Network Computing - Back Issues

online.gif (8897 bytes)

 

Direct action

Directory management for corporate networks is a critical IT task that can yield numerous benefits, especially when implemented along with directory services Ken Mann explains what directory management involves and takes a look at some of the key solutions

While many network managers have introduced directory services into their organisations, directory management hasn’t always been deployed in tandem. However, managing corporate directories is essential in many businesses to assure optimal resource allocation, react effectively to changes, reduce costs, and provide a proactive approach to network administration.
Who, in particular, should be concerned with directory management? A number of organisations and personnel should, including: large businesses generating millions of dynamic enterprise directory objects from hundreds of applications; IT staffs and departmental managers facing mergers, acquisitions, and reorganisations; IT staffs and departmental managers executing Microsoft Exchange/NT and NetWare deployments; T staffs modifying and upgrading networks in accordance with new executive mandates; enterprises preparing to migrate to the Microsoft Windows 2000 environment; and resellers and consultants coordinating enterprise networking systems that utilise directories.

Services and Directories
In order to understand why a business might require and benefit from directory management, it’s important to understand the differences between this technology and directory services. Directory services simplify key administration tasks such as user management, application security, and resource management by creating what is essentially a database (akin to a telephone book of addresses and information) for enterprise networks. Directory services products include: NTDS, Microsoft’s current directory service for Windows NT; Active Directory, Microsoft’s directory service for Windows 2000; NetWare Directory Services, Novell’s directory service; and StreetTalk, Banyan’s directory service.
Directory management, on the other hand, manages network directory objects and their attributes in multiple directories. Typical enterprise directory management tasks include delegation, domain management, reporting, security management, policy management, directory synchronisation, migrations, and scripting.
Directory management lies at the centre of the networking universe of various tasks, applications, and projects. This enables businesses to lower costs, control security, and increase efficiency by centralising management of heterogeneous network-directory structures; automating routine management tasks; securing, standardising, and optimising networks; and troubleshooting. The smaller the enterprise, however, the more limited directory management can be, relative to directory services.
Directory management, however, is a critical complement to directory services, allowing enterprises to address directory and domain issues more thoroughly at the granular object level. Such directory management enables enterprises to react efficiently to changes, reduce costs, and provide a proactive approach to network administration and projects such as Windows 2000 migrations.
For businesses that wish to reap the benefits of directory management, development of clear strategies for this technology can determine what is required of custom programs and shrink-wrapped applications that facilitate effective directory management. In this feature, we discuss mostly shrinkwrapped directory management products, with the exceptions of Lucent’s QIP 5.0 (which requires a fair degree of customisation) and Pervasive Software’s Tango 2000 development environment, which enables directory management tools to be created from scratch.

Effective solutions
Effective directory management solutions for NetWare, Windows NT and Microsoft Exchange networks should offer defined elements including: functionality, allowing network managers to easily and securely delegate simple administration tasks, within a domain or across multiple domains, to nonadministrators (such as help desk personnel fielding non-critical inquiries); a drag-and-drop interface to aid domain reconfigurations and consolidations, relieving managers from programming complexities to effect changes; a single interface enabling administrators to quickly generate customisable reports on NetWare, Windows NT and Microsoft Exchange domains, directories, and networks; historic reporting functionality for all domains and directories, providing useful and centralised information on current domain object states and the changes that have occurred to those objects; and a distributed architecture to reduce network traffic and increase processing speeds — critical attributes for larger deployments.
Directory management solutions with these attributes deliver numerous benefits. Costs remain minimal for automated domain reconfigurations and migrations, compared to the large costs resulting from tedious and time-consuming manual intervention. Costs are low for automated delegation of accounts, compared to expensive Windows NT administrator resources expended setting up accounts for new users and closing unused accounts, for example. Domain restructuring within Windows NT 4.0 prepares for efficient Windows 2000 migrations. In fact, the best way to prepare for Windows 2000 migrations is to take advantage of NDS-centric directory management tools which also extend into the Windows NT/2000 domain.
Determining domain and directory management strategies in advance provides opportunities to managers whose local knowledge is indispensable to the process for reorganising workflow and human resources. In fact, these managers can also capitalise on scripting solutions that do not require vast programming skills.
Directory services management products provide system and network administrators with a comprehensive view of user accounts, applications, and other objects that need to be managed on a global, enterprise-wide basis. With the industry moving to a business object view of corporate data and towards centralised management of the distributed enterprise, global directory management has become a requirement.

Product overview
Lucent INS’ QIP Enterprise 5.0 integrates leading directory services offerings via a Light-weight Directory Access Protocol (LDAP) gateway to Netscape’s Directory Server and Novell’s Directory Server, and Microsoft Active Directory when available. Network managers can simplify administration and better control services by sharing common information across network applications and services.
With QIP Enterprise 5.0, all management operations of DDNS and DHCP are through a QIP/LDAP interface to the directory service. Directory-enabled DDNS and DHCP servers are lightweight, with support for symmetrical multi-processors and tuned for high performance operation. Lucent has worked closely with the Directory Enabled Networking (DEN) group and will support and adopt directory services schema standards as they become available.
QIP Enterprise 5.0 allows directory-based and RDBMS-based data repositories to coexist, providing administrators with the complete flexibility to migrate to a directory services model based on their needs and objectives.
All Computer Associates’ Cheyenne products, including its directory services management offerings, work with CA-Unicenter. Customers benefit from the inclusion of directory services as managed objects within the CA-Unicenter environment for the management and operation of their mission-critical client/server enterprise networks, systems, databases and applications.
CA’s software tools aid in the process of migrating user account information among various NetWare versions: from NetWare 3.x to 5.x, and between NetWare and Windows NT. The products also consolidate and analyse user account and other directory information across multiple servers on a network, thus facilitating the management of enterprise-wide directory information. AuditWare provides auditing and reporting capabilities that, among other functions, help administrators manage network security across a globally-distributed network of servers. AuditWare can detect ‘stealth’ users and ‘dangerous’ users, users with high-level system and network privileges but whose accounts do not have adequate password protection.
Pervasive Software has been a long-term partner to Novell. As well as distributing Pervasive.SQL with every copy of NetWare, the latest edition of the company’s development environment, Tango 2000, also enables programmers to manipulate the NDS environment, thus making it a powerful tool for building multi-directory management services products.
ServerMagic 2.0 from Powerquest automatically copies or moves a server’s hard drive to a new one without having to back up or restore a single trustee right, Network Directory Services (NDS) setting or byte of data. Once copied, ServerMagic allows the user to expand NetWare partitions, as well as the DOS partition, on the new server drive, saving time and money for the administrator.
“Prior to ServerMagic, LAN administrators spent several hours upgrading and restoring a server system,” says John Winger, PowerQuest director of network product marketing. “ServerMagic reduces total cost of ownership by facilitating the backup process and copying, moving and enlarging all server partitions to the new drive without risking data loss. Winger adds that working with trustee settings inside of the NDS, which the IT administrator uses to manage the network, can be very difficult. “Trustee settings are hot buttons for network administrators. They’re tricky. The fact that ServerMagic can see and save those settings is invaluable.”
The Innosoft Utility LDAPter is a highly scriptable command line TCL shell that is useful for directory managers to manipulate an LDAP-enabled directory. It allows managers to perform very powerful bulk updates to directory entries, for example, a telephone number STD code change could be made in one “fell swoop”.
In Innosoft’s PowerDirectory 5.0, there is also a Schema Editor that will enable an administrator to manipulate the schema in real time — the editor is used to change the ‘fields’ in the directory. Finally, the Innosoft Enterprise DirectoryPortal Browser is a tool that allows administrators and end users to view and update directory data.
Protocom Development Systems provides several NDS directory management products including DSAlert for NetWare, for NDS error monitoring and reporting; SecureTrustee for centralised administration of NetWare file security; and ProSchedule, a NetWare console scheduling system; SecureLogin, a multi-platform single signon product.
Protocom SecureTrustee integrates NDS and Microsoft Active Directory with file server data security to allow business access rules to be applied to the file system. Protocom ProSchedule integrates with NDS to provide easy management of server console tasks on any server in a network, significantly reducing the time required to perform server installations and routine maintenance. Protocom ConsoleAlert is a diagnostic and network support tool that allows NDS error conditions to be monitored and reported. In addition, response actions can be highly configured, according to user-defined criteria. This means ConsoleAlert can automatically take corrective actions to prevent problems from becoming support calls. Using ConsoleAlert, SNMP alerts can be generated when messages appear on the NetWare server console.
Through its NDS Solution, Visio Enterprise is a drawing tool that directly links into NDS directory structures. Visio Enterprise enables existing NDS trees to be automatically diagrammed and export new or updated tree views directly to NDS.

Enterprise growth
Directory services deployments provide value for enterprises grappling with the never-ending growth of their directories — the enterprise network telephone books that track and list numerous domain addresses of users, computer resources (such as networked printers), and applications.
No matter which vendor’s directory services solutions are deployed, enterprise directory growth is assured, generating millions of directory objects, and ensuring directory management will remain a critical complement for networked enterprises.

Seppic5.gif (21996 bytes)

Pervasive SQL 2000. Pervasive has been a long-term partner of Novell

 

 

Seppic3.gif (17706 bytes)

Protocom ProSchedule

 

 

Seppic4.gif (17353 bytes)

ServerMagic from Powerquest

 

 

Seppic6.gif (17598 bytes)

Visio Enterprise is a drawing tool that directly links
into NDS directory structures