The essence of the replication-based metadirectory
NetVision's Synchronicity for NT lets Windows NT administrators create and maintain NT user accounts in a Novell Directory Services (NDS) database, which serves as a metadirectory. (For more information about metadirectories see "Metadirectories: Scaling Directory Services for the Enterprise," page 121.) Administrators maintain the NDS database using standard NetWare tools, and Synchronicity for NT synchronizes the metadirectory's objects with linked user accounts in the network's NT domains.
In addition to Synchronicity for NT, NetVision produces Synchronicity for Notes and Synchronicity for NetWare 3. Each Synchronicity product functions independently, but you can combine them to support your network's NT, Lotus Notes, and NetWare 3.x bindery environments through one NDS database. These products keep the NT, Notes, and NetWare bindery directories up to date by replicating changes from NDS and periodically resynchronizing the databases.
Replication vs. Redirection
The Synchronicity products are replication based. When you add them to your network, they do not replace the network's existing directory services. Instead, they work with your current directory services, copying your directories' data to the metadirectory and replicating metadirectory changes to your directories. The metadirectory functions only as a central point of administration; it does not affect most network users. Clients log on to their accounts and network services as they always have. Figure 1, page 126, shows the flow of directory information in a replication-based metadirectory system.
The alternative to replication-based metadirectory products are redirector-based products. Redirectors intercept network clients' authentication requests and send them to a different directory service. Novell's NDS for NT is an example of a redirector-based metadirectory product. (For more information about NDS for NT, see William Wong, "Novell's NDS for NT," page 131.) When users log on to a typical NT domain, NT sends their username and password to the domain's Primary Domain Controller (PDC) for authentication. When users log on to a system running a redirector-based metadirectory, the system redirects the username and password information from the PDC to the metadirectory server, bypassing NT's domain directory entirely. Figure 2 shows the flow of authentication information in a redirector-based metadirectory system.
Extensible Schema
During installation, Synchronicity for NT sets up the core element of its replication system: the NDS database. This database contains the objects that comprise the NDS directory tree. NDS objects are logical entities that represent the hardware, software, users, and organizational resources on your network. Servers, printers, applications, users, groups of users, and many other resources exist as objects in the database.
NDS directory trees can contain two types of objects: container objects and leaf objects. A container object is any object that can be superior to other objects on the directory tree. Container objects define entities such as departmental groupings and organizational units. By definition, container objects contain leaf objects--leaf objects cannot contain other objects. Leaf objects represent the physical resources on your network, including users, printers, and servers.
All NDS objects consist of properties, which are the fields in the database where specific types of information reside. Object classes, which are part of the directory schema, define the properties of particular types of objects. For example, the object class for user objects specifies that user objects must contain a username and password and can contain an address and telephone number.
Synchronicity for NT's installation software creates a separate container object in the NDS directory tree for each of your NT domains and imports your NT user and group accounts into the proper container object. For example, Screen 1 shows the group and user objects in the NT4DOMAIN container object on an NDS server's directory tree. By modifying the NDS directory schema, the installation process creates new object classes in the NDS directory tree that contain all the properties of your NT domain accounts. Synchronicity for NT can then import the user and group accounts from your NT domains to the new NDS object classes without losing the values of any NT properties.
After you have installed Synchronicity for NT, you can use NetWare Administrator to manage all your network's user accounts. Synchronicity for NT includes a snap-in module that lets NetWare Administrator display and manage the NT domain objects Synchronicity creates. The snap-in module also adds new choices to your NetWare Administrator Tools menu. These choices let you create NT user and group accounts from NDS objects and create NDS objects from NT accounts. You can also configure Synchronicity to automatically create (or delete) a linked NT user object in your metadirectory whenever you create (or delete) an NDS user object on one of your network's NetWare servers. The snap-in module simplifies the procedures for granting and revoking employee access to multiple network resources.
Previous
Register
