ProductsDesktop Server For Scientific Computing For IBM POWER For IBM System z For SAP Business Applications Red Hat Network Satellite ManagementExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportWeb Server Developer Studio Portfolio Edition JBoss Operations Network FuseSource Integration Products Web Framework Kit Application Platform Data Grid Portal Platform SOA Platform Business Rules Management System (BRMS) Data Services Platform Messaging JBoss Community or JBoss enterprise
SolutionsApplication development Business process management Enterprise application integration Interoperability Operational efficiency Security VirtualizationMigrate to Red Hat Enterprise Linux Systems management Upgrading to Red Hat Enterprise Linux JBoss Enterprise Middleware IBM AIX to Red Hat Enterprise Linux HP-UX to Red Hat Enterprise Linux Solaris to Red Hat Enterprise Linux UNIX to Red Hat Enterprise Linux Start a conversation with Red Hat Migration services
TrainingPopular and new courses JBoss Middleware Administration curriculum Core System Administration curriculum JBoss Middleware Development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing and Virtualization curriculum
ConsultingStandard Operating Environment (SOE) Strategic Migration Planning Service-oriented architecture (SOA) Enterprise Data Solutions Business Process Management
Issue #2 December 2004
- Better Living Through RPM, Part 2
- How Red Hat Got Its Name
- Red Hat Summit: Bringing the Heat to the Big Easy
- Imagine Choice
- Improving Usability: Principles and Steps for Better Software
- Geek Giving Guide
- From Source to Binary: The Inner Workings of GCC
- Configuring Devices with udev
- Tux Paint: Mousing Your Way to a Masterpiece
- Unlimited Anytime Minutes: GnomeMeeting, the Softphone
From the Inside
In each Issue
- Editor's Blog
- Red Hat Speaks
- Ask Shadowman
- Tips & Tricks
- Fedora Status Report
- Magazine Archive
Red Hat Speaks
Bob Lord, Senior Director, Directory and Security Products
Red Hat recently acquired Netscape Directory Server and Netscape Certificate Management System from the Netscape Enterprise Suite. These products will be integrated into Red Hat's Open Source Architecture plan over the next 6 to 12 months. We interviewed Bob Lord, Senior Director, Directory and Security Products, about Red Hat's plans for these technologies.
- What was the last position you held at Netscape?
- Most recently, I ran the Directory and Security teams at Netscape/AOL. I've been doing that for a while, having started working with the crypto team in 1998.
- What is your new position at Red Hat?
- My job at Red Hat is largely a continuation of my job at Netscape/AOL. We expect to continue to develop these applications, and to advance them even more quickly at Red Hat. The customers of these server products are increasingly Red Hat customers, so this acquisition has tremendous potential.
- What is the Red Hat Directory Server, formerly known as the Netscape Directory Server?
- The Directory Server centralizes user profiles, application settings, group data, policies, and access control information into a network-based registry. It simplifies user management by eliminating redundant, and often inconsistent, sources of this information. You may have heard of the acronym LDAP (Lightweight Directory Access Protocol), the protocol clients use to talk to the Directory Server. Clients like Mozilla Thunderbird and Microsoft Outlook Express use the LDAP protocol to extend the user's local address book and "typedown addressing."
- What is the Red Hat Certificate System, formerly known as the Netscape Certificate Management System?
- The Certificate System is a collection of technologies to manage user identities and to ensure the privacy of communications. It handles all the major PKI (public key infrastructure) lifecycle functions, for example enrollment and revocation. New in the 7.0 release are several features to help an organization deploy hardware tokens, for example USB keys.
- Are there plans to open source either of these products?
- At Netscape/AOL, we led the efforts to advance the NSS module in Mozilla. This module provides the cryptographic functions you see in all our server products, as well as in the Mozilla browser and mail clients. We also opened the source to our LDAP SDK in Mozilla. We had a great deal of success with these open source projects, and opening the source to the servers themselves is a logical step forward at some point in the future. Right now we have existing contractual obligations for the next release of these products, and so we'll be firming up all these plans in the coming weeks.
- Why did Red Hat buy these products instead of creating them or working on existing open source versions?
These products have been used in many large enterprises for years, and
they've won numerous hard-core fans. The Directory Server has unique
features like multi-master replication, and superior performance and
deployability. The Certificate System also excels in performance, and
also offers third party validation of certain security practices. For
example, we've had independent
labs validate that the NSS cryptographic libraries conform to the FIPS
standards. We've also
demonstrated that the Certificate System conforms to Common
Criteria standards. The Certificate System has superior support
for hardware security modules (HSM), and also integrates well with the
These server products tie together well. For example, the Certificate System's database is actually a Directory Server instance. By using the multi-master replication feature of the Directory Server, customers can clone a Certificate System server for performance and fault-tolerance.
- Is the Red Hat Directory Server going to replace OpenLDAP in future Red Hat operating systems?
- It's safe to say that the Directory Server is a mature and scalable product that companies will continue to want to buy for years into the future. We think it would be a good idea to provide migration utilities so that existing OpenLDAP customers could try out Red Hat Directory Server. Beyond that, we're going to be spending time talking to people inside and outside Red Hat to better understand the needs for a directory infrastructure.
- What's your most prized possession?
- Besides my Dalmatian, I would have to say I most prize my German Enigma machine. The Germans used the Enigma device during WWII to encrypt important military communications. Despite the excellent strength (for its time) of the Enigma code, the Allies secretly broke it and were able to eavesdrop on the Germans. This amazing accomplishment no doubt shortened WWII, and saved many lives on both sides of the conflict.