Sorted for director-ease

Slowly but surely, email is starting to take over as a universal way of communicating electronically both within and between organisations. The growth of email has created the need for better directory services - but the directory is now rising above basic email services and emerging as a way of holding not only email information but information on corporate resources of various kinds.

The apparently simple problem of keeping email addresses up to date is probably the biggest management headache for IT departments trying to promote the use of email within their organisation. Users who try to send a message to a remote recipient, only to have it bounce because the address is out of date, will soon abandon email and go back to their phone or fax.

'Most large organisations have learned to love their internal email systems - and could learn to feel the same way about inter-company email,' argues Paul Webster of email specialist Isocor. 'But until the last pieces are in place and it's easier to deliver a straightforward, reliable service between disparate email systems, perhaps it's not surprising that most users still send a fax instead.'

A typical large organisation will probably have implemented a range of messaging applications in its different departments and regions, such as Lotus Notes, cc:Mail, or Microsoft Exchange, each with their own application-specific directory. Isocor estimates that most medium-to-large-sized enterprises have at least three different email systems, often they have six or more.

Surrey Police has implemented an organisation-wide email system based around Exchange, and has decided to migrate all its 2,500 officers over to the new system rather than attempt to maintain different legacy mail systems.

The problem is not so much exchanging messages between the different systems - Exchange will talk to the legacy DEC Linkwork system via an X.400 gateway - as keeping the directories coordinated on an ongoing basis. Linkwork directories can be imported into Exchange, but they can't be updated automatically. Co-ordination in the opposite direction, from Exchange to Linkwork, is also very tricky.

Increasingly, organisations want to communicate electronically with customers and suppliers outside the bounds of their own organisation, and need to be able to exchange directory information with them. For example, Scottish materials management company Howco recently migrated from Microsoft Mail to Exchange in order to improve its ability to keep its email directory in step with those of its business partners.

'We provide a managed logistics function to companies worldwide, and we couldn't survive without electronic messaging of various kinds - our business depends on it,' explains group systems manager Ian Whittaker. 'It's important that we can synchronise our email address lists to keep them as current as possible. Otherwise, if addresses change, messages can just disappear into the Exchange black hole.'

Though Howco only works with a small number of customers, some of them are very large. A single division of one of its customers has 12,000 employees whose address information Howco needs to keep updated. 'When you're talking about that number of people, information changes daily,' Whittaker points out. Using Exchange, the goal is to automatically synchronise directory information every day where possible.

Howco has six Exchange servers - two in the US and four in the UK - which connect to customers' networks both directly, using SMTP and X.400, and via the Internet. Its customers are using a variety of mail systems: the majority now have Exchange, but others are using Notes, cc:mail and others. The move to Exchange will make synchronisation easier, but won't solve the problem of communicating with Notes directories, which currently have to be updated manually.

It's difficult enough to keep different directory servers within the same mail system synchronised; but until recently, carrying out synchronisation across different systems has been a nightmare because of the lack of widely accepted standards. Organisations wanting to coordinate directories across different mail systems have had to use a specialised product or products such as Worldtalk's NetTalk or Isocor's Isoplex directory server, relaunched as Global Directory Server a year ago. Now, growing acceptance of directory standards by email server suppliers is opening up the possibility of truly global directories across heterogeneous systems - and, in the process, paving the way for the directory to take on a new and wider role within the organisation.

One directory standard has, of course, been around for many years, and that's X.500. First unveiled back in 1988, it went through a major update in 1993, when one of its most powerful features was introduced: the ability to shadow data automatically between servers according to specified criteria - which could be on a timed basis, or whenever an address change occurs. X.500 also supports chaining: the ability for a local directory server to automatically go out on to the network and retrieve information held on other servers.

Though X.500 isn't confined to X.400 email systems, it hasn't really caught on in a big way in the corporate environment. 'The problem with X.500 is that it's just too complex - people have been reluctant to implement the whole thing, so they've implemented nothing,' explains Dave Miller of consultancy Level-7.

Last year, however, following Netscape's lead, the industry started to consolidate around an alternative but related directory standard known as Lightweight Directory Access Protocol, or LDAP, which opened up the prospect of a range of email systems and other applications finally sharing a common directory structure.

LDAP started life as a cut-down version of X.500, with various pieces of functionality removed to make implementation easier. For example, LDAP security is currently based around simple password authentication. Strong authentication using digital signatures will not be available until the arrival of the next version, LDAP 3, due out as a draft IETF standard by the end of the year. And unlike X.500, LDAP works on a client to server basis only, rather than server to server, so it does not in itself support replication.

Support for LDAP has been driven by the Internet, but leading proprietary email vendors are now lining up behind it. Naturally, Netscape itself has announced support, making it possible to use the Navigator or Communicator browser to query a Lan directory database - or to query a Netscape directory server from non-Navigator clients.

Novell was demonstrating LDAP support within its Novell Directory Services in March last year. Even Microsoft has said its Active Directory, which will be integrated into Microsoft Windows NT Server 5.0, will be based around LDAP plus the Internet's Domain Name Service (DNS) - which translates Internet addresses into TCP/IP addresses - and X.500 naming standards.

It's still early days, but the prospect is emerging of a truly global directory serving not only a whole large organisation, but also linking in suppliers and customers. 'Large corporates are the ones that have the most to gain by standard access protocols, and the ability to distribute common information easily,' Webster says. 'A simple office with 20 people on a Lan doesn't need a big central directory server, but a company with offices in three continents and thousands of people to look after is an obvious candidate.'

The significance of common directory standards, however, goes far beyond coordination of email information. Any large company accumulates a whole range of information tht is needed throughout the organisation. Many of them, like Howco, are now looking at using the directory to build a so-called universal mail box, combining fax, email and even voicemail messages. But as well as this, the directory could be used for pager and mobile numbers, conference room locations, site location maps, emergency maintenance contact numbers, security, fire and safety information and so on.

Compared with paper-based methods, electronic directories are a very efficient and cost-effective way of publishing company information. But why put this kind of information in an LDAP directory rather than a database? As a way of storing corporate information, the electronic directory has two big advantages over a relational database: everyone in the company tends to be listed in it, for email purposes, and it's accessible by everyone across the network using standard email pro- tocols. 'The primary reason people have directories is email, but that isn't their exclusive role,' says Miller. 'It's the logical place for a range of corporate information.'

New, broader applications for directories are starting to emerge. Mission Data Systems, a UK company specialising in biometric recognition devices, has developed a security system which uses Novell Directory Services (NDS) to store digitised fingerprints for access control. The system enables users to log on to a secure Novell network using their fingerprint instead of a security code or swipe card.

John Dallaway, managing director of Mission Data, reveals: 'With fingerprint verification we are enabling NDS to control physical devices such as doors. Essentially, it extends the reach of the network to typically non-networked devices.'

Meanwhile, as directories start to play a more crucial role in storing a range of organisation and network-related information, companies need to start thinking ahead about how they're going to organise their directory structure. 'It's easy to install software. What's difficult is to plan how the system will operate,' says Phil Scutchings, director of information services at Surrey Police.

'Which product to choose is not necessarily a big issue,' agrees Miller. 'The secret is to get the logical structure of the directory right in the first place, because once you've built the logical structure, it's hard to undo it. If you get the organisation right, whether you break it down by regions, departments or whatever, then mapping down to the technology you use is the easy bit.'

Ecommerce Certification structures

On a wider scale, a number of organisations round the world are eyeing directories as a way of holding the security information that will enable electronic commerce. For large-scale ecommerce to be viable, it's going to be necessary to set up a network of trusted third parties who will hold digital signatures and public encryption keys on behalf of the public and small traders. ICE-TEL, for example, is a pan-European project to build a certification infrastructure throughout Europe, using linked X.500 directories as the way of publishing and distributing users' public key certificates.