• United States

One forest or two?

Apr 12, 20043 mins
Enterprise Applications

* One company's plan to migrate from Novell, Netscape to pure Microsoft

I was at an identity management conference last week, and while many of the presentations would be of interest to network managers running Windows 2000 and Windows 2003, one in particular drew my attention. It was about a company that has 3,500-plus employees scattered in 43 offices across the U.K., Australia, New Zealand, South East Asia, the Pacific, and South America. Its network looks like this:

* 3,000 PCs.

* 250 servers.

* 40 LANs.

* 75 terabytes of data.

* 10 timezones.

* 24,000 help desk requests yearly.

* 3 million e-mails yearly.

* 70 Full Time Equivalent Staff.

How does that compare to your company, so far?

Up until now, this organization ran NetWare with NDS/eDirectory for file and print services, and iPlanet/Netscape for e-mail, Web services, portals and enterprise directory services. It supported roaming user profiles with NDS for the employees who frequently moved around or were simply on the road. Applications and services, resources and everything else were always delivered from the closest sources.

But, let’s face it, there is no iPlanet any more and Netscape mail is just sooo last century. It was time for Australia’s Sinclair Knight Merz (SKM) to modernize, update and upgrade.

After exhaustive meetings and tests, the company decided to go with a pure Microsoft solution. Exchange would replace Netscape mail, Windows servers would replace NetWare, Active Directory would replace both eDirectory and iPlanet, while Internet Information Server would replace Netscape Web servers.

All of the inward facing directory services now supplied by eDirectory, as well as the e-mail services now being supplied through an iPlanet directory would be served out of one Active Directory forest.

Outward facing services, LDAP-based Web services for both employees and clients, would be served from a second forest. Two forests would handle the 3,500-plus users, 43 sites, and untold numbers of customers. “That’s the plan,” SKM Group Manager of IT Peter Nevin told me. “But we might go with only one forest for easier management.”

That’s in wide contrast to some of the presentations I’d seen the week before, at a different conference, where it seemed the speakers advocated a different forest for every building, floor, and department in an organization.

One forest does make some administrative tasks easier, but it can make others much hairier than they need to be. Which is better? Which should you use? As with all things network related, your mileage may vary and the best answer is “it depends.” Still, there are some general “best practices” for forests and, if you come back next issue, we’ll take a look at those.