What is an LDAP Directory?
The need for a simple, standards-based access protocol led
to the development of the Lightweight Directory Access Protocol. LDAP was
created in the late 1980s as a simplified version of the X.500 Directory
Access Protocol (DAP). LDAP has a simple API, which can be easily embedded
into applications and web browsers. LDAP is backed by some of the world's
largest IT vendors. LDAP has enabled a large number of applications to access
directories in a consistent way. LDAP enables a directory to act as an
integration point for bringing systems together and consolidating management
tasks.
Why Do You Need Both LDAP and X.500?
Many vendors have developed LDAP- only servers, but LDAP is
not a server-to-server protocol. This means that these LDAP-only servers
cannot be connected together, and a group of them cannot cooperate to resolve
distributed queries. Also, there is no single logical authentication and
access control regime with LDAP-only directory servers. Their inability to
communicate with other LDAP servers results in each LDAP server forming an
"island" of information.
Electronic directories must have the potential to span
global networks and facilitate a wide range of distributed information
systems. The X.500 standard provides mechanisms for distributed operations,
distributed management, distributed security, replication, and many other
features, solving the "islands of information" problem. eTrust Directory fully
applies both X.500 and LDAP standards to provide a distributed and reliable
directory service!
What is eTrust Directory?
eTrust Directory is the industry's leading solution for
large-scale, business-critical directory service applications. eTrust
Directory is the only directory solution to deliver high performance,
scalability and reliability through the use of an embedded, commercial RDBMS,
and this technology is patented.
What are typical uses of eTrust Directory?
Why is integration with relational databases
important?
Integration with relational databases is important for
several reasons: (1) proven robustness and reliability; (2) scalability; (3)
potential to interwork with existing SQL legacy systems; and (4) it offers
previously unachievable performance.
The management of large amounts of data in the enterprise
is a challenge met by relational databases. RDBMS provide well-proven, robust,
reliable mechanisms for managing data, but they lack many distributed
facilities that are available in X.500. The relational database sits in one
place and users access it. X.500 offers multiple pools of data that are
represented as a single cohesive data environment, and can be accessed using
Internet and Intranet common protocols, such as LDAP.
eTrust Directory brings unprecedented flexibility to
relational databases. eTrust Directory's patented ability to index every field
(a.k.a. attribute) of every entry allows complex searches to retrieve any
element of data within a maximum of 2 hard disk hits, delivering sub-second
responses on multi-million entry databases.
How does the client access data using eTrust
Directory?
The actual protocols used to access data include DAP and
LDAP over TCP/IP. In a typical relational database, the client application has
to know the data structures in order to process and display them, i.e., number
of fields, names of fields, and data type. eTrust Directory's DXserver frees
the client from having to know this, allowing general purpose tools to be
written that are dynamically configurable upon the data received. This,
coupled with sub-second performance response to complex searches, provides
powerful directory functionality.
What about the SQL interface?
eTrust Directory designed and patented an SQL interface and
meta-data table design to allow simple, fast connection to the embedded
Relational Database Management System (RDBMS). eTrust Directory passes the
issues of locking, logging, forward recovery, backup, etc. to the proven
RDBMS. And it brings the flexibility and powerful extensibility of the
enterprise-wide directory to the desktop.
Why is DXserver both an X.500 Directory and an
LDAP server? Isn't LDAP replacing the X.500 standard?
As discussed above, X.500 standards define the protocols,
services and information model of a general purpose electronic directory. LDAP
is a subset of X.500. LDAP is a complementary protocol to X.500 providing a
simple access channel to lightweight applications. eTrust Directory supports
the
Internet Engineering Task Force (IETF) recommendations on the lightweight
versions of many X.500 standard components. LDAP addresses only part of the
complexity associated with distributed computing. Where simple address book
applications apply, LDAP is more than adequate. With more sophisticated
inquiries on data involving JPEG images, foreign languages, multi-byte
character sets, for instance, LDAP in its current form is not adequate. X.500
has already addressed these and many other issues.
Thanks to the completeness of eTrust Directory's
implementation of the X.500 1993 standards, many of the Internet-driven
initiatives such as LDAP 2.0 and 3.0 are, in reality, subsets of existing
standards. eTrust Directory DXserver embraces DAP, DSP, LDAP, CMIP, and SNMP.
How fast is fast? Why is high performance critical
to Directories?
As large organizations are starting to utilize Intranets,
and as Internet users are expecting more and more rapid search times, the
performance of Directory engines becomes important. eTrust Directory
anticipated this shift in expectations by providing a high performance
capability which gives users sub-second response to queries even when the
directory contains many millions of entries!
eTrust Directory also includes a configurable front-end
cache for fast, simple lookups. Independent testing shows eTrust Directory to
be more than twice as fast as any LDAP-only directory on the market today.
Why is scalability of a Directory server
important?
Users don't want to have to replace the hardware upon which
the Directory operates, or see a degradation in performance, as the database
within the Directory grows. CA's eTrust Directory DXserver uses a unique
'meta-design' which allows very high performance on even lower-cost Unix or NT
servers. The software is written in such a way that performance is linearly
dependent upon the amount of data actually retrieved. This means response time
is not connected to the size of the database being queried.
Can the CA eTrust Directory DXserver handle more
than one database from a single DSA (Directory System Agent, or "Server")?
Yes, transparent connecting and disconnecting is offered as
a baseline capability, which also allows a database to be 'hot swapped' while
the Directory is processing queries. The DSA can also be started up without
its database, to act as a DSP switch or relay as is required in firewall
applications.
Can multiple DSAs access the one database?
Yes, this was considered an important design requirement for
large user counts and load balancing where bulk loading of data or power users
must be accommodated. As well, it allows for 'shadowing' to be shared across
different DSAs and/or different CPUs.
What makes eTrust Directory so reliable?
This is a key differentiator of eTrust Directory. Hot back
up and recovery as well as on-line tuning are all possible without service
interruptions. To support 24 hour x 7 days per week operations, eTrust
Directory has the ability to switch underlying database images, without
disconnecting any users. In addition, DXserver has an exceptionally fast
start/restart time and can be operational within 5 seconds, excluding the OS
and RDBMS restart times.
How does eTrust Directory integrate other
directories and LDAP applications into a distributed backbone?
The integration of disparate directories is an industry problem. eTrust
Directory provides a toolkit specifically targeted at importing and exporting
third party data. Its DXlink solution, incorporated into the eTrust Directory
DSA, integrates LDAP servers into a distributed directory environment; LDAP is
supported as a native protocol! DXlink, does not require synchronization at
the data level, which is a very manual process. Instead, users access the
actual source of the information at the moment it is searched for, rather than
a synchronized pool of outdated data.
What are eTrust Directory's unique features?
Database features:
