Because it is difficult to provide all things to all people, software vendors tend to focus their product development efforts on meeting specific needs. By comparing a vendor's focus to your directory needs, you can often shorten your list of candidate products quickly. Although LDAP is a general-purpose protocol, the requirements of one directory deployment may be different from those of another. For example, an LDAP server implementation that provides strong security features might be well suited for deployment on the public Internet, whereas another product that provides minimal security might be a great product for small workgroups. These two products are appropriate to use in different situtions. There are many ways to categorize the available products. One of the most useful ways is to look at the various applications they aim to support:
Each category is described in the following sections. NOS ApplicationsFrom the directory software perspective, a NOS such as Microsoft Windows 2000 Server or Unix NIS is just another application with a specific set of needs. Directories that work well with NOSs are generally focused on basic network services such as logon, access control, and management of LAN services (such as file service and printing). In most cases, a directory that works with a specific NOS is not separable from the NOS itself, and LDAP is typically grafted onto existing products (although the current trend is toward better support for LDAP and other open standards such as XML). For products in this category, integration and ease of management are important, and performance, scalability, and support for multiple platforms are deemphasized. Intranet ApplicationsThe term intranet describes networks inside organizations that are based on open Internet technology. The trend toward use of Internet technology inside organizations started with the adoption of Web servers and browsers inside the corporate firewall and has moved on to encompass messaging, groupware, and directory products. An example of a directory-enabled intranet application is the Netscape Enterprise Server Web server software that uses LDAP for access control and authentication. Directory software suitable for use within intranets is typically designed to support a wide variety of end- user and server applications, such as corporate phone books and high-volume messaging servers. Ease of management, performance, and scalability are all important within this category. Extranet ApplicationsThe term extranet describes business-to-business communication networks that are based on open, Internet technology. Extranets are usually virtual networks in the sense that they are typically formed via secure connections over public networks such as the Internet itself rather than via new physical connections. Extranets are gaining momentum because they can be used to deploy completely new applications and replace expensive, proprietary electronic data interchange (EDI) networks. Extranet directory-enabled applications typically serve large numbers of people. In addition, many of the people served may not be directly employed by the organization that hosts the application. For example, extranet applications often connect manufacturing organizations to their suppliers. Such an extranet application needs to store information about people who work for both the manufacturing organization (the company hosting the extranet application) and its suppliers. Figure 13.1 illustrates this kind of extranet procurement application. Figure 13.1. An Extranet Procurement Application
Security and privacy are often the most critical directory features required of extranet applications because the application and its directory service may be accessible through the public Internet. Good performance and scalability of a directory product are also critical for large-scale extranet applications. Internet-Facing Hosted ApplicationsThe business of an Internet service provider (ISP) is to provide Internet application access for end users and host applications on behalf of other organizations. ISPs typically provide services for many users, and some ISPs provide hosting services for thousands of organizations. As Internet applications such as e-mail increasingly depend on directory services, ISPs find themselves providing directory services too. Recently, a greater number of large organizations that do not consider themselves ISPs have been finding that the most efficient way to streamline their business processes is to act as service providers for their divisions, departments, external partners , and suppliers. These enterprises that have many of the same requirements as traditional ISPs have been dubbed enterprise service providers ( ESPs ). For ISP and ESP directory services to work well, their applications must meet a wide variety of requirements and be inexpensive to manage. Flexibility, scalability, performance, and automatable management are all important in this segment of the market. Lightweight Database ApplicationsA relatively new role for LDAP directories is to replace traditional database systems. The typical application being serviced is lightweight and query intensive . Usually the data is widely distributed and shared by many applications. For example, a bank may need to share profile information about employees , customers, and partners with a wide variety of applications at thousands of distinct locations. You can achieve high-performance, standards-based access to any kind of data by placing the data in an LDAP directory and replicating it widely. Directory scalability (up to tens of millions of entries!), reliability, and write performance may all be important for these kinds of applications. Access to the directory data using an XML-based representation such as Directory Services Markup Language (DSML) is also becoming important because many applications are being written in an XML-centric manner. Table 13.1 summarizes these application categories and lists the typical requirements that must be met by directory products. Table 13.1. Application Categories and Their Requirements
Just looking at the category that a specific directory product claims to address is no substitute for using the comprehensive evaluation criteria we help you create in the next section. However, it can help you quickly weed out products that are unlikely to meet your needs. |