/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsTo understand NDS, it is important to first understand
network computing trends, and how NDS evolved from NetWare to other networking systems.
How network computing evolved
Initially, network computing was host-based where a number of dumb terminals with no
processor or storage capacity connected to a large mainframe computer. Then came workgroup
computing where each terminal could process and store information. The terminals were
interconnected, and could share resources with the other computers in the workgroup.
Security was a major issue in workgroup computing. There was no central system to control access. Each machine had its own password.
With the advent of client/server computing, more power was
transferred to the client-side. There was better control over the security since all
clients had to log into the server first. All resources were on the same server. Users
could gain access to these resources with just one password – their own.
However, client/server cannot scale very well to meet the
requirements of a large organisation. A rapidly increasing number of power-hungry users
and applications demanded too much from the server. It looked we had to retreat to the
workgroup paradigm again -- different resources in different locations.
Directory services: the new paradigm
Directory services provided a more suave solution. It is expected that directory-enabled
computing will be the new wave in network computing. Here, the server relinquishes control of the network. All information on the network, including user profiles, network hardware, application properties, etc. are contained in a directory. All servers on the network too are objects in the directory. Therefore, a user can access any resource anywhere on the
network from a single login.
Currently, there are four major players on the
directory-enabled networking front. They are Microsoft with Active Directory Services,
Novell with Novell Directory Services, Cisco systems, and Netscape Communications.
The NDS concept
Novell supported the client/server architecture in NetWare 3.x and lower versions using
the bindery server. NDS was introduced only in NetWare 4.1. It was then called NetWare
Directory Services. NDS had one directory service presiding over all the servers, instead
of having multiple servers with multiple user accounts. The directory contained servers,
print queues, users, and even NetWare volumes. It stored all objects supported by the
bindery servers into a single directory.
Everything on the network was an NDS object. The entire
organisational structure of the company was reflected in the directory structure. The main
objects were the root and the company name, followed by the different organisational units
arranged in a hierarchical order. Users could be logically arranged according to their
departments. Now, users could log into the NDS and traverse their way through the
structure to obtain the required resources.
Novell rides the wave
Realising the potential of directory services, Novell began promoting it in a big way. The
concept caught on quickly. NetWare Directory Services became Novell Directory Services.
Now, NDS is available for Windows NT, and a version for
Solaris is expected. NDS for Linux has just been announced. All this is expected to
immensely simplify network management across multiple OSs. Lucent technologies will
support NDS in its DEFINITY directory solutions. DEFINITY is an enterprise communications
server by Lucent that provides multiple service networking support for IP, ATM, and
circuit-switched networks. When this becomes available, it will allow NDS to manage both
data and voice services.
Features of NDS v8
NDS, now in its eighth version, is more scaleable than before. It can support up to a
billion objects, be they users, applications, network devices, or other data. This way,
there will be no limitation to network growth.
The Lightweight Directory Access Protocol (LDAP) makes
searching the NDS for information an easy task. It lets users query the directory for
information about various attributes of an individual e.g. name, address, telephone
number, e-mail ID, etc. Using the LDAP Administrator utility, the search can be configured
to give different levels of directory access to different users. LDAP v3 comes with NDS
v8. In order to make full use of LDAP, the latest version of NDS must be installed on all
servers.
The new NDS has enhanced security features such as Public
Key Infrastructure (PKI) and cryptography. With PKI, one can request, store, and manage
public/private key pairs and digital certificates. It works with most commercial
certificate authorities like VeriSign, and generates certificate-signing requests that can
be used by them.
Another service in NDS called Secure Authentication Service
manages logins and authentication, and cryptography used by security protocols like Secure
Sockets Layer (SSL). LDAP services in NDS use SSL to communicate. SSL uses public key
cryptography to authenticate and encrypt messages.
Exploring the directory with ConsoleOne
To manage the NDS, earlier versions of NetWare used the NetWare Administrator, which could
only be run from a workstation, and was available for various clients including DOS and
Win 3.x/95/NT. NetWare 5 comes with another utility called ConsoleOne. It is a Java-based
GUI utility that allows users to graphically browse the directory service, and perform
operations like creation, deletion, moving, and copying of individual folders. It is
available for NDS on all platforms owing to its platform independence.
The latest version of ConsoleOne is client based. There are
object filters to customise views. Objects can also be searched by specific property
values. There are templates to speed up the common routines like setting up user accounts,
configuring LDAP services, and controlling NDS rights inheritance, to name a few. Future
versions of ConsoleOne can also be accessed from the Web.