Most Default to Virtual Directory, Few Really Need it
This is an old debate that has been discussed in directory circles for many years. To virtualize or not to virtualize.
Virtualization continues to have challenges. Directories and databases continue to increase in complexity and diversity. As the cost of owning a virtual directory has increased so has the required features to compensate for the complexity and diversity.
Virtual Directories are not advantageous, because they:
are 2X to 4X more expensive than a directory bundled with data-synchronization technology.
require increasingly complex technology to virtualize the current directories and databases.
add another possible failure point to already complex architectures.
complex international data sharing standards limit application.
You may ask yourself: when do I need virtualization and when is a centralized directory the right answer? With improvements and innovations in directory technologies, the answers to these questions have changed.
Virtualization is still needed when the physical directory owners will not allow data synchronization. This can occur when government or corporate partners will only allow read-only connections to their directories and want to filter the attributes that can be seen through a query. The virtual directory will facilitate a read-only representation of the aggregated directories with no access to write or modify the data in the source directories. This also allows for restricted views of attributes from the aggregated directories, limiting the access of the users or applications to data.
Other than this core use case, a centralized directory provides a more cost effective and efficient way to facilitate directory access.
The strengths of modern LDAP directories:
There is no need to virtualize as they scale to hundreds of millions of objects in a single instance, facilitating large populations with unlimited attributes in a physical directory.
They have advanced sync capabilities, allowing for data to be synchronized from an unlimited number of target sources to build a data record (users, groups, roles or custom objects) in real time, eliminating the need for a virtual directory to build this view on demand.
Modern encryption, specifically following FIPS 140 standards, protects the integrity of the data, thus making a virtual view unnecessary.
The data synchronization technologies are more efficient than previous generations, allowing for complex data concatenation and manipulation with little to no impact on performance.
The data performance includes support for JSON fields, allowing complex data models to be stored and for the replacement of databases that seemed necessary to support applications and archival data.
The LDAP caches queries, so they are not permanently stored in the directory, as to adhere to international data sharing regulations.
The pendulum is swinging back to consolidating data into a central directory for organizations, large and small as a part of your overall ICAM strategy. Ultimately, this consolidation simplifies the directory footprint and removes failure points in complex architectures.
Learn more about centralized directories in our product line and the ease of adoption here: PingDirectory.
