difference between ADS and NDS

Requirement

Active Directory

NDS

Scalability without Complexity

·         Partition boundary is a Windows 2000 domain to enable direct access to all objects in a domain

·         Partitions use indexed data store for fast retrieval

·         Designed to hold millions of objects

·         Optimized replication between sites and over slow network links

·         Global Catalogs are updated simultaneously with other replication cycles to ensure low latency

·         Single data store and access methods for partitions and catalogs

·         Partitions are not indexed

·         Novell recommends a maximum of 1,000 objects per partition and that partitions should not span WAN links

·         Administrators must manage partition sizes and restructure partitions as they fill up

·         Searching for objects directly across partitions requires tree walking

·         Different data store for partitions and catalogs

·         High catalog latency since catalog is rebuilt only at scheduled intervals (default is 24 hours)

Internet Standards Support

·         Implemented as a native LDAP server that requires no request translation

·         Consistent interpretation of access control rights when access is through LDAP

·         Provides LDAP-based access to all features

·         Full namespace integration with DNS to simplify object location and access

·         Provides LDAP support through server-based interface that must be installed on NDS servers individually

·         LDAP requests must be translated to NDS formats

·         Limited LDAP-based access to NDS features

·         Different naming syntax for LDAP access versus access through NDS APIs

·         Access rights interpreted differently when access is through LDAP versus NDS APIs

·         No namespace integration with DNS makes object naming and location more complex

Flexible Security Services

·         Provides support for popular security technologies such as Kerberos and Smart Cards

·         Catalog enforces object- and attribute-level security

·         No restrictions on security groups that span partitions (domains)

·         Lacks support for Kerberos and Smart Cards

·         Catalog does not enforce object- and attribute-level security within the catalog database

·         Novell recommends that administrators minimize the use of groups that span partitions

Support for Synchronization and Consolidation

·         Provides the scalability required to consolidate large directories without administrative complexity

·         Built-in LDAP-based change history interfaces facilitate use as a metadirectory platform

·         Catalog architecture enables fast, efficient query of large number of objects

·         Will be used by Microsoft products such as Exchange 6.0, MSMQ 2.0, MCIS 3.0

·         Partition size restrictions limit use for directory consolidation

·         Provides no formal way to request change history information; requires customized synchronization agents

·         Catalog architecture forces tradeoffs between speed and consistency with underlying partitions

·         Not used by Novell's GroupWise product for account management and address book functions

Comprehensive Development Environment

·         Provides COM-based Active Directory Services Interface (ADSI) for simplified development

·         JADSI supports access from Java applications

·         Provides the scalability required to ensure that applications can store, access and manage millions of objects without application-level complexity

·         Provides LDAP-based access to all features

·         No ADSI implementation for use by applications running on NetWare

·         JNDI supports access from Java applications

·         Applications must work within partition limitations

·         Limited LDAP-based access to NDS features

Role

Active Directory

NDS

User and Network Resource Management

·         Provides the scalability required to store, locate, and manage large numbers of objects efficiently and without administrative complexity

·         Catalog architecture enables fast, efficient query of large number of objects

·         Global Catalogs are updated simultaneously with other replication cycles to ensure low latency

·         Designed to optimize replication traffic across wide-area network links

·         The number of partitions required by NDS to hold expected numbers of objects slows access and increases management complexity

·         Catalog architecture forces tradeoffs between speed and consistency with underlying partitions

·         High catalog latency, since catalog is rebuilt only at scheduled intervals (default is 24 hours)

·         Partitions that span wide-area links not recommended by Novell

Security Authentication and Authorization Services

·         Provides support for popular security technologies such as Kerberos and Smart Cards

·         Catalog enforces object- and attribute-level security

·         Scales to supports large numbers of Extranet users

·         DNS integration simplifies object naming and location through Internet protocols

·         Lacks support for Kerberos and Smart Cards

·         Catalog does not enforce object- and attribute-level security within the catalog database

·         Partition size limits complicate Extranet use

·         No namespace integration with DNS makes object naming and location more complex

Centralized Directory Management

·         Provides the scalability required to consolidate large directories without administrative complexity

·         Built-in LDAP-based change history interfaces facilitate use as a metadirectory platform

·         Catalog architecture enables fast, efficient query of large number of objects

·         Partition size restrictions limit use for directory consolidation

·         Provides no formal way to request change history information; requires customized synchronization agents

·         Catalog architecture forces tradeoffs between speed and consistency with underlying partitions

Directory-Enabled Infrastructure

and

Directory-Enabled Applications

·         Strong support from leading vendors

·         Windows NT provides a rich development environment that is supported by many tools

·         Provides the scalability required to ensure that applications can store, access and manage millions of objects without application-level complexity

·         Provides LDAP-based access to all features

·         Support from many leading vendors missing

·         NetWare provides a limited environment for application developers

·         Applications must work within partition limitations

·         Limited LDAP-based access to NDS features