NDS gap puts users in a bind

Novell has quietly shelved a key directory-integration tool, which will likely force IT executives with mixed environments to make an either/or choice between NetWare and Microsoft's forthcoming Windows 2000.

And that choice may not be good news for Novell.

At issue is the redirect capability of Novell Directory Services (NDS) for NT. Redirect allows users to reroute authentication and access-control calls made to NT 4.0 domains into NDS, which nearly eliminates user management on NT servers.

However, in NDS 8 for NT, the next version of the software, redirect is being replaced by a bidirectional synchronisation tool called DirXML.

The switch means NDS shops will no longer be able to sidestep administration in the Microsoft environment if they upgrade to Windows 2000 Active Directory.

Administrators will have to manage both network operating system directory services.

"I'm concerned about the immediate absence of redirect," says Peter Cruikshank, network architect for the US Navy, who is currently piloting NDS for NT. "I don't want to upgrade to Active Directory now and then upgrade to redirect [at a later date]." Cruikshank says redirect provides a single directory service and that consolidation means less management. "If I had already deployed, this would be a bigger issue. I would have to ask myself, 'Where do I go now?'"Faced with that question, IT executives may be inclined to choose one or the other NOS (network operating system) for their enterprise, according to analysts.

"The lack of redirect puts pressure on NDS customers to choose between Novell and Microsoft," says Daniel Blum, an analyst with The Burton Group in Midvale, Utah. "Customers can't continue to run both directories in parallel quite as easily as they once could. The value proposition of NDS is reduced."

Novell seems to be in a better position to satisfy customers right now because Active Directory is not shipping and will be nothing short of challenging to deploy when it does. Still, the issue of redirect has users concerned.

"This is a step back for me. My understanding was that they would offer redirect," says one network architect for a large telecommunications company, who asked not to be named. "The best feature of NDS for NT is keeping passwords in synch. They need to recreate that with DirXML."

Novell says it will do that. "The push is to manage user objects from both directories as one object," says Cydni Tetro, product manager for NDS.

The mothballing of redirect is somewhat of an about-face for Novell, which had promised the technology would be there for Active Directory. Two weeks ago at the Gartner Group symposium, Novell CEO Eric Schmidt began selling the change, saying the mechanics of how NDS and Active Directory synchronize will vary from NT 4.0 to Windows 2000 but "from the customer perspective, the functionality is the same."

While some experts dispute Schmidt's assessment, customers committed to redirect may be on a dead end. Two weeks ago, Novell officials admitted that Active Directory redirection is difficult because an entire subsystem has to be replaced.

Some observers go further, saying that redirection is impossible. But Drew Major, Novell's chief scientist, last week downplayed the difficulty, saying the technology will be developed over the long term.

But Novell appears to be hedging its bet that users will eventually accept synchronisation, the same technology Microsoft is developing, over redirection.

"Novell doesn't want to do more work than they have to," says Laura DiDio, an analyst with Giga Information Group in Cambridge, Massachusetts. In addition, synchronisation is Novell's strategy as it pushes NDS into the electronic commerce market.

DiDio says both vendors know users don't want to run two NOS directory services for the same reasons they did not want to run both IP and IPX protocol stacks.

While synchronisation is not a bad alternative to redirect, it can mean as much as a 60% increase in administration for NetWare shops running NDS for NT, according to experts.

Putting redirect on the back burner is not entirely Novell's doing. Microsoft tried to make redirection impossible when developing Active Directory, according to observers. When coupled with Novell's decision to shelve redirect, it pushes users into a fog of choices.

IT executives can install NDS 8, and upgrade to NDS 8 for NT and deploy the 1.0 release of DirXML, both of which ship early next year. Novell will release migration and upgrade tools for DirXML, a set of directory connectors. The upgrade also requires NetWare 5.0 and a new client.

Users could also uninstall NDS for NT, migrate off NetWare, and adopt Windows 2000 Active Directory. They could run NDS and synchronize it with Active Directory or vice versa.

IT executives also could opt to run NDS natively on multiple platforms. Versions of NDS 8 for NT, Linux and Solaris are expected to ship in 60 days. And a version for Windows 2000 is under development, according to Paul Corriveau, product marketing manager for NDS.

Users also have the option of running NetVision's Synchronicity, which provides a single point of user administration through NetWare Administrator, the management console for NDS. Novell itself bought into that option when it licensed Synchronicity in September.

"We went with Synchronicity because we are looking to migrate away from Novell, and if you can't redirect, you add administrative overhead," says Dana Arnett, network services manager for Asante Health Systems in Medford, Oregon.

"Novell saw the failure of redirect coming," says Todd Lawson, president of Net-Vision. "That's one of the reasons they licensed Synchronicity, it was their trump card."

With the trump card down, users will have to decide which direction to pursue.

"If I had a mixed environment, I would wait and see the effort it takes to deploy Active Directory and then see if Active Directory or NDS is best for my environment," says Giga's DiDio. "Without redirect, users will have to choose."

Join the newsletter!

Error: Please check your email address.

More about AsanteBurton GroupDana AustraliaGartnerGartnerGiga Information GroupMicrosoftNDSNetVisionNovellSidestepSynchronicity

Show Comments

Market Place