Dial "D" For Directory Service
New standards exist for centrally managing multiple platforms--despite the fact that the growth of corporate intranets encourages cross-platform connectivity. As a result, software vendors are turning to directory services.
Unfortunately, technologies like Sun Microsystems' Network Information Services (NIS) and NIS+ and Novell Directory Services--which help manage large networks--address only single platforms. And though initiatives like the Open Software Foundation's Distributed Computing Environment (DCE) offer a solution for platform-independent directory and security services, without strong independent software vendor (ISV) support, even they can't effectively manage cross-platform environments. The keystone of a success
ful directory service solution will be ubiquitous application support on both the client and server sides.
To bring Windows NT closer to the nirvana of a fully integrated yet distributed network, Microsoft Corp.'s upcoming fifth revision of Windows NT includes an integrated directory solution, the A
ctive Directory Service (ADS). Although NT directory services are already available, ADS promises to add strong application support through Microsoft's BackOffice application suites.
We tested an alpha release of ADS for a glimpse at the new directory services. This preview includes a "directory" browser icon on the desktop and a Web interface for querying and managing directory objects (Microsoft says the user interface will change considerably before the next release of NT). Built on top of the integrated Kerberos security model, Internet Explorer ensures a secure connection when administrating the directory service. We found the preview release includes little in the way of applications that actually ta
ke advantage of the directory service, even though this was just a working model.
ADS uses standards-based and other technologies, such as MIT's Kerberos 5 authentication system, the X.500 directory model and the Lightweight Directory Access Protocol (LDAP). ADS will replace existing Microsoft Domains, answering the challenge posed by NDS as well as Internet "white pages" directory services. Unlike Microsoft's existing domain technology, which can top out after several thousand objects, ADS can scale into millions of objects. Instead of relying on a master/slave model, it is hierarchichal and distributed among multiple master servers, each with its own tree. As is the case with NDS, this allows distributed management and redundancy.
What about compatibility with other directory services? This is where Microsoft is taking the extra step toward integrating with other technologies. Instead of shutting the door on existing directory services, ADS will include a modular replication system to accommodate th
ird-party plug-in directory synchronization agents. This means that instead of throwing out your existing NDS tree, you should be able to synchronize information between the two directories. Since the synchronization is modular, the plug-ins will handle the translation between ADS' and foreign directory sch
emas.
On the client side, Microsoft has added a common directory interface layer. Dubbed the Active Directory Service Interface (ADSI), it gives clients a universal interface to various directory services. By standardizing the application programming interfaces (APIs) for accessing directory services of all kinds, Microsoft hopes to deliver strong directory service support at not only at the back-end service level but also at the desktop.
|
REPORTS
ANALYTICS
Follow 
