Securing & Protecting Active Directory


Optimal IdM’s Virtual Identity Server (VIS) can be deployed as an LDAP Proxy Firewall to provide the needed protection and security for the sensitive identity data stored in your Active Directory.

LDAP Proxy Firewall

Optimal IdM’s Virtual Identity Server (VIS) can be deployed as an LDAP Proxy Firewall to provide the needed protection and security for the sensitive identity data stored in your Active Directory. An LDAP proxy firewall acts as a barrier between client applications and data stored in your Active Directory.  Instead of client applications directly accessing your sensitive data, which can leave it vulnerable to attack, applications connect to the proxy and the proxy accesses the necessary data. LDAP proxy authentication creates an added layer of security for your sensitive data while still offering real-time access when and where you need it.


Many organizations utilize an http web proxy server, such as Microsoft’s Internet Security and Acceleration (ISA) Server within their web server environment. ISA provides not only a more secure environment, but also additional performance capabilities.

isa-http-web-proxy-server-2xLikewise, when deployed as an LDAP proxy server, VIS offers this type of protection and security for LDAP directories such as Active Directory. Applications connect to the VIS proxy server exactly as they do any normal LDAP directory. In fact, to any client application accessing an LDAP proxy, VIS looks and behaves just like a standard Active Directory or ADAM server to the LDAP enabled client application.


Application-Specific Views

In many cases, applications that are written to Active Directory are written poorly and inefficiently. For example, many applications connect at the root of the Active Directory forest when they may only need to search one or two containers in the tree. Additionally, many applications only need to view users and groups, but in reality are granted access to view more than just users and groups.

This is because Active Directory does not provide the ability to control what is searched, such as specific LDAP queries. When used as an LDAP proxy server, however, VIS can be configured to publish application specific views, granting the application only the data it requires. The result is a more secure Active Directory and increased performance for both the application and Active Directory.



Meet Audit and Compliance Initiatives

Read more

Reduced IT Costs

Read more

Increased Security and Control

Read more

Eliminate Deployment Barriers

Read more

Active Directory vs. Active Directory with Virtual Identity Server LDAP Proxy Firewall

The Virtual Identity Server™ (VIS™), deployed as an LDAP proxy server provides the needed protection and security for Active Directory.

Active Directory Alone

  • Active Directory is vulnerable and unsecure to attacks such as denial of service.
  • Applications have more access then they need with the principle of least privilege being very hard to enforce.
  • Data in Active Directory is difficult to secure because administrators have little control over the applications accessing the data.
  • Poorly written applications can crash Active Directory causing outages for end users.
  • Active Directory performance is susceptible to inefficient queries that applications send.
Read more


Does VIS support Kerberos and/or NTLM/Negotiate authentications?

faq-imageYes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.

Can I get a demo/evaluation version of VIS?

Yes. Please fill out a demo form with your contact information.

What data stores can the Virtual Identity Server connect to?

The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.

Is your product FIPS compliant?

Yes. Our software is running in both non-secure and secure government networks.