Posts Tagged ‘radiantone’

3 Building Blocks for Managing Cloud Applications

Monday, March 29th, 2010

header

Now that my webinar with Mike Donaldson and Lisa Grady is over I wanted to post up some additional information and also a video of the working demo. Thanks to Ping Identity and Radiant Logic for working with us on this demo.

Overview:

As a recap of the demo scenario, our theoretical company, MyComany, is looking to leverage cloud-based services and their strategy is to continue to migrate a significant amout of infrastructure to the cloud. The first application they have migrated is Salesforce CRM for Sales management. After that, they plan on expanding into Google Apps, a hosted provider for time and expense submission, HR, etc. The company has an internal Enterprise Directory (LDAP) which stores Employee profile information and the sales region and list of accounts for a Sales Rep is stored in Salesforce CRM. Since not all employees have access to Salesforce, there is also an internal portal that employees use to find Sales Rep and customer information.

Since they started using Salesforce, they are noticing these main problems:

  1. Managing the provisioning/de-provisioning of internal users in Salesforce is a time consuming manual process and in one case an terminated employee was not de-provisioned correctly and wound up getting access to information they should not have been able to access as a non-employee.
  2. They have a high number of password management issues since users have a separate account in Salesforce.
  3. Certain pieces of information are managed about salespeople and accounts in Salesforce and are not visible through the portal. This limited access to information required for the distribution of new leads and to contact the correct Sales Rep in case of a customer issue.

So, they want a solution that provides the following benefits:

  1. Automates the provisioning and de-provision of users in Salesforce based upon membership in a group in LDAP
  2. Centralized view of internal user information with attributes coming from LDAP and Salesforce that can be surfaced through the portal
  3. Centralized view of customer information that shows both the information coming from Salesforce but also includes the information from the accounts payable database for the complete view of the customer
  4. Single Sign-on into Salesforce from the MyCompany Portal

Solution:

  • Ping Identity PingFederate for provisioning and de-provisioning of users based upon group membership in the salesforce group in VDS
  • Ping Identity PingFederate for Internet SSO using VDS as the LDAP directory for the Identity Provider (IdP) and Salesforce as the Service Provider (SP) using SAML

Salesforce-Provisioning

  • Radiant Logic VDS Context Edition to create a single view of the employee information with cached attributes coming from LDAP and Salesforce
  • Radiant Logic VDS Context Edition to create a single view of the customer with cached attributes coming from the Salesforce Users and Accounts tables

Virtual-Directory-Entry

For larger images, please see the slides from the presentation included below.

Results:

Once implemented, this simplified their environment and provided greater flexibility as they looked to expand into the other cloud services, minimized trouble tickets for Salesforce password resets and improved internal access to information.

Demonstration:

The following video shows the working demo which addresses the requirements above. This is just the starting point of what will eventually become a centralized hub for access to critical user and contextual data across repositories both internal to your company and also across cloud services outside of your firewall.

3 Building Blocks for Managing Cloud Applications – Video Demo

Webinar Recording:

A recording of the webinar is available on Ping Identity website. Note that registration is required.

View the Replay

I have also uploaded the slides to SlideShare so that you can more easily see the larger images:

I would love to hear what you have to say about this concept. Special thanks to Ian Barnett (Ping Identity) and Prashanth Godey (Radiant Logic) for helping to get this demo set up.

Thanks,
Todd

Tags: , , , , , , , , , , ,
Posted in Federation, Identity and Access Management, Virtual Directory | No Comments »

Extending Augmented Reality with a Virtual Directory

Wednesday, September 23rd, 2009

Wikipedia describes augmented reality (AR) as “a term for a live direct or indirect view of a physical real-world environment whose elements are merged with, or augmented by virtual computer-generated imagery – creating a mixed reality.” In essence the real-time view of your world is enriched with additional information making your environment interactive.  Take the following simulated example from my recent trip to Las Vegas for DIDW 2009.

augmented reality

So, by glancing out my window, my view is extended with details on my location, the time, upcoming weather and a map of the area. There is also additional information based upon factors I set, like betting and food price ranges so that I instantly know if a location matches places I might be looking to go.

One of the key statements from the Wikipedia article is that “the augmentation is conventionally in real-time and in semantic context with environmental elements…” So, taking that another way, you need a way to describe the world around you in a way that scales and is high-performing. In essence you need to create a virtual mapping of identity information, the attributes of the objects and the relationships between the objects so that this information can be overlaid on the view of the observed world. A directory structure is perfect for describing these virtual representations since the hierarchy describes the relationships between objects and allows you to easily create compound objects that combine the identity and all of the related meta-data into a single entity. There are additional benefits to using a directory for representing this information:

  • Highly optimized for reads to ensure high-performance
  • Built-in model for scalability
  • Ability to replicate information
  • Robust security model that allows the world to be described based upon authorized information

The problem with using a directory, though, is that the structure is too static and the information must be represented within the directory itself. As the world change or new relationships need to be exposed, the existing tree may not be able to represent the correct hierarchy or expose the right elements. This is typically why people fall back to using a relational database model, but there is another way to address this challenge. Enter the virtual directory.

A virtual directory allows you to create views into the information dynamically and allows you to reshape and adapt the model as your definition of the world changes. Additionally, the virtual directory allows you to describe the world semantically in sentences that model the relationships between objects. Take a look at Michel Prompt’s blog post entitled “From Static Directories to Context Servers” for additional information. While the post focuses more on classical business challenges, it is not a big leap to take this into other realms where context and relationships are important like AR.

If we take the picture above and apply a directory structure to the relationships, the hierarchy might look like:

Tree Structure

The beauty is that the information represented in this structure can come from local data, other directories, databases and even web services allowing you to pull together a robust representation of all of the information necessary to describe the virtual representation of the world around you. Additionally, the virtual directory gives you all the benefits of a standard directory for scalability and security.

Another critical function to ensure scalability and performance is to be able to easily create a cached representation of this information. This is due to the amount of data, complexity of the relationships, speed of information sources and real-time nature of the augmented reality system. Some virtual directories like Radiant Logic’s RadiantOne VDS allow you to create a persistent cache that can be updated in real-time. This is important since data describing your virtual world can change frequently so other caching mechanism (e.g. memory caches) based upon a time-to-live or aging algorithm can become easily outdated which would lead to an incorrect model.

Additional information on Augmented Reality can be found here:

I’m curious to hear your take. Where would you like to see identity and data virtualization go in the future? I think there are many other use cases which could warrant being able to leverage an abstraction layer to bring context to your identity and related information.

– Todd

Tags: , , , , , ,
Posted in Identity and Access Management | No Comments »

Video: Extending SiteMinder with RadiantOne

Tuesday, August 25th, 2009

Last month, our very own Todd Clayton presented a webinar for Radiant Logic called Evolve Your SiteMinder Portal Through Virtualization—Without Breaking the Bank”.  He discussed the benefits of using a RadiantOne virtual directory with CA SiteMinder, some of which include:

  • Identify, correlate, and integrate identities from multiple user populations across security domains.
  • Publish different profile views for SSO, authorization, and profile management.
  • Create unified profiles of all users for different application contexts.
  • Build an abstraction layer so SiteMinder can access attributes without any changes to your existing infrastructure.
  • Develop an environment that easily accommodates future expansion and new business requirements.

Please feel free to contact us for more info on how these two products can work together.

-Dave

Tags: , , , , , , , ,
Posted in Identity and Access Management | No Comments »