Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos

Product Background:

Addison M. Fischer founded Fischer International in 1982 to focus on messaging, security and now, secure e-business and directory management. In 1990 the multi-platform based messaging system Totally Automated Office (TAO) was released to satisfy the needs of collaborative messaging. Five years later Fischer released SafeBoot for computer access control and data security. SafeBoot was extremely popular with government agencies, and as a result, Fischer had no need to advertise as the demand for their products were extremely high.

Times, of course, have changed, Lotus Notes, Novell GroupWise, and Microsoft Exchange have replaced the majority of TAO's installed base, partly due to internal politics and personal preference, but mainly due to the industry's acceptance of the 'big three messaging systems'. Following the decline of TAO's popularity, Fischer launched its consulting services division in 1998 to more effectively respond to client needs and customized requests. In 1999 Prio! was introduced as an Enterprise Directory Synchronization and management tool.

Originally, Prio!'s primary competition came from ISOCOR, which was acquired by Critical Path in 1999, leaving the door wide open for the joint Fischer/Siemens synchronization package which took place in the first quarter of 2000.

Product Strategy and Trajectory:

Because Prio! SecureSync, as an automated solution to tie disparate directories together, does not require all data to be initially centralized. Prio! SecureSync will centralize data to the authoritative master following designation. Fischer International is targeting enterprise organizations with multiple disparate operating systems and/or databases that need automated directory and synchronization management.

Typically organizations have both a primary database repository containing all user names and descriptive information under the control of Human Resources (HR), and multiple Network Operating Systems (NOS) and Messaging Systems, controlled by various internal organizations, which require synchronization and management. Once an "Undisputed Authority" (Central Repository for all Employee Information) system has been designated, any change to any user information will be propagated to all designated systems on the network. A good example of this is: John Smith leaves an organization where he had accounts on multiple systems. Without a complete synchronization and management solution in place, John's account on many systems will remain intact for up to 6 months, exposing serious security vulnerabilities. Prio! SecureSync will remove all of John Smith's accounts immediately, eliminating potential security issues.

Figure 1 illustrates how when John's account is removed from the Authoritative system, the information is immediately propagated to all directories within the organization.

Figure 1

Source: Fischer International

In addition to synchronizing and managing accounts, Prio! SecureSync has the ability to synchronize user passwords. Often a user will have an account on multiple systems, requiring multiple logins and therefore increased administrative overhead. With SecureSync, users will only have to use one password to access all necessary data.

One of the most impressive features of Prio! SecureSync is its support for a wide variety of directories. Almost as impressive is its flexibility to designate any system on the network from the PBX to PeopleSoft or a messaging system to be the Authoritative system. So what are the components of SecureSync?

1. Prio! Enterprise Directory - The core component of SecureSync supports both Lightweight Directory Access Protocol (LDAP) and X.500 protocols. The enterprise directory serves as Prio!'s central repository for all user information, from directory associations to security certificates.
   
   
2. Secure Sync Join Engine - The Join Engine handles all propagation changes to all designated directories.
   
   
3. SecureSync Meta Agents - These are software components that reside on all designated directories, which extract user information and send that data to the SecureSync join engine. These same agents will also receive directory information updates and will make the corresponding changes on the Meta Agent's "home" directory. It is important to note that Meta Agents are able to report and make changes to directories down to the attribute level. The agents support either pre-defined or customized filters and customized scripting for data manipulation.
   
   
4. Prio! Meta-View - The meta-view is a composite view of directory information from a variety of different repositories. For example the employee telephone number may exist in Exchange, NDS, and the HRS database. However, the HRS department may have ownership of the telephone number attribute, making the HRS database the authoritative source for the telephone number. This means that the meta-view must get the phone number from the HRS database. It also means, should the Microsoft Exchange administrator change the phone number within Exchange's database, the system will not push the exchange phone number to other repositories, as the HRS system is the authoritative source of this attribute.

Messaging Directories Supported

• Microsoft Exchange
  
  
• Lotus Notes
  
  
• Fischer Totally Automated Office (TAO)
  
  
• Novell GroupWise
  
  
• Netscape Mail

Directories Supported

• RACF
  
  
• Novell Directory Services (NDS)
  
  
• PeopleSoft
  
  
• SAP
  
  
• Microsoft Windows NT 4.0
  
  
• Microsoft Windows 2000 Active Directory Service (ADS)
  
  
• Any ODBC compliant databases
  
  
• LDAP compliant databases

Fischer International will create a customized connector to any directory upon request. The following diagram illustrates how Prio! SecureSync will enable organizations to "tie" their disparate directories together.

Figure 2

Source: Fischer International

Product Strengths

Prio! SecureSync combines the proven technologies of Fischer International and Siemens, providing over 18 years of combined directory synchronization and management experience. The flexibility and interoperability of the product have certainly captured the industry's attention in bringing order to 'directory chaos', thereby allowing an always up to date, synchronized, disparate directory computing environment.

Fischer's willingness to work with their clients to create customized connectors and meta agents for non-standard or non-mainstream directories demonstrates not only the desire to succeed from a financial perspective, but also demonstrates the time and care given to each client. Following an implementation, Fischer's consulting services arm is always on hand to assist and guide, as much or as little as needed. The technical support department keeps detailed records on each client's operating environment from pre-installation and configuration to complete rollout. Fischer has taken its support one step further and designates a specific support individual for a company, creating a smoother conduit to technical solutions and answers.

Product Challenges

One of Prio! SecureSync's challenges is name recognition. Simply stated, Fischer spent so much time working on government contracts in the past that corporate America fails to recognize them today.

On the services side, the complexity of implementation of the product requires extremely experienced cross platform and cross database professionals. This increases both the total cost of the product and the importance the client must place on the quality of the individuals assisting in the implementation.

Product pricing is also a challenge in the eyes of some. Prio! SecureSync carries a price tag in the $200,000 (USD) range. While this figure may seem large at first, the companies the product is targeted at would think relatively little about the cost when weighed against the benefit of an automated and managed synchronization system designed to compensate for multiple disparate directories.

BOTTOM LINE
Vendor Recommendations

Fischer must increase support staff personnel in addition to consulting services personnel in order to adequately develop, implement and support the product on an ongoing basis. Fischer is aggressively recruiting top IT talent now, however IT recruiting is the largest problem facing any technologically based organization.

The acquisition of ISOCOR by Critical Path increases the client base into which Fischer and Siemens can now sell. Fischer must therefore also ramp up its sales and marketing force to take advantage of its current industry lead. Advertising is absolutely critical for SecureSync's success from a Fischer perspective. If Fischer can propel itself into the IT market as a 'household name', its strong directory synchronization product could lead to an extremely bright future for both Fischer and its clients.

User Recommendations

If your organization has multiple disparate directories, whether they are Network Operating Systems, ERP systems, CRM systems, Messaging Systems or e-business solutions; Prio! SecureSync will tie them all together, thereby continuously saving countless human work unit hours. Currently, this product does not apply to small organizations and is best applied to either very large or multinational corporations. If you are looking for a way out of directory chaos, Prio! SecureSync should be on your evaluation short list.

Editor's Note:
This article has been modified from its original form since the original publication date.