153021169001182127177100019128036004029190136140232051053054012003007237204235117114019 Directory Drivers To better serve its internal customers, HugeCo's central IS organization decided to design and deploy an organizationwide LDAP directory service. The motivation to create a comprehensive corporate directory was driven by the following goals, some of which addressed immediate needs and others long- term needs: -
Improve internal communication ” HugeCo's executive staff handed down a mandate that internal communication should be improved. The IS organization decided that a good way to streamline internal communication would be to make it easier to locate and share information about people and resources such as conference rooms. Before the arrival of an organizationwide LDAP directory, most applications had their own database of users, groups, and resources, which added to end user confusion and created a high administrative burden . IS managers believed that by deploying a shared, organizationwide directory, the quality and the timeliness of information accessed by users and applications could be improved and that data management costs could be lowered through the elimination of redundant information. -
Make it easier to develop and deploy Web applications ” As more and more Web-based applications were being developed and deployed, it became clear that a shared authentication and group database was needed. A common directory service used by all of the custom applications would allow HugeCo to provide a form of single sign-on and decrease the costs of developing, deploying, and maintaining the custom applications. It also would lower the cost of entry so that smaller departments without the resources to develop and maintain their own infrastructure could develop their own applications. -
Increase security and privacy ” Within the next two years , HugeCo plans to issue public key certificates that employees can use to authenticate to email and workflow applications. Deployment of the necessary public key infrastructure (PKI) would be a time-consuming task, but it would be made easier by the presence of a directory service. In the short run, the HugeCo directory could provide a single point of management for passwords and distribution of role-based access rights used by Web-based applications. The security and privacy of the directory data itself were important issues because of the wide geographical dispersion of HugeCo's employees and because some of the corporate traffic is tunneled through the public Internet using VPN technology. -
Improve communication with dealers and suppliers ” HugeCo's upper management knows that the company needs to maintain close ties to its dealers (sales offices) and suppliers to stay competitive. Because these entities operate independently of HugeCo, they do not share any information technology infrastructure. Without exception, HugeCo has a more highly developed infrastructure and more expertise than its dealers and suppliers. At the present time, most communication outside the company is done using simple file transfers and fax machines. Although we do not discuss it in this chapter, HugeCo hopes to leverage the knowledge gained from deployment of its corporate directory service to create a directory to link it closely and securely with its suppliers and dealers. A directory deployment motivated by similar needs is discussed in Chapter 26, "Case Study: An Enterprise with an Extranet." | Understanding and Deploying LDAP Directory Services, 2002 New Riders Publishing | |