Next week, Nov. 9-11, the Identity Management Team travels down to Gartner Identity Access Management conference to showcase two of our latest releases DSEE 7 and Role Manager 5. Gartner IAM is a great event because it not only gather's together experienced practitioners in the identity management space but has a number of events that are small enough that you can have quality conversations about real problems. Last year, Verizon presented at this conference on the Directory and OpenSSO implementation that serves 50M users. The presentation is a great example of the proven expertise that Sun brings to Identity Management and the proven extranet scale our products can support---not a marketing benchmark.
Our team has taken a different approach to this even this year and we are participating in Gartner's Learning Lab's. Vendors, customer's and identity specialists are encouraged to come-by in a classroom style and learn about specific problem's Sun's product, partner's and customer's are doing to solve their identity business problems. This is crucial today as the cost of failure or doing nothing rises exponentially. The best way to ensure success is to learn from real-world implementations not marketing based slideware presentations. This is why we have assembled not just the product teams but partners and real customer's to share their experience in these "learning labs".
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy!
Gartner IAM Sun Schedule
Monday, Nov 9th
12:40 - 1:05pm “Increase Speed &
Performance while reducing TCO with Sun Directory Server Enterprise
Edition” Speaker: Nick Wooler, Sr Product
Manager – Sun Microsystems
1:05 - 1:30pm “Changing the Rules of
the game; Raising the bar with Rule Life-cycle Management and
closed-loop remediation” Speaker: Neil Gandhi, Sr Product
Manager – Sun Microsystems
1:35 - 2:00pm "IAM Governance,
Risk and Compliance -- the future of IAM", Speaker: Sachin Nayyar, President -
2:05 - 2:30pm "Enterprise Single
Sign On for Sun Identity Management", Speaker: Stephane Fymat, VP of Strategy
and Product Management - Passlogix
12:30 - 2:30pm Mat Hamlin showcasing Identity
Tuesday, Nov 10th
12:10 - 12:35pm “Role based user
provisioning; using business roles for identity life-cycle management
and identity auditing”, Speaker: Mat Hamlin, Sr Product
Manager, Sun Microsystems
12:35 - 1:00pm “Three tough
challenges, one powerful solution: OpenSSO for web access management,
federation and Web services security”, Speaker: Daniel Raskin, Chief Identity
Strategist – Sun Microsystems
1:05 - 1:30pm "Privileged
Identity Risk Management: Mitigating the Insider Threat", Speaker: Richard Weeks, VP of Channels
and Business Development, Cyber-Ark
1:35 - 2:00pm "The WHO behind the
WHAT: Arcot Authentication and Sun OpenSSO Enterprise " Speaker: R 'Doc' Vaidhyanathan, Chief
Product Officer - Arcot
Sun's Identity Team have been busy over the summer! On Oct. 9, 2009 the Identity Management Team announced the release of Directory Server Enterprise Edition 7 and Role Manager 5. Next Wednesday, Oct. 21 at 8:00am PT, Neil Ghandi (Role Manager Technical Product Manager) and Nick Wooler (Product Line Manager, Directory Services) will be giving an overview of some of the great features that exist in the new releases. Here are a couple of highlights:
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
What's New with Role Manager 5.0
• 360 Degree View of Assigned Access – A unified view of data related to user access that empowers reviewers to make more intelligent decisions concerning users access. • Closed-loop Remediation – A complete end-to-end solution for reviewing user access and removing inappropriately assigned access. • Rule Life-cycle Management – The first solution for managing the complete life-cycle of role assignment and SoD audit rules.
Interested in hearing more? Interested in hearing more about the release and what business problems it solves for your enterprise? Register here for the Webinar here:
Improve Compliance, Access Controls, and Performance with Sun's Latest Releases of Role Manager and DSEE
Our very own, Ludo Poitou will be presenting with other luminaries in the identity industry at The 2nd.International conference on LDAP, LDAPCon 2009 will be held on September 20th and 21st at Waterfront Marriot Hotel , Portland OR, USA.
LDAP is gaining renewed attention as the identity repository for enterprise, telco's, global partner networks, healthcare and education institutions. The LDAP repositories have been faced with massive growth over the last five years and the performance and availability they have come to rely upon is being tested.
New requirements driven by the growth of users, the explosion of security requirements imposing more "writes" and the access to web services security and policies are forcing LDAP experts to look at new innovations.
You should attend, if you want to be apart of hearing how LDAP experts are innovating and addressing these business and technical challenges. If you haven't registered yet, please register NOW here!
The registration fee includes access to the LinuxCon 2009 (Sep 21 - 23), and if you still need to be convinced that it's worth attending, you can check the agenda here.
Sun OpenDS TM Standard Edition (SE) 2.0
is the newest member of the Sun Directory Server family of products.
This directory server includes an LDAP core that is designed for easy
installation, embedding, and configuration.
Sun OpenDS SE 2.0 is a high-performance, highly-extensible, pure
Java directory server that delivers a fully compliant LDAPv3 server
that passes all of the compliance, interoperability and security tests
suites. Furthermore, Sun OpenDS SE 2.0 implements most of the standard
and experimental LDAP extensions defined in the IETF as RFCs or
Internet-Drafts, ensuring maximum interoperability with LDAP client
With a limited footprint allowing the server to be embedded in other
Java applications, OpenDS has a very rich set of APIs making it easy to
extend and increase usage scope.
Sun OpenDS SE 2.0 also supports a multi-master replication model
with optional assured replication that guarantees the high availability
of the data for all operations, searches or updates. While
theoretically unlimited with regards to the number of masters, the Sun
OpenDS SE 2.0 server has been stressed under heavy and durable load
with 8 Masters.
This 2.0 version significantly increases performance both in read
and write, making it one of the most efficient commercial directory
Sun OpenDS SE 2.0 is based on the open source community project OpenDS
that is constructing next generation directory service software. The
initial effort is led by Sun and the primary contributions are by Sun
employees, but the goal is to attract developers and other interested
parties from around the world. Sun OpenDS SE is the Sun commercial
offering based on this project.
You can find out more information about Sun OpenDS SE 2.0 commercial release at:
Identity management in government is a very important topic as it crosses a number of domains. There are a number of issues as government's across the world pursue e-Government initiatives. Norway is a great example as they have launched a portal to allow citizens to opt into services that they wish to consume from the government (e.g. postal, doctor, etc.). The government portal in Norway uses OpenSSO. This is only one of the ways in which Sun is helping governments further information sharing and reduce the cost of providing citizens and organizations the services they need to be successful.
If you are interested in hearing more about the different way's Sun can help governments help solve Identity Management issues such as the following, please attend the following webinar.
Secure control over information access by dynamic and diverse user populations
Single sign-on and identity federation for seamless operations across multiple IT environments
Automated provisioning and deprovisioning to reduce costs
Delegrated and self-service account management to improve the user experience
Auditing and reporting to meet internal security and compliance requirements
At this very moment, every company on the planet is trying to find ways to reduce cost. A creative and innovative member of the Directory Server team at Sun has come up with a way to do just that using the iPhone and LDAP. Ludo's blog post located here, provides a great overview of the technical detail (what tools, platform, etc.) so please read it for more detail on how Anton put this solution together. Let's focus on the business angle of this important innovation using LDAP. Again, we hope David Kearns is reading because this is really what "Pimping Your Directory" is all about.
More and more companies are having to support mobile workforces or employees that work a portion of their time at home. Sun has been one of the leaders in this space. Not only does it improve productivity but it gives knowledgeworkers more empowerment thus improving their quality of work and life and thus loyalty to the company that employs them. However, the tools that support these workers have been slow to catch-up. Company Directories are a good example. How many times do employees call the 1-800 number to get an employee number to make a phone call on the road? As a consultant, I used to do this all the time. As a Sun employee, I have used this feature more than once while traveling to different trade shows, between offices, etc. This ties up valuable resources who could be routing real customer calls! I have realized this paradox but when you have to get something done you go through the path of least resistance. And, let's face it voice portals have not replaced human beings in either efficiency or effectiveness.
Here is where the innovator at Sun, Anton Bobrov, filled the gap. The Sun IT and Directory Teams recognized this gap a long time ago and placed a limited version of the employee directory outside the firewall. It is a great tool if you have a web browser and don't want to VPN into the network. However, Anton realized there was a better solution via the iPhone. He has developed an iPhone App that is an LDAP browser that allows employees to connect to this Directory outside the firewall and quickly search, find an employee and make the phone call from one device. My vote for iPhone App of the Year would be for the LDAP app by Zen and our very own Anton Bobrov.
The Business Case
So hypothetically, using Company A with 33,000 employees as an example, imagine 5% of employees have an iPhone. Imagine that same 5% make one phone call a week or 52 calls per year to the 1-800 number to get a phone call. Imagine each call takes 2 min of productivity away from the call center employee then this simple application could save approximately 2,860 hours. Put another way this is 1.43 FTE per year worth of productivity.
Number of Employees
Percent that have iPhone
Number of Employees with iPhone
Number of calls made per year to 1-800 per week by one employee
52 calls per year per employee
Total number of calls made in a year
85,800 calls per year
Total number of hours taken (avg time per search 2 min)
Number of Employees Needed to Cover this Task (50 weeks \* 40 hours)
Please see Ludo's blog for more detail on how the app works and what Anton did to build it. His bog is located here.
How do you get it?
Go to the App Store and seach "LDAP". You want to download the Zen version for $3.99. Refer to the cost savings table above if you balk at the price. Here are the configuration details for Sun's directory, as described in Ludo's blog here.
Here's the settings that I've used (once you've installed the Directory application, there is a "Directory" section in the Settings application).
Identity: cn=John Smith (12345),ou=people,dc=sun,dc=com
[your Sun ID should be enclosed in brackets and watch the spaces]
Password: My Sun password
(Keep the remaining untouched).
How do I get one for my company?
If you are employee at a company that has a large mobile workforce you should show this blog post to an IT Director, Call Center Director, or someone who can make this project happen. This is a quick win for most companies in improving productivity. You can use DSEE or OpenDS with replication to create the directory instance outside the firewall. Publish a configuration guide for employees and start improving productivity.
Benoit Chaffanjon did an interesting "Benchmarketing" (you have to read his blog to understand why he calls it that) that showed Directory Server Enterprise Edition may be able to support 450,000 + LDAP operations per second. The benchmarketing was done on a Sun Blade 6000 using the Intel Xeon x5560 on OpenSolaris. All the gory details can be read in Benoit's blog here. This is mind-blowing when you consider the cost of transaction per second and also what this might look like on an SSD. We are doing some further testing as Mark Craig mentions in his blog not only to validate these amazing results but also to confirm the performance using OpenSSO and on a SSD.
The team is back from our successful trip to the European Identity Conference. Ludo and Mark Craig did a great job on the Identity Bus and Virtual Directory panels. We will have more about this later in the week.
We wanted to pass along a quick note about an upcomming webinar on Directory Services which will be held May 20. The webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services. The conversation will go over the following:
How to use save cost by consolidating identity sprawl in your enterprise
How to meet agressive time-lines on a merger and acquisition
How to federate faster with virtual directories
If you are interested, please sign-up here. Even if you are not able to attend, registering will give you access to the replay.
Ludo Poitou and Mark Craig from Sun Microsystems will be a part of two illustrious panels at the European Identity Conference today. Ludo will be a part of the panel talking about the Identity Bus which is a topic that Felix Gaethens, Kim Cameron, and David Kearns talked about last year. The discussion should be interesting becasue Sun has some of the products necessary to create the "identity bus" today through OpenDS, DSEE, Virtual Directory, OpenSSO, Identity Manager Connectors, and Netbeans, You don't need all of these to create the bus but a standards based way of storiing and accessing identities and then leveraging them via other applications or into the cloud are all possible using the tools at Sun.
Mark Craig will be joining Oracle, Radiant Logic and Symlabs in talking about Virtual Directories and their importance to Directory Services. Sun includes it's virtual directory features as a part of it's core product and license so all customers who use DSEE 6.3 today have a virtual directory already as a part of their license. Mark will be explaining how customers are using Virtual Directory to do data center consolidation, simplify mergers and acquisitions, and federate faster using Sun's Virtual Directory.
Yesterday, Ludo did a presentation for the Glassfish Aquarium project at Sun who use USTREAM to broadcast their content to anyone interested in engaging with the team via this medium. The content is interesting and this is a better way to make presentations more engaging as not only do they provide the video feed but also a twitter mashup for interactive feedback from the audience. If you agree and want to see additional innovators using the internet to engage with their community members in a more engaging way then you should check out Leo Laporte on Twit.tv. I have been following the work that Leo Laporte has been doing with FLOSS, MacBreakWeekly and SecurityNow where he is innovating how to provide video content via the web. He has in effect created his own broadcasting company. SecurityNow has done some recent podcasts on the conflicker worm and the recent cyberespionage that has been in the news which is interesting and informative.
For those of you that missed Ludo's presentation on OpenDS. Here is the video.
What is it like working on an open source project? A lot of people wonder how does it differ. The nightly builds, the open nature of communication and involvement, the external contributors and the community managers like Ludo Poitou make it a very dynamic environment. The best way to understand it is to watch this great video that Ludo put together that represents the last three years of activity.
The identity team was in London for the Gartner Identity Access Management conference last week which was a successful event. We had the opportunity to meet and talk with some great customers and hear about the Thompson-Reuters implementation of OpenSSO and Directory Server Enterprise Edition serving 300,000 concurrent users with persistent cookies. This implementation allows traders to get their Reuter's feed on their smartphone and their desktop without having to login twice. This reduces transaction fees and keeps their business model in tact. The OpenSSO team did some great engineering work to meet the performance and functional requirements for Thomson-Reuters. We video-taped the presentation and should have that for your soon.
Also, Ludo Poitou was recently featured in an article on OpenDS in the Architect Zone or DZone. He describes some of the exciting things happening in the community with MySQL and discusses how to embed OpenDS in applications. This is a great jump-off point for customers getting started with deploying OpenDS as an identity repository for their application or infrastructure serving email, calendar or network infrastructure. You can read the whole article here.
March is going to be an exciting month with a number of events to help make it fun by joining us at one of the events listed below. The month get's started with an Unconference in New York sponsored by the OpenSSO team. The OpenDS team will be there as well leading a discussion on using LDAP and OpenDS as an identity repository. The event is free and only requires you to sign-up at meet-up.com. Here is the link and you can see how many people are attending. As of tonight there were 54 attendees. Sign-up here.
At the wiki page for the event you can add topics that you would like to discuss. There is already a suggested list that includes a presentation by Ludo on OpenDS as a datastore. You can access the wiki here.
There is a great webinar being offered on Wednesday, Jan. 21 which you may have missed the announcement because of all the excitement about the Inauguration and Martin Luther King Holiday in the US. Daniel Raskin, Product Line Manager OpenSSO, and Jamie Nelson, Director of Engineering for OpenSSO, will be talking about the current release as well as the plans for the next release of OpenSSO Express. There are already 200 registrants and there is a cap at 250 so register now so you don't get left out!
The Directory crowd should be interested as well, because OpenDS is bundled with OpenSSO and is used as OpenSSO's policy store and can be leveraged as a user store as well. Here are the details:
Sun Software Webinar: See how Sun's OpenSSO Enterprise provides a single solution for Web access management, federation, and Web services security.
Join Sun for a live webinar on one of today's most exciting aspects of identity management! During this session, we will discuss OpenSSO innovation and how it pushes access management, federation, and secure Web services capabilities to a new level. Learn how to solve challenges around these capabilities with a single solution.
This blog maintained by Etienne Remillon provides information regarding Oracle Unified Directory and Oracle Directory Server Enterprise Edition products. Use this blog to get the latest breaking information regarding releases and updates plus other technical and non-technical information.