Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

•   Security Management
  •   Operate Security Protection Mechanisms

Details

A solid directory foundation can provide a trusted identity data infrastructure that enables mission-critical security and authentication. IBM® Tivoli® Directory Server offers a reliable, scalable, standards-based identity data platform that interoperates with a broad range of operating systems and applications. Directory Server is compliant with the industry-standard Lightweight Directory Access Protocol (LDAP) V3. The strong scalability and flexibility offered by Directory Server can benefit third-party applications as well as IBM solutions for which Directory Server is the default directory infrastructure, such as WebSphere® Application Server and Portal, Tivoli Identity and Access Managers, as well as the AIX operating system Directory Server.

The directory is a key integration point where identity, security, applications, systems and network management, and other network services all converge to store and retrieve data. IBM Directory Server adds security, authentication, consistency and flexibility to a company's e-business infrastructure. Companies can reliably authenticate their users, allowing them greater control across their enterprise and a protected e-business environment as they open up their internal business processes to their customers, supply chain partners, and automated transaction systems.

Just as the IBM CCMDB supports Configuration Management for CI data, one can consider the Directory Server - along with its sister service, Tivoli Directory Integrator - as providing Configuration Management for Identity Data (with Identity Change Management provided by Tivoli Identity Manager).

Enterprise will manage Identity Data in an infrastructure apart from the CCMDB for the foreseeable future, given the different directory data model (hierarchical), access protocol (LDAP), and the fact these directories - built out over the last decade - are ubiquitous, while CMDBs are still emerging. Importantly, for at least some time, Directories will bear a higher availability requirement (e.g. if the LDAP server goes down, so often does network access, corporate email, messaging, white pages, web-based services, etc.). It would not help maintain these mission-critical infrastructures by also requiring them to support non-mission-critical data.

To maintain these high-availability infrastructures, IBM Tivoli Directory Server offers robust replication features to provide highly-available implementations for global enterprise 24 x 7 support for important business applications. For example, IBM Tivoli Directory Server supports peer-to-peer replication, allowing the directory to be configured with up to dozens of master servers, maximizing reliability. ITDS is built on DB2 for high-performance to drive the fast response times needed for global applications, however the customer does not need DB2 technical skills to deploy ITDS (DB2 is treated as a black box).

Directories are managing more and more identity information. To provide this massive scalability and support more advanced high-availability configurations, it is often necessary to partition the namespace. The included Proxy Server allows LDAP clients to search and update directory data partitioned across multiple directory servers. It handles connection-pooling, chaining/routing of requests to reduce complexity for the LDAP client-side applications, and provides optimum performance. It supports replicas of partitions, load-balancing between replicas and automatic fail-over. The directory can handle searches and writes across a distributed LDAP topology that allows clients to bind using single credentials and have group membership handled seamlessly across the servers. This allows IBM Tivoli Directory Server to scale to hundreds of millions of LDAP entries. The Proxy Server also provides easy deployment for Failover and High Availability solutions, while also supporting high write-intensive applications (e.g. location-based services).

IBM Tivoli Directory Server supports a number of features that increase administrator usability. For example, you can sort and view search results as pages. Groups can be nested or dynamic, that is, changes in a defined variable can automatically update the group profile. IBM Tivoli Directory Server supports groups as large as hundreds of thousands of entries.

IBM Tivoli Directory Server runs on Linux®, AIX, Windows®, Solaris®, and HP-UX® distributed servers - and in the future will support z/OS and i5/OS. It is the default directory for Tivoli, WebSphere, and AIX. ITDS is built for identity management with role supports, fine-grained access control and entry ownership.

For More Information

For more information about this tool, click on the link for this tool at the top of this page.