CrossNodes Briefing: Is Your Network Directory-Enabled?

By Gerald Williams | Oct 8, 2001 | Print this Page
http://www.enterprisenetworkingplanet.com/netos/article.php/899201/CrossNodes-Briefing--Is-Your-Network-DirectoryEnabled.htm

Servers and networks strain to provide the flexibility and power users demand. The advent of the Internet, the need for increased processing cycles, and the growth of workers that operate out of their home or use wireless connections redefine networks. At the same time, the need to track and support customers and suppliers threatens the capacity of the networks. Directory-enabled networking, with its emphasis on establishing intelligent network configuration, performance tracking, and user tools across a distributed format, offers the promise of a scalable, flexible, and controllable solution.

Directory-enabled networking operates on a simple premise. Every network entity, including servers, routers, workstations, peripherals, applications, and users, carries a definition that tells the server what the device is or who the user is. In addition, the definition carries information about other the devices capabilities, security-access levels, and other information. The definitions are stored in a secure database and shared with other servers. In theory, a user logs onto a server, and the server configures services and devices appropriate to that user across domains.

Current implementations of directory-enabled network services favor the Common Interface Model (CIM), which is designed to allow a device to publish information about that device. Several vendors implement support for CIM through XML using Directory Services Markup Language (DSML). This language uses XML to query the name, address, and security level of each user and device. In addition, it allows the server to identify what services they require, the applications they need along with any other devices needed to execute those applications, and other pertinent information from the directory database.

Although the concept seems simple, implementing directory-enabled networking requires a new vision. Several vendors, led by Microsoft and Cisco, offer support for the concepts. However, as this technology emerges, changes will occur and standards will evolve. Companies that adopt directory-enabled networking need to invest time and money to make it run efficiently, but the concept is gaining popularity. Network and IT managers, in spite of the risks, will need to learn about directory-enabled networking to keep their infrastructures current and competitive.

Key Concepts
Like any technology, directory-enabled networking comes with its own vocabulary. Some of the major concepts follow:

  • Directory Access Protocol (DAP)/Lightweight Directory Access Protocol (LDAP): These protocols control the way data is transmitted between the servers, users, and network devices. The protocol specification continues to grow to support cross-domain communications and enhanced information sharing with the CIM.
  • Management tools: Directory-enabled networking seeks to support all network management functions as though the network was a single system. Network managers will need a full array of tools to coordinate directory activities, generate reports, establish policies, and monitor performance. Vendors promise to provide a single user interface to facilitate these functions.
  • Global catalog: In Microsoft Windows 2000 networks, the global catalog consolidates directories from multiple domains. This allows users to query the directory and obtain information (to the level they are authorized) on the network devices, available applications, and other users and business functions.
  • Automated software delivery: Directory-enabled networks allow managers to automatically distribute applications to users when they attach to a server. The applications can be sent to a specific user or class of user. This helps managers maintain consistent application software versions across the enterprise, and it eliminates a time-consuming task.
  • Delegated/remote management: Network managers can expand the rights of specific users in an organization and grant those users the right to alter a set of resources and applications. This shifts some of the responsibility for maintaining each group's configuration and provides flexibility for the users.
  • Replication: The directory must be synchronized across several servers and. in some cases, several domains. It is important, therefore, that the directory database have the capability to communicate with other servers and to duplicate information.

Security Concerns
A directory-enabled network centers transactions on the directory. A corrupt directory can cause serious disruptions, so network managers must take steps to protect it. This requires full security. Microsoft's definition of directory-enabled networking includes support for authentication schemes, including hardware authentication, smart card recognition, and public key infrastructures. Security should be a key concern for IT and network managers. The presence of the directory database on each server represents a potentially rich source of data for any unauthorized user. Therefore, the information must be preserved and protected.

Next Steps
Some companies must consider directory-enabled networking now. The demands of e-commerce and the integration of supplier and buyer networks require the new technology. Many companies, however, view directory-enable networking as a future issue.

If network managers want to investigate the technology, they need to determine the types of network operating systems and identify the capabilities of all devices on the network to determine if upgrades are needed. Managers also must ensure that all the platforms supported within the network support directory-enabled networking. Finally, the network manager must estimate the cost of adapting legacy systems and software to operate correctly in a directory-enabled environment.

--
Gerald Williams serves as director of quality assurance for dolphin inc., a software development company. williams has extensive background in technology and testing, previously serving as editorial director with national software testing labs (nstl), executive editor with datapro research, and managing editor of datapro's pc communications reference service.