Much has changed between the time Windows 2000's intranet-focused marketing messages originally were crafted and today's e-business-focused environment began to evolve.
For example, Windows 2000's Active Directory has become a unification of several technical architectures and best practices. It brings together standards-based technologies such as Domain Name System, Lightweight Directory Access Protocol, Directory-Enabled Networks and Kerberos. Active Directory supports single sign-on, policy-based management and other key cost cutting technologies.
By aggregating directory, security and much more into a single operating system, Microsoft was forced to compromise its release schedule by almost two years. In that time frame, other directories and directory-enabled technologies have advanced. For example, the Sun/Netscape Alliance's iPlanet directory and Novell's Novell Directory Services proliferated in the market and gained support from key partners.
New e-business and platform architecture trends also emerged while Win 2000 was on the drawing board. We're transitioning from a world of the Internet, intranets and PCs to a world of virtual enterprise networks, outsourcing, handheld devices and e-business hubs. It's not just a PC-centric world anymore, and much of the e-business infrastructure does not run on NT.
New virtual enterprise networks must also manage relationships with trading partners with varying privileges. This requires centralized policy management and flexible access controls that work across multiple platforms. Win 2000, which supports only the platform-centric NT access control model, will not easily displace or eliminate the need for cross-platform access management products such as Netegrity's SiteMinder and IBM's Policy Director.
Win 2000 does a great deal, but it hasn't caught up to all the newest technologies. Many customers are confused about how and when to deploy Microsoft's new software, particularly the Active Directory component. We can classify these customers as Types A, B and C. Type A customers are actively moving forward with migration planning, will deploy Win 2000 in the near future, and generally rely on it for as much functionality as possible. Type B customers will continue evaluating Active Directory, waiting for bug fixes releases and success stories to prove it worthy. Type C customers do not plan to deploy until absolutely necessary.
Love it or hate it, Win 2000 touches most elements of the IT architecture, from DNS and directory, to management and access control, to virtual private networks and public-key infrastructure (PKI). Whether your company is Type A, B, or C, it must specify an Active Directory architecture that defines where and how Win 2000 is deployed and how it will work with other directories in your network environment. Bottom up, decentralized deployment will create incongruous namespaces and security practices that will be hard to change later.
Planning for "W2K" this year will be almost as important as planning for Y2K was last year.
Blum is a senior vice president and principal consultant at the Burton Group, a research, advisory and consulting firm that specializes in in-depth network planning. Blum recently completed the book "Understanding Active Directory Services," and can be reached at dblum@tbg.com.
RELATED LINKS
RELATED LINKS
