Trouble Looming for NDS for Windows NT?

When Novell Inc. debuted Novell Directory Services (NDS) for Windows NT in January, Microsoft Corp. responded nearly instantly by indicating that customers who choose to deploy NDS-based solutions on Windows NT would be on their own in the area of Windows NT support. Microsoft later ameliorated its stance, but less than 6 months later it appears that another problem could be looming on the NDS for Windows NT horizon. In recent weeks, several analysts and developers have indicated that Microsoft's forthcoming releases of Service Pack 4 for Windows NT and the next-generation Windows NT 5.0 operating system could pose interoperability problems with Novell's NDS for Windows NT.

"We expect Microsoft to introduce functionality in Service Pack 4 that will interfere with NDS, specifically the Security Configuration Editor," said Neal MacDonald, an analyst with IT consulting firm Gartner Group (Stamford, Conn., during Gartner's recent Windows NT conference in San Francisco. MacDonald and other Gartner analysts also indicated that Novell may have its work cut out for it in ensuring NDS for Windows NT interoperability with Windows NT 5.0.

While not directly acknowledging the existence of or potential for a problem with Service Pack 4, Michael Simpson, Novell director of marketing for NDS, acknowledged that Novell was currently looking over the Service Pack 4 code to ascertain the possibility of a problem.

"We do have a beta of Service Pack 4 in house, and we are working on making sure that NDS for NT will interoperate with that," Simpson maintains. "We'll see what the situation looks like once Service Pack 4 is done."

A far more pressing problem will likely be presented by Windows NT 5.0 and Microsoft's forthcoming directory services venture, Active Directory, says David Chappell, a principal with Chappell & Associates, a Minneapolis-based consulting firm that specializes in distributed objects and distributed computing. Because Windows NT 5.0 must be deployed with Active Directory in place, Chappell says, Novell will very likely have much to do ensuring NDS interoperability with Active Directory and NT 5.0's revamped security infrastructure.

In NDS for Windows NT 4.0, Novell uses a technique of transparently redirecting client requests from a Windows NT domain controller to an NDS Server. "But if I were Microsoft, I would make it impossible to do that in NT 5," Chappell explains. "They could possibly make it so that the current scheme that Novell uses which involves transparent redirection would simply be undoable."

For his part, Novell's Simpson says that he believes that Microsoft's Active Directory Services Interface (ADSI) will provide the necessary hooks that NDS needs to be able to adequately interoperate with Windows NT 5.0. "We're making progress, and we also have we believe all we need through MS' published interfaces with ADSI," Simpson contends. "I don't anticipate a problem, I do believe that we will certainly have beta product before MS ships NT 5.0. And the good news is that they're giving us plenty of time to develop NDS integration with NT 5.0."

As proof-of-concept, Simpson points to Novell's demonstration of a working NDS-for-Windows NT implementation running on Windows NT 5.0 beta 1 that was staged at Novell's Brainshare Conference in March. "We showed NDS running with NT 5 beta one during Brainshare," he observes. "We have ported NDS to NT 5.0 and it actually works."

Chappell & Associates' Chappell remains politely skeptical, however. "What does 'running with [NT 5 beta one]' mean?" He asks. "I think there's a bunch of issues that Novell's not talking about that could potentially arise here."

Chappell points to the lack of a clearly defined multivendor standard for replication between LDAP-based directories as one potential stumbling block for Novell. "Even though LDAP defines a standard access protocol for servers, the way that servers replicate with each other is still proprietary," he indicates. Microsoft's implementation of an obfuscated and proprietary replication protocol in Active Directory could prevent Novell's NDS from replicating with Active Directory servers. In this regard, Chappell says that Novell's only solution would be to reverse-engineer Active Directory's replication scheme.

In the end, Chappell says, Novell could design an NDS client that, rather than replacing Active Directory, coexists with it. "It's hard to imagine a way that Microsoft could prevent Novell or any other directory company from just synchronizing their directory with Active Directory by simply acting as a directory client," he concludes.