Domain Services for Windows*

Technical White Paper www.novell.com END-USER COMPUTING

3 picas (0.5 in) (12.5 mm)

1 2 3

Novell Logo 1 The registered trademark, ®, appears to the right and on the same baseline as the Logo.

Clear-space Requirements 2 Allow a clean visual separation of the Logo from all other elements. The height of the "N" is the measurement for the minimum clear-space requirements around the Logo. This space is flat and unpatterned, free of other design elements and clear from the edge of the page.

Minimum Size Requirements 3 The Novell Logo should NOT be printed smaller than 3 picas (0.5 inches or 12.5 mm) in width. Domain Services for Windows

Table of Contents: 2 . . . . . Enabling Greater Interoperability and Infrastructure Simplicity in Mixed-directory Environments

2 . . . . . Clientless Access: CIFS versus Domain Services for Windows

4...... Cross-forest Trust between eDirectory and Active Directory

5 . . . . . Authentication to Active Directory-style Applications

5...... Greater Interoperability and Infrastructure Simplicity

p. 1 Enabling Greater Interoperability and Infrastructure Simplicity in Mixed-directory Environments

Domain Services for To create seamless cross-authentication Authentication to Active Directory-style Windows is designed for capabilities between Active Directory* and applications ™ organizations that want to Novell® eDirectory environments, Novell pro- – Enables greater application choice consistently present their vides Novell Domain Services for Windows* – Eliminates the need to build an Active users with a complete as part of Novell Open Enterprise Server 2 Directory infrastructure to run many Active Directory-style SP1. This new technology enables Novell Active Directory-style applications environment, regardless of customers that have Windows networking whether those users need environments to set up virtual Active Directory Clientless Access: CIFS versus to access Linux servers domains within their eDirectory trees. Domain Services for Windows or Windows servers. One of the main benefits that Domain Services Domain Services for Windows allows users for Windows provides is the ability to authen- to log in and authenticate to both eDirectory ticate to a Novell Open Enterprise Server 2 and Active Directory from a Windows work Linux server without the Novell client. Since the station—without requiring multiple logins or new CIFS protocol support in Novell Open having Novell Client™ for Windows installed. Enterprise Server 2 SP1 provides a similar It provides interoperability between eDirectory benefit, some will likely wonder when it is and Active Directory environments, simplify appropriate to utilize Domain Services for ing network infrastructures in a way that helps Windows versus Novell CIFS. reduce IT costs, streamline IT operations and improve the overall user experience. When to Use Domain Services Domain Services for Windows delivers the for Windows following functionality and benefits: In terms of clientless access, Domain Services for Windows enables eDirectory users to Clientless login utilize common Windows desktop operations – Simplifies desktop image management to access file services on Novell Storage and reduces associated costs Services™ (NSS) volumes that reside on Linux* – Streamlines user experience servers. It does this by using Samba shares Cross-forest trust between eDirectory or NTFS files on Windows servers that use and Active Directory CIFS shares, as well as shares in trusted – Eliminates the need to synchronize and Active Directory forests. Domain Services for duplicate identity stores, reducing infra Windows supports common authentication structure complexity, simplifying user protocols used in the Windows environment, management and lowering investment including Kerberos*. costs in directory server hardware – Lowers training and support costs by Additionally, Domain Services for Windows is allowing administrators to perform basic designed for organizations that want to con user administration for all users using sistently present their users with a complete either Novell iManager or Microsoft* Active Directory-style environment, regardless Management Console of whether those users need to access Linux

p. 2 Domain Services for Windows www.novell.com

Domain Services for Windows gives organizations with mixed eDirectory and Active Figure 1 (left). In the past, workstations needed Directory environments the Novell Client to authenticate to Active Directory the ability to standardize in order to consume certain applications. on an Active Directory- style desktop. Moving to a completely native Windows desktop environment can greatly simplify desktop image management, thereby significantly reducing Figure 2 (right). In addition to eliminating the its related costs. need for the Novell Client, Domain Services for Windows reduces infrastructure complexity in mixed eDirectory and Active Directory environments.

servers or Windows servers. It enables a organizations need to maintain only a single Novell Open Enterprise Server 2 Linux server image library for all their users. to appear as if it is an Active Directory domain controller, allowing users to log in and authen When to Use Novell CIFS ticate to it with a native Windows client using Novell CIFS is for organizations that want their user principal names and eDirectory to provide their users with basic workgroup passwords. It also allows organizations to authentication and access to the Novell take advantage of Windows Group Policies NSS file system on Linux from a Windows to provision and provide seamless access workstation without needing Novell Client to resources via their Windows or Active for Windows—but without all the overhead Directory environment. of an Active Directory-style presentation. They don’t need Kerberos authentication, Furthermore, Domain Services for Windows the Microsoft Management Console or gives organizations with mixed eDirectory Windows Group Policy support. Their users and Active Directory environments the ability just want to be able to map and access to standardize on an Active Directory-style their network drives natively. desktop. Moving to a completely native Windows desktop environment can greatly Common candidates for CIFS are organi simplify desktop image management, thereby zations that have Novell Open Enterprise significantly reducing its related costs. Server as their primary environment and Instead of having to maintain separate image simply want their users to be able to authen- libraries for Novell Open Enterprise Server ticate to network resources without relying on users, Microsoft Windows Server users and the Novell client. Other candidates include users who leverage both environments, organizations that have been using CIFS on

p. 3 Domain Services for Windows can eliminate The solution does this by establishing a cross-forest trust between the Domain the need to duplicate identities because Services for Windows forest and an Active the rights and attributes for a user now only Directory forest. As a result, eDirectory users in the Domain Services for Windows forest need to be maintained in one directory can not only authenticate to Novell file-and- repository instead of two. print services using their native Windows clients, but its seamless cross-authentication capabilities also enable those users to use Whether organizations NetWare® and are making the move to Linux. their eDirectory usernames and passwords need to reduce the These organizations simply want to continue to authenticate to Active Directory services. number of workstation using the native Windows authentication that images to be maintained, the Novell CIFS protocol provides. A typical use case scenario that addresses simplify user authenti this cross-forest trust would involve an enter- cation, lower support Additionally, organizations that want to give prise that, as a result of a merger, has a large costs, eliminate the need their users clientless access to NetWare will eDirectory infrastructure and a large Active to duplicate directory want to take advantage of Novell CIFS since Directory infrastructure. In the past, if the stores or enhance Domain Services for Windows does not enterprise wanted all of its users to be able the co-existence and provide this functionality. to access services and resources from both interaction of multi- infrastructures, it would typically utilize direc- directory environments, It should be noted that while Domain Services tory synchronization, which literally doubles Domain Services for for Windows and Novell CIFS can exist within the number of users that need to be stored in Windows offers an the same eDirectory tree, they cannot exist each directory. Domain Services for Windows alternative to the rip on the same server. The two technologies can eliminate the need to duplicate identities and replace mentality are mutually exclusive because they listen because the rights and attributes for a user AZof other solutions. on the same ports and use similar protocols. now only need to be maintained in one directory repository instead of two. Cross-forest Trust between eDirectory and Active Directory It’s important to note that the initial release of In addition to eliminating the requirement the solution only allows eDirectory users to for the Novell client, Domain Services for access both Active Directory and eDirectory Windows enables large organizations to resources. Novell intends to extend this capa streamline heterogeneous environments by bility to Active Directory users in subsequent enabling greater interoperability between releases. However, this release does allow eDirectory and Active Directory infrastruc- Active Directory users to authenticate to tures. The solution enables organizations Active Directory-style applications that exist to create a cross-forest trust between these in a Domain Services for Windows domain. different identity stores that allows cross- forest authentication and authorization. Another benefit that Domain Services for Windows provides is the ability to automati- It’s important to understand that Domain cally provision user objects with universal Services for Windows is not a directory passwords for applications and services, synchronization solution. Rather, the cross- such as Samba, by implementing Active forest trust enables organizations to establish Directory password policies over universal a relationship between Active Directory password policies. This eliminates the need to and eDirectory that allows each user to create and maintain a specialized infrastruc- be represented by a single user account, ture for provisioning universal passwords. regardless of where that account resides.

p. 4 Domain Services for Windows www.novell.com

Authentication to not work on all such applications. Even though With advanced, innovative Active Directory-style Domain Services for Windows uses an almost and interoperable features Applications identical authentication mechanism as that such as Domain Services used by Active Directory, applications such for Windows, Novell Open Even Novell customers that do not have as Microsoft Exchange that utilize advance Enterprise Server 2 SP1 or want an Active Directory infrastructure APIs and require certain extension schemas saves organizations can derive significant benefits from Domain might not be able to take advantage of this money, protects their Services for Windows. For example, an orga- functionality at this time. investments, simplifies nization might have a network infrastructure their infrastructure and based entirely on Novell solutions, but they As mentioned previously, in addition to improves their overall have or need to purchase an application that allowing eDirectory users to authenticate to user experience. leverages Active Directory authentication. Active Directory-style applications, the cross- Building an Active Directory infrastructure for forest trust relationship that Domain Services the sole purpose of supporting this applica- for Windows provides also allows Active tion can introduce considerable complexity Directory users to authenticate to Active and expense to the environment. In this Directory style-applications within a Domain scenario, Domain Services for Windows Services for Windows domain. can eliminate the need to build an Active Directory infrastructure. Greater Interoperability and Infrastructure Simplicity For most of these Active Directory style applications, a Domain Services for Windows Whether organizations need to reduce the domain looks and acts just like an Active number of workstation images to be main- Directory domain. As a result, after users tained, simplify user authentication, lower authenticate to Domain Services for Windows, support costs, eliminate the need to duplicate many of these applications will recognize the directory stores or enhance the co-existence Domain Services for Windows credentials and interaction of multi-directory environments, as authentic and automatically log them in Domain Services for Windows offers an alter to the application without prompting them native to the rip-and-replace mentality of for their username and password. This all other solutions. With advanced, innovative happens without the existence of an Active and interoperable features such as Domain Directory domain. Services for Windows, Novell Open Enterprise Server 2 SP1 saves organizations money, While Novell has verified this functionality on a protects their investments, simplifies their variety of Active Directory-style applications, infrastructure and improves their overall including Citrix* Presentation Server, it might user experience.

p. 5 Gain greater interoperability and infrastructure simplicity with Domain Services for Windows.

www.novell.com

Contact your local Novell Solutions Provider, or call Novell at:

1 800 714 3400 U.S./Canada 1 801 861 1349 Worldwide 1 801 861 8473 Facsimile

Novell, Inc. 404 Wyman Street Waltham, MA 02451 USA

462-002108-001 | 01/09 | © 2009 Novell, Inc. All rights reserved. Novell, the Novell logo, the N logo and NetWare are registered trademarks, and eDirectory, Novell Client and Novell Storage Services are trademarks of Novell, Inc. in the United States and other countries. 3 picas (0.5 in) *All third-party trademarks are the property of their respective owners. (12.5 mm)

1 2 3

Novell Logo 1 The registered trademark, ®, appears to the right and on the same baseline as the Logo.

Minimum Size Requirements 3 The Novell Logo should NOT be printed smaller than 3 picas (0.5 inches or 12.5 mm) in width.