Tools Help Prepare for NT 5.0, Active Directory
Many organizations are waiting with bated breath to get their hands on Windows NT 5.0 and the many improvements it will offer, but when system administrators begin thinking about rolling out NT 5.0 across their global enterprise, chances are great that they do not look at the implementation process with the same sense of enthusiasm or anticipation. Make no mistake -- migrating current Windows NT 4.0 networks to Windows NT 5.0 will be a complex, time-consuming task.
To help organizations get a head start on this laborious migration process, several vendors have announced solutions that deal with bringing together NT 4.0's domain-based directory system and NT 5.0's more extensive hierarchical Active Directory system, and enabling systems that use each to coexist on the same network. Both Entevo Corp. (Arlington, Va., www.entevo.com) and FastLane Technologies Inc. (Kanata, Ontario, www.fastlanetech.com) offer solutions aimed at supporting Windows NT 5.0 enterprise preparation and transition.
"It's not a matter of 'if 'corporations are going to 5.0; it's a matter of 'when' they are going," explains FastLane Technologies' product manager Keith Miller. "What corporations need to do is shelter users from the changes that will be taking place in the domain physical structure, especially since we're looking at a potential 3-year co-existence period [between NT 4.0 and NT 5.0]."
Amir Hudda, CEO of Entevo, agrees with Miller's assessment. "This transition will take time, and for that duration, you'll have to cross-manage existing and new NT networks and systems," he explains. "Even if you have conversion tools, you cannot migrate overnight."
Because Windows NT 4.0 (and its precursor, Windows NT 3.51) does not have a true directory system, Microsoft created the Active Directory Services Interface (ADSI) standard to include with NT 5.0. ADSI models enterprise resources -- users, groups, printers, and so on -- as COM objects and interfaces. Using ADSI, users will be able to manage enterprisewide resources.
Since any migration to Windows NT 5.0 will take a substantial chunk of time, the problem for administrators quickly becomes one of integrating existing NT 3.51 and NT 4.0 systems into an NT 5.0 environment and managing resources among all of them.
Entevo and FastLane have taken somewhat different paths toward an Active Directory solution. Entevo has built a series of ADSI-compliant COM objects called DirectScript that enables a virtual Active Directory to run on Windows NT 4.0 and Windows NT 3.51 machines, while FastLane wants customers to configure their existing NT 4.0 domains into a Windows NT 5.0-friendly schema using the company's Phoenix Domain Reconfiguration Tool for Windows NT, to which it will add ADSI support in the near future to facilitate NT 4.0 domain migration to Active Directory domain trees.
Entevo's DirectManage Suite, which comprises the DirectScript COM objects and DirectAdmin, a directory management interface that sits on top of DirectScript, enables users to manage objects such as domains, groups, computers and users on machines running Windows NT 3.51, Windows NT 4.0 and Windows NT 5.0. In contrast, FastLane will simply add ADSI support to its FINAL PowerTools suite to enable users to build network management applications that take advantage of Active Directory.
While both Entevo and FastLane solutions enable users to build network management tools via a scripting environment, FastLane's FINAL uses a proprietary scripting language, while Entevo's DirectScript is not language-specific. "Would you rather use a proprietary language like FINAL, or would you rather work with existing infrastructures or any infrastructure compatible with Active Directory?" questions Prashanth Viswanath, Entevo president and CTO.
This is one of the reasons that Joe Brand, lead networking analyst for Nabisco Inc. (Parsippany, N.J., www.nabisco.com), is testing Entevo's DirectScript in his company's lab. "[Entevo's] scripting language is all COM-based, which means you can use Visual Basic, Visual C++, JScript or Active Server Pages. There's no training involved. Right now, I'd go with Entevo because we can leverage our in-house development expertise."
Brand was also impressed with DirectScript's ability to collect Access Control Lists and Access Control Entries from directories, which is something that FastLane's FINAL cannot do. Brand is using DirectScript to collect ACLs from all of the directories in his network and consolidate them into a single data repository, enabling managers to track user access to network resources on a global scale.
Although Brand reports that his company has not budgeted the migration to Windows NT 5.0 yet, he believes that choosing a directory management solution that ties into Active Directory is extremely important. "Because Entevo already uses ADSI, anything we did today [with Entevo] doesn't go away when Microsoft releases NT 5.0," he concludes.
Regardless of the tools or software packages a company is planning to use in its NT 5.0 migration endeavors, the point is that administrators can begin to prepare their networks for the move to Active Directory now. "When you do domain planning today, our story is simple," says Entevo's Viswanath. "Stop! Don't do it. Do directory planning instead."