At first, it doesn't seem like such a big deal. Companies everywhere are talking about the sort of naming service their network operating system (NOS) supports. But to listen to all the hype, it's not at all clear what's going on. After all, Microsoft points out, Windows NT Server has domain name service, which certainly seems to be a way of keeping users and servers in synch across the network.
Meanwhile, Novell is touting its directory service, called NDS (for NetWare Directory Service) as a notch above the rest. Banyan Systems, vendor of enterprise networking systems, is also talking about a directory service, but theirs is called StreetTalk. IBM, the other big NOS vendor, seems to be avoiding the subject altogether.
Confused? Don't feel bad. The companies involved aren't doing a lot to make things clear, but maybe I can help. Basically, there are three important facts that you need to know about network directory services.
First, a directory service (versus a directory naming service) is defined by international standards, in this case the CCITT X.500 standard. It provides information that, in turn, grants access to users, network servers, and other network resources. The directory information is available to the operating system as well as to users who want to query the service, to applications that need user and resource access information, such as network addresses, and to other resources.
Second, there are a number of providers of directory services in addition to Novell and Banyan, although those two vendors are most common in the LAN business. In fact, directory services can exist on any type of network, including WANs, where they are also used.
Third, the domain naming service used by NT Server isn't a directory service. Right now, in fact, Microsoft doesn't have a directory service for Windows NT, so users must make do with the domain naming service. Eventually, that situation should change, since Microsoft has already announced plans to support NDS.
What Is a Directory Service?
Just because the X.500 directory standard exists doesn't mean that every NOS follows it in the same way. Banyan, for example, claims to be X.500-compliant, while Novell says that NDS is "modeled" on X.500 but has a number of extensions so it's not "compliant." However, both Banyan and Novell say that their naming models meet the requirements of X.500.
To be considered a true directory service, a product must keep its directory information in a distributed hierarchical database that supports decentralized control but allows global access in a single global name space. In other words, the entire enterprise, regardless of the number of networks and servers, exists as a single entity. A true directory service must allow a wide variety of directory objects, including users and servers, and also contain other devices, such as printers, gateways, and communications devices. These objects should be extensible; that is, you should be able to add new objects as needed.
The most debated area is whether a directory service should be standards-based, which, to most network designers, means X.500. In this respect, Banyan is probably the purest of the LAN directory services, although Novell would probably argue that NDS is standards-based as well. The reason that the Microsoft domain service isn't really a directory service is because it fails a couple of the tests. Although the current versions of the domain system, with its trust relationships between domains, enable many of the features of a directory service, in a large enterprise such relationships would become unwieldy.
To further complicate matters, until Microsoft Exchange is released, there isn't much support for applications that need to access a global directory service. Products such as email systems need to maintain their own directories; they don't have any practical way to access a global directory, since there isn't one.
Change Is in the Air
Novell and Banyan, meanwhile, already support NT, although the nature of that support can vary. In June, Novell announced that it was shipping a new version of its NT client software which supports both Windows NT Workstation and NT Server, although it doesn't support server-based directory services for NT yet, just the client services. About the same time, Banyan Systems announced Vines 6.0, which includes an NT client; that client supports the Vines StreetTalk directory service.
These directory services have a number of common characteristics. Both support a single log-in to their networks. Users log onto the network, and their log-in information is authenticated by a distributed directory service. The service then authenticates the users to any resources to which they have access rights.
This single log-in capability also extends to location independence. Users can log on to any server on the enterprise network and have the same access and presence that they would if they logged on through the computer on their desk. Although a domain name service can achieve much the same result by establishing links between a user's home server and others on the network, these links must be established manually and they add to the management complexity of the network.
For a smaller network, the difference between a directory naming service, such as the one that comes with NT Server, and a directory service, such as NDS or StreetTalk, is not a major issue. Although the two are quite different in concept, when there are only a few servers and resources on the network, the job of managing it isn't all that complex, and the differences won't be obvious to most users or administrators.
The differences become obvious when enterprise networks reach a greater complexity and the management of diverse resources and many users becomes a bigger job. Then, the ability to work with a single service and have it propagate changes throughout the network becomes important. With a directory service, for example, you can authenticate users for access to a mainframe gateway, change email account information, establish new permission levels, and change permitted logon locations, all within the directory service. In addition, when new services are added to the network, such as a workgroup product or a network resource, it can pick up the user and resource information that is already present.
What's There Now
Right now, NT users are stuck with something less than half a loaf. Although both Novell and Banyan are selling NT client software, it's only for their own NOSs. Companies with NT Server as the NOS can't get server support, although the NT Server client function can still run the client software and have directory service support with the other NOS on the LAN.
Making matters worse, neither the Novell nor the Banyan solution is ideal, even for client software. Both are limited and, to some extent, buggy. Novell's new client has trouble supporting network interface cards (NICs) that also support Network Driver Interface Specification (NDIS) drivers, a task often performed in NT Workstation systems that attach to both a NetWare and an NT network. In addition, a number of users have complained of slim support for current NICs and of difficulty in running important applications, such as Lotus Notes.
Although Novell's problems with its Windows NT Requester client software are being fixed, sources within Microsoft say that the company is already working on the NDS problem. Banyan, meanwhile, has problems of its own with clients for its directory service. Mainly, it allows you to use the service even if you're not logged on as a supervisor- or administrator-level user. This security lapse allows ordinary Banyan users to change network software that they normally aren't even allowed to access.
Should You Wait?
Right now, companies with enterprise networks that use both NT Servers and Workstations are in something of a quandary. If they stay with their NetWare or Vines networks, they aren't going to get exactly what they want for a directory service. On the other hand, if they move to NT Server as their NOS, they aren't going to get a full directory service.
Fortunately, the quandary may have a resolution. Banyan plans to have the few remaining problems for StreetTalk fixed soon, so if you're willing to use Vines as your enterprise NOS, you can have both NT and a directory service. Novell already has a directory service that works with NT clients (regardless of whether they're running NT Workstation or NT Server), but it has a lot of limitations.
For many users, especially those on NetWare 3.12 and 4.1, the NDS limitations may be manageable. For those with earlier versions of NetWare, which the NT Requester has some problems with--especially version 3.11--and those with NICs or network software that isn't supported, there may be a problem. Then, you're probably wiser to stick with Microsoft's NetWare Client for your Novell environment--at least until some more bugs have been exterminated.
Should You Change?
Another solution, of course, is to change to NT Server as your NOS. For many networks, the domain name service is entirely adequate. Although it may not have all the capabilities of a full directory service, you may not need those capabilities--at least not now.
Although NT Server requires a somewhat heftier hardware environment than NetWare does, it has its compensations. For one thing, NT Server is a solid platform for application services, including such things as database servers and servers for Lotus Notes. In addition, it interacts well with existing NetWare servers so you don't need to make a dramatic change but instead can migrate easily. In fact, Microsoft includes tools with NT Server that do a lot to automate the migration process if you're moving from NetWare version 3.
The easiest answer, meanwhile, is not to do anything at all. If you're already running an NT Workstation, and it's doing what you need with NetWare--even if it's not all you'd like--you might want to be patient. Similarly, if you attach an NT Server to a Novell environment for such things as print services, and it works well, there may be no urgent reason to change that either.
However, if you really need a directory services solution, there's only one right now that supports PC-based networks. Banyan's Universal StreetTalk supports NT Server, NetWare, and Vines. Novell plans to have client support available for NT, perhaps by the time you read this, but NDS support for Microsoft servers is still in the planning stages. Or, you can wait until Microsoft ships Exchange and see if it includes a complete directory service.
For once, it might pay to be on the trailing edge of technology instead of the leading edge. Eventually, directory services will be readily available for all the major NOSs, and they'll support users on heterogeneous networks. But until then, maybe it's best just to wait.
|Microsoft * 206-882-8080|
|Novell * 801-451-5151|