The rise of Suncle (volume 1)
by Deborah Volk on April 20th, 2009

With the news of Oracle acquiring Sun exploding like an errant bombshell on the peaceful identity management beach shores, it's a perfect opportunity for me to step into my analyst shoes (Jimmy Choos donations are welcome). For those of you who prefer your conversation in 140 character chunks, you can follow us on Twitter; the proposed Twitter tag for Sun/Oracle discussions is #suncle; it's also the tag used on this blog.

Let's compare and contrast Oracle and Sun identity and access management portfolios. We'll use functional buckets because that's the easiest way to get apples-to-apples comparison. Here's what Oracle's identity and access stack looks like today:
And here's what Sun's stack looks like:
Identity Administration. Oracle has Oracle Identity Manager (via an acquisition of Thor Technologies) and Oracle Role Manager (via an acquisition of Bridgestream). Sun has Sun Identity Manager (via an acquisition of Waveset) and Sun Role Manager (via an acquisition of Vauu). This will be the toughest fight in the land. Both OIM and SIM products are well respected by analysts and customers, both came via acquisitions of pure-plays that were #1 and #2 (or #2 and #1) in the IDM land. From a business perspective, it would be ideal for Oracle to retain Sun's customers and then gradually migrate them over to Platform X (my codename, not Oracle's) where Platform X will contain best of both Sun and Oracle product worlds. Pissing off Sun customer base early on will lead to rapid defection to either IBM, CA or Novell or smaller vendors such as Aveksa or Sailpoint that excel in certain areas of identity administration.

What is the genetic makeup of Platform X? My guesstimate is that the core of Platform X will be based on OIM and Sun Role Manager. There will not be a separate Role Manager product, role management will be part of an identity manager product. Role management does not make sense as a completely separate entity, it should be a service/module/set of features provided as part of identity manager. You want to manage roles and make decisions based on roles? You install a module and all functions within identity manager become role-aware, right down to connectors. Naturally this is science fiction at the moment (especially the connector bit) but Oracle has an opportunity to make it a reality and Do It Right™

Why will the core be OIM and not Sun Identity Manager? The current release of Oracle Identity Manager is 9.1.x and it is part of Oracle's 10g "umbrella" release stream that touches a number of Fusion products (For those from the Sun world, Fusion is Oracle's overarching brand for all things middleware and even apps that run on top of it). The "next generation" stream is 11g which has a corresponding OIM release. This is not just OIM, all Oracle identity and access products could rev up to 11g but OIM and Oracle Role Manager are the key strongholds and 11g needs them to be, well, labeled 11g versus just some next release. Oracle has been working on 11g stream with identity and access products for a while, I've heard a number of tentative release dates but I am not going to speculate or announce them on the blog. Suffice it to say that a lot of development, QA, marketing, comm effort went in to 11g and the effort started a while ago. For Oracle to turn around on a dime and to delay 11g in order to come up with Platform X will be a an execution miracle and I don't believe in miracles. Thus, I think 11g will go out as planned with some opportunistic changes where Sun/Oracle products either have gaps or absolutely no overlap (witness the lightning fast addition to the suite and rebranding of BEA's ALES product as Oracle Entitlement Server)
Last but not least, let's not forget a very important part of any identity manager product story - connectors. Sun has just released their connectors and a little bit of architectural foundation into the wild of Open Source and there's a licensing story that needs to be written on how that would shake out if Oracle wants a piece of the pie (a fork?). This final salvo by Sun is great for Sun customers since it's all within the context of Sun Identity Manager. The integration with Sun product is provided "out of the box" (out of source depot!) or assumed to be possible with little effort.

It'll be interesting to see what happens to this and other Sun open source/externally-focused initiatives when Oracle fully digests the rabbit. If Oracle decides to use Oracle Identity Manager as a baseline for Platform X, having Open Sourced connectors is a measure of protection for current Sun shops. That is, if you have the source code, you can keep on trucking for a bit longer with the Sun product and derive pleasure from not paying maintenance to Oracle, assuming you're willing to get your hands dirty (really dirty) whenever an issue comes up versus opening a support ticket. Regardless of whether the Sun connectors can be used by Platform X, high-quality connectors available out of the box are a large part of a successful deployment.

Next stop: access management

Posted in Business Perspective, Identity Management, Oracle Identity Manager, Sun Role Manager, Oracle Role Manager    Tagged with suncle


Fred Bement - April 22nd, 2009 at 7:26 AM
Love the "digests the rabbit" comment. Exactly what reptile does that make Oracle?
Deborah Volk - April 22nd, 2009 at 10:15 AM
A bigger rabbit.
K Kessler - June 8th, 2009 at 5:02 PM
I'm curious why you think Oracle will favor Sun Role Manager over Oracle Role Manager for "Platform X." Is Sun Role Manager better?
anon - November 25th, 2009 at 8:12 PM
"Is Sun Role Manager better?"

On almost every concievable comparison. ORM is nothing more than a glorified way to delegate admin to access policies. It lacks any reasonable role management workflows, recertification of role definitions, or role mining capabilities.
Leave a Comment

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)