www.novell.com

Joe SkehanSenior Product Manager,Net Directory ServicesNovell, Inc.jskehan@novell.com

Introduction to Novell DirXML™ Introduction to Novell DirXML™

Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries

MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Mag

nit

ud

e

Time

Managing Rising Complexity

IT complexity

Ability to manage

Cost to manage

Potential cost to manage

DirXML™

MessagingMessagingNOSNOS

NovellNovelleDirectory™eDirectory™

ActiveActiveDirectoryDirectory

DatabaseDatabase

OracleOracle

InternetInternet

UNIX NISUNIX NIS

DB/2DB/2

LotusLotusDominoDomino

MicrosoftMicrosoftExchangeExchange

eDirctoryeDirctory

iPlanetiPlanet

NovellNovellGroupWiseGroupWise®®

IBMIBMSecureWaySecureWay

The Premise

MS SQLMS SQL

eDirectory™eDirectory™eDirectory™eDirectory™

Identity Integration

Micro

soft

Applic

atio

ns

Mes

sagi

ng

Applic

atio

ns

ERP

Applic

atio

ns…

DirXMLDirXMLDirXMLDirXML

Identity Repository

Identity Identity ProvisioningProvisioning

Identity Identity ProvisioningProvisioning

Business Policies and PracticesBusiness Policies and PracticesBusiness Policies and PracticesBusiness Policies and Practices

Networking Networking & Storage& Storage

Networking Networking & Storage& Storage

AccessAccessSecuritySecurityAccessAccess

SecuritySecurityApplication Application ProvisioningProvisioningApplication Application ProvisioningProvisioning …………

Novell Identity Provisioning

…………CollaborationCollaborationCollaborationCollaboration

Identity Integration

Connects together systems that don’t talk to each other

XML provides the normalization layer

Transforms data•Syntax—09/06/01 vs. 06/09/01•Meaning—HR change to access systemXSLT provides the methods

Enforces Authority•Who and what have access and control to what data•Fully distributed supporteDirectory provides support

Employee Provisioning Example

Server Platform

Domino Directory

Lotus Notes

Server Platform

Oracle

PeopleSoft

Server Platform

Microsoft Active Directory

Windows 2000 Server Management

Server Platform Server PlatformServer Platform

Identity Provisioning

Employee Provisioning Example (cont.)

Microsoft Active Directory

Windows 2000 Server Management

Domino Directory

Lotus Notes

Oracle

PeopleSoft

Common Provisioning Paths

HRe-mailNOS

HRe-mailNOS

ApplicationsDatabases

ApplicationsDatabases

Building Security

PBXFacilities

Building Security

PBXFacilities

OS’sOS’s

Phase I

Phase II

Phase IIICustomersCustomers PKIPKI

Identity Provisioning Goals

• Provide solutions that customers clearly• See as meeting a need and providing value

Offer a whole car, not just a really cool engine

An x-wing fighter, not a bunch of legos• Reduce implementation time

Show clear, short-term ROI• Establish a “stake in the ground” in

specific markets

MercuryIdentity Provisioning for Employees

• Employee Provisioning will be the first entry

• Product offerings focused on phase-one “implementability”

• Employee Provisioning Offering integrates • HR, e-mail, NOS, and directories

HR = PeopleSoft and SAP E-mail = Exchange, Notes, and

GroupWise®

NOS = NT, Windows 2000 and NetWare Directories = eDirectory and Active

Directory

Identity Integration Drivers, Current

• Active Directory• eDirectory• NT Domain• LDAP

iPlanet, SecureWay, OpenLDAP, CriticalPath, Siemens

• x.500

• Exchange• Lotus Notes• GroupWise

• PeopleSoft• SAP HR

• Delimited Text• JDBC

Oracle, SQL Server, DB/2,Informix

• MQ Series

• Password Sync NT, AD, eDirectory

Identity Integration Drivers, Futures

In engineering

In planning

To be scoped

MQ Series NDS/Bindery Lawson HIPPA (HL7)NIS Entrust &

VerisignNavision Nortel PBX

Cisco Secure ACS

PS Student Admin

Oracle Financials

Siemens PBX

Avaya (Lucent) PBX

SyncML PeopleSoft CRM (Vantive)

Remedy

Honeywell Security

RACF SAP Sales and Dist

x.500 ACF/2 SiebelBanner AS/400 JD EdwardsSIF Top Secret Passport

Provisioning Console

• Phase 1—Delivered with Redstone Filter configuration GUI Rules management GUI

• Phase 2—Pioneer Admin add/remove/configure (workflow) User self management Status GUI Auditing/reconciliation Workflow integration (currently with Metastorm)

Redstone

• Updated engine July ‘02

• Data flow and configuration GUI• Support for XP and AIX• Status log update• Updated drivers• Build refresh

Voyager I and II

•Multi-level password management support•Use only what you need•Built on Redstone engine•Password Synchronization shipping today for eDirectory, NT & AD

AdminPassword

Reset

UserPassword

Set

Password Sync

Redstone

DirXML 1.1

• Shipped in January• Updated integration engine, GroupWise driver

added, driver updates, includes eight drivers• Unbundled offerings• Future:

Integration engine will continue to be offered separately

Engine and drivers will be sourced to meet specific needs

Continued enhancements

Purchasing Options

•Generic DirXML Bundle NT, AD, eDir, Exchange, Notes, GroupWise, Text & LDAP $29 per association

•Add-on Drivers for $10/per association PeopleSoft, SAP HR, JDBC & MQ Series

•Individual basic drivers for $6/per association NT, AD, eDir, Exchange, Notes, GroupWise, Text & LDAP Includes engine for use with the driver only

•Unlimited use of any one driver for $600k (5 million cap)•License for non-Novell production driver

$2/per association or $65K unlimited (5 million cap) License any 6 drivers and this is included

DirXML 1.1—What’s New

• Remote loader• Enhanced error logging• Command transformation rule• Rule chaining• Dynamic class loader• Licensing enhancement (activation)• Driver updates• GroupWise driver

DirXML 1.1Remote Loader

• Drivers can run separately from the engine and eDirectory

• Two parts: Remote Loader shim

• Runs with the DirXML engine• Provides the connection to the Remote Loader Service

– IP connection via SSL

• Java-based Remote Loader service

• Runs with the remote driver• Java & C++ service or daemon• Supports any driver

DirXML 1.1Remote Loader

NovelleDirectory

DirXML

DirXMLEngine R

em

ote

L

oad

er

Sh

im

Novell eDirectory Server

Application

Rules & Stylesheets

Rules & Stylesheets

DirXML DriverShim

Re

mo

te

Lo

ade

r S

erv

ice

Subscriber Channel

Publisher Channel

Enhanced Error Logging

• DirXML engine and drivers Historically, errors have been written in multiple

locations Errors are now written to the appropriate object:

• Driver set• Publisher• Subscriber

Errors are still written to log files and the trace screen

This greatly reduces effort needed to find error information

Order of Rule Processing on the Subscriber Channel

ConvertEvent

toXML

EventTransformation

Does an association

exist?

SchemaMapper

OutputTransformation

MatchingRule

CreateRule

PlacementRule

Subscriber Add Processor

SubscriberFilter Event

Cache

NO

YES

The DirXML Engine

CommandTransformation

The DirXML Engine

Order of Rule Processing on the Publisher Channel

MatchingRule

CreateRule

PlacementRule

Publisher Add Processor

InputTransformation

SchemaMapper

EventTransformation

PublisherFilter

ConvertXMLto

NDS

NO

YES

Does an association

exist?

CommandTransformation

DirXML 1.1Rule Chaining

• Stylesheets can now be called from an XML rule

• Example is to create a rule that needs to set a password using a specific password policy

Dynamic Class Loader

• In DirXML 1.0, the administrator needed to reload the JVM if:

The classpath changed A new .JAR file (Java drivers) is added

• Dynamic Class Loader New .JAR files are loaded upon request Reload JVM only if replacing an existing .JAR file

DirXML 1.1 Activation

• We now produce and ship only one CD for both evaluation and licensing

Includes a 90-day evaluation license• License fulfillment service (web page)

Activations licenses generated on demand License domain based on the tree (guid)

• DirXML 1.1 current bundle Engine activation Eight drivers loadable

• Solution bundles Engine activation Specific drivers loadable

DirXML Activation

• “Activation” is the process of changing a DirXML evaluation product into a to a fully functional product installation

• Activator assists customers in notifying Novell about:

Themselves The product they are activating The “domain” they are activating the product in

• Novell validates that the product has been invoiced before it is activated

Updated Drivers in 1.1

• Active Directory Added Exchange 2000 support New secure authentication field

• eDirectory Renamed to “eDirectory” Obviates the need for remote loader

• Already remote capable

Updated Drivers in 1.1 (cont.)

• Exchange All ten custom attributes now supported All DAPI API attributes now supported on the

subscriber channel

• Lotus notes Multiple databases now supported from a single

instance

Drivers, New, GroupWise

• Included on DirXML 1.1 CD Separate install

• Supports Versions 5.5 and 6.x• Account provisioning

Add, Modify, Move, Rename Synchronizes attributes

• Requires DirXML 1.1

wiN big

gear up,rope in, and climb on

gear up,rope in, and climb on

with Novell Provisioning solutions

with Novell Provisioning solutions

Novell Provisioning table

pick up your entry card today

in the one Net solutions

lab

at the