 2009

Farewell to a Directory Hero

This weekend the Directory Community said goodbye to a true hero, Don Bowen.  Many on the Directory Team at Sun had the pleasure of working with Don and will miss his energy and enthusiasm for life, technology and his family.  Our condolences go out to his family.  We will miss you Don!

 You can read more or leave a comment for his family here!  

Thursday Oct 22, 2009

What's New In Directory Server Enterprise Edition 7?

Yesterday, Neil Ghandi, Matt Hamlin, Etienne Remillon and Nick Wooler gave a quick overview of what is new in Directory Server Enterprise Edition 7 and Role Manager 5.  Here are just a few of the great highlights that were discussed during the presentation.  Of course, you can get the full video embeded below.  Lastly, if you are interested in seeing more events like this you can go to the webinar site here.  

You can download the slides here.  You can download the video here.

Monday Oct 19, 2009

Beta Class for "Directory Server Enterprise Edition 7.0 Maintenance and Operations Class"

 Sun Learning Services will be holding a beta class for Sun Directory Server Enterprise Edition (Directory Server EE) 7.0 Administration training in San Francisco, CA, from Tuesday, December 1 through Friday, December 4, 2009. Tuition is waived and there will be no charge for your valued partnership in this review. However, participants are responsible for travel expenses, lodging and incidentals.

This course provides students with the opportunity to learn to perform routine maintenance and troubleshooting techniques, monitor and tune servers, create and manage multiple databases, and perform other tasks encountered in day-to-day operations of Directory Server EE 7.0.

Labs acquaint students with the tools included with Directory Server EE. Students should use them to perform tasks such as searching and modifying directory data, exporting and importing data, starting and stopping servers, and troubleshooting. Students should also migrate server versions, create multiple databases, configure servers for replication, and tune

This course focuses on maintenance and operations issues related to Directory Server EE rather than planning and design issues. For planning and design topics, refer to DIR-2217: Sun Java(TM) System Directory Server Enterprise Edition: Analysis and Planning. If you are already extremely familiar with Directory Server EE, this course probably covers topics you are already familiar with.

We are looking for attendees who will provide a lot of feedback about the class and how we can improve it. We want students who will ask a lot of difficult and annoying questions that we can't answer, do the labs and make them break, and beat up on the product.

PLEASE READ CAREFULLY: If you have specific in-depth needs, such as heavy-duty performance tuning or analysis, planning, and architecture, please be advised that this class will NOT meet those needs. If you are new or somewhat new to the product, and need to know how to install and administer the product, use the command-line interface and Directory Server Control Center console, use the logs, and know a little about directory proxy server, this class will be will be an ideal introduction.

PLEASE NOTE: We require a passing level of familiarity with LDAP concepts, such as DN, DIT, RDN, search filter, and base DN. We will not have time to cover basic LDAP concepts during this beta course. You also need to know how to use the Solaris OS (or Linux) command line.

Our classroom space in San Francisco is extremely limited and we will very likely be unable to accommodate all who are interested. Apologies in advance if we cannot accept your enrollment.

If you're interested in attending, please contact David Goldsmith ( for more information.

Thursday May 14, 2009

Our Vote for iPhone App of Year: LDAP App Could Save You 1.43 FTE in Productivity

At this very moment, every company on the planet is trying to find ways to reduce cost.  A creative and innovative member of the Directory Server team at Sun has come up with a way to do just that using the iPhone and LDAP.  Ludo's blog post located here, provides a great overview of the technical detail (what tools, platform, etc.) so please read it for more detail on how Anton put this solution together.  Let's focus on the business angle of this important innovation using LDAP.  Again, we hope David Kearns is reading because this is really what "Pimping Your Directory" is all about.

More and more companies are having to support mobile workforces or employees that work a portion of their time at home.  Sun has been one of the leaders in this space.  Not only does it improve productivity but it gives knowledgeworkers more empowerment thus improving their quality of work and life and thus loyalty to the company that employs them.  However, the tools that support these workers have been slow to catch-up.  Company Directories are a good example.  How many times do employees call the 1-800 number to get an employee number to make a phone call on the road?  As a consultant, I used to do this all the time.  As a Sun employee, I have used this feature more than once while traveling to different trade shows, between offices, etc.  This ties up valuable resources who could be routing real customer calls! I have realized this paradox but when you have to get something done you go through the path of least resistance.  And, let's face it voice portals have not replaced human beings in either efficiency or effectiveness.

Here is where the innovator at Sun, Anton Bobrov, filled the gap. The Sun IT and Directory Teams recognized this gap a long time ago and placed a limited version of the employee directory outside the firewall.  It is a great tool if you have a web browser and don't want to VPN into the network.  However, Anton realized there was a better solution via the iPhone.  He has developed an iPhone App that is an LDAP browser that allows employees to connect to this Directory outside the firewall and quickly search, find an employee and make the phone call from one device.  My vote for iPhone App of the Year would be for the LDAP app by Zen and our very own Anton Bobrov. 

The Business Case

So hypothetically, using Company A with 33,000 employees as an example, imagine 5% of employees have an iPhone.  Imagine that same 5% make one phone call a week or 52 calls per year to the 1-800 number to get a phone call.  Imagine each call takes 2 min of productivity away from the call center employee then this simple application could save approximately 2,860 hours.  Put another way this is 1.43 FTE per year worth of productivity.

Number of Employees

 33,000 Employees 

Percent that have iPhone

 5% Employees 

Number of Employees with iPhone

 1,650 Employees 

Number of calls made per year to 1-800 per week by one employee
 52 calls per year per employee
Total number of calls made in a year
 85,800 calls per year
Total number of hours taken (avg time per search 2 min)  2,860 hours
 Number of Employees Needed to Cover this Task (50 weeks \* 40 hours)  1.43 FTE's

Please see Ludo's blog for more detail on how the app works and what Anton did to build it.  His bog is located here.

ZEN Directory App for iPhoneZEN Directory App for iPhone and iTouch

How do you get it?

Go to the App Store and seach "LDAP".  You want to download the Zen version for $3.99.  Refer to the cost savings table above if you balk at the price.  Here are the configuration details for Sun's directory, as described in Ludo's blog here.

Here's the settings that I've used (once you've installed the Directory application, there is a "Directory" section in the Settings application).

Identity: cn=John Smith (12345),ou=people,dc=sun,dc=com
[your Sun ID should be enclosed in brackets and watch the spaces]
Password: My Sun password
(Keep the remaining untouched).

How do I get one for my company?

If you are employee at a company that has a large mobile workforce you should show this blog post to an IT Director, Call Center Director, or someone who can make this project happen.  This is a quick win for most companies in improving productivity.  You can use DSEE or OpenDS with replication to create the directory instance outside the firewall.  Publish a configuration guide for employees and start improving productivity.

Tuesday May 12, 2009

450,000 LDAP Operations per Second

Benoit Chaffanjon did an interesting "Benchmarketing" (you have to read his blog to understand why he calls it that) that showed Directory Server Enterprise Edition may be able to support 450,000 + LDAP operations per second.   The benchmarketing was done on a Sun Blade 6000 using the Intel Xeon x5560 on OpenSolaris.  All the gory details can be read in Benoit's blog here.  This is mind-blowing when you consider the cost of transaction per second and also what this might look like on an SSD.  We are doing some further testing as Mark Craig mentions in his blog not only to validate these amazing results but also to confirm the performance using OpenSSO and on a SSD.

You can Try It by clicking button below:

Here is one table taken from Benoit's blog

Modify Operations Performed  




Std Dev

Corr Coeff






Modify Time (ms)  

Total Duration

Total Count

Avg Duration

Avg Count/Interval

Std Dev

Corr Coeff







Search Operations Performed  




Std Dev

Corr Coeff






Initial Search Time (ms)  

Total Duration

Total Count

Avg Duration

Avg Count/Interval

Std Dev

Corr Coeff







Subsequent Search Time (ms)  

Total Duration

Total Count

Avg Duration

Avg Count/Interval

Std Dev

Corr Coeff







You can Try and Buy one of these machines today. 

Monday May 11, 2009

Directory Server Webinar: Reduce Identity Sprawl and Improve Enterprise Performance

The team is back from our successful trip to the European Identity ConferenceLudo and Mark Craig did a great job on the Identity Bus and Virtual Directory panels.  We will have more about this later in the week.  

We wanted to pass along a quick note about an upcomming webinar on Directory Services which will be held May 20.  The webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services.  The conversation will go over the following:

  • How to use save cost by consolidating identity sprawl in your enterprise
  • How to meet agressive time-lines on a merger and acquisition
  • How to federate faster with virtual directories

If you are interested, please sign-up here.  Even if you are not able to attend, registering will give you access to the replay.

Oh, and that is not Craig MacDonald in the picture to the right.  We got this from a very talented photographer in the Creative Commons here.


This blog provides information regarding the Oracle Directory Server Enterprise Edition and Oracle Unified Directory products. Use this blog to get the latest breaking information regarding releases and updates plus other technical and non-technical information.


« July 2014