OPTIMAL IDM’S VIRTUAL IDENTITY SERVER

The Virtual Identity Server (VIS) is a.NET LDAP Virtual Directory that provides a single, real-time view of identity data from any data store. VIS is the fastest, most comprehensive LDAP virtual directory available. Our flagship on-premise product, VIS is a LDAP virtual directory server built entirely in .NET managed code. It’s used to enhance your LDAP directory infrastructure, providing key data transformation and virtualization needs.

Register for a Free Trial Today!

Interested in the features and benefits of Optimal IdM? Request a demo!

Request Demo

.NET LDAP Virtual Directory

Most companies have multiple directory services deployed in their environments, such as multiple AD forests and domains. While this is a sound operational practice, it results in user identity information being scattered across separate directory repositories. This poses a significant challenge when attempting to deploy enterprise applications to the users existing in these directories.

VIS is an LDAP virtual directory server that solves this by providing a single joined view of data from these separate directories. Applications connect to the VIS exactly as they do any normal LDAP directory. In fact, to the LDAP-enabled client application, VIS looks and behaves just like a standard Active Directory or ADAM server. The key benefit is that it allows multiple directories to be joined in real-time, without the need to duplicate LDAP objects.

Virtual Identity Server can also join and merge data coming from other LDAP directories (such as eDirectory, Sun), as well as from SQL databases (such as Microsoft SQL Server, Oracle). To the calling application, the interface functions as one LDAP directory (VIS). In reality, data is being joined and merged in real-time from multiple disparate data stores.

Features of VIS

VIS is the fastest, most comprehensive LDAP virtual directory available. Our flagship on-premise product, VIS is a LDAP virtual directory server built entirely in .NET managed code. It’s used to enhance your LDAP directory infrastructure, providing key data transformation and virtualization needs.

COMPANIES THAT TRUST OPTIMAL IdM TO SECURE THEIR BUSINESS:

Reduced IT Costs

VIS’ virtual directory services increase the value of your existing Microsoft environment by:

– Enabling you to leverage the existing investment in Microsoft technology & extend it with increased functionality.

– Seamlessly integrating VIS, a true LDAP virtual directory server that is developed in .NET technology, with your Microsoft environment.

– Providing you with a scalable virtual directory platform that continues to grow with an organization’s needs.

– Being a proven solution for Microsoft applications such as SharePoint and MIIS/ILM

Eliminate Deployment Barriers

VIS provides an enhanced application environment that allows organizations to rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories.

– The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.

– VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts.

– VIS simplifies your identity management deployment by accessing data at its source directly.

– VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.

Meet Audit and Compliance Initiatives

Using a virtual directory server gives you unparalleled transparency for auditing, compliance and security purposes.

VIS can help you answer questions such as:

– Who has logged in and when?

– What changes were made to data and when?

– Who was added to the Administrators group today?

– What changes did “Bob” make?

Built on Microsoft Technology for Microsoft

Virtual Identity Server (VIS) was written from the ground up to tightly integrate with Active Directory and leverage the existing investment that was made in the Microsoft infrastructure. VIS was written entirely in Microsoft .NET managed code and seamlessly integrates and extends the functionality of Active Directory, providing the necessary virtual directory/proxy and LDAP firewall needs for corporations.

Listeners, Protocols & Interfaces Supported

  • –  LDAP V3 (SSL and non-SSL) – Basic Authentication, NTLM & now Kerberos Support!
  • –  RESTful Interface
  • –  PowerShell Interface
  • –  Extensible Interface with Powerful full-featured API’s

A Customizable Solution

The Virtual Identity Server is an extensible solution, allowing an organization to customize the software to meet specific needs.

  • The Virtual Identity Server can be extended using any standard .NET programming language such as VB.NET or C#
  • Custom adapters can easily be written leveraging the base VIS .NET objects that are visible within Visual Studio.

Powerful Join & Merge Options – Without Custom Code

The Virtual Identity Server provides powerful joining and merging options, allowing you to easily present multiple views or a single enterprise view of data existing across multiple siloed directories in real-time. VIS provides sophisticated data transformation and virtualization with the ease of a point and click configuration.

Join & Merge Options of the Virtual Identity Server include:

  • Union Mode – Provides a combination or collection of the objects from all connected source directories.
  • Object Precedence Mode (OP) – Provides an authoritative order at a directory level. For users that exist and are joined in x number of directories always return “this” user object.
  • Attribute Precedence (AP) Mode – Provides a merged view of objects (Givenname, SN from Internal directory and sAMAccountName and HealthID from External directory.

The Virtual Identity Server Can

  • Provide a single enterprise view of data across multiple siloed directories
  • Provide a different view of the data on an application by application basis
  • Allow different rights/access to data (i.e. update or read only) on an application by application basis
  • Transform, merge and map data from multiple LDAP directories to a virtual name or namespace

LDAP Proxy Firewall

 

The Virtual Identity Server (VIS) deployed as an LDAP Proxy Firewall providing the needed protection and security for the sensitive identity data stored in your Active Directory.

 

The LDAP Proxy acts as a barrier between client applications and data stored in your Active Directory. Instead of client applications directly accessing your sensitive data, which can leave it vulnerable to attack, applications connect to the proxy and the proxy accesses the necessary data. LDAP Proxy Firewall creates an added layer of security for your sensitive data while still offering real-time access when and where you need it.

Virtual Schema with VIS

The Virtual Identity Server eliminates the need to extend the Active Directory schema for 3rd party applications. Custom schema and data is stored at the virtual layer and is applied to objects automatically in real-time.

  • Any custom/third party schema can be applied within VIS instead of Active Directory,reducing the complexity of custom schema
  • Custom schema is applied automatically on-the-fly and unlike other solutions requires no custom coding, or replication of objects.
  • A common custom schema can now be applied easily across multiple Active Directory forests without any changes to the Active Directory environment.

Application Specific Views

VIS is a more secure Active Directory and increases performance for both the application and Active Directory.

In many cases, applications that are written to Active Directory are written poorly and inefficiently. For example, many applications connect at the root of the Active Directory forest when they may only need to search one or two containers in the tree. Additionally, many applications only need to view users and groups, but in reality are granted access to view more than just users and groups.

This is because Active Directory does not provide the ability to control what is searched, such as specific LDAP queries. VIS, however, easily publishes application specific views, granting only the data the application requires.

Complete & Comprehensive Audit Logging

All LDAP operations are logged and stored to a Microsoft SQL Server database for easy reporting and retrieval.

The Virtual Identity Server can help your organization meet audit and compliance initiatives such as those required by Sarbanes Oxley (SOX), Basel II, European Union Privacy Directive, Capital Accord HIPAA and Gramm-Leach-Bliley Act.

Using the built-in web reporting, you can easily report on who logged in and when, and what changes they made. Reports can even be auto-scheduled for email distribution in a wide variety of formats (PDF, XLS, HTML).

Questions VIS Can Answer

  • Who has logged in and when?
  • What changes were made to data and when?
  • Who was added to the Administrators group today?
  • What changes did “Bob” make?

Adapters

The Virtual Identity Server (VIS) utilizes adapters to connect to and integrate with LDAP directories, databases and other data stores. These adapters handle connecting to and communicating with the given data repository. Now, utilizing the Virtual Identity Server your LDAP enabled applications have access to data that resides anywhere within your enterprise, regardless of the data format (i.e. SQL/LDAP). The Virtual Identity Server handles all of the data transformation from one data storage type to another. This is performed on-the-fly and in real-time. When the application queries the Virtual Identity Server, that query is translated and then proxied to the appropriate downstream data store.

Read more

Frequently Asked Questions

Does VIS support Kerberos and/or NTLM/Negotiate authentications?

Yes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.

Can I get a demo/evaluation version of VIS?

Yes. Please fill out a demo form with your contact information.

What data stores can the Virtual Identity Server connect to?

The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.

Is your product FIPS compliant?

Yes. Our software is running in both non-secure and secure government networks.

Read more

Resources

Data Sheet: Virtual Identity Server

Read More
White Paper: Top 10 Reasons for the Virtual Identity Server

Read More
Videos

Read More

Can’t wait?
Get Optimal IdM IAM Services Now

Start Your Free Trial