An Introduction to NDS Corporate Edition
Articles and Tips: article
Product Manager, NDS (UNIX platforms)
Novell Software, Bangalore
01 Apr 2000
Since the Fall 1999 announcement of the release of Novell Directory Services (NDS) eDirectory and NDS Corporate Edition, there has been some confusion about how these two new products differ from previous versions of NDS. Novell has provided directory services as part of the NetWare operating system since NetWare 4.0, introducing all the familiar advantages of NDS within the NetWare environment. While NDS and NetWare are an excellent fit and will continue to be, other platforms besides NetWare have shown the need for a scalable directory to help manage their network services. NDS eDirectory and NDS Corporate Edition are Novell's solutions to provide a directory-enabled infrastructure to the Net, regardless of platform.
NDS eDirectory is essentially NDS version 8 tailored for the Internet or intranet deployments. It is designed to run on various platforms, such as Linux, Solaris, Windows NT, and Windows 2000 (with support for additional platforms in the future). NDS eDirectory ties together intranets, the Internet, and extranets into a single network and forms a virtual platform for deploying e-business solutions. Unlike NDS that comes embedded in NetWare, NDS eDirectory does not include platform-specific solutions like user account management, and file or print service integration; none of these are relevant for Internet deployments. NDS eDirectory is a pure directory service implementation that comes with a directory server, client, and console utilities such as DSREPAIR, DSTRACE, BACKUP, and others.
NDS Corporate Edition leverages the scalability and service offerings of NDS eDirectory and provides the user account management solution to manage all network resources across an entire, multi-platform network, blurring the lines between intranets, extranets, and the Internet. Essentially, NDS Corporate Edition is an application that runs on top of NDS eDirectory to provide server-specific management and integration to the directory.
This AppNote discusses the advantages of NDS Corporate Edition and how it leverages NDS eDirectory. It then describes how it can be used in administer- ing multiple-platform networks, looking at Windows NT and UNIX as examples.
The Split Personality Problem
Today's corporate networks are dogged by internal firewalls. A typical organization is likely to have database and corporate applications running on UNIX/Linux servers, file and print servers running on NetWare or Windows NT, and desktops running on Windows 95/98. In this heterogeneous network, users do not enjoy a seamless intranet experience because different platforms manage their user accounts and access rights separately. Even in a homogenous Windows NT environment, employees do not have seamless access to resources in different domains unless the administrator explicitly establishes trust relationships. When accounts are moved to a different domain, they have to be deleted and recreated. It is not unusual for an employee to have multiple accounts to operate a database, to access files on a file server, or to run client/server applications.
Most system administrators have resigned themselves to managing multiple accounts for the same user. They use domains on Windows NT and NIS on UNIX/Linux machines to create and manage user accounts across multiple servers. Neither of these services allows their accounts to be shared. On Windows NT, managing access to resources across domains involves establishing and managing one-way trust links. These increase administrative overhead and are fraught with security risks. Both of these services make use of a system of master-slave replication to protect against single point failures, which involves manual procedures and configurations. For a large number of accounts, the underlying database often gets disproportionately large, resulting in increased response time for users and longer interval for backup and restores.
Employees working in such environments--with multiple accounts--often find it frustrating. It is difficult to remember all the passwords and match them to the proper login account. Passwords are often forgotten or misapplied; passwords are case-sensitive on some systems, but case-insensitive on others. The Help Desk is often flooded with calls from users who cannot log in to their application. After a few such experiences, users are tempted to write their list of passwords on sticky notes and put it under their mousepad, below their keyboard, or behind the monitor, thus defeating the very purpose of password-based authentication.
The Solution: NDS Corporate Edition
NDS Corporate Edition solves the problem of multiple user accounts by eliminating the need to create separate accounts on different platforms. It allows organizations to create a single user account in an enterprise directory and manage access to any network host or resource.
The NDS eDirectory Advantage
NDS Corporate Edition uses the world's most scalable directory--NDS eDirectory--as its underlying directory service. Among its major features are the use of a full-fledged FLAIM database to store directory entries, full LDAP v3 and SSL protocol support, and an excellent lookup speed even on very large directories. NDS eDirectory has demonstrated the ability to store and manage billions of entries, thus providing more than sufficient room for organizational and corporate expansion. While one billion entries sounds like an incredible number, it is exactly this kind of capacity that is required to be able to handle Internet scale operations. NDS eDirectory is also a true multi-platform directory. You can mix and match platforms on which the NDS database is stored and still support any type of client.
NDS Corporate Edition creates UNIX/Linux and NT profiles for user and groups in the existing directory and then makes them available to services running on Windows NT or UNIX/Linux hosts through a technique called redirection. Redirection allows administrators to retire old and redundant databases that consume much of their time, disk space, and administration budgets without having to change the business applications that use the database. NDS Corporate Edition ensures that the calls made by business applications to the underlying service providers are automatically redirected to NDS.
NDS Corporate Edition provides a number of tools to successfully enhance the management of multiple-platform networks, including a mix of NT, NetWare, and UNIX/Linux accounts. The components are listed below.
NDS Server. A service that manages replication a NetWare, Solaris, Linux, Windows NT, or Windows 2000 server. For NT servers, NDS replicas can be placed locally on Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs). This replacement will not require any change to business applications that consume NT domain service. For UNIX servers, replicas may be placed on NIS servers and can co-exist with existing NIS or NIS+ directory.
Security and Naming Service Redirectors. A set of providers for authentication, password management, session control, and name lookup services. On Windows NT, NDS Corporate Edition replaces the native provider, Security Account Manager (SAM), on the PDCs and BDCs. On UNIX servers, these plug into an existing Pluggable Authentication Module (PAM) and Name Service Switch (NSS) framework. In addition, a single sign-on provider allows background authentication across UNIX servers for services like telnet, ftp, and others.
Account Migration Tools. Tools for migrating existing user and group accounts native databases to NDS. On Windows NT, the Domain Object Wizard migrates NT domains to the NDS tree. This enables the NT domains to become manageable NDS objects, called Domain objects. Domain groups, workstations, and users become corresponding NDS objects. For UNIX servers, a command line tool, migrate2nds, migrates accounts from /etc files, NIS or NIS+ directories into NDS.
Mailbox Manager for Exchange. A network administrative tool that allows for the management of Microsoft Exchange user accounts with ConsoleOne. Mailbox Manager enables the creation, alteration, and deletion of user mailboxes without Microsoft Exchange Administrator.
ConsoleOne Snap-ins. Tools for managing UNIX users, groups, hosts, or NT Domain objects, users, and groups in NDS. These snap-ins plug into Novell's ConsoleOne graphical shell and are invoked automatically when administrators click on NDS objects.
NDS Manager (Including Schema Manager). An NDS database administrative tool that allows the management of partitions and replicas. It also provides administrators with a way to manage and modify the NDS schema and distribute updated NDS versions to Unix, Linux, and NetWare servers.
Novell Client. A client service that allows users to access and use all of the features available on NDS-managed networks with superior ease of use, manageability, and security. The Novell Client software for workstations is on the ZENworks/Client CD-ROM. UNIX servers and workstations do not require the Novell Client, they use a standalone directory client to become directory-enabled.
Note: When NDS Corporate Edition is installed, a special version of the Novell Client for the Windows NT environment is automatically installed on the NT server.
ZENworks Starter Pack. An integrated set of NDS-enabled products for distributing and managing applications, configuring and managing workstations and Windows desktops, remotely repairing workstation software, and reducing the total cost of ownership for networked computers. The ZENworks Starter Pack snaps into ConsoleOne and extends the NDS schema to include new object types. It features support for both IP and IPX protocols.
Managing Windows NT Accounts
On Windows NT, resources are created and managed in a database by a service called the System Account Manager (SAM). NDS Corporate Edition replaces this service module with its own NDS-based service provider. Henceforth, all application requests to the SAM provider are redirected to NDS eDirectory. The advantage of redirection is that all existing applications continue to work without any change. You can continue to use the familiar Windows NT tools to manage accounts in NDS. NDS containers can scale into hundreds of thousands of objects, unlike NT Domains which are limited to a few thousand. NDS also includes a single console application that can be used to manage NDS objects. Administrators do not have to learn to use different application to manage users, groups, mailboxes, and so on.
NDS Corporate Edition includes a migration utility that allows existing accounts in a domain to be merged into NDS. If NDS already contains this account, only the NT profile will be added or merged. Once the account is merged into the corporate account, it can be managed like any other NDS User object (see Figure 1).
Figure 1: Managing Windows NT accounts with NWAdmin.
NDS Corporate Edition also migrates domain objects into NDS, so that you don't have to delete and recreate users when they move to a different domain. Domain object migration is automatic in NDS Corporate Edition, so no manual deletion and recreation is required--you simply move them into the different domain. Since domains are objects in NDS, you can have any number of domains, and manage their contents in NDS itself. The system limitations on domains (imposed by the underlying SAM or the trust architecture) do not apply when they become objects in NDS.
How NDS Corporate Edition Works in NT Environments
The procedure for migrating NT accounts to NDS is very simple and involves installing software only on the PDC and the BDC. The first step is to install the required version of Novell's NT Client software on the NT Server. The second step is to install the software on the PDCs and the BDCs and install them into an existing tree or a newly created tree. Next, a special container object is created in NDS eDirectory called the Domain object. Groups and workstations are created in the Domain object for corresponding domain groups and Workstations.
There are three available options for each domain user:
Associate with an existing User object in NDS eDirectory. Use this option if the user already has an account in NDS Corporate Edition.
Create a new NDS object for the domain user. Use this option if the domain user does not already have an NDS object.
Ignore the domain user object. This essentially eliminates network access for the domain user object. Use this option to clean up unused domain objects.
NDS Corporate Edition moves the domain namebase into NDS eDirectory where it is referenced by both primary and backup domain controllers. In order for all domain controllers to have access to the domain information stored in NDS eDirectory, all PDCs and BDCs must have NDS Corporate Edition installed.
The Domain Object Wizard (see Figure 2) allows you to install Read/Write replicas of the NDS eDirectory database on the Windows NT server. These replicas utilize the same directory service to add replicas and to provide local access to NDS eDirectory on domain controllers (both PDCs and BDCs), enabling greater speed and accessibility on remote networks.
Figure 2: The Domain Object Wizard.
Administrators can place replicas of NDS eDirectory partitions on redirected NT domain controllers at remote locations. This powerful feature provides remote users with the ability to authenticate locally rather than across the WAN, improving system access and productivity. NDS eDirectory information at remote sites is kept current and consistent with the network hub through replication.
Additionally, the Replica Advisor details page of the Domain Object provides network administrators with the information necessary to determine which replicas should be placed at the remote location (see Figure 3).
Figure 3: The Replica Advisor feature of the Domain Object Wizard.
With NDS Corporate Edition, no workstation component or workstation configuration is required. From the perspective of the Microsoft clients or applications using that domain, nothing has changed. All workstations and applications will continue to function as they did before NDS Corporate Edition was installed.
For instance, an administrator can use Microsoft User Manager for Domains to create the user. As such, User Manager becomes an NDS eDirectory administration tool (specific for the Domain object), in addition to managing directory objects using ConsoleOne. User Manager for Domains sends requests to the NT domain controller to create the user in the domain and NDS Corporate Edition directs those requests to NDS eDirectory. The user is created in NDS eDirectory with the same properties and access rights or restrictions that are available from the domain itself. Any subsequent modifications made to that user with User Manager or any other domain administration utility is serviced in the same way.
Note: When NDS Corporate Edition is used, you don't need trust relationships. If a user in Domain A needs to use resources in Domain B, simply make the NDS eDirectory User object a member of the NDS eDirectory object Domain B. Still, existing trust relationships are preserved. You can view the NT domain trust relationships via Microsoft's administrative tools.
Making Domain Applications and Trusts with NDS
Applications that need information from the Windows NT domain make requests to SAMLIB.DLL. This includes applications running on the NT server or on an NT workstation. Some of the applications that require information from the domain are NT User Manager, NT Server Manager, and Microsoft Exchange.
SAMLIB.DLL communicates to SAMSRV.DLL using Remote Procedure Calls (RPCs). For applications being run on the server, this communication is all done internally. For requests originating from a workstation, the RPC requests are received at the server via the network. Once a request is received by the server RPC, it is extracted and passed to SAMSRV.DLL. SAMSRV.DLL then accesses the Windows NT SAM where the domain namebase is stored and performs the requested operation (see Figure 4).
Figure 4: SAM services on Windows NT.
NDS Corporate Edition relocates Windows NT domains into NDS eDirectory by enhancing the NT SAMSRV.DLL program to redirect domain access calls to NDS eDirectory. NDS eDirectory can reside on a NetWare server or on an NT Server, or on both. NDS eDirectory stores the User, Computer, and Group objects that take the place of the objects previously used from the domain. For all practical purposes, applications still think they are communicating with the native SAMSRV.DLL (see Figure 5). Therefore, none of the applications need to change to get the benefit of directory-managed domains and user accounts.
Figure 5: Redirecting SAM with NDS Corporate Edition and NDS eDirectory.
The Windows NT SAM is the database where the NT domain namebase is stored. The domain is identified by a unique number. This number, the Security Identifier or SID, uniquely identifies an NT domain across a network. Objects in the domain are also identified by a SID which is created by combining the domain SID with a Relative Identifier (RID). This object SID is used throughout the Microsoft network to identify the object and its access to system resources.
When using NDS Corporate Edition, each Windows NT domain is represented by a domain object in NDS eDirectory (see Figure 6). This object is a container object that behaves similarly to a Group object in that it not only holds information about the domain and users which are a member of the domain, but the Domain Object also contains member objects such as computers and groups--just as an in actual domain.
Figure 6: A Windows NT Domain as an NDS object.
The domain object acts as a group with a list of domain members. The computers and groups associated with the domain are represented as objects contained by the NDS eDirectory domain object (see Figure 7). By making user objects "members" of the domain rather than actually residing within the domain, administrators can place the NDS eDirectory User objects anywhere in the tree and still give them access to specific domains.
Figure 7: Memberships in multiple Domains.
Because NDS Corporate Edition stores each user's RID in the NT Domain object and not as part of the User object, any NDS eDirectory User object can be a member of more than one NT Domain object. This provides a way for a single NDS eDirectory user to access resources in multiple domains without having to set up complicated trust relationships.
Managing Microsoft Exchange Mailboxes in NDS
Mailbox Manager is a Novell product that builds on NDS Corporate Edition, allowing you to manage Microsoft Exchange mailboxes from the NetWare Administrator console. In a typical scenario, Mailbox Manager allows Help Desk employees to create, modify, and delete all mailboxes in Exchange, without requiring access to the Exchange management console. This allows the Help Desk staff to update directory information in Exchange, while protecting other information that should normally be changed only by the network administrator.
You can run the Mailbox Manager Setup program on an NT workstation to create as many consoles as you need. The Setup program extends the NDS eDirectory schema to include Exchange attributes, and adds the necessary snap-in files to NWAdmin.
After installing Mailbox Manager, you can upload directory information from an Exchange site directly into NDS eDirectory. To do this, you run the Upload Mailboxes utility from the Tools menu in NWAdmin. You specify the Exchange site and server you want to manage, and the NDS eDirectory context for the Site object in NDS eDirectory. The utility does the rest, using Windows NT account information from NDS Corporate Edition to map Exchange mailboxes to NDS eDirectory user objects.
Although the current release of Mailbox Manager does not automatically update NDS eDirectory when changes are made using Exchange Administrator, you can run the Upload Mailboxes utility at any time to incorporate changes into NDS eDirectory.
Learning and using Mailbox Manager is easy. It has a look and feel very similar to the Exchange Administrator user interface, so you're in familiar territory whether you're more accustomed to that program or to NWAdmin. For example, the Mailbox Manager snap-in to NWAdmin displays a hierarchical list of sites, recipient lists, and distribution lists similar to the corresponding lists shown in Exchange Administrator. The dialog box used to edit user properties is very similar between the two applications.
Mailbox Manager incorporates a few minor differences from the Exchange Administrator user interface, to better reflect the intended purpose of the application and improve usability. For example, there are no tabs for E-Mail Addresses and Protocols because Help Desk staffers should not normally control this information. Also, to make it easy to create and delete Exchange mailboxes, an Exchange Mailboxes page on the User Properties dialog lets you enter information such as the primary Windows NT account, recipient container name, and home server name.
Managing Security on Windows NT
Windows NT domains do not allow a user to be a member of more than one domain, even if trust relationships are defined between domains. This is because the RID is stored as part of the User object. To move a User object to a different domain, the object must first be deleted from the previous domain and then created in the new domain. This affects the user's access to the first domain. If the User object is then created again in the first domain, another new RID is created.
With NDS Corporate Edition, each Windows NT domain is represented by a Domain object in NDS eDirectory. This object behaves similarly to an NDS Group object in that it not only holds information about the domain and users who are members of the domain, but it also contains member objects such as Computers and Groups just as a real domain does. One significant difference, however, is that NDS Corporate Edition stores each user's RID in the NT Domain object and not as part of the User object. This means that one NDS User object can be a member of more than one NT Domain or access the resources that used to be available in multiple domains, without the need for complicated one-way trust relationships. Under NDS eDirectory, an NT Domain object functions like a group. Just as a user can be associated with multiple groups, a user can be associated with multiple NT Domain objects.
Another aspect to consider when using NDS Corporate Edition has to do with passwords. Windows NT uses an MD4 password encryption algorithm which creates a fixed-length hash from the user's password. Such hashes are not very secure, as they are susceptible to dictionary attacks. NDS eDirectory, on the other hand, uses the public/private key pair. These keys are created uniquely for each user using the password. The public key can be easily shared and passed around. The private key is held securely within NDS in a vault associated with the User object.
When a user logs in, the password is used to create a secret token that is sent to NDS eDirectory for verification. If the NDS server is convinced that the token has been generated only by the actual user, it allows an authenticated session to be set up. At the same time, the password is also encrypted with the MD4 algorithm and sent to the Windows NT domain controller. This encrypted value is compared to that stored in the domain User object. If they match, the user is authenticated to the NT Server. This authentication process is secure because the encryption process that is performed on each password is irreversible.
With NDS Corporate Edition, both passwords are checked by the respective environments. However, both passwords are stored in NDS eDirectory. The authentication process is equally secure, since the encryption process that is performed on each password is still irreversible.
Managing Security for UNIX Accounts
Most UNIX systems provide a standards-based service layer called Pluggable Authentication Module (PAM) Interface library. PAM is a public specification for service providers that can plug into the UNIX environment to handle authentication, account information, and session and password management services. NDS Corporate Edition comes with a plug-in that uses NDS for all these services (see Figure 8).
Figure 8: Managing UNIX accounts with NDS.
Applications that use the PAM Interface continue to work unchanged, including native utilities like login, telnet, ftp, sendmail, passwd, ls, ps, and so on. The PAM standard allows multiple service providers to be stacked or switched at run time without rebooting the system. Therefore, system administrators can choose to locate administrative accounts in /etc files, employee accounts in NDS, and selected accounts in the NIS databases all at the same time. NDS Corporate Edition comes with a migration utility that can extract accounts from existing databases and merge them into NDS. If the account already exists, only the UNIX profile is added or merged.
NDS Corporate Edition can co-exist with NIS, NIS+, and the /etc/passwd databases. The administrator can configure the product in such a way that some users authenticate to both NDS and NIS. Some of the local system administration accounts, such as root, will continue to be stored in /etc/passwd files. This is because these accounts will need to authenticate during times when NDS service is not yet available (such as during operating system installation and operating system initialization). It is recommended that accounts that are used for local administration of the server be left alone in the /etc/passwd files and the corporate user accounts be migrated to the directory. Local accounts like root, bin, sys, and so on can remain in /etc/passwd files.
Figure 9 demonstrates how PAM can be configured to lookup NDS first and then fall back to UNIX files.
Figure 9: Sample /etc/pam.conf file for Solaris hosts.
Single Sign-on Across UNIX Hosts
UNIX hosts allow users to log in to remote hosts or launch applications on other UNIX hosts through a feature called the .rhosts. Because this is a very risky feature for security-sensitive networks, many system administrators ban this facility. NDS Corporate Edition offers an easier and more secure solution for UNIX hosts that use NDS: Single Sign-on. It's important to note that this is not the same product as Novell Single Sign-on that provides single sign-on for NDS-enabled business applications. The Single Sign-on (SSO) feature for UNIX provides a mechanism through which users who have logged in to a UNIX host can seamlessly connect to other SSO-enabled UNIX hosts through telnet, ftp, or rlogin without having to provide a name or password. NDS Corporate Edition will automatically transfer the login credentials to the new host behind the scenes and allow the command to be executed without a password prompt (see Figure 10).
Figure 10: Single Sign-on across UNIX hosts.
Background authentication is accomplished by another PAM module called the pam_ndssso and a daemon called nds_ssod. The pam_ndssso module provides functions for authentication and session management to the SSO daemon. When a user first logs in to a workstation, the credentials are captured and preserved in the SSO daemon. When the user attempts to contact another UNIX host, then the authentication request is intercepted by the pam_ndssso on that host. The SSO daemon on the target host then contacts the SSO daemon on the first host and goes through a background authentication sequence with NDS. If the authentication succeeds, then the user is allowed to operate on the target host. Otherwise, the sequence will fall back to the regular NDS authentication sequence.
In this exchange, the credentials are never transferred to the new host. The SSO daemon only maintains a pointer to the original host that manages the credentials obtained by the initial authentication. All these background operations occur quickly and transparently and give a seamless experience to the user.
Resolving UNIX Account Names in NDS eDirectory
NDS uses a hierarchical name space, while UNIX account names are simple names. NDS Corporate Edition attempts to preserve the existing UNIX names by mapping them intelligently into NDS User object names. The mapping works as follows:
When a UNIX host is added to the tree, a corresponding replica server object is created in NDS in a specific context. One of the attributes of this object is the list of NDS groups whose members are allowed to log in to the host. A UNIX config object is also added at the top of a non-Root partition. This object contains a list of all contexts where UNIX replica server objects may be found.
When a UNIX account name is looked up in the tree, first a sub-tree search is done in the partition. If a match is found, then this is treated as the NDS name for the UNIX user.
If a name is not found, then the list of groups in the workstation object's member list is searched until the first matching entry is found.
For a user to log in, the workstation object needs to have Read and Browse rights on the User object to get the UNIX profile attributes and the password expiry time property.
This resolution technique has many advantages. It allows User objects to be distributed anywhere in the tree. At the same time, it blocks any User object with a UNIX profile from attempting to log in to a host. Only those users who are explicit members of the host object are able to log in.
NDS Corporate Edition Advantages
NDS Corporate Edition delivers immediate benefits to administrators and users, and contributes to the general success of business processes and transactions.
With NDS Corporate Edition, the system administrator has to create a user account only once (in NDS eDirectory) and manage it using the same tool (ConsoleOne) that can be used to manage any NDS installation. The same user account can be used to access a NetWare file service and log in to a Windows NT workstation or UNIX host. There is only one user name and one password to administer. Information about users is consistently maintained in one place and redundant databases are eliminated.
NDS Corporate Edition extends ConsoleOne (see Figure 11) with snap-ins for managing UNIX or NT users and objects. Currently, ConsoleOne is available for Windows 95/98 or Windows NT. It will soon be able to run natively on Solaris and Linux hosts also. This allows corporate network entities to be managed from anywhere in the network.
Figure 11: Single administration tool using ConsoleOne.
NDS Corporate Edition makes it very easy to add new servers or to retire existing servers, improving the organization's ability to adapt to change. Servers can also be consolidated because separate servers are no longer required to maintain the NT and UNIX accounts. Help Desks can be managed with fewer staff. Backup operations can be scheduled less frequently and will take less time, since the NDS database is much slimmer. Replication is accomplished automatically by NDS eDirectory. Administration for regional sub-trees can also be delegated to regional administrators.
The End User Experience
Once users get acclimatized to a directory-enabled environment, it will be difficult for them to move back to the older environment with multiple accounts and passwords. With a single login, they have access to any resource in the network (provided they have access rights, of course). No more multiple passwords and sticky notes. No more calling the help desk to reset passwords. Users can also feel more secure about their passwords, since NDS uses a stronger, public key-based authentication system. And users get all these advantages without having to learn any new application or service. Everything is done transparently behind the scenes by the redirection technology in NDS Corporate Edition.
Another impressive aspect of NDS Corporate Edition is the ability to provide access to any resource on the network from any client, provided the appropriate rights are in place. Travelling executives will now be able to log in to the corporate network from any office and get access to their intranet resources.
Supported Platforms and System Requirements
NetWare 5 with Support Pack 2
Intel Pentium Server
Linux kernel 2.2, glibc 2.1.2, RPM (for example, RedHat 6.1)
Intel Pentium server
Sun Microsystems Solaris 2.6 or higher with latest patches
Sparc, Sparc v9
Microsoft Windows NT 4.0 with Service Pack 3 or higher
Novell Client for Windows NT 4.5 or higher
Microsoft Exchange 5.0 with Service Pack 1.0 or Exchange 5.5 (for Mailbox Manager)
Microsoft Windows 2000 (for NDS eDirectory only)
RAM: 128 MB (minimum)
Hard disk space: 3MB for UAM, 21MB for eDirectory
Directory disk space: 350KB per 1000 certificates, 3MB per 1000 objects
Novell ConsoleOne v1.2 or later (bundled with the package)
NDS eDirectory 8 (bundled with the package)
Businesses that deploy NDS Corporate Edition to manage their network environment enjoy a huge business lead over rivals who have not yet moved to a directory-enabled environment. NDS Corporate Edition reduces the costs of administration without requiring a huge investment in new hardware. It may even free up existing servers that have been dedicated to managing redundant accounts.
The single point of administration aspect of NDS Corporate Edition increases the productivity of the IS staff by reducing help desk calls, eliminating chances of inconsistent information, and reducing backup time and restores. NDS Corporate Edition improves employee productivity by eliminating multiple passwords and by providing a consistent employee experience while on the network. It also facilitates enforcement of security policies on different network resources. It provides an organization the capability to adapt quickly to the insatiable demands of e-business. Above all, it delivers all this performance and benefits with minimal ramp-up effort and cost.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.