Virtual directory

In computing, the term virtual directory has a couple of meanings. It may simply designate (for example in IIS) a folder which appears in a path but which is not actually a subfolder of the preceding folder in the path. However, this article will discuss the term in the context of directory services and identity management.

A virtual directory or virtual directory server in this context is a software layer that delivers a single access point for identity management applications and service platforms. A virtual directory operates as a high-performance, lightweight abstraction layer that resides between client applications and disparate types of identity-data repositories, such as proprietary and standard directories, databases, web services, and applications.

A virtual directory receives queries and directs them to the appropriate data sources by abstracting and virtualizing data. The virtual directory integrates identity data from multiple heterogeneous data stores and presents it as though it were coming from one source. This ability to reach into disparate repositories makes virtual directory technology ideal for consolidating data stored in a distributed environment.

As of 2011, virtual directory servers most commonly use the LDAP protocol, but more sophisticated virtual directories can also support SQL as well as DSML and SPML.

Industry experts have heralded the importance of the virtual directory in modernizing the identity infrastructure. According to Dave Kearns of Network World, "Virtualization is hot and a virtual directory is the building block, or foundation, you should be looking at for your next identity management project."[1] In addition, Gartner analyst, Bob Blakley[2] said that virtual directories are playing an increasingly vital role. In his report, “The Emerging Architecture of Identity Management,” Blakley wrote: “In the first phase, production of identities will be separated from consumption of identities through the introduction of a virtual directory interface.”

Capabilities

Virtual directories can have some or all of the following capabilities:[3]

Some advanced identity virtualization platforms can also:

Advantages

Virtual directories:

Disadvantages

An original disadvantage is public perception of "push & pull technologies" which is the general classification of "virtual directories" depending on the nature of their deployment. Virtual directories were initially designed and later deployed with "push technologies" in mind, which also contravened with privacy laws of the United States. This is no longer the case. There are, however, other disadvantages in the current technologies.

Sample terminology

Use cases

The following are sample use cases of virtual directories:

References

  1. Kearns, Dave (7 August 2006). "Virtual directory finally gains recognition". NetworkWorld. Retrieved 14 July 2014.
  2. The Emerging Architecture of Identity Management, Bob Blakley, April 16, 2010.
  3. "An Introduction To Virtual Directories". Optimal Idm. Retrieved 15 July 2014.