Sun Microsystems has just announced at the annual MySQL Conference that it is adding extended support for MySQL into its Identity Management stack. That's great, but what does it mean? For one, MySQL is hugely popular - starting off as an embedded open source database, and slowly but surely pushing into the enterprise RDBMS area over the years. Most enterprises use MySQL somewhere - some of them use MySQL strategically (i.e.: if you need a database, consider MySQL as one of the option, or even as the default option).
So what does this have to do with identity management? Most databases are used by applications, and many of these application have some user schema in their databases. This means that identity information is widely dispersed through very many different databases throughout the enterprise, like a mosaic. Identity management over the years has been making the promise to consolidate, bind together and manage identity information, and Sun Microsystems has an extensive identity management offering that does exactly that. Sun's added support for MySQL with their entire identity stack takes this to a new level by allowing organizations to bind together data regardless of whether it is stored in an classic directory or relational database.
For one, Sun Microsystems has enhanced and strengthened the links between MySQL and the two directory servers: DSEE and OpenDS. DSEE (Directory Server Enterprise Edition) is Sun Microsystems' flagship directory server that combines essential enterprise features with carrier class scalability. OpenDS started off as a project to be Sun's next generation directory product line, and is very successful as an embedded directory. In several years, OpenDS is due to replace Sun's current flagship directory server, DSEE (Directory Server Enterprise Edition).
The enhanced integration brings numerous advantages to both enterprise and telco directory scenarios, and I'll go through them briefly. Let's start with the Telcos, as it is always impressive to talk about massive scalability, availability and speed. MySQL can be used as a back-end data store for OpenDS, Sun's open source directory server. According to an announcement made yesterday, OpenDS Standard edition can be integrated with MySQL Cluster. When used together, the OpenDS provides the LDAP directory front-end to a rock-solid, clustered relational database. This is really interesting for Telcos, service providers and other very large directory users that need scalability and have very high availability requirements. Using a clustered relational database such as MySQL Cluster as a back-end for OpenDS allows administrators to gain extra flexibility for data management which comes in really handy when the amount of data is massive. It also give more options for providing a on-stop directory service. LDAP Directory servers are typically deployed as a set of equivalent multi-master servers - each "master" managing an autonomous copy of the data set. A replication mechanism is then used to keep all masters in synch. Now add the clustering features, and the resulting mix is like a swiss army knife for those that need the ultimate flexibility and resilience in directory services.
In fact after this integration, OpenDS and OpenLDAP are the only directory servers that allows users to choose either a "traditional" Berkeley DB based embedded backend or a relational database backend to be used. The former is great for enterprises that prefer a maintenance-free zero-administration back-end, and because of this many directory servers have traditionally used Berkeley DB. The latter, using a fully-fledged relational database as a back-end for directory servers opens up many possibilities in terms of data management, but is more difficult to manage. Traditionally, users had to choose a different product depending on whether the priority was ease of maintenance or sophisticated data management features when choosing a directory server. Now OpenDS have a choice with the same product. But not just OpenDS, Sun is actually licensing MySQL cluster as "MySQL Cluster Carrier Grade Edition" to be used either with OpenDS or OpenLDAP. I know quite a few LDAP directory administrators working in large Telcos, and I'm sure they're thrilled.
On the enterprise side, Sun has added virtual directory features to DSEE to easily link into MySQL databases. This means that data that used to be stashed away in MySQL databases can now be made easily through the LDAP protocol. Being an advanced feature of virtual directory servers, it shows Sun's commitment to extend their virtual directory offering.
But MySQL support has not just been enhanced in Sun's directory servers. Sun Identity Manager can read and provision identity data to and from any MySQL database schema, and can now even use MySQL as its primary internal data repository. Role Manager can use MySQL as its identity warehouse. OpenSSO can also use MySQL as an identity repository. In a way this was to be expected when Sun acquired MySQL a bit more than a year ago - to start building on its acquired RDBMS platform and integrate it with its other offerings, in this case Identity Management. It is actually quite impressive how fast this integration has happened when compared to other vendors who take considerably longer "digesting" acquisitions and combining them to maximise value.