A conference hosted by the Burton Group has brought to a head rivalries in the directory market. Network directories may seem esoteric, and indeed they were once the sole province of specialists like Banyan. Banyan’s StreetTalk is still a player, as is Novell’s NDS. But the arrival of competing directory products from Microsoft and Netscape has turned this technology backwater into a battlefield and the Burton Group conference into a bunfight.
By Rachel Chalmers
Everyone agrees on the basics: a directory for locating resources across a distributed system must be scalable, it must be fast, it must be based on industry standards, and it must be easy to administer and use. Apart from that, no one agrees on anything much. Part of the trouble is that Microsoft’s competitors are trying to compare their products’ specs with vaporware. Jeff Price, lead product manager for Windows NT Server, explains that Active Directory will be a feature of the recently delayed Windows NT Server 5.0, with a beta test version available in a few months. In true Redmond style, Price makes grand claims for the as-yet-untried technology. Active Directory will be unusually scalable, he says: We’ve taken it up to and beyond the enterprise level. We’ve tested it with more than one million objects per domain. And then, don’t forget, you can have trees of domains. Does this extra capacity exact a performance hit? Not necessarily, Price says. Key attributes of each object can be indexed, keeping down search times for very large domains. Of course if you’re hunting for an attribute that isn’t indexed you may have to spend a while twiddling your thumbs. Even so, Price claims Active Directory has the edge on Novell’s rival NDS in scalability, performance and the ease with which developers can integrate their applications. Unlike NDS, he says, Active Directory is based on industry standards such as LDAP, x.500 and DNS. In NDS, those had to be added on after the fact, he says. Finally, Microsoft has tried to make it easy for end users to access resources on the network, something Price says no vendor has done since Banyan. As for comparative newcomer Netscape, Price says: the biggest difference is the degree of integration between the directory server and the rest of the facilities. Active Directory, he says, is so tightly integrated it’s practically part of the OS – something of a recurring theme out of Redmond these days. Not surprisingly, Michael Simpson, director of marketing at Novell, disagrees with Price on virtually every point. He says LDAP support will be native in the next version of NDS, while as for scalability: The only scaling Microsoft can prove is in a lab environment, he claims, their product is not deployed. We have almost 40 million users. Scalability numbers we provide are based on facts. Simpson says NDS can boast an actual site running a two-million-user tree across multiple fault-tolerant servers. We have NDS running in largest carriers, AT&T, Deutsche Telekom, NTT, he says, the scalability needs of a carrier connecting multiple corporations is bigger than any one corporation could be. What’s more, Novell’s lab results far exceed those of Microsoft, one new technology now in initial testing allowed us to have 15 million objects on a single server, he says, that technology will be productized in next nine months.
Dynamic inheritance
Scalability aside, Simpson points out that NDS supports dynamic inheritance, making it easy for administrators to assign properties and permission to groups. A person moving from one group to another loses the properties associated with the first group and gains properties associated with the second group. Active Directory uses what is called ‘phatic inheritance’, meaning those permissions have to be reset by the system administrator each time someone moves. As a further argument for NDS, Simpson points to a just-announced security infrastructure which lets system administrators use the maximum cryptography legal for each region in the world, and gives corporations the ability to manage their own certificates and public keys internally. Buy Novell’s directory and you get all those services, free. In fairness to Microsoft, Simpson says building directories is difficult and learning how to do it well takes a lot of time. When NetWare 4 came out, it took us a year and a half to two years to get the architecture and stability solidified to the point where people could rely on it for their businesses, he says, I wish Active Directory was available right now, because it’s a whole lot easier for customers to compare products with products than products with promises. Where does Netscape stand on all this? Hard to say, since the company didn’t return calls. But at the Burton Group conference, vice president Ben Horowitz announced that Netscape would deliver a highly flexible meta-directory, able to consolidate directory data from multiple sources. Assuming Netscape can pull it off, not always a safe assumption, a virtual directory effectively trumps both Active Directory and NDS, which are merely actual directories after all. Netscape’s plan could solve the problems of IT directors in legacy environments, but it can’t have gone down well with Microsoft and Novell. The Burton Group called its conference Catalyst; Explosive Chemical Reaction might have been closer to the truth.
Content from our partners
