Www.novell.com
[pic][pic]
Operating System
Comparing Windows 2000 Server to NetWare 6.0
White Paper
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2002 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, MS-DOS, Windows, the Windows logo, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Contents
CONTENTS 3
Executive summary 1
Basic network operating system functionality 1
Directory services 1
Extended functionality 2
Introduction 4
Network operating systems 5
Operating system capabilities 5
Preemptive multitasking 5
SMP 6
Hardware support 7
Network protocols 8
Configuring network protocols 10
File services 11
File system security 11
Distributed file systems 11
Hierarchical storage management and RAID support 13
RAID storage 14
Print services 15
Managing printers 15
Internet Printing Protocol 16
Directory services 17
Domains and partitions 17
Directory organization and size 17
Redundancy 18
Replication 18
The directory schema 19
Security 19
Migration 20
Internet standards support 21
LDAP 21
Domain Name System 21
Overall technology solution 24
Management interfaces 24
Management 24
Monitoring 25
Searchable content 26
Offline access 27
Clustering 27
Web servers 28
Third-party support 29
Interoperability 31
Integration Solutions to Suit Your Needs 32
Services for Netware Migration and Interoperability Utilities 32
Secure Data Transfer from Netware to Windows 2000 Server 33
Summary 34
Executive summary
Ten years ago, the landscape of computers and their supporting operating systems looked vastly different. The predominant network operating system was Novell’s NetWare, while the Windows platform was primarily thought of as a desktop operating system. In the decade that has passed, Windows 2000 has grown into a comprehensive and robust network server, while NetWare’s presence has steadily declined. At this point in time, a Windows 2000 network not only matches the basic network functionality of NetWare 6.0, but also offers significantly more functionality and flexibility for the overall environment.
Basic network operating system functionality
From a pure operating system standpoint, support for both preemptive multitasking and symmetrical multiprocessor machines is more complete and robust in Windows 2000. Windows 2000 supports a significantly broader range of hardware than NetWare 6.0 does.
Windows 2000 is built around the standard TCP/IP network protocol and can easily support multi-protocol networks, while NetWare 6.0 is still hampered by its past connection to its proprietary SPX/IPX protocol. Although NetWare 6.0 does support TCP/IP, Netware’s support for multi-protocol networks is more difficult to configure and frequently requires add-on modules.
Both NetWare 6.0 and Windows 2000 Server provide basic file-system capabilities. However, Windows 2000 provides a much more robust distributed file system, as well as an easy-to-use interface for defining access rights to files. Windows 2000 Server has more extensive support for hierarchical storage systems, and Windows 2000 Server supports three types of Redundant Array of Independent Disks (RAID) storage, as compared to NetWare 6.0’s native support for only the most basic level of RAID.
The Windows 2000 Server platform even delivers superior value in the area of print services, which lets you manage printers more easily than NetWare 6.0 does. Windows 2000 Server has provided support for Internet Print Protocol (IPP), one of the latest advances in print services, while IPP support, called iPrint in NeWare, is brand new in NetWare 6.0, or as an add-on for NetWare 5.1 customers if they had the foresight to purchase upgrade protection.
As the size and complexity of networks has grown, Windows 2000 Server has continued to grow with them.
Directory services
One of the key requirements for today’s networks is a central directory of resources available in the network. Windows 2000 Server’s Active Directory® service is an industry-leading directory service, while NetWare’s eDirectory lags in crucial areas.
Active Directory has been designed from the start to support very large networks. Active Directory can contain millions of objects, and every Active Directory server provides redundancy for every other Active Directory server. Under an earlier version of NetWare, Novell recommended that no individual partition for their eDirectory contain more than 10,000 objects, and eDirectory requires a separate server for each partition. Novell claims that they have overcome this limitation, but only time will tell if the eDirectory scales to the enterprise level that Active Directory does.
Replication is the process used to propagate changes between different network servers. Active Directory gives you a great deal of flexibility in how replication occurs, so you can create the most appropriate replication strategy for your particular network topology. NetWare 6.0’s replication is more resource intensive and does not provide as many options to control the impact of replication on your network.
The schema of a directory defines the object types and attributes that a directory can contain. The schema for Active Directory is extensible and contained within Active Directory itself, which makes it easier to interrogate.
Active Directory provides significantly more options in the area of security. Active Directory supports industry standards for security, such as Kerberos and Smart Cards, and provides a tool for checking access controls across servers. In addition, trust relationships are automatic and transitive among all domains in an Active Directory tree. NetWare 6.0 lacks all of these features.
Establishing a state-of-the-art network typically requires a migration process. Active Directory provides a much better set of tools to migrate from legacy networks, such as domain-based networks, as well as NetWare-based networks. For more information about this topic, please refer to the section on interoperability below.
Finally, Active Directory provides native support for key Internet standards, such as the Lightweight Directory Access Protocol (LDAP) and the Domain Name System (DNS). Active Directory is completely LDAP compliant, and DNS support is built into the native product. NetWare 6.0 does not support either of these with the depth of Windows 2000 Server.
Extended functionality
While the Windows 2000 Server platform provides unsurpassed network operating services, the additional functionality inherent in the Windows environment offers customers an even bigger advantage.
One of the biggest differences between the extended functionality of Windows 2000 Server and NetWare 6.0 is the management and monitoring capabilities of the two products. Windows 2000 Server has a single, user-friendly management interface in the Microsoft Management Console (MMC) for most management tasks. Wizards and property sheets also make configuring certain features a simple task. NetWare 6.0 has added new management interfaces but still requires the use of older management applications for many of its features. Monitoring with the Windows 2000 Performance Monitor delivers in-depth and summarized information, much more than NetWare 6.0’s tools provide.
Both products provide a way to make network data searchable, but Windows 2000 Server, in contrast to NetWare 6.0, provides this capability as a native part of the operating system, which lets you index data on Windows servers and clients throughout your network, as well as data on the Internet.
Both products provide the ability to work with network files when a user is disconnected from a network. But Windows 2000 Server also supports the use of a Virtual Private Network (VPN), which gives a user the ability to access network data securely from remote locations without requiring the management headache of maintaining multiple copies of data on different computers.
The Windows 2000 server platform gives you the ability to cluster up to 32 servers with no extra charge, while NetWare 6.0 only allows clusters of 2 servers with the base product. Windows 2000 Server also includes active failover capabilities that are missing in NetWare 6.0, which can result in significantly higher availability for a Windows 2000 network.
Windows 2000 Server’s Web service, Internet Information Service (IIS), is an integral part of the Windows environment and widely in use, while NetWare has offered three different Web services in their past three releases, all of them based on technology that originated outside of Novell.
Most importantly, since the Windows platform is the standard for the computing world, third-party providers are much more motivated to support Windows 2000 Server than NetWare 6.0. , As Novell’s Installed Base of Servers continues to decline, third party support may not increase, while Windows 2000 Server will remain the platform of choice offering the broadest industry-wide support available from application and tool vendors.
Given the advantages outlined in this paper, Windows 2000 Server can create a superior networked environment for your business. From basic operating system functionality to interoperability to extended functionality, Windows 2000 Server provides superior value.
Introduction
Operating systems serve as the software foundation for individual computers. For more than 20 years, Microsoft has worked hard to improve its desktop operating systems as they progressed from MS-DOS® to the latest versions of Windows 2000 Server and Windows XP.
Network operating systems have communication and coordination between computers as their primary focus. Novell began as a network operating system (NOS) vendor, and for a number of years, held a large installed base in the NOS marketplace for LANs of personal computers. For many years, the IPX/SPX network protocols were integral to Novell’s solution and NetWare was the networking solution of choice for LANs because of its concentration on basic network functionality: file and print sharing.
Next-generation operating systems, such as Windows 2000 Server, have grown to include the capabilities that were once the exclusive territory of a network operating system. As part of this evolution, Windows 2000 Server has taken a more advanced and open approach to implementing these and other capabilities included in NetWare 6.0.
Network operating systems
Network operating systems are focused around providing the services needed for computers to interact as part of a network. NetWare began its history as strictly a network operating system devoted to running on network servers and providing file and print services to other machines that were part of the network.
Windows’ heritage began with a desktop operating system. Windows NT® was introduced as a network operating system. Windows 2000 Server is a mature and stable operating system with both server and desktop workstations.
The comparison between Windows 2000 Server and NetWare 6.0 will focus on four areas of contrast—basic operating system capabilities, support of network protocols, file services, and print services.
Operating system capabilities
Both Windows 2000 Server and NetWare 6.0 are operating systems, and both are built to run on an Intel-based architecture. This architecture includes four separate rings of code execution—ring 0 through ring 3. The purpose of these rings is to separate the execution of different types of code from one another other.
Ring 0 is referred to as kernel mode, and ring 3 is user mode. Some code runs in kernel mode, and other code runs in user mode. The operating system has complete control over the 0 ring (kernel mode), while programs that run on top of the operating system run in user mode. The way the kernel operates has a dramatic influence on the way your server and its applications will perform.
The kernel is the heart of the operating system and controls which other processes are allowed to run and when they can run. The kernel is responsible for scheduling, memory management, and other critical tasks. Both Windows 2000 Server and NetWare 6.0 have kernel code, but there are some differences in the way certain functions are handled.
This section will cover the basic functions and technologies that a server operating system incorporates to provide fast response times, the proper scheduling of tasks, and user applications that are necessary in today’s current business environment.
NetWare 6.0 is the first version of NetWare to provide the following capabilities:
• Preemptive multitasking
• Symmetric multiprocessing
• Running process threads in parallel in a multiprocessing system
Preemptive multitasking
NetWare 6.0 is the Novell’s first attempt at completely supporting preemptive multitasking. Although previous versions of NetWare might have supported some applications in multiprocessing mode, the IP stack could only support single-processing mode. An application can take advantage of multiple CPUs, but the basic IP handlers would act as a single-processor bottleneck, which would interfere with the benefit of using multiple CPUs. In these previous versions, Novell provided support for multiprocessor systems without providing the performance truly needed in the OS to warrant your investment in the system—an expensive proposition for you.
Preemptive multitasking is based on a set of priorities and is used on single or multiple CPU systems. It is also based on the concept of threads, which are separate portions of code in an application that can run as individual units. Preemptive multitasking allows for one thread, with a higher priority, to preempt another thread that might be running. This prioritization mechanism is one way in which the Windows 2000 Server platform differs from earlier operating systems, such as Windows 95. Because a thread running at a higher priority can take control of the processor when need be, there is very little likelihood that a single application can hang up the server. This advantage can be used to tune a Windows 2000 Server so that it provides just the right response to network or application demands as needed by your users. This capability is also why the Task Manager is able to end a misbehaving process under Windows 2000 Server. The code for the Task Manager can preempt the process (because the Task Manager can run at a higher priority than the process), end it, and clean up any data structures left behind.
Prior to NetWare 6.0, a round-robin approach was taken to assigning run time to a process. This technique grants each process an equal amount of CPU time, one after another, whether the process needs it or not. Preemptive multitasking lets your applications take advantage of all of the power the CPUs on your server can offer. Without preemptive multitasking, the operating system was unable to grant priorities to more crucial operations, which could lead to decreased performance and control. With NetWare 6, preemptive multitasking has finally been added.
Although NetWare 6.0 also supports symmetric multiprocessing, this does not mean that all applications will run in this manner on a NetWare 6.0 Server. To create code that can take advantage of preemptive multitasking or symmetric multiprocessing, the programmer must make decisions when writing the application. An application might need significant modifications to take advantage of this new capability effectively.
In contrast, the Windows platform has offered preemptive multitasking for many years. There are thousands and thousands of applications, created by a huge base of developers that have been developing tightly written code for Windows-based systems for many years now. Microsoft has always been keen on providing developers with the latest tools, code examples, and library of technical documentation to ensure that applications could be written to run efficiently on Windows. Windows 2000 Server has a head start of many years over NetWare 6.0, which is just now trying to catch up to this level of sophistication. How long will it take for application developers to rewrite their code so that it can take advantage of the new preemptive multitasking capability that NetWare 6.0 has just now adopted? As NetWare’s Installed Base continues to decline, third-party developers might choose not to rewrite their applications for the NetWare platform at all.
SMP
Symmetrical multiprocessing (SMP) is an extension of the basic concept of multitasking. Symmetric multiprocessing means that not only can you have multiple threads in a process, each running with its own priority, but also you can spread the load among multiple processors. A portion of the operating system kernel coordinates which threads can run and on which processors. It is therefore possible to have a single application running many different threads on different processors at the same time. The Windows kernel provides the scheduling mechanism that is used to determine which process or thread will run on any CPU in an SMP environment. The administrator can also select to run a particular program or process on only a certain CPU.
NetWare 6.0 also supports SMP, but with some restrictions. For example, the first CPU in the server (processor 0) is the “boot processor” and can’t be taken offline. Instead, when the administrator uses Server Console commands for administering SMP computers, the commands are run on this first processor. The remaining processors are called “secondary processors,” and these processors can be used to run user applications. During the setup of NetWare 6.0 on an SMP-enabled server, the administrator has the choice of loading a NetWare Loadable Module (NLM) that provides the support for multiprocessing or to run NetWare on just the first processor. This NLM is called the Platform Support Module (PSM) and is used as an interface between NetWare and the underlying hardware configuration.
Novell wants the individual hardware vendors to provide and support their own PSM module. As NetWare’s Installed Base continues to decline, vendors might be less willing to devote resources to creating, upgrading, and supporting their own PSM modules.
With NetWare’s implementation of SMP, older NetWare applications run only on the first processor. This limitation means that only newer applications written specifically for NetWare 6.0’s new SMP implementation will take advantage of the additional CPUs installed on the system. The Windows 2000 Server platform allows any application to run on any processor in an SMP machine.
These features have been part of Windows 2000 Server and its predecessors for many years. There are thousands of applications that have been developed (and certified by Microsoft) to run on Windows 2000 Server. By comparison, there are very few third-party applications written to take advantage of SMP when using NetWare 6.0.
Hardware support
Windows 2000 Server runs on just about any Intel-based platform that meets the minimum hardware requirements set forth in the Hardware Compatibility List (HCL), which includes all major manufacturers. If you purchase a server that has multiple processors installed, and it’s on the HCL, then you can be sure that Windows 2000 Server will take advantage of that extra computing power. The HCL provides a much broader range of vendor support for applications than does Netware 6.0.
Network protocols
Network protocols are the standards a network operating system uses to communicate with the members of the network. Network protocols provide the communication language used by all members of the network. For this reason, support for multiple network protocols is the foundation of an enterprise-enabled operating system today. A small local area network (LAN) might need only TCP/IP, but most larger networks are composed of more than one type of client or server operating system. For these systems to exchange data and make use of services throughout the network, support for many networking protocols is essential.
Early versions of NetWare relied on its proprietary IPX/SPX network protocol. Although today’s networks might still have vestiges of this protocol within their networks, TCP/IP, the protocol the Internet uses, has become the de facto standard for network protocols. Windows 2000 Server is built around TCP/IP and other associated Internet protocols and services, such as DNS, the Dynamic Host Configuration Protocol (DHCP), and LDAP, which are discussed later in this paper.
But a truly flexible network operating system can support multiple network protocols in the same network environment, a capability that allows support for a wide variety of heterogeneous network implementations.
Novell has fallen behind Microsoft in terms of supporting multiple network protocol stacks that are common in today’s environments. While Windows NT and Windows 2000 server operating systems support multi-protocol stacks that can satisfy a wide variety of clients, Novell has only recently begun to shed its IPX/SPX legacy. NetWare adopted the TCP/IP protocol a few years ago, and problems still exist in mixed networks of IPX and TCP/IP. Most companies are not prepared to support Novell’s embrace of Service Location Protocol (SLP), while Microsoft uses industry-standard DNS for the same task.
Microsoft has continued to refine its operating systems and protocol implementations so that creating multi-protocol networks can be more easily accomplished using Microsoft products than NetWare products. Windows Server operating systems have supported TCP/IP and Microsoft’s version of the IPX protocol (NWLink), as well as gateways and client software for Apple Macintosh and UNIX clients, since Windows NT 3.51.
Windows operating systems are not limited to a single network protocol, which lets them interact with different platforms in a multi-protocol network. In addition to support for NetWare clients using NWLink, Windows 2000 Server also comes with built-in support for other protocols, such as AppleTalk, NetBEUI, DLC, IPP, and many other important network protocols.
It wasn’t until NetWare 5.x that Novell added a full-fledged TCP/IP stack to NetWare—with the restrictions that come with the use of SLP. NetWare 6.0 continues this support for TCP/IP and also support for other client protocols. However, these additional protocols, such as AppleTalk and Sun’s Network File System (NFS), come in a separate package called Novell Native File Access Pack. Without this package, you need to install a NetWare client on each desktop that will use the network or choose to do everything via a browser.
Until you can convert your NetWare network to an all-IP network, you will have to use Novell’s Compatibility Mode Driver (CMD). This driver is used to allow you to access IPX applications using IP. With a Migration Agent, this driver can also enable an IP-based computer to exchange data with IPX-based systems. The agent enables IP clients to communicate with IPX systems and also lets IPX clients use IP to exchange data. Novell does not recommend using the compatibility mode driver for anything more than short-term migration, as it is not a viable long-term solution.
While NetWare 6.0 does supports a wide range of network protocols for a diverse collection of clients, this support has been standard for Windows 2000 Server. You can share printers with or print to printers that use AppleTalk, LPR/LPD, or even the DLC protocol. You can set up individual clients to access remote NetWare, Apple, or UNIX print services, or you can use gateway software with Windows 2000 Server to provide these services.
This support for multiple protocol stacks stands beside Windows support for all basic networking protocols, as shown in the following table listing protocol support in Windows 2000 Server and NetWare 6.0.
|Protocol |Windows 2000 server platform |NetWare 6.0 |
|Transmission Control |Yes |Yes |
|Protocol/Internet Protocol (TCP/IP)| | |
|Asynchronous Transfer Mode (ATM) |Yes |No |
|Internetwork Packet |Yes (via NWLink) |Yes |
|Exchange/Sequenced Packet Exchange | | |
|(IPX/SPX) | | |
|NetBIOS Enhanced User Interface |Yes |Yes |
|(NetBEUI) | | |
|AppleTalk |Yes |Yes |
|Data Link Control (DLC) |Yes |No |
|Infrared Data Association (IrDA) |Yes |Yes |
Some of these protocols are implemented by using code that emulates a proprietary protocol, while others are implemented based on published Request for Comments (RFC) standards documents.
This table also shows that Windows 2000 Server allows for the use of the Asynchronous Transfer Mode (ATM) protocol in the LAN environment. ATM is generally used as a wide area network (WAN) protocol and in situations in which service levels can be guaranteed. ATM allows for categorizing network packets according to the service-level required and thus lets the administrator allocate bandwidth according to need. For example, the response time for an application that uses video conferencing on a network would obviously be more important than for an application such as Telnet or FTP. A few seconds of delay now and then for these standard TCP/IP utilities can easily be tolerated. On the other hand, a few seconds of delay for a video transmission can be enough to prevent the appearance of “real time” conferencing.
Novell also has an ATM solution, but it requires the installation and maintenance of another product, Novell Internet Access Server.
Microsoft’s support of industry standards also includes the incorporation of the important IPSec protocols and other security standards into Windows 2000 Server VPNs.
In contrast, with NetWare you’ll have to also purchase and maintain additional products, like Bordermanager, to implement basic architectures like VPNs or standard firewall functionality. With Windows 2000 Server (or platform), you can configure servers to use many important firewall services, such as packet filtering, network address translation (NAT), and secure remote access connections. You can add additional capabilities by using Microsoft’s Internet Security and Acceleration Server (ISA) product, but it is not required.
Configuring network protocols
Configuring TCP/IP on a Windows 2000 Server or a client is a simple process. You can use a wizard that will set up a network connection, or you can manually use properties sheets to customize how TCP/IP protocols and services are configured on your network. Windows 2000 Server also comes with the entire standard troubleshooting utilities and applications services that are traditionally associated with TCP/IP networking. Because the system recognizes plug and play devices, installing a network card can be as simple as clicking a few buttons to ensure that a driver is loaded. For servers, you can use a properties sheet to fill in the appropriate information for statically assigned addresses. For clients, you can do the same or choose to allow for automatic configuration, in which case the client can use a DHCP Server. Windows 2000 Server also supports automatic private IP addressing (APIPA), which lets a small group of computers configure themselves into a network by using a private range of IP addresses, which requires no intervention by the network administrator.
Configuring TCP/IP on a NetWare 6.0 computer can be a little more complicated. While NetWare 6.0 also supports plug and play, that support is more limited. NetWare 6.0 uses several NetWare Loadable Modules to implement the TCP/IP stack, along with a configuration tool called INETCFG. The INETCFG program is used to set up the parameters for TCP/IP and for just about every other protocol component, including routing protocols such as RIP or OSPF. To further manage the network configuration on a server, you use the TCPCON.NLM.
Configuration for a NetWare 6.0 server can be significantly more complex for even routing tasks. For example, to look at the routing table, you need to first load the appropriate NLM and then navigate through a menu to display entries in the routing table. You can use the simple ROUTE PRINT command on a Windows 2000 Server to accomplish same task. Additionally, the ROUTE command available with Windows 2000 Server lets you manipulate the routing table to do such things as add a static route or set the cost of a particular route, giving you greater control over how data flows through your network. You can identify bottlenecks caused by limited bandwidth, for example, and create entries in the routing table to specify that only certain network nodes be accessed over a slow link.
File services
One of the primary functions of a network is to allow files to be shared between multiple separate computers. The importance of this capability cannot be underestimated, especially when you consider the considerable amount of data now stored in networks and the security implications for protecting that data. As thin clients, such as those that use Windows Terminal Services, are growing in popularity, file services will become even more important.
In the following sections, this paper examines the differences between how file sharing is implemented with Windows 2000 Servers and then with NetWare 6.0 servers and how this affects sharing information on your network.
File system security
The basic file system used by Windows 2000 Server is the NTFS file system. One of the most important aspects of this or any file system is the way that security is handled for the files. By using Windows 2000 NTFS file system, you can select individual users or specially created groups of users and assign very specific permissions that grant the client only the access to a file or folder that is required for the performance of the client’s job. In addition, Windows 2000 Server lets you track both successful and unsuccessful access attempts for the files (and other services) offered by the Windows servers on your network. Finally, Windows 2000 Server allows you to encrypt folders or disks to protect files from being read from outside of the file system.
NTFS can be used to grant security permission to a volume, folder, or to individual files. To simplify their security tasks, administrators can use basic file permissions, which are created from much finer special permissions. The NTFS system lets you grant basic permissions, such as read, write, full control, modify, and so on or create customized packages of rights from the special permissions that are more granular in nature. For example, these special permissions include such permissions as traverse folder/execute file, list folder/read data, and create folders/append data, along with many others. Windows 2000 Server includes an easy-to-use GUI tool to create these packages.
Distributed file systems
Windows 2000 Server includes a Distributed File System (DFS) that allows you to connect various file systems. These file systems are attached to mount points on others systems, which can exist on servers anywhere in the enterprise.
This architecture is similar to the concept of NFS used in the UNIX environment. DFS can make a large amount of data appear as a single file system to users of the network. These user groups allow you to customize the file systems that are presented to your clients based on the access required for a particular job.
However, DFS goes far beyond the capability of making different file systems appear as a single file system. DFS also includes the capability to define sites and replicate important data. This capability is crucial for creating systems in which data is replicated to different local servers. Data replication can reduce the bandwidth requirements for network users, as they can get files locally. By replicating data to multiple servers, you can also implement load balancing and fault tolerance for file access. If one server is unavailable, replicated data is available from another location. DFS gives you more flexibility in planning your server and files topology than does a standard network file system.
Network administrators can define which DFS servers make up a site, and they can define what connections are used to exchange data with other sites. The ability to customize DFS means that you can make data available where it’s needed and when it’s needed. For environments in which keeping data files updated frequently is important, the administrator can choose to use a fast-data link.
For DFS servers that contain data that rarely changes or changes at a very slow pace, slower links can be used. To make things even easier, you can use the DFS management console snap-in to administer DFS roots from multiple domains, all from the same user interface. Because DFS can be used to create a single namespace that is composed of root directories from multiple servers, DFS can be used to make information available in a convenient format to mobile users.
By comparison, NetWare 6.0 does not provide DFS capabilities. NetWare 6.0 does introduce the Novell Native File Access Protocol (NFAP), which can interact with UNIX clients that use NFS. NFAP also allows your other clients, such as Macintosh or Windows users, to access NetWare data without having to install the NetWare client software. The problem with NFAP, however, is that you will find it necessary to create simple passwords in addition to the usual password that the particular client operating system uses to authenticate a user. Thus, users might need to remember multiple passwords. In addition, administrators might want to think twice before enabling NFAP. In large settings, it would be a huge nightmare for administrators and customers to manage two password sets. Novell tries to remedy this situation with a workaround that requires administrators to populate the simple password for a large number of users and then email the password to each user.
Most UNIX clients use the Network Information Service (NIS) for authentication purposes. By using NIS, clients do not have to maintain a username and password on each UNIX server that provides network resources. Instead, NIS handles the storage of authentication and other important network information and ensures that files are properly synchronized among the network’s servers. If you want to use NFAP for UNIX, then Novell’s version of NIS will also be installed. NIS data will be stored in the Novell eDirectory by extending the schema to include the kinds of data that is stored in NIS databases.
For Windows and Macintosh clients, NIS is not used. Instead, when the client wishes to connect to a network resource, they enter a username and password. This combination is used in the same way as the simple password that was mentioned earlier. For Windows clients, there are different ways to authenticate users. Users can log onto a local workstation using a username and password that is stored on the local computer. A small network can be created using the workgroup method, whereas access to a resource on another computer network requires creating local accounts on each computer a user needs to access.
In contrast, by using a Windows domain, domain controllers manage a single database that stores information about all the users and computers that participate in the domain. By using domains, a single username and password are all that is necessary when users log onto the network. Depending on access permissions granted by administrators, users will not need to memorize multiple passwords for different servers to access resources on all of them, and administrators will not need to keep these passwords synchronized across the multiple servers.
With NetWare’s NFAP for Windows clients, you can specify Local or Domain as the method to be used for authentication. If you select Local, then users will be authenticated using information in eDirectory, and you will have to create a simple password for each user in addition to their eDirectory user object password. If you choose Domain, then you must import user information from the Windows domain into eDirectory. Since passwords are encrypted in the domain database, you also have to create passwords for each user for use with eDirectory. Administering, tracking, maintaining, and communicating these new password sets to your users can be a huge problem in a large network. In addition, if changes are made to the domain username and password, an administrator will have to make sure that these changes are coordinated with the information in eDirectory. With Windows 2000’s Active Directory, domains are automatically integrated with Active Directory, so administrators do not need to perform any additional functions to maintain consistency.
Although NFAP can be helpful in some situations, it requires the synchronization of passwords. The complexity of this add-on defeats the “single sign on” provided by a Windows 2000 domain based network. If users change their NetWare password, then they will need to change their simple password if they want to keep both passwords the same. Experience shows that users will most likely change their passwords in once place, when required, and put off making changes elsewhere. This situation was one of the drawbacks of using the bindery for authentication in previous versions of NetWare. And, when users forget to change a password, the end result usually involves calling a help desk so that an administrator can reset their password. Of course, over time, this solution can be expensive. The help desk in most companies is already busy enough solving application or network problems; and adding the burden of making password changes just adds to the workload.
Hierarchical storage management and RAID support
The files managed by a file system reside on disk storage systems. Windows 2000 Server also supports a true hierarchical storage management solution. This feature allows you to create dynamic volumes. A dynamic volume can be increased in size while the server is up and running without requiring a reboot. Dynamic volumes also allow you to use a number of RAID techniques, such as disk striping and mirroring, to improve performance and provide for redundancy for important data. Tasks that were once complex, such as adding a mirrored volume, no longer require a reboot. All dynamic disks on a Windows server are part of a disk group and use a small portion of each disk’s storage capabilities to record metadata information about the dynamic volumes on the server. Because this data is stored on the disk drives themselves and not in the Windows registry, you can easily remove the disks and place them in another server in the event that a server is taken down by some other hardware problem. A new or standby server can then offer the dynamic volumes so that downtime is greatly minimized, as you don’t have to restore the data from a backup tape.
Hierarchical storage as implemented in Windows 2000 Server also allows for configuring volumes so that files that are not accessed often can be automatically moved to other storage devices, such as a tape drive or other removable media device. A pointer is left in place on the original volume so that when a user needs to gain access to a file that has been stored offline, all that is necessary is that they wait for the data to be restored—the process is invisible to the user. By using this feature you can configure Windows 2000 Servers to perform the daily task of managing disk space in an environment in which you have a lot of data, some of which is frequently needed and some of which is seldom used.
NetWare 6.0 includes NetWare File System (NWFS), which replaces Novell Storage Services (NSS), developed as a part of NetWare 5.0. NetWare 6.0 lets you run both the traditional NWFS file service and the newer NSS at the same time. Features such as file compression and disk mirroring are available in both components. However, once you turn on file compression for a volume, you must recreate the volume to turn off the compression feature.
There are some new features in NSS that have been present in the NTFS file system for many years now. These features include journaling, Fiber Channel support (for storage area network—SAN—connectivity only), and Unicode support. NTFS also provides for sparse file support so that a large database file doesn’t have to use disk space that doesn’t yet contain any data.
RAID storage
The predominant architecture for disk storage is known as RAID. RAID storage is categorized by a number of different levels, which describe the redundancy characteristics of the storage.
There are a number of different RAID levels for using disk arrays. Simple disk striping, known as RAID 0, involves spreading out I/O across a series of disks so that each I/O request is accomplished at a faster rate. However, the loss of any single disk in a RAID 0 volume will require that the entire volume be recreated and data restored from a backup disk. Any information that had been saved since the last backup is lost. RAID 1 provides for disk mirroring, in which I/O write requests are sent to two separate disks, so that in the case of one disk failing, the volume stays available until the unit is repaired and no information is lost. RAID 5 also uses disk striping by spreading out I/O requests across multiple disks. However, because the parity stripe (which can be used to recover data) is written on a separate disk from the disk that stores a unit of data, the loss of a disk does not mean you need to recreate the volume and restore data. Just fix the broken disk, and it can be reinserted into the RAID 5 set without any down time for your users.
NetWare 6.0 supports only RAID 0, which offers no fault-tolerance. To implement other RAID techniques with NetWare 6, you need to use a disk subsystem, which can be costly. Windows 2000 Server provides for more modern methods that protect your data, including disk mirroring and disk striping with a parity stripe. Both of these methods provide fault tolerance so that your important data is protected against the failure of a disk drive.
The following table summarizes the differences between the file system capabilities of Windows 2000 Server and NetWare 6.0.
|Capability |Windows 2000 Server |NetWare 6.0 |
|Defining user security |Yes |Yes |
|Defining and assigning rights |Yes |Yes |
|packages | | |
|Distributed file system |Yes |No |
|Journaling |Yes, for years |Yes, new |
|Fiber Channel support |Yes, for years |Yes, new |
|Unicode support |Yes, for years |Yes, new |
|Sparse file support |Yes, for years |Yes, new |
|Support for RAID-0 |Yes |Yes |
|Support for RAID-1 |Yes |No |
|Support for RAID-5 |Yes |No |
Print services
Print services have been a primary function of network operating systems since their inception. Print services allow users to print to printers throughout the network and allow administrators to manage these printers.
Print services are well defined, and both Windows 2000 Server and NetWare 6.0 provide all of the basic print services of a network operating system. There are a few differences between the two products.
Managing printers
Windows 2000 Server makes managing printers a very simple task. First, support for plug and play means that most printers can simply hook up to a Windows server and be recognized automatically. To allow clients to share the printer, you merely need to install the appropriate drivers on the server. When a client needs to access the printer the first time, the correct print driver is downloaded to the client first, and then the client can access the printer as if it were a locally attached printer.
For printers that are directly connected to the network, such as those that use a Hewlett Packard JetDirect card/device, you have several choices. Individual client computers can make direct connections to these network-enabled printers, or you can still offer them as managed printers through a Windows 2000 print server. Depending on your printing requirements, you might need to dedicate a single box to serve as a print server. However, a Windows 2000 Server can perform this role along with others.
You use a simple wizard to walk you through the setup process to add printers. Managing, configuring, and granting access to printers is done using properties sheets
Internet Printing Protocol
IPP lets you extend the use of printers over the Internet, and using IPP can save you both time and money. Instead of needing to print a document and then spending a lot of money sending it overnight to a remote office, you can simply connect the printer using a secure encrypted channel through the Internet and print the document on the recipient’s own local printer. For businesses that frequently need to send out updates to documentation or price lists, for example, you can put the information in your client’s hands in a matter of minutes instead of days.
IPP can also be used to manage printers using a browser interface. Windows 2000 Server lets you select the security mechanisms that will be used to ensure that your data is properly protected when printing to a printer that is connected through the Internet. .
IPP is the hottest new topic in printing. Although IPP has been a standard part of Windows 2000 Server for several years, only now does NetWare 6.0 finally offer IPP as part of its basic package.
The following table summarizes the differences between the print services capabilities of Windows 2000 Server and NetWare 6.0.
|Capability |Windows 2000 server platform |NetWare 6.0 |
|Simplified printer management |Yes, with a wizard and property |No. Needs several management |
| |sheets |utilities, including iManage and |
| | |NetWare Administrator, and gateways|
| | |for legacy print queues. |
|Support for IPP |Yes, for years |Yes, new |
Directory services
As networks have grown, there has been a corresponding growth in the need for directory services. A directory service is the way that all members of a network are able to identify and locate resources on the network. The larger the network, the more key the role of its directory services in administering and maintaining the network.
The directory service for Windows 2000 Server is known as Active Directory. The directory service for NetWare 6.0 is known as eDirectory, which is the renamed version of the service known NDS. NDS was a replacement for the bindery services that were a feature of earlier versions of NetWare.
Domains and partitions
A Windows 2000 domain is used to separate resources logically in Active Directory, while an eDirectory partition performs this function in NetWare 6.0..
Domains and partitions are also physically separate entities. That is, domain controllers in Active Directory each hold just the objects for their domain. A partition in the eDirectory similarly holds only a subset of the eDirectory, and is determined by how the NetWare administrator chooses to partition the directory. To provide for fault tolerance, additional domain controllers can be added to a domain that uses Active Directory. Domain controllers are all equal peers, so changes made on one domain controller are replicated all other domain controllers in the domain. Partitions use replicas, of which there are several types, for fault tolerance.
Active Directory supports the use of and migration from Windows NT domains. However, eDirectory does not support domains per se and requires the use of partitions for larger networks.
The repercussions of this key difference are further explored in the following sections.
Directory organization and size
Because a directory contains information about all of the resources across the entire network, the directory can become very large for large networks.
In terms of a logical organization, an Active Directory starts with a single tree, which can be made up of one or more domains. You can also have a structure called a forest, which consists of multiple Active Directory trees bound together. Novell recommends a single tree for most eDirectory implementations.
In terms of physical organization, eDirectory can be partitioned across multiple servers. Novell recommends that a partition not span a WAN link, as the overhead involved in replication could impact performance.
NetWare 6.0 partitions are physical entities that can be used to logically divide the eDirectory so that portions of the directory are stored on different servers. However, when creating eDirectory partitions, one must take into account how to divide the directory into separate physical partitions. To do so, you must evaluate such things as the location of users and the resources they most frequently need access to, as well as determine how to divide up the administrative tasks associated with the objects in the eDirectory.
Active Directory can have a physical organization. One or more servers can be configured into a site, which is a distinct physical organization. Sites can be configured to minimize the impact of replication, which is described in more detail below, but Active Directory is designed to be able to hold millions of objects, so partitioning is not required for large networks. Additionally, because you can create trust relationships between domains that exist in separate trees in an Active Directory forest, it’s easy to merge two networks. For example, if your company acquires another business and they use Active Directory, you do not need to manually re-enter all of the directory information from your inherited network.
Redundancy
Prior to Active Directory, each domain was required to have a Primary Domain Controller (PDC) and could have one or more Backup Domain Controllers (BDCs). The BDC insured a higher level of reliability by providing redundancy, but the need to designate servers as a PDC or a BDC added a layer of planning and maintenance to a network.
With Active Directory, the distinction between a PDC and a BDC has disappeared. All Active Directory domain controllers contain a complete version of Active Directory for their domain, and all domain controllers can act as failover machines for all other domain controllers. This ease of redundancy simplifies the design of a highly available network.
Novell recommends that you create just three replicas of any partition in the eDirectory tree. Three replicas are enough to provide for fault tolerance and to give you the time to repair a failed node. Adding more replicas would adversely impact the network utilization and performance.
Replication
Whether a network has multiple Active Directory servers or multiple partitions for eDirectory, replication is necessary so that changes made to one machine ripple across to other machines.
As mentioned above, replication in eDirectory can be a resource intensive operation. Replication with Active Directory is much more flexible, which can reduce the impact of replication on the overall performance of your network.
With Active Directory, you can schedule when and how you want changes to the directory replicated. In addition, you can set up replication to take place over fast or slow links to account for servers within a site and separated on a WAN. With eDirectory, you can depend only on replication completing every 24 hours, which can lead to a temporary divergence of different parts of the directory across the network.
Active Directory replicates only the changes made to records in the directory instead of the entire record, which cuts down on the bandwidth required to propagate each change.
Multimaster replication ensures that changes made on any domain controller are propagated within a short period of time to all other domain controllers for the domain. You can have as many domain controllers in a particular domain as you wish. Windows 2000 Server domain controllers can be brought online and offline as long as at least one remains available to satisfy logon and other directory queries. Multimaster replication ensures that replication traffic among domain controllers is kept to a minimum.
The directory schema
A directory is a type of database. Each directory has its own schema, which describes the types of objects and attributes that can be stored in the directory. The schema for Active Directory is included in Active Directory itself, which means you can directly query the schema from the same data store. Because Active Directory is built on the LDAP protocol, it is easy for other LDAP-compliant clients to query the directory, and to exchange information with other LDAP-compliant directories.
The Active Directory schema is extensible, which means that you can easily add additional attributes to the user object, such as an employee ID or social security number. You can also create entirely new object classes to represent some new form of information if necessary. To modify the schema, you use the standard MMC console. You can add new elements directly to the schema and use them immediately.
The eDirectory also lets you make changes to the directory schema but uses a separate utility to accomplish this.
Security
The flexibility of Active Directory makes it easier to administer security rights and privileges. Active Directory also encompasses a broader scope of security options than eDirectory.
Active Directory supports most popular security technology standards, such as Kerberos and Smart Cards. However, eDirectory does not support either of these standards.
With Active Directory, the global catalog enforces both object and attribute level security. The eDirectory catalog does not enforce either of these levels of security.
Novell advises that administrators not implement user groups that span partitions. Active Directory has no such restriction on user groups.
An object can exist in multiple domains, which can present issues in keeping the security access to these objects in synch. Windows 2000 Server includes a feature called Bulk ACL Checking, which does that for you. You can run tests using this tool to determine the exact actions a user can perform on a file (or other resource) to make sure you’ve correctly set things up.
Finally, trust relationships in Active Directory are automatic and transitive. Therefore, when you join other domains to the directory tree, trust relationships are automatically set up between all other domains that participate in the same Active Directory tree.
Migration
Networks have, of course, been in use for many years. Most networks predate either Active Directory or eDirectory. Microsoft provides a better migration path for networks than eDirectory.
First of all, migration to Active Directory from a domain-based Windows NT network is a smooth transition. Microsoft provides the necessary tools and documentation for establishing the goals of your migration and then implementing your plan. The main migration tool, a program called DCPromo, is easy to use. It launches a wizard that not only sets up Active Directory but can also install a DNS server if you choose to use the same server for both. When you migrate your first domain, an Active Directory tree is created. As you add more domains to your Active Directory structure, you are prompted as to whether the new domain should join the existing tree or start a new tree. As mentioned above, different trees can be grouped together into a forest organization.
In contrast, migrating from earlier versions of NetWare that depended on the bindery services to Novell Directory Services/eDirectory is significantly more complex. Novell provides tools and assistance for migrating from NetWare 4.x or 5.x to NetWare 6.0 servers as well as from a network composed of bindery and NDS based clients. But moving from a bindery service network to eDirectory requires a complete rethinking of the structure of your network and its components and is much more difficult than a simple domain migration. Novell advises the use of a single eDirectory tree, with a single organizational object at the top of the tree, and other organizational objects under this single object. Each of these additional organizational objects should represent any WAN links you use. In a large company, this requirement can require intensive planning and can make managing the directory difficult. Active Directory, on the other hand, easily supports multiple partitions of the directory, with user groups overlapping the different partitions you create. Using Active Directory, you can simply create a forest of trees and setup the necessary trust relationships between domains.
For networks that remain a mixture of NetWare and Microsoft operating systems, Microsoft offers Services For Netware 5.0 which includes Microsoft Directory Synchronization Services (MSDSS) that can update any Novell Directory Service with changes made in Active Directory. Services For Netware v 5.0 simplifies the introduction of Windows 2000 Server into a Netware environment. Users can move from a Novell NetWare network to an Active Directory network at their own speed by providing two-way synchronization with NDS. MSDSS also synchronizes with old NetWare 3.x binderies. Like all Microsoft products, MSDSS provides an easy to use and flexible management interface and it costs approximately $149 for your entire enterprise. Customers only need to license one copy to migrate an entire company network. Services for NetWare allows you to proceed at your own pace by setting up interoperation between a NetWare and Windows 2000 Server network until you are ready to finish the migration.
In addition to the migration tools and resources that Microsoft offers there are many other companies that offer products and services and resources to help customers migrate. Aelita, ePresence, Bindview, Quest, Netvision and other companies are available to help you migrate from Netware to gain the advantages of Windows 2000 Server.
For more information on the Services For Netware Migration and Interoperability tool set visit:
For Netware to Windows 2000 Server migration guides and resources visit:
Internet standards support
There is also a significant difference between Active Directory and eDirectory in the amount of support for widely accepted Internet standards. The following sections discuss these differences.
LDAP
The LDAP is the Internet standard for network directories. Both Active Directory and eDirectory support LDAP to some extent. However eDirectory is not a true LDAP directory. A server-based interface (LDAP Services for eDirectory) must be installed on servers to translate between LDAP and the eDirectory’s proprietary directory format. Because LDAP and eDirectory objects might be different, it might even be necessary to map between LDAP classes/attributes and eDirectory objects/attributes—a tedious manual process.
While eDirectory provides some support for LDAP, the directory itself does not use LDAP attributes at its core. Performance could therefore become an issue because the Novell LDAP NLM used to translate LDAP requests into NDS requests does not perform as well under load as Windows 2000’s Active Directory.
Since Active Directory attributes are “pure” LDAP attributes, Active Directory does not require this additional overhead. In fact, Active Directory supports LDAP standards completely, and all Active Directory features are accessible through LDAP. Developers used to writing applications for other LDAP directories will have no trouble making their application run on Active Directory because the attribute format is the standard format for LDAP attributes. Using LDAP, data can be exchanged to allow directory services to work together in an enterprise situation. You can also use the standard MMC interface, described in further detail below, to configure tools that manage Active Directory. In addition, there are wizards that simplify many functions, such as setting up a DNS server to work with Active Directory.
There are also differences between the way Active Directory and eDirectory apply LDAP access rights. Active Directory consistently applies access rights because Active Directory is based on LDAP. LDAP clients use the standardized querying mechanisms to interrogate the directory as well as to make updates to it. However, eDirectory uses a different naming syntax depending on the type of directory access, LDAP, or the proprietary NDS API. Also, eDirectory interprets access rights differently, depending on whether access is via LDAP or by NDS APIs, which uses the NDS/eDirectory authentication process.
Domain Name System
The Internet uses the DNS for its own name and location services. Windows 2000 Server uses an industry standard DNS implementation that is tightly integrated with Active Directory. Because the Windows 2000 Server DNS server is based on published Internet standards, you can be sure it will be able to interact with other DNS servers, whether they reside on UNIX systems or even NetWare systems. The namespace for Active Directory is tightly integrated with DNS, which makes locating objects simple and fast.
An important new DNS server feature, dynamic-DNS, greatly simplifies network administration. While DHCP enables automatic configuration of clients with network information, such as an IP address and subnet mask, Microsoft’s dynamic-DNS removes the need for Windows Internet Naming Service (WINS) because clients can automatically update the DNS server with their configuration information obtained from the DHCP server.
This automatic update feature enables a network administrator to control both allocating addressing information and registering that information in DNS. Earlier versions of DNS usually required editing a flat-file and then restarting the server for changes to take effect. The latest dynamic-DNS feature in Windows 2000 Server greatly simplifies this administrative task. Dynamic-DNS means that you no longer need to keep track of each client on the network and make manual changes. If you operate in a large network environment, this automatic update can save you a significant amount of management overhead. In addition, you can install Microsoft’s DNS server on the same computer that you use for Active Directory or on one or more other Windows 2000-based servers. By using multiple DNS servers, you provide fault tolerance for your network name resolution services.
Because eDirectory is not integrated with DNS, directory objects in the enterprise are more difficult to locate. Netware 6.0 stores DNS server information provided by Novell as extra objects in the eDirectory. This separation can generate a lot of network traffic to support replication directory updates because each IP address and host name will have its own object. It’s possible to minimize the overhead by using Novell’s static Service Location Protocol (SLP) agents on your servers and network and by having an experienced NetWare administrator perform careful tuning. But SLP also might force you to change your router configuration on every interface, as SLP communicates with several multi-cast addresses. Windows 2000 Server and DNS need no such special treatment.
The following table summarizes the differences between the directory services capabilities of Windows 2000 and NetWare 6.0.
|Capability |Windows 2000 Server Platform |NetWare 6.0 |
|Redundancy |Multi-master replication between |By using replicas of directory |
| |domain controller servers |partitions |
|Active failover |Yes |Yes |
|Replication |Configurable |Inflexible |
|Extensible directory schema |Yes, easily |Yes, multi-step process |
|Kerberos support |Yes |No |
|Smart Card support |Yes |Yes, as a separate product from a |
| | |third party |
|Bulk ACL checking |Yes |No |
|Migration from earlier network |Automatic with utilities |Might require redesign |
|architecture | | |
|Migration tools |Inexpensive |Less flexibility |
|LDAP support |Native |Non-native, uses intermediary |
| | |software |
|Access rights |Same as LDAP |Different with LDAP or proprietary |
| | |API |
|Dynamic-DNS |Yes |Yes, by configuring a specific |
| | |subset address range. |
Overall technology solution
Up to now, this paper has focused on the specific aspects of Windows 2000 Server and NetWare 6.0 that directly relate to network services. However, neither of these products exists in this type of vacuum. The remainder of this paper examines the additional capabilities of each of these products within their operating environments.
Management interfaces
To keep any IT infrastructure performing well, administrators need to be able to effectively use monitoring and management tools. There is a significant difference between the management and monitoring capabilities of Microsoft Windows 2000 Server and NetWare 6.0.
Management
Windows 2000 Server offers a single, centralized management control interface, the MMC. The MMC provides a consistent interface, using a tree-like structure to access most of the operating system components that you need to manage on a day-to-day basis. The MMC allows for the use of snap-ins, which are modules written specifically for use with the MMC. After you’ve learned how to use the MMC, you can quickly learn how to manage different operating system components without needing to learn a completely new user interface. When you need to access a system utility to manage a Windows 2000 Server, you simply select the appropriate MMC console tool from the Administrative Tools folder. Windows 2000 Server comes with a set of MMC tools that you can use to perform almost any task that you would need for ordinary network operations. Therefore, you don’t need to load snap-ins and create your own tools before you can begin to manage the network. However, you do have the flexibility of creating your own tools and adding them to your Windows 2000 Server.
The MMC allows you to drill down through its tree structure to get to the system component, such as a computer, device, or even a user or computer account in Active Directory, and then perform a specific set of actions defined for that component. To simplify tasks, many objects have Properties pages, which allow you to easily select a tab and then use a few mouse clicks to change the properties of an object. You can also use MMC snap-ins to perform all of your management tasks. Many tasks can also be accomplished by using built-in wizards, which will walk you through a process (such as setting up a DNS server or Active Directory), thus preventing errors and reducing the need for training.
The MMC improves the productivity of your administrative staff by centralizing management of your network. Its user interface and wizards make it easier to accomplish the management tasks necessary for your network.
NetWare 6.0 has several different management interfaces. With NetWare 6.0, you can take control at the server by using a command line Server Console interface, the traditional C-Worthy character-based menuing system, or Java-based utilities such as ConsoleOne™. In addition, there is the RconsoleJ (for remote management), the NetWare Remote Manager (formerly called the NetWare Management Portal), and the Server Console utilities. Further, NetWare 6.0 includes iManage, which runs in an Internet browser and is used to manage the eDirectory. There are even more component environments with their own management interfaces, such as the DNS/DHCP Administration Tools, which use a browser interface.
Management in a mixed NetWare environment presents additional complexities. For example, some clients might still be using IPX for a transport protocol and Novell Directory Access Protocol (NDAP) to query the directory. In this situation, you have no choice but to learn different management utilities so that you can manage multiple protocols. With Windows 2000 Server, all management, regardless of protocol, is handled through simple property sheets.
In addition, NetWare 6.0 continues to use NetWare Loadable Modules (NLMs) for some management tasks. These modules perform many functions, from acting as drivers for host adapters to the PSM modules used for multiprocessor support. NLMs can even be used for management utilities and applications. Netware 6.0 allocates memory for an NLM when memory is needed (when it is loaded) and de-allocates memory when the NLM is unloaded. This process is analogous to starting and stopping of services in Windows 2000 Server. However, you do not have to start and stop any service to use all of the MMC features.
Finally, Windows 2000 Server with Active Directory enables you to set domain boundaries that automatically assign management rights to different administrators. This functionality carries over from earlier versions of Windows in which different individuals typically managed different network domains. With NetWare 6.0’s eDirectory, you must assign these types of trustee rights manually, which adds overhead and increases the likelihood of errors.
From an administrator’s perspective, Microsoft’s Windows 2000 Server management utilities are easier to use than the confusing mixture of Netware Java, Windows and browser based management utilities offered in Netware 6.
Monitoring
Management is only half of the story. The monitoring tools available for NetWare 6.0 and Windows 2000 Server also have very different capabilities.
NetWare uses the decade old C-Worthy MONITOR NLM, while Windows 2000 Server offers the sophisticated Performance Monitor utility, which uses the MMC as its interface. While Novell’s MONITOR will show you a set of basic statistics about network operations, it doesn’t give you nearly the capabilities that Performance Monitor does for Windows 2000 Server. Performance Monitor not only allows you to gather (and plot in real time graphs) information about network usage but also monitors operating system parameters and application parameters. When you need to make tuning decisions for a server, Windows 2000 Server gives you far greater resources to monitor and record performance statistics. You can also export the data to other applications for further analysis.
Both Windows 2000 Server and NetWare can use the industry standard Simple Network Management Protocol (SNMP). This protocol allows you to use a management station to view components of your network and gather information about performance as well as troubleshoot problems. You can use SNMP for simple network monitoring, but administrators often need more functionality.
Windows 2000 Server includes a component called Windows Management Instrumentation (WMI), which is an architecture designed for integrating enterprise management capabilities that go beyond what SNMP can do. Using WMI, third-party vendors are able to create powerful management products to make your network management tasks easier. You can use WMI to collect performance data from remote computers on your network or even manage things like the drives mapped on a remote computer. You can also use WMI to manage other aspects of your network’s computers, such as changing a remote computer’s paging-file size or rebooting the computer. The software development kit for WMI makes it simple to create tools that can accomplish many tasks that are not included in protocols such as SNMP. Many vendors have already enthusiastically embraced and developed applications using WMI.
Searchable content
Networks are used to share information. Both Windows 2000 Server and NetWare 6.0 contain additional features that make it easier to find relevant content.
Windows 2000 Server lets you index the content of every file, or a selected set of files, which can make it easier for users to find relevant data. Just as you can use a search engine to locate information on the Internet, Windows 2000 Server lets you index the data residing on your network, including data on NetWare or UNIX servers that might exist in a mixed-network environment. This indexing service runs in the background just like other Windows 2000 services. You manage it using the MMC Computer Management snap-in. With this tool, you can choose which disks, file shares, or other sources of information you wish to include in a catalog. Users simply click Start and then Search to find documents or other data indexed in the catalogs you create. From this single management tool, you can also start or stop the indexing service, and you can modify how often the service adds new content to an index. Additionally, the indexing service lets you search for specific content by specifying specific words or document properties (such as the author of a document) to find.
NetWare 6.0 introduced Web Search in NetWare 5.0. Web Search also gives you the ability to index information, but you need to use two different methods to accomplish this task.. You can choose between two kinds of indexing methods, Crawled and File System. If you select to use the Crawled method, then the Web Search application will follow hypertext links, indexing the content as it goes. If you chose the File System method, then Web Search will index the content found on your Novell file server. After you configure Web Search, you can then manually build an index of the information you want to be available for searching, or you can schedule automatic updates. Web Search is part of a package of Web Services that must be separately installed and is more complex to set up and manage. The indexing functionality in Windows 2000 Server comes as an integrated part of the basic operating system. You just decide what information you want to index, and the background service keeps your index files up to date.
Offline access
Users frequently need access to information located on the network even when they are not connected to the network. Both Windows 2000 Server and NetWare 6.0 offer solutions for this potential problem.
NetWare 6.0 uses its new iFolder technology, which allows users to connect to an iFolder server and synchronize a selected set of files. The synchronization process makes local copies of the files on a user’s machine. The user can work on the local versions of the files and later resynchronize the changes.
Windows 2000 Server provides a similar service, called offline files. The offline files service allows for caching of important files on the client’s computer so that a connection to the network is not required to access the data. This technique is often referred to as client-side caching. To ensure the accuracy of files that are shared by other users, Windows 2000 Server provides the Synchronization Manager. This service coordinates changes made by different users and also takes care of getting important shared files backed up.
All that is necessary to mark a file or folder for offline usage is to use a properties page to configure the file or folder for sharing and then select a method for caching the offline files.
Offline files might not be the most crucial parts of the information environment. Users might need access to that large corporate database and all of the applications that are used to access the data. Simply providing copies of frequently used files is not enough to integrate remote users with the corporate data environment.
To access large databases remotely, which is required for more common tasks such as checking on customer orders or product availability, a better solution is to use a VPN connection. Using industry standards, the Windows 2000 Server platform lets you connect to your network from anywhere in the world where you can get a dial-up or Internet connection. This functionality effectively enables your “traveling” computer to become just another node on your home base network. Using Windows 2000’s VPN capabilities, you have access to all the files on the network that your administrator has granted you.
For complete remote access, you will need the remote capabilities of a VPN in addition to the ability to synchronize copied files. You can also configure VPNs using NetWare 6.0, but you must install BorderManager, an additional product. You do not need additional products to create VPNs using Windows 2000.
Clustering
Clustering is a method of interconnecting servers so that one can pick up an application if the other server fails. Clustering was introduced with Windows NT 4.0 for two servers and has matured in Windows 2000 Server. With clustering, you can easily connect two servers to a common storage network and produce a failover cluster. In a failover cluster, the failure of one server does not cause the network to come down; the load simply fails over to the other server in the cluster. Clustering is especially appropriate for guaranteeing the availability of your network presence. For example, using clustering services, you can easily configure an SQL or Exchange server to fail over to another node in the event of hardware or software failure.
Network load balancing (NLB) is a second form of clustering included in Windows 2000 Server platform. NLB allows participation of up to 32 servers. Using this technique, it is possible to split incoming Internet service requests by distributing the load across the multiple servers that make up the cluster. NLB clustering technology is also useful for other network applications, such as providing load balancing when using Microsoft Terminal Services to provide a low-cost client solution in a LAN.
Clustering is built into the Windows 2000 Server platform. You can easily create a cluster from scratch, and you can control the operation of the cluster with Windows 2000 Server platform’s management tools. This ease of implementation and use ensures that you can create a fault-tolerant system for your network to provide nonstop service to your clients.
NetWare 6.0 also comes with clustering features that include the same failover capabilities that are a standard part of the Windows 2000 Server platform. One important difference, however, is that NetWare 6.0 relies on storage area networks (SANs) to create a cluster. And creating a SAN can be an expensive proposition. Essentially, you must create another network, separate from your production network, that is used exclusively by the SAN components. SANs also require separate management utilities (depending on the vendor), which increases your management overhead. Although most SANs products support the Windows 2000 Server platform, this feature is not necessary to create a cluster using a Window’s solution. In addition, if you want more than a 2-node cluster for your NetWare server, there is an additional charge.
Web Services
Internet services act as the foundation for your company’s presence on the World Wide Web. Your company’s Web site is almost like a business card. Your Web pages present the personality of your company, and they can make the difference as to whether a visitor becomes a customer or not. Windows 2000’s IIS is a tightly integrated service that provides a superior Web development environment that lets you create appealing and interactive Web sites.
IIS is stable, mature technology that was built to run on Windows-based servers. For example, using IIS, you can take advantage of the built-in logging and error-reporting capabilities that are part of IIS. You can also configure IIS to create a secure Web site because of the inherent security of the Windows NTFS file system (with its rich assortment of permissions), Active Directory, and the routing and firewall capabilities of Windows 2000 Servers.
The new .NET strategy that is being incorporated into Windows-based solutions will make E-commerce even more safe and secure. Two of the leading information systems security assessment firms extensively tested the .NET framework and reached this conclusion:
“Our analysis revealed that, used properly, the .NET Framework gives developers and administrators granular security control over their applications and resources; provides developers with an easy-to-use set of tools to implement powerful authentication, authorization, and cryptographic routines; eliminates many of the major security risks facing applications today due to flawed code (such as buffer overflows); and shifts the burden from having to make critical security decisions-such as whether or not to run a particular application or what resources that application should be able to access-from end users to developers and administrators.”
Novell also provides a Web service with NetWare 6.0, but this new product comes after several false starts. Novell has tried several different avenues to make NetWare networks Internet-capable. While IIS was growing and evolving, NetWare 3.1 users were introduced to Novell’s Webserver 2.5, which was based on an IBM Web-server product. Novell switched to Netscape’s Fasttrack Server in NetWare 4.11. With NetWare 6, Novell is now using the Apache Web server product. Having to learn new web applications and the development tools that come with them every few years can become an expensive proposition.
Novell’s practice of expansion by acquisition, as well as their requirement for add-on products to deliver additional functionality, suggests that management and implementation of a full-service NetWare solution is becoming more complex, while Microsoft’s solution continues to become more integrated.
Third-party support
Regardless of the capabilities of your network environment, the environment itself does not provide the functionality you need for your business. The amount of third-party support for a particular network technology can significantly increase the value of that solution.
The number of vendors who produce and maintain applications that work with Microsoft Windows 2000 Servers and client computers far outnumbers the number of application vendors who produce software and provide support for NetWare platforms. This fact is due in part to Microsoft’s very large base of installed systems. It is also due in large part to the fact that the Microsoft Developer’s Network offers better tools for creating and maintaining applications as compared with the limited tools available from Novell.
Microsoft provides an unparalleled amount and quality of tools and documentation for its platforms. These are valuable resources for developers and administrators and help to keep your downtime to a minimum. In many cases a simple search at either or at will help a network administrator solve problems quickly without resorting to a support call. The easy availability of support materials significantly reduces the time it takes to remedy a problem or bring your systems back online.
This network of developers is just as important to your business as the platform you choose. The continued availability of updates for your important business applications can help you stay more productive in today’s competitive environment. Some large developers such as Lotus and Oracle have already dropped their support for NetWare in new versions of their products. In an attempt to encourage development for the NetWare environment, Novell has ported its directory to several different operating systems and offers it for no charge. However, the overwhelming majority of desktop clients today use Windows-based operating systems, which makes multi-platform support a weak trade-off when compared to all the development and support available from Windows 2000’s large world of application suppliers.
The following table summarizes the differences between the additional capabilities of Windows 2000 Server platform and NetWare 6.0.
|Capability |Windows 2000 Server Platform |NetWare 6.0 |
|Management |MMC, wizards and properties sheets |Multiple products and interfaces |
|Monitoring |Sophisticated |Limited |
|Extensions to SNMP available |Yes, WMI |No |
|Searchable content |Yes, included |Yes, extra product |
|Offline files |Yes |Yes |
|Virtual Private Network support |Yes |No, requires purchase of |
| | |additional products |
|Clustering |Up to 32 nodes for no charge |Up to 2 nodes for no charge |
|Cluster with SAN |Not required |Required |
|Web server |Robust, widely adopted |Third different version |
|Third-party support |Extensive |Limited |
Interoperability
Microsoft offers a range of interoperability solutions that let you benefit from Windows 2000’s numerous advantages and at the same time protects your existing IT investments. Whether your infrastructure is currently UNIX-based, NetWare-based, powered by IBM mainframes, or a Mac-only zone, you can successfully integrate Windows 2000 in your current environment and get the best of both—if not multiple—worlds.
As a comprehensive interoperability solution for mixed computing environments, Windows 2000 can:
• Communicate with other operating systems by using common protocols: For example, because of its extensive protocol support, a Windows 2000–based server is able to communicate with UNIX and NetWare systems over local area networks (LANs) and the Internet.
• Access file shares and printers on other platforms: Windows 2000 Server provides the services to allow file and print sharing with NetWare and Macintosh systems and supports the add-on services that offer file and print sharing with UNIX and IBM systems.
• Integrate new applications with data sources: Windows 2000 Server includes technologies that let developers write software that connects new applications with existing ones. This capability means that your current applications can share data and software code with new applications.
• Reduce the burden of administering multiple systems: For example, using the Active Directory service included with Windows 2000 Server, organizations can unify and manage the multiple directories found in most corporate networks.
[pic]
The schematic representation of Windows 2000 interoperability shows the different platforms that Windows works with. The inner ring of the circle (in gray) represents Windows 2000 standards-based protocol support; the outer ring represents the various supplemental technologies that allow Windows 2000 to interoperate with other platforms and services, examples of which are listed on the outside of the circle.
Integration Solutions to Suit Your Needs
Along with Windows 2000’s built-in interoperability features, Microsoft offers additional services and products to aid in integrating Windows 2000 with other systems. Services for UNIX 2.0, Services for NetWare 5.0, and Host Integration Server help integrate Windows 2000 with UNIX-, NetWare-, and IBM-based systems, respectively.
Services for Netware Migration and Interoperability Utilities
The two-way data synchronization capability between Active Directory and NetWare Directory Services (NDS) enabled by Services for NetWare Version 5.0 significantly reduces directory management and simplifies the adoption of Windows 2000 Server. Synchronization and/or migration of NDS and NetWare bindery information to Active Directory through MSDSS (which is included in the services For Netware product) reduces directory management to a single point of administration and also provides password synchronization capabilities, including a Web-based password administration utility that lets network administrators change passwords in either Active Directory or NDS for fast and effective password administration.
Secure Data Transfer from Netware to Windows 2000 Server
Using Windows Services for NetWare Version 5.0, data can be easily migrated to Windows 2000 Server. Directory structures and security permissions of large data files can be maintained when migrating from any version of NetWare to Windows 2000 by using the File Migration Utility (FMU) component of Windows Services for NetWare Version 5.0.
At approximately $149 per enterprise, Services for NetWare presents a cost effective and robust interoperability and migration tool set to enable enterprises to move to Windows 2000 Server immediately or at their own pace.
Summary
When compared side by side, Windows 2000 Server clearly provides a more robust networking environment than does NetWare 6.0.
The advanced capabilities of Windows 2000 Server span the entire spectrum of a network operating system. From a pure operating system standpoint, Windows 2000 Server supports multitasking and SMP machines better than NetWare 6.0 does. Windows 2000 Server also supports more types of RAID storage in the standard product than does NetWare 6.0, which requires additional modules.
In terms of standards support, Windows 2000 Server is built on industry-standard network protocols and easily supports multi-protocol environment with the core services provided, including support for NetWare, Unix and Macintosh systems. Active Directory is a true LDAP directory, supporting authentication protocols such as Kerberos and Smart Cards, in contrast to NetWare 6.0/NDS.
From a management standpoint, Windows 2000 Server provides a single integrated management and monitoring tool—the MMC—for most tasks, which reduces the cost and complexity of ongoing management and tuning. Windows 2000 Server includes a feature known as dynamic-DNS, which can make the task of coordinating changes across a network automatic.
Windows 2000 Server also supports a distributed file system to give you a much wider variety of choices in terms of availability and performance configuration. For availability, Windows 2000 Server provides more robust and flexible clustering than does NetWare 6.0.
Finally, Windows 2000 Server is a significantly better and more widely accepted application server platform than NetWare. Companies like Merryl Lynch, Siemens, General Motors, Motorola, and the US NASDAQ all use Windows 2000 Server not just as file/print but also as application platforms. The massive industry support of Windows 2000 Server points to the continued adoption of Windows as a server platform. In contrast, NetWare’s decreasing presence provides less incentive for all third-party developers to support this platform.
For More Information
For the latest information on Windows 2000 Server, please see:
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- getroman com reviews
- acurafinancialservices.com account management
- https www municipalonlinepayments
- acurafinancialservices.com account ma
- getroman.com tv
- http cashier.95516.com bing
- http cashier.95516.com bingprivacy notice.pdf
- connected mcgraw hill com lausd
- education.com games play
- rushmorelm.com one time payment
- autotrader.com used cars
- b com 2nd year syllabus