|
|
 |
|
|
|
Comparing Microsoft Windows NT Server and Windows 2000 with Novell NetWare 5
|
|
Contents
Chapter 5
Manageability
| Feature |
Windows NT Server 4.0 |
Windows 2000 Server |
Novell NetWare 5.0 |
| Scalability without Complexity |
Supports over 20,000 users per domain (partition). |
Supports millions of objects per domain (partition). Directory uses indexed data store for fast retrieval Optimized replication between sites and over slow network links Global Catalog provides unified view of directory objects in multiple domains Global Catalog is updated simultaneously with other replication cycles to ensure low latency Single data store and access methods for partitions and catalogs |
Novell recommends a maximum of 1000 objects per partition so large organizations require many partitions with additional management burden. Partitions are not indexed resulting in potentially slow queries Novell recommends partitions not span WAN links Administrators must manage partition sizes and restructure partitions as they fill up Searching for objects directly across partitions requires tree walking Different process for building, replicating and storing catalogs vs directory partitions High catalog latency since catalog is rebuilt only at scheduled intervals (default is 24 hours) |
| Internet Standards Support |
N/A |
Implemented as a native LDAP server that requires no request translation Consistent interpretation of access control rights when access is via LDAP Provides LDAP-based access to all features Full name space integration with DNS to simplify object location and access |
Provides LDAP support via server-based interface that must be installed on NDS servers individually LDAP requests must be translated to NDS formats Limited LDAP-based access to NDS features Different naming syntax for LDAP access versus access via NDS APIs Access rights interpreted differently when access is via LDAP versus NDS APIs No name space integration with DNS makes object naming and location more complex |
| Flexible Security Services |
Centralized management of user and group security. |
Provides support for popular security technologies such as Kerberos and Smart Cards Catalog enforces object- and attribute-level security No restrictions on security groups that span partitions (domains) |
Lacks support for Kerberos and Smart Cards Catalog does not enforce object- and attribute-level security within the catalog database Novell recommends that administrators minimize the use of groups that span partitions |
| Support for Synchronization and Consolidation |
Primary/backup domain controllers. In a Windows NT 4.0 domain, the primary controller contains a read/write version of the directory, while a backup domain controller contains a read only replica of the master database. |
Provides the scalability required to consolidate large directories without administrative complexity Built-in LDAP-based change history interfaces facilitate use as a meta-directory platform Catalog architecture enables fast, efficient query of large number of objects Will be used by Microsoft products such as Exchange 6.0, MSMQ 2.0, MCIS 3.0 |
Partition size restrictions limit use for directory consolidation Provides no formal way to request change history information; requires customized synchronization agents Catalog architecture forces tradeoffs between speed and consistency with underlying partitions Not used by Novell's GroupWise product for account management and address book functions |
| Comprehensive Development Environment |
There are hundreds of server applications that leverage the security, manageability, and single user logon services in the Windows NT Server 4.0 directory. |
Provides COM-based Active Directory Services Interface (ADSI) for simplified development JADSI supports access from Java applications Provides the scalability required to ensure that applications can store, access and manage millions of objects without application-level complexity Provides LDAP-based access to all features |
No ADSI implementation for use by applications running on NetWare JNDI supports access from Java applications Applications must work within partition limitations Limited LDAP-based access to NDS features |
| Feature |
Windows NT Server 4.0 |
Windows 2000 Server |
Novell NetWare 5.0 |
| Management Presentation Services |
Graphical interfaces make it easy for administrators to manage Windows NT Server 4.0 based networks. As part of the Windows NT 4.0 Option Pack, services such as Internet Information Server, Microsoft Transaction Server, and Indexing can be managed using the MMC. |
Microsoft Management Console (MMC) is a single interface or viewing network functions and using administrative tools. Easy customization for task-based administration and logical grouping of tools Microsoft BackOffice® and third party application admin tools available as MMC snap-ins. |
Few management applications available for ConsoleOne. ConsoleOne suffers from poor performance due to implementation in Java. Applications written for NWAdmin (e.g., all Novell applications) will need to be re-coded for ConsoleOne. Z.E.N.Works is not integrated with ConsoleOne. |
| Instrumentation Services |
With the addition of Service Pack 4, Windows NT Server 4.0 supports Windows Management Instrumentation (WMI). This is a CIM compliant model adopted by DMTF. WMI provides a standard interface to data generated by SNMP, DMI, the registry and other management interfaces. |
Provides detailed application and data management across different vendors' products. Supports industry standards - Common Information Model (CIM) adopted by the Desktop Management Task Force. Consolidates and unifies data provided by existing management technologies. Does not require specific APIs. |
Collects only SNMP and DMI information and provides only exception reporting on the server environment. Therefore, there is not a single interface for accessing both SNMP and DMI information. |
| Management Automation through Scripting |
With the Windows NT 4.0 Option Pack, organizations were able to take advantage of the Windows Scripting Host to manage various aspects of Windows NT Server 4.0 using scripting. Management interfaces exposed via Component Object Model and accessible through scripting for automation. |
Windows Scripting Host supports direct script execution from the user interface or the command line. Built-in support for Visual Basic scripts, Java scripts, and a language independent architecture which will allows other software companies to build ActiveX® scripting engines for languages such as Perl, TCL, REXX, and Python. |
No information available on using scripts to perform common management tasks. |
| Group Policy Management |
Operating system policies and settings can be defined using the System Policy Editor |
One tool (Group Policy Editor) allows policies to be set on users and groups in a site, domain or organizational unit in the Active Directory. Automates such tasks as operating system updates, application installation, user profiles and desktop system lockdown. Granular assignment of policies to groups of users. |
Requires use of multiple add-on tools. Applications are assigned in one place (the Novell Application Launcher) and desktop configurations in another (Workstation Manager). Non-granular assignment of policies based on NDS membership. |
| Feature |
Windows NT Server 4.0 |
Windows 2000 Server |
Novell NetWare 5.0 |
| User Data Management |
Using user profiles settings, local documents can be automatically synchronized with secure network copies. |
Users can roam to any Windows 2000 Professional-based PC on the corporate network and always have access to their data, applications and computer preferences. Users can also take local and key network-based resources off-line, which will automatically synchronize upon reconnecting to the network. |
NetWare 5 does not provide any mechanism for seamlessly redirecting files on the workstation with secure copies on the network. Therefore users run the risk of loosing valuable data or not having their documents available to them when they are offline. |
| Software Installation and Maintenance |
Available with Microsoft Systems Management Server (SMS) |
Administrator can specify a set of applications that will always be available to a user or group of users. If a required application is not available when needed it will automatically be installed. Auto-repair update and application removal are also supported. |
No support for just-in-time (JIT) installation via file associations No deployment of operating systems Lacks client caching of applications to support remote users when disconnected from the network. No support for policy extensions for customized policies No support for machine replacement, profile storage only All installation and repair is dependent on specialized user interface (NAL Window) |
| User Settings Management |
This functionality was available to Windows NT Server 4.0 based networks through ZAK. |
Centralized administration and control of desktop computers, with the ability to lockdown desktop configurations. |
Available with Z.E.N.Works |
| Remote Operating System Installation |
Not available |
Using standards-based remote boot technology (PXE) a PC can automatically connect to a Windows 2000 Server and install Windows 2000 Professional |
Not available |
| Feature |
Windows NT Server 4.0 |
Windows 2000 Server |
Novell NetWare 5.0 |
| Security Configuration & Analysis |
Provided through the Security Configuration Editor in Service Pack 4.0 for Windows NT Server 4.0. Automated configuration of various global and local security settings including security-sensitive registry settings, access controls on files and registry keys, and security configuration of system services. Security Configuration Editor allows administrators to define security configurations as a template, and then apply the template to selected computers in one operation. |
Adds policy based security management&configuration integrated with Active Directory. |
Lacks management tool for inspecting or setting security polices on servers and workstations. |
| Authentication |
Support for multiple forms of authentication (user name/password, Web standards, etc). Single logon services |
Support for multiple forms of authentication (user name/password, smart card, Web standards, etc). Built-in support for standard, interoperable security protocol (Kerberos). Mutual authentication of both client and server. Faster performance through reduced server load during connection establishment. Support for delegation of authorization from clients to servers through the use of proxy mechanisms. |
Proprietary password based protocol to authenticate clients and no architecture for adding additional protocols. The workstation does not provide strong password enforcement, lockout, etc. Instead the server provides this. |
| Public Key Certificate Services |
With the release of the Windows NT 4.0 Option Pack, customers where able to setup a public key infrastructure. With the bundled certificate server, administrators could issue certificates to users, who then could authenticate themselves through built-in Internet Information Server (IIS). In addition, the certificate could be mapped to a Windows NT-based user account so access control could be managed through Windows NT access control lists (ACLs). |
Built in Public Key Certificate Server and support for third party CA services. Integrated support for public key (X.509) security with built-in infrastructure for SmartCard usage (logons, certificate storage and revocation) for Extranet security. |
NetWare 5 supports X.509 certificates on the server. No smart card support. |
| Smart Card Infrastructure |
Third party support. |
Standard model for interfacing smart card readers and cards with PCs. Device-independent APIs for enabling smart card-aware applications. Familiar tools for software development. Broad support from all the leading smart card hardware vendors. |
Not available |
| IP Security Protocol |
Not available |
Support for IETF standard IP Security protocol for encrypting TCP/IP traffic. Tight integration of IPSec with system policy management to enforce encryption between systems transparently to the end user. Used to secure communications within an intranet and to create Virtual Private Network solutions across the Internet. |
Not available |
| Encrypting File System |
Not available |
Encrypting file system built-in to NTFS as an integrated system service, making it easy to manage, difficult to attack and transparent to the user. Enabled on a per-file or per-directory basis. |
No comparable functionality. Some 3rd party applications that allow similar functionality at extra cost - but don't have key features such as recovery agents. |
|
 |
Last Updated: Tuesday, March 28, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of use.
|
|
