RealTime IT News

Sun Consolidates ID Management Systems

Sun Microsystems has launched three identity management applications that combine its existing product line with technology it acquired from WaveSet in November 2003.

The new lines are part of a major product and service announcement that Sun launched Tuesday, which also shines a spotlight on its ID Management systems that have been gaining traction around the globe.

Java-based System Identity Manager, System Access Manager and System Directory Server Enterprise Edition will be generally available on July 1st for enterprises looking to incorporate ID management.

The technology is used to allow employees, partners and customers access to the company intranet using any number of methods (wireless phone, PC, etc.), securely and allowing access only to pre-determined areas. So, for example, an employee might have rights to several back-end databases and applications for processing orders but a customer or partner would only have access to, say, the front-end order processing application or portal.

Officials at the Santa Clara, Calif., software and hardware company are looking to gain market traction with its three products, which are the combination of eight separate Sun and WaveSet applications. They include:

  • Identity Manager provisions and manages individual user accounts, whether the end user is accessing the network by email, phone, device or PC. It also synchronizes user accounts.
  • System Access Manager provides the support for entering the network using the federated ID standards of the Liberty Alliance and Security Assertion Markup Language 1.1 specifications.
  • System Directory Server - the database repository for all the identity policies and information, featuring load-balancing, security and integration with the Microsoft Active Directory.

Pricing, which depends primarily on the scope of the network and the number of people using the software, is varied, and runs between $50,000 and $150,000. In the case of the Directory Server, pricing is dependent on the number of entries contained in the database.

If it seems odd that Sun -- which helped create the Liberty Alliance to foil the federated ID strategy of Microsoft's .NET and Passport -- would include Active Directory support, it's a concession by the long-time rival of the Redmond, Wash., giant of the software's dominance in the industry.

Sara Gates, Sun director of product management for ID management, said they do plan on expanding support to other directory services but are first concentrating on customer demands for Microsoft support.

"Most customers have both Active Directory and the Sun Directory and we're providing the ability to keep passwords in synch between those two directories," she said. "I do think that we expand that over time, but right now those are the most frequently requested."

Sun and other software vendors are rushing to provide a consolidated ID management offering as more companies come on board the technology movement. As the desktop becomes one of several tools to access the network, as well as the integration capabilities of Web services and service-oriented architectures, keeping track of user identification and permissions across multiple applications and even other networks is becoming ever more important.

In addition to Microsoft's Passport option, Hewlett-Packard jumped into the fray a couple weeks ago with its announcement to acquire TruLogica, an ID management firm. The merger is seen as a key addition to HP's utility computing strategy, called the "Adaptive Enterprise."

While officials concede HP's entrance into the ID management space as potential competitors, Kevin Cunningham, Sun's director of ID management marketing, said the company's purchase of TruLogica doesn't put them on the same playing field as Sun.

"HP is missing a couple key components, I believe," he said. "They don't have anything at the repository level; they just acquired something at the management level, unproven technology, a relatively new player in the marketplace [with] very few customers. They are also missing something in the synchronization area."

The real aim at Sun, he said, is to knock off IBM, which wraps the technology in its Tivoli software, though Cunningham believes they are behind the curve as well.

"If I wanted to pick a competitor who I think most closely represents our strategy, it would be IBM, because they've got all the piece parts -- they've got the directory, they've got provisioning, synchronization, they've got the access and authentication," he said. "They haven't coalesced them like the way we're aggressively doing so. Will they do so? I think so.

"Our goal is to create a two-horse race between IBM and Sun," Cunningham added.

Earl Perkins, a vice president in research firm META Group's technology research services division, said companies like IBM and Computer Associates should take Sun's identity management push seriously. Unlike previous acquisitions, where Sun would buy up the technology and gut the development team with its own engineers, this time around 100 employees are staying. More importantly, they're making all the decision-making within the ID management group.

"To be honest, there's still some merger inertia to overcome," Perkins said. "But I'll grant you this, the inertia seems to be dispelling at a quicker pace than the analyst community expected; we didn't expect Sun to incorporate and move this quickly.

"One of the reasons we think it's moving quickly is [Sun's] decision to allow the WaveSet team to make the decisions," he added. "We feel that IBM, Tivoli, Novell, CA, BMC and the others should be a bit more concerned than they were in January, when they thought the WaveSet acquisition would go the way of Sun acquisitions of the past."

The end goal for Sun is to wrap all three products into their Java Enterprise System (JES), Sun's $100 per employee, per year software and services package. Designed, obviously, for the enterprise, it wraps up the infrastructure needs on the network: network identity, Web and application, communication and collaboration, portal, availability and security services.

However, Sun is not quite as integrated with network identity and JES as they would like. While System Directory Server and Access Manager -- the repository and security software -- are both fully integrated into the JES, the Identity Manager that handles identity permissions and profiles, as well as synchronization, will not be integrated in the foreseeable future.

Cunningham expects it to be completed early next year, though a lot of work remains to be done it seems. He mentioned the need to work with the Identity Manager's installer, as well as synching the common component usage between the two before the JES and application are fully integrated.

"Just from a technical perspective, there's some work to be done before we can say, 'yeah, this is integrated at the JES level,' " he said.