Directory services are critical when it comes to making sense of different legacy databases — and Novell leads the field. Ken Mann assesses Novell’s role as leader and the plethora of applications developed around NDS which are reinforcing their dominance

There are many directory services, but the best known are Novell Directory Service (NDS) and Microsoft’s Active Directory Service (ADS). Now fallen on hard times, Banyan’s Streettalk has been a long term directory services player, but there are hundreds of smaller vendors offering LDAP-based applications (lightweight directory access protocol) based on NDS. When data resides in different legacy databases, what is needed is a unified view of the different entries. This is something LDAP was meant to achieve. Meanwhile, Novell pushes NDS, while Microsoft is heavily promoting its elusive Active Directory. It will probably take several years before Active Directory is as widespread as NDS. It will be even longer before ADS can take a single view across multiple directory databases.

Directories allow businesses to store and provide access to different types of information — including email addresses, phone numbers, security credentials and device configurations — vital to managing networks and conducting e-business. Consistency across directory-based applications can help enterprises to simplify information management, improve security and accelerate e-commerce across multi-platform computing environments. Open standards are especially important to software developers who write applications relying on directories. The Directory Interoperability Forum — of which Novell is a founder member — will help vendors to create and bring to market directory-enabled applications based on LDAP: the Lightweight Directory Access Protocol.

Says Chris Stone, senior VP for strategy and corporate development, Novell: "This collaboration of industry leaders is an expression of our joint commitment to standards and open architecture for doing business on the Internet. " As an initial step, the forum has verified that current LDAP-enabled applications interoperate with IBM SecureWay Directory, Novell Directory Services (NDS), Lotus Domino Directory and Netscape Directory. Applications tested include: IBM WebSphere, IBM Blue Pages, Lotus Domino, Lotus Notes, Tivoli Management products, Novell Groupwise and Novell Net Publisher.

Novell is definitely the market leader in directory services, shown by the quality of its alliances and support across applications from policy-based network management, thin client management, security, e-commerce and databases.

Lucent’s policy-based management application for the Cajun P550 Switch, a Layer switching, Layer 3 routing Ethernet platform, is integrated with NDS. This policy-based functionality is also scheduled to be available for the other members of Lucent’s Cajun Campus product line, plus other offerings in Lucent’s data networking enterprise portfolio over the next 12 months. "The pressure is on for network and IT managers in today’s organisations to provide a fast, reliable and efficient service, as well as the most up-to-date converged solutions. The challenge is to build and maintain a high-quality network, to the benefit of all users within an organisation, which is structured to tier resources to mission-critical applications," says John Collins, enterprise data networking product manager, Lucent Technologies EMEA.

In February 1999, Oracle and Novell announced they would provide integration of the Oracle8i database with Novell Directory Services (NDS) and interoperability between Oracle Internet Directory (OID) and NDS for single sign-on and centralised administration. Oracle Internet Directory (OID) can accommodate more than half a billion entries and support tens of thousands of simultaneous users — more than any other directory in the industry. OID is an open, standards-based directory that simplifies user and application administration and provides end users with a single point of entry to network resources, information and applications. Oracle and Novell are teaming up to bring integration and interoperability between Oracle8i, OID and Novell Directory Services. Novell and Oracle are also expanding their bundling agreement. Now, a five-user version of Oracle WebDB, Oracle’s Web application-development and content-management tool, will ship with NetWare. Oracle WebDB will allow users to build self-service Web applications quickly and data-driven Web sites with almost no training.

Using NDS as a security mechanism, Novell and ActivCard have also got together to provide the first strong authentication network security solution that integrates ActivCard’s smart card technology with the network management and security advantages of NDS and Novell’s Internet security management suite, BorderManager Enterprise Edition 3. This directory-enabled solution uses NDS to manage user access to network-based information and resources via ActivCard’s integrated Corporate Wallet services, including convenient smart cards or token devices used to establish the identity of users. Now available for open beta testing, the ActivCard/ Novell solution is the latest among hundreds of offerings that utilise NDS to manage the complexity of today’s networks. The in-depth security provided by strong authentication is crucial for companies facing the dual challenge of managing private data and extending their networks and applications to the World Wide Web. In order to ensure that company information is not accessed and altered by unauthorised parties, businesses are increasingly turning to smart cards and token devices to manage secure passwords and identify users. "Through this partnership with ActivCard, Novell continues to demonstrate momentum for directory-enabled applications and NDS," comments Stone.

"Dedicated authentication servers are now legacy," says Tom Arthur, president of ActivCard. "The integration of Corporate Wallet services as a feature of BorderManager Enterprise Edition 3 is a major leap forward in delivering on the promise of directory-enabled networks." ActivCard’s Corporate Wallet services are embedded in the BorderManager Enterprise Edition 3 suite, specifically in BorderManager Authentication Services 3. Corporate Wallet allows administrators to store, control, manage and distribute a variety of corporate credentials — including static passwords, dynamic passwords, digital certificates and private keys in order to authenticate users. As BorderManager Enterprise Edition 3 is integrated with NDS, the entire suite of services can be managed from a single, centralised administration console.

Meanwhile, Protocom Development Systems provides SecureTrustee to prevent security breaches on NetWare 4.x and 5.x servers by managing security centrally. NetWare 4.x and 5.x file system security is normally managed on a server-by-server basis. SecureTrustee enables network costs to be reduced by applying user-defined business rules. These rules control file and directory security on servers across the network from one point, eliminating the need to visit individually each fileserver or to update manually access rights when users change jobs or leave.

On the thin client front, Citrix MetaFrame 1.8 enables organisations to extend the reach of NDS to users over WAN or dial up connections, using Citrix Independent Computing Architecture (ICA). Users are able to deploy and use Novell’s enterprise applications, together with web technology, in order to provide optimum performance to the company’s ZENworks and Groupwise enterprise solutions over a wide area network.

With the Report Generator for BindView for NDS, available from Peapod, users have a seamlessly integrated analysis and reporting tool for their 4.x LAN. The reporting engine allows network administrators to browse the NDS database and all objects visible on the NDS tree; information regarding server configuration and server settings may also be accessed on licensed servers. All the powerful reporting and analysis capabilities of BindView are now available for NetWare 4.x and NetWare Directory Services.

The Report Generator gives network administrators the option of running BindView for NDS’s pre-defined reports or creating customised reports by using the sorting and filtering options. All reports generated are of presentation quality and may be printed, exported or even sent through e-mail. BindView for NDS’s Server Information Module provides access to NetWare 4.x server configuration information. File server documentation capabilities include NDS partition information, volume details, server set variable information, disk space analysis, NLM management and accounting information.

Security audits can be performed equally well with BindView for NDS. Through the Server Information Module, a complete data security analysis may be performed. By specifying a particular directory or file, the network administrator can access information regarding exactly which users have rights to network resources and how those rights were inherited. This allows network administrators to monitor and control user rights and access to network resources. "Every network administrator needs to know who has access to what, in order to keep the network secure and running," explains John Williams, product marketing manager, Peapod. "BindView for NDS gives the network administrator access to all the security information needed to perform his or her policing job effectively."

NDS object properties and information may be analysed and reported on with BindView for NDS Object Licenses. NDS objects include user accounts, groups, organisational roles, aliases, template users, printer queues, printers, user groups, container objects, and anything else defined as an object in the NDS tree. NDS Object oriented reporting allows the sorting and filtering of user and group object information to create reports that are customised to a network administrator’s specific needs. The network administrator can report on any properties associated with an object on the NDS tree, including disk space in use, disk space available, security restrictions, security equivalencies, group membership, location in the NDS tree organisational structure, rights that the object has and any other properties associated with the object.

John Collins:Pressure is on
network managers for a fast,
reliable service

ActivCard’s smart technology

To the fore: solutions from
Fore Software

John Williams, Peapod:
administrator access to all
the security information