Aberdeen Group
Volume 11 / Number 13
September 14, 1998 �
Novell¡s NetWare 5: An Elegant Interoperability Solution
The battle for mind-share in the Operating Systems market ( especially between Unix and NT Server) is
overshadowing and confusing a concurrent debate about the choice of a Network Operating System (NOS).
Contrary to the inaccurate belief that the NOS is dead,Πthe massive move toward network computing is
increasing the role NOSes play in the enterprise. In this Product Viewpoint, Aberdeen analyzes why Novell¡s
recently released NetWare 5 provides NOS unique functionality IS executives truly need for optimizing their
networks.
Executive Summary
The September 1998 introduction of NetWare 5 provides IS executives with the opportunity to significantly
improve the way they manage their numerous and heterogeneous network components. Novell¡s Directory
Services (NDS) is the unique technology that advances NetWare 5 beyond being merely a superior network
operating system for file and print services. Any enterprise executive wanting to harness the power of the ‰net (
Inter-, Intra-, Virtual or Private ( for competitive advantage cannot do so without a powerful directory to
manage all the connections. In Aberdeen¡s opinion, NDS is the most powerful directory available today.
Very importantly, according to beta users interviewed by Aberdeen, there is a measurable return on investment
from using NetWare 5 in conjunction with Microsoft¡s NT 4.0 ¢ where NT is the application operating system
and NetWare 5 the network operating system. To them, NetWare 5 significantly improves the manageability
and security of a mixed network environment.
Novell¡s NetWare product line is time-proven and embodies enterprise-quality technology. NetWare operates
effectively in both all NetWare environments and across heterogeneous operating system (Unix, OS/390,
NetWare and NT) environments. By identifying its own strengths and the leading operating systems¡
weaknesses ( NT, Unix, and OS/390 ( Novell has created a network operating system platform that can
seamlessly integrate technology components and applications supplied by numerous, different vendors.
NetWare 5¡s interoperability capabilities contain the functionality to allow IS executives to deploy, maintain, and
upgrade best-in-their-industry information infrastructures. The supreme benefit to implementing NetWare 5 is
that it will significantly lessen enterprise executives¡ ¢ both business and IS ¢ fears that their network will be a
business¡s point of failure.
Aberdeen contends that when the question is asked: Which one, NetWare or NT Server?Πthe correct answer is
Yes!ΠThe solution is not NT Server or NetWare, but NT Server and NetWare.
Based on both our review of NetWare 5 and IS decision makers as-of-yet-unmet requirements, Aberdeen finds
enough benefits to recommend it in a number of situations:
Those with NetWare 4.x installed who want to broaden the effectiveness of already installed Novell Directory
Services. (Note that while some NetWare 4.x users are concerned about the potential difficulties in upgrading
from IPX, Aberdeen believes that the move to the pure IP environment embodied in NetWare 5 will be worth
the effort.)
Those who are adding multiple application servers running Microsoft¡s NT Server 4.0 and want to be able to
easily manage them from a single platform at a centralized professional IS site will obtain substantial benefits
from acquiring and deploying both NetWare 5 and the complementary product, NDS for NT;
Those who have selected NT Server 4.0 as their primary operating system and now need to lower their IT
management costs as well as better utilize their available IT resources. (As it is well acknowledged in the
industry, NT Server increases demands for IT resources beyond a level that most executives feel are reasonable.
These costs can be lowered significantly with the deployment of NetWare 5, Novell Directory Services, and
Z.E.N.works.
Those who have older versions of NetWare installed on standalone servers dedicated to departmental users and
who would like to move into the era of network computing.
Network Operating Systems Are Key To Business Success
Executives ( both those responsible for daily business processes and technical support ( need to understand the
role that a NOS currently plays in enterprise-level, distributed computing environments. Once centered solely on
file and print services, network operating systems must now seamlessly integrate many far-flung components of
internal and external networks, in order to provide a full-service, highly manageable solution. Directory services
act as the glue that holds together networks by managing numerous network components from one central
location staffed by IS professionals.
Many Line of Business (LOB) and senior Information System (IS) executives are facing the choice between
keeping their reliable, installed departmental NetWare servers or replacing them with Microsoft¡s NT Server as
their enterprise-wide NOS. However, Aberdeen contends that when the question is asked: Which one,
NetWare or NT Server?Πthe correct answer is Yes!ΠThe solution is neither NT Server nor NetWare alone, but
NT Server and NetWare operating in conjunction with each other.
NT Server is a well-accepted operating system for small businesses, workgroups and departments for
deploying non-mission-critical applications. However, Aberdeen has found that in most instances, NT Server
cannot move beyond this isolated role without a NOS to manage a wider-scale deployment.
Unless decision makers want to put changes of their IT infrastructure on hold for the next two years, they need
to embrace the reality that NT 5.0 is a year 2000 product, deal with its implications, and get on with life.
Rather than wasting unnecessary monies, losing precious time, and countless IS resources trying to implement
NT Server as both an application server and network operating system, Aberdeen strongly advises IS decision
makers to deploy a more mature NOS that is capable of leveraging NT¡s strengths and minimizing its
weaknesses. While Microsoft¡s Windows NT Server has won the hearts and minds of many IS managers and
LOB executives, the technical realities of NT Server present numerous challenges when it is attempted to be
deployed in the role of an enterprise-encompassing network operating system.
NetWare 5 Launched September 1998
Novell has been providing IS organizations with proven NOS solutions for over 15 years. Novell¡s NetWare 5,
released September 1998, includes technology enhancements that further strengthen Novell¡s ability to meet
enterprise-networking requirements. The key to Novell¡s acceptance and endorsement by enterprise IS
executives is its extensive directory-based services within its suite of network operating system products that tie
together all network-critical technologies ¢ whether NetWare or NT or Unix or OS/390.
NetWare 5 will be directly compared to Microsoft¡s NT offering. Aberdeen is concerned that many will compare
the functionality being delivered today by NetWare 5 with that promised by Microsoft in its upcoming NT 5.0
release. (Obviously, NT 4.0¡s directory services are too rudimentary to even be appropriately compared to
NetWare 5.) While many of the features planned for NT 5.0 sound similar to those in NetWare 5, it is not
realistic or pragmatic to compare and contrast promised future features ¢ especially considering Microsoft¡s
dismal past record in delivering future software when and as promised ¢ with Novell¡s current deliverable.
Unless decision makers want to put significant improvements for their IS infrastructure on hold for the next two
years, they need to embrace the reality that NT 5.0, with necessary Service Patches, is at best a mid-year 2000
product. Aberdeen advises IS executives to deal with the planning, deployment, and manageability implications
that NetWare 5 is here today and NT 5.0 is at least 2 years out, and get on with life.
From Aberdeen¡s perspective, Novell and Microsoft are no longer positioned as direct competitors in the NOS
arena. The two should be seen as having complementary roles. In most organizations, the solution should not
be all NT or all NetWare. Most organizations need both Microsoft and Novell.
Directories Really are Critical
Novell Directory Services (NDS) is central to NetWare 5 ( and for that matter to all of Novell¡s products. This is
highly important for IS executives charged with managing their enterprise¡s network infrastructure, since a solid
directory service is key to any organization¡s ability to manage its internal and external networks.
Enterprise networks are expanding rapidly. This growth includes the number of internal users, devices,
applications, and other resources; and external connections to suppliers and customers through public and
private networks. As a result, IS managers need the benefits of a comprehensive, mature directory service to
securely manage rapidly scaling network-wide information about users, events, data, resources, and status.
In fact, mid- to large-sized enterprises should not give a network operating system serious consideration until it
has a strong set of directory services. Note that, by Microsoft¡s own admission, NT 4.0 does not have this
capability and will not until NT 5.0.
Countless interviews with IS managers have convinced Aberdeen of the criticality of a directory service which
is extensible, scalable, portable and available.
NetWare 5 Manageability Advantages
NDS in NetWare 5 uses objects to create user and resource profiles. For instance, each user object has
information about a person, including access rights, location, and other vital information. Printer objects, for
example, have information on location, type, and speed. Anyone on the network ¢ with the proper authority ¢
has access to any other objectΠ(such as a printer) on the network without having to know where it is located or
how it works.
Beyond managing people and devices on the NetWare-based network, various versions of NDS can be used to
manage applications on other platforms, including NT Server, SCO Unix, Sun Solaris, and IBM¡s OS/390.
This is a critical feature for organizations seeking wide-scale deployment of NT-based applications, such as
Exchange.
Novell has made its directory services a site from which IS can manage all business processes across its
networks. The network links developing between enterprises and their business partners, customers, employees
and others is slowly becoming a reality for many. However, there is a concurrent rise in the worries about how
to manage all these internal and external connections. NetWare 5, the incorporated new version of NDS and the
availability of Z.E.N.works (described below), now provides administrators with a viable set of solutions that
can interoperate with other management packages being used.
NDS now allows for the selective assignment of administrative privileges rather than an all-or-nothing
assignment. For instance, an IS executive may want to grant a specific workgroup-level administrator the right
to assign user passwords for access to a financial package without also giving that same administrator access to
company¡s sensitive financial data itself. The NT Server 4.0 directory service does not allow this choice (
administrative rights are not granular.
NetWare 5 provides dynamic inheritance. With dynamic inheritance, any changes made in company policy flow
down automatically to the appropriate related objects. Note that the alternative to dynamic inheritance is an
administrative nightmare. Each change has to be done manually. The changes must then be replicated across the
network all at onceΠwhen the main directory copy is resynchronized. Thus, a directory with manual, static
inheritance has the ironic impact of slowing down implementation of changes and then increasing network
traffic.
In response to the legitimate complaints that NDS was difficult to implement and operate, a more simplified
administration and setup front-end has been included. NetWare 5 and its various complementary optional
products can now be managed from one workstation, called ConsoleOne, from anywhere on the network.
ConsoleOne is a Java-based GUI management console integrated with NDS. This allows developers to build
network management solutions with a common look and feel. ConsoleOne is not a bolted-down workstation (
any PC from which the administrator can log-on to can run ConsoleOne, including the NetWare server.
One of the major challenges that face companies that use TCP/IP, regardless of size, is the management of IP
addresses. Further upholding its commitment to centralized, directory-based management, Novell has integrated
both Dynamic Host Configuration Protocol (DHCP) and Domain Name Server (DNS) management into NDS in
NetWare 5. By incorporating these services into NDS, Novell has made DHCP and DNS services fault tolerant.
Z.E.N.works For PC Management
Z.E.N.works (Zero Effort Networking), a function included in NetWare 5, is an automatic network setup and
management tool which has captured the imagination of every IS manager who has seen it. It leverages the
maturity of NDS by allowing administrators to create and manage images of the desktops on the network.
Z.E.N.works allows users to log-on anywhere in the network to get their own desktop loaded on that PC. It
provides the ability to heal programs that have some of their required files deleted. It can also be used to
inventory PCs on the network and generate reports on the hardware specifications. Moreover, it can
automatically upgrade packaged and homegrown applications ( including year 2000 updates from the server).
Further upholding its commitment to centralized, directory-based management, Novell has integrated both
DHCP and DNS management into NDS in NetWare 5.
The simplicity of implementing Z.E.N.works belies the impact this utility can have on the bottom line. Novell¡s
internal studies claim that enterprises can lower their current desktop management costs by up to 32% through
the use of this feature.
Security That Is Flexible and Practical
Novell has identified and incorporated four security enhancements in NetWare 5 ( Novell International
Cryptographic Infrastructure (NICI), Secure Authentication Service (SAS), Public Key Infrastructure services
(PKIS), and Single Sign-On (SSO) (which will be available in 1999). These improvements offer businesses the
ability to easily carry out more complex data processing and transactions with the benefits of directory-based
security management.
NICI, an infrastructure that controls encryption levels, is the foundation on which all the new security services
in NetWare 5 are built. The underlying functionality of NICI lets application developers bypass cryptographic
code in their products.
Built entirely on NICI, Secure Authentication Service (SAS) provides enterprises with highly secure network
authentication ¢ secure access between applications and the security database. By supporting multiple
authentication methods, SAS provides investment protection and integration capabilities with additional
authentication methods.
PKIS is a method of making sure that companies are communicating with other trusted and authorized
companies. PKIS is a standards-based technology that uses a trusted certificate authority to verify and sign
certificates to validate an identity. Overall, PKIS is considered to be a complex and weighty process that relies
on external providers and third party certificate authorities (CAs).
However, Novell has simplified the certificate authentication process by providing NetWare 5 servers the ability
to act as an enterprise¡s own certificate authority. NDS lets a company provide validation to their internal users,
shortening the users validation and verification process. Novell initially supports server-side certificates.
However, until the client side certificate support is released, NDS with LDAP version 3 support can be used to
store the certificates for other third-party servers ( Entrust or Netscape certificate servers ( right out of the box.
Most applications are moving to support the PKIS method of securing business transactions.
Finally, in an effort to simplify user access, reduce application administration cost, and increase productivity,
Novell will integrate PKIS with NDS to provide users with single sign-on capabilities. A feature to be made
available in early 1999 will ensure that users will not have to sign on more than one time in order to access
multiple applications in the NetWare environment. The applications store all of the security information
associated with a user¡s authentication files, user rights and policies.
Another benefit of NDS that companies will be taking advantage of is the single sign-on function. The user
objectΠcontains information about access rights to a range of servers and applications, each of which might
have its own unique password and access controls. Administrators will be able to allow users to gain access to
authorized servers and applications without requiring them to go through each individual log-on process. This
will particularly benefit mobile users ¢ allowing worldwide access to their network from any server on the
network without having to authenticate back to the home server.
In comparing the security offerings that are available to enterprises today, Windows NT 4.0 lags far behind
NetWare 5. While NT currently offers single sign-on capabilities, it does not support PKIS, and its encryption
capabilities are weak at best.
In addition, domain administration security gives anyone that has administrator capabilities full access to any
resource in the domain, including applications and client desktops. NetWare¡s directory-based security supports
the ability to assign specific access rights to specific resources. |
