Isode Products

Directory Products

M-Vault in Depth

Directory Management

Directory Evaluations

Isode Directory ProductsManagement tools for Isode's M-Vault Directory Servers can be split into four categories:

 

 

Management Tool Deployment Targets

The Isode directory management tools are designed for building and managing a directory service based on M-Vault servers. Some of the tools, such as Sodium, can also be used with other directory server products. While the tools can be used effectively for very small configurations, the primary target of the GUI tools is for large and complex configurations with many servers and high volumes of data.

 

Management Tool Key Benefits

The Isode GUI directory management tools have a number of important benefits:

  1. Client/Server. The use of the client/server approach to the management means that management functions can be carried out from a remote client, servers can share configuration information, and servers do not need to be stopped for management operations.
  2. Multi-Platform. The use of Tcl scripting language, in conjunction with the Tk windowing mechanism is very powerful. Tk gives a windowing technology which can be used with Windows or Unix management stations. The Tcl scripting language provides easy extensibility for the Isode management tools. This is important, as in many complex situations tools need to be adapted.
  3. High Scalability. The tools are designed with the large enterprise as a key target, scaling to high volumes of data and many servers.
  4. Enterprise View. The model driving the management approach is the "enterprise view" of the directory, contrasting with the work group or desktop view. This is key to successful large deployments. The tools work naturally in an environment with many servers.
  5. Scripting Interfaces. The Isode approach to management tools provides both a graphical and a scripting interface for all functions. The requirements for graphical interfaces are well understood. For large configurations however, graphical interfaces can be cumbersome when dealing with repetitive operations and the Isode scripting interfaces give an important mechanism for dealing with repeated operations. Scripting interfaces can also be used for remote installations.
  6. Powerful security configuration. The Isode security management provides clean mechanisms for handling the powerful X.500 (1993) access control mechanisms. It also provides the means for managing authentication in a heterogeneous environment, which will be key to increasing the level of security in an operational directory service.

 

Management Tool Features

There are a number of core elements to the Isode management tool approach, which apply to several of our tools:

Tcl/Tk

The Tcl scripting language is a powerful scripting language, which effectively supports embedded code. It is being developed and promoted by Sun Microsystems. As well as being a flexible and extensible scripting language, Tcl enables the provision of graphical tools by use of the Tk windowing system.

Tcldish and Ltcldish

Basic client access into the directory is provided by two related programs; Tcldish and Ltcldish.

Tcldish (Tcl Directory Shell) provides a scripting interface onto the X.500 DAP (Directory Access Protocol) operations, as embedded Tcl commands. This results in a clean interface, which can be used as the basis for writing Tcl programs to access the directory. The EDM tool, some of the Certification Authority tools, some of the bulk loading tools and the DDM tools are all built over Tcldish.

Ltcldish is a variant of Tcldish which uses LDAP instead of X.500 DAP. Wherever possible, Ltcldish is compatible with Tcldish. There are some variations because of differences in the protocols (particularly attribute handling). It is important to expose these differences at the interfaces because the functionality will often be needed by management tools and other applications built on Tcldish or Ltcldish. Both programs will allow tools to be built which can be easily adapted to run over either LDAP or X.500 DAP.

X.500 DAP

Isode management tools use X.500 DAP. Open security is seen to be a highly desirable characteristic of directory management tools. The ASN.1 attribute encoding of DAP also makes it a more suitable protocol for complex management tools.

 

Management Tool Performance and Scalability

For most of the tools, raw performance is not an issue, as they simply need to respond reasonably sharply to the user. It is important that the tools will handle large configurations, and they are designed to work with enterprises with several million entries and several thousand servers.

 

Management Tool Conformance

ITU X.500 The Directory: Overview of concepts, models and services, ISO/IEC 9594-1, 2001
ITU X.511 The Directory: Abstract service definition, ISO/IEC 9594-3, 1993
RFC 2251 Lightweight Directory Access Protocol, M. Wahl, T. Howes, S. Kille, December 1997
RFC 2248 Network Services Monitoring MIB, N. Freed, S. Kille, January 1998
RFC 2247 Using Domains in LDAP/X.500 Distinguished Names, S. Kille, M. Wahl, A. Grimstad, R. Huber, S. Satalari, January 1998
RFC 1567 X.500 Directory Monitoring MIB, G. Mansfield, S. Kille, January 1994
RFC 2849 The LDAP Data Interchange Format (LDIF) - Technical Specification, G. Good, June 2000

 

Supported Platforms

M-Vault Server management tools are available on Solaris, Windows, Linux and HP-UX. More details on supported platforms and versions can be found here. Client products are also supported on Windows XP.
Copyright © 2008 Isode privacy   feedback Subscribe to our rss newsfeed