“The overall experience had been great with a solution fit-for-purpose meeting our organization needs with prompt vendor participation at each milestone.”- Anonymous Government Agency,
Optimal IdM’s Virtual Identity Server (VIS) can be deployed as an LDAP Proxy Firewall to provide the needed protection and security for the sensitive identity data stored in your Active Directory.
An LDAP proxy firewall acts as a barrier between client applications and data stored in your Active Directory. Instead of client applications directly accessing your sensitive data, which can leave it vulnerable to attack, applications connect to the proxy and the proxy accesses the necessary data. LDAP proxy authentication creates an added layer of security for your sensitive data while still offering real-time access when and where you need it.
Interested in the features and benefits of Optimal IdM? Request a demo!
Many organizations utilize an http web proxy server, such as Microsoft’s Internet Security and Acceleration (ISA) Server within their web server environment. ISA provides not only a more secure environment but also additional performance capabilities.
Likewise, when deployed as an LDAP proxy server, VIS offers this type of protection and security for LDAP directories such as Active Directory. Applications connect to the VIS proxy server exactly as they do any normal LDAP directory. In fact, to any client application accessing an LDAP proxy, VIS looks and behaves just like a standard Active Directory or ADAM server to the LDAP enabled client application.
In many cases, applications that are written to Active Directory are written poorly and inefficiently. For example, many applications connect at the root of the Active Directory forest when they may only need to search one or two containers in the tree. Additionally, many applications only need to view users and groups, but in reality are granted access to view more than just users and groups.
This is because Active Directory does not provide the ability to control what is searched, such as specific LDAP queries. When used as an LDAP proxy server, however, VIS can be configured to publish application specific views, granting the application only the data it requires. The result is a more secure Active Directory and increased performance for both the application and Active Directory.
One of the key benefits of using an LDAP DMZ proxy is the ability to simplify auditing, compliance and related security issues.
With Virtual Identity Server, you get at-a-glance answers to questions such as:
– Who has logged in and when?
– What changes were made to data and when?
– Who was added to the Administrators group today?
– What changes did “Bob” make?
Using VIS as an LDAP proxy firewall, you can:
– Gain greater control over what accounts connect, bind, and search your LDAP directory.
– Limit the entry points into your Active Directory, further protecting your Active Directory.
– Monitor and report on changes to the directory in real-time.
– Limit what searches and modifications can be performed against the LDAP directory.
Rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories.
– The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.
– VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts.
– VIS simplifies your identity management deployment by accessing data at its source directly.
– VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.
If an employee has been given too much access, then ‘data leakage’ can occur. This is when an application (such as a database query) can literally return more confidential data than what the employee needs to have or know. An LDAP Virtual Directory greatly minimizes this security risk by only allowing the employee to access this confidential data when and where it is needed. In other words, data is not reproduced multiple times throughout the business.
The Virtual Identity Server™ (VIS™), deployed as an LDAP proxy server provides the needed protection, firewall authentication and security for Active Directory.
Yes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.
Yes. Please fill out a demo form with your contact information.
The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.Read more
Yes. Our software is running in both non-secure and secure government networks.
Yes. There are multiple caching options with VIS. Caching can be configured on an object class by object class basis, with a time to live and cache size as well. Most organizations in most situations, however, do not need to use caching.
We support WSS 3.0, SharePoint 2007, 2010 & 2013.
Yes. VIS is now only offered in a 64-bit version of the product.
Yes. The Virtual Identity Server is certified on both Windows Server 2012 and Windows Server 2012 R2.
Yes. The Virtual Identity Server is certified on both Windows Server 2008 and Windows Server 2008 R2.
Yes. The Virtual Identity Server is certified on both Windows Server 2003.
VIS was written in Microsoft’s .NET programming language and utilizes the .NET 4.5 Framework.
VIS can encrypt this information with any of the following algorithms Triple-DES (3DES), AES, RIJNDAEL and BLOWFISH
Individual entries, such as bind accounts and passwords or even the entire XML file can be optionally encrypted using the GUI.
Yes. There is a Windows GUI that provides an easy interface to edit the XML file. You can also edit the XML file manually if you prefer.
Yes. Multiple VIS server instances can all share the same XML file.
The product configuration is stored in one XML file, making the product extremely easy to configure and migrate.
VIS can be configured to run on any port you choose provided another application is not using that port. You can choose the standard LDAP port of 389 or 636 (SSL).
Yes. VIS can be placed behind a load balancer (either software or hardware), allowing for a fail-over and load balancing configuration for the applications that connect to VIS. In addition, the connections that VIS makes to connected directories can be load balanced as well.
VIS can listen via LDAP v3, REST Web Service, PowerShell out of the box, but can be extended to listen via any protocol/method desired using the API’s. With 3rd party ODBC/ADO.NET Drivers, SQL calls can also be made.
VIS installs in minutes, using a standard MSI/setup.exe. After installing the binary files, a wizard guides you through the configuration of the product.
While the Virtual Identity Server has the most comprehensive features of any virtual directory product on the market, a key differentiator is how easy the product is to install and configure.
Get Optimal IdM IAM Services Now