Netware vs. NT http://www.data.com/roundups/netware.html Microsoft and Novell are facing off over the future of the enterprise. Billions of dollars are at stake, but the big question for network architects is: Can one NOS do it all? Battle of the giants? Which giants? Microsoft vs. the U.S. government? Microsoft vs. Netscape? Microsoft vs. Sun? Actually, it's the c onfrontation between Microsoft and Novell that network architects should be most concerned about. Call it Netware vs. NT, with the winner walking away with the enterprise NOS market. n Why the big brouhaha? Because NOSs themselves have changed. They're not just about file and print services anymore. These days, they tie together thousands of end-users at hundreds of sites. They're home to the directories that tell net managers who's who, what's what, and where both are hiding. They're the platform for mission-critical, money-making apps. And they're the repository for gigabytes of corporate data. With so much at stake, it's no wonder the twin titans of network software are going at it. If Microsoft wins, it will attain the same dominance in NOSs it now enjoys on the desktop. Novell will be history. "If the general-purpose OS guys [at Microsoft] are better than us, we lose," says Drew Major, chief technologist at Novell Inc. (Orem, Utah), and the inventor of Netware. Battle Cry Get With The Program Ironically enough, most people think that NT has already won. But the battle is just beginning. International Data Corp. (Framingham, Mass.) says Netware is the NOS on 3.7 million servers. Microsoft owns about 2 million platforms, but many are app servers (indeed, NT is pretty much the technology of choice for corporate apps). But this isn't simply a struggle for market share. The real issue that's being so hotly contested is the basic definition of a NOS (network operating system). Netware's strength has always been directory, file, and print services. Application support and integration are Microsoft's domain. Network architects trying to decide if it should be Netware or NT (or both) need to do an enterprise-level evaluation—of today's NOSs and tomorrow's. The dir ectory is the place to start. NDS (Netware Directory Service) is hierarchical, distributed, and object-based. NT Directory Server is a hard-to-scale and harder-to-manage flat-file architecture. Then there are the other directory-related issues. Can it be distributed across the network? How efficiently does it replicate data? How much of a headache is management? What else should corporate networkers look for? Can the NOS run across several CPUs in the same machine, which keeps it from becoming a bottleneck? Can it run native IP (an important issue on today's IP-everywhere enterprise)? What about memory management and file systems? Both affect system-wide performance. What sort of hassles and heartaches face application developers? Finally, what's it all going to cost? The Directory Difference Netware has almost a 10-year lead on Windows NT Server—at least when it comes to its directory, which is being positioned as the key function of an enterprise NOS. Microsoft Corp. (Redmond, Wash.) promises to make everything right with Windows NT version 5.0—originally slated to ship by the middle of the year. But the vendor has an appalling reputation for delivering products late, and some analysts believe NT 5.0 won't ship until the second quarter of 1999. And then Microsoft will have to hammer out the kinks. That helps explain why the Gartner Group (Stamford, Conn.) is advising large corporate customers to wait at least a year after NT 5.0 ships before deploying it. "By the time the bugs in NT 5.0 have been worked out, Netware NDS will have been out for almost a decade," comments Michael Silver, senior research analyst at Gartner. Do the Right Thing All this leaves network architects in a quandary. If they stick with Netware they get lightning-fast file and print services and a proven directory. But will they be able to run the apps they need? Novell says it will use Java to strengthen its applications services in Netware 5.0, slated to ship by the end of the summer, but most observers think Microsoft can't be caught. MORE INFO Making The Move And what if they opt for NT? Well, they'll get proven application performance—after a lengthy, expensive migration (see " Making the Move "). And they'll still have to deal with the NOS's directory deficiencies. Given the situation, it's not surprising that many Business Week 1,000 companies have decided to deploy both network operating systems. According to Novell, 79 percent of Netware sites also run NT. "Our mantra is Netware for file and print; NT for standalone applications," says David Condrey, LAN systems manager at Clemson University (Clemson, S.C.), who oversees a mixed network of 130 NT and Novell servers. MORE INFO Drop-In Directories The biggest drawback to doubling up is dealing with two sets of directories. Fortunately, third-party vendors like Netvision Inc. (Orem, Utah)—as well as Novell itself—are rolling out products that add directory services to NT or establish a superdirectory that operates across both NOSs (see " Drop-In Directories "). Lost and Found Today's enterprise networks are a sprawling jumble of workstations, PCs, printers, and servers. Finding anything in this labyrinth makes the proverbial needle in a haystack look like a no-brainer. That's where network directories come in. Part compass, part address book, they offer a mechanism for locating anything from apps to end-user e-mail a ddresses. Equally important, they let net managers assign resources and applications to end-users' desktops. "Seamless access to network resources is what everyone wants, and the directory becomes the glue that holds everything together," says Dan Blebins, technical analyst for Hallmark Cards Inc. (Kansas City, Mo.), who manages a large network of Netware and NT servers. BUILD YOUR OWN CUSTOM TABLE Table 1: NOSs Now...and Later Novell has put six years effort into NDS, which is based in part on the X.500 spec from the ISO (International Organization for Standardization). The hierarchical directory uses a tree structure to represent the network (except this tree has its roots at the top and branches below). Each end-user and resource is defined as an object, and all objects are stored within the directory's own database (see Table 1 ). Clearcut Timber The directory tree makes it easy for administrators to define relationships between end-users and resources. Branches represent different departments. Different groups within a department are shown as subbranches. The "leaves" represent networked resources—printers, apps, PCs, and so on. The tree structure also simplifies moves and changes. Single end-users or whole groups can be shifted (and access rights granted or removed) by cutting and pasting branches from one part of the tree to another. This can be done from a central console or at any client, using a graphical or text-based interface. The server management utility is strictly character-based. Novell claims that its tree will have no trouble growing to enterprise proportions. It says it has successfully stored 2 million objects (with up to 20 attributes each) in a single NDS directory. That works out to some 40 million pieces of information (name, department, phone, fax, e-mail, and the like). And administrators are free to define their own attributes. What's more, NDS can be distributed, so net managers can partition the directory or place objects in different servers. And since only changes are replicated across the enterprise—rather than the entire directory—less traffic ends up on LAN and WAN links. Novell has some enhancements planned for Netware 5.0, like Web-based management. It also says it will add a so-called catalog that lets end-users stash a piece of NDS locally, so they don't waste time with far-flung servers. The vendor says it takes about three minutes to define a catalog that trims lookup times from several minutes to five seconds. Feeling Flat So how does NT Directory Server stack up? Actually, it falls pretty flat in comparison, storing information about end-users, user groups, resources, and apps in flat files. Data is grouped into domains, which can represent one or more servers. This scheme can be spectacularly hard to administer. For instance, any time end-users need to reach a resource outside their domain, the net manager has to manually set up a "trust relationship" that tells the NOS it's OK to grant the request. That sort of intervention may be acceptable when only a few workgroups are involved, but it means hard labor on the enterprise. Consider a network with 100 NT domains. Enabling every domain to access the resources of every other would mean establishing 9,900 trust relationships. (The number of trust relationships is calculated by multiplying the number of domains by one less than the total, or n [n-1].) Another drawback is that any time an end-user or group is moved from one domain to another, the net manager has to reboot the NOS. Changes can be made from any node running Windows NT or Windows 95. NT Directory Server also stores far less information than NDS: Each directory tops out at 40,000 entries (compared with Novell's 40 million). Administrators who run out of capacity have to shell out for a new server platform and start a new domain. Equally daunting, net managers are limited to Microsoft-defined attributes. If they want to store e-mail addresses, for instance, they're out of luck—unless they buy and deploy Microsoft's Exchange database. This makes administration more arduous and slows end-user searches. This Little Piggy NT is also something of a resource hog. The bigger the directory, the more RAM it consumes. For example, an NT directory with 10,000 attributes would need 256 Mbytes of RAM, which costs roughly $700. In contrast, NDS stores directory data in a proprietary database on the server hard disk. Then there's the little matter of bulk: NT 4.0 Enterprise Edition has ballooned to 30 million lines of code (close to the size of IBM's MVS mainframe OS). At 10 million lines, Netware 4.11 is almost svelte by comparison. NT, in addition, can be difficult to distribute. It's based on a master/slave design, which means a single master is responsible for replicating data across the network. That creates a single point of failure. What's more, each time users or groups are added to the master, the entire directory has to be sent to the servers. And that can waste time and bandwidth. For example, replicating an NT master with 3,000 attributes to 10 servers means shipping 15 Mbytes across the enterprise (Each attribute is represented by 512 bytes of data; 3,000 attributes equals 1.5 Mbytes; 10 servers brings the total to 15 Mbytes). Replicating a 3,000-attribute NDS server, in contrast, only consumes 5 kbytes of network bandwidth, since only one 512-byte directory update has to be sent to 10 servers. The Fix Is In Microsoft's customers and competitors have long pointed to these weaknesses. The vendor insists that Active Directory—the new directory component bundled with N T 5.0—is the answer. But even if Microsoft ships a second beta release of NT 5.0 this summer, critics say it will still take time to get the product ready for the enterprise. "Experience will be the only way they perfect that product," comments Lee Roth, network manager with Southwest Airlines Inc. (Dallas), who oversees 6,000 Netware nodes and 70 Netware servers. So what's new with NT version 5.0? For starters, Microsoft will replace its flat-file directory with an SQL (structured query language) relational database. That will deliver much faster lookups and boost the number of stored attributes. Microsoft has tested its first beta version with 1.1 million attributes but believes it may be able to scale to more than 10 million (which is still only a quarter of NDS's capacity). The basic domain architecture remains in place, but Microsoft has added what it calls transitive trust relationships. Essentially, this technique reduces administrative overhead by allowing a domain to inherit tru st relationships that have been defined for another domain. Think of a network with three domains. Trust relationships have already been established between domains A and B and between A and C—but not between B and C. Now the administrator wants to enable users in A to access a network printer in C. With NT 4.0, that meant defining a new trust relationship between the two domains. But NT 5.0 automatically allows access between the two domains by virtue of the existing trust relationships. In other words, if A knows B, and B knows C, then A automatically knows C. The mechanism Microsoft will use to make all this work is Kerberos, an authentication service developed by the Massachusetts Institute of Technology (MIT, Cambridge, Mass.) (see "Internet Security: How Much is Enough?" April 1996; http://www.data.com/Roundups/How_Much_is_Enough.html ). Active Directory also improves NT's replication facilities. For starters it replaces the master/slav e design with a genuinely distributed model called multimaster replication—basically, a peer-to-peer structure. This eliminates NT 4.0's single point of failure. It also allows users to be moved from one domain to another without rebooting the server. And it will speed updates and save bandwidth, since only changes are passed between directories. Keeping Watch It's not just the structure of the directory that's important; management also is key. Basically, Netware NDS has two graphical tools for this task. NWadmin is used for day-to-day chores, like making changes to users, servers, and resources. NDS Manager is used for metatasks, like setting the time and frequency that one directory updates others. It also is employed to partition directories and determine if they are working. As mentioned, Novell is adding Console One to Netware 5.0, a Java-based version of NWadmin that runs from any Web browser. NT 4.0 Enterprise Edition boasts no less than 14 graphical management utilities . That sounds very impressive, but since different tools are used for different tasks, it means that net managers have to toggle between utilities to add and delete end-users and modify access rights. Microsoft plans to consolidate its management tools under its Management Console. That's a good move, since Active Directory has 20 graphical utilities. The new framework also allows them to be accessed from the vendor's Internet Explorer Web browser. Be Fruitful and Multiply Finding an enterprise NOS means picking one that won't be overwhelmed by the huge amount of tasks and traffic it has to contend with. To keep their products from becoming bottlenecks, both Novell and Microsoft wrote their software so it can run across multiple processors in the same server. Netware 4.11 can run on up to eight CPUs, but net managers have to buy and install an extra piece of code to enable this facility. But doing so doesn't mean the NOS will execute eight times as fast. For starters, many applications—including file and print services—aren't written to take advantage of SMP (symmetrical multiprocessing). (Database and transaction-intensive apps are typically written with SMP in mind.) Further, performance increases tend to level off as CPUs are added. Last time Data Communications tested the SMP capabilities of these NOSs, Netware had problems scaling to eight CPUs (see "SMP: Expect the Unexpected," March 21, 1996; http://www.data.com/Lab_Tests/Expect_the_Unexpected.html ). Novell itself is aware of the problem. SMP was "an afterthought" to Netware 4.11, says Michael Wilkinson, product manager for Netware 5.0. The trouble can be traced to interprocessor scheduling. As more CPUs are added, different portions of each task have to be allocated to different processors. Netware 4.11 "scheduled without intelligence," comments Wilkinson. The result is that tasks were divvied up and processed inefficiently. Wilkinson says that Netware 5.0 addresses this problem by "adding a layer of intelligence." When a request comes, he explains, the NOS assesses how long it will take to run and then assigns it to a specific processor. Scheduling tasks this way increases efficiency and performance. According to Wilkinson, in-house benchmarks of Netware 5.0 with an Oracle database show "98.2 percent on the second processor, 95.3 percent on the third, and 83.2 percent on the fourth. Under Netware 4.11 it was much, much worse." And what about Microsoft? "NT has been architected from Day 1 to support up to 32 processors," says Mark Hassal, product manager for Windows NT. And the vendor says that NT 5.0 will boast the same capability. But that claim is difficult to substantiate given NT's poor showing in the Data Comm Lab Test. To be fair, some of its lackluster performance may have been the fault of the app it was tested with, an Oracle database. But those who know the NOS argue that the fault also lies with the software. "Eight-pro cessor systems push the limits of NT 4.0 scalability," says Phil Auberg, director of product marketing for Windows NT systems software at Digital Equipment Corp. (DEC, Maynard, Mass.). What's Microsoft's take on the situation? It argues that NT 4.0 and 5.0 have no trouble scaling to 32 processors—as long as they're running on special servers from Sequent Computer Systems Inc. (Beaverton, Ore.) and Unisys Corp. (Blue Bell, Pa.). Net managers considering NT need to factor in the price of this custom hardware. Sequent's low-end four-processor SMP server, for example, starts at $100,000. Going Native Now that network architects are seeing IP everywhere, an enterprise NOS has to be able to handle the protocol—preferably in its pure form. That's a problem for Netware 4.11, which encapsulates TCP/IP packets into IPX/SPX (or what the vendor calls Netware IP). And that translates into two problems for net managers. First, encapsulation slows things down. Second, NetwareIP relies on Novell's proprietary routing protocols—RIP (Routing Information Protocol) and SAP (Service Advertising Protocol). Both are big talkers—using broadcasts to identify servers, resources, and routes—and those broadcasts eat up valuable bandwidth. Novell estimates that SAP broadcasts on a corporate net can consume half the throughput of a 56-kbit/s line. To alleviate the trouble, Novell plans to offer native TCP/IP in Netware 5.0 It also will replace RIP and SAP with SLP (service location protocol), an IETF (Internet Engineering Task Force) standard for directing IP traffic. It believes that SLP will cut overhead in half. Microsoft, in contrast, offers IP as a native protocol of NT 4.0—along with IPX/SPX and Netbeui (the vendor's LAN protocol). The same choices will be offered with NT 5.0. Running native IP may help performance, but it introduces a new headache: managing IP addresses. This can turn into a full-time job on the enterprise, since each IP address has to be manually configured at the desktop and stored in a DNS (domain name server) director. DNS is an IETF spec that details how IP addresses are mapped to end-user names and other attributes. NOS: The Next Generation In order to take the agony out of IP, both vendors are adding IP management facilities to their next-generation NOSs. For starters, Microsoft plans to bring NT 5.0 up to spec with DNS. NT 4.0 deployed Windows Internet Naming Service (WINS), a proprietary product that can't communicate with DNS directories. It's also implementing dynamic DNS (another IETF spec), which allows updates to one DNS directory to be automatically replicated to all the other DNS directories on the network. The catch here is that dynamic DNS is a real bear to set up (an ironic drawback for a labor-saving device): The administrator has to manually program the dynamic DNS server so that it knows about all the services and resources on the enterprise. Microsoft also says it will implement yet another I ETF spec in NT 5.0: DHCP (dynamic host configuration protocol). That will enable its NOS to automatically issue new IP addresses to clients as they connect to the network. Thus, IP addresses can be recycled and moves, adds, and changes are much easier to deal with. When an end-user with a static IP address moves to a new location, the net manager has to manually issue a new IP address and delete the old one. Novell also plans to integrate DNS into Netware 5.0, along with DHCP. Thanks for the Memory Network architects on the hunt for an enterprise NOS can't afford to forget about memory. Virtual memory management has been built into the NT kernel since version 4.0. This mechanism allows apps that need additional RAM to use hard disk instead, increasing system reliability and reducing server crashes. Unfortunately, it also tends to increase the number of reads to the disk drive, which can take a toll on hardware. Novell is adding virtual memory management to its Netware 5.0 ker nel. It's also building in memory protection, which assigns blocks of memory to each app. Thus, applications won't contend for resources, a problem that can bring the server down. "This is the most critical piece that was missing from Netware," says Clemson's Condrey. "In the past, an application crash on a Netware server could take down the entire file server." Microsoft has no plans to add memory protection to its kernel. There's another memory issue that needs to be addressed (pardon the pun): memory subsystems. Vendors also refer to these as file systems. No matter what they're called, they play a critical role, affecting application performance and governing the size of the files a NOS can contend with. NT 4.0 has a 4-Gbyte file system and a memory-tuning utility that lets net managers assign up to 3 Gbytes to their apps, thus boosting the performance of memory-intensive applications. In fact, Microsoft claims that this feature alone can increase the speed of some apps b y as much as 20 percent. The same utility will be found on NT 5.0. Netware 4.11 has a 2-Gbyte file system split evenly between kernel and apps. There's no way to reallocate memory. Netware 5.0 will increase the size of the file system to 4 Gbytes, still split evenly between kernel and applications. That should help improve the performance of memory-intensive applications, but there's still no tuning utility. Novell also says that it will implement a journaled file system with Netware 5.0 that should significantly improve the time it takes to rebuild the system after a server crash. A journaled file system only checks the last files written or saved to the server before it went down, which speeds restorals. Netware 4.11 examined all of the files on the server before bringing the system back on line. Novell claims that recovering 10 Gbytes of data on a Netware 5.0 server takes less than a minute. With Netware 4.11 , it takes 20 to 30 minutes. Develop or Die When corporate netwo rkers buy a NOS, they have to keep a lot of people happy—including their application developers. Microsoft makes this easy. NT ships with a broad set of development tools, and third-party developers have come up with a whole slew of tools as well. It also boasts underlying services that offer plenty of hooks into the operating system. Programmers write to APIs (application program interfaces) rather than struggle with low-level coding. One such service is Microsoft Message Queue, middleware that facilitates communications between apps and stores messages for later delivery if a link goes down. It also automatically routes messages over the most efficient or cheapest path and reroutes around failures. This is particularly important when apps run across WAN links. When it comes to applications, Novell really falls down on the job. Netware 4.11 forced developers to write NLMs (Netware Loadable Modules)—hugely complex software components that demanded both networking expertise and intima te familiarity with the NOS's character-based interface. Most developers and software vendors simply took a pass. Thus, Netware-aware apps are few and far between. Novell says it has seen the light. Netware 5.0, it promises, will be a fast, friendly development platform. And it's counting on Java to accomplish this miracle. Deep in the kernel of its next-gen NOS is a Java virtual machine. Novell says that tightly coupling Java to its software gives it a huge performance boost. According to its internal benchmarks, Java apps run 2.5 times faster on Netware 5.0 than on NT 4.0 and 5 times faster than on Unix. So much for fast. What about friendly? Netware 5.0 supports Java network directory interface (JNDI), the standard for Java developers. It also boasts a built-in Java object-request broker, which permits different applets to work with one another, regardless of the machine they're running on. And it features an integrated Oracle 8.1 relational database with a five-user license so Jav a applets can be stored on a Netware server. So what does Novell expect to gain from all this Java speed and simplicity? There are at least 25,000 Java developers out there. "Now every Java developer is a Netware developer," comments Wilkinson. And what else do these vendors have in mind for their new NOSs? Both Microsoft and Novell point with pride to the fact that their soon-to-be-released software boasts a 64-bit architecture (rather than today's 32-bit structure). Twice the bits translates into larger memory addressing and, by implication, zippier application performance. Trouble is, developers will have to write 64-bit apps to exploit this new environment. Tried-and-true 32-bit apps do not run any faster on 64-bit platforms. The Bottom Line CONTACT AUTHORS lbruno@data.com saunders@data.com Price is always a concern with any business decision. Microsoft and Novell license their products according to the number of users attached to the server. Netware 4.11 costs $47,995 for a 1,000-user license, including NDS and an integrated Fasttrac Web server from Netscape Communications Corp. (Mountain View, Calif.). Microsoft charges $28,000 for a 1,000-user version of NT 4.0 Enterprise Edition, which includes its Internet Information Server Web server. (Both vendors are keeping mum about next-generation prices.) On the face of it, NT looks a lot cheaper. But given its skimpy directory services, it could prove to be a very expensive investment.