The rise of Suncle: Directory Services

by Deborah Volk on April 20th, 2009

I've covered identity administration and access management pieces of Sun/Oracle (affectionately referred to as Suncle on this blog) product portfolio in my previous blog posts. This one will address the remaining third - directory services. (Updated to correct the omission of virtual directory and identity synchronization from Sun's suite).

Oracle brings Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD) to the party, Sun brings Sun Java System Directory Server (Sun DS) Enterprise Edition. Sun's Enterprise Edition packaging includes 3 pieces: Directory Server, Directory Proxy Server and Identity Synchronization for Windows. Sun's Directory Server corresponds to Oracle Internet Directory, Sun's Directory Proxy Server corresponds to Oracle Virtual Directory and Sun's Identity Synchronization for Windows is closest in terms of functionality to Oracle's Directory Integration Platform (DIP; sometimes referred to as Directory Integration and Provisioning).

Let's start from the end. Identity Synchronization for Windows and DIP are both focused on synchronizing entries between "our" directory (Sun DS or OID) and "their" directory (usually Microsoft's Active Directory) with typical flow from "their" to "our". DIP is part of Oracle's "legacy" identity management stack that revolves around OID; the metadirectory-like synchronization approach is somewhat dated. Customers synchronize identity and credentials for various reasons but many of those reasons are challenges that can be solved in other ways, they do not require point-to-point synchronization. For example, an identity manager solution could provision both Sun and AD with the same credentials and keep them in sync based on updates from HR database. Having said that, Oracle has plenty of customers who use DIP and have no desire to deploy an identity manager product. Sun Identity Synchronization for Windows product seems to have quite a bit of overlap with DIP and DIP is not just for AD, it was conceived to deal with any "foreign" directory, plus there are other ways to achieve goals without synchronization. Based on this, I don't see the Sun product walking too far from the parking lot, it'll be riding in the trunk of the car to the docks.

Sun's Directory Proxy Server and Oracle Virtual Directory seem to have been cut from the same cloth and OVD is a very nice product, we're big OVD fans at Identigral. Again, I don't see anything unique or special in Sun's product that OVD doesn't have. Mark Diodati from Burton Group writes that Sun's Directory Proxy Server lacks a number of core features found in other virtual directory products, including OVD.

This leaves OID and Sun DS in the ring. Directory Server is the only weight category in this boxing match where I think Sun has a legitimate shot at an upper hand but it will require more than 5 rounds.

Oracle will not kill OID by any stretch of an imagination. Oracle's "legacy" identity management offering requires OID and Oracle has a number of products tied to this legacy infrastructure. Most notably Oracle e-Business Suite requires legacy identity management stack if you want web single sign-on. Aside from these dependencies, the legacy identity management infrastructure also requires a database server (Oracle's, you guessed it) to store both metadata and application data. Having OID in the mix when deploying the legacy stack at a customer automatically means that the customer has to buy a database and not just any database but an Oracle database. This is good business and while Oracle doesn't produce a nice spreadsheet breaking out revenue streams by products, we can guess that this "pull-through" strategy where you drag a bunch of products on coattails of another yields a nice chunk of change.

Having said this, Sun DS is a formidable opponent. It has a royal pedigree going back all the way to Netscape and University of Michigan team, it has a large customer base and it has a fantastic brand. Even though it suffered some neglect in a few years following the dotcom meltdown, it is no technology slouch from any perspective and Sun did invest a fair amount of resources into its upkeep. Many Oracle customers would love to run Sun DS instead of OID plus accessories. Will they finally get their wish? I think so.

The scenario I see as unfolding will be similar to the playbook for BEA's Weblogic and Oracle's own application server. While Oracle could not simply erase Oracle Application Server (OAS) from its roadmap since customers and Oracle's own products depend on it, it relegated OAS to the lower position on the totem pole by placing it into "continue and converge" category. Translation: OAS will be spoon-fed from maintenance dollars and eventually placed on life support with Weblogic being the go-forward app server of choice.

The gap between OID and Sun DS is not as wide as the gap between OAS and Weblogic so OID won't be completely downshifted. Nevertheless, I predict (48.52 probability) that OID and legacy Oracle identity management infrastructure will be sent to the back of the bus. Sun DS should become a de facto Oracle choice for a directory server even if it doesn't require the database. For customers who like to store everything in the Oracle database, OID will be always available as an option.

Posted in Oracle Internet Directory, Directory Services, Sun Directory Server, Oracle Virtual Directory, Business Perspective    Tagged with oid, sjsds, suncle, ovd, dip


Isaac - April 21st, 2009 at 5:33 PM
Nice article, but Sun has indeed an alternative to Oracle Virtual Directory: Directory Proxy Server has evolved from previous versions and is now integrated into Directory Server. So, Sun provides the same functionality that Oracle claims, but in one product (integrates LDAP, A/D and RDBMS).
Popou - April 23rd, 2009 at 2:55 PM
Hi, interesting but with all due respect, I think you are a bit biased towards the Oracle products, since it looks like those are the products that identigral has mainly worked with. I personally do not know them, but I have a good opinion on Sun's software products and the philosophy of the OpenSource initiative.

The comparison of the Sun Identity Manager and Sun OpenSSO with the corresponding Oracle products is based on a light knowledge of the Sun products.

Anyway, I think only time will tell, but all in all my guess is that the reasons to choose one or another software product within "Suncle" will not be based on the technology behind them, but on the pure marketing decisions taken by the new company.

Leave a Comment


follow on

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)