What is VDS (Virtual Directory Server)?

Posted on

VDS is an effective method to personalise your identity infrastructure and include it into your entire design. VDS was developed as a highly adaptable bridge between identity data repositories and identity consuming applications in order to circumvent the limits of both. Additionally to its virtual directory service capabilities, VDS also acts as an LDAP proxy. VDS is useful for both programmers and system administrators because it supports other protocols in addition to the LDAP standard.

To what end can VDS be used?

VDS is a flexible platform that may be altered and programmed to do a wide range of tasks. So, the potential applications of VDS are practically limitless. The following is by no means exhaustive, but should serve to illustrate the breadth of current application for VDS:

Attribute, value, and suffix mapping
Combining a number of directories
Integrating contact lists with identity information
Limiting entry
Data checking prior to being written into the Directory
Targeting and routing operations (i.e. route read requests to replicas, route write requests to master servers)
Partitioning and distributing data
Making composite directories out of disparate data sets
Maintaining a consistent framework of references
Setting off other processes in the real world
Web service (XML/SOAP) directory integration
One-time password or sign-in systems
Load balancing in operations
Failover
Filtering with a Longer Range of Action
Processing by Filters
Processes on the back end are being monitored and checked for health.
Among many others
Active Directory Federation Services (ADFS) is what?

AD FS is a standards-based service that facilitates the private and secure exchange of cloud identity data between vetted business partners in an extranet setting (also known as a federation). When a user from one organisation needs to use a Web application hosted by another organisation in a federation, the user’s home organisation is in charge of authenticating the user and sending the user’s identity information in the form of “claims” to the host organisation of the Web application. In order for its Web application to make permission decisions based on the incoming claims, the hosting partner employs its trust policy to translate the claims into claims that the application understands.

To what end can ADFS be put to use?

Briefly, AD FS has the following advantages:

SSO (Single Sign-On) on the Web (SSO)
External federated partners can take use of Single Sign-On (SSO) for your organization’s Web applications thanks to Active Directory Federation Services (AD FS).
Support for communicating across different Web services (WS)
Using the WS-* Web Services Architecture, Active Directory Federation Services (AD FS) provides compatibility with various security products through federated identity management. To allow for federation between Windows and non-Windows systems, AD FS adheres to the WS-Federation protocol (for passive clients; that is, browsers).
No need to handle user accounts for collaborators
The IP of the federated partner delivers claims that contain information about its users’ identities, membership in groups, and other attributes. Therefore, your business no longer needs to revoke, alter, or reset the credentials for the partner’s users, since the credentials are controlled by the partner organisation. Additionally, if a partnership needs to be terminated, it can be performed with a single trust policy change. Without AD FS, individual accounts for each partner user would need to be terminated.
Tracing Claims
AD FS’s trust policy ensures that when federation partners communicate claims, they do so in a way that is mutually understandable and consistent with the partners’ own terminology.
Management of Federated Partners from a Central Location
To manage federated partners, administrators use the Active Directory Federation Services (AD FS) MMC snap-in.
Claims can be enhanced in a number of ways, including the addition or modification of claims using new business logic, which is made possible by the extensible architecture offered by AD FS. Due to its adaptability, AD FS can be tailored to better meet the specific requirements of individual businesses.