MSFT/CSCO v Novel/Bay in DEN
Interesting article from PC Week on DEN. Microsoft and Cisco would like you to think they are the only players but I think that Novell and Bay are ahead of them on this product. DEN will be part of NT 5.0. That product has encountered a lot of delay. On the other hand, Novell Netware 5.0 runs better on Gigabit Ethernet. Novell Netware should be on the market ahead of NT.
DEN initiative: Plan ahead
Management products will debut at year's end
By Dave Kosiur for PC Week Labs
06.03.98
IT managers hoping to lighten their
workloads with souped-up directories will
have to hang on a while longer -- products
are coming, but not right away.
Directory-enabled networking will eventually
allow managers to set up
single-configuration files for classes of
devices, such as routers, that can be stored
and downloaded as needed or to control
bandwidth allocation automatically based on
a user's stored profile.
The first products that will make this possible won't appear until the end
of this year. And then network managers will have to determine how
they can integrate their existing network devices with directory-enabled
networking and policy-based network management.
However, the DEN (Directory-Enabled Networks) initiative's first round
of work -- to define specifications for directory-based network
management -- has reached the point where vendors can start providing
details on their products.
The beginnings of a product lineup
As one of the DEN initiators, Microsoft Corp. has already made it clear
it expects Active Directory, which will ship with Windows NT 5.0, to be
an integral part of DEN. Other directories or network devices can
exchange information with each other and Active Directory via either
LDAP (Lightweight Directory Access Protocol) or Microsoft's ADSI
(Active Directory Services Interface).
Recent announcements from Cisco Systems Inc., 3Com Corp. and
Novell Inc. make it clear that they also intend to incorporate DEN into
their products around the time Windows NT 5.0 ships.
As a co-initiator of DEN, Cisco has now clarified the details of its plans
for deploying DEN. Cisco now refers to its architecture as CNS (Cisco
Networking Services), and the first products will be available as
CNS/AD (CNS for Active Directory). As expected, CNS/AD will ship
with DEN schema for handling features specific to Cisco networking
devices.
In an effort to make directories, which normally store long-term static
data, more compatible with the dynamic nature of networks, CNS/AD
includes features created by Cisco and Microsoft that let directories
store transient data about the network's state.
An event service engine has also been added to allow applications to
exchange information via a publish/subscribe model to provide real-time
updates to policies and services.
Recognizing that the scalability of DEN will depend on the timely and
reliable exchange of data between servers, Cisco is also creating a
high-speed replication service for DEN. (LDAP directories do not yet
have a standardized replication method.) To help with the assignment of
IP addresses, CNS/AD will integrate with the DHCP (Dynamic Host
Configuration Protocol) and DNS (Domain Name System) services
bundled into Windows NT 5.0.
Within CNS/AD, developer support for DEN will come from APIs for
access via ADSI, C++ and Java (Java ADSI, or JADSI). A developer
program is slated to be set up starting in the fall.
Cisco plans to make betas of CNS/AD available this fall, with general
availability of the product projected for early 1999. Initial releases will
be only for Windows NT Server 5.0, but will be followed by similar
releases for Solaris 2.6 and HP-UX 11.
Of the many other major players in the networking market, 3Com is one
of the few that has also outlined its product plans for supporting DEN.
3Com plans to use LDAPv3 for communicating between network
devices and directories and expects to provide its first LDAP clients in
its NETBuilder II family of routers late this year.
Similar functionality will be added to its Layer 2 and Layer 3 switches
and remote access platforms throughout 1999. Desktop computers will
also be able to support DEN and LDAP via 3Com's DynamicAccess
software drivers, which will also be released sometime next year.
Although Active Directory may well serve as a major building block for
DEN, other directories can use the DEN framework by supporting
LDAP -- the DEN specifications define LDAPv3 as the core protocol
for accessing DEN information.
Novell is following this approach by incorporating LDAP in NDS
(Novell Directory Services) and tying IP address management to NDS
in the release of NetWare 5.0 planned for later this year. Novell will link
DHCP for dynamic address management, DNS for name services, and
DDNS (Dynamic DNS) for dynamic links between address and name
services within NDS.
Other products will be incorporated into the DEN framework over time.
Among the products that already incorporate LDAP support are Bay
Networks Inc.'s Extranet Access Switch, which includes an LDAP
server; IBM's eNetwork Software security software, which uses an
LDAP-based directory as its central data store; and Check Point
Software Technologies Ltd.'s Firewall-1 system, which can query
LDAP servers for user information.
With more than 20 vendors as members of the DEN initiative, look for
more DEN-compliant products to be announced over the next half of
this year, with most products shipping in 1999.
Tied into policies
While device configuration management based on directory servers is
useful, DEN will be even more valuable when tied to policy-based
network management. In policy-based networking, the focus is on rules
applied to users and groups of users, rather than configurations applied
to network devices.
Many of the major network product vendors already had some efforts in
place for policy-based network management before DEN came into
being. DEN is likely to make these efforts interoperable over the next
few years. Two of the market leaders, Cisco and 3Com, have already
detailed some of the ways that they will tie their policy-based
management software to DEN.
Cisco's architecture for policy-based network management,
CiscoAssure Policy Networking, aims to tie devices running Cisco IOS
software (such as routers, switches and access servers) with user
profiles to control quality of service, security and address assignment.
The first phase uses static policy control, but the next phase of
CiscoAssure will take advantage of the dynamic nature of DEN and
CNS/AD.
3Com's Transcend Policy Server, slated for release in the third quarter
of this year, will offer a single-user interface for setting traffic
prioritization across an enterprise network, with capabilities similar to
those of CiscoAssure, linking the policy server to directory services via
LDAP. To support non-3Com devices, Policy Server can work with
devices supporting 802.1p or the IP type of service field.
Also look for traditional network management systems, such as HP's
OpenView, to support DEN before long.
Dave Kosiur is a writer and consultant based in Reston, Va. His
book on VPNs, "Building and Managing Virtual Private
Networks," from John Wiley and Sons Inc., is due in the fall. He
can be reached at drkosiur@ix.netcom.com.
Send E-mail to PC Week | Copyright notice |
