RSA Adaptive Directory
Identity Virtualization for Secure Access Management

Features:

Evolving Identity Within A Fragmented Infrastructure

In today’s heterogeneous identity environments, just knowing who your users are is a major challenge. Identities are spread across many disparate data silos—including LDAP directories, Active Directory, databases, and applications on-premise and in the cloud—and the same identity often exists in more than one source. This makes it difficult to create a comprehensive list with each user represented only once for efficient authentication, or to build an attribute-rich profile of each user for finegrained authorization.

Managing identity across such fragmented systems has long required costly, timeconsuming customization and synchronization. This leaves enterprises less able to adapt to changing business requirements, such as integrating departmental or business unit's identity data stores or adding new users following a merger or acquisition.

A Virtual Directory That Delivers Stronger Security

RSA® Adaptive Directory delivers a global view of identity on top of your existing identity infrastructure. It uses model-driven virtualization to externalize identity out of disparate data silos into a common, interoperable service. This flexible, scalable virtualization layer hides the heterogeneity of your existing identity sources, providing simple, logical, standards-based access to all the identities within your organization—no matter where or how they’re stored. A flexible identity service is critical to enabling any initiative requiring secure access to a global list of users, along with their complete identity profiles—including web access management with RSA® Access Manager and other WAM products, authentication with RSA Authentication Manager and other authentication servers, identity federation and fine-grained authorization.

Model-Driven Virtualization

RSA Adaptive Directory discovers and extracts schemas and data models from backend sources. These schemas are translated into an XML-based data format in the virtualization layer. If there is user overlap, RSA Adaptive Directory correlates the accounts of same-users across data sources to each other, and then joins those accounts to provide complete profiles of users. Application-specific attributes can be stored at the virtualization layer, without requiring schema extensions to the underlying data stores. Then, RSA Adaptive Directory builds custom hierarchical views containing the complete profiles to meet the needs of RSA Access Manager.

A Centralized Access Point For Intelligent Security

With a virtualized central access point, smarter authentication and authorization are much easier. Credential checking is delegated to the authoritative underlying data source. RSA Adaptive Directory creates a correlated global list of all users across the infrastructure which acts a central “hub” of identities and all their attributes, no matter where these identities actually reside. This includes centrally managing onpremise as well as cloud-based application data stores such as in MS SharePoint, Salesforce, Google Apps, Office 365, Concur, and Workday.

Then RSA Adaptive Directory feeds RSA Access Manager user attributes from a variety of identity stores via standard-based protocols, so RSA Access Manager can perform richer, attribute-based authorization based on a more complete identity picture. Because users are identified against the RSA Adaptive Directory global list of identities, RSA® Access Manager can authorize quickly.

RSA Adaptive Directory creates a virtual directory from multiple heterogeneous identity sources to enable applications such as access management, authentication and identity federation.

Sophisticated Caching For High Performance And Scalability

RSA Adaptive Directory scales to millions of users without sacrificing speed. It enables clients to access data in SQL databases and other non-directory sources at the speed of a directory and also reduces the load on backends by forwarding queries to only the relevant underlying data stores. Even when a source is down, cached views are always available. These views are guaranteed up to date based on the business requirements of the application.

RSA Adaptive Directory also includes an LDAP-compliant persistent cache which can be used for the storage of global groups that include members from multiple data sources being aggregated by RSA Adaptive Directory. It can also store applicationspecific attributes for new applications so you don’t have to extend your existing AD schema.

Remapping Of Diverse Platforms And Protocols

RSA Adaptive Directory exposes attributes stored across different source protocols— such as LDAP, SQL, and web services—via a diverse array of secure communication protocols—including LDAP, DSML, JDBC/ODBC, and SPML—to meet the needs of your consuming applications. RSA Adaptive Directory accepts requests submitted by applications, then routes, maps, transforms, and forwards them to the underlying data sources. The results are gathered, normalized, filtered, and returned to the requesting application. Provisioning systems that support SCIM or SPML standards can leverage RSA Adaptive Directory as a single provisioning target. This allows provisioning systems to reach new targets (any on-premise or cloud-based source/app virtualized by RSA Adaptive Directory) without having to customize new connectors.

Specifications:

Product Specifications
Current Version	Adaptive Directory 6.1
Windows 64-bit Platforms	Processor: Intel Pentium or AMD Opteron Processor Speed: 2GHz or higher Memory: 16 GB recommended The memory usage will vary depending on whether memory caching is used and the size/number of the entries to be cached. Hard Drive: 100 GB of disk space The hard disk usage will vary depending on log types/levels that are enabled and the desired log history to maintain. Operating System: Windows 2003, or 2008 R2 Server
Linux 64-bit Platforms	Processor: Intel Pentium or AMD Opteron Processor Speed: 2GHz or higher Memory: 16 GB recommended The memory usage will vary depending on whether memory caching is used and the size/number of the entries to be cached. Hard Drive: 100 GB of disk space The hard disk usage will vary depending on log types/levels that are enabled and the desired log history to maintain. Operating System: Red Hat Linux ES 2.1 or above, Red Hat 8 or above, CentOS v5.3, SUSE Linux Enterprise v10 or above, Ubuntu 9 or above
Solaris 64-bit Platforms	Processor: AMD Opteron – UltraSPARC® III Processor Speed: 2GHz or higher Memory: 16 GB recommended The memory usage will vary depending on whether memory caching is used and the size/number of the entries to be cached. Hard Drive: 100 GB of disk space The hard disk usage will vary depending on log types/levels that are enabled and the desired log history to maintain. Operating System: Sun Solaris™ 8, 9 or 10 (SPARC and x86)
Supported Backend Data Sources	DIRECTORY SERVERS Microsoft Active Directory 2000, 2003 and 2008 R2, 2012 Active Directory Lightweight Directory Service (AD-LDS) Active Directory Application Mode (ADAM) SunONE Directory Server 4.x – 7.x Sun Java System Directory v6.x IBM Directory Server 5+ Novell eDirectory v8+ Lotus Notes/Domino Oracle Internet Directory v9 & v10 CA Directory r12.x Any LDAP v3 Service DATABASE SERVERS Oracle 8i, 9i, 10g, and 11g Microsoft SQL Server v7, v2000, v2005, and v2008 IBM DB2 (UDB) v7+ Sybase v12 and 12.5 Any JDBC/ODBC-accessible database APPLICATIONS SAP Siebel v7.5 Oracle Financials v12 Salesforce Google Apps SharePoint 2007, 2010 Workday Concur

Documentation:

Download the RSA Adaptive Directory Data Sheet (PDF).