VIRTUAL IDENTITY SERVER FROM OPTIMAL IdM

Virtual Identity Server (VIS) is a Universal Directory that provides a single, real-time view of identity data from any data store. VIS is the fastest, most comprehensive virtual directory available. It’s used to enhance your directory infrastructure, providing key data transformation and virtualization needs.

VIS simplifies identity management deployment by accessing data it sources directly, making it beneficial for a variety of high-security industries.

Register for a Free Trial Today!

Interested in the features and benefits of Optimal IdM? Request a demo! Request Demo

Universal Virtual Directory Server

Most companies have multiple directory services deployed in their environments, such as multiple AD forests and domains. While this is a sound operational practice, it results in user identity (user id) information being scattered across separate directory repositories. This poses a significant challenge when attempting to deploy enterprise applications to the users existing in these directories. virtual identity server architectureVIS is a virtual directory server (VDS) that solves this by providing a single joined view of data from these separate directories. Applications connect to VIS exactly as they do any normal LDAP directory. In fact, to the LDAP-enabled client application, VIS looks and behaves just like a standard Active Directory or ADAM server. The key benefit is that it allows multiple directories to be joined in real-time, without the need to duplicate LDAP objects. Virtual Identity Server can also join and merge data coming from other LDAP directories (such as eDirectory, Sun), as well as from SQL databases (such as Microsoft SQL Server, Oracle). To the calling application, the interface functions as one LDAP directory (VIS). In reality, data is being joined and merged in real-time from multiple disparate data stores.

Features of VIS

VIS is the fastest, most comprehensive virtual directory available. It’s used to enhance your directory infrastructure, providing key data transformation and virtualization needs.

 

Get Started Today

Reduced IT Costs

VIS’ virtual directory services increase the value of your existing Microsoft environment by:

– Enabling you to leverage the existing investment in Microsoft technology & extend it with increased functionality.

– Seamlessly integrating VIS, a true LDAP virtual directory server (VDS) that is developed in .NET technology, with your Microsoft environment.

– Providing you with a scalable virtual directory product and platform that continues to grow with an organization’s needs.

– Being a proven solution for Microsoft applications such as SharePoint and MIIS/ILM

- Being a Quest Virtual Directory replacement

Eliminate Deployment Barriers

VIS provides an enhanced application environment that allows organizations to rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories.

– The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.

– VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts.

– VIS simplifies your identity management deployment by accessing data at its source directly.

– VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.

Meet Audit and Compliance Initiatives

Using a cloud virtual directory server (VDS) gives you unparalleled transparency for comprehensive auditing, compliance and network security purposes.

VIS can help you answer questions such as:

– Who has logged in and when?

– What changes were made to data and when?

– Who was added to the Administrators group today?

– What changes did “Bob” make?

Built on Microsoft Technology for Microsoft

VIS was written from the ground up to tightly integrate with Active Directory and leverage the existing investment that was made in the Microsoft infrastructure. VIS was written entirely in Microsoft .NET managed code and seamlessly integrates and extends the functionality of Active Directory, providing the necessary virtual directory/proxy and LDAP firewall needs for corporations.

Listeners, Protocols & Interfaces Supported

  • –  LDAP V3 (SSL and non-SSL) – Basic Authentication, NTLM & now Kerberos Support!
  • –  RESTful Interface
  • –  PowerShell Interface
  • –  Extensible Interface with Powerful full-featured API’s

A Customizable Solution

The Virtual Identity Server is an extensible solution, allowing an organization to customize the software to meet specific needs.

  • The Virtual Identity Server can be extended using any standard .NET programming language such as VB.NET or C#
  • Custom adapters can easily be written leveraging the base VIS .NET objects that are visible within Visual Studio.

Powerful Join & Merge Options – Without Custom Code

The Virtual Identity Server provides powerful joining and merging options, allowing you to easily present multiple views or a single enterprise view of data existing across multiple siloed directories in real-time. VIS provides sophisticated data transformation and virtualization with the ease of a point and click configuration.

Join & Merge Options of the Virtual Identity Server include:

  • Union Mode – Provides a combination or collection of the objects from all connected source directories.
  • Object Precedence Mode (OP) – Provides an authoritative order at a directory level. For users that exist and are joined in x number of directories always return “this” user object.
  • Attribute Precedence (AP) Mode – Provides a merged view of objects (Givenname, SN from Internal directory and sAMAccountName and HealthID from External directory.

The Virtual Identity Server Can

  • Provide a single enterprise view of data across multiple siloed directories
  • Provide a different view of the data on an application by application basis
  • Allow different rights/access to data (i.e. update or read only) on an application by application basis
  • Transform, merge and map data from multiple LDAP directories to a virtual name or namespace

LDAP Proxy Firewall

The Virtual Identity Server (VIS) deployed as an LDAP Proxy Firewall providing the needed protection and network security for the sensitive identity data stored in your Active Directory.

The LDAP Proxy acts as a barrier between client applications and data stored in your Active Directory. Instead of client applications directly accessing your sensitive data, which can leave it vulnerable to attack, applications connect to the proxy and the proxy accesses the necessary data. LDAP Proxy Firewall creates an added layer of security for your sensitive data while still offering real-time access when and where you need it.

Virtual Schema with VIS

The Virtual Identity Server eliminates the need to extend the Active Directory schema for 3rd party applications. Custom schema and data is stored at the virtual layer and is applied to objects automatically in real-time.

  • Any custom/third party schema can be applied within VIS instead of Active Directory,reducing the complexity of custom schema
  • Custom schema is applied automatically on-the-fly and unlike other solutions requires no custom coding, or replication of objects.
  • A common custom schema can now be applied easily across multiple Active Directory forests without any changes to the Active Directory environment.

VIS Schema Manager

A schema manager is an important feature for an identity provider. With our custom schema manager, there is no need to extend the Active Directory schema for third party applications. Instead, data is applied virtually without affecting the AD environment.

The schema manager offers a streamlined process applied across multiple directories. There is no special coding or other processes required. The goal of the schema manager is to simplify the schema. Although it is a custom schema, the VIS environment allows it to be easily replicated and applied. 

A single combined aggregate schema can span multiple AD forests, making it efficient and effective. 

Identity Server for Sharepoint

Built on the VIS platform, our identity server for Sharepoint combines the functionality of the Visual Directory and Federation programs. It authenticates and authorizes directly into Sharepoint, and it has several applications, including:

  • Set and define access to groups, libraries and databases
  • Coordinate IDs between organizations
  • Delegate admins at the organizational level

Its key features include the ability to access a view of identity data that comes from several data stores in real-time and single sign-on capabilities. Other benefits include:

  • Several simple forest solutions
  • Reporting, auditing and compliance
  • Dynamic role-based access control
  • Single point of administration
  • And more

Overall VIS for Sharepoint can save your company time and money with effective and secure deployment. Use it as part of your multi-forest SharePoint solution that is manageable and virtually eliminates security risk. 

Application Specific Views

VIS is a more secure Active Directory and increases performance for both the application and Active Directory.

In many cases, applications that are written to Active Directory are written poorly and inefficiently. For example, many applications connect at the root of the Active Directory forest when they may only need to search one or two containers in the tree. Additionally, many applications only need to view users and groups, but in reality are granted access to view more than just users and groups. This is because Active Directory does not provide the ability to control what is searched, such as specific LDAP queries. VIS, however, easily publishes application specific views, granting only the data the application requires.

Complete & Comprehensive Audit Logging

All LDAP operations are logged and stored to a Microsoft SQL Server database for easy reporting and retrieval. The Virtual Identity Server can help your organization meet audit and compliance initiatives such as those required by Sarbanes Oxley (SOX), Basel II, European Union Privacy Directive, Capital Accord HIPAA and Gramm-Leach-Bliley Act. Using the built-in web reporting, you can easily report on who logged in and when, and what changes they made. Reports can even be auto-scheduled for email distribution in a wide variety of formats (PDF, XLS, HTML).

Questions VIS Can Answer

  • Who has logged in and when?
  • What changes were made to data and when?
  • Who was added to the Administrators group today?
  • What changes did “Bob” make?

Adapters

The Virtual Identity Server (VIS) utilizes adapters to connect to and integrate with LDAP directories, databases and other data stores. These adapters handle connecting to and communicating with the given data repository. Now, utilizing the Virtual Identity Server your LDAP enabled applications have access to data that resides anywhere within your enterprise, regardless of the data format (i.e. SQL/LDAP). The Virtual Identity Server handles all of the data transformation from one data storage type to another. This is performed on-the-fly and in real-time. When the application queries the Virtual Identity Server, that query is translated and then proxied to the appropriate downstream data store. [wpex more= “Read more” less= “Read less”] VISAdaptersLarge1


Active Directory (AD) Active Directory is the most widely used directory service in use today. Active Directory is a core component of the Windows Server 2003, Windows Server 2008 and Windows Server 2012 operating systems. Active Directory serves as the foundation for not only Microsoft’s Identity and Access solutions, but also for application servers such as SharePoint. Active Directory has proven to be the world’s fastest and most scalable directory server in existence today. Many customers utilize Active Directory as their user repository and have easily scaled the solution to multi-million user repositories. Testing by independent sources has shown that Active Directory scales linearly to meet the increased demands of a customer. Likewise, the Virtual Identity Server (VIS) was written from the ground up to tightly integrate with and leverage the existing investment that was made in Active Directory and the Microsoft infrastructure. VIS was written entirely in Microsoft .NET managed code and seamlessly integrates and extends the functionality of Active Directory, providing the necessary virtual directory/proxy and LDAP firewall needs for corporations. As a key differentiator of other virtual directory products, VIS does not contain a built-in LDAP server and instead leverages the powerful and scalable Active Directory or ADAM/AD LDS LDAP directories as its data repository. This insures that at the core, companies are relying on the fastest, most scalable and widely used LDAP directory in the world as the backbone for the virtual directory deployment. The Virtual Identity Server is the only virtual directory product that is certified on all of the following: Windows Server 2003, Windows Server 2008, Windows Server 2012.foot-logo-01


Active Directory Application Mode (ADAM) Active Directory Application Mode is a standalone LDAP directory based on Microsoft’s Active Directory. The key difference between AD and ADAM is that the ADAM server has all of the network operating system code removed. In essesnce, it is the core LDAP features of Active Directory and can be considered a lightweight version of Active Directory. (see AD LDS below). Many organizations utilize ADAM as a standalone application directory. ADAM was formerly a standalone download and then later included as a core component of Windows 2003 R2 Server and can be installed using add/remove programs/Windows components.


Active Directory Lightweight Directory Services (AD LDS) Active Directory Lightweight Directory Services (AD LDS) is the next generation of ADAM. AD LDS is a core component of Windows Server 2008 and can be installed by adding the AD LDS Role to a Windows Server.


Novell eDirectory Novell eDirectory (formerly called NetWare Directory Services – NDS) is an LDAP directory server that is a part of the operating system developed by Novell. The eDirectory adapter allows organizations that are migrating from eDirectory to Active Directory with a rapid means of accessing users, groups and data as they perform the often time consuming process of migration.


Sun One Directory Server (iPlanet) Sun One Directory Server is the directory server sold by Sun Microsystems that was originally developed by Netscape. Under a joint partnership both Sun and AOL (which purchased Netscape) retained rights to the software.


Oracle Internet Directory (OID) Oracle Internet Directory is the directory server sold by Oracle.


IBM Directory IBM Directory Server is the directory server sold by IBM.


Lotus Domino Directory Lotus Domino Directory is the directory server sold by Lotus.


RedHat Directory RedHat Directory is the directory server sold by RedHat.


OpenLDAP OpenLDAP is a free, open source implementation of an LDAP Server. It was developed by the OpenLDAP Project.


OpenDS OpenDS is a free, open source implementation of an LDAP Server. It was developed by the OpenDS.


Generic LDAP V3 Server The Generic LDAP V3 server adapter can be used for any V3 LDAP server not specifically listed as an adapter.


Directory Service Markup Language (DSML) Directory Service Markup Language (DSML) is a standards-based XML representation of directory access operations that are transmitted via Simple Object Access Protocol (SOAP). Many applications support DSML as a means for providing data access over the Internet.


Microsoft SQL Server Database The Microsoft SQL Server adapter provides the ability for LDAP applications to query and update data in a SQL database via LDAP calls. The Virtual Identity Server translates the LDAP queries into SQL queries and likewise LDAP updates into SQL Updates. Additionally, objects (i.e. users) existing in an LDAP directory such as Active Directory can be joined in real-time to objects in SQL. This allows LDAP applications to leverage data existing in SQL directly.


Oracle Database The Oracle database adapter provides the ability for LDAP applications to query and update data in an Oracle database via LDAP calls. The Virtual Identity Server translates the LDAP queries into SQL queries and likewise LDAP updates into SQL Updates. Additionally, objects (i.e. users) existing in an LDAP directory such as Active Directory can be joined in real-time to objects in Oracle. This allows LDAP applications to leverage data existing in Oracle directly.


Windows Azure Active Directory The Windows Azure Active Directory adapter provides the ability for LDAP applications to query and update data in the Microsoft cloud directory including Office 365.


Google Cloud The Google Cloud adapter provides the ability for organizations to manage their users in the Google Cloud (Google Apps) as well as leverage that data in realtime LDAP applications. [/wpex]

Frequently Asked Questions

Does VIS support Kerberos and/or NTLM/Negotiate authentications?

Yes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.

Can I get a demo/evaluation version of VIS?

Yes. Please fill out a demo form with your contact information.

What data stores can the Virtual Identity Server connect to?

The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.

Is your product FIPS compliant?

Yes. Our software is running in both non-secure and secure government networks. [wpex more= “Read more” less= “Read less”]

Does VIS support Kerberos and/or NTLM/Negotiate authentications?

Yes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.

Can I get a demo/evaluation version of VIS?

Yes. Please fill out a demo form with your contact information.

What data stores can the Virtual Identity Server connect to?

The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.

Is your product FIPS compliant?

Yes. Our software is running in both non-secure and secure government networks.

Does VIS support caching?

Yes. There are multiple caching options with VIS. Caching can be configured on an object class by object class basis, with a time to live and cache size as well. Most organizations in most situations, however, do not need to use caching.

Do you SharePoint integration?

We support WSS 3.0, SharePoint 2007, 2010 & 2013.

Do you support server virtualization like HyperV or VMWARE?

Yes.

Does VIS come as a 64-bit application?

Yes. VIS is now only offered in a 64-bit version of the product.

Is VIS supported on Windows 2008?

Yes. The Virtual Identity Server is certified on both Windows Server 2008 and Windows Server 2008 R2.

Is VIS supported on Windows 2003?

Yes. The Virtual Identity Server is certified on both Windows Server 2003.

What additional software requirements does VIS have?

VIS was written in Microsoft’s .NET programming language and utilizes the .NET 4.5 Framework.

What encryption algorithms does your product support?

VIS can encrypt this information with any of the following algorithms Triple-DES (3DES), AES, RIJNDAEL and BLOWFISH

Does your product store any un-encrypted user id information or passwords?

Individual entries, such as bind accounts and passwords or even the entire XML file can be optionally encrypted using the GUI.

Is there a GUI to maintain the XML file?

Yes. There is a Windows GUI that provides an easy interface to edit the XML file. You can also edit the XML file manually if you prefer.

Can this XML file be shared across multiple VIS servers?

Yes. Multiple VIS server instances can all share the same XML file.

How does VIS store configuration information?

The product configuration is stored in one XML file, making the product extremely easy to configure and migrate.

What TCP/IP port does VIS run/listen on?

VIS can be configured to run on any port you choose provided another application is not using that port. You can choose the standard LDAP port of 389 or 636 (SSL).

Can VIS be load balanced?

Yes. VIS can be placed behind a load balancer (either software or hardware), allowing for a fail-over and load balancing configuration for the applications that connect to VIS. In addition, the connections that VIS makes to connected directories can be load balanced as well.

What types of listeners does VIS support?

VIS can listen via LDAP v3, REST Web Service, PowerShell out of the box, but can be extended to listen via any protocol/method desired using the API’s.  With 3rd party ODBC/ADO.NET Drivers, SQL calls can also be made.

How long does it take to install and configure VIS?

VIS installs in minutes, using a standard MSI/setup.exe. After installing the binary files, a wizard guides you through the configuration of the product. While the Virtual Identity Server has the most comprehensive features of any virtual directory product on the market, a key differentiator is how easy the product is to install and configure. 

Give us a call or fill out our online form today to learn more. 

Resources

Data Sheet: Virtual Identity Server

Read More
White Paper: Top 10 Reasons for the Virtual Identity Server

Read More
Videos

Read More

Can’t wait? Get Optimal IdM IAM Services Now

Contact Us Start Your Free Trial Request A Demo