Part I - LDAP Directory for the Cloud – Which one do you recommend?

Posted by Vijayakumar Chinnasamy
April 27th, 2011

I am planning to appear for the CISSP exam sometime this year (could be in the month of May – I believe it really needs more time to prepare). For my Exam, I just completed my reading the Access Control chapter. I am using the Shon Harris AIO guide for my CISSP Exam. Whether I take the exam or not, the more knowledge I gain, then I am good with that. Believe me “Access Control” is not an easy chapter for me (though I worked on that domain for last few years. I have to understand lot of terminologies for the CISSP Exam. I still have 9 more domains to complete before start taking other books (Access Control is just one of them). It looks like it needs a lot more preparation than I thought.

Definition of Cloud Computing

Directory as a Service

  • Oracle Directory Server (ODS) – formerly Iplanet or Sun LDAP.
  • Oracle Internet Directory (OID)
  • Microsoft Active Directory (AD)
  • IBM Tivoli Directory Server (ITDS)
  • Novell’s eDirectory
  • OpenLDAP

What do I think?

Anyways, I don’t want to talk about Access Control here. But it is about the webcast by Mark Wilcox from Oracle couple of weeks ago. Mark webcasted a presentation on “Choosing the right Directory for the Cloud”. You can find the recording here.

Let’s try to understand the general definition of cloud computing first. According to “The NIST Definition of Cloud Computing” Version 15, it is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

According to the definition, there should be shared pool of configurable computing resources. In this context, we are talking about LDAP Directory as a software service that can be configured to provide access through various resources through. In this webcast, Mark talked more about the OID and ODS (see below).

In this context, let’s try to understand how LDAP Directories can be a service in the cloud.

There are many LDAP Directory offerings from various vendors, such as the ones below:

I want to talk more about LDAP directories for the clouds more on covering famous Directories out there. We serve many customers and everyone has their own preference of a LDAP Directory. So, we can’t ignore the other famous LDAP Directories.

When we talk about LDAP Directory for a cloud, we are talking about an LDAP instance for the Cloud application for authentication purposes (in some cases, we can use it for authorization as well).

If you are working with Oracle Products, such as Oracle EBS etc, and you need to consider a integration with LDAP Directory, then I believe Oracle Internet Directory (OID) has more advantages than the others in the list (Also, Oracle certifies most of the Identity Management products for EBS aligning with OID). Main reason is that Oracle Products are certified with OID as a recommended LDAP Directory – they are easy to integrate with the support from the point of the Vendor. Other reasoning is because the data is stored in the database, so you can take advantage of the Database Security Features.

ODS (formerly Sun Java System Directory Server, before that Iplanet Directory Server) is a great product in itself. I am working with this directory for a long time now. The data is stored in the Operating System Files (it internally uses the database structure). ODS follows LDAP v3 protocol standard.

I don’t want to be Oracle-centric in my approach (both of the above two directory servers I mentioned are from Oracle Corp). Mark Wilcox is from Oracle, So he talked more about these two directories in general. Also,

So, how can we provide an LDAP Directory as a service in the cloud? And more importantly what are the important factors that we need to consider while providing this service?

Also, Let’s talk about other directories in coming posts.

Until then

Vijay Chinnasamy

Comments (0)