Sun versus IBM Identity Management

Erik R. Jensen erikrj at netradius.com
Mon Feb 14 16:20:41 MST 2005


> You've already got AD, so you could use VAS (http://vintela.com) for
> your Unix and Linux systems, VSJ for the J2EE app servers.  Best
> practice now days is to standardize on a primary identity store for as
> many platforms as possible.  Unix, Linux, j2ee and Windows systems can
> all use AD with a few add-on products out there.  The fewer
> directories the fewer identities the fewer issues the fewer audit
> failures = less admin costs more ROI.  Anything that is legacy that
> you can't get working with kerberos/AD you can take a metadirectory
> solution like MIIS and synchronize.

AD was ruled out for scalability, stability and interoperability. We feel
we can get more out of a standard LDAPv3 compiant directory server on a
Unix/Linux environment than we can with AD. We avoid using Windows with
our critical enterprise applications for several reasons including the
always exciting patching party we had this weekend rebooting boxes for 12
hours. I'll take Linux/Unix any day.

We currently have a fully populated Domino directory we intend to dump in
LDIF format as a starting point for the directory server we choose. On the
Windows side we have too many AD directories and NT domains to consolidate
in timely manner and would perfer to replicate out to them. We have also
had problems with AD and Domino integration. If we select a directory
server that can be used to replicate data out to both environments, we
will be much better off IMO.

Also, IBM and Sun's products seemed to have a more robust and feature-full
identity manage software package. We are looking at more than just a
directory. We are looking at external and internal users all being able to
self service passwords and account creations to ease the load off of our
help desk personnel and single sign on will become a large issue as well.
In our evaluation of Microsoft's AD, we didn't feel it was the best choice
for our situation.

Erik R. Jensen




More information about the PLUG mailing list