Security appliance vendor Imprivata has unveiled a major new release of the software that runs on its single sign-on devices. The main news is the addition of scalability, which it has achieved by porting to an Oracle database.
Lexington, Massachusetts-based Imprivata had offered its OneSign appliances on another commercial database, according to CTO David Ting. He was too polite to name the vendor, but since the previous product was commercial rather than open source, we can reasonably assume that it was Microsoft’s SQL Server, which is often where app developers start when they need a database, and would be the usual suspect for lack of scalability.
In version 4.0 of the OneSign firmware, Ting said the underlying database is Oracle 10g, which enables a number of new features. It means we can now scale for geography, with a single image [of the appliance] across disparate locations, he said. We keep relevant state information in the database, which is then replicated across multiple nodes using Oracle’s Streams technology.
This is the capability to propagate and manage data, transactions and events in a data stream from one database to another, publishing information to subscribed destinations.
Whereas in the past when our agents talked to the server they would only talk to the primary device, now our offering is a fully peer-to-peer, multi-master grid architecture, with Streams handling the replication, such that the geographically separate appliances are all on the same image, with shared metadata and full transparency, said Ting.
He said OneSign 4.0 is designed to scale for capacity so that whereas the appliances, which are normally deployed in a high-availability pair, can handle up to 50,000 users, the company’s agents can now load-balance between servers in a data center. He said this means they can be stacked for capacity and load-balanced across a cluster.
Again thanks to the Oracle Streams technology, Imprivata can now scale for business continuity, in that a company can now deploy the appliances for primary and backup sites. Then there is scaling for recovery, which involves bringing a server up to the same state as one that’s gone down, Ting said. The Streams technology for recovery and resolution of conflicts/versioning enables this to be done without manual adjudication, which is clearly a more painful process. We’ve built in conflict adjudication rules in v4.0.
Finally, Ting said there is scaling for admin. We’ve got hierarchical, delegated administration, with different levels of access rights, which we’ve always had, but now its more scalable and for more distributed deployments, he said.
The g in Oracle’s 10g product stands for grid, and the logical next question for Imprivata is whether the company is also thinking of virtual environments.
Once you’ve enabled the appliances to run in load-balanced clusters distributed across wide geographies, why not got the next step and enable them to run as virtual appliances in VMware or other virtualization vendors’ environments? Ting admitted that the company is looking at this possibility, without tying the offering to any particular hypervisor vendor, and said that, in future versions, OneSign will certainly run on virtual servers.
That Imprivata is moving to address larger, geographically distributed environments is no surprise. It speaks to the success of its appliance-based model, and that it should be mulling virtual environments means it will go even further down the road of delivering large networks of its products.
That it should have ported to Oracle is certainly a good advert for the database heavyweight, though of course the latter may have issues about making too much of a hoopla about this, even if it does give it boasting rights over Microsoft, given that it has its own identity and access management offering that competes with Imprivata’s.