Taking Another Look at Active Directory

When Active Directory (AD) debuted in Windows 2000 eighteen months ago, industry experts dismissed the technology as a first-generation product that wouldn't scale well or meet customer needs. Many—myself included—predicted that AD adoption would be slow and recommended that customers investigate this solution cautiously. But something interesting has happened in the intervening months: Microsoft reported recently that 75 percent of its customer base was at various stages of deploying AD. And although I don't put much stock in Microsoft's press releases, a discussion with the company regarding AD led to some interesting—and unmonitored—conversations with Microsoft customers who've rolled out AD in large environments at enormous savings. If you dismissed AD as a "1.0" release, as I did, you might be surprised to discover the successes some people are having with it.

I began by discussing AD uptake with Perry Anton, Microsoft's AD product manager. Anton told me that AD was seeing wider deployment than the company expected, in a variety of situations, which the company breaks down into small, medium, and large organizations. Microsoft worked with Mindcraft, an independent test lab, who delivered a somewhat unsurprising study—given the source—showing that AD is not only cheaper than competing solutions, but delivers better performance.

The Mindcraft study report addresses directory services that include an extranet component—that is, a portion of the directory's functionality is exposed through Web applications outside the local network. According to the report, AD delivers the best performance ever in this category, by 19 percent, in a 1-million user directory. And AD's performance with a 15-million user directory is comparable to massive UNIX solutions that cost millions more. The report concludes that Microsoft is delivering an enterprise-class directory solution, with record-breaking performance, outstanding scaling, and low total cost of ownership (TCO).

The report alone did little to change my attitude about AD. After all, Microsoft and its competitors regularly publish such reports. But some of Anton's figures are intriguing. Anton told me that a 15-million-user AD performs on par with a 1-million-user iPlanet platform running on Sun Microsystems hardware and uses 12 fewer processors. And the Sun solution was processor-pegged: It was running at full capacity, whereas the Web servers running AD hit only 60 percent capacity during the tests.

But Microsoft's offer to let me speak unconditionally with customers rolling out AD was intriguing. Microsoft mentioned several corporations, including Cincinnati Financial and Anthem Blue Cross Blue Shield, that had been happily surprised by the scalability, performance, and price of AD solutions. I elected to speak with John Reynolds, the senior advisor and technical architect for e-business at Anthem Blue Cross Blue Shield, who is responsible for one of the largest AD rollouts in the United States. His frank and open discussion about AD won me over.

"When we were looking for a modern directory, one of the first things we did was to check out the analyst reports on these solutions," Reynolds told me. "Gartner \[Group is\] extremely conservative and tends to reiterate the truth—what we already know. Gartner said that Microsoft wasn't a player in the directory space, but no one had really implemented \[AD\], and no one had proven that it could work. Gartner wasn't offering any new information, but the company did recommend an IBM directory service. Was it truly a great product? No. Does it do multimastering? No." Reynolds decided he needed to look into these solutions himself, and eventually the choice came down to Novell NetWare and AD, based on the functionality he needed and the capabilities of the respective solutions.

"Hands down, there was a huge gap between those two solutions and the next one (iPlanet)," he said. "And all but NetWare, \[iPlanet\], and Microsoft are still stuck in the old master-slave mode. So \[the choice\] came down to AD and NetWare. Novell's price, off the street, was $7 million for a 15 to 20-million-user directory, and we negotiated that down to $4 million. Microsoft's price was the cost of the OS and some Internet-based client licenses. Microsoft wanted to come in and implement it, which included $50,000 in support services, for a total of $150,000. It was no contest."

Reynolds says the uninformed perceptions about AD have to change. "Microsoft's solutions scale both up and out. We wanted 15 to 20 million users, so we called Compaq, EMC, and Oracle and asked them to work with Microsoft to make this \[implementation\] happen. Not only did the companies agree \[to work together\], but they delivered \[the solutions\] and proved that AD is scalable. AD outperformed NetWare and iPlanet on Sun using only half the processors and exhibited consistent, controlled growth from 1 million to 8 million to 20 million users. AD doesn't plateau out as the Sun solution \[did\]."

Another common misconception, Reynolds says, is about Microsoft's use of standard technologies. "We figured that \[Visual Basic\] (VB) and other Microsoft applications had proprietary APIs that enabled them to bypass \[Lightweight Directory Access Protocol\] (LDAP) and work natively for better performance, but we were wrong," he said. "They go through standard LDAP. \[AD\] is very compliant as a product. The only thing that AD \[does\] differently is build \[its\] schema objects, which isn't a big deal. But using standard LDAP allows us to interoperate with a wide range of applications on various platforms."

So is AD a scalable, cost-efficient platform? Perhaps, and I'm starting to think that Microsoft might have finally gotten something right the first time out. Of course, the next version—due in early 2002 with Microsoft.NET Server—will offer performance and functionality enhancements, better UIs, and other changes. But I'm interested in whether AD is making the grade with our readers. Are you rolling out AD? And what was the deciding factor?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.