Innosoft International, Inc.

1

Trevor Dimond - Senior Consulting
Engineer (trevor.dimond_at_innosoft.com) Thursday
January 27th, 2000
Innosoft International, Inc. www.innosoft.com sale
s_at_innosoft.com
2
Speaker Bio - Trevor Dimond

• Joined Innosoft May, 1999 as a Senior Consulting
  Engineer
• 15 years at Bank of America, San Francisco
  (1984-1999) - Senior Systems Engineer, VP
• Designed, deveIoped and deployed Enterprise Wide
  LDAP directory infrastructure (1998 - 1999)
• Programmer, architect and internal consultant for
  applications, systems and communications (1984 -
  1997)
• 6 years at British Airways, London (1978-1984)
• Applications programmer

3
Who is Innosoft?

• Enterprise messaging and directory infrastructure
  products and services solutions for
  heterogeneity now and whatever in the future
• High growth with focus
• Commitment to standards-based computing
  leadership on MIME, LDAP, ACAP, NOTARY, MIXER, .
• Stability and continuity of leadership and team
  no one leaves
• Heavy duty expertise in enterprise messaging and
  directory infrastructure solutions 11 years in
  the trenches
• Worldwide customer base
• 2,500 installed sites
• 52 countries
• 11 international distributors
• balanced mix includes both end user and OEM
  customers

4
History of iii

• Founded September 1987
• Privately funded no conflicting agendas
• Rapid growth 39 CAGR for period 1991-1998
• Shipped worlds first commercial MIME
  implementation in May 1992
• DEC worldwide resale agreement in November 1995
• Sun Microsystems licenses PMDF for SIMS in
  February 1997
• Critical Angle acquired March 1998 LDAPv3
  technology leader
• Two engineering centers West Covina, CA and
  Austin, TX
• Strong technology base 30 of 45 team members
  dedicated to engineering and support

5
Innosoft International, Inc. Awards

• Network World
• 1998 Blue Ribbon Award

• PC Magazine
• 1998 Technical Excellence Awards

• Data Communications
• 1998 Hot Products Award

• Deloitte Touche
• 1998 Los Angeles Technology Fast 50

• Network Computing
• 1997 Well-Connecting Awards

• Digital News Review
• 1994-95 Target Award E-Mail Software

Inc. 500

• Inc. Magazine
• 1994-95 500 Fastest-Growing Private
  Companies

6

• Subjects of particular interest
• Interoperability with major players (e.g.
  Exchange/Active-Directory, Netscape, Siemens,
  Lotus, etc.)
• PKI readiness/interoperability
• "Meta-directory
• How DirectoryPortal fits in to industry
  standards activity, including DSML

7

• Order of Events!
• PowerDirectory Technology Presentation
• (key distinguishing features)
• LDAPter Technology Presentation
• DirectoryPortal Technology Presentation
• LDAPter Demo
• DirectoryPortal Demo
• Questions?
• Anytime

8
Enterprise Directory Servicesusing LDAP
Innosoft PowerDirectory
9
Innosoft PowerDirectory Features

• Very high performance and database scalability
• over 2000 queries/sec (Solaris 7, 4x360MHz
  UltraSPARC-II, 2GB)
• over 700 modifies/sec (Solaris 7, 4x360MHz
  UltraSPARC-II, 2GB)
• over 260 add deletes/sec (Solaris 7, 4x360MHz
  UltraSPARC-II, 2GB)
• supports millions of entries (recently
  benchmarked 54 million entries)
• supports multiple backend databases
• performance benchmark white paper available under
  NDA
• Fully extensible and flexible schema
• Rich access control model
• access controls in directory for PowerDirectory
  v5.0
• Unique secure LDAP chaining for real-time
  integration with other LDAP directories

10
Innosoft PowerDirectory Features

• Client access and server chaining over TLS/SSL
• Advanced replication services - 3 replication
  models
• master/slave
• fallback multi-master
• secondary shadowing
• CIM DEN support (latest draft of CIM schema)
• Search triggers
• Virtual attributes
• Stored transforms (a.k.a. stored procedures)

11
Innosoft PowerDirectoryInteroperability

• PKI-ready providing full support for X.509 v3
  certificates and certificate revocation lists
  (CRLs)
• Certified Entrust Directory Partner
• Valicert CRL product partner
• Checkpoint Firewall-1 and VPN-1 certified

12
PowerDirectory Server Transparent Chaining
Innosoft PowerDirectory Server
Netscape Dir
Directory Clients (web, mail, etc.)
Other LDAP Servers
Dynamic LDAP Chaining
LDAP
Novell Dir
LDAP/SNMP/HTTP
Exchange Dir
Directory Manager
13
Innosoft PowerDirectoryIntegrated Replication

• Available in PowerDirectory v5.0
• Uses LDAPv3
• weakly consistent replication
• reduced bandwidth demands
• 3 types Integrated Replication
• master-slave, fallback multi-master, secondary
  shadowing
• Primary and Fallback master servers
• masters coordinate to remain consistent
• Multiple slaves for scalability fast response
• secondary slaves to support replication
  hierarchies

14
Innosoft PowerDirectoryFallback Multi-Master
Replication
Primary Master
Fallback Master
synchronization
Updates
Updates
Incremental Update Propagation
LDAP Chaining
LDAP Referral
Replicated Slaves
Updates
Secondary Slave
15
Enterprise Directory Servicesusing LDAP
Technology

• Innosoft LDAPter Technology

16
LDAPter Technology

• Plugs into existing directories enhances
  functionality
• 5 distinct functions
• Proxy LDAPter Client-Server Proxy and
  Compatibility
• Security LDAPter Firewall-like Security
• High Availability LDAPter 24 x 7 Services
• (above LDAPters are packaged together but
  licensed separately)
• X.500 LDAPter X.500-LDAP Compatibility
• Utility LDAPter Extensible Management

17
LDAPter Technology

• 2 LDAPter add-ons
• LDAPter RSA module
• Provides RSA encryption algorithms for SSL
  compatibility and can be used with
  PowerDirectory Server, Security LDAPter and
  Utility LDAPter.
• LDAPter SDK
• Provides a C API, Java LDAP class library and
  command line tools to query, add, delete and
  modify entries via LDAP.

18
Proxy LDAPter

• Client-Server Proxy
• Controls forwarding of client LDAP operations
• search, compare, add, delete, modify, modrdn,
  extended
• Controls attributes permitted/forbidden in search
  and compare filters
• Recognizes and acts on directory server referrals
• forward, follow, discard
• Controls number of result entries returned to
  client
• Controls the search scope

19
Proxy LDAPter

• Enhancing Compatibility
• Provides client-server schema mapping
• Maps attributes between clients and server
• Allows a single, standard LDAP directory schema
  to support multiple different LDAP clients
• e.g. department -gt ou -gt department

20
Security LDAPter

• Protecting Connections
• number of simultaneous client operations
• number of operations a client can request per
  connection
• restricts the number of connections for a client
  group
• times out inactive clients
• Prevents denial of service attacks
• slows down operations forwarded to directory
  server
• attacker may think attack is working!

21
Security LDAPter

• Protecting Data
• Controls data access by hiding data
• attribute level (permitted/forbidden)
• entry level
• sub-tree level
• Provides TLS/SSL support
• between the LDAP client and the Security
  LDAPter
• between the Security LDAPter and the Directory
  Server

22
High Availability LDAPter

• Directories mission critical
• users get used to accessing data 24x7
• critical applications require 100 availability
• e.g., Corporate White Pages, PKI infrastructure
• Two Services
• Automatic Failover Failback
• Automatic Load Balancing
• Between multiple LDAP compliant directories

23
High Availability LDAPter

• Load Balancing

High Availability LDAPter monitors directory
servers for load and balances operations across
masters or slaves in a server group
24
High Availability LDAPter

• Transparent Failover

Masters or Slaves
High Availability LDAPter monitors directory
servers and detects server failure and redirects
operations until recovery
25
High Availability LDAPter- No Single Point of
Failure

• Three ways to ensure that the HA LDAPter server
  itself is always available
• High availability hardware - more expensive
  option?
• Multiple HA LDAPter servers - less expensive
  option?
• Use Dynamic DNS
• Use Cisco Local Director

26
LDAPter Technology -Whats Coming

• LDAPter version 2.1
• Currently in beta testing, target shipping date
  is end of 1Q2000
• New features
• Attribute-value pair matching, Improved logging,
  access controls by DN, auto restart, selective
  TLS/SSL between LDAPter and Directory, bug fixes
• LDAPter version 2.5
• Target for beta test is 1Q2000, target shipping
  date is 2Q2000
• New features
• Configuration GUI built with DirectoryPortal
  technology, log file rotation, dynamic
  reconfiguration on NT, bug fixes

27
X.500 LDAPter

• Leverages investment in X.500
• X.500 servers inter-operate with LDAP servers
• Enables X.500-based DUAs and DSAs to perform
  operations on an LDAP server

28
Utility LDAPter

• LDAP directory client
• Provides data managers and experienced users with
  a command line interface to the directory.
• Allows user to manage directories by
• navigating around
• viewing and modifying entries
• writing and executing scripts
• In V2.0 (commercially available 1Q2000)
• relocate subtrees
• server side relocate - most efficient
• client side copy, add, delete over protocol -
  least efficient (for servers that dont support
  the relocate operation)

29
Innosoft DirectoryPortal
Enhancing Enterprise Directory Services with
XML-based LDAP access
30
DirectoryPortalGet More Value From Your
Directory

• Directories are increasingly a rich information
  asset
• users require new and various directory-enabled
  apps
• no single vendor will implement all the apps you
  need
• Provide richer directory access from the desktop
• preferably via web browsers
• allow for evolution and easier data integration
• allow for easy customization and re-branding of
  apps
• define your own directory schema and look-n-feel
• by your web administrators, not LDAP protocol
  programmers

31
DirectoryPortal Rich Information Access

• Most organizations have multiple directories and
  require tools
• to synchronize information
• to allow dynamic information integration
• that are easily customized
• based on industry standards
• There is high value in directory information
• address books are useful, but also very limited
• different views for various users and
  applications
• lots of directory-enabled apps are required

32
DirectoryPortal Technology

• Deliver richer information to the desktop
• Web-accessible
• Based on standard XML technology
• Application Builder Run-time Java Server
• White Pages Application (DirectoryPortal Browser)

33
DirectoryPortal Why XML and LDAP?

• XML provides a unifying framework
• Specify XML templates to be filled in
  dynamically
• Access content from multiple sources
• LDAP tags specify access and update actions
• SMTP tags to allow e-mail triggered by business
  rules and directory content
• WAP/WML prototype available today
• SQL tags (coming in next release)
• Present unified information on the desktop
• XML template evaluated by Java server
• content obtained dynamically from directory(s)
• dynamic joins, sorting, etc.
• dynamic HTML generation

34
DirectoryPortalIntegrating XML with LDAP

• Framework using XML templates and Java server
• very high-level LDAP programming for web
  authors
• middleware server engine collects dynamic
  content
• HTML generated on-the-fly
• XTL - eXtensible Template Language
• an XML application providing LDAP specific tags
• ltldapsearch gt
• ltldapadd gt
• ltldapschema gt, etc.

35
DirectoryPortal Builder

• Used to develop applications
• XTL template language
• Use XML Web authoring tool
• e.g. Dreamweaver, Fireworks (Macromedia)
• XTL pre-processor - for server compatibility
• Test environment
• Available for any Java 1.1 platform
• Solaris, NT, Linux, etc.

36
DirectoryPortal Server

• Executes production applications
• translates pre-processed XTL applications
• talks standard LDAPv3 to any LDAP compliant
  directory servers
• can run standalone or uses popular web servers
• run-time monitoring, dynamic property editor
  included

37
Enterprise DirectoryPortal Browser

• Customizable corporate directory application
• works with any LDAPv3 capable directory server
• e.g., Innosoft, Microsoft, Netscape, Novell

38
Enterprise DirectoryPortal Browser

• Enterprise DirectoryPortal Browser includes the
  following
• DirectoryPortal Builder license
• one DirectoryPortal application server license
• corporate directory browser XTL source code

39
DirectoryPortal Architecture
LDAP enabled Directory Server(s)
DirectoryPortal Server
Web Users
LDAP requests
URLs
LDAP results
HTML
Server engine executes XTL templates, invoking
LDAP tags to issue LDAP requests and dynamically
generates standard HTML/WML back to the
browser based on the formatting described by XML
markup
URLs
WML
Application-specific Template Files w/LDAP tags
Phone Users
40
DirectoryPortal -Whats Coming?

• Version 2.0 of DirectoryPortal(1Q2000) will
  focus on support for applications using WML, DEN
  and DSML and will include
• LDAP Directory based property sheets that
  simplifies management of multiple servlets for
  load-balancing and availability
• Support for SQL access and update to extend the
  DirectoryPortal to applications requiring
  translation of directory content to and from
  RDBMs
• Multi-part HTTP requests for binary file upload
  to support applications that allow users to
  upload images, audio, or other binary objects
  that are to be stored in a directory. Especially
  useful in applications that permit the user to
  upload photos, audio clips, or certificates for
  transfer to a directory entry
• DSML support

41
DirectoryPortal -Whats Coming?

• DSML - LDIF with angled brackets?
• The DSML.org has developed a specification for a
  Directory Services Markup Language (DSML)
• DSML is an XML application that performs a
  function analogous with the LDAP Interchange
  Format (LDIF), it uses XML rather than the LDIF
  line-oriented syntax to represent LDAP directory
  content
• DSML is compatible with XTL
• DirectoryPortal may be used to generate and
  process DSML content from external resources

42
Summary

• Innosoft continues to lead and innovate in LDAP
• LDAP products solve real world integration issues
• Innosoft product suite offers a lot of useful
  technology
• high performance and scalable LDAPv3 server
• LDAPter for additional security, load balancing
  failover
• XML/Java LDAP DirectoryPortal for web
  integration
• Innosoft tries to solve customer problems - it
  doesnt just sell technology!

43
Questions

• ?

44
LDAPter TechnologyDEMO

• Intranet
• Search for re
• Gigi Reddick with mobile number and correct dept
  info
• Rebecca Barnhart - left the company?
• Rex the dog!
• Extranet
• Search for re
• Gigi with no mobile and dept manager (attribute
  mapping)
• No Rebecca (DN) and no Rex (subtree)

45
DirectoryPortal Demo
WAP (includes URL)
LDAP requests
HTTP
Encoded WML
LDAP results
WML
LDAP Directory Server(s)
UP.Link WAP Server
Wireless Phone Users (simulated)
DirectoryPortalServer