Another blogger gets it twisted and doesn't understand the
the value proposition of Active Directory. Luckily I exist for the sole purpose of providing alternative perspectives...
Let's analyze his posting in order to understand where he went wrong...
The problem is that Active Directory basically requires organisations to own all their own infrastructure if they want to achieve single sign-on across all of these products.
I am not sure how this is a fault of Active Directory. For example, if you think that Exchange Server should support single-signon and have the capability of being a relying party then bash the exchange team for not making this happen.
Internally at Readify we are seriously looking at the costs of our IT organisation and we would love to be able to host Exchange with one hoster, SharePoint with another (not talking about SharePoint as a TFS dependency here), and probably self-host our TFS server, but possibly up on something like Server Intellect, or GoGrid.
If you are thinking about cost savings then sticking with one provider tends to be better from a total cost of ownership perspective than interacting with multiple. Costs aren't just the amount you write out in checks but needs to account for time spent by employees administering user credentials multiple times.
The problem is that all the subtle AD dependencies in this products makes it difficult to really commit to that course of action. If we decide to install products in workgroup mode (or give them their own AD as required by the hosters) what are we exposing ourselves to in the future if one of the product teams decides to take a hard dependency on AD.
Lockin occurs at all levels even in the open source community. For example, think about how difficult it would be to replace Xalan/Xerces support from Java applications that process XML. The key isn't about tight-coupling as much as it about potential economics down the road and vendors exploiting it. Honestly, I bet if you were to talk to folks in large enterprises and ask them about which IT vendors they feel from a pricing perspective haven't exploited them, Microsoft would almost always come out on top.
Where are the investments that Microsoft is making around technologies like CardSpace and simple Username/Password authentication over SSL in all their products which will allow their customers to distribute their IT assets in the cloud.
There is nothing preventing any software as a service vendor from consuming Information Cards (e.g. CardSpace) or OpenID. The real question is whether this is on their radar and the proverbial whether other customers are asking for it. Picture a scenario where Salesforce.com keeps all credentials in Active Directory. They could eliminate their proprietary SSO mechanism and embrace standards such as SAML. They could even figure out a way to allow small businesses who run internet resolvable domains to SSO from their desktop by leveraging ADFS. Of course, the value proposition here says that maybe the right architecture is for you to keep Active Directory in-house where you are always the identity provider and your SaaS vendors are relying parties.
Until Microsoft takes multi-tenancy and hosting scenarios seriously its not going to be a reality for a lot of organisations.
How is the multi-tenancy characteristics of SaaS vendors
solely a problem of Microsoft? Isn't this a problem with the Java community, the Ruby community and the PHP community also has? If you were to talk with a software developer at large, do you think they understand what the best practices of multi-tenancy software development are? Do you think the Core J2EE Blueprints or anyone from Sun Microsystems is talking about this problem space? Has Martin Fowler, Kent Beck, Gregor Hohpe, James Robertson or even Robert McIlree ever talked about ways to improve this space? The problem most certainly is
not Microsoft but one of their customers not having the
right conversations amongst each other...
# posted by James McGovern @ 12:30 PM
