Focus Shifts to Directory-Enabled Applications<@VM>Network Revolution<@VM>High Stakes in Network Roulette<@VM>Novell<@VM>Migration Applications<@VM>Entevo<@VM>Mission Critical Software
By John Makulowich
Filtering the flood of facts and fluff on Windows 2000, you get the impression that the federal and commercial network administrator of the future will need a lot more than a degree in computer science or an industrial-strength technical background.
The deeper you delve, a master's degree in business administration is not such a bad career choice. There are a number of reasons.
First, the features that Microsoft Corp. is adding to Windows 2000, like Active Directory and Media, Management, Internet Information and Security Services, not only are likely to spark an increase in antacid tablet sales but also to require network administrators to more closely examine the wares of a few select companies that offer applications to ease the transition.
This category includes Entevo Corp., Arlington, Va.; FastLane Technologies Inc., Halifax, Nova Scotia; and Mission Critical Software Inc., Houston.
Second, the move from NT 4.0 or a competitor's network operating system to Windows 2000 requires a host of network, organizational, policy and even political decisions, a kind of lengthy checklist of options and alternatives normally found only in crisis management or emergency treatment centers manned by trained personnel.
Third, network migration on the order of Windows 2000 is looking more and more like a data warehousing exercise for some large enterprises and agencies. The task of cleansing the network, as it were, is likely to consume a significant amount of time, money and effort.
Finally, there is the pressing need for the network administrator to anticipate the growth of the organization, plan for new personnel and operational units scattered across the globe and determine how best to deal with the likely effects on the network and its management.
Not that Microsoft or other companies offering network operating systems, such as Novell Inc., Provo, Utah, have thought little about these issues. In fact, you find on their Web sites a range of materials to address the potential problems that migration to Windows 2000 is likely to spark.
The major difficulty, like much else in this transition period of the Network Revolution of the '90s, is that there is no one simple solution, direct answer or quick fix to management of the network. No one knows the direction and extent, the breadth and depth, of the continuing impact of the Internet, including intranets, extranets, e-business, et al., on the enterprise. While there are many jockeys, very few can ride the horse safely.
To make matters worse, Microsoft and Novell are likely to lock horns soon in a battle for control of the directory services market, one that several observers feel will be a major playing field within the next five years, if not sooner.
For example, Lance Horne, principal technology specialist for Microsoft Federal Systems and an expert on Windows 2000, said: "The focus on directory services is important and justified. In five years, directory-enabled applications will play a key role. For example, the next release of Exchange Server, code-named Platinum, will use that. It will be the first application to represent the new paradigm, to be completely directory-enabled."
Thus, Windows 2000 and Platinum, due out later this year, will share one location for user and configuration information: the Active Directory.
Microsoft said the benefits include cost-effective directory management, improved replication (duplication of the database), enhanced security, expanded scalability and a common programming interface. Further, Platinum will be fully backward compatible with previous versions of Exchange Server and clients.
Echoing Horne's opinion but shortening the time line for directory-enabled applications is Olivier Thierry, vice president of marketing for Mission Critical Software, one of the firms offering migration software for organizations moving to Windows 2000.
"Directory-enabled applications will come sooner than five years. The playing field will change when critical applications are storing information in the [Active] Directory. And Microsoft will be successful in driving vendors to adopt directory-enabled applications. It is likely we will see business applications in 14 to 16 months," said Thierry.
He believes that by storing in the Active Directory more and more so-called objects, or representations of network resources such as users and groups, machines, devices and applications, the next logical step will be the use of Active Directory by key players in enterprise resource planning.
Thierry said: "I really view Windows 2000 not as an O/S [network operating system] but as a directory choice. It will have much more impact there."
The concept of network directory services and directory-enabled applications is far from new. Back in 1994, Novell introduced the Directory Services feature as part of its network operating system, NetWare 4.x. Now in its third generation, NDS (Novell Directory Services) remains a market leader.
As defined by the company, NDS is a "distributed database of information about every application, user, server and resource on a network." In fact, the corporate tag line for Novell is "The Internet Directory Leader."
Using NDS, an administrator can centrally manage the network through a treelike hierarchy. And NDS for NT is also a market leader. Now enter Microsoft with Windows 2000 and Active Directory, which Cisco Systems Inc., San Jose, Calif., committed to for Unix systems way back in May 1997.
On the other side, the momentum for directory-enabled applications started with a joint announcement by Cisco and Microsoft in September 1997 on directory-enabled networks. At the Microsoft Professional Developers Conference, the two companies announced an industrywide initiative to integrate directory services and networks as well as a draft specification.
That action led the way to development of network applications to work with products from different network and directory vendors to catalyze the deployment of next-generation, network-based applications.
According to Cisco, a directory-enabled network integrates user profiles, applications and network services through a common information model. This allows optimal use of bandwidth and policy-based management, as well as a single point of administration of all network resources.
What has changed in the network landscape that has made directory services all the rage? The need for services like NDS and Active Directory has grown with the size of the corporate network, according to Creative Networks Inc., Palo Alto, Calif., an intranet and extranet consulting and research firm, which last year published a white paper on Lightweight Directory Access Protocol, directory services and directory-enabled networks.
As the firm noted: "The need for directory services has evolved well beyond the simple friendly-name-to-e-mail-address or DNS-name-to-IP-address conversion that used to define directory services. Today, directory services are needed for the common white-pages information, such as e-mail address, telephone number and fax number, as well as for other per-user information, such as browser bookmarks, saved search-engine queries and e-mail and document preferences."
The firm concluded that "What was only a nicety on LANs that connected tens or hundreds of clients has become a truly critical service on intranets that connect thousands of resources and often have links to the Internet with its millions of resources and users."With the stakes likely to become very high in the newest round of network roulette, it comes as no surprise that Microsoft is again flexing its marketing muscle with Windows 2000. (Renamed from Windows NT in October 1998, it is set for official launch this October.) Alongside the software giant are a number of companies ready and able to help with the migration of the enterprise. And Novell is very willing to take its turn at the wheel.
Judging from Horne's comments, one of the company's Federal Systems NT experts, Microsoft believes migration to Windows 2000 will take many paths. And the issues will be the same, whether the organization is public or private, local or international.
Some organizations will be perfectly happy staying with their existing NT 4.0 infrastructure. Others may choose an in-place upgrade to gain the benefits of Windows 2000 beyond the Active Directory. Still others will choose to incrementally restructure their NT 4.0 domains.
"That is why we chose to make available a suite of technologies from Mission Critical that aids in the incremental approach. We support both the in-place upgrade and the incremental," said Horne.
Regardless of the path, one thing is clear for Horne and many other industry observers: Directory services are increasingly a necessary component of any information systems management approach. And to Horne, Active Directory is the enabler for much of the distributed functionality that will ship with Windows 2000.
"One of the goals in delivering Windows 2000 is to make the total cost of ownership lower and to simplify the management and administration of the environment. Customers agree that the features in Windows 2000 server will make life easier for administrative personnel," said Horne.
When asked about what role, if any, NDS for NT could play in the network managed with Windows 2000, Horne did not mince words.
"NDS for NT will not upgrade to Windows 2000. We [Microsoft] do not see NDS for NT as a sound migration path to the Active Directory," he said.
Horne said NDS for NT replaces critical system DLLs [Dynamic Link Library, software to provide services to applications] in the Windows Operating System. Other solutions, such as those of Entevo, Mission Critical Software and FastLane, are nondestructive. For example, he pointed out that solutions, such as some of Entevo's, are immediately usable in Windows 2000.
"The choice for Windows 2000 is based on the fact that organizations need to make strategic decisions for the long term. The key question is, will you be able to support the application strategy given the infrastructure in place? Active directory is a key component of Windows 2000. And Windows NT is the most widely accepted platform on the planet," said Horne.Pose the question to Novell about the role of NDS for NT in the Windows 2000 environment, and the correction is quickly and carefully made.
Adam Smith, Novell's product marketing manager for NDS for NT, said: "Let me stress that it is not an either/or decision. Deploying Active Directory does not rule out NDS, and vice versa. We will do what will help our customers integrate their applications, whether Microsoft or any other vendor. We will help our customers with Active Directory, if necessary, to leverage that service across the entire enterprise or intranet."
Smith's even-handed approach is buoyed with data from the market research firm International Data Corp. of Framingham, Mass. According to its most recent directory services report, there will be nearly 60 million NDS users by the end of 1999. There have been no published reports about how many users specifically have deployed NDS for NT. Novell itself tracks NDS users on any platform, including NetWare, NT and Unix.
In the battle for mind and market share, it is clear that Novell is taking a different tack than to bang heads with Microsoft. In fact, it is focusing its attention on a key component of e-business known as XML, the Extensible Markup Language. It is a metalanguage used to produce content information for Web pages.
Novell's initiative, named DirXML, was just launched at the Burton Group Catalyst '99 Conference in July. A software solution that helps customers link business data for use in e-business applications, DirXML extends NDS to link and manage all locations where business and network information is stored. This includes software applications, network operating systems, databases and network devices.
As Christopher Stone, senior vice president of strategy and corporate development for Novell, noted at the time of the announcement: "Our goal is to connect all the data on the network to enable enterprise companies to expand their electronic business opportunities."
While Novell takes the high ground, the companies with tools for migrating from NT 4.0 to Windows 2000 version 5.0 are working in the trenches.
One example is FastLane, which offers enterprise directory management solutions. It launched its flagship product, named FINAL (FastLane Integrated Network Application Language) in 1993. Since then, the company has introduced several directory management applications and development and migration solutions for Microsoft Windows NT and Windows 2000 as well as the Banyan VINES network operating system.
Among its clients are Canadian and U.S. government departments, including Correctional Services Canada, Canada's Department of National Defence, Human Resources Development Canada, the U.S. Marine Corps and U.S. Air Force.
Its newest product is the FastLane DM/Suite, a series of applications built using Active DMS (Directory Management Service) that allow network managers to sim-
plify enterprise directory management and enable enterprises to coexist with, migrate to and administer numerous enterprise directories.
When Keith Millar, FastLane product manager, looks at the NDS vs. Active Directory issue, he said that from where many companies sit, the choice will make a big difference.
"If a company is committed to NT, it is hard to argue against the easy task to choose Active Directory, since it is backward compatible. Right now, though, when you look at what is out there and what is working, you see NDS. But add Exchange and SQL and the decision to move to DNS is more painful," Millar said.
A key issue for Millar is that NT 4.0 over the last five years essentially has sneaked into the enterprise. And the NT domain structure has become a kind of grass-roots domain, or rogue domains, as it were. That is hard to deal with when looked at from the viewpoint of cost of ownership, for example, in having to maintain trusts, which are the ties between domains in NT 4.0.
With Windows 2000 and Active Directory, which is built on the treelike hierarchy and relies on LDAP, network administrators will need to reconfigure their domains. And that is where FastLane comes into play.
Millar says there will be three main stages that companies must work through to prepare their networks for Windows 2000.
First is to clean the data the way that those who create data warehouses or data marts must prepare it before converting it for use in the database. Since the directory basically is a peer database of users and groups distributed to all throughout the enterprise, no one really has a clean database.
There will be users with improper access, names of users no longer with the enterprise, individuals with multiple login names and users with incorrect password settings. On the computer side, there will be software that no one ever asked to have there. Not cleaning data would move those problems to the Active Directory.
Among the tasks performed by FastLane's DM suite is to rid the system of all accounts for people who no longer work for the company and to generate a comprehensive list of what will or will not work.
The second stage is moving from the flat structure of the NT 4.0 domains to the hierarchical structure of the Active Directory. Here the task amounts to "infect these people with, "Think Hierarchical.' " Because Windows 2000 allows spanning multiple NT 4.0 domains, the administrator can model the network based on the requirements of the business.
But Millar said: "With flexibility comes complexity. While NT 4.0 tiptoed into the enterprise, that approach will not be successful with Active Directory. Now you need much more planning, not only in administrative issues but in political boundaries. Given the curve, we have step-by-step briefs in the Learning/Solutions Center on our Web site."
The third stage is testing the system. Millar uses the analogy of flight simulation, advising clients to do their trials on the ground rather than test the installation in the air.
"DM Suite is a migration product. We have coexistence very firmly in mind; that is, to keep NT 4.0 up and running while you migrate so you can go back to the old system if necessary," Millar said.
In the final analysis, the main driver for those moving to Windows 2000 must be the sometimes magical total cost of ownership. Millar stressed that organizations need to ask what is killing them from a cost perspective. Is it administration, reliability, scalability?Another company running alongside Microsoft and offering directory management solutions for the enterprise market is Entevo Corp. Privately held and venture-funded, this startup was founded in 1993. Its directory management products are designed to deploy, integrate, administer and maintain enterprise directories in Windows 2000 and other vendor platforms.
With its DirectManage suite, the company claims to be the first provider to deliver an Active Directory ready, cross-platform solution.
Dale Gardner, director of product marketing, firmly believes that management from a single interface across multiple directory services on multiple platforms is important, whether NT, Exchange, Active Directory or Novell's NDS.
"Deploying new technologies is important on a managerial, as well as technical, level. The issue becomes how smooth and robust is the process. Whether creating new users or resetting passwords, you need a strong administrative component focused on enhancing productivity with fewer errors and problems," Gardner said.
He cited the federal space, specifically the Defense Department, noting that because it is focused on Exchange Server as their e-mail backbone system, Entevo's solution was accepted: The company's suite can be used to administer both Novell and NT environments from a single console.
"We can offer an attractive proposition to our customers. In the move from NDS to NT, clients are used to a robust hierarchy. We can take the current hierarchy in NDS and migrate that into NT using a direct map that sits on top of NT and replicates that hierarchy. We can also administer the Exchange environment, create the NT users and create the Exchange mail boxes," Gardner said.
The company debuted its DirectAdmin Exchange Plus Pack beta, the most recent addition to the DirectManage suite, during Microsoft's Tech Ed conference in May. That package extends DirectManage's ability to co-manage resources across multiple directories including Windows NT 4.0 domains, Active Directory, Novell NDS and Microsoft Exchange from a single management console.
"Cross-platform management is an absolute requirement for the 30 million Exchange users in enterprises planning migration to Windows 2000 and Active Directory," said Dave Malcolm, Exchange group product manager at Microsoft, at the time of the Entevo announcement. "By leveraging Microsoft's Active Directory Service Interfaces (ADSI), Entevo quickly integrated cross-platform management of Microsoft Exchange resources into its DirectManage suite."
Using the Exchange Plus Pack, directory administrators can create and delete mailboxes, customize recipients, distribution lists, organizational units, containers and public folders as well as view and set their properties, owners and permissions. Automated co-management features ensure that changes made in Windows NT are automatically reflected in the Microsoft Exchange directory.
The application also offers administrators a unified view of public folder security across multiple Exchange sites, with the ability to view and set permissions and report on ownership.
In line with Microsoft's Horne and Mission Critical's Thierry, Gardner believes that directory-enabled applications loom large on the network horizon and likely will be a model for many organizations.
Gardner mentioned two key drivers. First is the ability to define users and access rights in systems management as well as decide what applications wind up on an individual user's desktop. In the latter case, the user's profile resides in the Active Directory.
The second driver for directory-enabled applications is e-business (business to business) and e-commerce (business to consumer). Here, the example is the role of extranet applications, right now largely in the commercial space, as opposed to the public space. Given an application-based relationship with the user, much of the information will be stored in the directory.
There seems little question that directory technology will become pervasive. By 2003, according to IDC projections, considerably more than 500 million directory clients will be in use.
The market for directory servers is expected to grow at a compound annual growth rate of 35 percent and is even higher for Active Directory.
Another research firm, the Burton Group of Midvale, Utah, produced a study in February 1999, "Network Strategy Overview: The Enterprise Directory Value Proposition," which views directories as the most significant technology issue to face customers over the next three years.
Specialists in network computing technologies, the firm noted in its report that to start an enterprise directory project, a typical Global 1000 organization must spend between $1 million and $2 million, depending on the number of users on the network, the number of directories being integrated and the overall scope of the project.
The Burton Group concluded: "With a well-executed implementation plan, enterprise customers can expect a return of approximately five times their ongoing investment, depending on the size of the network, the number of users in the directory, and the number of directories being integrated with the enterprise directory.
"Organizations can realize that return in cost savings in the millions of dollars, primarily in the areas of administration and support. But those savings will come only through the hard work and significant resource commitments that directory projects require, which includes dealing with dirty directory data and internal politics, both of which can derail directory projects," the group said.Yet a third company targeting the introduction of Windows 2000 and the advent of Active Directory as a marketing opportunity is Mission Critical Software. That company offers its OnePoint Domain Administrator, an enterprise-scale Windows NT systems administration and management software product that promises security, simplicity and reduced cost of ownership.
Its target is the customer in organizations that deploy or plan to deploy Windows NT and Windows 2000 networks. The company claims that the seven largest firms in the world use its products.
With the company's OnePoint Domain Administrator graphical user interface and extensive automation, Mission Critical Software claims that "if you can drag and drop, you can migrate" everything from user accounts, groups and member servers to workstations and user rights into Windows 2000 and Active Directory while continuing to preserve access to existing resources.
Another tool, OnePoint ActiveViews, allows the network administrator to model, prototype and test multiple AD tree structures in NT 4.0 or Windows 2000. After dragging and dropping these ActiveViews into Active Directory, the Domain Administrator automates the creation of a fully functional organizational unit hierarchy.
It was Thierry, vice president of marketing, who felt directory-enabled business applications would make a significant marketing dent within the next 14 to 16 months, and that Windows 2000 will have more impact as a directory service than as a network operating system.
Beyond those issues, he sees security playing a major role in the thinking of network administrators and the installation of network applications, utilities and the operating system.
"Security will be huge. Other areas that will focus attention as Windows 2000 comes on stream include content management, policy-based administration of the content and synchronization," said Thierry.
He noted policy-based administration of content as an important example.
If an enterprise is carrying so much data in the directory, how will it go about managing that data? Will the network administrator decide to delegate control as well as access?
"The role of the administrator is to define administrative or content policies to the enterprise. That includes resetting passwords. As we get into more and more business objects, the policies will be much more businesslike, truly business policies," said Thierry.
When all is said and done, he sees the key challenge in moving to the Active Directory as defining a three-dimensional organization in a two-dimensional hierarchy. If the structure is not set up correctly, the enterprise and the network administrator are likely to be in serious trouble.
It is another reason why few companies are likely to move straight to Windows 2000 with an in-place installation, and why a master's degree in business administration is not such a bad career choice for network administrators planning for the future.