Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos
Addison M. Fischer founded Fischer International in 1982 to focus on messaging,
security and now, secure e-business and directory management. In 1990
the multi-platform based messaging system Totally Automated Office (TAO)
was released to satisfy the needs of collaborative messaging. Five years
later Fischer released SafeBoot for computer access control and data security.
SafeBoot was extremely popular with government agencies, and as a result,
Fischer had no need to advertise as the demand for their products were
of course, have changed, Lotus Notes, Novell GroupWise, and Microsoft
Exchange have replaced the majority of TAO's installed base, partly due
to internal politics and personal preference, but mainly due to the industry's
acceptance of the 'big three messaging systems'. Following the decline
of TAO's popularity, Fischer launched its consulting services division
in 1998 to more effectively respond to client needs and customized requests.
In 1999 Prio! was introduced as an Enterprise Directory Synchronization
and management tool.
Prio!'s primary competition came from ISOCOR, which was acquired by Critical
Path in 1999, leaving the door wide open for the joint Fischer/Siemens
synchronization package which took place in the first quarter of 2000.
Strategy and Trajectory:
Because Prio! SecureSync, as an automated solution to tie disparate directories
together, does not require all data to be initially centralized. Prio!
SecureSync will centralize data to the authoritative master following
designation. Fischer International is targeting enterprise organizations with
multiple disparate operating systems and/or databases that need automated
directory and synchronization management.
Typically organizations have both a primary database repository containing
all user names and descriptive information under the control of Human
Resources (HR), and multiple Network Operating Systems (NOS) and Messaging
Systems, controlled by various internal organizations, which require synchronization
and management. Once an "Undisputed Authority" (Central Repository for
all Employee Information) system has been designated, any change to any
user information will be propagated to all designated systems on the network.
A good example of this is: John Smith leaves an organization where he
had accounts on multiple systems. Without a complete synchronization and
management solution in place, John's account on many systems will remain
intact for up to 6 months, exposing serious security vulnerabilities.
Prio! SecureSync will remove all of John Smith's accounts immediately,
eliminating potential security issues.
Figure 1 illustrates how when John's account is removed from the Authoritative
system, the information is immediately propagated to all directories within
Source: Fischer International
addition to synchronizing and managing accounts, Prio! SecureSync has
the ability to synchronize user passwords. Often a user will have an account
on multiple systems, requiring multiple logins and therefore increased
administrative overhead. With SecureSync, users will only have to use
one password to access all necessary data.
One of the most impressive features of Prio! SecureSync is its support
for a wide variety of directories. Almost as impressive is its flexibility
to designate any system on the network from the PBX to PeopleSoft or a
messaging system to be the Authoritative system. So what are the components
- Prio! Enterprise Directory - The core component of SecureSync
supports both Lightweight Directory Access Protocol (LDAP) and X.500
protocols. The enterprise directory serves as Prio!'s central repository
for all user information, from directory associations to security certificates.
- Secure Sync Join Engine - The Join Engine handles all propagation
changes to all designated directories.
- SecureSync Meta Agents - These are software components that
reside on all designated directories, which extract user information
and send that data to the SecureSync join engine. These same agents
will also receive directory information updates and will make the corresponding
changes on the Meta Agent's "home" directory. It is important to note
that Meta Agents are able to report and make changes to directories
down to the attribute level. The agents support either pre-defined or
customized filters and customized scripting for data manipulation.
- Prio! Meta-View - The meta-view is a composite view of directory
information from a variety of different repositories. For example the
employee telephone number may exist in Exchange, NDS, and the HRS database.
However, the HRS department may have ownership of the telephone number
attribute, making the HRS database the authoritative source for the
telephone number. This means that the meta-view must get the phone number
from the HRS database. It also means, should the Microsoft Exchange
administrator change the phone number within Exchange's database, the
system will not push the exchange phone number to other repositories,
as the HRS system is the authoritative source of this attribute.
Totally Automated Office (TAO)
Directory Services (NDS)
Windows NT 4.0
Windows 2000 Active Directory Service (ADS)
- Any ODBC
Fischer International will create a customized connector to any directory upon request.
The following diagram illustrates how Prio! SecureSync will enable organizations
to "tie" their disparate directories together.
Source: Fischer International
Prio! SecureSync combines the proven technologies of Fischer International and
Siemens, providing over 18 years of combined directory synchronization
and management experience. The flexibility and interoperability of the
product have certainly captured the industry's attention in bringing order
to 'directory chaos', thereby allowing an always up to date, synchronized,
disparate directory computing environment.
willingness to work with their clients to create customized connectors
and meta agents for non-standard or non-mainstream directories demonstrates
not only the desire to succeed from a financial perspective, but also
demonstrates the time and care given to each client. Following an implementation,
Fischer's consulting services arm is always on hand to assist and guide,
as much or as little as needed. The technical support department keeps
detailed records on each client's operating environment from pre-installation
and configuration to complete rollout. Fischer has taken its support one
step further and designates a specific support individual for a company,
creating a smoother conduit to technical solutions and answers.
One of Prio! SecureSync's challenges is name recognition. Simply stated,
Fischer spent so much time working on government contracts in the past
that corporate America fails to recognize them today.
the services side, the complexity of implementation of the product requires
extremely experienced cross platform and cross database professionals.
This increases both the total cost of the product and the importance the
client must place on the quality of the individuals assisting in the implementation.
pricing is also a challenge in the eyes of some. Prio! SecureSync carries
a price tag in the $200,000 (USD) range. While this figure may seem large
at first, the companies the product is targeted at would think relatively
little about the cost when weighed against the benefit of an automated
and managed synchronization system designed to compensate for multiple
Fischer must increase support staff personnel in addition to consulting
services personnel in order to adequately develop, implement and support
the product on an ongoing basis. Fischer is aggressively recruiting top
IT talent now, however IT recruiting is the largest problem facing any
technologically based organization.
The acquisition of ISOCOR by Critical Path increases the client base into
which Fischer and Siemens can now sell. Fischer must therefore also ramp
up its sales and marketing force to take advantage of its current industry
lead. Advertising is absolutely critical for SecureSync's success from
a Fischer perspective. If Fischer can propel itself into the IT market
as a 'household name', its strong directory synchronization product could
lead to an extremely bright future for both Fischer and its clients.
If your organization has multiple disparate directories, whether they
are Network Operating Systems, ERP systems, CRM systems, Messaging Systems
or e-business solutions; Prio! SecureSync will tie them all together,
thereby continuously saving countless human work unit hours. Currently,
this product does not apply to small organizations and is best applied
to either very large or multinational corporations. If you are looking
for a way out of directory chaos, Prio! SecureSync should be on your evaluation
This article has been modified from its original form since the original