An Introduction to DirXML

Test Objective Covered:

1. Describe the purpose of DirXML

In a perfect networking world, all stakeholders in an organization would sit down together when the company was formed and they would plan their networking needs ”both present and future. They would anticipate all future technology shifts and plan to accommodate them. They would anticipate all future technology issues such as lawsuits, viruses, worms, and denial-of-service attacks and plan to circumvent them.

They would plan for all the applications and services that would ever be needed by the organization and plan for their implementation. They would anticipate the growth of their organization and build an infrastructure to accommodate it. Ah, Nirvana.

Unfortunately, this almost never happens. Most organizations tend to take a more haphazard, evolutionary approach toward their networks. They operate reactively instead of proactively. The maxim tends to be one of "If it ain't broke, don't fix it," until the system breaks and everyone screams, "Fix it!"

In addition, many (if not most) networks develop in silos , meaning that each functional group in the organization develops its own network system independently of other groups. The term silo is borrowed from the agricultural community to describe the unconnected nature of each system. Consider the following hypothetical, yet typical company: ABC, Inc.

ABC, Inc. is composed of the following departments:

• Product Development

• Sales and Marketing

• Customer Service

• Information Systems

• Human Resources

Each department in the company has different networking needs. Because of this, each department deploys its own network solution irrespective of the needs of the rest of the organization and without an overall master plan in place.

For example, Customer Service uses a popular help desk application that runs on Windows 2000 Server and has deployed this operating system. All user accounts in the department are stored in the server's Active Directory database.

Sales and Marketing uses an older Windows NT server to provide file, print, and database services. All Sales and Marketing employees have a user account in the NT Domain.

Product Development needs huge amounts of fast, reliable storage space, along with centralized printing. To meet this need, they have deployed NetWare servers and eDirectory. All Product Development employees have a user account in the tree.

The Human Resources department uses PeopleSoft as its employee-management solution. Every employee in the company has a record in the PeopleSoft database.

The Information Systems department is responsible for running the company's digital PBX phone system and email servers. Every employee in the company has an account in the phone system along with a Microsoft Exchange email account. This network is depicted in Figure 7.1.

Does this type of system work? Yes. Is it efficient and easy to manage? Definitely not. Imagine what would happen if a core team for a new product were to be put together. The team has representatives from each department. To facilitate collaboration, each team member needs access to various resources in each department's system.

For example, they may need access to help desk records for the previous version of the product to identify flaws and customer complaints. They may need a level of access to Product Development files as well as files on the Sales and Marketing servers.

In the network's current state, they have to manage duplicate accounts on the various systems involved. Can it be done? Yes. Is it efficient and easy to manage? No.

Further imagine the network-management tasks that need to happen when a new employee is hired. For example, let's suppose Product Development has hired a new engineer. For this new employee to be productive, she needs an account in the Product Development organization's eDirectory tree. She also needs a record created in PeopleSoft so she can start getting paychecks . She also needs a PBX account created so she can get a phone number assigned to her desk. She will likewise need an Exchange email account set up.

She may also need an account created in the Customer Service organization's Active Directory tree so she can access help desk information about products she'll be assigned to work on. She may even need to have an account in the Sales and Marketing department's NT Domain so she can assist them with technical information about products they are promoting.

To provision this new employee, the network administrator must create and manage five separate user identities in five different systems. Can it be done? Yes. Is it efficient and easy? No. Imagine the workload involved for this kind of organization if it is hiring 100 or more people at a time. It could take some time before new employees are fully provisioned.

You may have actually experienced this situation before if you have ever been hired at a company and had to wait a couple weeks before your email account was set up and a phone number was assigned to you. The first job I landed out of college was with a company that was run in exactly this manner. When I arrived for my first day on the job, I was informed that I would have to share a cubicle with another employee for a time until space could be allocated for me. I would also have to share a PC and a phone with this employee until a new computer was procured and a new phone number was assigned. "Excuse me, but can I use the keyboard for a while?"

One of the happiest days of my tenure at this company was when I got my own cubicle, PC, and telephone. Even after that, it took almost a month before I had Internet access and an email account. The company was in growth mode and was literally hiring hundreds of new employees each month. The network administrators simply couldn't keep up.

Because of this situation, the first six weeks I worked at this company were largely wasted . I couldn't accomplish any of my assignments and these weeks were a waste of my time and the company's money.

Sadly, this situation isn't uncommon. I've heard many similar stories from other individuals. Just recently, I worked with an individual at a company who had to use her personal cell phone to make calls because a PBX account hadn't been set up for her yet. She'd been working there for several weeks.

Unfortunately, this situation is likely to remain the status quo for most organizations. Business needs, market revolutions, technology changes, and other issues make most network master plans outdated after a very short amount of time.

The good news is that NNLS includes a component that can integrate and streamline a network that operates in silos, such as the one described previously, into a efficient, cohesive system. This component is called DirXML .

DirXML is an eDirectory-based service that synchronizes information between different systems, including databases, directories, and applications. Using DirXML in our hypothetical company, ABC, Inc., we could synchronize identities between eDirectory, Active Directory, NT Domains, Microsoft Exchange, PeopleSoft, and the company PBX system. This is shown in Figure 7.2.

DirXML is event driven . When DirXML detects a change in one system, such as adding a new user, it replicates the change to the other systems based on a set of rules and filters you configure.

These rules and filters can be configured such that one system becomes the authoritative source for the entire system. For example, you could configure DirXML such that eDirectory is the central repository and authoritative source of information. Create, delete, and modify operations in eDirectory would be immediately synchronized out to the other systems, but not the other way around.

Alternatively, many organizations configure their PeopleSoft system to be their authoritative source. When an employee is hired, fired , or has any information changed, the event is synchronized to the other systems, including eDirectory.

The nice thing about DirXML is that you can customize it to fit your particular organization's needs. You can configure any supported system to be the authoritative data source.

As the name implies, DirXML extracts data from a data source in the form of an XML document. It then uses stylesheets to transform the XML data into a format the destination system can understand. In this way, information from disparate systems can be harmonized.

Let's explore how DirXML works in more detail.