Blogger: Mark Diodati
At a macro level, the acquisition puts Oracle in the hardware business. Many organizations running the Oracle Database run it on the Solaris operating system and Sun hardware. This is a "peanut butter and jelly" combination, and it continues to be popular since its introduction over 15 years ago. Sun’s MySQL product will bolster the Oracle Database business, as the product serves a different audience at a different price point than Oracle 11g. The Sun acquisition also puts Oracle in the operating system business for real (though Oracle has offered a flavor of Linux for several years).
From an IdM perspective, there is significant overlap in the provisioning, web access management, and federation product classes. It will take some time before Oracle even announces their plans plus more time to enact the migration plan. Both companies OEM their enterprise SSO offerings from other vendors, so completing the enterprise SSO roadmap should be relatively trivial. Oracle has a strong fine-grained authorization product, the result of its acquisition of BEA in early 2008.
My colleague Ian Glazer notes that both Oracle and Sun have role management products and their functionality is not wholly redundant. Oracle may have the opportunity to build a better, more complete offering.
Sun brings its very popular LDAP-based Java System Directory Server to the table. Oracle also has an LDAP directory server (Oracle Identity Directory), which is frequently deployed to manage users and roles in Oracle Database and application deployments. There is overlap between these two products, and Oracle will need to choose between two very widely deployed directories. Oracle also has a virtual directory product as a result of its 2005 acquisition of OctetString; Sun has no virtual directory capabilities to speak of. Virtual directories are becoming more valuable as organizations tackle identity management projects. From a sales perspective, Oracle's possession of both directory server and virtual directory technologies provides a significant advantage over its IdM competitors.
My colleague Bob Blakley points out that if Oracle wants to keep any of the Sun IdM assets (which is by no means a sure thing), it will have to modify the products to conform to the Fusion Middleware architecture; customers should expect Oracle to make decisions regarding IdM portfolio overlap more on the basis of business considerations than on the technical merits of the products. In any event, Oracle is very likely to place a higher priority on Sun products outside of the IdM suite.
In light of all this, customers currently selecting an IdM vendor who are seriously considering Sun should not panic, but they should speak both to Sun and to Oracle about the potential costs of an IdM migration two to three years out in the event of a completed acquisition. Oracle will not be able to make any forward-looking statements until the acquisition is complete, but the customer discussion with Oracle puts the company on notice that the future of the Sun IdM suite is of interest to the customers it brings on board. Sun customers should seek and Sun may be able to provide contract terms which reduce both future migration costs and risks for customers who are purchasing Sun IdM products during a period of uncertainty. Going forward, all customers must hold Oracle accountable to its service level agreements as there is great opportunity for customer dissatisfaction during this transition period.
In summary, Oracle’s acquires highly complementary hardware and operating system products. From an IdM perspective, the acquisition will bring some roadmap turmoil for the provisioning, web access management, and federation product classes. Oracle’s directory services portfolio (both directory server and virtual directory server) looks very strong, with no competitor coming close to the same capabilities and market share. Add the XACML-based, finer grained authorization capabilities provided by the BEA acquisition, and Oracle has significant coverage in IdM products. Strong synergies exist between IdM and ERP products, and Oracle has both.
For Oracle to be successful, it must improve its product integration and enhancement efforts, which have not been optimal with its prior IdM acquisitions. With this acquisition, Oracle is not just adding one more IdM product to the mix, but an entire suite. My colleague Gerry Gebel has commented that Oracle – and customers - will be in better shape in 2-3 years, after the acquisition dust settles. In the interim, there is great opportunity for aggressive competitors to take advantage of the situation and Oracle must be prepared to defend its turf.
Not sure I would agree with the Directory and Web Access Management comments. Sun has had Virtual Directory capabilities for several years now (Since Version 6 of its DSEE offering) and its Web Access Manager offering (Access Manager/OpenSSO) has had XACML Request/Response support for some time now.
In my experience the Web Access Management offering from Sun is more complete and easier to install and deploy.
Posted by: Andrew | April 30, 2009 at 07:42 PM
No mention of how Novell's IdM suite will benefit? Customers who were considering Oracle or Sun I believe will look to Novell now with the uncertainty this merger brings. Novell has a much stronger Directory and provisioning engine than either Oracle or Sun.
Posted by: Jeff Johnson | May 02, 2009 at 10:45 AM
I don't think Oracle needs to choose between two directories. Oracle Internet Directory (OID) is tightly coupled to many Oracle apps (e-Business Suite top among them), it's a requirement if you try to externalize identities or do SSO with these apps. It'll always be there for Oracle-happy customers who like to stuff everything into an Oracle database. (OID uses the database as physical storage layer). Sun's DS can be offered as a choice to customers who prefer a "pure", lightweight directory approach. This would work well for Sun customer base as well as Oracle customers and prospects who came to Oracle for IDM products rather than apps et al.
For my opinion on how the stacks match up, I've done a series of articles on our blog starting at http://tinyurl.com/cnjc6l
Posted by: Deborah Volk | May 02, 2009 at 01:13 PM
Jeff, we are not focusing on opportunities for other vendors in this post. Ultimately, that choice is up to the customer but we acknowledge that other vendors can attempt to exploit this latest IdM acquisition.
Gerry Gebel
Posted by: gerry gebel | May 06, 2009 at 09:16 PM
Deborah,
We are in strong agreement with your description of the use cases and features for both directory server products. However, it is hard to imagine Oracle offering and maintaining two directory products due to development, support, and other costs associated with such a choice. For Sun directory customers, it will be important to voice your concerns with Oracle and let them know what your preferred outcome looks like.
Mark Diodati
Posted by: mark diodati | May 06, 2009 at 09:21 PM
Andrew,
We reviewed both the Sun virtual directory and Oracle virtual directory products as part of our research of the virtual directory marketplace (Virtual Directories: Valuable Present, Promising Future - client subscription required). The Sun virtual directory lacks many core features as compared to products from Oracle, Symlabs, and Radiant Logic, including:
• Supports only LDAP and relational database management system (RDBMS) repositories (no web services-based, java-based or other identity repositories like RACF, etc)
• No support for many-to-many RDBMS relationships
• No schema discovery
• No caching capabilities
• No graphical interface. It must be administered and configured via a command-line interface.
The Oracle installation process has been relatively simple for a number of years. Sun has made enhancements to its WAM product in recent years to improve installation. They have about the same installation complexity today. “Completeness” is in the eye of the beholder. Burton Group has researched both companies’ WAM products, creating individual research documents for the Oracle and Sun WAM products, as well as a market landscape document. Ultimately, the decision on what product(s) to keep will be based on many factors – not just technical comparisons.
Posted by: mark diodati | May 06, 2009 at 09:28 PM