Searching for a Directory Service Solution? 367
kumulan wonders: "I've got the responsibility to set up directory services as well as a messaging/groupware system for my organization of app. 100 employees spread out over three locations. We are a startup that is merging three existing smaller companies and, given the state of existing IS infrastructure at each of these locations, the decision has already been made that we are better off starting from scratch. It would be great to hear from Slashdot readers concerning which option is 'better' and why."
"For me, the choices are stark and clear:
- MS Exchange/Active Directory
- A cobbled-together solution based as much as possible on OSS (as no direct equivalent exists).
- Samba/OpenLDAP/Kerberos
- Bynari Insight Server for messaging/groupware.
- Nitrobit Group Policy for, you guessed it, group policy management.
Other options? (Score:5, Interesting)
Novell NDS (Score:3, Interesting)
Fedora Directory Server (Score:4, Interesting)
Regards,
Steve
Re:Easy. (Score:5, Interesting)
And it's not as cheap and easy to get quality techies as you might think. Putting your existing staff through a boot camp is only the tip of the iceberg expense-wise, and it's a very inefficent solution.
Re:Easy. (Score:5, Interesting)
As far as admins go studies have shown that unix admins on average maintain more servers per admin then windows admins. You may be able to do with one unix admin as opposed to two windows admins.
windows machines as a rule run less services per machine then unix machines do. This means more servers, which means, more servers to patch, keep up to date, backup, and admin.
Finally the perenial problem of backups and bare metal recovery. This is trivial in unix but costs thousands if not tens of thousands of dollars for windows.
There is a lot to think about. Just saying I have used windows XP before so i can maintain a active directory/exchange environment is plain old stupid.
Why, again? (Score:3, Interesting)
Re:STOP.... (Score:4, Interesting)
It might still be that W2k3 is the right tool, but please, have your information straight!
Novell's/Suse's SLES 9 (Score:3, Interesting)
If you need to control Windows Clients simply create custom Policies for Microsoft's System Policy Editor (or use mine at my web site).
I have currently replaced 5 Windows Servers with SLES9 and have not had a single problem. IMO it is much easier to maintain/use than anything MS has released in the server department.
Re:Another Consideration (Score:5, Interesting)
Cost is definitely a major factor here.
While going the W2K3 route would be easy and very functional, one has to take into account the cost of the eventual [forced] upgrades. A company of 100 folks probably isn't turning a wild profit in terms of real money, and what money there is will undoubtedly get funneled into R&D or advertising or SomethingOtherThanITInfrastructure. This is where the long-term cost savings on a "cobbled" solution will pay off handsomely.
The decision is best made right now.
Re:Another Consideration (Score:3, Interesting)
Troll?
I dare that coward asshat who modded me troll to come out from under his/her rock and prove the honesty of that mod.
I guess that person never heard of the "Software Assurance" program from Microsoft that forces upgrades every two years (with the alternative being a highly-inflated upgrade price whenever one is eventually required to upgrade). Everything else I said comes directly from my decades of personal experience in administering Microsoft and Unix/Linux (as well as Mac) networks.
I've got karma to burn. But leave your bullshit agendas out of the moderation (that goes both ways).
Novell? (Score:2, Interesting)
Novell 6.5 is the latest, and I can lock out users based on windows policies, etc.. just like MS active dir... assign various sub admins to rule over their own dept, etc... AND Groupwise (IMHO) is a great email/calender app... (Groupwise 7 is supposed to be better, but I haven't gotten to play with it yet...)
AND they are starting to move everything over to Linux via SUSE Linux, so you have the OSS...
Best of both worlds if you ask me...
Sure, Novell AND Microsoft cost $$$, you could build your own Linux server and hack it together, but if your a REAL company and you expect to play REAL Ball, you will PAY to have the propriatory software to compete with everyone else... At least with Novell, you can still play OSS and support linux, etc... even if you have to buy their version...
OSS Does not equal FREE... Thats the problem... too many freeloaders want EVERYTHING for FREE... If that was the case then your company would just give its product away also... oops, now your company is dead... Guess that model won't work.
I must admit, I do ADMIN a Novell network, and I do like SUSE Linux... Much better than anything MS has to offer...
Again, just my
What's missing from Apple (Score:3, Interesting)
So far, things have gone better than I expected. We are authenticating Mac, Windows and Linux PC's, all of which can access the same home directory. The Open Directory master server also acts as the Windows PDC and serves up roaming profiles for Win XP clients.
What I've been hounding my Apple rep about is the lack of a real group callaboration suite. The pieces are there; iCal, Address Book, Jabber, Cyrus/Postfix. They need to be brought together in an Exchange/GroupWise sort of fashion. We are still using Steltor Corporate Time (now Oracle Collaboration Suite) for calendaring, task lists, and shared contact lists. I'm watching the Hula project closely. Rumor has it Apple is shopping around for a comprehensive group collaboration system. Hula might be it! Zee dork
Anything but Novell (Score:3, Interesting)
I live the Novell dream everyday, and "cobbled together" would be a generous description of their products and services. This is a company with a time honored tradition of rendering promising technologies useless. They handed most of the market to MS on a silver platter.
Before you consider Novell too seriously, look through the forums at forums.novell.com, be sure ask about your support options , and try to get a feel for the staffing and training required for a network of your size and scope.
Stick with your inital instincts, just remeber that very few Novell products are actually Open Source.
Re:STOP.... (Score:2, Interesting)
Novell is all-in-one (Score:3, Interesting)
For groupware, check out Zimbra (http://www.zimbra.com/ [zimbra.com]). The Flash demo is great.
Re:STOP.... (Score:2, Interesting)
Re:Another Consideration (Score:2, Interesting)
Y'know, I keep seeing this argument on Slashdot, and it's always with the caveat "almost as good" or "the savings that Linux provides".
I've yet to see somebody come up with a real cost savings - a TCO study - for a small business using a "cobbled together" Linux/OSS solution compared to a Windows-centric solution.
Firstly: The admins. Linux admins aren't plentiful. They might appear so here, but just because you've installed Gentoo, you're not a real admin. Your users and business owners will dictate to YOU how things will be. You can have influence, and you may steer things, but being a zealot doesn't pay the bills.
Let's say they hire you, and you implement OpenLDAP, perhaps Linux for Terminal Services on the desktops (you smart guy, you), and a snazzy Windows-like distro for the execs and upper dudes in your 100-seat organization. You've got the desktops all set up great, etc., and new machines go on the network with no problem.
Now, the company is acquiring another firm - and they use (Oh Noes!) Windows! (oops, sorry - M$ Windoze - did I do it right?) They've got a KillerApp(TM) that your suits decide they Must Have and Use Daily as it will Multiply Productivity!
So you test. Oops, no OSS equivalent. Damn. Ooops, doesn't work in Crossover Office. Or Wine. Damn again. The company has no plans for an OSS release. Damn again. So
Second scenario: After this horrible mess, you decide to leave for purer, greener OSS pastures. what does the company do? Did you document all your work? Does *anybody* know what you've done? After all, you can't just 'pick up' Linux - it's not easy, like dumb old Windows! So how does the company hire to replace your knowledge? Oh, they can't? You're indespensible now?
These thoughts are what percolate through the minds of business owners. They're not uninformed about Linux. They've heard all the zealotry and pitfalls, and the risk to their business is NOT worth it. The cost of upkeep, finding workarounds to compatibility with their partners, vendors and customers, and the inability to just 'buy a program' is the hamstring for mainstream business adoption.
AD is no silver bullet (Score:3, Interesting)
We just had Active Directory rolled out here. Our performance problems were so bad we had to hire Microsoft consultants to try and figure it out - and these people from the company that makes the product took over a month to actually come up with a solution that ran only half as quickly as our old Novell system. Admittedly, it's a much bigger system than 100 users (and I'm glad I have absolutely nothing to do with it, it's a nightmare) but Microsoft Active Directory and Windows aren't some sort of ease of use silver bullet. In fact after seeing what trauma they went through, it's not actually any easier than a "cobbled together" OpenLDAP/Samba installation and a great deal more expensive.
I agree with the LDAP part... (Score:2, Interesting)
But I take issue with this mythology...I work with IBM's Tivoli security solutions, most of which use the LDAP Directory Server under the hood (and, illustrating the beauty of *standards*, also tend to support the use of Novell, Sun, & MSAD). The underlying DB2 engine doesn't require independent tuning, maintenance, or administration in the vast majority of deployments. It isn't until you get into user populations of several hundred thousand that you start tweaking the DB2 parms...and the solution actually includes a detailed LDAP tuning guide that explains how and when you should tweak the DB2 and OS-level parms.
The notion of needing a DBA just to deploy the IBM LDAP is just silly...any tech capable of RTFM can handle a moderate implementation on his own.
Here's the kicker: Which would you prefer for performance and scalability? A directory that uses flat or proprietary file structures for data storage, or one that uses a scalable and reliable relational database engine? Seems like a big "duh!" to me.
And, as you mentioned...it's free. Go download it from IBM [ibm.com] and try it out. If it doesn't work for you, or if you decide you can't do it without a DBA, well...you aren't out any expense. Export it all to an LDIF and bring in the next vendor.