Novell's NetWare 5: An Elegant Interoperability Solution

AberdeenGroup

September 14, 1998

The battle for mind-share in the Operating Systems market - especially between Unix and NT Server - is overshadowing and confusing a concurrent debate about the choice of a Network Operating System (NOS). Contrary to the inaccurate belief that the "NOS is dead," the massive move toward network computing is increasing the role NOSes play in the enterprise. In this Product Viewpoint, Aberdeen analyzes why Novell's recently released NetWare 5 provides NOS unique functionality IS executives truly need for optimizing their networks.

Executive Summary

The September 1998 introduction of NetWare 5 provides IS executives with the opportunity to significantly improve the way they manage their numerous and heterogeneous network components. Novell's Directory Services (NDS) is the unique technology that advances NetWare 5 beyond being merely a superior network operating system for file and print services. Any enterprise executive wanting to harness the power of the `net - Inter-, Intra-, Virtual or Private - for competitive advantage cannot do so without a powerful directory to manage all the connections. In Aberdeen's opinion, NDS is the most powerful directory available today.

Very importantly, according to beta users interviewed by Aberdeen, there is a measurable return on investment from using NetWare 5 in conjunction with Microsoft's NT 4.0 - where NT is the application operating system and NetWare 5 the network operating system. To them, NetWare 5 significantly improves the manageability and security of a mixed network environment.

Novell's NetWare product line is time-proven and embodies enterprise-quality technology. NetWare operates effectively in both all NetWare environments and across heterogeneous operating system (Unix, OS/390, NetWare and NT) environments. By identifying its own strengths and the leading operating systems' weaknesses - NT, Unix, and OS/390 - Novell has created a network operating system platform that can seamlessly integrate technology components and applications supplied by numerous, different vendors. NetWare 5's interoperability capabilities contain the functionality to allow IS executives to deploy, maintain, and upgrade best-in-their-industry information infrastructures. The supreme benefit to implementing NetWare 5 is that it will significantly lessen enterprise executives' - both business and IS - fears that their network will be a business's point of failure.

Based on both our review of NetWare 5 and IS decision makers as-of-yet-unmet requirements, Aberdeen finds enough benefits to recommend it in a number of situations:

Network Operating Systems Are Key To Business Success

Executives - both those responsible for daily business processes and technical support - need to understand the role that a NOS currently plays in enterprise-level, distributed computing environments. Once centered solely on file and print services, network operating systems must now seamlessly integrate many far-flung components of internal and external networks, in order to provide a full-service, highly manageable solution. Directory services act as the glue that holds together networks by managing numerous network components from one central location staffed by IS professionals.

Many Line of Business (LOB) and senior Information System (IS) executives are facing the choice between keeping their reliable, installed departmental NetWare servers or replacing them with Microsoft's NT Server as their enterprise-wide NOS. However, Aberdeen contends that when the question is asked: "Which one, NetWare or NT Server?" the correct answer is "Yes!" The solution is neither NT Server nor NetWare alone, but NT Server and NetWare operating in conjunction with each other.

NT Server is a well-accepted operating system for small businesses, workgroups and departments for deploying non-mission-critical applications. However, Aberdeen has found that in most instances, NT Server cannot move beyond this isolated role without a NOS to manage a wider-scale deployment.

Rather than wasting unnecessary monies, losing precious time, and countless IS resources trying to implement NT Server as both an application server and network operating system, Aberdeen strongly advises IS decision makers to deploy a more mature NOS that is capable of leveraging NT's strengths and minimizing its weaknesses. While Microsoft's Windows NT Server has won the hearts and minds of many IS managers and LOB executives, the technical realities of NT Server present numerous challenges when it is attempted to be deployed in the role of an enterprise-encompassing network operating system.

NetWare 5 Launched September 1998

Novell has been providing IS organizations with proven NOS solutions for over 15 years. Novell's NetWare 5, released September 1998, includes technology enhancements that further strengthen Novell's ability to meet enterprise-networking requirements. The key to Novell's acceptance and endorsement by enterprise IS executives is its extensive directory-based services within its suite of network operating system products that tie together all network-critical technologies - whether NetWare or NT or Unix or OS/390.

NetWare 5 will be directly compared to Microsoft's NT offering. Aberdeen is concerned that many will compare the functionality being delivered today by NetWare 5 with that promised by Microsoft in its upcoming NT 5.0 release. (Obviously, NT 4.0's directory services are too rudimentary to even be appropriately compared to NetWare 5.) While many of the features planned for NT 5.0 sound similar to those in NetWare 5, it is not realistic or pragmatic to compare and contrast promised future features - especially considering Microsoft's dismal past record in delivering future software when and as promised - with Novell's current deliverable. Unless decision makers want to put significant improvements for their IS infrastructure on hold for the next two years, they need to embrace the reality that NT 5.0, with necessary Service Patches, is at best a mid-year 2000 product. Aberdeen advises IS executives to deal with the planning, deployment, and manageability implications that NetWare 5 is here today and NT 5.0 is at least 2 years out, and get on with life.

From Aberdeen's perspective, Novell and Microsoft are no longer positioned as direct competitors in the NOS arena. The two should be seen as having complementary roles. In most organizations, the solution should not be all NT or all NetWare. Most organizations need both Microsoft and Novell.

Directories Really are Critical

Novell Directory Services (NDS) is central to NetWare 5 - and for that matter to all of Novell's products. This is highly important for IS executives charged with managing their enterprise's network infrastructure, since a solid directory service is key to any organization's ability to manage its internal and external networks.

Enterprise networks are expanding rapidly. This growth includes the number of internal users, devices, applications, and other resources; and external connections to suppliers and customers through public and private networks. As a result, IS managers need the benefits of a comprehensive, mature directory service to securely manage rapidly scaling network-wide information about users, events, data, resources, and status.

In fact, mid- to large-sized enterprises should not give a network operating system serious consideration until it has a strong set of directory services. Note that, by Microsoft's own admission, NT 4.0 does not have this capability and will not until NT 5.0.

Countless interviews with IS managers have convinced Aberdeen of the criticality of a directory service which is extensible, scalable, portable and available.

NetWare 5 Manageability Advantages

NDS in NetWare 5 uses objects to create user and resource profiles. For instance, each user object has information about a person, including access rights, location, and other vital information. Printer objects, for example, have information on location, type, and speed. Anyone on the network - with the proper authority - has access to any other "object" (such as a printer) on the network without having to know where it is located or how it works.

Beyond managing people and devices on the NetWare-based network, various versions of NDS can be used to manage applications on other platforms, including NT Server, SCO Unix, Sun Solaris, and IBM's OS/390. This is a critical feature for organizations seeking wide-scale deployment of NT-based applications, such as Exchange.

Novell has made its directory services a site from which IS can manage all business processes across its networks. The network links developing between enterprises and their business partners, customers, employees and others is slowly becoming a reality for many. However, there is a concurrent rise in the worries about how to manage all these internal and external connections. NetWare 5, the incorporated new version of NDS and the availability of Z.E.N.works (described below), now provides administrators with a viable set of solutions that can interoperate with other management packages being used.

NDS now allows for the selective assignment of administrative privileges rather than an all-or-nothing assignment. For instance, an IS executive may want to grant a specific workgroup-level administrator the right to assign user passwords for access to a financial package without also giving that same administrator access to company's sensitive financial data itself. The NT Server 4.0 directory service does not allow this choice - administrative rights are not granular.

NetWare 5 provides dynamic inheritance. With dynamic inheritance, any changes made in company policy flow down automatically to the appropriate related objects. Note that the alternative to dynamic inheritance is an administrative nightmare. Each change has to be done manually. The changes must then be replicated across the network "all at once" when the main directory copy is resynchronized. Thus, a directory with manual, static inheritance has the ironic impact of slowing down implementation of changes and then increasing network traffic.

In response to the legitimate complaints that NDS was difficult to implement and operate, a more simplified administration and setup front-end has been included. NetWare 5 and its various complementary optional products can now be managed from one workstation, called ConsoleOne, from anywhere on the network.

ConsoleOne is a Java-based GUI management console integrated with NDS. This allows developers to build network management solutions with a common look and feel. ConsoleOne is not a bolted-down workstation - any PC from which the administrator can log-on to can run ConsoleOne, including the NetWare server.

One of the major challenges that face companies that use TCP/IP, regardless of size, is the management of IP addresses. Further upholding its commitment to centralized, directory-based management, Novell has integrated both Dynamic Host Configuration Protocol (DHCP) and Domain Name Server (DNS) management into NDS in NetWare 5. By incorporating these services into NDS, Novell has made DHCP and DNS services fault tolerant.

Table 1: NetWare 5 and NT Server 4.0 Comparisons
Source: AberdeenGroup, September 1998

Z.E.N.works For PC Management

Z.E.N.works (Zero Effort Networking), a function included in NetWare 5, is an automatic network setup and management tool which has captured the imagination of every IS manager who has seen it. It leverages the maturity of NDS by allowing administrators to create and manage images of the desktops on the network. Z.E.N.works allows users to log-on anywhere in the network to get their own desktop loaded on that PC. It provides the ability to heal programs that have some of their required files deleted. It can also be used to inventory PCs on the network and generate reports on the hardware specifications. Moreover, it can automatically upgrade packaged and homegrown applications - including year 2000 updates - from the server.

The simplicity of implementing Z.E.N.works belies the impact this utility can have on the bottom line. Novell's internal studies claim that enterprises can lower their current desktop management costs by up to 32% through the use of Z.E.N.works.

Security That Is Flexible and Practical

Novell has identified and incorporated four security enhancements in NetWare 5 - Novell International Cryptographic Infrastructure (NICI), Secure Authentication Service (SAS), Public Key Infrastructure services (PKIS), and Single Sign-On (SSO) (which will be available in 1999). These improvements offer businesses the ability to easily carry out more complex data processing and transactions with the benefits of directory-based security management.

NICI, an infrastructure that controls encryption levels, is the foundation on which all the new security services in NetWare 5 are built. The underlying functionality of NICI lets application developers bypass cryptographic code in their products.

Built entirely on NICI, Secure Authentication Service (SAS) provides enterprises with highly secure network authentication - secure access between applications and the security database. By supporting multiple authentication methods, SAS provides investment protection and integration capabilities with additional authentication methods.

PKIS is a method of making sure that companies are communicating with other trusted and authorized companies. PKIS is a standards-based technology that uses a trusted certificate authority to verify and sign certificates to validate an identity. Overall, PKIS is considered to be a complex and weighty process that relies on external providers and third party certificate authorities (CAs).

However, Novell has simplified the certificate authentication process by providing NetWare 5 servers the ability to act as an enterprise's own certificate authority. NDS lets a company provide validation to their internal users, shortening the users validation and verification process. Novell initially supports server-side certificates. However, until the client side certificate support is released, NDS with LDAP version 3 support can be used to store the certificates for other third-party servers - Entrust or Netscape certificate servers - right out of the box. Most applications are moving to support the PKIS method of securing business transactions.

Finally, in an effort to simplify user access, reduce application administration cost, and increase productivity, Novell will integrate PKIS with NDS to provide users with single sign-on capabilities. A feature to be made available in early 1999 will ensure that users will not have to sign on more than one time in order to access multiple applications in the NetWare environment. The applications store all of the security information associated with a user's authentication files, user rights and policies.

Another benefit of NDS that companies will be taking advantage of is the single sign-on function. The user "object" contains information about access rights to a range of servers and applications, each of which might have its own unique password and access controls. Administrators will be able to allow users to gain access to authorized servers and applications without requiring them to go through each individual log-on process. This will particularly benefit mobile users - allowing worldwide access to their network from any server on the network without having to authenticate back to the home server.

In comparing the security offerings that are available to enterprises today, Windows NT 4.0 lags far behind NetWare 5. While NT currently offers single sign-on capabilities, it does not support PKIS, and its encryption capabilities are weak at best.

In addition, domain administration security gives anyone that has administrator capabilities full access to any resource in the domain, including applications and client desktops. NetWare's directory-based security supports the ability to assign specific access rights to specific resources.

Scalability and Reliability

The scalability of a NOS is not necessarily directly measurable by support for symmetrical multi-processing (SMP). More important is its level of robustness and efficiency at the kernel level. A poorly designed operating system running on a four-processor system is by no means more scalable than a well-designed operating system running on a single processor.

In the data center, mature mainframe and Unix operating systems scale well - little operating system overhead is needed as processors are added. Doubling the number of processors in a Unix system usually translates into a 1.8 to 1.9 times increase in processing power.

For NT 4.0 Server, moving from 2 to 4 processors leads to no more than a 1.5X to 1.7X increase in processing power. And, NT effectively maxes out at 4 processors, even though some marketing literature states it can go up to 32.

Novell has developed a reliable and scalable kernel for NetWare 5 that is optimized to scale for networking services. Novell's NDS directory allows for much better networking scalability than Microsoft NT 4.0's flat-file, immature directory architecture.

To evaluate Microsoft's Windows NT 4.0's scalability and reliability, Aberdeen has conducted numerous end-user interviews. These studies indicate that Microsoft NT 4.0, when implemented as a NOS, leads to countless reliability issues requiring server reboots due to frequent crashes. Aberdeen has found that scalability is also an issue. While NT 4.0 works fine when deployed in small workgroup or departmental implementations, when deployed in a larger networked environment, the NOS is unable to handle the challenge.

Finally, Novell Storage Services (NSS) in NetWare 5 provides an improved level of storage capabilities that support high availability and clustering capabilities. The benefits of using NSS are enhanced reliability, speed, and infrastructure for distributed file systems. Shattering the existing file limitations for 4GB to 8 TB on NetWare 5, NSS will do 8 ZetaBytes on a 64-bit Merced making it a world-class data storage management utility.

The need to have scalable and reliable NOS technology is critical to any distributed computer environment. However, regardless of the enhanced scalability and reliability features that are included, if the underpinning of the core technology is not built well, the product itself will be the point of failure- despite the additional feature capabilities.

Delivering IP Open Standards

Building solutions on open standards offers businesses investment protection, a higher level of manageability, and greater interoperability with both current and future technologies.

Based on open standards, NetWare 5 can support pure IP-only networks, resulting in a fully connected networked environment with only one protocol to manage. Pure IP is a large improvement from previous versions of NetWare that had to either encapsulate IP packets in IPX or use gateways to translate one to the other - both of which slowed down data transfer.

While Microsoft offers native IP, Aberdeen has found that in most situations Microsoft's IP needs to be supported by additional protocols - such as NetBEUI - to provide full connectivity between various server and client types - even if they are all Windows-based. Multiple protocols can cause management inefficiencies as well as increased network traffic.

The business benefits of pure IP are greater bandwidth availability, faster network performance, more secure data communications, and closer integration between a business's network and the Internet. As network computing increasingly relies on the Internet, the need for more seamless and higher performance interoperability is critical for optimal computing efficiency.

Underlying Future Application Support

Most ISVs have followed the demand curve, and have ported their applications to NT Server. While NetWare can run or launch many applications, the way that applications are currently developed for NetWare is cumbersome. Historically, NetWare has been tuned for network services, just as NT has been tuned as an application server.

However, Novell is jumping on the Java bandwagon. NetWare 5 has a Java Virtual Machine (JVM) inserted in the operating system, allowing developers to more easily create network applications in Java. Offering greater flexibility for programmers, the JVM also supports CORBA object architecture, as well as VBScript-compatible JavaBeans for NetWare, JavaScript, and Perl 5.

At launch, NetWare 5 will have 200 certified NLM applications and 80 Java applications available. Novell is appealing to young Java start-ups - because of the draw of NetWare's huge installed base - with the rationale that it requires less expensive hardware upgrades than Windows NT. As a result, the number of Java Applications written for NetWare 5 is steadily growing.

NetWare 5 now also offers memory protection for applications, which provides applications crash protection. If one application crashes, it will not bring down all of the other applications that are running on that same platform. Finally, Novell has written and tightly integrated the Oracle 8 database with NetWare 5 and NDS.

Corporate Viability of Novell

The combination of unfavorable marketing conditions, a major increase in competition, and a series of disastrous business, management and marketing decisions has done severe damage to Novell's image over the past three years.

Managers will often buy mediocre but key products from a company that is seen as a long-term financial and marketing winner rather than superior products from a company that is behaving like a loser.

Thus, the shoring up of Novell's management team and its balance sheet over the past year has been as important as improving the company's product set. The most recent financial results have been quite positive, and with almost $1 billion in cash on hand - capable of meeting a year's cash flow requirements - Novell's financial health is good and improving. A new management team was put in place 18 months ago, and a new strategy has been in place for a year. How well this team is executing on its new plan will be seen with the roll-out and market acceptance of NetWare 5. But, to date the signals have been very positive.

Conclusions

The health of an enterprise's IT infrastructure is a key factor in determining corporate viability and competitiveness. Increasingly, the Network Operating System is being used as the glue that appends all of networks' disparate technologies. The NOS dictates the potential level of performance, productivity, management efficiency, connectivity, security, scalability, and reliability a network and enterprise can achieve.

Marketing and supplier branding are driving forces behind buying trends in the NOS market, with very little attention being paid to the NOS technology itself. Aberdeen has found that Microsoft NT Server 4.0 has done a satisfactory job functioning as a departmental application server and as a NOS for isolated workgroup environments. But the reality is that it does not live up to its marketing portrayal as the enterprise-wide network operating system IS executives should bet their careers on.

In addition, Aberdeen's end-user research shows that NT 4.0 is just not mature enough to handle the load of large-scale, enterprise computing. Contrary to popular belief, NT is not ready to replace all other NOSs at the enterprise level. In fact, because NT Server does not have a proven track record of being able to function alone without incident, Aberdeen views NT as a child that has potential, but that still needs adult supervision.

As more applications move from just being Java enabled to being Java based, NetWare's underlying superior features will put it back in high demand as an application server.

While Novell's time-proven, enterprise-quality technology functions successfully in an all NetWare environment, it also provides the support and guidance needed to manage and administer NT solutions. NDS, along with additional management components integrated into NDS, has set Novell far ahead of its competition. By identifying its own strengths and the other operating systems' weaknesses, Novell has created a platform that can seamlessly integrate technologies from other vendors, allowing companies to deploy best-of-breed solutions.

Scores of interviews with IS managers by Aberdeen analysts over the past year have shown time and again that the enterprise's key IS professionals want to expand NetWare's role as the enterprise's primary NOS. These same grizzled veterans describe the pressure they are under by their business counterparts to move to NT Server as the NOS.

NetWare 5 is not the universal panacea needed to cure all of the enterprise's networking ills. But, it should play a major role in IT operations over the next several years.

Aberdeen's message to Line of Business managers is quite simple. If your wide-scale implementation of application servers, along with the growing use of networks for business purposes, is to be successful in the long run, it will do so only in a heterogeneous environment. This is a fact of life. It is dysfunctional to think that any one product or firm is capable of meeting all the myriad demands being placed on the IT network infrastructure.

But the key strength of NetWare 5 remains its ability to manage heterogeneous networked technology components. IS buyers can choose the best-of-breed application server, and Novell will integrate with it.

AberdeenGroup, Inc.
One Boston Place
Boston, Massachusetts
02108 USA

Telephone: 617.723.7890
Fax: 617.723.7897
http://www.aberdeen.com/

For further information on AberdeenGroup's products and services please contact us at info@aberdeen.com

Copyright © 1998 Aberdeen Group, Inc., Boston, Massachusetts