Solved

Does this document have merit ?

Posted on 2004-09-16
45
990 Views
Last Modified: 2010-04-19
Items to consider in determining what server upgrade strategy to use at the Oak Lawn Public Library Facility
09/15/2004


Don Hocutt - Network Manager

Since 1994 I have been a Novell Netware Certified Engineer. I have worked with the 3.x, 4.x and 5.x versions of Novell Netware. In most all cases the Netware server functioned as a file server. That is a storage location for data files. The exception was some Netware 4.x servers that hosted an application called Paradigm, which ran on top of Pervasive SQL 7. Paradigm included DOS accounting modules which would run only on Netware servers at the time. In this unique situation Windows NT was NOT an option. In this case the decision to use Netware was application driven.

I am also currently a Microsoft Certified Systems Administrator. I am certified to administer Windows 2000 servers. I have worked with Windows NT servers, Windows 2000 Servers and recently have received MCSE training on the Windows 2003 server products.

When comparing Novell and Microsoft please realize there are two aspects of each vendor’s product to be aware of: The server operating system (OS) and the directory service. Currently Novell offers Netware 6.5 as its server operating system and e-directory as its directory service. Microsoft offers Windows 2003 as its server operating system and Active Directory as its directory service. You can think of the directory service as the software that has control over users, printers, groups, organizational units and all the resources in the Novell tree or Microsoft domain. Often either the server OS or the Directory Service is really the topic when referring to Microsoft or Novell. Also there can be different flavors such as standard and enterprise editions of the product.

During the last few years I have observed the steady decline of market share devoted to Novell Netware products. My involvement with Novell Netware has been diminished.
A large percentage of the customer base has switched to Microsoft NT, Microsoft 2000 and most recently to Microsoft Windows 2003 server systems.  In 1995 Netware’s market share was about 53% versus Microsoft’s 7%. In 2001 Netware had dropped to 12% and
Microsoft had rose above 50%. At one time Novell Netware enjoyed an 80% market share.

The lost of market share by Novell has little to do with the technical aspects of its operating systems which are superior in some specific environments. However, superior marketing and easy integration with the dominant workstation platforms such as Windows 98, Windows 2000, and Windows XP has given Microsoft Windows servers a big advantage in small, medium and even very large sized businesses. Many consulting companies have been hired to recommend corporate wide networking strategies and have selected Microsoft Windows servers and Microsoft Active Directory to host file storage and business applications. They ask the question - Why buy two operating systems? Netware server and Microsoft workstations some times are at odds and don’t work well together, although most of the technical issues have been resolved. This often requires the staff to be trained in two distinctly different systems which offer no real advantages to the corporate mission. Programmers that develop applications find it more economical to develop for only one operating system. Often a company buys or converts to one homogeneous server/client system, and thus Microsoft has gained huge popularity. Never the less, some businesses and municipalities did convert to Novell Netware because of frustration with Windows NT which used a flat directory service design. Setting up multiple domains in large organizations with Windows NT was ridiculously complex. The new Windows 2000/2003 Active Directory has come a long way in closing the advantage Novell had in large systems. The Oak Lawn Library has little, if zero need for multiple trees or domains so the question of who supports very large environments better is somewhat moot.

I want to point out that the current Novell Netware upgrade is 6.5. This will be the last operating system customers can purchase under that brand name. However, by late December, 2004 Novell 7.0, called Open Enterprise Server (OES) an entirely new operating system based on the Netware or Linux kernel will be released. Netware will not be sold in 2005. This will be a radical departure from the Netware that has been an industry staple for 20 plus years. Novell’s strategy is to compete with Microsoft at the server level as well as the workstation level by supporting both Microsoft and Linux based workstations. Novell’s latest move to embrace Linux will hopefully in Novell’s view help increase the chances that customers will transition toward the company’s Linux products rather than jump ship to Microsoft. Linux is growing in popularity. The question is will Novell succeed in its new strategy? Industry experts will say that is an open question. Using judgments and comparisons done with previous versions of Novell and Microsoft operating systems does not necessarily prepare one for predicting which operating system will be the right choice for the future.

Let’s look at what services the Oak Lawn Public Library needs from its servers and directory services.


OLPL Current Configuration

Our legacy servers are two Novell Netware 5.1 mini tower servers. They provide most of the file storage for our staff. They also provide the directory service called NDS. OLPL users login and are authenticated as valid users by the Novell Netware tree. The servers do little else than provide authentication, file security and file storage. They do NOT host any applications at this time. The second Novell Netware server prior to my arrival had been relegated to providing only a few print queues that aren’t being used any longer. I had it down for a week and no one noticed.

The hosting of the three vital library applications are left to two Microsoft Windows 2000 rack mounted servers. The IMAIL (e-mail) server and the WEB server are hosted by a Microsoft Windows 2000 server and the SAM server is also hosted by a Microsoft Windows 2000 server. These servers are considered stand-alone for they are not members of a Windows domain.

The prior network manager tried to upgrade the Novell Netware server hardware by purchasing two new DELL rack mounted servers. However, the Dell servers were designed to operate only with Novell Netware 6.5 and later software or Windows 2000/2003. So here we’re faced with two issues. Novell Netware 5.1 is going to be obsolete in the future and we have two new DELL servers we can’t load Netware 5.1 on anyway. As a practical matter the two Dell servers in question are currently running Windows 2003 server software in a test status. We are running a Microsoft Active Directory (oaklawnlib.local) domain and have verified the two newer DELL servers are in excellent operating condition. One Dell server is a RAID 5 configuration and the other Dell server is a RAID 1 configuration.

In my estimation we are basically a Microsoft Windows shop with one Novell Netware File server. One might ask the question:  Do we convert to a Novell/Linux open source environment or do we upgrade to Windows 2003?

New Microsoft licensing requirements have angered many Microsoft customers and encouraged them to look for alternatives. However, as an academic institution, the up grade is very reasonable. A study by The Yankee Group shows the cost of migrating from Windows to Linux is three to four times as much as upgrading from one Windows version to another.



What is the next step?
 
Do we purchase the most recent Novell OES server software and user license or do we purchase the most recent Microsoft Windows server software and user license?

Of course, Unix is an available option but at this time it is not being considered for a number of reasons.


Of course one might say “figure out the technical merits of each and pick the best one”.
That is easier said than done. Go to any technical web site and ask that question and it makes the recent political conventions look tame in comparison. Both systems work and work well. However, it comes down to cost, corporate culture, training, and what legacy systems and applications are currently being used to determine what system is selected.
 

Let’s examine these factors at the Oak Lawn Public Library


Network Operating System Performance and Stability:

Yes we are using Netware for file storage. But that can be done just as easily and efficiently with Windows. Why? Because we do NOT put high performance, heavy stress loads on our file storage system. So no matter what technical performance measurements one vendor might argue for their system the point is moot in our environment. Besides the heavier loads incurred at the library are already running on Microsoft based servers. It is my judgment that both Novell and Microsoft can well support the file server functionality required at the library.


Stability and Reliability:

Novell Netware has a great reputation for never having to fiddle with its servers. They are always up and continue to run. This was a disadvantage for Microsoft in the Windows NT days. However with Windows 2000 and Windows 2003 that issue is not a concern.
Our most vital servers are already running Windows with reliable results.

Both Novell and Microsoft directory services have redundant server capability in the operating system and directory services design. If one server fails the other server is available to authenticate users and provide services. This is done thru replication where objects are copied to the other servers automatically.


Security:

Security has been in the news and Microsoft has been hit hard. One might argue that Novell is more secure by far. However, our most vulnerable servers, the ones the public have access to (in a limited fashion) are already running on Microsoft servers. If our routers and firewalls are configured properly, anti-virus, anti-spy ware is installed and Microsoft upgrades are applied this issue is mitigated greatly.

User Login Interface:

Currently each work station has a Novell Client loaded on the Microsoft based workstation to allow the user to find and authenticate to the Novell tree. In a Microsoft domain this client is a native Microsoft client and presumably would offer a more reliable connection. The user would log in to a Microsoft domain much the same way they log in to a Novell tree. The user login interface change is extremely minimal.
 

Directory Service:

The Novell Netware 6.5 or Novell OES uses, like Microsoft 2003, an X.500 LDAP based directory service. Novell Netware engineers would argue that Netware has the superior directory service and Microsoft Windows engineers would argue the new Windows Active Directory has leaped beyond Netware. Early on when Microsoft was making inroads to the dominance of Netware, Windows NT the new guy on the block had some neat features that Netware did not have. It also lacked several important features that a more mature Netware had incorporated into its design. In its next release Netware added improved features similar to Microsoft and Microsoft in its next release added improved features similar to Netware. A never ending battle of one-up-man ship, however, for what the library needs in its environment the question is of little importance, both directories easily provide what is required now and in the foreseeable future.

Scalability:

One of the touted advantages with Netware 6.5 and above it its e-directory. When used in a very large infrastructure it promises to be superior to Windows Active Directory. Even if that is in fact the case we do not have a large infrastructure environment.

Advantages of open source:

Novell OES has moved decisively in this direction. It helps the system be more flexible and works easier with other systems. Novell is counting on the open source, Linux strategy for its very survival. Recently I went to a major book store in Orland Park, Illinois to purchase a Novell Netware book. While there seemingly was every computer book under the sun there, no Novell Netware books were on the shelf. I believe Linux and open source are emerging as the major challengers to Microsoft dominance.


Microsoft Software for the most part runs only on Microsoft systems.


Support and Training of Staff:

Here Windows has a huge advantage. Technical support staff must know a great deal about Windows systems. There is a much easier learning curve to gain knowledge about the latest Microsoft Windows servers and directory services. On the other hand, the local community college does not offer any current Novell Netware training. The only training available for Novell is via expensive private firms or a few junior colleges at great distance. A few Linux classes are being offered and are growing in popularity.

Training for OES might be delayed until spring of 2005. If OES is selected I will most definitely need OES training on the newer Novell directory services. In contrast, Moraine Valley Community College currently offers an extensive Microsoft Windows 2003 training series that last for 22 weeks at approximately $4,000 per student. I have only 6 weeks to go in that series which has already been paid for. My two colleagues, Joe Voves and Jill DeRobertis have both mention they would select Microsoft if given a vote since they have much more experience with the Windows environment.

The upgrade:

If we moved to a Windows Active Directory each staff work station would be reconfigured to use the Microsoft client instead of the Novell client. The change would be mostly in appearance to the user. Since a plan is in the works to change all workstations to DHCP (automatic) IP addressing this change could be done at the same time.

Included with any upgrade would be comprehensive review of user logins, groups, folders, files, and rights and permissions to those files. Right now file security is not exactly where we would want it. That work is still on-going.

The cross over to Active Directory can be achieved without any significant library trauma. The upgrade to Netware OES might be more problematic in that we don’t quite know the steps we would have to take at this time. Please rest assured we would do our up most to make it painless as possible in either case.



Licensing Cost:

The purchase of 100 user licensing and for Netware 6.5 or (OES) server is: approximately $4,700.00 for non-profit entities.

The purchase of 100 user licensing and for Windows 2003 server is: $7.00 per user cal or approximately $800.00 for academic institutions.
9/15/2004

Staff Bias:

Admittedly I am more comfortable working with Windows 2003 Active Directory. I am not trained or familiar with Novell Netware 6.5 or Open Enterprise Server (OES). However as a computer technology professional I welcome the opportunity to be trained in Novell’s new server OS and what changes have been made from NDS to e-directory.
I hope my evaluation of the merits of choosing one system over the other was not bias one way or the other. In fact a comprehensive study by an outside organization might be warranted if we were a large multi-domain, multi-tree enterprise. However we are not and the most graceful path to follow is to incorporate our current Windows 2000 production servers with our Windows 2003 test servers and function as a Windows Active Directory shop.

To select Novell’s OES is not simply a server upgrade but a completely new direction to move in. Perhaps it offers more open sourced technology innovation but at greater cost, effort, and peril to the library. Do we want to be on the cutting edge of Novell’s new open source strategy? I do not think there is a compelling argument to do so right now. Perhaps in the future with more training and new Library requirements to meet we might be moved to take another look at a more mature Novell OES system.




 
















0
Comment
Question by:dorgunr
  • 16
  • 9
  • 6
  • +5
45 Comments
 
LVL 18

Expert Comment

by:exx1976
ID: 12076819
Wow, my head hurts.  Ok, so what was the question again??
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
ID: 12078260
"Since 1994 I have been a Novell Netware Certified Engineer."

Technically, this was a "Novell Certified NetWare Engineer"

"When comparing Novell and Microsoft please realize there are two aspects of each vendor’s product to be aware of: The server operating system (OS) and the directory service."

I DISagree with that statement. With Novell's products, the NOS platform (NetWare) and the Directory Service (eDirectory) are not linked in the same way as M$ W2K and AD. AD is ONLY available on the W2K/W2K3 platform. eDirectory is available on a multiplicity of platforms, *including* NetWare, W2K/W2K3, Linux (2 flavors), Solaris, AIX, HP-UX, et. al. This is, IMO, an important difference, in that using AD *locks* you into the M$ OS platform. Choosing eDirectory does not lock you into a specific platform; therefore, you retain flexibility to respond to situations and needs down the road, ones you don't know about and can't predict right now.

"....Active Directory as its directory service."

While it is true that AD is *marketed* as a Directory Service, objectively its just the same old tired NT4 Domains. All Redmond added was an extensible schema and transitive-trust relationships (but its still essentially NT4 trust relationships). It is a 2-D namespace, just a 3-D view (kinda like drawing interlocking squares on a piece of paper to simulate a cube). In contrast, eDirectory is an actual Directory Service, from the ground up, with an actual 3-D database and far more data integrity mechanisms than you find in AD ("tombstones" are just plain lame, I can't think of a better word to describe them). AD lacks partitioning, timesync, backlinks, and on-the-fly repair.

"A large percentage of the [Novell] customer base has switched to Microsoft NT, Microsoft 2000 and most recently to Microsoft Windows 2003 server systems."

And a large percentage of them have come to regret the decision, and even reverse it. R.W. Bennett in the UK. Central Michigan Hospitals and Heritage Oaks Bank in the US. And those are just three I can think of offhand. Read Linda Musthaler's column expressing her reflection that it was a poor move to make (http://www.nwfusion.com/columnists/2002/0715musthaler.html). Ask Anheuser-Busch if they'd do their migration over again, after it dragged on for years over schedule and Coors-only-knows how much over budget. Check out Gartner Group's WestCorp Financial case study. If 53% of people jump off a bridge, that makes it a good idea? At one time, IIS hosted 50% of the 'Net's websites - its less then 25% now. What does that tell you?

"Many consulting companies have been hired to recommend corporate wide networking strategies and have selected Microsoft Windows...."

Yeah, they did, because they knew they were practically GUARANTEED a steady stream of callbacks, with the attendant billable hours (and that's the name of the game in consulting: billable hours), to constantly fix, repair, re-install and troubleshoot the environment. You think they recommended that because it was best for the customer? Check out the NWFusion Forum following their moronic "King of the NOS Hill" article - you'll see people in the consulting field quietly admit that they recommended Redmond's dubious warez because they knew it would result in higher hardware sales and more billable hours (http://www.nwfusion.com/cgi-bin/WebX.cgi?230@@.ee6de2a). You want to base your decision on THAT?

"Why buy two operating systems?"

Because a software monoculture is dangerous. Just ask all the companies that had their entire corporate network brought to its knees by a 16-year-old twerp in Germany. Slammer, anyone? Netsky? Phatbot? The litany goes on and on, and they all leveraged the porous, joking nature of Windoze "security" (an oxymoron, like "military intelligence").

And the assertion that "Windoze is most-hacked because its most prevalent" is a fallacy. If that were the case, then Apache webserver, which runs 2/3rds of the websites in the world (Source: Netcraft) would be the most-hacked webserver. But almost all the webserver hacks are on IIS. My Apache logs are littered with IIS hack attempts. NetWare ships with Apache, W2K/W2K3 ships with IIS. That should tell you something.

"The [NetWare v5.1] servers do little else than provide authentication, file security and file storage. They do NOT host any applications at this time."

Hardly an OS limitation. The could easily have hosted an E-Mail system (e.g. NetMail, GroupWise) and a webserver (Netscape Enterprise). There's NOTHING running on the Windoze servers that could not be running on the NetWare servers, in terms of services.

"....the Dell servers were designed to operate only with Novell Netware 6.5 and later ...."

Completely irrelevant to the fact that they could run v5.1 just fine. Unlike Windoze, NetWare is fairly indifferent to the hardware it runs on - it just runs.

"....study by The Yankee Group shows the cost of migrating from Windows to Linux is three to four times as much as upgrading from one Windows version to another."

1) Find out who FUNDED that study. Dollars to doughnuts the M$ marketing folx had a hand. That has been the ONLY way they have gotten any significant favorable studies.

2) All you're looking at is INITIAL cost, not Total Cost of Ownership (TCO). And TCO study after TCO study (Gartner Group, Burton Group, et. al.) - the actual independent ones, not funded by M$ (or Novell) - have consistently shown that Windoze is the highest TCO environment. It consistently consumes more hardware (more capital outlay), has more downtime, and takes more effort to administer. If something costs $1,000 less to buy, but then costs you $5000 more to own, have you saved any money, or have you cost yourself $4000? Like any good crack dealer, Redmond makes their initial, up-front costs low. When they have you hooked, then you pay.

"Yes we are using Netware for file storage. But that can be done just as easily and efficiently with Windows."

Wanna bet? In Windoze, try hiding the existence of a sub-directory from a user who has any access to the parent directory. That is, if you have \\SERVER1\DATA\STUFF and everyone has, say, Read access in that directory, create \\SERVER1\DATA\STUFF\PRIVATE and then try to hide the existence of that directory. Can't do it, because the Windoze filesystem permissions are a crude subset of those in the NetWare environment. Try making the filesystem available to Mac or *NIX clients. Sure, you might not want to do so now, but what about in 2 or 3 years? You can do it with stock NetWare (NFAP). Can't with stock Windoze. Try granting filesystem rights by leveraging your Directory Service structure (for example, in AD, try to grant filesystem rights to \\SERVER1\DATA\STUFF using an OU...or any object other than a User or Group). The only people who think filesystem management is just a easy and efficient in Windoze as it is in NetWare have a static environment that never changes or grows.

"Both Novell and Microsoft directory services have redundant server capability in the operating system and directory services design."

Yeah, right. Try accessing your Windoze user profile when the server its stored on is down. Can't do it - Windoze stores its user profiles in files on a server. Using ZENworks, desktop profiles are stored in eDirectory, and are available as long as the Directory Service is available.

"Security"

You overlook the obvious scenario of a staffer bringing an infected computer inside your firewall and infecting your entire network with the latest Windoze virus that isn't stopped by your scanners yet; or Little Johnny, who has the time to keep up with all the latest Windoze hacks, rootkitting your Windoze servers from his iPaq. M$ has admitted than Windoze is not going to be secure before 2011. How many apps, apps you probably run today, require the user to be logged in as an "Administrator" equivalent to run?

"User Login Interface"

Your discussion completely ignores Native File Access Protocols, which allows the NetWare server to appear as a CIFS server. You also completely ignore the differences in functionality and manageability.

"The Novell Netware 6.5 or Novell OES uses, like Microsoft 2003, an X.500 LDAP based directory service."

That's not true - in EITHER case. First, LDAP is a directory ACCESS protocol, a standardized way to get at information in the directory. It has nothing to do with the structure or implementation of the actual directory service. They are both proprietary databases - altho I continue to say that AD is a "Directory Service" in marketing only. It is true that both environments offer LDAP interfaces.

Anyone who claims any technological superiourity of AD over eDirectory is either a paid M$ shill or has no understanding of the technical issues. AD is nothing but the same old NT4 Domains. Same base technology that they were touting as a UNIX replacement in 1996.

"Scalability"

You ignore the fact that Windoze, no matter the enviroment size, *consistently* takes 2x to 3x as much hardware/time/effort to accomplish the same tasks as an equivalent NetWare environment. Don't believe me? Look at the Gartner Group Westcorp Financial case study. Their Windoze servers cost an average of 2x what the NetWare ones cost, and the cost of managing, servicing and maintaining those Windoze servers averaged almost 3 times as much, annually. You think you'll magically avoid that reality?

"Support and Training of Staff....Here Windows has a huge advantage."

Yes, they do. They have a seemingly endless supply of suckers willing to shell out big bucks for an environment they tout as being so easy and cheap to manage. Well, if its so easy and cheap, why do you need 22 weeks of extensive W2K3 training?

This is possibly the WORST reason to move to W2K3.

"If we moved to a Windows Active Directory each staff work station would be reconfigured to use the Microsoft client instead of the Novell client."

That can already happen, as I pointed out with NFAP.

"Right now file security is not exactly where we would want it."

And you're fooling yourself if you think it'll get better with a switch to W2K3. File security is a crude subset of what you have in NetWare. And you are reduced to Users and Groups as your only security principals - forget leveraging your Directory Service to make your security administration easier.

"The cross over to Active Directory can be achieved without any significant library trauma."

Right. Wait until you need to do your first directory repair, and you have to REBOOT the server into its special "directory repair" mode. In the NDS world, you can do it on the fly, with NO impact the logged-in users. Wait until some staffer leaves under a cloud, and you wisely want to change all the administration passwords - gotta REBOOT every DC so you can change that special "directory repair mode" password, since its not tied to AD.

"The upgrade to Netware OES might be more problematic in that we don’t quite know the steps we would have to take at this time."

Utterly brilliant... "We don't know what we're talking about, but since we've already made up our minds we're not going to bother with research. Facts just get in the way, and are overrated."

"Licensing Cost"

You overlook the fact that you need a SERVER license for each W2K3 server, ON TOP OF each CAL. And then there are the ongoing licensing costs of M$ Licensing 6.0.  

You also seem to be looking at the wrong price sheet. Seems to me, if you are an "academic institution" like you are claiming for the M$ licensing, you should be looking at http://www.novell.com/customers/education/edsales/purchase.html - you can get NetWare, GroupWise and ZENworks ALL for $2/user. And NO per-server licensing costs. Doesn't matter if you have 2 servers or 20, the price is the same.

"Staff Bias"

That's an understatement.

"To select Novell’s OES is not simply a server upgrade but a completely new direction to move in."

WRONG. First, there's NetWare v6.5 out TODAY, and which would be a painless upgrade. Next, OES will offer you a CHOICE (something you're never going to get from Redmond) of using a Linux kernel (the "new direction") OR a NetWare kernel (the same basic technology you're already using). You are grossly inaccurate to cast that choice as a "completely new direction". If you stayed with the NetWare kernel, then all OES will do is change the product name and add the new features.

Novell's products will give you CHOICES - Remond's main goal is to lock you into their platform, their way of doing things.

"....open sourced technology innovation but at greater cost, effort, and peril to the library."

Cripes, what FUD. The Windoze virus of the week is not a "peril"? The higher hardware purchase (capital outlay), maintenance (ongoing costs) and administration (staff time = money) costs of Windoze are not a "greater cost"? The "critical patch of the day" doesn't require a greater "effort"? Seems to me you're VERY selective about your concerns.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 12078332
Wow..  Can anyone say "Novell Employee??
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 34

Expert Comment

by:PsiCop
ID: 12078370
Nope. Never been a Novell employee, I'm not one now. Happily employed elsewhere.

Does your response mean you're a Micro$oft employee?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12078499
And rather than just accusing me of being an employee of Novell and therefore supposedly biased, how about addressing any of the business or technical issues I cited?
0
 
LVL 18

Expert Comment

by:exx1976
ID: 12078671
The reason I didn't (and won't) address any of the technical issues you brought up is because I am not afraid to admit that I know NOTHING about Novell.  The last version I worked with was 4.11.  While it was pretty stable, the commercial software support and interoperability of the Microsoft platforms drove us to complete the migration off of it (we used to be mixed NT4/INW -- NT only for Exchange users).  We are now completely Windows 2000/2003, with Terminal Services, and Exchange Clusters, and lots of other cool stuff that doesn't crash (not that Novell did -- just speaking of the stabliity of the solution I have now).  I have no issues with file permissions, or anything else..  If you don't want a user to see the contents of a directory, then move it and create a new share!  Why is this such a foreign concept to all you Novell guys??  Besides..  Who cares if they can see the directory name?  Aren't the CONTENTS what's important?  And assigning an OU in the ACLs of an object..  Now that's just plain assinine.  Why would you even WANT to do that?  That's the entire purpose of groups..  Besides..  Creating 25 users every Monday by hand REALLY sucked in NW..  Now all I do is import a spreadsheet into a piece of VBS, and it saves me an hour's worth of work.

It really is like comparing apples to oranges, and I refuse to become embroiled in a debate about such.

De gustibus non est disputandem.


-exx

I will give you one thing though -- Active Directry still has some maturing to do.  Yes, Novells NDS is a superior product.  But..  You also have to take a look at how long these two company's respective products have been on the market..  MS - 4 years..  Novell...  I don't know, but I KNOW it's much longer than 4 years..  That's like saying your 13 year old 8th grade kid can do more on my 4 year old kid..  No kidding!!  He's 9 years older!!
0
 
LVL 10

Accepted Solution

by:
DSPoole earned 250 total points
ID: 12078808
" If you don't want a user to see the contents of a directory, then move it and create a new share!  Why is this such a foreign concept to all you Novell guys??  "

because we don't HAVE to move it and create a new share.  We just don't give users the rights to see the folder to begin with!  You've got more work than we do - why is THAT such a foreign concept to you guys who obviously work in Redmond? ;)

"Besides..  Who cares if they can see the directory name?  Aren't the CONTENTS what's important?"

Because curious users are a BAD thing.  And if they see something they will get curious as to what's IN it.  Then internal break-ins happen.  It's called s-e-c-u-r-i-t-y.  Why is that such a foreign concept to you guys in Redmond?

"And assigning an OU in the ACLs of an object..  Now that's just plain assinine.  Why would you even WANT to do that?  That's the entire purpose of groups..  "

It's called f-l-e-x-b-i-l-i-t-y - apparantly another foreign concept.  The idea being that if I want users to automatically have rights to any particular resource without having to maintain a Group list, then I simply assign the .OU rights.  Anyone inside that .OU now has rights.  I don't have to modify the Group object - which of course is a bad thing in AD with static inheritance and all... ;)

"Besides..  Creating 25 users every Monday by hand REALLY sucked in NW..  Now all I do is import a spreadsheet into a piece of VBS, and it saves me an hour's worth of work."

Wow - you really got us there. NOT!  We've got tools like that too.  In fact, with Novell Identity Manager when we create our network users, they are automatically created as users in just about ANY database you can think of.  Which means I can import a data file of my users and have their GroupWise or Exchange accounts created, their AD accounts created, their eDirectory accounts created, their SAP accounts created, their Oracle accounts created, their SQL accounts created, their voicemail accounts created, etc....

But you are ignoring the other obvious limitations of AD, I am curious why you failed to respond to them...

I've posted more items to the limitions of inActiveDirectory (aka NT Domains Part II) below...

"Netware will not be sold in 2005"

Not true.  NetWare 7 is a component of Open Enterprise Server.  As Novell has repeated, NetWare is NOT dead.  I heard that at BrainShare the DAY AFTER they announced OES.

If you think Microsoft has a long life ahead of them, you should have heard what IBM told us at BrainShare 2004:  Windows is dead as far as ANY IBM customer is concerned - they have already migrated 2 MILLION servers off Windows to SuSE Linux and are migrating another 6 million next year.  In addition, ALL IBM customers are being migrated OFF Exchange and on to... wait for it... GroupWise.

"Right. Wait until you need to do your first directory repair, and you have to REBOOT the server into its special "directory repair" mode. In the NDS world, you can do it on the fly, with NO impact the logged-in users."

Actually, with eDirectory 8.x and above, you can do directory repairs on a NetWare system without locking the database, thus not even affecting NON-logged in users who are attempting to log into the network during the repair.

""Paradigm included DOS accounting modules which would run only on Netware servers at the time."

That's bull.  I've got a DOS-based system as well (AMSI) that will work under NetWare 5.1 as well as 4.11 - it's because the Pervasive SQL engine can be made to be backwards compatible with the BTrieve database.  The ONLY underlying factor is the transport protocol.  I've never tried it on pure IP (something Windows 2003 STILL lacks due to the fact it encapsulates NetBIOS in IP still) but I know that it works with IPX.  I'll let you know later this year if I can get an old 1998 database written for BTrieve on a NetWare 4.11 server to work with NetWare 6.5 in pure IP.  I'm betting I can do it.

Other than that - I fully agree with PsiCops assessments.  He especially hit the AD pretty good but missed a few points:

Security Equivilances in AD:  In eDirectory, you can use an OU for handling security (everyone in the .OU=Accounting can use the accounting printer).  In AD, this is not possible, you have to rely on Groups still.  Furthermore, what does this supervisor in this AD Domain have access to:

      .O=ACME
           |
           +.OU=Accounting
           |
           +.OU=Marketing
                    |
                    +.CN=Supervisor

Does he have supervisor rights to just the Marketing OU?

Nope - he's got supervisor rights in the ENTIRE Domain - from .O=ACME all the way down.  So much for setting up local office "admins" that you don't want to have rights up the tree.  Not the case in eDirectory (another reason to use .OU's as ACL placeholders, hint-hint).

Patitioning in AD:  You can, in fact, partition AD, as long as you break up your forest into individual AD Domains.  Meaning that you can't have one Domain and partition it from there based on the OU's within the Domain, you have to create separate Domains - then the old Trust Relationships nightmare is back to haunt you.  Granted, AD creates automatic trusts between parent and child Domains but it does not create trusts between sibling Domains automatically.

Static Inheritance in AD:  Security is still token-based.  Rights are static inherited.  Any changes causes massive replication across the network.  Change those rights and the user has to LOG OUT and then back in to see them.  Not so with eDirectory.

WAN Replication:  Traffic in AD is about 10 times that of eDirectory.  Get's nasty when you have hundreds or thousands of replications happening (such as students logging into the network at a school with multiple campuses across town).

Database Size:  AD database size is about 10 times that of eDirectory - for the SAME INFORMATION.  Increase your hard drive space.

Repair:  a new version of AD is supposed to allow online repair without reboot.  It's not in Win2K3 yet.  Supposedly, however, this version of AD is not compatible with the current version of AD.  This means upgrading AD across the board.

Vulnerabilities:  Firewalls withstanding, many hacks can be made against a Windows server via HTTP (port 80).  That'll pretty much bypass the firewall.

AD LDAP Responses:  WHEN AD responds to LDAP queries (it's pretty damn slow compared to eDirectory) it's usually wrong about 70% of the time.

AD Requirements:  There are 5 MAJOR components to AD, services that MUST be available at all times in order for AD to function properly.  Lose ONE of those services and regardless of whatever other servers you have running, AD is no longer functional.

AD Scalability:  AD can scale to millions of objects.  Big deal.  eDirectory has scaled to over 1.6 BILLION objects in a single tree.  This means that eDirectory is going to have the better performance even in smaller environments.  

"Novell...  I don't know, but I KNOW it's much longer than 4 years..  That's like saying your 13 year old 8th grade kid can do more on my 4 year old kid..  No kidding!!  He's 9 years older!!"

Sorry Charlie, but even at 4 years old, NDS was still more capable than ActiveDirectory is today.  And btw, NDS is not eDirectory - they are different.

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12078964
"If you don't want a user to see the contents of a directory, then move it and create a new share!  Why is this such a foreign concept to all you Novell guys??"

Because that's the system administration equivalent of saying "If someone is stalking you, don't go to the police, just move to another town and change your name."

"Who cares if they can see the directory name?  Aren't the CONTENTS what's important?"

It gives the cracker/malicious user a target. If they don't even know where it is or what its called, its harder to get in.

Your thinking is what gives us the fact that you can't change the administration username in the Windoze environment. There is ALWAYS an account called "Administrator" and it ALWAYS has god-like powers. This means the cracker/malicious user trying to escalate their privs ALWAYS has 1/2 of the keys needed to do that. I can freely change the name of the default administration account in the eDirectory environment; I can even delete it (hopefully I'll be smart enuf to use it to assign privs to another user account before I do that).

"And assigning an OU in the ACLs of an object..  Now that's just plain assinine.  Why would you even WANT to do that?"

You think its asinine because you don't know any better. If I have a Sales OU in my tree, why should I ALSO have to create a Sales Group to assign rights? If I use the Sales OU to assign rights, then any user account in that OU gets the rights. And if Mary transfers from Sales to Accounting, then when I drag-n-drop her account into the Accounting OU, her rights change AUTOMATICALLY. I don't have to delete her from the Sales Group and put her in the Accounting Group. Appropriate rights are derived from her position in the organization.

The problem with Groups is that they fail to leverage the power of the Directory. You go to all this trouble to create this Directory structure that probably mimics your organizational structure, and then you have to go create Groups to do the same job all over again. And you think cutting your work in half by leveraging the Directory is asinine? Better check your logic.

I can't help that you're stuck in last century and don't know about tools like LDIF, UIMPORT and Identity Manager that automate account creation. While it was nice for you to admit you don't know anything about modern NetWare, I find it odd that you should then point to a non-existent problem as a reason not to use it.

Using Identity Manager, I can create an account in eDirectory, and it will ALSO be created in Solaris/NIS and/or Linux/passwd and/or AD, with its password already synched and the appropriate file and/or group permissions set. Try to do that with your W2K3/Ad environment. A spreadsheet and VBS is mickey-mouse.

Facts do not cease to exist because they are ignored.   - Aldous Huxley
0
 
LVL 18

Expert Comment

by:exx1976
ID: 12079032
Look, I already swore I was NOT going to get into this discussion, but I felt compelled to respond to a few of your remarks here.  And no, for the record, I don't work for MS, and I don't live ANYWHERE near Redmond (I'm on the East cost, actually).

"Security Equivilances in AD:  In eDirectory, you can use an OU for handling security (everyone in the .OU=Accounting can use the accounting printer).  In AD, this is not possible, you have to rely on Groups still.  Furthermore, what does this supervisor in this AD Domain have access to:

      .O=ACME
           |
           +.OU=Accounting
           |
           +.OU=Marketing
                    |
                    +.CN=Supervisor

Does he have supervisor rights to just the Marketing OU?

Nope - he's got supervisor rights in the ENTIRE Domain - from .O=ACME all the way down.  So much for setting up local office "admins" that you don't want to have rights up the tree.  Not the case in eDirectory (another reason to use .OU's as ACL placeholders, hint-hint)."

Whaaa??  Where did you get this ludicrous information from??  He has supervisory rights over what I GIVE him!  For all you know, he could just be a regular Luser names "Supervisor".  :-)  If you want local "admins" that you don't want to have rights up the tree, you use DELEGATION, and you give them rights over a SPECIFIC OU.

"Patitioning in AD:  You can, in fact, partition AD, as long as you break up your forest into individual AD Domains.  Meaning that you can't have one Domain and partition it from there based on the OU's within the Domain, you have to create separate Domains - then the old Trust Relationships nightmare is back to haunt you.  Granted, AD creates automatic trusts between parent and child Domains but it does not create trusts between sibling Domains automatically."

You are right, there are no "direct" trust relationships between siblings, but that doesn't mean you can't get there AUTOMATICALLY.  Trusts in 2k/3 forests are transitive, meaning I can get from one domain to any other, within the forest, automatically, with no help from any type of trusts that have to be manually created.

"Static Inheritance in AD:  Security is still token-based.  Rights are static inherited.  Any changes causes massive replication across the network.  Change those rights and the user has to LOG OUT and then back in to see them.  Not so with eDirectory."

Have to log out and back in??  Not since the days of NT4..  Kerberos, anyone??

"AD Requirements:  There are 5 MAJOR components to AD, services that MUST be available at all times in order for AD to function properly.  Lose ONE of those services and regardless of whatever other servers you have running, AD is no longer functional."

I assume that you are speaking of the FSMO roles.  The only domain that requires all 5 is the forest root domain.  Each and every domain after that requires only 3 of them each.  And one of them is not required at all if you make every DC a GC (the infrastructure master).  Certainly you will experience some headaches if one of them is down for an extended period of time, but all you have to do is walk up to a server or RDP into it and use ntdsutil (funny how this is very close to ndsutil) and seize the role if the server dies..  It's not like if you lose one you're totally screwed or something...


I don't know anything about eDirectory, admittedly so.  But like I said, NDS had some definite advantages.  It's just too bad that the software vendors didn't share that point of view.

And, for the final time...

De gustibus non est disputandem.


-exx
0
 
LVL 18

Expert Comment

by:exx1976
ID: 12079099
"It gives the cracker/malicious user a target. If they don't even know where it is or what its called, its harder to get in. "

oh, I see.  So you're a fan of "security through obscurity" then, huh?  Forget making it secure..  We'll just hide it and hope that no one finds it.  Riiiiiiiiiiiiiiiiight.

"Your thinking is what gives us the fact that you can't change the administration username in the Windoze environment. There is ALWAYS an account called "Administrator" and it ALWAYS has god-like powers. This means the cracker/malicious user trying to escalate their privs ALWAYS has 1/2 of the keys needed to do that. I can freely change the name of the default administration account in the eDirectory environment; I can even delete it (hopefully I'll be smart enuf to use it to assign privs to another user account before I do that)."

I don't know where you got this half-assed information, but you DEFINITELY can change the name of the administrator account.  As a matter of fact, it is best practice to change the name of the administrator account to some unobtrusive name, and then to create another account, name it administrator, disable it, and then monitor your event logs for failed authentication attempts.  That way, you know when someone is trying to break into it.

You are not ALWAYS right.  :-)


As for your spiffy little account creating thing, that might all be fine and dandy, but I have no need to do any of that other garbage, so it really doesn't concern me.  I have a pure Microsoft environment (aside from an HP Superdome database server), and as such, VBS has ALL the tools I need to get done whatever I need to get done, and it does it well.

Why not just use a hammer to put in a nail?  Sure, you could drop a piano on it to get the job done, but..  You'd have to hold the nail JUST right, then line the piano up perfectly, make sure that it didn't tilt when you dropped it, try not to hit your finger with it, etc etc...

VBS is the right tool for the job I need to do.  While all those other tools might be the right ones for the job you have to do, that does not make VBS any less useful.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12079212
"I don't know where you got this half-assed information, but you DEFINITELY can change the name of the administrator account. "

Sure, after you change the Security Policy to allow the Administrator account to be renamed.  Yet ANOTHER step forced on you by Windows.

"As for your spiffy little account creating thing, that might all be fine and dandy, but I have no need to do any of that other garbage"

Interesting, his VBS tool to create accounts is a great timesaver.  Yet he belittles the exact same functionality in a tool that is not of his own choosing.  At this point, exx1976 just became a hypocrite.  Calling the tools "garabage" just made him something else.

"Why not just use a hammer to put in a nail?  Sure, you could drop a piano on it to get the job done, but..  You'd have to hold the nail JUST right, then line the piano up perfectly, make sure that it didn't tilt when you dropped it, try not to hit your finger with it, etc etc..."

Exactly - and being that eDirectory is a lot more flexible than AD (as we so rightly pointed out) I bet you can guess who's using the hammer and who's using the piano.

"VBS is the right tool for the job I need to do.  While all those other tools might be the right ones for the job you have to do, that does not make VBS any less useful."

I agree, VBS is very usefull.  Ask anyone who writes viruses for Windows...

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12079260
Damn, DSPoole, ya beat me to the punch.

Yeah, it was rather hypocritical of exx1976 to bash eDirectory's tools just because he doesn't use them.

Also pretty lame not to address the points he was obviously wrong on. I think we've both addressed things he's said, point-by-point, rather than glossing over some.
0
 

Author Comment

by:dorgunr
ID: 12079272

Everyone loses perspective. Can Novell guys admit that if you have a small shop a windows server works just as well. windows administrators are easy to come by but iits hard to find novell admins.

Novell had 80% market share at point ...what happened ??

They let a supposely "lousy" microsoft cream them. what happened ??

Maybe their arrogance got in the way.

As the last chapter of Novell is written and the last box is loaded on the truck they'll still be saying microsoft is a "lousy" system.

Can some one tell me how Novell lost most of its customer base ?
Why it is now embracing Linux to save itself ?

Tx,
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12079347
The trouble, exx1976, is that DSPoole and I have *current* knowledge and experience with eDirectory, NetWare, AD and W2K/W2K3, while all your NetWare/eDirectory bashing comes from information that was out of date 5 YEARS ago.

Out network is primarily based on eDirectory, but we have some AD, and even our resident NT-head is so impressed by Identity Manager that he wants to rip out AD and put in SAMBA and manage it all from eDirectory. We can unify our NetWare, AIX, Solaris and Linux user administration with eDirectory. Again, I challenge you: let's see you do that with AD.

Your problem is you haven't kept up with technology outside of your little bubble. If your bubble is what makes you happy and offers you security, fine, stay there. But don't try to drag others into a comparative management hell just because you don't know what you're missing.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12079488
"Can Novell guys admit that if you have a small shop a windows server works just as well."

Yes, it can work, altho I would disagree that it works "as well" FOR THE MONEY. If your library IT budget is infinite and you don't have any other ratholes to pour the funds down, then yes, its the same all around.

"windows administrators are easy to come by but iits hard to find novell admins.

Have you even TRIED?

"Novell had 80% market share at point ...what happened ??
They let a supposely "lousy" microsoft cream them. what happened ??
Maybe their arrogance got in the way."

Yep, I'd say that's accurate, at least in part. That moron Ray Noorda tried to move Novell past its core competency, networking, and into desktops and applications, and it was a stupid move. No doubt about it.

Ray's been gone for years, tho, and Novell doesn't do desktop applications (aside from network management tools). I don't see that their sins from 1996 are relevant 8 years later.

"As the last chapter of Novell is written and the last box is loaded on the truck they'll still be saying microsoft is a "lousy" system."

Ah, yes, the usual M$ FUD. They've been saying that Novell is "going away" now for what? 9 years? Fact is, Novell is one of the biggest software companies in the world, and their products are in use by 80% of the Fortune 500. One of the biggest eDirectory trees in the world is run by the US Postal Service. Check out the bottom of CNN's website - there's an eDirectory logo. Ford is another large customer.

Yeah, I can see the movers coming in now.... if you believe the M$ rep.... Of course, they're the ones who said that NT was just as stable and secure as UNIX, and now they admit that NT's security is hopelessly broken. So if you believe them, I have a bridge in Brooklyn I'd like to sell you.

"Can some one tell me how Novell lost most of its customer base ?"

In a word: Marketing. For too long, Novell stuck to the idea of marketing to the techies. Because the techies could look at the products, see what would meet the organization's needs better, and propose the solution to management. Ol' Bill knew he couldn't take on Novell via the techies - they'd see thru the bullshit song-n-dance routines. But the techies didn't hold the purse strings. So, quite intelligently, M$ marketed to the executive suite. They bypassed the techies and went straight to upper management. Fed them lines of crap (e.g. "NT is just as secure and stable as UNIX") and got them to mandate platform switches. By freezing technical staff out of the decision-making process, M$ didn't have to worry that they were peddling garbage - PHBs didn't know the difference.

How does the US military end up with some of its boondoggle weapon systems? If it were a group of seasoned gunnery sargeants reviewing new infantry weapons systems, would much BS get past them? Turn the process over to a buncha top brass who haven't been in the bush in 20 years and what do you get? Same thing that M$ took advantage of. Quite clever of them. Pity they didn't put the same effort into their software quality, but why bother when the fools are buying at anyway?

The other thing that Novell failed to do was actively pursue good working relationships with ISVs. M$ did. Altho once they became a monopoly, they didn't hesitate to start using that to threaten ISVs or even crush them (GO Computing, anyone?)

"Why it is now embracing Linux to save itself ?"

I think that's obvious - technology has changed and the company is changing with it. Rather than trying to maintain and continue to abuse a monopoly.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12079561
There are several things I wondered at but they make sense coming from a pro-Microsoft perspective.  You worry about seeming biased, and I think rightly so.

A few points:  

First, I think you have misstated the cost of the products. You now have two NetWare 5.1 licenses, with a number of users each. Since you mentioned 100 users, using that as the target, you should use upgrade pricing, and based on your other comments, I would assume you should use academic pricing.  You would not have to upgrade both sets of user licensing, just one, because the license model changes to per-user-object.  You also do not have to buy another NetWare server license after you get the first one, because the license covers an unlimited number of servers.  That difference in licensing between Windows servers/CALs and NetWare eDirectoru user should be mentioned for fairness - if you want to add more servers, it won't cost anything more than the hardware, unlike Windows.

Second, an ALA e-license at CDW (promo) for 100 users upgrade is a whoppin'  $635 us.  A media set  goes for $11.48.  That's quite a bit less than the $4700 you quoted, which is pricing for charitable organizations.  Since you quoted academic pricing for Windows, you should compare apples-to-apples, unless for some reason the definition differs between the two companies.-

Third, I wonder what type of Windows user CAL you quoted - per seat or per server?  What is the cost of the server license, besides the user CALs - last I checked, Microsoft charges folx for each server they install...

Fourtn, you are now running a NetWare network, not a Windows network.  Your workstations are Windows, but authenticate to NDS, and your production servers are not domain members, so you don't have a Windows network.

Fifth, you have definitely skewed the report towards the preference of the other 2 support folx, and presumably, yourself.  One thing that should be mentioned is that, although it does take more training to support more OSes,  a mixed environment based on NetWare has a lower admin-to-user ratio than does a pure Windows environment, and once the NetWare back-end is set up, most of the time an admin spends is chasing down Windows problems.

Sixth, the study comparing migrating windows to linux vs upgrading windows - how does that have any bearing on anything?  You don't have to migrate squat to Linux.  NetWare has always been and will continue to be the best at multiplatform support, including Windows, and that won't change with OES.  If you WANT to migrate your desktops to Linux, it will be easier if your network remains a NetWare network.

Seventh, as far as I know, the only radical departure from the past in OES, besides the name, is that it will be available on either the NetWare kernel or the Linux kernel.  It will still use eDirectory, it will still have superior filesystem security, it will still be more compatible with any platform you want to use on the desktop, the management tools will be consistent with what has been in use with NetWare 6.5.

Eighth, NetWare training has always been available primarily through the Novell Training partners.  That's not any different than before.  What's new is that you can go to Microsoft training classes at a lot of public institutions.  The number of books on a shelf at a particular bookstore doesn't seem to me to be that valid a measure for choosing continuity over change.  Remember, one of the first Microsoft books to be popular was Windows for Dummies...

Ninth, "Paradigm included DOS accounting modules which would run only on Netware servers at the time."

Not possible.  No DOS module of any sort runs on NetWare.  Perhaps the DOS-based accounting modules (that presumably ran on a Microsoft-OS client PC) would only speak to a Pervasive database housed on a NetWare box using SPX calls.

Therefore, this tidbit is also not germane to the decision to change your infrastructure from a NetWare/NDS network to a Windows network, and also seems biased because it implies that the NetWare platform in general is somehow outdated because the accounting software used DOS modules.

Tenth, "The Novell Netware 6.5 or Novell OES uses, like Microsoft 2003, an X.500 LDAP based directory service."

Correction.
eDirectory IS X.500 based, has been from day one (over 10 years ago), and IS compliant with LDAP v.3.  Natively.

Active Directory is NOT X.500 based.  It is legacy Microsoft Domain based, with some conformance with X.500 spec solely because of the heirarchy of DNS, which was kludged on top of the old domain model to make it seem X.500-based.  It is not LDAP v.3 compliant, hence the wonderful track record of 70% failure rate in LDAP lookups DSPoole mentioned.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 12080749
PsiCop and DSPoole - I am not going to waste any more of my time debating this with either of you.  I have already admitted that my last experience with Novell was on 4.11, and that I know nothing of the current product offerings.  You two, however, somehow feel that even though you are up on the Novell soapbox and obviously know very little about MS's product offerings, you are qualified to speak about them.

I have not glossed over anything, I have chosen the comments which were wrong (such as PsiCop's patently wrong answer about the inability to change the administrator account name, when he himself just admitted that it is possible, but requires modification to the default security policy), and I have responded to them and corrected you.  If I did not respond, it is because I am intelligent enough to realize that I didn't know the correct answer, and that finding it wasn't worth my time to explain it to a close-minded bunch such as yourselves.

As for the garbage remark, you both read it wrong.  Garbage = stuff in that statement.  I have no linux, no solaris, no Novell, no NIS, none of that, so I don't need a piano.  All I need is a hammer.  You can have your piano, and use it to bang in your 10 nails at once.  I only have one nail, and the tool that I have chosen is a PERFECT fit for the job.

As for viruses, of course Microsoft keeps getting attacked.  It's not that it's any less secure than Novell or *nix, it's just that there are infinitely more people trying to attack it, so of course there will be more successes.  After all, who the hell wants to write a virus that will only infect 7% of the server market (Novell)??  Give me a break.  Microsoft is a victim of it's own success, without a doubt, but the fact remains, you guys should stay in your bubble, and I'll stay in mine.  When I need a new job, I'll have more than 7% of companies to go and apply to.

Oh, and by the way..  That was an excellent example, the post office..  Why do you think they run around shooting eachother?  Because they have to support crappy systems that should have been put out of their misery years ago.


ShineOn - Kudos on your response to this question.  It was relevant, you didn't sink to the level that the other two (and now, unfortunately, myself) have, and it was extremely informative.

As for the other two on here, don't even bother resonding, since as soon as I send this, I'm un-subbing to this topic.  I've had enough wasting my time explaining things to deaf ears.


-exx
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12080823
Actually, DSPoole clarified that the Security Policy had to be modified before the Administrator account could be renamed.

The assertion that Windoze is more-hacked because it is more widely deployed is a fallacy. If that were the criteria for determining what gets hacked, then Apache would be the most-hacked webserver, since it runs 3 times as many websites as IIS. But almost all of the hacks are on IIS - my Apache logs are littered with IIS-specific hack attempts.

The reason that M$ products are the most hacked is because Redmond values featureset far above security. They place a similar premium on what one might call "ease of use" - which results in things like W2K Server installing with an FTP server enabled, an SMTP server enabled, all sorta RPC services turned on; tons of things that 90% of the servers out there don't need and shouldn't be running, but M$ turns them all on by default, in order to make it "easy to use". What they did is help give rise to the modern spammer, since all these W2K machines with wide open relays littered the Internet. Now that, 4 years later, Windoze admins have finally figured out they they need to turn all these things off, the ease with which Windoze can be zombied has replaced the never-should-have-been-installed-like-that W2K Server as a spam factory.

Not surprised to see you unsub. Kinda par for the course.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12080828
And I'll remind Dear Reader that exx1976 launched the first attack, with the snide comment questioning my employment and motivation. So if anyone sank to a lower level, it was just to find exx1976.
0
 
LVL 3

Expert Comment

by:kelo501
ID: 12080868
Hey PsiCop,

Who is you target audiance?

If this is for a client or perspective client it may be a bit long.  In addtion, I am not sure what or if you were attempting to lead me in a direction.

Lots of information...  I even learned some stuff about Novell.  Most of my job is migrating clients off Novell X.X.  

Regards,
kelo501
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12081116
Novell is a company.  The product name is NetWare.  Just like Microsoft is a company.  We don't talk about migrating folx off of Microsoft X.X - we call Windows Windows.  And yes, there are many companies migrating off Windows.

Anyway, the argument about security is ridiculous, not because Microsoft's products are no more vulnerable than any other platform, but because they are inherently more vulnerable because of the way Windows was built, which is why it is so difficult for Microsoft to come up with a truly secure system even  though they've been working on it for years.

Talking about market share is fallacious as well.  Market share only shows how many of a thing is being sold, and since it takes more Windows servers to do the job of a single NetWare server, that tosses the putative value of the numbers out the window.  At the time NetWare had 80% market share, there were only Vines and IBM LanMan Server to compete in the same market.  Windows didn't exist.  It's all just blah, blah, blah.  

The concept that preventing a user that HAS NO ACCESS RIGHTS to a subdirectory from seeing that the directory exists is "security through obscurity" is also ridiculous on the face of it.

And I will admit that a 5-user SOHO business doesn't need the power and flexibility of NetWare.  They don't need Windows 2003 server with AD2003 either.  Five Win98 PC's doing peer-to-peer, with a good DSL router/firewall, and Mozilla 1.7 should do all they need.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12081250
kelo501,

My target audience was the Asker of this Question. He posted a draft document, I (and others) have given feedback on the document he posted.

ShineOn, I was ignoring that, to borrow a term, asinine "security thru obscurity" claim. I figgered it was a troll.

I agree that in any environment in which W2K3/AD is considered worth the effort, NetWare can do the job as well, and almost certainly for less investment, as well as a lower TCO and a longer viability envelope (i.e. the length of time the solution remains valuable to the business enterprise).
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12083601
AND less vendor lock-in.  Options are a GOOD thing.  I guess you could say that Novell is a pro-choice company, to borrow a term from politics.  It could be argued in Orwellian terms that Microsoft is also pro-choice, as long as the choice is Microsoft.
0
 
LVL 4

Expert Comment

by:sriwi
ID: 12085361
What is this about ?

my head spins when i see the long reading, although i was attracted to the points. :)

cheers
0
 

Author Comment

by:dorgunr
ID: 12085505
I double checked with my CDW guy and DELL guy
They say Novell does NOT consider a library as an academic institution and the $4700 estimate stands v. the $700 for 100 cals... for Windows 2003 std server.
I have already purchased Windows 2003 STD Server for $106.00 from DELL. The cals were from CDW.

So the facts are we save $4,000 by purchasing Windows in our "particular" case.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12085566
Have you considered talking to NOVELL, instead of CDW or Dell? Michael Dell has Bill G's head so far up his fanny its not funny.

Seriously, pick up the phone, dial 1-800-NETWARE, press  "2" and talk to the pre-sales people. Get the actual info from the horse's mouth. I don't think CDW and Dell are right about this.

Altho if you're really going to go down the W2K3 path, good luck....you'll need it. You may have "saved" some money now (altho I don't think you were getting correct info from Dell/CDW), but you are going to pay far more in the future.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12086694
Also consider that a reseller (especially a big one like CDW) often don't know what they're doing.

CDW was trying to get us to buy licensing we didn't want or need in order to get us into Microsoft's Select program, when we didn't need to, because they were looking at the wrong thing.  We had to go directly to our local Microsoft sales manager to get the right information.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12090344
"Have to log out and back in??  Not since the days of NT4..  Kerberos, anyone??"

Since when has Windows had Kerberos?  It's got a raped version of Kerberos, but it's not Kerberos.  Ask the guy who invented Kerberos.

"As for viruses, of course Microsoft keeps getting attacked.  It's not that it's any less secure than Novell or *nix, it's just that there are infinitely more people trying to attack it, so of course there will be more successes.  After all, who the hell wants to write a virus that will only infect 7% of the server market (Novell)??  Give me a break.  Microsoft is a victim of it's own success, without a doubt, but the fact remains, you guys should stay in your bubble, and I'll stay in mine.  When I need a new job, I'll have more than 7% of companies to go and apply to."

Hmmm... that explains Apache then doesn't it.  I mean, it's got 60% of the marketshare for web servers while IIS has less than 30%.  And being it's the biggest target out there, it's definitely got the most hacks against it, doesn't it?  Wait.  It doesn't.  Even with a greater marketshare, IIS is the most targeted web server for hacks, vulnerabilities, worms and trojans on the market.  So if it's not marketshare, what causes it?  How about:

   BECAUSE IT'S EASY TO.

Sounds like a more plausible arguement to me.  Windows is more hacked because it's easier to hack.

"Oh, and by the way..  That was an excellent example, the post office..  Why do you think they run around shooting eachother?  Because they have to support crappy systems that should have been put out of their misery years ago."

har har - now back up your claim.

"As for the other two on here, don't even bother resonding, since as soon as I send this, I'm un-subbing to this topic.  I've had enough wasting my time explaining things to deaf ears."

Why?  Is there an echo in your office?

"Whaaa??  Where did you get this ludicrous information from??  He has supervisory rights over what I GIVE him!  For all you know, he could just be a regular Luser names "Supervisor".  :-)  If you want local "admins" that you don't want to have rights up the tree, you use DELEGATION, and you give them rights over a SPECIFIC OU."

From within a SINGLE Domain or .OU's broken up across multiple Domains?  If I'm wrong, then I'm wrong.  But it was my understanding that someone with Administrative rights to an .OU within the Domain had full rights to the entire Domain, not just the .OU -

"Have to log out and back in??  Not since the days of NT4..  Kerberos, anyone??"

but you still didn't answer the comment about static inheritance.

"It's just too bad that the software vendors didn't share that point of view."

I'll say this once, so you understand exactly how CUSTOMERS feel about eDirectory:

There are OVER 470 MILLION registered eDirectory nodes in the world.  The ENTIRE country of France has it's own eDirectory tree for EVERY SINGLE ONE OF IT'S CITIZENS, many many many major cities around the world (Los Angeles anyone?) also has a large eDirectory tree for it's population.  The United States Army uses eDirectory to allow a driver to start up the M1A1 Abrams main battle tank.

Screw the vendors - everyone is writing to LDAP these days anyways.

"The purchase of 100 user licensing and for Netware 6.5 or (OES) server is: approximately $4,700.00 for non-profit entities.

The purchase of 100 user licensing and for Windows 2003 server is: $7.00 per user cal or approximately $800.00 for academic institutions."

Whoa nelly, you are comparing Novell LIST prices to Microsoft Academic prices?  NOT FAIR!

I suggest that since you are a library, you should look for Government licensing from Novell instead of List or even Academic.  I believe the cost is about 67% less.

I think Novell posted something on their web site about it:
http://www.novell.com/industries/government/?sourceidint=homepage_announcement1

http://www.novell.com/licensing/subscription/index.html

You can contact Novell at NovellCC@novell.com for pricing under government costs.  Being that you are a library, your city (or county) may already have a Novell Government MLA in place.  If so, you should check with them about getting software thru their MLA pricing.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12102450
Give up, DSPoole. I think dorgunr has made up his mind, he'd rather not be bothered with facts.
0
 

Author Comment

by:dorgunr
ID: 12103745
>>Give up, DSPoole. I think dorgunr has made up his mind, he'd rather not be bothered with facts.

I called 1-888-321-4272 (Novell) and talked with Dave Bennett
we discussed ALA VLA MLA licensing....

The best we could do is around $4,600  (the absolute lowest cost) !!!!
Even if we we upgrade and we are a public library.

Sorry but those are the facts.... BOTH CDW and Novell report similar costs...
If they are wrong then it is just too damn hard to get an accurate quote and no wonder Novell is slipping....
0
 

Author Comment

by:dorgunr
ID: 12103861
He also said that the $635 quote was bogus..the minimum purchased is $5,000 under the ALA (you do get a whole lot of stuff with that....)

He said they would have rejected that price
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12103867
Well, I do appreciate that you did call Novell and gave such specific info. I am surprised by that number, because that does seem high based on what their website says.

One fact that I think you continue to overlook is that you're making a judgement based on initial purchase price. Your TOTAL costs over the next few years are going to higher with Windoze. But I don't think you believe me, or DSPoole, or ShineOn, or Gartner Group, or Burton Group when we say that.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12104342
Read this:

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

So much for Windows "security" having improved.  Now, you can get hacked by opening the wrong .JPG image!  It is a NEW vulnerability that exists NATIVELY with WinXP AND Win2003 server, and gets BACK-PORTED to older versions of Windows if you install MS-Office.

Isn't it grand having an OS that gets "updated" just by installing software?

Yee-ha!  

Have fun gunning down this, and all the vulnerabilities yet to come.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12104411
And I think we've debunked the myth that the only reason Windoze is most-hacked is because its most-prevalent. Fundamental architecture and design choices are the reason its most-hacked and the reason that M$ has admitted it won't be secure prior to 2011.

Its not what I'd want to base a network on for a public-access facility like a library. If I had a physically secure and highly controllable environment, like a military base, OK, fine, Little Johnny isn't going to be getting anywhere near an Ethernet port to hack my network, and if he does, we can always shoot him.

But an open-to-the-public environment like a library where people can come and go in relative anonyminity and where they expect to have a certain measure of unauthenticated access? Hope you and the other two guys have stock in NoDoze.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12104426
Ah, forget it, ShineOn. You can lead a horse to water, and all that....
0
 

Author Comment

by:dorgunr
ID: 12107957
Our padrons are on a different sub-net entirely. different router, firewall, different T1 line to ICN and there is no routing between the patron side and the library staff side.
The patron side had drive shield, fortress and what we call SAM protection ya ya.

all e-mail, web servers are in the DMZ. file servers are only accesible via staff PCs.

I see the day when Bill buys Novell and reams all the good stuff for his own Longhorn plus etc.

By the way I'd be over joyed if they purchase 6.5 / OES and we go Linux.I'd make more money in the long run. I know Microsoft already fairly well.

I modified my report as it was a first drafdt and did put in a lot of what Novell (you guys)had to say. It is their choice not mind.

BEARS WIN PACKERS lose...am I in heaven or what ?????

0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12108048
Is that "latehorn" or "longwait?"

Kinda like what you flatlanders had to go through for the Bears to beat the Packers.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12108065
Oops - forgot my "smiley" - that was tongue-in-cheek :^), not a slam...  
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12123764
"I see the day when Bill buys Novell and reams all the good stuff for his own Longhorn plus etc."

Yeah, THAT'LL NEVER HAPPEN!

Microsoft already tried to purchase the rights to NDS years ago - Novell told them to go stuff it.  Novell has been on a purchasing spree - Ximian, Cambridge, SuSE, SilverStream, etc.  They are NOT about to be bought.  Plus, Novell owns most of it's own stock.

It's like saying "I see the day when IBM buys Microsoft and then guts the company just for the Windows API to include it into OS/2".

I see it more likely that IBM would get into a partnership with Novell than an outright buyout though.

Bears, Packers - you mid Westerners are funny.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12124122
Yah, but you upper-west-coasterners have our old coach up there in Seattle... lotta good it's doing for ya.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 12124603
what?  Are you under the impression we think the Seahawks EVER have a chance?
0
 

Expert Comment

by:FFNM IT
ID: 13968117
Is everyone running Netware so angry? I would have to add the personality thing to the con side!
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13968406
Nah, we have sweet dispositions.  That comes from working with a NOS that lets us sleep at night.  Ask my users.  I'm a really nice guy.

It's when we have to respond to paid Microsoft shills spewing FUD everywhere we turn that we get a bit testy.  I think you would, too.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 13972272
"Is everyone running Netware so angry?"

Where did THAT come from?  
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13992435
*chuckle*

Why do people like you, rmcswain, assume we're angry when we call Redmond on their lies? Does one have to be "angry" to call a liar a liar?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question