Government Selects the Familiar

Government Selects the Familiar

by / December 31, 1996
By Meghan Cotter
G2 Research

Delayed state and local government migration to client/server, coupled with widespread Windows implementation for word processing and office automation needs, is driving MIS directors to opt for Windows NT over UNIX and Novell operating systems. Although Novell's installed base far exceeds Microsoft's in this arena, the trend toward NT will challenge even Novell's dominant market position.

All too often, the choice of a network operating system is determined by the individual who signs the checks. This method of choosing a network operating system is fundamentally flawed because these buyers are more heavily influenced by marketing hype than by a product's technical merit.

Purchasing decisions should be made by the network administrators who install and manage the network. Corner-office buyers simply do not have the necessary technical depth and experience in the trenches to evaluate and choose a network operating system. Sifting through marketing chaff in search of the facts is a daunting task. It takes an experienced eye to see beyond the advertising glitter that often hides a networking product's blemishes and deficiencies.

Many state and local government agencies are preparing to replace their network operating systems (NOS) because of a chain of events revolving around the impending Year 2000 (Y2K) issue. The problem is not in the NOS itself, but with the applications that use it.

None of the current Microsoft Office 4.x or 95 products are Y2K-compliant. As of this writing, no Y2K patches for these products have been announced. To become Y2K-compliant, government agencies must perform a wholesale upgrade to MS Office 97. Windows 3.x and OS/2 users are left out in the cold because Office 97 only runs on Windows 95 or NT. This means the bulk of agencies now using Windows 3.x and OS/2 are facing a mass migration to Windows 95 or NT. The forced migration and hefty price associated with MS Office 97 may steer some buyers toward Corel's Professional Office 7 suite as an alternative.

Agencies running IBM LAN Server or Warp Server are in for an additional surprise. Windows NT clients will not authenticate to the IBM server products. IBM's DOS LAN Requester software currently performs this function, and it will not run with the NT client.

One IBM rep said he is unable to license the NT login APIs from Microsoft, so he is making a half-hearted attempt to reverse engineer them. Hacking these undocumented APIs may allow NT clients to authenticate to IBM's servers until Microsoft changes the APIs.

Unlike Novell, IBM does not have an NT client that will authenticate to their servers. IBM reps indicate that none are planned, as IBM is now concentrating its focus on Java. IBM's OS/2 client for Windows 95 will authenticate to their servers for password changes, but will not recognize user home directories unless an alias is created.

Microsoft's total domination of the desktop is slowly weeding out the players on the network operating system field. NT Server, Novell NetWare, and SCO UNIX are some of the big names still left in the game.

NT Server 4.0 is Microsoft's latest entry in the NOS sweepstakes. NT is a 32-bit, preemptively scheduled general purpose operating system. Its Windows 95 user interface is in keeping with Microsoft's focus on appearance and consistency.

NT is a strong contender in several key areas. It is the uncontested winner for painless installation of both the program files and the Service Pack updates. Microsoft is to be commended for providing high-quality installation methods across its product line.

Autodetection of installed system components under NT 4.0 is improved over previous versions. NT hardware detection is not as comprehensive as Windows 95, but this is excusable for a server product. To provide Plug and Play, NT's multi-platform operating system has to jump through many more hoops than Windows 95 does. Users wanting to install NT Server 4.0 on their laptops will find it a bit more difficult than installing Windows 95.

Microsoft's highly regarded Internet Information Server (IIS) 2.0 and FrontPage 1.1 Web-authoring package are bundled with the new version of NT Server. Both team up to provide high-quality, easy-to-operate services for corporate intranets or Web servers.

A large amount of marketing hype must be cleared away before comparing NT Server with Novell's NetWare 4.11 product. The most glaring example of advertising glitter is the newly coined NT Directory Service (NTDS) term. NTDS is simply fresh makeup over the same legacy domain scheme that has been with Microsoft networking products from the beginning. This is akin to taking "Piper Cub" and renaming it "Boeing 747" then wondering why it won't carry 700 passengers.

NTDS is simply not in the same league as Novell Directory Services (NDS) for managing an enterprise network. In the NT domain scheme, network components cannot be easily moved between domains. User objects must be deleted and recreated. Moving a domain controller requires the administrator to reinstall the NT operating system.

Under NTDS, the administrator cannot drag-and-drop a user account between the Los Angeles and San Francisco domains. Only limited user account information is readily available to the User Manager utilities. The administrator must write down the user name, password, logon hours and other account data. Unlike NDS, NTDS does not allow the administrator to display the user's groups, rights and permissions. Any file system permissions granted to the individual user have to be fished out manually. Once copied, the user account is deleted in Los Angeles then recreated in San Francisco using the copied information.

On the showroom floor, NT Server's Single Master Domain model allows all users to reside comfortably in a single domain. This changes in the real world. Any consultant will testify that a network migration is 25 percent technology and 75 percent politics. Politics translates to boundaries, empires, and multiple domains for the various corporate groups and their geographic locations.

The Single Master Domain model uses separate resource domains for local resources. Each resource domain holds the local file servers, printers and other local components. A one-way trust relationship must be created by the central site administrator for every resource domain. This allows master domain users to have access to the resources in the resource domains. All users must first authenticate to a domain controller of the master domain.

User accounts are first assigned to a global group associated with the master domain. Local groups must then be created at each of the resource domains. User accounts are added to the local groups from the global group. Rights and permissions can be added to either group. Microsoft indicates it is preferable to do this with local groups only.

NT Server requires twice the amount of network hardware in each domain than NetWare. Each resource domain requires at least two NT Servers. The first is set up as the Primary Domain Controller (PDC) for the resource domain. The second is a Backup Domain Controller (BDC) for the master domain. In simple terms, an agency supporting 150 remote offices will need 150 NetWare servers, or 300 NT Servers and their associated licenses.

Managing the domain scheme becomes increasingly difficult as more domains and groups are added to the network. For large state agencies wanting centralized administration over different departments, Microsoft recommends the Multiple Master Domain model. It is cited as the optimum choice, because it is the most scalable. In this model, the administrator connects every master domain to every other master domain with a two-way trust relationship. One-way trusts are established between resource domains and the various master domains.

Management of domains quickly becomes mired in the mud as the number of domains, trusts and groups increase. No easy method exists for identifying user and file system rights, permissions and group memberships.

From the enterprise point of view, NT Server is better used as a NetWare resource, rather than a network operating system. NT is brilliant as an application server and development platform, but less than optimum for providing file, print and management services for an enterprise network. A rule of thumb exists for comparing file and print services between NT and NetWare. NT only supports half the number of users that NetWare does for equivalent performance on the same hardware.

Microsoft promises full directory services when the Cairo version of NT is released. This version will be a 1.0 release, no matter how it is marketed. Like all 1.0 versions, it will take a few major releases before the bugs are worked out. Stability does not come overnight for any 1.0 product.

In 1989, Novell began writing NDS. When it was released in 1993, it was a failure. Four years of coding by Novell's networking experts fell flat on its face in the first release. Now seven years old, NDS is a highly stable, mature platform with a significant amount of development time behind it.

Currently, Novell's directory services are running native on NT, Windows 95, SCO OpenServer and UnixWare, Hewlett-Packard UX, and others. The NT Server platform is now fully manageable under NDS. Managing NT with NDS offers many advantages for the enterprise network. NT's popular Back Office suite provides a wide range of high-quality, easily administered network services.

Last October, Novell released IntranetWare 4.11 and NetWare 4.11 as two separate products. This was dumb, but typical of Novell's lack of marketing savvy. They need to follow Microsoft's excellent lead of bundling everything including the kitchen sink in a single product. If Novell marketing fails to smarten up, they'll wind up as the Beta Hi-Fi of operating systems: a technical success and a commercial flop.

Green River is the code name given to the NetWare 4.11 core enhancements. These include hardware autodetection during installation, much improved ABEND processing, bundled TCP/IP, DHCP, DNS, NetBASIC and the Web server.

IntranetWare 4.11 includes all the Green River enhancements to the core product. Additional features bundled with IntranetWare are the IP/IPX Gateway, Multiprotocol Router, and ISP Connectivity packages. One component conspicuously missing from the bundle is NetWare Connect. This is another marketing glitch Novell needs to rectify. Skip NetWare 4.11 and buy IntranetWare 4.11 instead. Trying to save a few bucks with the cheaper package is a false economy.

Because Novell has no vested interest in desktop operating systems, NetWare supports all clients except UNIX. Under NetWare, all users are NDS users, whether they use a PC, Macintosh, or an OS/2 client. To further connectivity, Novell offers a full TCP/IP and IPX client for both the Macintosh and OS/2 client platforms. These clients now have full access to all resources on NetWare 4 networks, including NDS services. The Macintosh client retains connectivity to AppleTalk networks as well.

Client32 is Novell's new 32-bit technology that serves as the foundation for client software. The initial 1.0 versions of the Windows 95 client left a lot to be desired when compared to the currently shipping version. The problem with beta code is the long lasting bad taste it leaves in the user's mouth. The February version of the Windows 95 client crashed every time it started up. Oddly, the patches to fix these problems were available right next to the Client32 software in the FTP directory. Why the broken client code was left on the Web site remains a mystery.

Installing patches in both the client and server code is not very pretty. The patching procedure for the February versions of the Windows 95 client was both clumsy and vague. Novell needs to take another lesson from Microsoft on how to provide painless patch installation. The Service Packs for Windows 95 and NT are the epitome of easy and graceful maintenance updates.

Novell software downloaded from the Web still comes in the familiar ARJ self-extracting file. This was okay for bulletin board hackers 10 years ago, but is very lame by today's standards. Novell needs to learn how to use InstallShield for an installation program. DOS-level installation is acceptable for NetWare file servers, but amateurish for GUI-based client software.

Brushing aside the marketing chaff, IntranetWare 4.11 is an evolutionary and significant improvement upon version 4.1. NetWare offers exemplary network management and stability with high-performance file and print services. Novell is highly successful at providing connectivity and management to a wide variety of platforms. However, no single platform excels at everything, and NetWare is no exception to the rule. Because of its structure, the NetWare operating system has always been a less- than-optimum platform for client/server applications.

Administrators looking for industrial-strength platforms need look no farther than Santa Cruz Operation (SCO) UNIX. SCO's OpenServer and UnixWare are the market-leading products for the UNIX environment. Designed to run on Intel-compatible hardware, SCO UNIX is the foundation for building business-critical applications. UNIX offers a breadth and level of stability that is unmatched by other operating systems.

Being 25 years old qualifies UNIX as the granddaddy of small computer operating systems. More applications are available for UNIX than NetWare and NT Server combined. Despite its maturity, UNIX has found it difficult to divest itself of its "geeky" image. Contrary to popular opinion, UNIX system administrators are not propeller heads who secretly sacrifice chickens to make the system operate. Like every other operating system, UNIX has an interface and a set of utilities that must be learned.

Network administration requires highly trained, full-time personnel. UNIX environments require solid network skills every bit as much as NetWare and NT Server. Making Sharon the network administrator because she's sitting closest to the file server is not good business. Network operating systems may be easy to install, but they do require experienced personnel to handle problems when they arise. SCO makes this job easier with a complete suite of graphical administrative tools that hide the complexities of UNIX.

UNIX is the platform of choice for several key network functions. Network-monitoring products like HP OpenView are better suited for this platform. Knowledgeable administrators know OpenView is also available for the Windows platform, but they run it on UNIX. OpenView runs out of gas very quickly in the Windows environment.

High-end databases like Oracle, Sybase, and Informix are right at home on big SCO UNIX platforms. Heavily used Internet servers and firewalls provide maximum performance on UNIX. Both SCO OpenServer and UnixWare support serious CPU scaling up to 32 processors supporting more than 60 multi-processor systems. SMP support is built into the operating system and is turned on with a license disk.

Agencies wanting to integrate UNIX into their environments need look no farther than SCO. OpenServer and UnixWare integrate completely into existing NT domains and NetWare networks. SCO purchased UnixWare from Novell with a complete implementation of NDS.

SCO offers a free system license to allow new users to become familiar with UNIX with little cost. OpenServer is available to anyone who wants to use it for educational and noncommercial purposes. OpenServer is available on CD-ROM from SCO for $19 plus shipping costs. UnixWare is promised for the near future under the same licensing terms. This is an ideal means for administrators to examine UNIX hands-on without depleting the department budget.

Corner-office management must encourage their network administrators to buy technology for the good of the enterprise. Evaluate products by merit rather than advertising hype. The next time a marketing rep puts on a dog-and-pony show, transform yourself into Sergeant Joe Friday: "Just the facts, ma'am."

Bruce Gavin is a Novell CNE. You can reach him at < > or < >.