What is the penetration of LDAP at this point? I presume it's a fraction of the AD base.
Your guess is as good as mine. The numbers we hear are AD is 90%, LDAP and OpenLDAP are around 10%. Who knows? It's amazing that it is so predominately AD though. It's like this silent thing that they don't talk about but over the last 15 years they have created this massive monopoly on the directory side and the directory side is so important because it connects every user to theoretically all IT resources. What piece of software is as important as that? Not too many. You start to think about it and you're like -- Holy Cow!
How do you get in the door? What's your elevator pitch?
It depends on who you're talking to, but basically the pitch is, we're doing Directory-as-a-Service. It's that simple. Everybody is moving to SaaS based services. So, do you want to consider moving your directory to a SaaS based service versus having on-prem hardware, software and all the management headache? You can move that to the cloud as a managed service. That's pitch number one.
Then the questions we ask are, "Do you have AWS, or do you have cloud infrastructure, do you have Macs, do you manage them, do you have Gmail?" Then we dive into, "How do you manage the users on that platform? How do you manage AWS users?" If they say they do it manually or use Chef or Puppet or whatever, we say, "Well, gosh, wouldn't you like that to be tied to your core directory? It's hard but we'll make it easy for you."
Or, "You've got Gmail and you've got AD on-prem. Why did you just move Exchange out? Why didn't you try and move AD out?" "Well, we don't have an alternative to AD." "Do you want to keep AD?" "Well, no. We'd like to be completely in the cloud." "Okay. If you'd like to be completely in the cloud, here's another way you can move more stuff to the cloud."
What about all this talk about federated directories? How do you fit in with that kind of discussion?
Our view is yeah, absolutely you need to have the identities connect to all the IT resources you need. Some people put the fancy name of federation on it. We basically say you have to have one directory and, if its authoritative, it's got to live somewhere and you have to be able to connect that to all the IT resources. So federation is the word people use to say, "I'm taking my AD and then I'm federating it to AWS." We agree you need to do that. Or, "I'm federating it to all my web based apps." Yep. You need to do that too. There are players like the single sign-on guys who have done that for web based apps, but that's only a small portion of the resources everybody needs. They still have their devices, they still have internal apps, they still have servers that they need to manage, all that stuff.
Sign up for CIO Asia eNewsletters.