i-login: It's One Net Live From Novell
Articles and Tips: article
01 Dec 2000
How much have you heard about the new networking model that Novell has named one Net? In case you have heard only a little or haven't heard anything at all, the one Net model defines a networking environment that blurs the boundaries between the Internet, intranets, and extranets as well as corporate, public, and wired-to-wireless networks. With their boundaries blurred, these networks converge into a single global network, enabling IT professionals to more effectively manage and secure all of their company's resources. That's one Net (in one nutshell)--and Novell is the one company committed to making this model work in the real world.
In fact, Novell's mission is to help organizations worldwide realize the one Net model. To that end, Novell is reshaping its existing products and building new products to meet the specifications of a new category of software: Net services software. Net services software, in effect, is the magic that can transform those old firewall-separated networks into one Net. The secret to this magic is that Net services software is usually web enabled, always directory enabled, and inherently platform independent. (For more information about one Net and Net services software, see the Novell corporate overview at www.novell.com/news/onenet.)
If you think Novell's mission to realize its one Net vision is just talk, you'd better think again: Novell has empirical evidence to the contrary: Beginning September 20, Novell Information Systems and Technology (IS&T) officially launched the preliminary results of an initiative called i-login. With i-login, Novell puts its own corporate network where its vision is and paves the way for you to do the same. As Novell IS&T director Dave Cox succinctly explains, "i-login is one Net in practice."
NOVELL HELPS ITSELF TO HELP OTHERS
At its core, i-login is "a Novell internal initiative to solve Novell internal problems," explains Novell product manager Allen Tietjen. What kind of problems? At the outset, the i-login initiative will drive the development of solutions to basic employee productivity problems--problems that Novell believes are not unlike your company's problems.
However, solving Novell's internal problems is not the long-term goal of the i-login initiative. The real plan is to solve Novell's internal problems in order to help other companies--like yours--solve their own problems. How will Novell help your company by helping itself? The simple answer is by developing, then testing, and finally sharing solutions to common business problems.
Here's how the i-login initiative works: First, Novell identifies problems. Then members of Novell IS&T work with Novell Engineering to develop and internally deploy solutions to these problems. As a natural result, Novell's corporate headquarters becomes, in effect, a live testing environment for the new i-login solutions--solutions that Novell adds to its collection of Net services software.
Next, Novell passes these i-login solutions along to a handful of customers for additional testing. Sharing the i-login solutions with these customers helps Novell better define the problems these solutions are intended to solve and increases the span of (and therefore improves) the testing environment for these solutions. Novell and these select customers test, test, and retest the i-login solutions. Novell can then modify the i-login solutions as necessary to ensure they solve the problems they were designed to address.
Finally, when Novell is satisfied with the results, it packages the clusters of Novell and Novell-partner products and technologies that comprise the i-login solutions. The packaging model for these solutions includes, but goes beyond, the traditional red box. (For more information about packaging these solutions, see the "For Here, Take Out, or Delivery?" section.)
BEGINNING AT THE BEGINNING
At this early point in the process, Novell IS&T is working to refine the first of many i-login solutions, including the following solutions:
Zero Day Start
For that reason, you might be interested in taking a sneak peak at the products and technologies that comprise these solutions. More to the point, you probably want to see how these solutions are working at Novell. You can then catch a glimpse of how these solutions could help your company.
YOU'RE HIRED--NOW GET TO WORK!
Do you remember what you did to fill the hours of your first day on the job? Maybe you completed forms for human resources (HR) at someone else's desk. Perhaps you read your company's employee manual. Whatever you did, you probably did not do what you were hired to do--work.
What were you waiting for? Training aside, new employees are often unable to work because they're waiting for standard productivity tools that they will later take for granted: an office and a desk; a telephone and telephone number; a computer, a network account, and access to the appropriate applications and databases.
If your company is like most companies (including Novell), it probably pays new employees for days or even weeks to count paper clips (if they have any) while they wait for the tools they need to start work. In fact, Tietjen claims that the average company takes several days or as long as several weeks to get new employees everything they need to be productive. "That seems insane," says Tietjen--and it is. Nevertheless, Tietjen points out, "that's the reality for most companies."
As part of the i-login initiative, Novell IS&T conceived, developed, and continues to build upon Zero Day Start to address this problem. The goal of Zero Day Start (as if you couldn't guess from the name) is to eliminate the delay between the time new employees first walk through Novell's doors and the time they have the tools they need to be productive. In fact, the automated Zero-Day-Start processes are set into motion the moment someone signs an employment offer from Novell.
Heading in the Right DirXML-ection
One of the key enabling technologies underlying Zero Day Start is DirXML, Novell's metadirectory tool that you can use to integrate some or all of the directories on your company's network. You can think of the metadirectory you create using DirXML as a figurative directory wheel with an NDS tree as its central hub. DirXML then serves as the metaphorical spokes that connect other directories to this hub. (For more information about DirXML, see "Too Many Directories" Synch 'Em With DirXML," NetWare Connection , May 2000, pp. 8-14.)
For example, an NDS tree called the Workforce tree is the hub of the metadirectory Novell IS&T designed for Novell's implementation of Zero Day Start. (See Figure 1.) Novell's Workforce tree is a flat structure that includes little more than a Novell Organization container holding the User objects that together represent Novell's workforce. These User objects store essential information about Novell employees, including their first and last name; telephone, fax, pager, and cellular numbers; mail stop; identification number (called a Workforce ID); and their manager's name.
Figure 1: For the Zero-Day-Start solution, Novell IS&T integrated its directories to automate the processes involved in getting new employees what they need to work. Consequently, before their first day on the job, new employees have everything they need, including rights to workflow, a telephone and telephone number, an office, access to the appropriate buildings, and rights to directory-enabled applications.
Using DirXML, Novell IS&T integrated many (and eventually will integrate all) of the directories and databases underlying Novell's applications and business systems. (For more information about this integration, see "The DirXML Links in the Zero-Day-Start Chain.") For example, members of Novell IS&T have integrated (or are working to integrate) directories or databases for the following systems. (See Figure 1.)
Metastorm e-work, a workflow system
PeopleSoft, an HR system
Avaya PBX systems from Lucent Technologies
A Business Integration Group (BIG) facilities system
A Westinghouse security system
In addition to the directories and databases underlying these systems, Novell IS&T has integrated two other NDS trees. One of these trees, the Authentication tree, includes little more than an NDS Organization container holding usernames and passwords. The other tree, the Services tree, also has an NDS Organization container, which holds the Server and Volume objects that run Novell's directory-enabled applications, including GroupWise and Novell eGuide. (Novell eGuide is a white-pages application.)
For each of these directories and databases, Novell configured DirXML to either send information from the Workforce tree to the other directory or to return information from the other directory to the Workforce tree. As a result, Novell IS&T can synchronize selected information--in this case, user-related information--that is stored within these directories.
By using DirXML, Novell IS&T can also specify the object classes and attributes for which each directory will be responsible for accepting changes from or sending changes to the Workforce tree. This ability to control the information flow enabled Novell IS&T to make a specific directory the "authority" on particular types of information. For example, Novell IS&T made the PBX system the authority on users' telephone numbers: Only telephone numbers that originate from the PBX system are accepted in Novell's DirXML metadirectory. If a Novell employee changes a telephone number in one of the other integrated systems, DirXML immediately detects and negates that unauthorized change.
One of the results of integrating these directories is that information about new employees is entered only once. Likewise, changes to user information are entered only once. After this single entry, DirXML automatically updates all of the other directories that Novell IS&T engineers have configured to accept this addition or change.
Go With the Workflow
Another product that plays an important role in Zero Day Start is Metastorm e-work from Metastorm Inc. (www.metastorm.com). This software platform allows you to design applications that integrate data and systems and helps you deploy those applications across or beyond the enterprise. (For more information about Metastorm e-work, see Novell's online demonstration of e-work at http://democity.novell.com/servlet/webview?query=myquery&x=ework.)
For Zero Day Start, Novell IS&T used Metastorm e-work to create a workflow that helps automate some of the processes responsible for getting new employees the tools they need to be productive. For example, the creation of a new NDS User object in the Workforce tree will soon trigger an event that results in the creation of a purchase order for new equipment, such as a cellular telephone, laptop, or personal digital assistant (PDA). This purchase order will then be routed to the Financial database, so the cost of the item or items purchased can be debited from the cost center of the appropriate Novell department.
As a complete workflow solution, Metastorm e-work also enables you to publish forms to the web so that users can complete and return those forms on the web. For example, at Novell, HR uses Metastorm e-work to publish to the web some of the forms employees need to complete before starting work, such as a U.S. W-4 form, a conflicts disclosure form, and an intellectual property agreement.
Metastorm e-work tracks the predefined route for these forms (as it does for all forms). For example, Metastorm e-work records when the forms were completed and if and when the appropriate persons signed them. (Of course, this process requires the use of digital signatures, which Novell plans to deploy throughout Novell during the next several months.)
The Directory Wheel in Motion
In general terms, the result of using DirXML and Metastorm e-work is this: When a new employee signs Novell's offer of employment, a Novell HR employee creates a new account in the HR database. This new account triggers the creation of a new User object in the Workforce tree. (For more information, see "Woops! One Rule Too Few.") The new User object in the Workforce tree, in turn, triggers entries or the creation of new accounts in other integrated directories and databases.
For example, the creation of a new User object in the Workforce tree triggers an entry in the database for Metastorm e-work. "What this actually means," explains Novell IS&T engineer Mark Lowings, "is that when someone joins Novell, [he or she] will have access right away to [his or her] workflow." Consequently, new employees can access, complete, and return HR forms to Novell before their first day of work.
DirXML also pushes through to the BIG facilities database the information regarding the new NDS User object in the Workforce tree. (BIG is a company that manages Novell's facilities in San Jose and Provo.) Consequently (and with some manual intervention), a new employee gets assigned an office. The facilities system then pushes through to the Workforce tree the office number and the numbers of the telephone jacks and the network jacks in that office. DirXML then pushes that information through to the systems Novell IS&T has configured to accept this information.
For example, Novell IS&T has configured the PBX system to accept information regarding telephone jack numbers. After learning the jack number, the PBX system assigns a telephone number and pushes that information through to the Workforce tree. The Workforce tree, in turn, pushes this information through to the systems (such as the HR database) that Novell IS&T has configured to accept the information.
The creation of the new account in the Workforce tree also automatically enables access to directory-enabled applications, including GroupWise and Novell eGuide.
Ultimately, Novell IS&T hopes to use DirXML to integrate the Westinghouse security system that controls employees' access to buildings. When the Westinghouse system is integrated, DirXML will send information regarding the new User object in the Workforce tree to the Westinghouse system. The Westinghouse system, in turn, will determine the security profile for the new employee (based on his or her job title, manager, and home office, for example). Based on this information, the Westinghouse system will determine which buildings the new employee needs to access. As a result, when new employees "show up on [their] first day, [they] walk in, security hands [them] a card, and [they're] set," says Cox.
The dust from all this automated account creation will clear before new employees walk through Novell's doors for the first time. Consequently, when new employees show up on their first day at Novell, they'll find a fully equipped office, the means to communicate with others (and vice versa) via e-mail and telephone, and access to all of the applications (including workflow forms) ready and waiting for them to use.
How soon will these new employees start being really productive? Time will tell, but one thing is certain: If new employees aren't working immediately, it won't be because they don't have the right tools.
The Zero-Day-Start solution helps new employees get to work sooner than they might otherwise be able to. As Novell employees, they can immediately begin to access information, applications, and services that are stored in separate networks--which brings up another problem. In today's networking model, getting the information, applications, and services employees need to work is a bit of a hassle at best and flat-out impossible at worst.
For example, some Novell employees may regularly access applications stored on local servers, commonly read the news on Novell's InnerWeb, and frequently access reports and articles on the Internet. Of course, these employees need access rights to these tools and information sources, so they juggle multiple usernames and passwords.
When these employees are at the office, accessing the applications, news, articles, and reports they need to work is clearly possible but not altogether convenient. Employees have to open and minimize several applications on their desktop, visit several sites on the InnerWeb, and launch multiple instances of their browser to keep a few web sites open. For many of these information sources, employees must also enter a username and password. Admittedly, the process isn't an ordeal, but it is a hassle.
When employees are not at the office, accessing all of the information sources they need to be productive is more than just a hassle--in many cases, it's impossible. Employees who are traveling or working at home cannot access most of the corporate applications and services they need because those applications and services are securely (but inconveniently) stored behind Novell's firewall.
AT HOME, AT WORK, AT PLAY--SERVICES ARE ONE LOGIN AWAY
The inconvenience of scattered information, the hassle of multiple usernames and passwords, and the problem of inaccessible services are all on the brink of becoming history--at least for Novell. Novell IS&T and Novell Engineering jointly developed (and continue to refine) a corporate portal, called the i-login.Net portal, to address these common problems.
The i-login.Net portal is a figurative doorway that users can open to access all of the applications and services they need to work. The concept of a figurative doorway may not strike you as particularly impressive, but think about it for a moment: As a figurative doorway, the i-login.Net portal enables Novell employees to access corporate applications and services (that Novell's firewall once made inaccessible) over the Internet without compromising the security of those applications and services. Moreover, whether Novell employees are at work, at home, or traveling, the i-login.Net portal provides a single point of access not only to these corporate applications and services but also to Novell's InnerWeb and to web-based services.
In fact, the bottom line, theoretically at least, is that the i-login.Net portal can provide a single point of access to any service Novell employees use to work (or even to play). In addition, the i-login.Net portal delivers those services securely and to wherever those employees happen to be. Employees can access the i-login.Net portal from anywhere they can establish a wired or wireless connection to the Internet.
And those are just the portal's direct benefits. The i-login.Net portal offers indirect benefits as well. For example, the i-login.Net portal, in conjunction with Novell's Internet office solution, may ultimately spare Novell the cost of WAN lines. (For more information, see "The Portal to Savings.")
Black Hawk Basics
The i-login.Net portal is an example of Novell Portal Services in action. Formerly code-named Black Hawk, Novell Portal Services is a directory-driven portal framework that is fully Lightweight Directory Access Protocol (LDAP) enabled and built around XML and java servlets. Novell Portal Services runs on any web server platform (including NetWare, Windows NT, Solaris, and Linux) running any web server that features a servlet engine and uses an LDAP v3 compliant directory, such as NDS eDirectory. (For more information about Novell Portal Services, see "Novell Portal Services: A Better Way To Build a Desktop.")
With Novell Portal Services as the foundation, the i-login.Net portal provides the following benefits:
Employees can access the i-login.Net portal services from wherever they are.
Employees can use a variety of devices to access the i-login.Net portal.
The i-login.Net portal content can be customized for each employee.
Employees can personalize the interface to make the i-login.Net portal better meet their needs.
Novell employees can access the i-login.Net portal from a number of devices. For example (and as you would expect), users can access the i-login.Net portal from any desktop or laptop running a standard browser. Currently, the i-login.Net portal works best with Microsoft Internet Explorer 5.x. However, the portal also works (albeit a bit more slowly) with any version of Netscape (as well as other browsers).
Users can also access many of the i-login.Net portal services (and eventually all of them) using wireless devices, including wireless notebooks, cellular phones, and PDAs that use the Wireless Access Protocol (WAP).
By whatever means, to access the i-login.Net portal, Novell employees simply enter the correct URL: www.i-login.net. Go ahead. Try it. If you're not a Novell employee, you won't be able to sign in, of course, but you will be able to see the i-login.Net color scheme, which Novell engineers proudly describe as "piquant."
The i-login.Net portal opens first to a page that prompts Novell employees to sign in. (See Figure 2.) To sign in, employees enter their NDS username and password. This single sign-on (made possible through the use of Novell iChain and Novell Internet Caching Services [ICS]) enables employees to access all of the i-login.Net portal applications and services to which they have rights.
Figure 2: Novell employees simply enter their NDS username and password to access all of the i-login.Net services to which they have rights. They do not need to specify their context in Novell's NDS tree.
What is conspicuously lacking on this page is a prompt for employees' NDS context. As you may recall, Novell IS&T created an NDS tree called the Authentication tree. (This tree is integrated with the Workforce tree via DirXML.) The Authentication tree essentially includes only usernames and passwords and is the key to opening the portal without requiring employees to know their NDS context.
After users have signed in and have been authenticated to the NDS database, the i-login.Net portal redirects users to the home page. (See Figure 3.) On this page and, in fact, on all the i-login.Net portal pages, employees can choose from several gadgets, which are basically web-based applications that function as conduits to full-fledged services. (For more information about gadgets and the gadget development architecture, see the related article "Novell Portal Services: A Better Way To Build a Desktop.")
Figure 3: The i-login.Net portal includes gadgets, such as the Yahoo News gadget and other gadgets shown on the i-login.Net home page. You can add, move, delete, and personalize these gadgets.
For example, since September 20 (the date Novell IS&T officially launched the beta of the i-login.Net portal), the i-login.Net portal has featured gadgets for Novell eGuide, Yahoo News, GroupWise Mail, and GroupWise Calendar. (For an online demonstration of Novell eGuide, visit http://democity.novell.com/servlet/webview?query=myquery&x=eGuide.)
Of course, Novell IS&T has added several other gadgets since the launch of the i-login.Net portal and will undoubtedly continue to add gadgets. For example, the Novell Mobile Access Delivery (NOMAD) gadget should now be available. NOMAD provides employees with inexpensive dial-up access to the Internet while traveling and enables them to access corporate services not yet available within the i-login.Net portal. (For more information about NOMAD, see "Free From Toll-Fee Lines With NOMAD.")
The i-login.Net portal home page (like other i-login.Net portal pages) may be roughly the same for each Novell employee in terms of its default appearance, but it is different for each employee in terms of its content. Because the i-login.Net portal is an intelligent portal, it knows its users and delivers the appropriate content, depending on each user's NDS identity.
For example, based on information stored in NDS eDirectory, the i-login.Net portal knows which department Novell employees work for, their title, and to whom they report. Based on this information, the i-login.Net portal can deduce which of its services these employees have the rights to see and use. "For instance," Cox explains, if the i-login.Net portal "looks up my department, and I'm in Finance, it delivers to me all of the finance tools, reports, and so forth that are applicable to me because of my job."
In addition to customizing each screen depending on each user's identity, the i-login.Net portal enables users to personalize the portal to better fit their needs. For example, look again at Figure 3. Notice the pencil icon next to the Yahoo News gadget? This pencil icon enables Novell employees to personalize the Yahoo News gadget. Specifically, clicking the pencil enables Novell employees to select the category of Reuters news (for example, Top Stories, Business, and Technology) they want displayed and also to specify the maximum number of news items under each category.
The X and _ icons enable users to close and minimize gadgets, respectively. Of course, closing and minimizing are only temporary changes. However, users can also add, move, and delete gadgets. To do so, they simply click on Preferences at the top of the screen, and a dialog box for manipulating gadgets appears.
FOR HERE, TAKE OUT, OR DELIVERY?
The Novell IS&T is fully prepared for Novell employees to sign on to the i-login.Net portal and to wildly add, move, and delete gadgets. In fact, Novell IS&T is expecting employees to test the i-login.Net portal in any way they can. After all, that's the point: to test the portal so Novell IS&T can build upon, change, and refine the portal and the services it provides until the complete package works the way Net services software should work.
After Novell (and the customers with which Novell will share i-login solutions) have tested i-login solutions to Novell's satisfaction, Novell will package them--but perhaps not in the traditional red box you have come to expect. In fact, the i-login initiative represents a "big change," says Tietjen, "in the way Novell's products and services will be built and packaged." The new packaging model, as Cox describes, is based on a "for here, take out, or delivery kind of model."
The "for-here" packaging option refers to Novell's plan to host services. For example, suppose your company wanted a portal like Novell's i-login.Net portal. You wouldn't have to do the work yourself. Novell will be an Application Service Provider (ASP), so it can set up, run, and maintain a portal for your company. Novell will also market i-login solutions to partner ASPs.
If you opt to have the Novell ASP or a Novell partner ASP host services for you, your company's portal will be conceptually the same as Novell's i-login.Net portal. However, the Novell ASP or partner ASP will customize your portal's appearance, tools, and content to suit your company's needs. (So you can keep or toss that "piquant" color scheme, among other things.)
The "take-out" packaging option is more along the lines of the traditional Novell packaging model. That is, if you opt to "take out" one of the i-login solutions, you'll buy that solution in a red box, just as you purchase Novell products now.
For example, suppose your company, like Novell, wanted to eliminate the delay between the time a new employee arrives at work and the time the new employee has everything necessary to work. You could tackle this problem by purchasing the Zero-Day-Start solution in a red box. That box would include (but not necessarily be limited to) DirXML, Metastorm e-work, and NDS eDirectory. Thus, in one box, you would have the complete set of tools you need to solve a specific problem.
The final packaging option is "delivery." Novell will make i-login solutions available to consultants and integrators. This way, you can seek help from the consultant or integrator you choose, and that consultant or integrator can set up a solution for you.
For example, you might want online corporate white pages, but no one on your IS staff may have time to complete the task. A Novell consultant or integrator could set up Novell eGuide for you using Novell's prepackaged clusters of products and technologies suited for the task. In this case, the package might include Novell eGuide, Novell ICS, Novell Portal Services, NDS eDirectory, and DirXML.
THE NET POINT
The i-login.Net portal represents the beginnings of a fully functional one Net environment or, in other words, the steps toward realizing Novell's one Net vision. In this one Net environment, the borders between Novell's intranet, extranet, the Internet, and its corporate WAN simply don't matter--at least not to employees.
Novell employees can get the information they need to work from their first day on the job, from wherever they are, and from a single access point. Never mind if the statistics they need are on Novell's intranet. Never mind if the application they need is on Novell's corporate network. Never mind if the reports they need to read are on the Internet. To Novell employees, the information's source just doesn't matter. What matters is that the information they need is all a single sign-on away from the first day and via the i-login.Net portal.
Granted, the i-login.Net portal (indeed, the i-login initiative in general) is still in its infancy--well, maybe its toddler-hood. Consequently, the points in the preceding paragraph are true of the possibilities for i-login and not entirely true of the way things are now. That said, the point is, the possibility of realizing one Net is so real that Novell employees can taste it. In fact, they are tasting a version of one Net even as you read this--and probably finding it to be delightfully piquant.
Linda Kennard works for Niche Associates, an agency that specializes in writing and editing technical documents. Niche Associates is located in Sandy, Utah.
The DirXML Links in the Zero-Day-Start Chain
The metadirectory Novell Information Systems &Technology (IS&T) created for its implementation of the Zero-Day-Start solution has, at its logical center, an NDS tree called the Workforce tree. (See Figure 1.) For each directory Novell IS&Technology (IS&T wanted to synchronize with this Workforce tree, an IS&Technology (IS&T engineer created a DirXML application shim (also called a DirXML driver). Basically, an application shim translates data from NDS eDirectory into something the application, with which the shim interacts, can understand and vice versa.
Much of the work on these application shims was completed before a DirXML software developer's kit (SDK) even existed. (DirXML now ships with SDKs for creating application shims using Java or C++. These SDKs are available for download at http://developer.novell.com/ndk/doc/docui/index.htm#../dirxml/dirxmlbk/data/a7eda0f.htm.) Writing DirXML shims, claims Novell IS&T engineer Dave Johnson, "can be quite simple." Johnson explains that for applications that have a known set of application programming interfaces (APIs), the application shim only needs to translate XML-type data into this API set.
Other applications, Johnson continues, have no known API set, and consequently, writing the shims for these applications is "a little bit harder." Generally, the applications that do not have a known API set enable you instead to export data into a tab-delimited file, Johnson says. In these cases, he adds, the application shim must be written to run through the tab-delimited file, to translate the information found there into XML-type data, and to pass that data through to NDS eDirectory.
Writing the shims for the Services and Authentication trees, which are NDS trees, was easy, says Johnson. DirXML includes an NDS-to-NDS shim, so Novell IS&T engineers simply specified within that shim which object classes and attributes they wanted the NDS trees to synchronize. (DirXML also includes prewritten shims for Lotus Notes, Microsoft Exchange, Microsoft Active Directory, and Netscape LDAP.)
Novell IS&T engineers also had to create filters for each directory's subscriber channel, publisher channel, or both. (See Figure 4.) Filters on a directory's subscriber channel specify what information (object classes and attributes) the engineers wanted to flow from the Workforce tree to the other directory. Filters on a directory's publisher channel specify what information the engineers wanted to flow from the other directory to the Workforce tree.
Figure 4: With DirXML, you configure a subscriber channel, publisher channel, or both for each directory you integrate. On the subscriber channel, you create a filter to specify what information you want to flow from NDS eDirectory to the other integrated directory. On the publisher channel, you create a filter to specify what information you want to flow from the other directory to NDS eDirectory.
In Novell's case, the PeopleSoft database primarily publishes information to the Workforce tree. The other directories primarily subscribe to information changes in the Workforce tree. However, some of these other directories also publish specific pieces of information to the Workforce tree. For example, the facilities system publishes office and jack numbers, and the PBX system publishes telephone number.
Woops! One Rule Too Few
When a new People object is added to Novell's PeopleSoft database, DirXML carries that information to Novell's NDS Workforce tree and creates a new NDS User object. To do this, DirXML uses a set of rules that Novell IS&T wrote to enable DirXML to automatically generate new User objects. These rules help DirXML make a number of decisions. For example, the rules enable DirXML to determine which attributes it must have before it can create an object and to decide what NDS username to associate with each new User object.
When Novell IS&T began testing its implementation of DirXML and, in particular, DirXML's ability to create User objects, the team soon discovered that it had written one too few rules. "There are four Dave Johnsons at Novell," says Novell IS&T engineer Dave Johnson, adding that "there are a lot of [Johnsons] here whose names start with D." Consequently, when Novell hired yet another Dave Johnson, DirXML had some difficulty creating a new User object in the Workforce tree.
In Novell's DirXML configuration, the first rule used to generate a username for a new NDS object indicates that DirXML should use the first letter in the user's first name followed by the user's last name. In this case, the result would have been Djohnson. That name was already taken.
The second rule indicates that if the first attempt fails, DirXML should try using the first letter in the first name, the middle initial, and then the last name. In this case, that meant using DNJohnson. That attempt failed, explains Johnson, because that is my NDS username.
The third rule indicates that if the first and second attempts fail, DirXML should try using the first and second letter of the first name followed again by the last name. In this case, the result would have been DAJohnson. However, "there was already a DAJohnson, so [DirXML] took the third letter," as the fourth rule suggests. Unfortunately, that username was also already taken.
At that time, Novell IS&T had no fifth rule. "We never expected that our rules would have to go that deep," Johnson confesses. What the Novell IS&T team learned, says Johnson, is that it had too few layers of logic for common names like Johnson. To solve the problem, Novell IS&T added a "catch-all rule in the creation stylesheet," Johnson explains. Based on this rule, DirXML takes the first letter of the first name followed by the last name and then adds a number, beginning with 1, until it is sure the username is unique. For example, in this case, the new Dave Johnson became djohnson1.
Thus, when the next D. Johnson comes to Novell, DirXML has a username with his or her name--and number--on it. It's djohnson2, then djohnson3, then . . . you get the picture.
The Portal to Savings
In addition to enabling users to access the applications and services they need with a single sign-on and from virtually anywhere, the i-login.Net portal indirectly benefits Novell in another way. Ultimately, the i-login.Net portal will securely deliver over the web all of the services users need to work. At that point, Novell will no longer need WAN lines between its corporate headquarters in Provo, Utah, and its branch offices scattered throughout the world. Novell plans to eventually pull its WAN lines in another i-login project called Internet Office. Instead of expensive WAN lines, Novell will put its "field offices on the Net using local ISPs," says Cox.
For Novell (as for most companies), eliminating WAN lines represents considerable cost savings. Within the United States, Novell has more than two-dozen remote offices. Each of these offices is connected via either frame relay or Integrated Services Digital Network (ISDN), typically ranging in speed from 128 kbps to 1536 kbps.
Pulling even one of these lines is worth the potential savings. Consider, for example, the result of pulling the 512 kbps link between Novell's Provo and Chicago offices. This link costs Novell "about [U.S.] twelve hundred [dollars] a month," according to Cox. Novell plans to replace this frame-relay connection with a 512 kbps to 1 MB cable modem or Digital Subscriber Line (DSL) connection. This new connection will cost Novell approximately U.S. $50 to $100 per month.
Of course, the cost of each connection varies, but this much is certain: Connecting field offices to corporate headquarters via the Internet is considerably less expensive than connecting those offices with WAN lines. Think about it: How much would your company save if it could pull its WAN lines?
Free From Toll-Fee Lines With NOMAD
From the home page of the i-login.Net portal, Novell employees click the OutOfTheOffice icon to tap into the Novell Mobile Access Delivery (NOMAD) service, which will be available as a product in the future. As a remote access service, NOMAD enables Novell employees to connect to the Novell corporate network in Provo, Utah, over an Internet connection.
Of course, most remote-access services claim to do the same, so what's unique about NOMAD? NOMAD is unique because it enables employees to connect to Novell over an Internet connection from anywhere in the world, without the use of toll-free numbers and without requiring a dial-up connection.
Prior to NOMAD, Novell enabled employees to access the corporate network over the Internet by using their modem to dial a toll-free number. This approach to remote access has inherent problems, namely its inability to scale and its excessive cost.
Toll-free numbers don't work outside of the United States, but Novell employees "wanted to have the same type of access globally," explains Novell IS&T engineer Lynn Crabb. Furthermore, he adds, because so many employees within the United States were accessing the corporate network remotely, Novell needed to expand its remote-access service. However, expanding the toll-free service was out of the question: "1-800 numbers are expensive," Crabb says, getting straight to the point. "We needed to come up with a different model. That's when we conceived NOMAD."
For NOMAD, Novell partnered with UUNET, an international Internet service provider (ISP). Basically, UUNET provides global points of presence (POPs) on the Internet that Novell employees can use to connect. To find and select the telephone number of the nearest UUNET POP, employees use Connection Manager, a Microsoft program that comes with the Internet Explorer Administration Kit. Connection Manager will establish a connection to whichever number employees select.
During this connection process, employees enter their NDS username and password, which Connection Manager passes to UUNET. The UUNET server identifies this user as a Novell employee and accordingly passes the authentication information to Novell using the Remote Authentication Dial-In User Service (RADIUS) protocol. This process enables Novell, rather than UUNET, to "actually make the decision on whether or not to accept this user," Crabb points out. The Novell server in turn uses RADIUS to return its thumbs-up or thumbs-down decision to UUNET, which accordingly allows or disallows access.
After establishing a connection to the Internet, employees can access the corporate network by authenticating through the BorderManager Virtual Private Network (VPN) client. (Employees can download the BorderManager VPN client from the i-login.Net portal.) The connection to the Internet does not have to be via a UUNET server. More important, the Internet connection doesn't have to be a dial-up connection at all. Because Novell no longer uses toll-free lines for remote access to its network, Novell employees can access Novell's corporate network over their cable modem or Digital Subscriber Line (DSL) connection to the Internet.
Thus, NOMAD enables Novell employees to connect to the Internet and subsequently to the corporate network from virtually anywhere--without generating a hefty toll-free bill. Of course, Novell has to pay UUNET for the use of UUNET POPs, but doing so "is a lot less expensive than [using] toll-free numbers," says Crabb. NOMAD further reduces dial-up expenses by enabling employees to access the corporate network over broadband connections to the Internet. Ultimately, Crabb sums up, NOMAD has "increased the functionality and reduced the costs" of Novell's remote-access service.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.