What Do NDS and DEN Have in Common? (Besides the Letters D and N)
Articles and Tips:
01 Jan 1999
If you are running NetWare 5 or NetWare 4, you know the benefits of a directory service firsthand. Can you imagine what your company's network would be like if equipment vendors made their bridges, routers, and switches directory enabled? Directory-enabled products would give you the ability to manage your entire network through the directory--including the network infrastructure. This interoperability is precisely the purpose of the Directory-Enabled Network (DEN) specification from the Desktop Management Task Force (DMTF). The DEN specification defines an information model, a usage model, and a directory schema for integrating network components with a directory service. This integration makes networks easier to use, easier to manage, and more secure.
Novell recently entered into several partnerships with other high-tech companies to advance and adopt the DEN specification. As a result of these partnerships, these companies are developing several DEN-compliant offerings.
For example, at NetWorld+Interop '98 in Atlanta, Novell and Lucent Technologies Inc. announced that Novell Directory Services (NDS) will be integrated and bundled with management software for Lucent's Cajun P550 Ethernet Switch. Shortly thereafter, Novell and Nortel Networks' Bay Networks announced an agreement to develop and market network services that integrate NDS with Bay Networks' Optivity Policy Services, a policy management application suite. Then at COMDEX '98 in Las Vegas, Novell and Cisco Systems Inc. announced that the two companies were integrating Cisco routers and switches with NDS. These offerings, coupled with the technologies already integrated in NetWare 5, make NDS the first directory service to support the DEN specification.
WHAT IS THE DEN SPECIFICATION?
The DEN specification enables equipment vendors, directory service providers, software developers, common carriers, and users to develop interoperable, directory-enabled applications that address the following:
The way the network functions
The elements and services of the network
The physical and logical topology of the network
If applications are integrated with the directory, they can leverage the network infrastructure on behalf of the user. As a network administrator, you can then provide and manage all of the devices between users and the network on a per-user basis. For example, when a user logs in to the network and launches a bandwidth-intensive application, network resources, such as the necessary bandwidth, can be allocated on demand for that application.
Using existing protocols such as the Simple Network Management Protocol (SNMP), the DEN specification stipulates that information be gathered about the following:
Network elements
Services
Relationships between network elements and services
Other sources of network information such as Management Information Bases (MIBs)
Devices such as switches and routers use SNMP to broadcast information about themselves. An application uses SNMP to discover that information and then uses Lightweight Directory Access Protocol (LDAP) to store this information in the directory service. The application also uses LDAP to retrieve the information. As a result, equipment vendors do not need to implement LDAP on their devices.
The DEN specification also defines policies and profiles that allow you to control the network and its services through a directory service. You can use policies to control the resources each user can access in the context of a specific application or service. For example, you could distribute network bandwidth based on user profiles and application priority, enabling Quality of Service applications. Policies and profiles give you a level of control over your networks that was previously unavailable.
The following types of applications can benefit from the DEN specification:
Inventory-management applications
Asset-management applications
Configuration and provisioning applications
Capacity-planning applications
The DEN specification also provides a framework to store and retrieve information about the following in a directory service:
Domain Naming System (DNS) services
Dynamic Host Configuration Protocol (DHCP) services
Remote Authentication Dial-In User Services (RADIUS)
In this way, the DEN specification augments these services through centralized management.
WHY DOES THE INDUSTRY NEED THE DEN SPECIFICATION?
Networks today are comprised of an increasing number of diverse network elements. Many of these elements run different protocols and services over different media, making today's networks extremely complex. Because the management applications for these network elements often do not interoperate with each other, managing these complex networks is both difficult and costly.
To manage today's complex networks more efficiently, you need a central, intelligent repository of information about network services and applications. The need for this directory is one driving force behind the DEN specification: By enabling the integration of the network infrastructure with a directory service, the DEN specification centralizes the management of network resources and reduces management costs.
Another driving force behind the DEN specification is the dramatic change in the way people use computers. The explosive growth of the Internet and the shift toward bandwidth-intensive and isochronous network applications (such as streaming multimedia) require you to have greater control over the network and its resources. The DEN specification allows a directory service to store detailed information about the network and its resources including users, applications, devices, protocols, media, services, and the relationships among all of these resources.
The DEN specification also allows a directory service to store information traditionally viewed as defining the network (such as routing tables). With this level of diverse information stored in the directory, you can define and manage policies to control the network and its resources in a distributed, yet logically centralized, manner.
THE COMMON INFORMATION MODEL STANDARD
The DMTF made the DEN specification part of the Common Information Model (CIM) standard. (For more information, http://www.dmtf.org/news/press_release/09_28_98_1.html.) The CIM standard provides a framework for managing enterprise computing environments in a common way. The CIM standard allows you to see a consistent view of the managed environment, regardless of which protocols and data formats individual network devices and applications support.
The CIM standard addresses the management of the following elements in an enterprise network:
Collections of general-purpose devices (not network devices)
Applications
System components
System data
The DEN specification enhances the CIM standard by defining the representation and management of network elements in enterprise and service provider networks. The DEN specification does not replace the information exposed by CIM but instead leverages this information and the information provided by other management frameworks such as SNMP.
The CIM standard and the DEN specification often have the same information needs. In these instances, a directory service can act as a central repository for CIM information. However, when storing CIM information in other repositories is more logical, the DEN specification enables other types of data repositories to communicate better with directory-enabled applications.
Applications written to use the CIM standard provide additional data that expand and enhance the DEN specification. These CIM-based applications will benefit from integration with the directory. Because the DEN specification is an extension of CIM, application developers can provide this integration with minimal effort.
THE INFORMATION MODEL AND THE SCHEMA
The DEN information model defines how applications in an integrated directory service leverage the information published and how these applications interact with each other. The information model also defines how users and applications interact with network resources and how these network resources are managed.
In addition, the information model includes a schema for defining objects and rules governing how objects interact with each other. The DEN schema provides a basic framework that represents the network elements and services. This framework includes six base schema classes:
Network device
Network protocol
Network media
Network service
Profile
Policy
These six base schema classes augment the schemas provided by existing directory services such as NDS: The DEN schema defines network elements and services and how they interact with applications, users, and other services. Schemas of existing directory services define users, applications, and so on.
The DEN specification also leverages schemas defined by the CIM and X.500 standards. The DEN specification uses the CIM classes that represent products, systems, applications, and components in an enterprise network. These classes include the following:
Product
Managed system element
Configuration
Service
Software
Location
Check and action
Application
The DEN specification expands these classes to address the specific requirements of network elements and services.
In addition, the DEN specification uses the following X.500 classes:
Top (the class from which all classes are ultimately derived)
Person
Group
Organization
Device
Application
The DEN specification augments the X.500 Person and Device classes, enabling these classes to describe and control the interaction among users, applications, network elements, and services. The DEN specification uses an X.500-based model of Person and Application to represent network elements and services and their binding to users and applications.
The DEN schema is extensible, enabling developers to refine the six base schema classes and provide application-specific functionality. Because developers writing to the DEN specification use a common information model, applications that have completely different purposes but are operating on common objects can exchange information and knowledge about those objects. This exchange of information minimizes development efforts because one developer can populate the directory service with common information and other developers can use this information in their applications.
NDS AND THE DEN SPECIFICATION
Novell has embraced the DEN specification and is the first vendor to support DEN applications in its directory service. NDS in NetWare 5 stores information about DNS, DHCP, and RADIUS services as defined in the DEN specification.
Novell's DNS/DHCP Services store IP addresses, configuration, and host names in NDS, allowing you to centrally manage your entire IP environment. DNS/DHCP Services also support Dynamic DNS (DDNS), enabling dynamic updates of host names as IP addresses change.
Novell has also integrated RADIUS with NDS in its BorderManager Authentication Service product. This integration allows you to configure and manage remote dial-up users through NDS, eliminating the need to manage RADIUS servers separately. This integration also provides a central point of authentication and authorization to the network for remote and local users alike. (For more information about BorderManager Authentication Service, see "Novell's BorderManager Authentication Service: Arm Your Network for Remote Users," NetWare Connection, Dec. 1998, pp. 21-30. You can download this article from http://www.nwconnection.com/dec.98/bmasd8.)
MORE DEN APPLICATIONS TO COME
Novell's partnerships with Lucent Technologies, Nortel Networks, and Cisco promise that NDS will provide more DEN application support in the near future. Although the companies are in the early stages of product development, the ultimate goal is to use NDS to store information about network devices (such as routers and switches), enabling centralized management and remote configuration of these devices.
Integrating the physical network with the directory will greatly reduce the cost of managing network devices. This integration will also provide the foundation for controlling the use of applications, enabling features such as user identity-based auditing, management, billing, and Quality of Service.
Novell and Lucent Technologies
The first product of the Novell-Lucent partnership is the integration of NDS with Lucent's Cajun P550 Ethernet switch. With this product, you will be able to use an NDS management tool such as the NetWare Administrator (NWADMIN) utility or ConsoleOne to remotely manage and configure Lucent switches. For example, you will be able to use these management tools to allocate priority bandwidth to a particular user or a mission-critical application.
Integrating NDS with Lucent's Cajun P550 Ethernet switch not only reduces the cost of managing the switch but also improves the quality of service to the user. Novell and Lucent have announced that this product should be available in the first half of 1999.
Novell and Nortel Networks
As a result of the Novell-Nortel Networks partnership, Bay Networks will integrate NDS with its Optivity Policy Services, a management application suite. With this integration, you will be able to allocate critical network resources based on corporate policy. You will also be able to define policies based on user identity or other factors (such as time of day) and apply these policies to a specific user regardless of the user's location on the network. As a result, users will receive improved, high-quality network performance and have consistent, prioritized access to key applications.
Bay Networks will bundle NDS with Optivity Policy Services, which is scheduled for release in the second quarter of 1999.
Novell and Cisco Systems
The Novell-Cisco partnership will provide interoperability between NDS and Cisco routers and switches, including Cisco Assure products, Cisco User Registration and Tracking, and Cisco Registrar. Although the two companies have made no product announcements, Novell demonstrated technologies at COMDEX '98 in Las Vegas that could possibly be the basis for new products in the future.
At COMDEX, Novell demonstrated NDS-based management of Cisco routers and switches. Using a Java agent for routers and switches, Novell demonstrated the ability to remotely communicate with and configure routers. This technology enables remote control of routers, autodiscovery of router configuration, and remote autoreboot or fault recovery of routers for automated systemwide upgrades or maintenance.
The technology Novell demonstrated could significantly reduce management costs. For example, using this technology, you could remotely manage or upgrade a router at a branch office. You would no longer need a network administrator at the branch office.
CONCLUSION
The DEN specification promises to reduce the cost of network ownership by integrating network infrastructure products and services with a directory service. The DEN specification provides the following benefits:
Centralizes the management of network elements and services and eliminates redundant management tasks
Centralizes authentication and authorization for applications and services in the network
Simplifies the management of network resources through policy-based management
Novell has made the promise of the DEN specification a reality with NDS. By delivering products such as NetWare 5 and BorderManager Authentication Service and with the promise of other products in the near future, Novell is building directory-enabled networks.
Sandy Stevens is a freelance writer based in Salt Lake City. She is coauthor of Novell's Guide to Integrating intraNetWare and NT, Novell's Guide to NetWare Printing, and Novell's Guide to BorderManager.
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.