Novell is now a part of Micro Focus

Cool Blog: Synchronization versus Virtualization

Novell Cool Solutions: Feature
By Volker Scheuber

Digg This - Slashdot This

Posted: 24 Jan 2007

Our IDM product line is based on data synchronization technology. From time to time I come across requests for virtualization in identity management projects for various reasons. Some of them hold up; others don't and fall after only a short investigation. Read on to learn about some of the misconceptions that exist out there regarding synchronization versus virtualization.

I went out and did some research on what the general understanding of a virtual and a meta directory is. I found an article on Wikipedia very interesting, actually interesting enough to make changes to it. The article originally stated:

When compared against most metadirectory technologies, virtual directory implementations typically offer several advantages:

  • A simpler administration model
  • Better reaction times against changes as the data is read directly from the source,
  • Better adoption in the Corporate IT politics as the ownership of data is not changed,
  • Better match for environments where the bulk transfer of changes are inappropriate

When I read that I thought this is seriously wrong. I made the following changes:

When compared against metadirectory technologies, virtual directory implementations offer potential advantages and suffer from certain disadvantages:

Potential advantages:

  • In certain political climates it may be preferrable to not synchronize data to a central identity vault. In all the other cases, however, synchronization offers unique advantages (some of which are listed under disadvantages below).
  • It is a better match for environments where the bulk transfer of changes are inappropriate. An example might be transactional systems which hold information about a lot of transactions but only summaries or only the last couple of transactions should actually be retrieved through the directory service.
  • There are potentially better reaction times against changes in low load/request environments, as the data is read directly from the source. This advantage may turn quickly into a huge disadvantage in heavy load/request scenarios, when all the backend systems are put under heavy load.


  • All data is always available as long as the central identity vault is available. In a virtual directory implementation, some of the delegated data source may not be available and requests may return no or only incomplete data.
  • A central identity vault is usually easier made to be highly-available and fault-tolerant than a conglomeration of separate data stores.
  • In heavy load/request environments the identity vault absorbs all client requests, thus protecting the backend systems from having to handle the whole load.
  • Using close-to-realtime synchronization technologies offers comparable performance, even in a load/request environment.

Editor's note: The Matt Flynn Blog also offers some practical advice on the question of virtualization vs. synchronization. Here are some examples:

Common scenarios where a virtual directory would be very useful:

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates