BrainShare 2004: Novell eDirectory 8.x Futures

Erin Quill and Ted Haeger are presenting this one … two people that I
have a lot of respect for, and that I’m glad to see owning the
directory. Few people understand the power of directory services,
and how to effectively implement them within a system. Even OpenLDAP has evolved to encompass the majority of what is required for directory-based management to be implemented.

They are going to be covering eDirectory, the recent releases, the upcoming releases, and then a “Project Destiny” Preview.

They started by showing the market, and the market leaders … and how
directories are being commoditized. Ted indicated that Novell’s
target market is “gigantic” directories, or the “high-end”
market. These start at 50,000 identities, and go to
hundreds of thousands. They focus on: Scalable, Compatible,
Reliable, Manageable, and Securable.

Erin took over to talk about the recent releases and what they
added. In v8.7 they added: Hot Continuous Backup, Dynamic
Groups, eDirectory Event Monitoring, Extensible match LDAP search
filters, Novell iManager 1.5.2, Novell iMonitor 2, Novell eGuide 2.1

With v8.7.1 they added: support for Red Hat Advanced Server 8,
SuSE Linux Enterprise Server 8, Solaris 9, and HP-UX 11i, Universal
Passwords, DIBclone (creates exact copy of local directory set), More
Dynamic Group enhancements, Novell iMonitor 2.1, and bundled iManager 2

With v8.7.3 they added: support for Windows 2003, UNIX
package-based installer, Novell Cert ificate Server 2.7, iManager
2.0.2, Novell Modular Authentication Service 2.3, eGuide 2.1.2

Moving on to Upcoming Releases, they outlined the features of “Rosalind” v8.8(?):

Install and upgrade enhancements
– they are making a variety of scripting enhancements and command-line
options. In addition they are altering the rights requirements to
install or upgrade, providing more health checking, making it more
“patchable” with tighter version labeling, and all of this leads to Red
Carpet support for deployments.

Data Import (Bulk Load) – they
are getting huge performance increases ~7x, along with more selectable
options – No schema check, Indexing off, Skip validity checks.
Much of this is driven by customers who do not use DirXML (the old
name) but instead do daily mass imports

Priority Sync – Used for
instant convergence for real-time attributes like passwords. This
will be configurable per attribute, and writes to all replicas at once.

Multi-Instance Support –
this is primarily intended to increase the search speed. It will
allow more than once instance of eDirectory running on a server. Each instance must have a dedicated IP address.

Backup/Restore – Oops …
they skipped this one for now!  Ok they came back to it after the
encrypted stuff. They are adding an LDAP Extension to allow for
backup, and an archive bit that can be reset.

Encrypted Attributes and Replication
– this is where attributes become encrypted in the DIB, and where the
replication traffic is encrypted. This is for government
requirements.

SASL GSSAPI support – skipped …

Case Sensitive password Policies – skipped …

Next set of high-level features – Project “J.C. Bose”: more
installation improvements, Replication Policies, Optimized Referrals,
Group Enhancements, inetOrgPerson can be a container, Clustered Linux
support, and Solaris, LDAP Sounds-like searches, Federated Attributes,
and …

“Project Destiny” … What is Kepler? This is some pretty good
stuff for directories. They are creating a “reverse-proxy
directory server” that allows you to point to *any* corporate identity
server (be it a directory or database) and have the LDAP requests
proxied through to it. This allows Kepler to augment requests
with its own attributes and information, while preserving the “glass
house” identity server. This is a very interesting stuff …

Leave a Reply