False Microsoft Claims Found on their NT Web Site

Microsoft Falsely Details Comparison Inaccuracies

Marketing Errata

February 1996

As part of an ongoing effort to distill facts from the marketing hype surrounding Microsoft's NT Server, Novell produced the "Do You Know?" kit in the fall of 1995. This kit contains a collection of white papers, marketing briefs, sales briefs, and presentations on the differences and advantages of NetWare compared to NT. In response, Microsoft has posted the document "Novell's Comparison of NetWare 4.1 and Windows NT Server 3.51 are Inaccurate" which lists several points where Microsoft's cursory analysis differs. This document points out the inaccuracies in Microsoft's evaluation.

While there are some markets where NetWare 4.1 and Windows NT Server 3.51 compete directly to provide the same service, there are many other areas where NT and NetWare will be used in conjunction with each other. Novell's vision (and current application) is to provide the network infrastructure on which all network resources will be connected, accessed, and managed. Through NetWare Directory Services (NDS), users will be able to manage users, groups, servers, routers, hubs, printers, embedded devices, office equipment, and applications that will be running on other operating systems such as NT, Unix, and OS/2. NDS and NetWare will embrace and enhance application servers to provide powerful access, use, and management.

Conflict points for Microsoft:

1) Location independence and single network login to all network services.

Location Independence - Novell maintains that NT capabilities in this area are very limited. Using a combination of domains, trust relationships, and administrator rights, it is possible to piece together a relatively static structure that will allow NT users to login anywhere in the network. The complexity and administration to do this however, increases quadratically as the network grows. A simple illustration helps clarify the degree of complexity required.

Assume a company has three functional departments (Accounting, Manufacturing, Sales) with Sales located in a distant city. John Smith in Manufacturing has the need to access information from the Sales database and the Accounting database. With NT, there would most likely be three separate domains one for each department and a WAN link to Sales. This would minimize authenticating over remote links and help maximize performance. Before John could access information or resources from other departments the following must be done:

a) administrator in Manufacturing must create trust relationships with:

b) administrators in Sales and Accounting must do the same
c) once trust relationships established, user must be given permissions to specific resources through group memberships such as printers, databases, communication servers, etc.

Now suppose that John takes a new position as a Sales Support Engineer. To move a user from domain to domain requires the following:

a) Access user via "User Manager" program write down or copy pertinent information -

b) *** Delete user from Manufacturing domain ***
c) Choose User/Select Domain.../Domain B
d) Create NEW user John Smith e) Add John Smith to all global groups required
f) Add John Smith to any new local groups required

With NetWare using NDS, at least 17 of the preceding management steps can be avoided. To move a user from OU (organizational unit) to OU requires the following steps:

a) Run NWAdmin
b) Click on user - drag and drop from old OU to new OU

Group membership equivalents and access is inherited from the OU object and all specific resource rights are maintained.

NT's limitations when moving resources from domain to domain stem from the use of a Computer Identification number (CID). With the creation of a new primary domain controller (PDC), a CID is generated that is keyed to every resource associated with that domain. Moving resources from domain to domain can't take place without regenerating a new association for the PDC CID which can only occur at creation. This is the reason that a domain can't be renamed without reinstalling the server OS and starting over. Moving users or resources from domain to domain requires deletion and recreation.

Single login to network resources. Microsoft's attempt here is to minimize the value of a directory. Single login with NetWare to network resources means that using NDS as a central user object repository, all desired authentication can take place without using multiple user databases. NDS can be used as the MS Mail directory, a SQL database authentication directory, the Notes or cc:Mail directory. Changes made to a user object or attribute can be effective for all applications on the network. In addition, access to all network resources (printers, fax, files, directories, printers, applications, etc.) can be managed through NDS.

With NT, you can access file and print services but other services such as SQL, SNA, Exchange, require special effort and directories to provide authentication.

2) X.500 Interoperability

Novell has never claimed that NDS is fully interoperable and compatible with X.500. NDS is hierarchial, partitioned, distributed, replicated, and extensible according to the X.500 specification; NT domains are not. NDS provides for access controls and schema extension according to X.500 convention; domains do not have this capability. X.500 is an evolving standard that will encompass all types of network resources. NDS is a superset of the current standard with additional proprietary tools for administration and management. As X.500 matures to a full directory standard, the common foundation structure now available in NDS will provide full interoperability plus additional functionality.

3) NT Server is not Scalable

Scalability exists on several dimensions. For pure scalable performance, NT in current version cannot match NetWare. Integrators installing both systems for file and print or e-mail state that NT can safely handle only about 100 users per server; even Microsoft technical support recommends no more than 250 users per server. With the same load, NetWare can handle 400-500 users. Many large NetWare customers are routinely running 1000-1500 users per server with some having as high as 2000. Tests soon to be released show NetWare SMP outscaling NT in tests using more than 4 processors.

The ability to scale network management is another critical factor. For example in a 25 domain (site) network, the number of trust relationships that would have to managed between administrators (not to mention specifying access to specific resources) would be 25*24=600. With NDS, all 25 sites could be managed and accessed by a single administrator from any workstation in the network.

4) Moving Users

Using the example in item 1 above, moving a user in multiple domains with group memberships requires at least 17 steps with NT and 2 steps with NDS. The NT steps can not be made using a mouse only as new user information must be input, and the number of steps increases significantly.

5) NT Has No Single Point of Administration

Microsoft points out that by using a separate remote utility, administrators can manage users from anywhere in the network. This is only true if the appropriate trust relationships have already been established. Network resources, however, are not limited to users. Managing applications, servers, volumes, printers, groups, PBXs, etc. are not possible through NT's User Manager. NWAdmin (the Windows based NetWare GUI utility) provides a single point of access, management, and control and it can be run from any point on the network without requiring a remote utility.

6) NT Server Offers Limited Fault Tolerance for the Directory

First, NT Domains are not directories (see item 2) even though Microsoft has recently renamed NT domains to Microsoft Directory Services. Recent press quotes regarding Microsoft's claim to a directory are as follows:

Second, the requirement to have a separate NT machine acting as a backup domain controller does not provide the same flexibility as a distributed, replicated, object store such as NDS. And third, Microsoft does not offer a fully redundant level of fault tolerance with mirrored drives and memory such as SFT III.

7) C2 Certification

NT Server 3.5 is still only C2 certified as a standalone workstation (Orange Book). NetWare is in the process of full network certification (server, workstation, and media connecting them - Red Book) and is expecting certification before Microsoft.

Below is a portion of the latest (as of January 29, 1996) National Computer Security Council (NCSC) Evaluated Products List (EPL) entry on Microsoft Windows NT Version 3.5 dated 31 JULY 1995. The EPL is the only reliable source of public information on how far along any vendor is in the C2 evaluation process.

Two quotes from the attached entry should help answer questions on Microsoft's official status as of 31 JULY 1995. There is nothing newer than this concerning Microsoft in the EPL as of 29 JAN 1996.

C2 certification (network environment) does not actually begin until a letter of agreement has been sent (called the blue letter). As of January 29, 1996, no public letter of agreement has been publically posted by the NCSC indicating that NT certification for C2 Red Book (complete trusted network) has started or is in process. Novell received the blue letter on August 4, 1995 and certification is officially in process.

8) Print Features

Several of the print features noted by Novell as missing (out of paper alert, paper-jam, printer offline, etc.) are actually available through the Print Manager utility in NT. Novell admits and regrets the error.

9) Windows NT Server Directory Services Are Not Flexible

This market bulletin has shown through several examples that while many things that Microsoft claims are possible can be done, the effort required to accomplish the same simple tasks in NDS is immense with NT domains. Creating two-way trust relationships between every domain, directly specifying access for specific users, and then tracking the relationships affected when changes are made is much more difficult than with NDS. In addition, NT domains manage users and groups; no capability is built in for managing applications, peripherals, network components or modifying the structure to accommodate these resources. Management, especially in geographically or functionally dispersed networks, is difficult and requires additional routers and backup domain controllers.

Service/Feature NetWare 4.1 Windows NT Server: MS's Version Windows NT Server: THE FACTS
Directory Service - Have one? Yes Yes No - modified flat structure with trust relationships. (See note 6.)
Single login to services Yes Yes Limited - Only if trust relationships have previously been established and specific access in multiple domains granted.
Location independent login Yes Yes Limited - Only if trust relationships have previously been established and specific access in multiple domains granted.
X.500 interoperability
    Hierarchical
    Partitioned
    Distributed
    Replicated
    Extensible

Yes
Yes
Yes
Yes
Yes
No No - Domains are flat tables of addresses and users names. They are not structured and distributed like X.500; NDS is.
Moving a user one step drag and drop point and click Limited - see note 1
Single point of administration Yes Yes Limited - see note 5
Fault tolerant Yes Yes No - see note 6
Flexibility Yes Yes Limited - see note 9

In the same document, Microsoft made several additional comparisons to NetWare that are not completely correct.

1) TCP/IP support - NetWare is not limited to 5 users. NetWare/IP is included with NetWare and users have the option of running IP, IPX or both at no extra charge.

2) Windows95 integration - NetWare's Client32 for Windows95 is shipping and has been very favorably reviewed by the major networking trade magazines.

3) Symmetric Multiprocessing - NetWare SMP is now available through OEM partners and in preliminary testing is scaling and performing better than NT.

4) Management from Server Console - NWAdmin (the Windows based NetWare administration utility) can be run from any workstation on the network. The Rconsole utility can manage the server from any workstation as well. Having the server provide dual function as a server and workstation is advantageous in some situations but is generally considered a performance or security risk.

5) Services for Macintosh - The Novell Macintosh client recently shipped and has been very favorably reviewed by trade publications and well received by customers. Native Macintosh name spaces have always been integrated with NetWare. The new Mac client connects directly and efficiently using IPX and provides access to NDS.

6) Automatic Client Install - Client32 for Win95 installation is a simple one step process. This process can be automated and made available to every user on the network using the new Application Launcher utility that is included with the client software and only available on NetWare.

A recent Forrester Report compared NT and NetWare as Networking Operating Systems as follows:

Network O/S NT NetWare Comments
File/print 2 5 NT has NetWare 3.x-like file/print with diminished performance. NetWare offers fast distributed file/print with native support for DOS/Win, Mac, OS/2, UNIX, and OSI.
Directory 2 4 NT's current naming scheme is limited, future relies on "Cairo". NDS is scalable, tried technology, but difficult to extend.
Security 2 3 NT's Kerberos-based strategy misses public-key/private-key standard. NetWare is RSA-based, being adopted by HP for DCE. Both lack third-party use.
Systems/network management 2 4 Microsoft takes a utilities approach with little support for SNMP and DMI. NetWare integrates management across product lines, and supports SNMP, RMON, and DMI.
Administration 3 4 NT's advantage is ease-of-installation at the low end. NDS enables enterprise-wide add, move, and delete with changes transparent to the user.
Object 3 3 Microsoft's strength is local machine OLE, which will be extended in network OLE. NDS is an object-oriented data store. Novell supports both OLE and CORBA.
Transaction 2 4 Microsoft promises transaction services based on distributed OLE and OLE DB. Novell's Tuxedo is first-class and will be integrated with NetWare.
Total 16 27

Source: Forrester Research, Inc. NetWare Or NT? - H. Waverly Deutsch, Jon Oltsik, George F. Colony - Volume Thirteen, Number Two, November 7, 1995