NDS-Enabled Applications: What Do They Have That Other Applications Don't?
Articles and Tips:
01 Aug 1998
Between August 1997 and March 1998, Novell shouted at developers, "Get Off Your Apps!" by hosting a contest to find applications that made the best use of Novell Directory Services (NDS). Novell hoped the Get Off Your Apps! contest would prompt developers to build applications that use or contribute to the information stored in NDS. In fact, whether inspired by the playful contest slogan, the chance of winning the grand prize (a Harley Davidson motorcycle), or the inherent benefits of developing an NDS-enabled application, developers from all over the world flocked to participate. They came from Australia, Canada, the Czech Republic, India, Russia, and the United States, bringing a wealth of new products and adding to the already large number of NDS-enabled applications.
How large a number? Larger than you might think. More than 360 NDS-enabled applications are available today--and that number includes only the applications Novell is aware of. In reality, there are countless more, says Scott Wells, director of developer services at Novell. As Wells explains, only 20 percent of the 23,000 subscribers to Novell's DeveloperNet are independent software vendors (ISVs). ISVs sell their NDS-enabled applications and thus stand to gain by announcing that these applications leverage NDS, a popular directory solution renowned for being reliable, scalable, manageable, and secure. Because ISVs advertise their NDS-enabled applications, Novell knows about these applications.
However, Novell doesn't necessarily know about NDS-enabled applications that corporate developers or systems integrators write for use only within their own companies. Corporate developers and systems integrators comprise "the majority of our DeveloperNet subscribers," Wells claims. Corporate developers and systems integrators, Wells adds, "don't need to broadcast the fact that they've developed NDS-enabled applications because their companies only use these applications internally." (Occasionally, these behind-the-scenes developers post their NDS-enabled applications on the World-Wide Web as shareware. For example, you can download free NDS-enabled applications developed by Darwin Collins, a network administrator who works for Dallas Area Rapid Transit, from http://www.fastlane.net/~dcollins.)
The hundreds of NDS-enabled applications Novell does know about provide a wide variety of services, including anti-virus, backup, database, e-mail, groupware, telephony, and security services. In addition, there are a few line-of-business applications and, of course, several network management applications.
Unfortunately,NetWare Connectiondoesn't have enough space to discuss all of the NDS-enabled applications available. To illustrate the types of applications that are available, however, this article describes a few NDS-enabled applications. This article also explains the benefits of writing and purchasing such applications.
WHAT DO DEVELOPERS GAIN?
For developers, writing NDS-enabled applications yields several benefits. For example, writing an application that uses or contributes to the information stored in NDS enhances that application's market appeal because NDS is widely recognized as the leading directory service. To date, NDS claims more than 33 million users worldwide.
Writing an NDS-enabled application also saves developers time during the development process. Every application requires access to directory-related information. For example, most applications need to access lists of users and users' access rights. In fact, according to Ed Shropshire, NDS developer program manager at Novell, an average medium-to-large-sized company typically maintains between 14 and 20 user lists. "That's ridiculous," Shropshire says, "when you have something like NDS out there." When a developer uses NDS as the directory services for an application, the work required to create a database for storing user lists and other directory-related information is already done.
These and other services that NDS provides are mutually beneficial to developers and Novell: That is, NDS increases the value of applications because it increases the number of services that the applications provide. And, similarly, NDS-enabled applications increase the value of NDS because they increase the number of applications that use NDS. As Glenn Ricart, chief technology officer at Novell, pointed out in his keynote address at BrainShare '98, "the value of a directory can only be illustrated by the applications that use it."
WHAT DO YOU GAIN?
Purchasing NDS-enabled applications also yields several benefits. For example, by purchasing NDS-enabled applications, you can minimize the number of times users have to enter a username and password to access the information they need. With NDS-enabled applications, you can also control users' rights to access each application through NDS.
Many NDS-enabled applications first verify that a user has authenticated to NDS. The application then uses that authentication information, along with information about the user's rights, to accept or reject the user's attempt to access the application.
As a result, you can control users' rights to access NDS-enabled applications without requiring users to log in to each application after they log in to the network. When you purchase NDS-enabled applications, you bring users one step closer to the promise of single sign on.
The cost of owning NDS-enabled applications is typically less than the cost of owning non-NDS-enabled applications because NDS-enabled applications can be managed from a central location. Because they provide this single point of management, NDS-enabled applications are easier to manage than non-NDS-enabled applications.
For each NDS-enabled application, you can create an object in the NDS tree. You can then use Novell's NetWare Administrator (NWADMIN) utility to manage this application, whether or not the application includes an NWADMIN snap-in module. For example, you can grant rights to that application from within the NWADMIN utility, just as you grant rights to other network resources.
TAKE A CLOSER LOOK
In short, you could potentially control users' access to all NDS-enabled applications without requiring users to enter usernames and passwords multiple times. And you could use the NWADMIN utility to manage all NDS-enabled applications from your desktop. Imagine how simple your life (and your users' lives) would be if you ran only NDS-enabled applications on your company's network. Using only NDS-enabled applications is a viable and practical option, considering that you have hundreds of applications to choose from today and that more applications are continually being written.
Due to the large number of NDS-enabled applications, selecting only a handful of applications to discuss in this article was a difficult task. Nevertheless, several contributing editors toNetWare Connectionworked together to choose some applications that are relatively new or particularly useful. (You can view an http://www.novell.com/nwc.)
This article discusses the following NDS-enabled applications:
SentriNET from Mission Data Systems Ltd.
WebConsole from High Technology Software Corp. (also known as HiTecSoft)
StarGate Server from StarVox Inc.
TrafficWare from Ukiah Software Inc.
Visio Solution Pack for NDS from Visio Corp.
BenefitsXtra from Bentana Technologies Inc.
Of course, past issues ofNetWare Connectionhave featured articles that discuss NDS-enabled applications. (See "Read All About It.") However, this article is the first one that discusses the particular applications listed above. As you read about these applications, keep in mind that the services they provide represent only one-quarter of the services provided by NDS-enabled applications, and the applications themselves represent only one-fiftieth the number of NDS-enabled applications that are available.
SENTRINET--ENABLING BIOMETRIC AUTHENTICATION TO NDS
As the grand-prize winner of Novell's Get Off Your Apps! contest, SentriNET from Mission Data Systems is as cool as the Harley-Davidson motorcycle Novell awarded to the company. SentriNET is a suite of applications that extends the NDS schema, enabling you to store BioKeys as properties for User objects and to use these BioKeys in the authentication process. (See Figure 1.)
Figure 1: If you used SentriNET and a SecureTouch finger-print reader, users would see this dialog box when logging in to the network.
A BioKey is a unique characteristic assigned to a particular User object. For example, a BioKey can be the string of characters read from a swipe card or a biometric scan of a user's finger, hand, voice, or even face.
SentriNET enables you to store up to five BioKeys in NDS for each User object. For example, you could store all five fingerprints on a user's hand. Then if the user lost or injured a finger, he or she could use another fingerprint for authentication purposes. And because SentriNET stores the fingerprints in NDS, a user can use his or her finger for authentication purposes whether the user is at corporate headquarters or at a branch office.
In March 1998, John Dallaway, managing director of Mission Data Systems, and Martin Tomkins, a technical representative for the company, flew from the United Kingdom to the United States to attend BrainShare '98 in Salt Lake City, Utah. Glenn Ricart invited Dallaway and Tomkins on stage during his keynote address to demonstrate SentriNET. Dallaway and Tomkins demonstrated the SentriNET Door Access Controller (DAC) application, which provides what is perhaps the closest thing to "Star Trek" access control available today.
SentriNET DAC is one of several client-server applications in the SentriNET suite. Each application uses the BioKeys stored in NDS to authenticate users. However, each application authenticates users for different purposes. For example, depending on which applications you purchase and install, users may use their BioKey to log in to your company's network, to gain access to particular web sites, or to verify their rights to transfer confidential files over the Internet or an intranet.
SentriNET DAC uses the BioKeys stored in NDS to authenticate users who are trying to gain access through physical doors. Because SentriNET DAC extends the NDS schema, you can configure these doors as NDS objects, and you can then grant users rights to the doors just as you grant users rights to other NDS objects, such as Server objects and Printer objects.
Doors controlled through SentriNET DAC are equipped with door-mounted swipe card or biometric readers. These door-mounted readers are connected to a Windows NT or Windows 95 workstation running SentriNET DAC and the application program interfaces (APIs) that enable the swipe-card or biometric readers to communicate with SentriNET DAC.
To authenticate users, SentriNET DAC passes information from the swipe-card or biometric reader to a local database or to the NDS database, depending on whether you have configured SentriNET DAC as a standalone solution or as a network solution. As a standalone solution, SentriNET DAC runs on a workstation and refers to a local database, which stores users' BioKeys, to authenticate users trying to gain access through a door. This local database is updated frequently through NDS.
As a network solution, SentriNET DAC runs on a network client and, by default, refers directly to NDS to locate BioKeys and to authenticate users trying to gain access through a door. When you configure SentriNET DAC as a network solution, you still have the option to store BioKeys locally (in addition to storing them in NDS) for emergency situations, such as when the network is down.
To understand how SentriNET DAC works, suppose that a user approached a door equipped with a fingerprint reader and controlled through SentriNET DAC running on a network client. To request access through the door, the user would place his or her finger on the fingerprint reader, which would scan the fingerprint and forward this scan to SentriNET DAC.
SentriNET DAC would then forward the scan to NDS, which would compare this scan to the BioKey property for the appropriate User object, restricting the search to User objects defined in the door's list of authorized users. If NDS found a match and that user had the necessary rights, SentriNET DAC would trigger the opening of the door. If NDS didn't find a match or if the user did not have the necessary rights, SentriNET DAC would deny the user access.
Mission Data Systems writes the APIs that enable SentriNET DAC and third-party swipe-card or biometric readers to communicate. To date, Mission Data Systems has written APIs for several swipe-card readers and for two finger-print readers: SACMan from SAC Technologies Inc. and SecureTouch from Biometric Access Corp. (BAC). In addition, Mission Data Systems is currently writing an API that will allow you to use a facial-recognition reader with SentriNET DAC.
For more information about the SentriNET suite, visit Mission Data Systems' web site (http://www.missiondata.co.uk). You can also call +44 (0)1562 823445.
WEBCONSOLE--ENABLING NETWORK MANAGEMENT FROM ANYWHERE
Today, NDS and SentriNET make possible biometric authentication that you probably thought you wouldn't see until sometime in the distant future. Similarly, NDS and WebConsole from HiTecSoft make real the stuff that network administrators' dreams are made of: A GUI for tasks that must be performed at the server console and the ability to perform these tasks over the Internet. (Novell is preparing to release ConsoleOne, a GUI utility that will run on the server console. See "NetWare 5 Knows No Limits,"NetWare Connection, May 1998, pp. 12-13. You can download this article from http://www.novell.com/nwc/may.98/ntware58.)
Admittedly, web-based remote management of NetWare servers has been possible since the release of NetWare 4.1, which shipped with the NetBasic WebPro software developer's kit (SDK), also from HiTecSoft. While this SDK offers many useful tools, it has little appeal if you are not a developer.
Recognizing this problem, HiTecSoft developed WebConsole, a standalone, remote management product. With WebConsole, you can use a web browser to manage NetWare servers via the Internet or your company's intranet. WebConsole provides similar functionality to that offered by the NWADMIN utility and utilities that run at the server console.
You install WebConsole from a single CD-ROM on a master server and one or more remote servers. (Both the master server and the remote servers must be running NetWare 3.12 or above.) At least one server must act as the master server, with which WebConsole automatically registers the remote servers. From one master server, you can access and manage up to 1,000 remote servers. Not surprisingly, most companies need only one master server, although you can use multiple master servers if necessary.
With WebConsole installed on at least one master server and any number of remote servers, you are ready to manage your company's network from anywhere in the world using any browser that supports frames. (For example, both Netscape Navigator 3.0 or above or Microsoft Internet Explorer 3.0 or above support frames.) To perform management tasks using WebConsole, you first access WebConsole on a master server by entering a URL (such as http://www.abc.com/netbasic/webcom) or an IP address (such as 208.191.28.91) in your browser. The WebConsole sessions you establish are secured via Secure Sockets Layer (SSL) technology and 128-bit RSA encryption.
After accessing a master server, you select from a pull-down menu the remote server you want to manage. You then enter a username and password to authenticate to NDS. NDS authentication ensures that only users with the necessary rights can access WebConsole and that these users can perform only the management tasks to which they have rights.
After authenticating to NDS, you select the type of management task you want to perform from a task bar on WebConsole's main screen. WebConsole enables you to perform most typical management tasks, including the following:
View the server console screen and error log, enter server-console commands, and generate reports (via a Java-based RCONSOLE screen).
Reboot servers.
Load and unload NetWare Loadable Modules (NLMs).
Mount and dismount volumes.
View statistics about server connections, including address information, a list of open files, and login and logout times.
Clear unwanted server connections.
Edit server configuration files, such as the AUTOEXEC.BAT file and the STARTUP.NCF file.
Edit boot sequence files.
Edit text files.
Browse the NDS tree, and change the current NDS context.
View, create, rename, move, delete, and modify NDS objects.
View, create, and delete file and directory information.
Modify file trustee rights.
Add and delete scheduled management tasks from a queue.
Download the latest HiTecSoft and NLM patches and updates from a reference server. (By default, the reference server is a server maintained by HiTecSoft. If you prefer, however, you can configure a server on your company's network as the reference server.)
If your company is using BorderManager, you can also use WebConsole to configure BorderManager components. For example, you could configure the proxy cache component, the VPN component, the IPX-IP gateway, and the IP-IP gateway.
In addition, WebConsole includes a Help Desk option, which is fully functional help-desk software that allows help-desk administrators to open incidents, check work in progress, and log information. (See Figure 2.) For example, you could use NDS to grant limited administrative rights to a help-desk administrator, who could then use WebConsole's Help Desk option to perform management tasks such as setting passwords, adding and deleting User objects, and granting access to printers.
Figure 2: WebConsole includes a Help Desk option, which allows help-desk administrators to open incidents, check the status of existing incidents, and log incident information.
Depending on the rights of the administrator who has accessed WebConsole, the menus change. As the network administrator, you can view and perform all types of management tasks, whereas a help-desk administrator can view and perform only the types of management tasks that are help-desk related.
For more information about HiTecSoft's WebConsole, visit HiTecSoft's web site (http://www.hitecsoft.com). You can also call 1-888-970-1025 or 1-602-970-1025.
STARGATE SERVER--ENABLING INTELLIGENT CALL MANAGEMENT
Unlike WebConsole, which could prove useful whether your company's network is large or small, StarGate Server from StarVox is specifically designed for companies that have multiple sites connected by a WAN. StarGate Server is a voice-over-data-network gateway that enables you to route telephone calls between sites over existing WAN links.
As a result, your company saves on long-distance charges. With a Windows NT 4.0 server running StarGate Server attached to your company's NetWare 4.11 network and PBX system, your company might not need to pay for a long-distance telephone call between sites. (StarVox also plans to support NetWare 5 shortly after NetWare 5 is released.) StarGate Server converts and compresses toll-based long-distance telephone calls into data packets that are then carried across WAN links.
StarGate Server ensures that mission-critical data gets the bandwidth it needs while users get the voice quality they expect. StarGate Server protects voice quality by monitoring network performance and, if necessary, routing calls to the Public Switched Telephone Network (PSTN) without interruption.
StarGate Server offers two additional features that set it apart from other voice-over-data-network gateways:
StarGate Server integrates with virtually any PBX system. As a result, you can use StarGate Server across WAN links without having to replace existing voice communications equipment.
StarGate Server integrates with NDS, which means that you enter information in a central location for voice and data networks. NDS then replicates that information and synchronizes all of your company's servers, including servers running StarGate Server.
StarGate Server extends the NDS schema, adding new objects to the NDS tree and new properties to User objects. These additional properties include users' office extension, home telephone number, cellular telephone number, and pager number. Based on these properties, StarGate Server generates corporate white pages for your company.
Using the optional StarCall Client, a browser-based Java applet that you purchase and install separately, users can scan the corporate white pages to find other users' telephone numbers. Users can dial these telephone numbers by clicking them.
With StarGate Server, users can use a telephone handset to place and receive calls. If you have installed StarCall Client on users' workstations, users can place and receive calls using StarCall Client, which provides a GUI for call management.
With StarGate Server on your company's network and StarCall Client on users' workstations, you gain several call control features, including the following:
Caller-ID
Call-back-on-busy
Intelligent follow-me
NDS plays a role in making the caller-ID feature possible. For example, suppose that Linda dialed Gavin's telephone number. When Linda dialed this telephone number, StarGate Server would identify the telephone number calling and the telephone number being called and would match that information against the information stored in NDS.
Using the information in NDS, StarGate Server would be able to locate Gavin and the network address of the workstation to which he is logged in and would send a pop-up message that would appear in Gavin's browser. (Users must have their browser open to receive pop-up messages from StarGate Server. Naturally, users can minimize the web browser on their desktop.) The pop-up message would inform Gavin that Linda was calling, enabling Gavin to make an informed decision about whether to answer the call.
The call-back-on-busy feature enables you to instruct StarGate Server to call you back when the busy line you just tried is finally free. For example, suppose that you tried to call your boss, Dennis, but his line was busy. When you called Dennis, StarCall Client would send you a pop-up message, informing you that Dennis was on the telephone.
At this point, you would have two options: You could send Dennis a message, asking him to interrupt his current call to take your urgent call. If you did not want to interrupt Dennis' current call, you could use the call-back-on-busy feature, ensuring that when Dennis hung up, both your telephone and his telephone would ring. In either case, you would reach Dennis soon, without having to continually press the redial button on your telephone handset.
The intelligent follow-me feature enables you to work from any workstation at any site and still be reachable through your regular office extension. For example, suppose that you usually work at your company's San Jose site but that you went on a business trip to your company's New York site, where you used Fred's office. While you were in Fred's office, you logged in to the network as yourself.
Through this NDS authentication, StarGate Server would know who and where you were. Thus, when you called Lee, the pop-up message Lee received in her browser would indicate the call was from you--not from Fred. When Lee called back, she would enter your regular office extension or click your telephone number in the corporate white pages, and StarGate Server would forward the call to Fred's office extension. If you didn't answer this call, StarGate Server would route the call to your voice mailbox.
For more information about StarGate Server, visit StarVox's web site (http://www.starvox.com). You can also call 1-408-383-9900.
NETROAD TRAFFICWARE--ENABLING POLICY-BASED TRAFFIC MANAGEMENT
A new class of network management products has recently appeared: bandwidth managers. A few companies offer bandwidth managers that allow you to manage traffic flow on Internet and intranet connections. However, only Ukiah Software offers a bandwidth manager that is fully integrated with a directory service.
Ukiah Software's NetRoad TrafficWARE is a software-based bandwidth manager that runs on a Windows NT 4.0 server or workstation. With NetRoad TrafficWARE, you can manage TCP/IP traffic and eliminate bandwidth bottlenecks on Internet and intranet connections. You can integrate NetRoad TrafficWARE with any directory service that supports Lightweight Directory Access Protocol (LDAP) version 3--including, of course, NDS.
NetRoad TrafficWARE uses NDS to store traffic-management policies. To create these policies, you use TrafficWARE Administrator, client software that provides a GUI for managing NetRoad TrafficWARE. (TrafficWARE Administrator runs on a Windows NT 4.0 server or workstation or on a Windows 95 workstation.)
In addition to using NDS as a repository for policies, NetRoad TrafficWARE extracts information about NDS User and Group objects, so you can integrate these objects with the policies you create. For example, you could create a policy dictating that members of the Marketing group are guaranteed at least 10 percent of bandwidth when the network is congested.
The policies you create using TrafficWARE Administrator can apply to either inbound or outbound traffic. To create a policy, you simply point and click in various dialog boxes that appear when you double-click the spreadsheet-style cells in TrafficWARE Administrator. The top of each spreadsheet displays eight headings:
Rule
Sender
Receiver
Service
Time
Bandwidth Guaranteed
Priority
Admission Control
When you create a policy, double-clicking a cell under the Rule heading opens a dialog box that enables you to specify whether this policy applies to inbound or outbound traffic. You can also name the policy in this dialog box.
Double-clicking cells under the Sender, Receiver, and Service headings opens dialog boxes that enable you to define the class of traffic to which the policy applies. The class of traffic might be a specific User or Group object; Internet or intranet host; URL; file type (such as .EXE or .GIF files); TCP/IP service (such as FTP or HTTP); or application (such as GroupWise or Citrix WinFrame). Many applications, including GroupWise, are predefined in TrafficWARE's list of supported services. You can also add applications to this list.
As you would expect, double-clicking the cell in the Time column opens a dialog box that enables you to specify the time during which the policy applies. For example, you could specify that a policy should be enforced all of the time, only during work hours, or only after work hours.
You can also define the timeframe during which this policy applies based on days of the week or days of the month. For example, you could grant high priority and guarantee bandwidth for the Order Entry department during the last week of the month.
Double-clicking cells under the Bandwidth Guaranteed, Priority, and Admission Control headings opens dialog boxes that enable you to clarify the policy in the following ways:
The Bandwidth Guaranteed dialog box enables you to allocate maximum bandwidth limits and minimum bandwidth guarantees.
The Priority dialog box enables you to select Low, Medium, or High priority. (See Figure 3.)
Figure 3: With NetRoad TrafficWARE, you can create policies for managing traffic flow, specifying information such as whether particular traffic is low, medium, or high priority.
The Admission Control dialog box enables you to specify under what circumstances the policy applies. For example, you could specify that when the network load exceeds 50 percent, the policy restricting video conferencing sessions should be enforced.
Using the dialog boxes as a guide, you can create many types of policies for managing traffic flow. For example, you might create a policy dictating that members of the Accounting group who are using Citrix WinFrame during work hours should receive high priority. You might also create a policy for your company's CEO or for yourself, giving the specified User object high priority and guaranteeing 10 percent of bandwidth if the network is congested.
You can download an interactive demonstration version of NetRoad TrafficWARE from http://www.ukiahsoft.com/eval.html. This demonstration version includes a full working copy of TrafficWARE Administrator.
For more information about NetRoad TrafficWARE, visit Ukiah Software's web site (http://www.ukiahsoft.com). You can also call 1-800-988-5424 or 1-408-369-2890.
VISIO SOLUTION PACK FOR NDS--ENABLING YOU TO DESIGN NDS TREES
In order for the network to function properly and for products such as SentriNET, WebConsole, StarGate IVG Server, and NetRoad TrafficWARE to meet your company's needs, you must start with a well-designed NDS tree. Visio Solution Pack for NDS from Visio helps you create such a tree.
Visio Solution Pack for NDS is add-on software for Visio Professional, a diagraming application that allows you to design and document the network and its processes. With Visio Solution Pack for NDS, you can use Visio Professional to plan, design, troubleshoot, and document the implementation of your company's NDS tree.
Visio Solution Pack for NDS is an .EXE file that you run on any Windows NT or Windows 95 workstation running Visio Professional 5.0 or above. To use the full functionality of Visio Solution Pack for NDS, you will also need Novell's OImport and OExport utilities. (You can download these utilities from http://www.novell.com/consulting.) The .EXE file installs the following software components:
One template
Two stencils
One help file
The template contains predrawn shapes, an appropriately scaled drawing page, and other tools that help you design the NDS tree. This template also contains two stencils, which are files that include shapes, calledSmartShapes. The stencils include 43 SmartShapes, which in this case are symbols for NDS container and leaf objects. Each SmartShape includes the properties (such as username and network address) that you need to create and modify NDS objects.
Visio created Visio Solution Pack for NDS with the help of Novell Consulting and the NDS Developer Alliance division. As a result, Visio based its product on Novell's standards for NDS design, as outlined inNovell's Four Principles of NDS Design, a book written by Novell consultants Jeffrey F. Hughes and Blair W. Thomas. For example, the help file included with Visio Solution Pack for NDS incorporates information from this book. (You can orderNovell's Four Principles of NDS Designand other books published by Novell Press from http://www.novell.com/nwc/bookstor.)
Visio Professional and Visio Solution Pack for NDS can read from and write to the NDS database using Novell's VImport and VExport utilities. (The VExport and VImport utilities are sub-utilities derived from Novell's OImport and OExport utilities.) For example, the VImport utility imports information to the NDS database, enabling you to design or modify the NDS tree and import new or modified NDS objects to the NDS database.
You first use Visio Professional and Visio Solution Pack for NDS to create a diagram of your company's NDS tree. The VImport utility then translates new and modified NDS objects from this diagram into an editable, delimited text file that the NDS database can read. In this way, the VImport utility writes new and modified NDS objects from the diagram to the NDS database.
The VExport utility, as its name suggests, exports information from the NDS database. Specifically, the VExport utility creates a snapshot of the objects in your company's NDS tree. This snapshot is an editable, delimited text file that Visio Professional and Visio Solution Pack for NDS use to diagram the NDS tree. This diagram includes the standard NDS schema, complete with selected attributes. This diagram does not include NDS objects or properties created by products that have extended the NDS schema.
Using Visio Professional and Visio Solution Pack for NDS, you are guided by Wizard-style dialog boxes as you create a diagram. These dialog boxes provide support for both top and bottom levels of the NDS tree, helping you accurately plan, design, and maintain the NDS tree. According to Leslie Grandy, senior product manager of Visio Professional products, "because these Wizards are based on Novell's design principles, they more or less force you to take the appropriate design steps."
You can download Visio Solution Pack for NDS and the VImport and VExport utilities free from http://www.visio.com/nds. (You can download the OImport and OExport utilities, which include the VImport and VExport utilities, from http://www.novell.com/consulting.) However, running this solution requires Visio Professional 5.0 or above, which costs U.S. $349 for a one-user license.
For more information about Visio Professional and Visio Solution Pack for NDS, visit Visio's web site (http://www.visio.com). You can also call 1-800-248-4746 or 1-206-521-4500.
BENEFITSXTRA--AN NDS-ENABLED LINE-OF-BUSINESS APPLICATION
All of the NDS-enabled applications discussed in the previous sections are designed to enhance your company's network rather than to improve your company's business: SentriNET helps you secure access to network information; WebConsole helps you manage NetWare servers; StarGate Server helps you extend network services to telephone calls; NetRoad TrafficWARE helps you manage bandwidth; and Visio Solution Pack for NDS helps you design an NDS tree. However, BenefitsXtra from Bentana Technologies--the first runner-up in Novell's Get Off Your Apps! contest--is designed to improve a particular type of business.
The vertical market for BenefitsXtra is employer service providers, which include payroll and employee-benefits providers, as well as human resource and benefits consultants. Bentana Technologies licenses BenefitsXtra to employer service providers, who can then customize and create their own private label for the application and distribute this application to their small- and medium-sized business customers. Basically, these customers turn to employer service providers when they want to outsource the management of human resources, payroll, and employee benefits.
BenefitsXtra is an extranet application that integrates a company's human resources, payroll, and employee benefits data with an employer service provider's administration system. The employer service providers who use BenefitsXtra have an edge over their competitors: BenefitsXtra offers employer service providers a fast, reliable, and secure way to deliver their services electronically over the Internet. By providing these services electronically over the Internet, BenefitsXtra enables employer service providers to eliminate the paperwork typically associated with outsourcing. As a result, these employer service providers offer services that are more convenient than their competitors' services, less prone to human error, less expensive, less time consuming to implement, and easier to track.
At the heart of BenefitsXtra is the Human Resource Integration System (HRIS) application, which includes human resource, payroll, health, welfare, retirement, and savings software components. HRIS is a Java-based application that an employer service provider's customers can run on any 32-bit workstation platform, such as Windows NT or Windows 95. If customers prefer, they can use any Java 1.1-compliant browser to download an HRIS Java applet from the employer service provider's web site. Whether customers use the HRIS application or the HRIS Java applet, they can access their own human resources information, which can be stored locally on the customers' NDS servers or remotely on the employer service provider's NDS servers.
Among other functions, HRIS enables human-resource administrators and employees to enroll in benefits plans, add dependents to these plans, view pay stubs, and pay premium bills electronically. Bentana Technologies claims that BenefitsXtra is intuitive, with easy-to-use features including events-based messaging and wizards. Events-based messages alert users to take action and to modify their benefit plan when particular life events occur, such as marriage or the birth of a child. Wizards guide human-resource administrators and employees through various processes, such as enrolling in a benefits plan.
BenefitsXtra uses any directory service that supports LDAP version 3, including NDS, as its data repository. A directory service such as NDS is the key to implementing a secure extranet.
For example, NDS ensures that data entered anywhere on the extranet is encrypted on the wire and is securely replicated and synchronized on all servers. Employer service providers and their customers could distribute and replicate information about the customers' employees, including their names, telephone numbers, e-mail addresses, and access rights.
NDS also ensures that only users with correct usernames and passwords can log in to the extranet and can access only areas on the extranet to which they have rights. An employee might be able to view and modify information about a particular insurance claim he or she files, but the employee would not be able even to see information about a coworkers' insurance claims (unless this employee had the necessary rights to do so).
NDS even helps BenefitsXtra reduce paperwork for both customers and employer service providers. For example, when a company hires a new employee, the employee or the human-resource administrator can enter information online, electronically enrolling this employee in several benefits plans. Because BenefitsXtra stores the information in NDS, the employee or the human-resource administrator only has to enter this information once: NDS then automatically replicates and synchronizes that information across the extranet. Without NDS, the employee or the human-resource administrator would have to manually complete multiple forms with redundant information (such as the employee's name, address, and social security number) and send these forms to employer service providers. The employer service providers, in turn, would have to distribute each form individually to the appropriate benefits provider.
For more information about BenefitsXtra or about employer service providers who use BenefitsXtra, visit Bentana Technologies' web site (http://www.bentana.com). You can also call 1-860-289-6037.
CONCLUSION
Whether it's biometric network access, remote network management, call management, bandwidth management, proper NDS tree design, or a line-of-business extranet, the NDS-enabled applications available today offer the services you need--and some you don't necessarily need but would really like to have. And what about the NDS-enabled applications available tomorrow?
Who knows? The number of NDS-enabled applications keeps growing. Developers continue to be inspired by the inherent benefits of writing NDS-enabled applications. Of course, these developers are also inspired by exotic vacations and by the promise of comarketing opportunities with Novell, which are just a couple of the rewards luring developers to participate in Novell's latest developer contest, called simply Novell Developer Contest. (For more information about this contest, visit http://developer.novell.com.)
The more NDS-enabled applications developers write, the more NDS-enabled applications you have to choose from. And the more NDS-enabled applications you run on your company's network, the easier your life--and users' lives--will be.
Linda Boyer works for Niche Associates, an agency that specializes in technical writing and editing.
NetWare Connection,August 1998, pp. 6-18
Read All About It
Past issues of NetWare Connection have featured articles about a number of products from Novell Directory Services (NDS) partners. If you want to find out about any of the following products, you can read the appropriate articles:
ALERTPAGE ENTERPRISE FROM GENEVA SOFTWARE INC.
"Online Connection: A Web Site a Day . . ." (Feb. 1998, pp. 49-50). You can download this article from http://www.novell.com/nwc/feb.98/onlin28.
CALLWARE FROM CALLWARE TECHNOLOGIES INC.
"The Network Speaks With CallWare's NLM" (Jan./Feb. 1996, pp. 58-62). You can download this article from http://www.novell.com/nwc/jan-feb.96/callware.
CD-SYSTEM FROM SCINET INC.
"CD-ROMs: From Standalone to Network-Wide Access" (Mar./Apr. 1996, pp. 59-65). You can download this article from http://www.novell.com/nwc/mar-apr.96/cd-rom.
DISCPORT EXECUTIVE FROM MICROTEST INC.
"DiscPort Executive for IntranetWare: Adding CD-ROMs to a Network or Intranet" (Nov. 1997, pp. 40-44). You can download this article from http://www.novell.com/nwc/nov.97/discn7.
DS STANDARD NDS MANAGER FROM COMPUTER ASSOCIATES INC.
"DS Standard NDS Manager: The Ideal Tool for Migrating to NetWare 4.1" (Sept./Oct. 1995, pp. 58-61). You can download this article from http://www.novell.com/nwc/sep-oct.95/dsstanda.o5.
NETROAD FIREWALL FROM UKIAH SOFTWARE INC.
"Ukiah's NetRoad FireWALL: Multilevel Protection for Multiprotocol Networks" (July 1997, pp. 38-45). You can download this article from http://www.novell.com/nwc/jul.97/ukiah77/index.html.
ORACLE8 FROM ORACLE CORP.
"Oracle8 for NetWare" (May 1998, pp. 24-30). You can download this article from http://www.novell.com/nwc/may.98/oracle58.
SECURECONSOLE FROM PROTOCOM DEVELOPMENT SYSTEMS LTD.
"Online Connection: Taking Stock" (Aug. 1997, pp. 46-50). You can download this article from http://www.novell.com/nwc/aug.97/onlin87.
SFLOGIN FROM NETORIA INC.
"Netoria's SFLOGIN 2.0: Extending the Capabilities of Novell's Client Software" (Mar. 1998, pp. 39-41). You can download this article from http://www.novell.com/nwc/mar.98/sflogin.
STANDBYSERVER MANY-TO-ONE FROM VINCA CORP.
"Vinca's StandbyServer: Stand by Your Network" (June 1997, pp. 40-45). You can download this article from http://www.novell.com/nwc/jun.97/vinca67.
STEEL-BELTED RADIUS FROM FUNK SOFTWARE INC.
"Online Connection: Pushing the Envelope" (July 1997, pp. 49-51). You can download this article from http://www.novell.com/nwc/jul.97/onlin77.
WANDERLINK FROM FUNK SOFTWARE INC.
"Online Connection: Hit the Road" (May 1998, pp. 47-49). You can download this article from http://www.novell.com/nwc/may.98/online58.
NetWare Connection, August 1998, p. 18
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.