I can’t wait for part III of Bob’s blog series on “Why are Multiple Directories Deployed and Virtual Directories Ignored?“. I’m afraid that people will associate using Virtual Directories only to solve the multiple-directory problem as being the only use, when in fact; the uses go on and on.
A Virtual Directory can provide significant value to clients whether they have a single LDAP, or hundreds of them. As I mentioned before, the perception is that “…if I only have one LDAP, then why would I bother with a Virtual Directory?” Well, I could ask the question “…is there any value in using a database view if I only have a single table?” or if I have a single web server, is there any value in using a reverse proxy? The answer to both of those questions is obviously YES, and likewise to that of a Virtual Directory in a similar scenario.
Oddly enough, the benefits in using a database view and the benefits in using a reverse proxy are the EXACT same benefits in using a Virtual Directory. Think about this:
- Provides the ability to filter out data that you don’t want to publish to the consumer of the data (Data loss/leakage Prevention).
- Provides the ability to perform data translations to the data in real-time. This includes changing the names of fields to either obfuscate them or simply make them easier for consumption.
- Provides the ability of an added layer of security to the back-end tables. They can be read-only or updatable.
- Provides the ability to join like data from other tables in a merged view.
Reverse Proxy Server:
- Provides the ability to mask the server names (obfuscation).
- Provides the ability to join multiple back-end web servers and host them under a consolidated namespace.
- Provides the ability of an added layer of security to the back-end web servers
- Provides the ability of additional caching of information for performance gains of high-traffic websites.
So, I listed 4 common benefits of using a database view and 4 common benefits for using a reverse proxy. My list is obviously not a comprehensive list, but rather just a small sampling of the benefits. Ironically, ALL 8 benefits (there is some overlap), are the same EXACT benefits to using a Virtual Directory! Here is an updated list for Virtual Directories (again, most of these benefits have nothing to do with the number of LDAP’s you have either):
- Provides the ability to filter out data that you don’t want to publish in LDAP searches (Data loss/leakage Prevention).
- Provides the ability to perform data translations in real-time. A great example of this is virtually changing the OU structure of your data. Here you can flatten hierarchical data and conversely convert flat data to a hierarchical structure.
- Provides the ability of an added layer of security to your back-end LDAP data. In addition, VIS provides auditing and reporting as well.
- Provides the ability to join data from back-end LDAP’s (as well as other types of data stores such as databases, etc.).
- Provides the ability to mask backend LDAP’s (and provides automated failover/redundancy as well).
- Provides the ability to merge back-end data into a consolidated namespace.
- Provides the ability to cache certain data to increase overall performance. (This topic is a blog or two on its own). A good example of this is an application (such as SharePoint), continually pulls data from AD on the user that is currently logged in. Enabling cache (say for just 5 minutes), could save hundreds of back-end searches to AD!
The bottom line here is that as scary as Virtual Directories sound, the benefits they provide are already in wide use today. It’s all about applying the technology in the proper way.
Virtual Identity Server | “The .NET Virtual Directory”