Taking a Windows NT 5.0 reality check

Plenty has already been written and said about Microsoft's Windows NT 5.0 and the product hasn't even entered beta 2 testing yet. Network World News Director Bob Brown and Senior Editor Paul McNamara recently caught up with Mark Brown, a Microsoft architect in charge of Windows NT distributed services, to find out where this key technology stands.

Q. One of the key components of NT 5.0 is Active Directory - Microsoft's answer to Novell Directory Services. Can customers get their hands on Active Directory yet?

A. There is Active Directory in beta one, although it lacks some of the more advanced features. For example, in beta one Active Directory's global catalog feature did not implement subsetting, so when you specified that a domain controller [DC] should be a global catalog [GC] server, that DC would hold a full copy of every domain in the directory. In beta two, that DC will hold only a selected subset of the attributes of objects in other domains. The directory administrator can add and remove attributes from the GC attribute set. Of course there are many other improvements in beta two.

Q. When exactly will beta two be released?

A. Sometime this summer.

Q. Which day?

A. (Laughs)

Q. How extensive are customer pilot programs at this point?

A. We have folks who have deployments on the order of a few hundred accounts. So far, our own internal deployment is bigger than any of the deployments on the outside, but we still get good information from others because they set up different kinds of configurations and work through different scenarios. We try to get that feedback continually so we don't come out with a beta and discover some big problem or gap in functionality.

Q. Will there be a third beta release?

A. The original plan was that between beta two and the final release there would be an intermediate build that was going to be fairly widely distributed. [Microsoft executive] Jim Allchin decided he wanted to get broader coverage than that, so he promoted that to be called beta three. That's going to be a public beta available on the Web.. That will be especially important for testing NT's Plug N' Play support.

Q. When will beta three ship?

A.. Beta three is going to be based on feedback from beta two and on additional test cycles we're doing ourselves. There are some features that are actually in the beta two code base, but are disabled because we haven't done enough testing on them. We're going to test those, which could take some more time.

In any development project, you have features, quality and time; those are the only things that you have to trade off. The features are pretty much locked down, maybe there will be something around the edges [worth changing] based on the feedback cycle. The quality is a given, so the schedule is the only thing we have any slack on now. If we were to announce a date at this point, that would show we aren't serious about quality.

Q. Microsoft has stated that companies wishing to move to Exchange 5.5 will need to implement NT 5.0 given that Microsoft will be doing away with Exchange's directory and replacing it with NT's Active Directory. How big a deal will this be for Exchange users?

A. Both the NT and Exchange teams are working to make Platinum a smooth upgrade. For instance, Exchange Platinum servers will interoperate with Exchange 5.5 servers, much as NT 5 domain controllers interoperate with older NT domain controllers. So you can do the upgrade one server at a time. You arrange Active Directory objects into a tree structure to make it easy to do things like delegate administration and apply policy. So your Active Directory tree won't be exactly the same as your Exchange Directory Server (DS) tree. When running Exchange 5.5 and NT 5 you set up associations between objects in Active Directory and objects in the Exchange DS, allowing the Active Directory Connector (ADC) to synchronize changes between the two directories. The goal here is simplified administration of information that's stored in both Active Directory and Exchange DS.

With Exchange Platinum you decommission the Exchange DS, and Exchange accesses Active Directory directly. You set up "views" in Active Directory to mimic the address book hierarchy that existed in Exchange DS. Active Directory supports the MAPI RPC interfaces used by Exchange 5/5.5 clients to access the directory, so no desktop changes are required in the upgrade. The net effect is an upgrade that's transparent to end-users-for instance, they see the same address book before and after the upgrade. So you can see that the upgrade is done step by step, and that the Platinum step is not a particularly difficult one conceptually.

Q. Given your focus on directory services, what's your outlook for Microsoft and Cisco's Directory Enabled Networking(DEN) initiative will be to customers? Our take is that customers aren't all that aware of DEN.

A. It's really important that both Microsoft and Cisco are involved with this. You need intelligence on the desktop to give you information that it's this user and this application, and then you obviously need intelligence on the network to make good use of that information. You can't do the things you want to do from a management perspective without that level of integration. Do customers care about DEN? Well, you have to separate the process of going through the standards body and getting to where we have a schema that people can really use. If you ask people, 'How important is it to you that Microsoft and Cisco deliver an interoperable IPSEC implementation?,' more people might know what that is and say, yes, that's something I really want. On the other hand, the [Desktop Management Task Force, which is overseeing DEN,] doesn't have a history of getting things done really fast. Originally when we were looking for someone to hand this off to, the IETF's basic position was that we don't do schema. Now that this is looking like it's really a more fundamental part of the infrastucture, there are people within IETF getting more interested in it, so there could be a tug of war developing there between the standards bodies.

Contact Senior Editor Paul McNamara

Microsoft unveils details of next Exchange release
Network World Fusion, 6/2/98.

Active Directory Technical Summary
Microsoft white paper. Comes as a Windows executable file.

Lowering TCO with Active Directory-Enabled Applications
Microsoft white paper. Comes as a Windows executable file.

Users praise NDS for NT
Managing mixed environments easier, cheaper, they say. Network World Fusion, 7/8/98.

Choosing your next-generation directory
Network World Fusion Focus on Groupware and Messaging, 5/18/98.

Taking a realistic look at directory services
Customers have begun integrating disparate application and OS directories into more comprehensive enterprise directories, but there is still a lot of work to be done before companies truly reap the benefits of these consolidated information repositories. Network World Fusion, 7/28/98.

Internal politics plague net directory planners
Network World, 8/3/98.