Microsoft Specification Synchronizes Directory Services
Amid the brewing directory services war between Microsoft Corp. and Novell Inc., Team Redmond submitted to the Internet Engineering Task Force (IETF, www.ietf.org) a specification that enables developers to build connectors that synchronize otherwise incompatible directory services.
The specification is for a flexible LDAP-based control called DirSync, which Microsoft is also making freely available for use by anyone, without licensing requirements.
The problem with managing more than one directory occurs when an object is added, deleted or modified in one directory and, because directory services are not inherently interoperable, the change is not automatically made in the other directories.
To coordinate directory services, companies currently use a variety of solutions, including manual processes, scripting and meta-directory products.
The DirSync control, however, makes it easier for developers to build synchronization products that ease the complexity of multidirectory administration by capturing changes occurring within one directory service and propagating them to other directories automatically. These changes can be captured as low as the attribute level.
DirSync also is compatible with the design of most replicated directory services, and allows efficient resynchronization after server failures.
"The LDAP-based interoperability approach should simplify the task of tracking changes within directory services and make synchronization more effective," says Bruce Robertson, vice president, adaptive infrastructure strategies, Meta Group (www.meta.com).
Although DirSync was recently opened to the public and offered to the IETF, it is not an entirely new concept. "This is a submission of a technology that is already being used successfully," says Peter Houston, Active Directory product manager, Microsoft.
A number of providers of meta-directory and synchronization products are currently supporting DirSync or have voiced their intention to use the DirSync control to integrate their products with Active Directory. These providers include ISOCOR (www.isocor.com), nCommand Inc. (www.ncommand.com), NetVision Inc. (www.netvision.com) and ZOOMIT Corp. (www.zoomit.com).
"DirSync enables ISOCOR's MetaConnnect product to collect important change information quickly and reliably, and will make it possible to use Active Directory as the central repository for the enterprise," says Paul Gigg, president and CEO of ISOCOR.
Other companies are considering ways to use DirSync as well.
"We’re looking at it to see how we can use the technology for co-management of directory services," says Olivier Thierry, vice president of marketing for directory management software vendor Mission Critical Inc. (www.missioncritical.com).
Microsoft’s Houston says DirSync has been available to certain vendors all along, but the company wanted it open to all developers as well.
"Opening it to vendors certainly helps those vendors, but that doesn’t solve the greater problem, which is we, as an industry, need to get our hands around a way to standardize the connectors between directory services," Houston says. "We are hoping that the industry will take this spec and absorb it, and integrate it with the ongoing LDAP and LDUP work as well."