RealTime IT News

Red Hat Readies Identity, Policy, Audit Offering

While the name "Netscape" is now mostly dead, its progeny continue to survive and develop. Many are familiar with Mozilla's efforts on the browser side, but Netscape also had another business -- a directory server business now run and expanded upon by Linux vendor Red Hat.

Red Hat has been busily building out a major new evolution of Netscape Directory Server that will officially be called Red Hat Enterprise IPA (Identity, Policy and Audit).

"A challenge historically for Directory Server has been the need for solutions wrapped around it," Karl Wirth, director for Red Hat's security business, told InternetNews.com. "While it's a very powerful technology and solution in and of itself, it can be used in so many different ways that has sometimes made for a challenge in adoption."

"That's the point of IPA, to focus on a particular use of the directory at its core and think through that use in every detail and provide a more wrapped-up solution for it," he said.

When it debuts, the product will have had a long and storied history. Red Hat Enterprise IPA is based on the FreeIPA project, which aims to be an easy way for system administrators to install, set up and administer centralized identity management and authentication.

The project had originally been set for inclusion in Fedora 8 but didn't make it into the final build. FreeIPA itself is built on what had once been the Netscape Directory Server, an LDAP-based server that since became Fedora Directory Server and later, Red Had Directory Server.

Red Hat Directory Server remains at the core of Red Hat Enterprise IPA, which adds additional features and capabilities.

The company acquired Netscape Directory Server from AOL in September 2004, paying $20.5 million in cash for it and other Netscape enterprise technologies.

While the original Netscape Directory Sever code had been closed source, Red Hat began the process of providing a completely open source version of the code starting with the Fedora Directory Server project in 2005.

Earlier this year, the company released the first enterprise Red Hat Directory Server version based entirely on open source code.

Businesses can use Red Hat Enterprise IPA -- and its core Red Hat Directory Server component, which will also be sold separately -- in two different ways.

Traditionally, a business would use the directory server for access and identity -- with the server providing authentication services from the back end of a Web-based system like an extranet or customer-facing portal.

Wirth also said he expects businesses will tap Red Hat Enterprise IPA for a second type of usage, "what used to be called Network Operating System (NOS)."

In a NOS scenario, Enterprise IPA could provide identity and access management for the operating system. It would replace Network Information Service -- a standard Unix tool -- to manage user, group and machine authentication and authorization.

"I anticipate customers will use IPA there instead of just Directory Server because it builds and layers functionality on top of the Directory Server," Wirth said.

Red Hat doesn't intend Enterprise IPA to serve as a Network Access Control (NAC) solution -- at least, the way many networking vendors today use the term. While NAC is a somewhat nebulous concept, it generally involves authentication as well as some form of pre-admission validation to identify the security of a given endpoint.

Though Red Hat Enterprise IPA is not NAC, Wirth said synergies between IPA and NAC are likely to develop over time.

While Red Hat Enterprise IPA represents a major new evolution of Red Hat's Directory Server that could attract new users, Wirth said Red Hat still retains a solid base of users from the Netscape Directory Server era.

"We've added to it since but the base has stayed with us," Wirth said.