Re: Justifying the move from Novell to AD

[John Kaftan <jkaftan () UTICA EDU>]

Please keep this conversation online as we are in the process of migrating as well and I would like to know what we are 
up against.

Our drivers to move away from Novell:

Cost -

We are paying big bucks each year for a campus agreement with Novell.  Our campus agreement with Microsoft includes the 
Office suite as well as server CALs.  Microsoft per server licensing is basically free ($89 per copy for standard, 
something like $250 for Enterprise).

Security -

This may seem contrary to common perception but we already have SUN LDAP, we have to have AD to manage our growing MS 
server farm, and Novell = too complex.  The more simple a system is the easier it is to keep secure.

Integration -

Ditto what others have said.

Skillset -

It is getting tougher and tougher to find staff and support that know Novell well.

Collaboration -

We were finding that most other colleges have made the change.  It is tougher to collaborate when you are off on your 
own.


Ageing Hardware -

Our Novell system is running on EOL servers.  We need to rebuild the system anyway so now is a good time to change.


Client -

Issues with the Novell client adding another layer of complexity (printing via Vista Client, and issues with MACs and 
Novell).



I think that is about it.

John Kaftan
Infrastructure Manager
Utica College



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eoin 
Dunne
Sent: Wednesday, November 04, 2009 7:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Justifying the move from Novell to AD

Hello Tom,
This thread is of interest to me as our Institute is mostly AD with a few
pockets of Novell, the reason being difficulties in migrating Apple Macs to
AD. Examples of this would include issues with mapping shares, file caching
and errors when users moved between Mac and Windows desktops.
If anyone has overcome issues such as these I would appreciate a follow-up
discussion  (off-line if appropriate)
Many thanks,
Eoin.

--
Eoin Dunne
IT Support Manager,
Information Services Department,
Dublin Institute of Technology,
Kevin Street, Dublin 8, Ireland.

Tel: +353-1-4024604 (direct line)
Email: eoin.dunne () dit ie

-----Original Message-----
From: Tom Jackson [mailto:tom.jackson () UNCP EDU]
Sent: 04 November 2009 03:17
Subject: Re: Justifying the move from Novell to AD

We had much the same drivers and situation with Novell and just finished an
18 month migration.  Additional drivers where difficultly in finding
consultants and staff who could work with eDirectory compared to those who
could work with AD, comparative ease of implementing desktop controls via
group policies with AD, and the ability to sync Apple's Open Directory with
AD.  We hope to eventually leverage Open Directory to push out desktop
controls for our Mac users.

We used Novell's Identity Management solution to sync eDirectory and AD
during our migration.  This included bi-directional password
synchronization.  It generally worked, but it did crash from on occasion.
We did have a couple of issues with Identity Manager.  Accounts that were in
the process of syncing into AD when Identity Manager crashed were never
completely set up, and events that occurred while Identity Manager was down
were never captured and sent to AD.

Cheers,

Tom Jackson
Associate Chief Information Officer/Chief Technology Officer
University of North Carolina at Pembroke
Pembroke, NC 28372
tom.jackson () uncp edu | 910 775-4355 | 910 775-4333 (fax)
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv
[SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hugh Burley [Hburley () TRU CA]
Sent: Tuesday, November 03, 2009 4:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Justifying the move from Novell to AD

Hi Christopher,

We have made the decision to introduce AD here concurrently with Novell,
once we find a way to have E-directory update AD.  We will probably move
away from Novell over the next couple/few years. The primary business driver
is the inability to easily integrate many enterprise solutions with
E-Directory.  A second issue has been the continued decline in Novell's
customer base. This second issue is almost self fulfilling as we and other
Universities rush to not be the last Institution to have Novell. A third
driver for us is the move away from in-house email solutions at some future
date.

Example of problems:
-When we rolled out Eduroam (
https://wiki.bc.net/atl-conf/display/CANEDUROAM/Home ) the Novell radius
service was a pain to try and get working.  We did getting it working
though.
-Our Anti-virus solution integrates with AD by default but required effort
to sort of integrate with E-Directory.  Reports remain less than what I was
hoping for.
-When reviewing other enterprise solutions vendors almost always integrate
with AD and we always have to ask if they could integrate with Novell.  The
answer almost always is "we can use LDAP with some reduced functionality".
- VMWare View which we are evaluating for thin client access integrate with
AD.
-Our Windows desktop profiles are not integrated with Novell.
-Novell Certified Professionals are increasingly hard to find.

Some positive things to say about Novell:
- Novell servers are very secure.
- Our network shares and printing currently work very well.
- Novell has an excellent Identity Management suite.
- Novell has collaboration technologies that are stable and can be
effective.

Regards,


> > > Christopher Jones <Christopher.Jones () UFV CA> 03/11/2009 10:03 am >>>
We're in the process of planning a migration from Novell to AD.  We
currently are building a business case for implementing AD.  For those of
you who have recently completed a Novell to AD migration, I would appreciate
any information/documentation you may have used to support the decision,
particularly from a security and TCO standpoint.  Thanks.

Christopher Jones
IT Security Administrator
University of the Fraser Valley


This message has been scanned for content and viruses by the DIT Information Services E-Mail Scanning Service, and is 
believed to be clean. http://www.dit.ie