Contact Us

Virtual Trees

Related Products
Virtual Trees can integrate with any LDAP backend server, and if you are using Virtual Directory Server can be used to host data from relational databases. If you're using one of the servers listed here, please click on the link and have a look at some of the other solutions that Symlabs can provide for you.
Challenge

Often enterprise environments consist of discrete entities or organizations that may work together in some form of federation or unity. While each organization or entity may control their own servers and core data, all members of the federation or unity may want to access a central point that contains information for all members. This is commonly achieved using a virtual directory, but there are various approaches to collating data to present it in a single unified view.

Configuring a Virtual Directory to unify the presentation of data stored across a variety of different backend repositories so that it can be easily accessed as if it is stored within a single LDAP tree structure, can be challenging for even the most experienced administrator.

Solution


The Virtual Tree plugin that is bundled with Symlabs' LDAP Proxy and Symlabs' Virtual Directory Server allows you to unify data stored in different locations within a completely virtual namespace, maximizing control over presentation and data structuring. This virtual tree facility functions in such a way as to allow you to completely abstract the data stored in any of your backend servergroups so that a client is only aware of the directory information that you set out to present.

The Virtual Tree facility can be configured in such a way that you can quickly build a virtual tree structure with mount points to particular branches or data structures stored within several different backend directories. The virtual tree is constructed to represent an organizational unity. Directory trees stored on different servergroups can then be 'mounted' onto nodes within the virtual tree. In this way, you can build a virtual tree that only presents the data that you wish to present, and that can present it in the way that you want it to appear.

There are numerous advantages to this approach, including the fact that you can limit access to only the branches that you wish to present on each backend, improving the overall security of your directory servers. Furthermore, you are able to build a completely distinct directory structure that is not dependent on the structure of any particular backend server. Configuration is also incredibly easy, as administrators can literally design the structure of the virtual tree as they work on it, and simply select the data that they want to import into it.

The staged processing model is also very accommodating to virtual trees. Each listener offers the option to apply processing functionality either in the front of the Virtual Tree, or behind it. This allows you to use plugins or custom scripts to further alter the presentation of data as it is served from the Virtual Tree, or you can use plugins and scripts to alter how the Virtual Tree accesses data within the backend systems that it connects to.

The  Virtual Tree approach to Virtual Directories can be used to resolve a multitude of integration challenges and is one of the best starting points to start familiarizing yourself with Virtual Directory technology.

Mount Points

Within a Virtual Tree, it is possible to define various "mount points" that will be presented as particular branches within the tree structure. These mount points are used to attach to a particular branch DN within one of your backend data repositories.

Using mount points, it is possible to present data from different backend data sources in a completely unified way within a virtual namespace. In this environment, there are no data replication issues, as the data presented within the virtual tree is only stored in its original location within its own backend repository.

Mount points can be used to attach and even re-attach data stored in any branch on any backend datasource. If you're using, Symlabs' Virtual Directory Server, this includes attaching tables of data stored in relational databases, and presenting it within a virtual LDAP tree.

Virtual Entries

In order to structure data presentation, you may need to create some "virtual entries" within the Virtual Tree. These could be organizational units that describe different areas within the tree, where you might locate common mount points. Alternatively, you may create virtual entries to create virtual groups or to attach particular processing directives.

Whatever the requirement, the Virtual Tree behaves in much the same way as any LDAP server, and allows you to store static entries as per your requirements.

Data Transformations

All of the data transformations that take place within the Virtual Tree are fully automated and are performed on-the-fly. If you have additional processing requirements, these are easily accommodated within the staged processing architecture of the product.

Processing can be implemented either between the client and the Virtual Tree presentation layer, or between the Virtual Tree and the backend server layer.

Symlabs LDAP Proxy and Virtual Directory Server both offer a 'Virtual Tree' facility within the configuration options for the listener (or client facing) interface of the products. 

 


Symlabs is now part of Quest Software. A leader in simplifying and reducing the cost of IT management, Quest’s innovative solutions make solving the toughest IT management problems easier, enabling more than 100,000 customers worldwide to save time and money across physical, virtual and cloud environments. The addition of Symlabs virtual directory and federation technology will enhance the overall architecture of the Quest® One Identity Solution and Quest migration products. Learn more at www.quest.com/symlabs.