At TechEd 2013 last week in New Orleans, Optimal IdM was selected the WINNER of the first ever Cloud Computing category of Best of TechEd 2013 by Windows IT Pro! It was quite an honor to see the VIS for Office 365™ solution receive the respect for this new category.
Archive for the ‘Cloud’ Category
If you are thinking of going to the cloud you may want to take a look at our new offering at Optimal IdM (Virtual Identity Server for Office 365). A quick look at some of the features and benefits are below:
- Fast and easy multi-forest support (no changes needed to any of your data in AD)
- Firewall for your LDAP
- Two-Factor Authentication
- Multi-Authentication Types (Windows Integrated, Client Cert, DoD CAC, SSO, and more)
- Non-Routable UPN support (again, no changes needed to any of your data in AD)
- Denial of Service (DoS)
- Support for desktop clients (Lync & Outlook) as well as all web apps (Portal, OWA & Lync web)
- Support for provisioning and synchronization including and filtering of what data goes to the cloud
- and much more…
There is much discussion these days about Active Directory Federation Services 2.0 (ADFS) and the out-of-the-box support of identity and attribute data other than Active Directory (AD). In this blog (part 1 of 2), I plan to cover the basics of extending ADFS using the Microsoft Windows Identity Foundation (WIF) components. In part 2 of 2, I will cover some of the more important questions that should be asked prior to setting out to build your own Identity Provider (IdP) / Security Token Service (STS) or Attribute store vs. purchasing a supported solution from a 3rd party vendor.
Currently ADFS only supports (out-of-the-box), authentication (identity information) and authorization (attribute/claim information), directly from Active Directory (AD). However, what many people are missing is the fact that ADFS does ship with a Framework (WIF) to extend ADFS to meet just about any need you may have for both authentication and authorization.
If your identity information is located in a store other than AD, you can choose to build your own IdP/STS for authentication from the framework provided or purchase one from 3rd party vendor that is formerly supported such as the Optimal IdM Federated Services product. If you are looking to augment the claim information with attribute data that is located in a store other than AD/AD-LDS or SQL, you can choose to build your own Attribute store for authorization which is a pluggable module in ADFS or again, purchase one from a 3rd party vendor. The Optimal IdM Federated Services product also includes a pluggable attribute store module that can surface attribute/claims from many different stores including nearly every LDAP on the market (ADAM, AD-LDS, Sun, Oracle, eDirectory, Open LDAP, OpenDS, etc.) as well as most databases (SQL, Oracle, DB2, etc.).
Writing your own IdP/STS or Attribute store, isn’t extremely difficult, however, you need to first determine what features are most important to your organization prior to setting out to write your own. Here are just some of the features that are included in the Optimal IdM Federated Services product and commonly used by many of Optimal IdM’s customers and should be considered:
- Authenticate users from multiple AD forests without any forest level trusts in place
- Authenticate users from many different backend systems (AD, ADAM, AD-LDS, Sun, Oracle, eDirectory, Open LDAP, OpenDS, etc.)
- Authentication methods such as traditional forms-based, Windows Integrated, client digital certificates, DoD CAC cards, 2-factor (Keep in mind that ADFS only support user/pwd and Windows Integrated Authentication out-of-the-box)
- SSO support for existing IdM systems via header variables or cookie based solutions
- OpenID Integration
- Denial of Service (DoS) prevention
- Proxy capabilities
- Load-Balancing & Failover on front end web and backend data stores
- Assertion Encryption
- Audit logging of assertion and claim/attribute information
- Federated Sign-out
- Change Password & Forgot Password (Self-Service Password Reset)
- Built-in connection pooling and performance optimizations for high-volume usage
- Virtual Attributes & data translations/filtering
- Passive & Active Profile
- Office 365 integration including synchronization of on premise identities to the cloud and federated login with client applications (Lync, SharePoint, Outlook, etc.)
In Part 2 of 2, I will discuss the key questions that should be asked before embarking on the build vs. buy scenario for extending ADFS.
So, as some of you know, our website at Optimal IdM went down this past week. We like many companies, have our site hosted with Go Daddy, the world’s largest hostname provider. Well, something drastic happened (we still don’t have a clue what it was) to our site late Wednesday evening. It was quickly detected Thursday morning, and after several calls to Go Daddy support, we got nowhere. We figured it would be back up quickly and decided to “wait it out”. That was the plan until early Friday morning when there seemed to be no progress on the sites return and no information from their support, so we quickly stood up an alternate site on one of our other domains virtualidentityserver.com, and re-routed all of our HTTP traffic over to the new site with content we had backed up. This allowed us within an hour or so to return to a partially functioning website. As I write this blog, it has now been over 5 days, and the site has still not been completely restored. Which has left me asking the following question:
Q: What exactly does 99.9% guaranteed uptime mean (for Go Daddy)?
A: For Go Daddy, it means that if they don’t provide the 99.9% uptime in a given month, you can ask for a 5% credit for that month. I don’t know exactly what we are paying on a monthly basis, but that equals chump-change. It also means that they could be down for the ENTIRE month and you are only eligible for the same 5% credit. That’s a great business model if you ask me.
Then it hit me. One of the very weapons that we use to complete with larger competitors (such as Oracle) is the fact that we are nimble and able to move quickly and provide personal attention. Bug fixes and enhancements can be measured in days, not quarters or years. For the big vendors, the customers are nothing more than a number and they don’t really care about any one clients issues or problems. Since the first day we started Optimal IdM, our mission was to take care of the customer by providing the personalized attention and details. I think this has worked out extremely well over the course of our business life and can be reflected through our customers experiences.
The moral of this story is to get to know your cloud provider (or any other technology vendor for that matter). Know their processes for support and know the guarantees. Kick the tires a bit before you buy, and most of all talk to their customers before you sign up to understand what the experience is like. After all, word-of-mouth is still one of the most powerful marketing tools on the planet.