A meta-what? A meta-directory is a centralised hub that collects data from other directories and data repositories, and joins them together into a logical whole to minimise management of end users and data. Tech Tonics consultant Chris Morrison has been involved in a number of meta-directory implementations, so Computerworld called on him to provide a few answers.
Why would a company implement a meta-directory?
A meta-directory is designed to connect disparate data to enable more accurate information within the organisation and reduce administration costs associated with maintaining this data. If a company had a number of different directories and has issues with data that’s out of date, not synchronised and has high administration costs relating to keeping this data up to date, then a meta-directory product would resolve some of these issues.
Meta-directories also provide a single point of administration. It is possible to add a user at a single location and the meta-directory product will populate the other directories as defined by the meta-directory configuration.
Is there any other way to integrate the various directories found throughout an organisation?
Typically not. That is why meta-directory products were developed. The only way to update directories is manual updates using human intervention. An operator will update one directory, then the next, and so on. There are tools that have been developed that are GUI-based and will create an NT user, create an Exchange mailbox, etc. However, these tools are normally designed for specific roles such as user creation in a Windows environment and do not address multiple, disparate directories.
Can you outline the various phases of a directory implementation project?
Our experience is that the standard project methodology we use for infrastructure implementations is a good fit for managing risk and cost associated with a meta-directory implementation — ie planning, design, build, test, implement.
Depending on the size of the project, we would also consider using a proof of concept and/or phases to ensure that the project is a success.
How much planning should you do, how should you approach planning?
Planning and design are important in meta-directory implementations because now two directories map attributes one to one. There needs to be well planned and designed connectors that map the various attributes from one directory to another. Rules need to be created to ensure which attributes are masters. For example, Exchange should be the master for the email address attribute.
Testing is also important and testing how the data will map from each directory will normally identify how much work is required to get the data synchronised. For example, if two directories contain the attribute home address, which directory is authoritative? It gets more complicated when a directory contains an attribute called Address and another directory contains an attribute called Home Address.
Most of the time spent will be in the planning, design and testing phases.
Which types of company should implement a meta-directory? What type of company needn’t bother?
Typically meta-directories are used in large enterprises with multiple directories that need to be synchronised. Examples of directories may include phone systems, payroll system, HR systems, Windows 2000, Novell directories.
Companies that plan to develop applications that require a directory will benefit from a single and common data source that is consistent and up to date. Smaller companies with few directories may not need the kind of functionality that a meta-directory offers and the implementation of such a product may not be cost effective.
Meta-directory products should be evaluated on the benefits the business gains rather than straight technical functionality.
What are the benefits?
- Consistent data – information within an organisation is synchronised, ie an employee’s address, which may be stored in five different directories and contain five different directories and can contain five different values, is now consistent.
- Reduced administrative overhead – maintaining information and ensuring that is up to date takes time. Meta-directories can reduce the costs associated with maintaining this data.
- Future application development – companies which create applications that utilise directories that will have a single, consistent directory to work from.
- A single source of common data.
What issues should an organisation be aware of when doing this?
Directories need to be assigned masters for attributes and changes to that attribute will be replicated to other directories. For example, if the Exchange database is the master for email addresses, any changes to the HR database containing email addresses will not be replicated to Exchange. Instead Exchange may overwrite the HR database with its email address.
Incorrectly established rules can lead to corruption in the information itself. For example, if the wrong email address was “allowed” to be overwritten in the Exchange directory, the CEO email address may be changed and he or she no longer receives email.
These rules and the initial set-up and configuration of meta-directory products are complex projects and expert assistance should be obtained.
Replication within the organisation is a big issue. When and how directories should replicate needs to be considered as it adds overheads to the current environment.
We have found that the majority of time is spent in planning, designing and testing. Normally the 80/20 rule applies — 80% of time in planning, design and testing and 20% in implementation. Data cleansing is important and almost a project in itself. It is important to ensure data in the various directories is clean before a meta-directory is installed.
The rules implemented as part of a meta-directory are critical to its success and significant testing is needed to ensure that they work as designed.