Cool Blog: Synchronization versus Virtualization
Novell Cool Solutions: Feature
By Volker Scheuber
Digg This -
Posted: 24 Jan 2007
Our IDM product line is based on data synchronization technology. From time to time I come across requests for virtualization in identity management projects for various reasons. Some of them hold up; others don't and fall after only a short investigation. Read on to learn about some of the misconceptions that exist out there regarding synchronization versus virtualization.
I went out and did some research on what the general understanding of a virtual and a meta directory is. I found an article on Wikipedia very interesting, actually interesting enough to make changes to it. The article originally stated:
When compared against most metadirectory technologies, virtual directory implementations typically offer several advantages:
- A simpler administration model
- Better reaction times against changes as the data is read directly from the source,
- Better adoption in the Corporate IT politics as the ownership of data is not changed,
- Better match for environments where the bulk transfer of changes are inappropriate
When I read that I thought this is seriously wrong. I made the following changes:
When compared against metadirectory technologies, virtual directory implementations offer potential advantages and suffer from certain disadvantages:
- In certain political climates it may be preferrable to not synchronize data to a central identity vault. In all the other cases, however, synchronization offers unique advantages (some of which are listed under disadvantages below).
- It is a better match for environments where the bulk transfer of changes are inappropriate. An example might be transactional systems which hold information about a lot of transactions but only summaries or only the last couple of transactions should actually be retrieved through the directory service.
- There are potentially better reaction times against changes in low load/request environments, as the data is read directly from the source. This advantage may turn quickly into a huge disadvantage in heavy load/request scenarios, when all the backend systems are put under heavy load.
- All data is always available as long as the central identity vault is available. In a virtual directory implementation, some of the delegated data source may not be available and requests may return no or only incomplete data.
- A central identity vault is usually easier made to be highly-available and fault-tolerant than a conglomeration of separate data stores.
- In heavy load/request environments the identity vault absorbs all client requests, thus protecting the backend systems from having to handle the whole load.
- Using close-to-realtime synchronization technologies offers comparable performance, even in a load/request environment.
Editor's note: The Matt Flynn Blog also offers some practical advice on the question of virtualization vs. synchronization. Here are some examples:
Common scenarios where a virtual directory would be very useful:http://360tek.blogspot.com/2006_03_01_360tek_archive.html
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com