General discussion

Locked

Netware NDS vs Microsoft AD

By egray ·
My company is going through the ?should we convert our network from NetWare NDS to Microsoft AD? phase, and I?m looking for a little professional direction. I've tried the "if it ain't broke don't fix it" approach, but it's fallen on deaf ears.

Background: We?re a fairly large company with 30 sites scattered throughout the country and thousands of users. Each site has a local administrator with administrative rights to his or her OU and their own servers. We have only a couple of admins with root access at the main company site. We pretty much stay out of each others way, and unless someone has a problem, we hardly need to communicate. To put it another way, the network works.

My main concern is my users. Unlike many administrators I?ve met, I tend to put users at the top of my priority list, with ease of administration coming in a close second (no one here, of course). They are the reason I have a job, and the respect I give them (and the respect I get in return) makes working here enjoyable. The last thing I need is to make their lives harder.

At this point in my career, I?m indifferent to change, as it always presents an opportunity to learn new things. I?m a Novell CNE dating back to NetWare 4.0 and have worked with NDS exclusively through version 6.5, albeit with different companies. The recent announcement that we would be doing a feasibility study of converting our NDS environment to an AD environment came as a surprise (I can hear the screams now), but I figure it was only a matter of time before I had to deal with this. Since I?ve never really dealt with Active Directory, it would be difficult for me to hold an intelligent conversation on the matter. So I?m looking for some direction from those who have worked with both. I?m not looking for Microsoft bashers to take another whack at them, I?m looking for real life experiences from those who have struggled or triumphed through a similar process. If you converted, how did it go? Would you do it again? From an administration standpoint, what are the advantages or drawbacks of AD vs NDS? Have there been any recent unbiased studies done on both? (I?ve done the Google search, but most have been commissioned by one or the other).

So, let the OS games begin.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

One point...

by The_Fixer In reply to Missing the Point!

Actually users can recover files between backups using Volume Shadow Copy services in Win2K3. I'm not sure where the statistics you spoke of regarding backup are from. Are you talking about backup of data or just the directory structure? As far as AD backups go, I maintain a fairly large multi-national AD domain and I am able to backup the directory in about 30 minutes.

Mike

Collapse -

Backup Questions

by srk-once In reply to One point...

Veritas and CommVault have some interesting papers on the type OS'es and how data is stored on the systems. MS's FCB structure takes the longest times to backups and restores. Also, VSC does you no good if you are on a Win2K or Linux file servers. srk

Collapse -

Why change?

by tfruth In reply to Netware NDS vs Microsoft ...

I'm trying to imagine a compelling reason to change from eDir to AD. Cost savings? No. Ease of administration? No. Security? No. What's left? Homogonization? FUD?

I would recommend that eDirectory continue to be your primary directory service. Having AD will give you some group level security policy administration on the workstations that you don't have in an NT4 domain (or, at least, that's my understanding.) Let eDirectory control AD and be the primary tool for securing and providing network resources.

The only other compelling reasons for AD, that I'm aware of, would have to do with WIndows server administration and any application that supports/needs AD for some reason, whether it be authentication or something else. Simply switching just for switching's sake does not seem to be fiscally or intellectually logical.

Collapse -

Reason for change

by PeterSS In reply to Why change?

The drive I'm getting from the management is that we are supporting too many platforms. We have Windows servers (mostly for applications), Netware, Linux, UNIX etc.

We can't get rid of the windows boxes, there are too many applications that won't port across to linux; but we could get rid of the netware servers, so have one less OS to support.

Added to that, we have had recent problems with some Netware servers, causing outages for some users. I'm not saying this won't happen with Windows, but it is happening with Netware at present, which is causing concern.

We don't have Exchange; we use eDir for many things (see my earlier post), including links to other directories using IDM (dirXML).

Collapse -

Clarification of Terms

by Grolan In reply to Netware NDS vs Microsoft ...

Just to be clear about what you're asking - are you in fact talking about operating systems (NetWare vs. Windows), or directory services (eDirectory (formerly NDS) vs. AD)? You mention both, but I get the sense the real issue is the OS.

As far as directory services, I'm sure you know that, at least in the case of eDirectory, the directory is a separate matter from the OS. That is, you could run a farm of entirely Windows servers but still use eDirectory as your directory service (or you could run it on linux or unix or IBM mainframes for that matter.) eDirectory can be, and often is, used as a company's directory service (or one in a mix) with no NetWare in sight. Whether that's worth doing really depends on your site. If you're migrating to 100% Microsoft on the server side, then I'd say just go with AD. If you're running a shop with mixed platforms, as many of us do, then there may be good reasons to use eDirectory as your primary directory. (Don't forget about some of the excellent add-ons that eDirectory can enable for you - such as ZENworks.)

If, however, the question is really about OS's, then I would think that's a fairly straightforward matter of evaluating each platform vs. your needs - the "needs" part coming first. "Needs" probably gets pretty directly to the question of the applications you need to run, and whether they are supported on the platform in question. Be aware, though, that when you're talking NetWare, you're really talking linux, because NetWare's future is as a services stack running on SuSE linux. Version 6.5 is the end of the road for standalone NetWare. So you need to figure out if your application needs can be met on Open Enterprise Server (NetWare stack running on Linux), or on native SuSE.

For my part, I've run a NetWare shop for the past 14 years, and have no intention of migrating away from Novell. Our server-based application needs are few (web, email, FTP, a couple of homegrown apps and a database, and a couple of Citrix boxes). Our apps were written in Java and MySQL works just dandy as our database server, so for us a mix of NetWare and SuSE linux - trending eventually to more OES/linux - meets our needs just fine. (We're even considering the Novell desktop as a possible replacement for Windows, client-side.) Novell said recently that NetWare 6.5 would be supported for another 9 years, so I intend to continue running NW servers for basic LAN services for years to come, gradually phasing in OES/Linux as we go. This preserves our investment in Novell products and the training of our IT staff, while allowing us to move forward. (Novell has some great self-study kits for SuSE linux, btw. All you need is an old P-III or better box to use as a "classroom" server and away you go.) There are just too many advantages for a longtime Novell shop like us - not least of which is security - to consider migrating away.

Don't forget to factor in the cost of training as well as any ancillary or 3rd party tools that may have to be replaced as well. Also, remembering that Novell's direction is Linux, consider that if you were to go that way, there may be future savings in terms of the many free or low cost tools and applications that you can use on your servers. MS means staying proprietary which means $$ for anything you want to do. Your choice, like it or not, is really between two migration paths.

Good luck!

Collapse -

Both work well, it depends on your needs.

by afhavemann In reply to Netware NDS vs Microsoft ...

Both work well; it depends on your needs.

Like you, I?m a long time, certified Novell tech. Two years ago we purchased a full suite of MS licenses for all of our sites and setup a server in each. This was mostly for compatibility with specific software, not to completely replace the Novell servers already in place.

We ran through some classes to get familiar with the OS before we started and had no particular difficulty with installation and setup. The servers worked well and the differences between NDS and AD caused no problem once we got up to speed. We found them (AD/NDS) to be pretty much equivalent.

After almost two years running both I can say with confidence that the Novell servers require considerably less attention than the MS servers.

Novell servers are much more difficult to install initially, the GUI sucks in comparison to Windows and a Novell server is much less intuitive to work with than a Windows server.

Once up though, a Novell server will probably run forever unless there?s a hardware problem, whereas the MS servers usually need a reboot every few weeks for one reason or another. It?s not that big a big deal, but they do need the attention.

The MS servers are also vulnerable to infection with spyware and virus. Novell servers are immune from such threats since writing code (NLM?s) to infect them would be extremely difficult.

The bottom line:

Netware is harder to install, it can be an utter ***** to fix if it breaks and I hate the Novell client. Occasionally we?ve encountered problems that even our experienced (and certified) staff could not solve without Novell support or that required a manual rebuild of NDS.

The Windows servers aren?t much better. We?ve had to rebuild AD a couple of times and reload several of the servers when we had problems that just couldn?t be resolved. Patching MS servers is another weekly headache.

In the end, the nod goes to the Novell mainly due to their stability. While considerably more difficult to install, once up and running clean their extremely stable.

We have several locations separated by hundreds of miles with multiple Novell servers that have no resident technical staff. The servers in those locations run unattended (lights out) for years except for a yearly PM and update (if their lucky).

We had an old (end of life) backup server (Netware 4.11) that no one touched. When we finally took it down it had been up for 779 days non-stop. In contrast, the Windows servers need to be checked almost daily.

Novell servers are harder to work with but run forever. Windows servers are much easier to work with but lack Novell?s stability. Your choice depends on your network; for us, stability rules and we stuck with Novell.

Al

Collapse -

Some things to Consider....

by SledDog In reply to Netware NDS vs Microsoft ...

I have every Novell CNx cert that has been issued since 3 to 6.x; including Master CNE. I also was in the first 10k MCSE's ever certified, on NT 3.51. I re-certified on Win 2k with the complete curriculum over again. I'm also an MCDBA. Wow, ain't that impressive?? (I'm not looking for a job) Only reason I say this is to let you know that I am equally invested in both sides of the fence from a technical standpoint. I've almost always worked in an outsourced capacity during my 15 yr career. I've been in many businesses that have switched from NetWare to Windows as their server OS, businesses large and small. I ALWAYS ask why. Not to the lead tech, but to the business stakeholder. The answer is invariably some form of, "we're not comfortable with Novell's market position relative to M$." "Are there technical reasons?" - I always ask. "Well, we like having a GUI on the server for easy administration" or something as shortsighted. Okay - now for the actual answer to your question, or at least Some things to consider.... Login scripts. If you're like most NetWare shops you've enjoyed the rich scripting abilities of NetWare. Kiss'em goodbye. Get ready to toil over Kixstart or writing huge batch files. Drive Mappings. Chances are you've enjoyed nice things like "MAP ROOT" commands to hide higher level directory structures. Bu-bye. You've more than likely become very good at setting the file permissions in the servers' directory structures, even done some IRF's. Mapping the NetWare rights to the AD/Win rights is not an overnight matter for several thousand users. Perhaps you haven't enforced globally unique names for users in your tree, (eDirectory doesn't enforce uniqueness globally, just in the OU users reside, AD enforces global uniqueness.) You now need to spend the time finding the dupes (if any) and telling them that their login (or logon??) name is changing. Perhaps you have enjoyed having awesome control of where replicas of certain partitions in the tree are... A nice to have for network performance and redundancy. Show this to the Mgr /decision maker; - make a new partition in your eDir tree, and put replicas of that parition on 3 or 4 servers. Wait for confirmation that it is done. Now do the same thing in Windows (with native tools). Yikes! Worried about the health of the eDir tree? in one replica ring? Run NDSREPAIR! Now get the same feedback from Windows that the directory is healthy? - Okay, if that sounded too much like M$ bashing, I'm sorry, but to me there is no comparison; but there is compromise. MS SQL Server (yes, and even IIS, if its version 6) have a very nice stack for applicaiton development, if that is what you are after. If you are after giving your users a comfortable, consistent work experience in the file & print world, and giving your admins the same, to me there is no question. Also - look at Novell's Identity Manager products as a means of managing and mitigating the combined use of AD and eDirectory. It's the bomb! Good luck! Keep to the facts. Oh yea, in case you didn't know, Novell's CEO said at Brainshare this year, that NetWare would be supported until 2015. I hope that helps!

Related Discussions

Related Forums