Corporate Services Automation:
Realizing Directory Services Investments
Through Enterprise-Class Applications
(Originally published in Messaging Magazine, March/April 1999)

By Nand Mulchandani, Co-Founder, Oblix, Inc.

Employees at Hitachi Computer Products America witness corporate change on a daily basis. Corporate expansion, a competitive job economy and an increased use of contractors created a fluid environment that became a nightmare for Information Services (IS).

"In a time of frequent change, information services was the last to be notified of new hires," said Ron Valadez, IS manager at the Santa Clara, CA-based networking solutions provider. "Often we found out about new employees when they arrived at our desks, looking for computer services, e-mail, or phone set-up."

Trying to keep up with such a dynamic state was a huge administrative cost and productivity drain. New employees waited up to a week before network access and other services were fully provisioned. By the time news of status changes reached IS, employees could have long left the company. Corporate information was out-of-date, spread across disparate departments, and IS was struggling to find a solution they could deploy on their intranet.

Enter Standards-Based Directory Services
Like many enterprises today, Hitachi implemented a Lightweight Directory Access Protocol (LDAP) directory server for use by each of its departments as a common source of corporate information about people and resources. LDAP is a slimmed-down version of the X.500 protocol, and as a standardized protocol enables interoperability from different vendors.

But now that Hitachi had consolidated its corporate information, the company realized applications were needed to leverage their new investment and truly reduce costs across the enterprise. The key was implementing a suite of packaged Corporate Services Automation (CSA) applications that spoke the same language as their new directory—LDAP.

CSA applications helped speed the flow of information across Hitachi’s intranet. Departments were now notified in real-time about new hires or departures. The time to establish network services was cut by one week. A proprietary facilities management system was replaced by a Web-enabled one. And disparate employee information was unified and published in online profiles that could be administered in real time by employees or other authorized personnel.

"Now users are online and productive on their first day," said Valadez, noting that CSA enabled IS to become more productive as well. "We’ve seen a significant increase in the efficiency of our department, since we can now better plan our time and service our users."

As Hitachi’s case illustrates, CSA applications solve huge organizational problems by leveraging an LDAP-based directory already deployed on the network. The goal of this article is to illustrate how enterprise-class applications are essential to realizing a full return on investment in such LDAP-based directory services, as well as an organization’s mission-critical network infrastructure.

Standards-Based Directory Services
Many organizations and corporations are rolling out LDAP-based directory services to manage change by consolidating corporate information from disparate databases. In addition, many IS departments are rolling out LDAP to support new networking initiatives, such as Public Key Infrastructure (PKI), Single Sign-On (SSO), security, and access control.

The LDAP standard has already received widespread acceptance at the infrastructure level from vendors such as Bay Networks, Cisco Systems, Hewlett Packard, IBM, Microsoft, Netscape Communications, Novell, and Sun Microsystems. With such significant industry endorsement, twenty-one percent of U.S. companies implemented LDAP technology in 1998 and by the end of 1999, 40-million users are expected to benefit from corporate implementations of LDAP-based directory servers according to an IDC estimate. Standards-based directory services are now widely accepted as part of the new networking computer infrastructure.

In the midst of these IS initiatives, organizational change continues to occur at an unprecedented rate and corporations are finding it hard to manage the impact of this change on their new directories and existing systems. This is partly due to the overwhelming vastness of the problem, and partly due to the fact that IS departments are not prepared with the right tools to manage this change.

For instance, enterprises continually see an influx of new hires and contractors, as well as promotions, transfers and the reassignment of existing employees. Reorganizations, mergers and acquisitions may create, merge or dissolve divisions. Keeping pace with this nonstop change can be difficult and costly, especially for IS departments, who have to manage a vast amount of dynamic information across disconnected databases. Consider the following:

According to a Forrester Research study, a Fortune 1000 company has on average as many as 180 separate directories in its network. In such a case, mission critical information is typically stored in disconnected databases that span multiple functional departments, such as Human Resources (HR), Facilities, Security, Communications, and IS.

In an independent survey of a directory services firm’s customers, it was found that IS can expect to deal with 300,000 data changes and 40,000 service requests annually in a typical 10,000-person company. This is a direct result of maintaining multiple data directories, straining the provisioning process and responding to customers’ needs.

Handling such a large amount of data changes is complicated by the archaic methods in which they are typically done. To initiate a change, employees commonly follow multiple ad-hoc procedures, such as filling out a form or contacting a department administrator via e-mail or telephone. Days or weeks can pass before the change is entered into a database, and it can take even longer than that to be reflected across all departments. As a result, most departments lack real-time information about these changes—some may not even be aware of them. The burdens placed on IS and administrators continues to grow while service to end users suffers.

Because of this disconnected infrastructure, processing corporate change generally results in high systems and operations costs for the enterprise. Maintaining accurate, real-time data is essential in order to provide effective employee services and to reflect the true status of managed assets on the network. But inaccurate information subjects routine processing to delays, duplication, and errors, resulting in wasted time for the enterprise as it tries to reconcile problems. The scope of the change management problem is huge and has been corroborated by a variety of market researchers, including META Group, Burton Group, GartnerGroup, and The Radicati Group.

In the new evolving infrastructure landscape, LDAP-based directory services are being placed at the core. This positioning is designed to make common employee information accessible from a single location by multiple enterprise applications. Employee information from disparate sources is being unified in a centralized profile, a unified employee object that has been termed by various vendors the "Digital Persona." But to realize the full potential of LDAP-based directory services and manage the impact of organizational change, enterprise-class applications must be deployed.

CSA Applications
What is CSA? Before taking a look at CSA and how it is becoming a necessary step for organizations seeking to maximize the benefits of their directory services, two more terms need to be defined in a little more detail.

The Digital Persona, as previously mentioned, collects public employee information from multiple departmental databases and unifies this information in a centralized profile that is architected and stored in an LDAP-based directory service. Elements of the Digital Persona are taken from isolated departments such as HR, Facilities, Telecom, and IS. Typically, only public information that will likely be shared by multiple applications comprises the Digital Persona—for example, name, title, phone number, office location, and IP address would be shared, while salary information would not. See Figure 1—Elements of the Digital Persona.

Corporate services are all the services and resource information stored in the Digital Persona that employees need on a daily basis to be productive. These services are typically provided by multiple departments, who in turn are often the "owners" of the information. Some examples of corporate services include phone numbers, voicemail, computer equipment, facilities, office equipment, e-mail accounts, network services, security badges, application access information, single sign-on permissions, etc.

CSA is a new category of enterprise software that allows for a unified and standard view of employees and all their resources, and addresses the higher level issues brought about by deploying an LDAP-based directory service. CSA includes functionality such as the publishing, management, provisioning, and integration of corporate services based on the Digital Persona. With multi-departmental information unified in these employee profiles, enterprise-class CSA applications leverage LDAP directory services and enable corporations to automate the process of providing and tracking employee resources and services.

There are four broad areas of activity that fall in the realm of CSA: Publishing, Management, Provisioning, and Integration.

Publishing allows Digital Persona information, such as names, addresses, and other corporate data, to be distributed in real-time throughout the enterprise when it is changed. This often manifests in the form of corporate directory or "white pages" applications on a corporate intranet. The benefits are obvious. Accurate data improves employee productivity and communication, and the cost to print directories and organization charts (which are often quickly out of date) are eliminated.

Management allows for the specification of business rules and access control that determines who can view, add, change, and delete data stored within the Digital Persona. In combination with employee self-service, this results in faster data changes and service requests that don’t involve complex paper trails. IS administrative overhead is reduced, and costs associated with systems accessing incorrect data are eliminated.

Provisioning based on the Digital Persona allows a full range of corporate services to be provided through ticket-based workflow. Such online provisioning streamlines the new-hire process so employees can be productive immediately on their first day of work. Throughout a person’s employment, the cost and complexity of multi-departmental provisioning is reduced, and when they leave, services and resources are easily and quickly de-provisioned to eliminate security holes.

Integration is achieved by connecting the Digital Persona data with other enterprise systems, such as HR, asset tracking, help desk, and security. Integration and automated synchronization eliminate the manual, error-prone process usually gone through to import or export data. Integration also ensures access to accurate information is distributed across all data systems in the enterprise.

Standards-based LDAP directories, Meta directory services, and LDAP-compatible tools provide the backbone for integrating the many functional systems that exist in the enterprise. Recognizing that they’re suffering from a disconnected infrastructure, forward-looking companies are seeking relief by implementing such a backbone from infrastructure vendors. With such an infrastructure in place, CSA applications facilitate all the innovative activities that leverage a centralized data store. They enable an enterprise to fully realize the benefits of change management and satisfy the demands that sparked their quest for a solution. See Figure 2—Pressures That Lead To CSA.

For example, when 3Com Corporation acquired U.S. Robotics, they were challenged with integrating 6,000 additional employees, combining 17 different data networks and accessing and updating information across more than 10 different employee databases. The company first installed LDAP directory services to consolidate information. However, "LDAP directories alone wouldn’t solve the problem," said Klaus Schulz, Global Strategic Webmaster for 3Com. As part of a massive intranet project named 3Community, the company implemented CSA applications to make corporate resource information available to 14,000 employees around the world. According to Schulz, CSA "helped unify the combined company and has allowed our workforce to be much more productive. Equally as important, we’ll be able to meet future changes efficiently and cost effectively."

CSA enables corporations to manage the vast, growing and constantly changing employee database, so that all the information and services that employees need to do their jobs is immediately available. The CSA application captures business processes and rules such as for adding a new employee or processing an employee departure. CSA is a natural evolution and a direct response to the movement underway in large enterprises to overhaul their computing infrastructure with LDAP-based directory services.

Calculating Return on Investment
The total cost of ownership of CSA applications includes expenditures made to both implement, deploy and administer a directory services infrastructure, as well as to deploy and manage the CSA applications. The cost of a deployment will vary based on the level of performance and scalability required, the level of integration of disparate databases and directories, and the amount and intensity of the business process automation that is desired.

To calculate return on investment, we assumed a 10,000-person organization, a reasonable 10-percent turnover rate, a rate of 10 e-mails per employee per day, a fully loaded cost per employee of $50,000, and a fully loaded cost per IS admin of $75,000. We then grouped savings within two categories of CSA functionality: a corporate directory application and a service center application.

The following benefits were realized by implementing a corporate service center:

• Streamlining the process of adding, changing and deleting employees across all departmental databases through centralized management of the directory.
• Streamlining employee data processing and the service provisioning process from areas such as HR, Facilities, Telecom, and IS.
• Increases in employee productivity by eliminating downtime caused by delays in provisioning of essential services.
• Departments can provide better and more timely service across departments.
• Reduces risk by closing loopholes and sensitive information exposures caused by services remaining open after employees leave a company.
• Significant reduction in administrative and IS administrative costs associated with network operating systems and messaging systems.
• Estimated Total Savings: Over $3 Million, or $300/person.

The following benefits were realized by implementing a corporate directory:

• Elimination of the need for paperback phone and corporate directories.
• Increases in efficiency due to making electronic lookups versus paper lookups.
• Cost savings by avoiding the implementation of an internal corporate directory.
• E-mail efficiencies by eliminating incorrectly addressed correspondence.
• Elimination of the manual production of organizational charts and employee reports.
• Estimated Total Savings: Over $2 Million, or $200/person.

While no two enterprises are exactly alike, findings show that the deployment of a CSA solution within a 10,000-person organization enables a company to effectively manage corporate change and quickly realize an annual operating savings of over $5 million. These savings are based on reducing the costs of managing and publishing a company’s directory and automating the provisioning of corporate services. Web-based, self-service interfaces reduce deployment costs and streamline business processes, while existing applications benefit from the central management and availability of current and accurate data.

Through its research on Total Cost of Ownership (TCO), GartnerGroup has provided findings that are borne out by these savings estimates. In addition, IDC (International Data Corp) endorsed various vendor studies (notably Netscape) that have validated the administrative and service benefits of directory services. These estimates are thus realistic and conservative when compared to current estimates of IS administration costs per desktop.

These savings are only the beginning. The savings estimated are based only on the most straightforward estimates such as reducing the cost of processing employment status changes and reducing administrative time required to publish directory information. Additional savings will result from having streamlined business processes, increased employee productivity and access to accurate information. Large organizations and enterprises stand to benefit greatly from this technology.

Conclusion
Standards-based directory services are taking hold in the enterprise as LDAP is receiving widespread endorsement from a variety of vendors. The driving force behind such a massive rollout is the need to consolidate corporate information and to implement new networking and IS initiatives, such as Public Key Infrastructure (PKI), Single Sign-On (SSO), security, and access control.

To realize the full potential return on investment in these directory services, and in an organization’s network infrastructure, enterprise-class CSA applications must be implemented. As a new category of enterprise software, CSA allows for a unified and standard view of employees and all their resources, and addresses the higher level issues brought about by deploying LDAP-based directory services on the network.

Deployment of CSA applications within a 10,000-person organization can significantly leverage investments in directory services and realize an annual operating savings of over $5 million. These savings are based on reducing the cost of managing and publishing a company’s corporate directory and automating the provisioning of resources and services. Many companies are realizing the benefits of deploying CSA applications, such as 3Com Corporation, Hitachi Computer Products, Kinko’s, Knight Ridder, Parsons, Sun Microsystems, and Xilinx. MM

Back to Table of Contents