Computer World –
Now that Windows 2000 appears to be gaining momentum among the Windows NT faithful, Microsoft Corp.'s nascent operating system is getting a hard look from another constituency: NetWare users. Whether it's out of a desire to consolidate network operating systems, uncertainty about Novell Inc.'s long-term viability or the desire to run applications such as Exchange 2000 that require Active Directory, at least some longtime NetWare users are mulling a move to Windows 2000.
The number of users migrating from NetWare to Windows 2000 "is not going to be massive, but I think it is going to be steady, and we are starting to see the first trickle," says Laura DiDio, an analyst at Cambridge, Mass.-based Giga Information Group Inc.
The issues involved in migrating from NetWare to Windows 2000 are very different from those encountered when upgrading from Windows NT.
NetWare administrators face a much more laborious task in moving users over to the new infrastructure. But if their staffs are well-versed in Novell Directory Services (NDS), that may actually give these companies a head start over NT users in implementing Windows 2000's Active Directory -- which is a major undertaking in itself.
"Migrating [from NetWare] to Windows 2000 is something that should not be done quickly," says Scott Poole, Windows 2000 technical product leader at IBM Global Services in Austin, Texas.
"What we are seeing is large enterprises are most assuredly laying down the cornerstones for the migration." he says. "My belief is this time next year, the large-scale rollouts will start happening because people will be ready."
NetWare users will find that the move isn't cheap: Michael Silver, an analyst at Stamford, Conn.-based Gartner Group Inc., pegs the average total cost of migrating from NetWare 4.x to Windows 2000 at $430 per user, with $178 of that for labor costs alone. That adds up to more than $1 million for a 2,500-user LAN. "It's a little more expensive than going from NT 4," Silver says, adding that these costs assume that 70 percent of servers will need to be replaced.
Today, it's not typically the hard-core NetWare shops that are taking the plunge, says DiDio. Companies that have built their application infrastructures around NDS and are using Novell's ZENworks for desktop management and GroupWise for messaging aren't likely to budge. But even the hard-core NetWare shops are already familiar with Windows NT: Most run Windows NT systems as application servers.
Companies Computerworld spoke with about migrating to Windows 2000 were either using older versions of NetWare (as far back as NetWare 3.2) or had mixed NetWare 4.x and NetWare 5.x environments.
Older versions use Novell's proprietary IPX transport protocol. Moving to a pure, native Internet Protocol environment requires a significant migration effort.
"We wanted to get to pure IP, which meant moving to NetWare 5.1, and I felt that the move would be more difficult than to start afresh [with Active Directory] in parallel," says Bob Duros, systems and technology manager at the inbound division of West TeleServices Corp. in Omaha. "I had Novell consulting come in and look at my environment, and based on their input, migration to [NetWare] 5.1 had some issues."
Blue Cross/Blue Shield of North Carolina in Chapel Hill was a pure NetWare and Unix shop until 18 months ago, says NT administrator Don Osborne. The company still has about 23 NetWare 4.11 file and print servers but has started to bring in Windows NT 4.0 servers to run several applications. In order to move to a pure IP environment and solve some persistent problems with its Asynchronous Transfer Mode network backbone, the company needed to either upgrade to NetWare 5 or move off NetWare entirely.
This past spring, Blue Cross/Blue Shield decided to move everything over to Windows 2000, hoping to save on administration costs by consolidating on one network operating system. That meant moving 3,200 users from NDS to Active Directory.
Most NetWare users -- even those preparing to abandon the platform -- say NetWare is stable and reliable. "There is no real technical reason to move from NetWare and NDS to Windows 2000 and Active Directory," says DiDio. "Active Directory still lags behind NDS in several areas. Novell has had six years to work out the kinks, and they have. There is ZENworks, so you don't need as many third-party tools. There are more experienced administrators."
The problem is that Microsoft's market dominance and Novell's perceived problems are eroding support for NetWare. "You can't argue with 90 percent market share," says Michael Brown, director of technology at Yellow Transportation LLC in Denver, which moved off NetWare and onto NT 4 about a year ago. NetWare "was incredibly stable," he says, adding that he has to reboot his NT servers once per week. Still, Brown says he has no regrets, because "the increased functionality is incredible."
The state of Washington and San Francisco-based Wells Fargo & Co. both have ambitious plans to build a central directory infrastructure that departments can plug into -- and they've both picked Active Directory instead of NDS.
Wells Fargo has 20,000 to 25,000 user accounts in NDS -- out of approximately 120,000 total employees. It also had a Windows NT 4.0 domain structure that was reaching its physical limits, says Scott Hall, enterprise engineering manager at Wells Fargo Service Co., the 13,000-strong information technology operation that supplies services to most of Wells Fargo's 120,000 employees.
However, Wells Fargo had an added incentive to choose Active Directory: The bank had been invited by Microsoft to participate in the Joint Development Program, which gave it the ability to closely follow and influence the development of Windows 2000.
After 18 months, Hall's group has completed its Active Directory migration and rolled it out on 30 hulking eight-CPU servers with 8GB of RAM each -- enough to keep the company's 120,000-user, 1 million-object, 4GB directory in memory. "We went with the best we could have," says a proud Hall. "What's a couple of extra grand in hardware?"
Each of Wells Fargo's lines of business has its own funding and IT plans. "When they're ready, we're ready for them," says Hall. "We're the core infrastructure that everyone can plug into and that we guarantee will be up always."
* NetWare and NDS are more mature and more reliable than Windows 2000 and Active Directory.
* Users who must upgrade from older IPX-based versions of NetWare have the most compelling case for considering migrating to Windows 2000.
* The fact that new applications such as Exchange 2000 require Active Directory may also influence the decision to migrate to Windows 2000.
* The technical issues surrounding a NetWare-to-Windows 2000 migration are often secondary to overcoming administrators' psychological resistance to leaving the NetWare platform.
* A technical staff well-versed in NetWare's NDS will have an easier time rolling out Active Directory than Windows NT users who are upgrading.
* Differences between the Active Directory and NDS directory tree structure add complexity to the migration of administrative user and file permissions.
* Some thought might be given to running parallel NDS and Active Directory structures rather than engaging in an immediate wholesale migration to Active Directory.
* Third-party migration tools help ease the pain but add to the expense.
Washington state's Department of Social and Health Services (DSHS) had similar plans, recounts enterprise networking manager Mike Frost. His nine-person team is responsible for running the agency's Microsoft Exchange e-mail system and its new Active Directory service. The department consists of eight administrations and 26 divisions, all of which will eventually plug into the directory.
"We already had a large foundation of Microsoft networking and e-mail, so [Active Directory] was a natural evolution," says Frost. One of the agency's divisions is currently testing a 6,000-user NetWare and GroupWise site. The rest of the agency is mainly using Microsoft Exchange.
Other companies may have other motives for migrating to Windows 2000 and Active Directory. The desire to roll out Microsoft Exchange 2000, which requires Active Directory, and to integrate other application servers into a single directory structure are two such factors.
"[Microsoft Exchange 2000] is definitely going to be a catalyst," says Silver. "Some people are using a future Exchange migration to justify a Windows 2000 change."
The NetWare user challenge
Microsoft has made it technically easy to upgrade from NT to Windows 2000. But NT administrators face a huge task adjusting to the concept of a directory. For NetWare shops, the challenges are different.
"From NetWare to [Windows 2000], the biggest problems are not technological," says IBM's Poole. "The biggest issues are centered around brand loyalty. People like me who are [Certified NetWare Engineers] and spent a lot of time and money on that -- having to replace that with [a Microsoft Certified Systems Engineer certification] makes people unhappy. When you get past brand loyalty and [anti-Microsoft] prejudice, NetWare people get interested."
A technical staff well-versed in NDS could give companies a head start in rolling out Active Directory, says Poole. "The first thing to understand is Windows 2000 at its most basic level is pretty compatible, philosophically, with NetWare 4 and NetWare 5," says Poole. "People who understand NetWare and NDS are more than technically qualified to be leaders in Windows 2000 migration."
Frost says he had expected to take some heat from NetWare administrators. But they are leading the charge toward implementing Active Directory. NT administrators, though, are having a harder time adapting. "From NT to Windows 2000, that's a huge shift in how things work," he says.
But NDS and Active Directory still have many differences. NDS can be partitioned, but every Active Directory server runs a complete version of the directory tree. And while both directories allow permissions to be "inherited" from parent directories higher in the directory tree, both implement inheritance in a different way -- making a straightforward transfer of administrative permissions and file permissions impossible.
"Some people want to move everything over into [Active Directory], and that's typically not the best way to go," advises Microsoft Consulting Services senior consultant Matt Finger, who works with customers in the design and pilot phases of Windows 2000 migrations. "You need to look at it with a fresh set of eyes. You are migrating data out of the directory, but the way it is laid out is different."
At West TeleServices, Duros chose to build a new Active Directory tree in parallel with NDS rather than attempt a complete migration. (Coexistence is indeed possible: Novell offers its DirXML tool for synchronizing NDS with Active Directory.) Duros says he wasn't particularly happy with the NDS tree and he wanted to re-evaluate network permissions.
But at the DSHS, the existing NDS tree structure was merely "cleaned up" when it was transferred to Active Directory -- and the NetWare administrators were given control over that part of the tree, says Frost.
Another problem typically encountered in any Windows 2000 migration involves applications. "Most [Windows] applications are compatible," says Duros, "but we ran into some 'gotchas' with homegrown apps."
One step at a time
IT managers with NetWare-to-Windows 2000 migration projects still in the planning phases may take some comfort in knowing that none of the companies Computerworld interviewed had encountered any major problems, and all expected a reasonably uneventful -- though slow and painstaking -- move. In the end, it seems, slow and steady wins the race. "By taking it in a phased approach, we avoided a lot of pain," says Duros, who now has 1,000 users on Windows 2000 and Active Directory. "Department by department, small steps -- resolve your issues and move on."