What does it mean to be in the cloud, when talking about IDM?


What does it mean IDM 4 is cloud ready?

If you have not noticed one of the latest buzz words floating around is "Cloud". What the dickens (hmm, should that be Dickens?) is going on with that?

From a Novell perspective, we hear in the Identity Manager 4 push that IDM 4 is "Cloud Ready -- whatever the heck that means.

So what does Cloud mean when it comes to Identity Manager 4, and what does IDM 4 offer?

We all know the progression of computing. In the good old days there was the Big Iron mainframes, and it was all about time sharing on the mainframe. Of course back then, they still called them Virtual Machines of sorts. I know that when I first started at the University I worked at they had VM1 and VM2, both of which were running on the same outsourced IBM mainframe.

Then we moved off to distributed computing (ironically the same University took that to mean NeXT Workstations! Ah the good old days when we were young and innocent, and before Steve Jobs went back to Apple. I still say BeOS was the better choice over NeXT Step for Apple to have taken. BeOS was a truly kicking approach!) taking advantage of the fact that PC commodity hardware was getting fast and cheap. Even more ironically, when they started saying 'fast' they meant 386 and 486 processors! Compare that 66 MHz 486 chip with today's 2.67 GHz 8 CPU core single chip CPU, and 'fast' is clearly relative.

Then virtual machines came back because well, what single OS or process can really justify the needs of a 8 CPU monster at such speeds, that is almost an entry level server box these days? Even more ironically, VMWare started this approach when 'fast' was still 486's and Pentium chips!! Just keeps making more and more sense these days!

Well if an entry level server comes with 2 sockets, and each can take 2, 4, or 8 core chip, then entry level hardware is plenty fast for multiple VM's, and in that context, multiple can mean well over 10!. Stack a whole trucking container full of them with power, air conditioning and Ethernet jacks on the outside, and you are starting to follow Google's approach. (Have you seen their data center model? Pretty cool!)

Thus today we have a number of vendors offering cloud services, of at least two distinct types. (Of course anytime you get specific on a general idea, you are sure to be wrong, so no doubt there are more approaches to cloud services than just these two)

The first is something like Amazon's EC2 service, where you basically rent a hosted VM in Amazon's EC2 cloud. That is, they provision a VM for you, that you then run like a physical server, and they take care of everything else for a fee. This is a great approach as the cost of power, air conditioning, physical security in a data center, etc are all becoming more expensive costs than just the raw hardware.

Beyond the external hosted services, you can decide to build a cloud like infrastructure in-house as you need it. Now it seems like that would require some pretty large scale, but if you consider all that extra hardware and unused resources, the ability to abstract it all and utilize available resources on demand would be really powerful. It is like taking the notion of VM's to the next logical step.

The second is the Software as a Service (SaaS) approach, where companies like Google are trying to take on Microsoft by offering Google Apps to customers. They host the email, calendar, document sharing and management, as well as many applications (Word processing, spreadsheet, database, drawing tools) on their data center, and all you do is pay a per user fee.

Other examples would be things like Salesforce.com which is a Customer Relationship Management product (at least initially) that is hosted on Salesforce.com's hardware, and you can connect via a web browser globally. Salesforce.com is evolving away from just the CRM aspect and more into a generic application, since you can manage the database underlying it, and update the User Interface to provide what you want for your users. I have been working with a customer that has a globally distributed sales team, and they use Salesforce.com to sell product. This works really well as it is available worldwide, and all they need is a web browser to get at it. No VPN issues, connectivity back to the core data center, redundancy, or other issues to get in the way of just selling product. Salesforce is trying to make themselves into a more generic application for whatever you want to do, which is a good move on their part. Once you are licensed, for your CRM, rolling more applications into the interface starts to make sense as well. And it is pretty easy to do as well, which helps. (Sort of a Lotus Notes killer in some ways). The main problem is they started as a CRM app (Customer Relationship Management) and it shows as you try to stray farther away from that model. On the flip side they are doing regular updates to the interfaces trying to add needed functionality and features.

What does Novell bring to this party? Well a number of things. Outside the Identity space, with the services that PlateSpin brings to the table, for managing physical or virtual servers, they are leveraging that technology into managing in-house cloud services. That is, when your computing needs get into the range that needs thousands of servers, why not just treat it like a cloud that you own, and manage it that way? [Editor's note: Novell Cloud Manager is a new product that is designed specifically to meet the challenges of managing your own private (or internal) cloud.]

Novell showed several example products at BrainShare for managing this approach in the PlateSpin family of products. This is a smart way to approach it as they have a lot of expertise in the PlateSpin product line. That handles the generic OS independent approach. You really do need to think about the OS specific issues though, as each OS has its own issues with starting up fresh VM's in a cloud like world.

SUSE Studio is an interesting OS specific approach to let you build up your Appliance like images, using SUSE Linux Enterprise Server as your base. Pick and choose your packages, configure it, build it, run it in Novell's cloud for a while, and you can spin up as many instances as you need in your cloud from the ISO/image that you just designed, built, and tested.

The whole notion of Intelligent Workload Management at Novell is geared around this. Make it easy to run and manage a cloud in house, or on other external cloud hosted environments.

What Identity Manager 4 brings to this is a new install and configuration model. One of the issues in IWM is that you need a workload that can spin up quickly, with minimal to nill outside interactions and be configured and runable once it is booted.

Well if you have ever installed or configured Novell Identity Manager you will know that for the most part it is not really that hard (except maybe the User Application piece, which has been uglier in past releases, and getting better with each update) but clearly this is not the sort of thing you throw up as a VM and just expect to work. There is lots of bits involved in deciding where the drivers should run, and getting User Application working just right.

With Identity Manager 4 the install and configuration process is greatly simplified, and better than anything else, broken into two separate tasks. That means you can build an OS image with all the IDM components installed (basically the binaries) but not configured. Then at VM startup time, the start script can run the configuration tool with a properties file to get the parts you need up and running.

Now until the highly anticipated driver fanout and high availability shows up in a later release, it will not be easy to spin up a new VM to take the load off the engine side of the system. But adding an additional User Application server into a clustered User Application with a remote database is something you can really do now.

That handles the case of working with an external cloud providing you space to run your workloads. What about the Software as a Service use case?

Well Novell Identity Manager 4 comes with a number of features to make this process easier and better.

In the most traditional sense for Identity Management, IDM 4 comes with new drivers to Salesforce.com and Sharepoint, which would allow your existing provisioning system to provision users in Salesforce.com. Sharepoint is not really a cloud application, but a number of companies are hosting it for people, which makes the driver useful in that context. There already are a plethora of drivers for Google Apps from third party vendors, like Concensus Consulting http://www.concensusconsulting.com/google, EST Group http://www.est-grp.com/products.php Weisberg Consulting, http://www.weisberg.net/html/google_apps.html, Cosmoskey, http://www.cosmoskey.com/products and there is some differentiation in functionality between the various versions.

Most often, SaaS providers have some external interface, and since they are invariably web based services, they invariably provide Web Services interfaces. These are usually SOAP or REST interfaces, which the SOAP driver handles admirably. The SOAP driver is getting an upgrade to support SPML2 which makes out of the box connectivity even easier for some cases.

One thing that clouds often bring is scale. Cloud computing tends to be larger scale (not always, but in general) and it is important that your solution scale. Well Identity Manager was ready long before version 4 for large scale implementations. We have customers with million plus object trees, and I know of installations in the tens of millions of objects. Thus IDM is a proven solution for those kind of projects.

Managing remote resources in an external cloud like EC2 falls into the PlateSpin area of the product lines and I recall at BrainShare that EC2 support was one of their targets. But when you use an external cloud like EC2 you do need some kind of authentication and authorization system for the running operating systems, and pretty much whatever approach you take (OpenLDAP, SunOne, Active Directory, heck even Lotus Domino) there's a driver for that already to go, with years and years of maturity.

Additionally you could imagine a service provider, like a large telecom perhaps, deciding to host Identity Management services as a service in the cloud. Well IDM 4 is scalable and ready for that as well. Though to be honest, for the most part IDM 3.6.x was as well. Just some things get better in IDM 4.

Now on top of all of that, there is an issue I did not yet bring up, which is of course Security. Well making sure you authenticate to things is one aspect of security, but you also need to be able to know what is happening, and react as fast as you can. The Sentinel product line fits in wonderfully here, and is a great tool for managing all this. You can use the new reporting tools in IDM 4 which share a lot of heritage with the Sentinel products, and in fact it can forward events it collects on to Sentinel.

Sentinel Log Manager is a great tool to view, consolidate and manage logs from a wide diversity of your data sources. Again, if you need too, you can forward those events to a full Sentinel 6.x install to correlate the various events across the internal enterprise, and external enterprise. What is nice about Sentinel is that due to the use of a message bus, it can scale to hang multiple boxes for each task off the bus, and scale. (This is a great example of a single box that can really use all those CPU's and RAM!)

Sentinel is great for taking events of all different sorts (firewalls, identity systems, access gateways, door code readers, etc) and correlating them all together. We had a client who wanted to be alerted when a user who did not key card into the building yet modified files or logged in. If you can get the events to Sentinel then it is easy to correlate for these sorts of things.

Sentinel scales well to the cloud scale and can manage the disparate types of events you might get in such a world, adding that other component to your cloud experience.

So what does it mean that IDM (or even Novell) is ready for the cloud? Well it means a whole bunch of things, and that there are many different ways to be in the cloud, and to manage things in the cloud. Novell has a nice foot in each space, that are developing more over time. IDM 4 is an excellent step along the way to getting more and more cloud ready.



How To-Best Practice
Comment List