Another Managing Partner at Optimal IdM, Mike Brengs, posted a new blog today that has truly been a sore topic for some folks. The topic is centered on when companies should consider using one technology over another, in this case, when to synchronize, when to virtualize and when to federate data within an enterprise.
These technologies have some level of overlap, but it is critical to know when to use each one and more importantly when not to use one. I’ve known Mike a long time and he loves to use the analogy that you can drive a car from one end of the country to the other (say New York to Los Angeles), but the better choice to get from one to the other is certainly not by driving these days, but rather by flying. The same logic should be applied with these technologies, for example, you may choose to duplicate/sync your users from two different AD forests into a consolidated ‘enterprise’ directory, but you must consider the new problems you just created to solve other problems and perhaps choose a alternative solution.
The bottom line on this topic is that you should consider that for each problem you are attempting to solve, how many new problems are you creating? In the above example, you know have created a password synchronization problem with your solution (not to mention data latency), so be careful with your choices.
The whte paper Mike is referring to also includes detailed use-cases on this topic combined with the Virtual Identity Server. Click the link to download the new white paper ‘When to Synchronize, Virtualize and Federate data in the Enterprise‘ white paper.