Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos

Addison M. Fischer founded Fischer International in 1982 to focus on messaging, security and now, secure e-business and directory management. In 1990 the multi-platform based messaging system Totally Automated Office (TAO) was released to satisfy the needs of collaborative messaging. Five years later Fischer released SafeBoot for computer access control and data security. SafeBoot was extremely popular with government agencies, and as a result, Fischer had no need to advertise as the demand for their products were extremely high.

Times, of course, have changed, Lotus Notes, Novell GroupWise, and Microsoft Exchange have replaced the majority of TAO's installed base, partly due to internal politics and personal preference, but mainly due to the industry's acceptance of the 'big three messaging systems'. Following the decline of TAO's popularity, Fischer launched its consulting services division in 1998 to more effectively respond to client needs and customized requests. In 1999 Prio! was introduced as an Enterprise Directory Synchronization and management tool.

Originally, Prio!'s primary competition came from ISOCOR, which was acquired by Critical Path in 1999, leaving the door wide open for the joint Fischer/Siemens synchronization package which took place in the first quarter of 2000.

Product Strategy and Trajectory:

Because Prio! SecureSync, as an automated solution to tie disparate directories together, does not require all data to be initially centralized. Prio! SecureSync will centralize data to the authoritative master following designation. Fischer International is targeting enterprise organizations with multiple disparate operating systems and/or databases that need automated directory and synchronization management.

Typically organizations have both a primary database repository containing all user names and descriptive information under the control of Human Resources (HR), and multiple Network Operating Systems (NOS) and Messaging Systems, controlled by various internal organizations, which require synchronization and management. Once an "Undisputed Authority" (Central Repository for all Employee Information) system has been designated, any change to any user information will be propagated to all designated systems on the network. A good example of this is: John Smith leaves an organization where he had accounts on multiple systems. Without a complete synchronization and management solution in place, John's account on many systems will remain intact for up to 6 months, exposing serious security vulnerabilities. Prio! SecureSync will remove all of John Smith's accounts immediately, eliminating potential security issues.

Figure 1 illustrates how when John's account is removed from the Authoritative system, the information is immediately propagated to all directories within the organization.


In addition to synchronizing and managing accounts, Prio! SecureSync has the ability to synchronize user passwords. Often a user will have an account on multiple systems, requiring multiple logins and therefore increased administrative overhead. With SecureSync, users will only have to use one password to access all necessary data.

One of the most impressive features of Prio! SecureSync is its support for a wide variety of directories. Almost as impressive is its flexibility to designate any system on the network from the PBX to PeopleSoft or a messaging system to be the Authoritative system. So what are the components of SecureSync?

1. Prio! Enterprise Directory - The core component of SecureSync supports both Lightweight Directory Access Protocol (LDAP) and X.500 protocols. The enterprise directory serves as Prio!'s central repository for all user information, from directory associations to security certificates.

2. Secure Sync Join Engine - The Join Engine handles all propagation changes to all designated directories.

3. SecureSync Meta Agents - These are software components that reside on all designated directories, which extract user information and send that data to the SecureSync join engine. These same agents will also receive directory information updates and will make the corresponding changes on the Meta Agent's "home" directory. It is important to note that Meta Agents are able to report and make changes to directories down to the attribute level. The agents support either pre-defined or customized filters and customized scripting for data manipulation.

4. Prio! Meta-View - The meta-view is a composite view of directory information from a variety of different repositories. For example the employee telephone number may exist in Exchange, NDS, and the HRS database. However, the HRS department may have ownership of the telephone number attribute, making the HRS database the authoritative source for the telephone number. This means that the meta-view must get the phone number from the HRS database. It also means, should the Microsoft Exchange administrator change the phone number within Exchange's database, the system will not push the exchange phone number to other repositories, as the HRS system is the authoritative source of this attribute.

Messaging Directories Supported

* Microsoft Exchange

* Lotus Notes

* Fischer Totally Automated Office (TAO)

* Novell GroupWise

* Netscape Mail

Directories Supported

* RACF

* Novell Directory Services (NDS)

* PeopleSoft

* SAP

* Microsoft Windows NT 4.0

* Microsoft Windows 2000 Active Directory Service (ADS)

* Any ODBC compliant databases

* LDAP compliant databases

Fischer International will create a customized connector to any directory upon request. The following diagram illustrates how Prio! SecureSync will enable organizations to "tie" their disparate directories together.


SOURCE:
http://www.technologyevaluation.com/research/articles/fischer-s-prio-securesync-a-solution-to-enterprise-directory-chaos-15826/