IdF, Logic Trends Fill a Gap in Microsoft Identity Software
June 29, 2010 Alex Woodie
For years, Microsoft offered connectors with its identity management product that allowed the software to work with AS/400 and S/390 hosts. But with this year’s release of Forefront Identity Manager 2010, the host connectors were left out. This created an opening for developer Identity Forge and its go-to-market partner, Logic Trends, to help companies who want to include i/OS and z/OS systems with their identity management and password synchronization activities.
“It’s hard to compete with free,” is how IdF founder and CTO Chad Cromwell described his company’s share of the market for host connectors for Microsoft’s Identity Lifecycle Manager 2007.
It wasn’t the only gig in town for IdF, a small software company based in Atlanta that develops and sells connectors that integrate z/OS and i/OS user authorization and password activities with enterprise-level identity management products from Microsoft, Tivoli, Sun, SAP, Oracle, and others. But, while Cromwell was convinced his agent-based approach to i/OS and z/OS connectors was unique and compelling, it is hard to sell a widget when the world’s biggest software company gives away a similar gadget with the product.
But for some reason, Microsoft left those particular i/OS and z/OS gadgets out when it unveiled a new version of ILM, which was renamed Forefront Identity Manger (FIM) 2010 and released in March. That put a little kick into IdF’s giddy up, and sales of the i/OS connector in particular have been up as a result.
“We are definitely seeing big growth with the Microsoft FIM adapters, primarily thanks to Microsoft not supporting the IBM hosts,” Cromwell says. “Our biggest platforms are usually Oracle or SAP. But we have had tremendous growth in this area over the last six months, thanks to Logic Trends and Microsoft’s partnership with them. I would say that 65 percent of newer deals from a Microsoft standpoint have been with i5.”
IdF’s series of Advanced Adapters (AA) are designed to connect the authentication and security mechanisms of i/OS and z/OS (RACF, CA-Top Secret, CA-ACF2) with enterprise-level identity management tools, like FIM and Tivoli Identity Manager. The IdF products are composed of a host-based agent that use IBM (or CA) APIs to accomplish tasks, such as provisioning new users, changing passwords, or managing user profiles. The IdF products communicate via an LDAP Gateway component that translates the IBM host calls into the language of lightweight directory access protocol (LDAP).
In terms of password synchronization, IdF gives customers the choice of having i/OS or z/OS user IDs and passwords being “pushed” down to FIM or other enterprise products, or having the enterprise management products control the passwords and log on credentials. In either case, administrators can manage the i/OS or z/OS user credentials just as if they were native LDAP.
One of the features that differentiates IdF from other password synchronization products on the ‘400 is support of exit points, Cromwell says. This gives IdF the capability to audit changes to i/OS user profiles, including who made the change, when it was made, and in what LPAR or i/OS instance it was on. This could be an important feature for companies facing PCI audits. IdF offers more advanced features for z/OS–such as the ability to kick off post-processing scripts for other legacy applications–but so far the demand hasn’t been there to include this on the i/OS connector, Cromwell says.
Logic Trends, which is also based in Atlanta, is like IdF’s older sibling. The company, which includes IdF co-founder Phillip Lentz on its board (Lentz is also CTO and co-president of Logic Trends), specializes in deploying identity and access management solutions. The company recently used its identity access management methodology, called IAM5, to deploy IdF’s i/OS connectors at a large transportation company in the Southeast.
Logic Trends vice president of sales and marketing Andrew Ames says the partnership has a bright future. “We had been working with IdF for many years, and had the opportunity to partner with them in developing the integration capability between FIM and the host environment,” he says. “We have other opportunities in the pipeline that we’re pursuing as a group.”
Microsoft is aware of the need for i/OS and z/OS connectors, and appreciates vendors like IdF and Logic Trends–a close partner of IdF’s that is practically its services arm–filling the void. In a statement, Microsoft senior director John “JG” Chirapurath said connectors like those offered by IdF and Logic Trends “help extend the value of Microsoft’s identity and access management solution.”
In addition to being 64-bit, the new FIM 2010 application gains more automation and a more user friendly interface, Ames says. The underlying password synchronization engine remained the same, but Microsoft added support for Windows Workflow Foundation (WWF), which allows users to require management approval of provisioning activities. It also features a SharePoint-like interface.