Virtual Directory Litmus Test
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Oct 05, 2008
Matt Flynn posted a paraphrased quote from Divya Sundaram of Motorola:
If you front-end data (or a data store) that you don't own (or don't have control of), then you need to replicate/sync data (instead of virtualizing the view).
And then asked if this is a litmus test for Meta vs Virtual.
My answer is that it depends.
This is because Sundaram's statement is a false assumption though it's a common belief.
It's a common belief because people want to be "in-control" of data and feel that unless they control everything, they are not truly in control.
This of course is patently false - we have mechanisms (such as contracts) to deal with boundary control issues without needing to actually directly control everything
And this is reflected in the fact that many (if not most) virtual directory deployments - the team that runs the virtual directory does NOT own the data sources they are connecting to. They systems they connect to are often run by different teams usually with different management chains. But virtualization works because those systems are already designed to be used by external client applications with proper level of Service Level Agreements & availability.
And virtualization is a way to make the most out of these existing capabilities.
Where "meta-directory" makes the most sense is really two cases:
1 - You want to reduce the number of storage systems in particular different LDAP servers. Thus you could collapse many ADAM, Sun, Novell, openLDAP, etc into a single enterprise-class storage system such as Oracle Internet Directory.
2 - You need a standardized, provisioning system to meet business process & compliance requirements. This is the environment which Oracle Identity Manager fills.