Re: Justifying the move from Novell to AD

[Tom Jackson <tom.jackson () UNCP EDU>]

We had much the same drivers and situation with Novell and just finished an 18 month migration.  Additional drivers 
where difficultly in finding consultants and staff who could work with eDirectory compared to those who could work with 
AD, comparative ease of implementing desktop controls via group policies with AD, and the ability to sync Apple's Open 
Directory with AD.  We hope to eventually leverage Open Directory to push out desktop controls for our Mac users.

We used Novell's Identity Management solution to sync eDirectory and AD during our migration.  This included 
bi-directional password synchronization.  It generally worked, but it did crash from on occasion.  We did have a couple 
of issues with Identity Manager.  Accounts that were in the process of syncing into AD when Identity Manager crashed 
were never completely set up, and events that occurred while Identity Manager was down were never captured and sent to 
AD.

Cheers,

Tom Jackson
Associate Chief Information Officer/Chief Technology Officer
University of North Carolina at Pembroke
Pembroke, NC 28372
tom.jackson () uncp edu | 910 775-4355 | 910 775-4333 (fax)
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hugh Burley 
[Hburley () TRU CA]
Sent: Tuesday, November 03, 2009 4:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Justifying the move from Novell to AD

Hi Christopher,

We have made the decision to introduce AD here concurrently with Novell, once we find a way to have E-directory update 
AD.  We will probably move away from Novell over the next couple/few years. The primary business driver is the 
inability to easily integrate many enterprise solutions with E-Directory.  A second issue has been the continued 
decline in Novell's customer base. This second issue is almost self fulfilling as we and other Universities rush to not 
be the last Institution to have Novell. A third driver for us is the move away from in-house email solutions at some 
future date.

Example of problems:
-When we rolled out Eduroam ( https://wiki.bc.net/atl-conf/display/CANEDUROAM/Home ) the Novell radius service was a 
pain to try and get working.  We did getting it working though.
-Our Anti-virus solution integrates with AD by default but required effort to sort of integrate with E-Directory.  
Reports remain less than what I was hoping for.
-When reviewing other enterprise solutions vendors almost always integrate with AD and we always have to ask if they 
could integrate with Novell.  The answer almost always is "we can use LDAP with some reduced functionality".
- VMWare View which we are evaluating for thin client access integrate with AD.
-Our Windows desktop profiles are not integrated with Novell.
-Novell Certified Professionals are increasingly hard to find.

Some positive things to say about Novell:
- Novell servers are very secure.
- Our network shares and printing currently work very well.
- Novell has an excellent Identity Management suite.
- Novell has collaboration technologies that are stable and can be effective.

Regards,


> > > Christopher Jones <Christopher.Jones () UFV CA> 03/11/2009 10:03 am >>>
We're in the process of planning a migration from Novell to AD.  We currently are building a business case for 
implementing AD.  For those of you who have recently completed a Novell to AD migration, I would appreciate any 
information/documentation you may have used to support the decision, particularly from a security and TCO standpoint.  
Thanks.

Christopher Jones
IT Security Administrator
University of the Fraser Valley