Notice: You have reached an older version of the Vox Technologies website.

We still carry the products and offer the services on this version of the site, but many features and services are out of date.

To be directed to our new portals, please select from the below:

Please do not hesitate to contact us directly at +1-972-234-4343 or (toll free) 1-800-941-0322.

ICP Electronics
ITouch Partner
Lucent Partner
Marconi Partner
Nortel Partner
RAD Partner
Telco Partner
Tellabs Partner
VoxTechnologies 3Com Partner
Adtran Partner
Alcatel Partner
CA Partner
ChannelBank
Cisco Systems Partner
Eastern Partner
Enterasys Partner
Extreme Partner
Larscom Partner Kentrox Partner

Source for VMEbus, PMC Modules, CompactPCI, Single Board Computers, Rackmount Servers, and Rackmount Chassis

Ordering Form   

Unit of Measurement Converter

 

VoxTechnologies Enterprise Network Series
 

Directory Enabled Networking

A Technology Guide


Abstract

As networks continue to expand and interact, the problems involved in controlling them from an enterprise point of view expand accordingly. In addition, the need to gather effective information on a timely basis is a critical success factor for any enterprise competing in today's overheated economy.Two trends are obvious: the need to simplify the users' contact with the network and the need to simplify the technical management of the network, including bandwidth management, and the expansion and introduction of new technologies. In this technology guide, we describe a cost-effective solution to both of these problems: Directory Enabled Networking.

 

Introduction

Networks are expanding at an accelerating, indeed alarming, rate.With the universal adoption of Internet standards, there is increasing pressure on organizations to interconnect all of their isolated LANs into unified intranets and/or extranets. In addition, virtually any computing device can be tied into an enterprise network.

 

As savvy businesses exploit new applications involving e-commerce and e-business, network managers and architects are required to make more and more information available across multiple platforms. As if that were not enough, the explosion of available networking and computing offerings requires a means to seamlessly connect these vastly different technologies both physically and logically. Even if that is done, there is the serious problem of balancing the conflicting bandwidth demands of different applications. Some require fast but bursty pipes while others can accept a more relaxed transmission mode.The enterprise needs a mechanism of mixing and matching the global needs of all enterprise applications so that appropriate service is maintained consistent while minimizing the cost of providing those services.

As an example, consider the annoying problem that the Widget Corporation is facing.Widget is an international organization that has monthly meetings of its eighteen branch vice presidents from around the world. Since the cost of air travel is substantial and escalating, and it is grueling for each senior executive to travel around the world for these meetings, and since the lost productivity of these air-bound executives is enormous, another solution was needed.

The obvious candidate was videoconferencing. But while this technology would solve the problem, the cost would be prohibitive.Widget could not afford to install a separate, global videoconferencing network just for 12 meetings a year. So, the IT department at Widget suggested another solution.The department had just finished testing a PC-based videoconferencing system that could run over the company's existing global network.The only catch was that the video data packets had to be given top priority; video demands high bandwidth so that the video feeds remain acceptable to viewers. Widget needed to find a way to give the senior executives' traffic top priority around the world, through many different parts of their network, once per month on an arbitrarily scheduled basis, just for the duration of the teleconference, whose length, of course, cannot be predicted. But how could they do it? Their solution was Directory Enabled Networking (DEN). As will be described, DEN enables the entire enterprise network to give the highest priority to this single application on the dates and times specified so that all necessary resources are given to these data packets first. When the conference is over, the global network reverts to its normal operation.All of this happens on an automatic basis without human intervention, thanks to DEN.

The need to access data corporate-wide is an even more pressing problem than accommodating the vice presidents at their monthly meetings.As organizations evolve from multiple, unconnected client-server LANs into a single, interconnected, enterprise-wide network, the mission-critical data that drives the company remains isolated on local LAN databases, even though the network itself is physically integrated. If data is isolated, likely in different formats on different architectures and generally not available on an enterprise-wide basis, then the effective use of cutting-edge applications is significantly compromised because the relevant data cannot be accessed in a timely manner. Correspondingly,the company that can harness this data will be the company that succeeds in the net-intensive 21st century.

This presents the network manager with two major problems: managing increasing complexity of the network while satisfying demands for simplicity from the outside. As increasingly sophisticated e-commerce applications are launched, the enterprise network will come under another threat to efficiency-the quick search for relevant information. Information needs to be located using different approaches. Getting the right information quickly and in a useful format is already becoming an important issue, and the enterprise that deploys an effective solution to such retrieval will have a significant market advantage over those doing business in the traditional manner.

 

Unresolved Enterprise-Wide Networking Issues

It is clear that enterprise networks need mechanisms that can provide two basic services: simplification of network access for end-users and the capability to make relevant information available to the appropriate people at the right place, at the right time, while minimizing business costs.When this universal access is available, however, there are many potential problems related to the inability of the network elements to properly coordinate the data repositories throughout the network. Some of these problems are:

 

  • No Control Over Bandwidth Allocation. Applications need different bandwidth depending on their nature. For example, an application may need to transmit video data at a precise but unpredictable instant. If the network cannot quickly allocate the necessary bandwidth, the application will not achieve its intended purpose. If the network can dynamically allocate bandwidth on an as-needed basis, its applications will run effectively, the bandwidth will be allocated efficiently and the total cost of network ownership will be significantly reduced.
  • No Control Over Latency. Applications can also have specific latency needs. E-mail for example, does not normally need expedited treatment. On specific occasions though, a message might need priority status to be sent through the network as quickly as possible. Most enterprise networks do not permit transient resetting of application bandwidth parameters and may not even allow static priorities.
  • Costly, Slow Administration and Management. If the management of the network is decentralized, network management will become fragmented. Fixing problems will take much longer, increasing the cost of component downtime.The problem of configuration management becomes a very expensive proposition. Consider the problem of updating a piece of software that runs on hundreds of PCs. If this is not automated, the cost of individually updating each of those PCs becomes astronomical.
  • Lack of Consistent Security. When diverse components are connected, the problem of security increases significantly. The network must have a consistent security policy. For example, there should be only one password per entity throughout the organization.Virus protection should be automatically provided and there should be an audit trail to verify compliance. Consider the problems that the organization would have if a trusted supplier suddenly became a corporate enemy. If the appropriate protections were not taken globally at the same time, that supplier could access parts of the network that were not informed of the change in protection.A consistent security policy that can be implemented instantly organization-wide would save potential embarrassment and possible economic loss.
  • Lack of Consistent Network Policy. If there is not a central repository for network policy, each local administrator will allocate bandwidth and priorities on an ad-hoc basis.This means that the overall policy will not be synchronized or globally optimized. Guarantees cannot be given to applications and their execution will either fail or be seriously compromised.
  • No Control Over Users. Networks cannot restrict user access during critical times. For example, if the network were supporting the video feed for the monthly videoconferences, it would be prudent to restrict non-essential e-mail and web searches until the bandwidth had been released. Similarly, when users access the network remotely, most corporate networks will not perform additional security checks or keep an audit trail of the user's activities. Most networks will permit local "hogging" of the bandwidth. If a specific department suddenly floods the network with bandwidth requests, other departments will suffer an unnecessary degradation of service
  • Slow Corporate Response. The world of the 21st century moves at Internet speed.The enterprise must react to changes at the same rate. If the network cannot respond in a timely manner, business advantage may be lost. In addition, if changes are to be made, they must be made quickly. Failing to do this will yield the advantage to competing organizations.
  • Inaccurate Data. Because customer data can be spread over hundreds of different local databases, a single change may not be propagated to other relevant databases. For example, if the manager of a local database is informed that a customer's address has been changed, the new address may not be propagated to other databases resulting in lost correspondence or delays in collecting accounts.
  • Unnecessary Duplication of Data. Duplicate data represents a significant cost to the organization. It costs to collect the data each time it is recorded separately and if changes are made at a local database, these may not reflected in a timely manner. Having a single store for data items reduces the cost of owning that data and prevents inconsistent use of stale versions.
  • Incompatible Data Formats. The data stored in various databases will likely be in different formats. Requiring applications to understand and convert each of these formats will increase the cost of modifying those applications and errors in data conversion. If there were a way to transparently map data into a consistent format for the application, no changes would be necessary.The cost of application maintenance would drop dramatically. As an example, consider the way local databases might represent postal codes.The nation of origin of the database determines the local format-American, Canadian, English, etc.An application that has the format automatically mapped would require no modification. Similarly, when a new country was added to the network, no changes to any application would be necessary.
  • Lack of Personalization. A key to doing business in the 21st century is to be able to personalize the enterprise's approach to each customer. When a customer places an order, it is imperative that all of the information associated with that customer be available to all interested applications at the time of entry. If it is not, then not only sales, but also customers may be lost.

Value of Properly Integrating Directories and Database Repositories

Having these complex enterprise-wide network problems resolved is worthwhile considering the value to the organization.A solution that can solve these problems in a cost-effective manner will provide real payback to the organization.The cost of the solution will be justified by an increase in business and by a decrease in network cost of ownership.The following views illustrate the value of solving these problems.

 

  • Fast Corporate Response. Moving in Internet time is mandatory in today's business environment. Being able to quickly integrate a new technology into network applications increases opportunities for revenue generation. Likewise, the ability to quickly ramp up operations in order to seize new business opportunities greatly depends on being able to scale the network in a consistent, evolutionary fashion. In addition, being able to reset the parameters of network bandwidth and latency on-the- fly means that the enterprise network can respond in real-time to these needs, expediting priority requests from mission-critical applications. As this is being written, a category four hurricane is approaching the shore of the southeastern USA. A top-priority e-mail message suggesting appropriate action for all employees in the affected region had better not be delayed by some web browser checking out the local sports news.
  • A Policy-Based Enterprise Network. This enables priority-based decisions to be made on a globally optimized basis. For example, if a mission-critical application suddenly demands massive bandwidth for an important transmission, web applications will be either slowed down or disabled until the priority application is finished.When the priority bandwidth is no longer needed, these less-important applications can soak up the free bandwidth as needed. Thus the organization can guarantee that the appropriate policy is deployed. In addition, that policy should be capable of being modified on a moment's notice.
  • Fast, Cost-Efficient Administration and Management. Network management that is logically centralized is much more cost effective. Configuration management is easily rationalized and faults in the network can be quickly isolated and corrected.
  • Consistent Security Policy. This enables all customers and employees to have their own passwords and control lists logically centralized.When a security clearance changes, it is changed in one spot and the entire organization sees that change. Similarly, the same virus protection program can be run corporate-wide on any incoming e-mails or file transfers.
  • Accurate Data. If data is more consistently accurate, then mistakes in billing, addressing, etc. may not occur as frequently.This can save a significant amount of time and expense. In M. Hammer's account of the reengineering of Ford's Account Payable process 1 , he found that 75% of staff work involved correcting invoices that had inaccurate, manually entered data. Using accurate data resulted in significant staff reductions, and not only was a significant amount of money saved, but the invoice-cycle time was reduced from weeks to days, with a related increase in supplier satisfaction and a much better cash flow.
  • Single Data Storage. Having data stored in a unique location reduces the costs of duplicating storage. In large organizations, this is significant. In addition, there is an expense associated with collecting data, so having it collected only once reduces that cost. It also increases customer satisfaction when data doesn't have to be reentered multiple times.These capabilities are also valuable internally. It is estimated that a typical company has about a 20% personnel turnover per year. Being able to instantly update all of the related corporate database from a single data entry simplifies network administration.
  • Logically Compatible Data Formats. This enables applications to have a single view of all of the corporate data.The decrease in maintenance costs will be substantial.
  • Customer Personalization. Being able to logically relate all of the information associated with a single account allows an organization to provide more personalized targeted service to that customer.This inevitably leads to increased sales and increased loyalty.

Directory Enabled Networks

A Directory Enabled Network (DEN) is a cost-effective and efficient way of achieving the benefits described above.A DEN enables the network manager to configure the entire network so that the bandwidth and latency allocations for the organization's application portfolio can be dynamically managed in the most effective manner for the entire organization.The allocation of these two critical resources is done on a global basis taking into consideration all of the needs of the enterprise. DENs also rationalize the day-to-day management of the entire enterprise network. For example, configuration control is centrally located.Thus if the company's routers need an upgrade to their firmware, a DEN-based application can keep track of the installation process, providing progress reports and proof that all of the upgrades have been performed.A DEN also enables a user to correlate the different characteristics of each individual database repository in such a way that different applications can effectively use relevant data from anywhere in the organization, regardless of its physical format. It separates the logical properties of abstract concepts such as security, bandwidth allocation, latency guarantee, quality of service demands, etc., from the physical components of the enterprise network. DENs have two main components: the Directory and the Policy Server.

Directory

A directory in this context is a mechanism to store and retrieve information about cross-referenced data. Directories are common devices in society. Simple physical examples include the telephone directory and the Yellow Pages. Directories are also commonplace in software.There are used to locate user files, network addresses, and many other entities.

 

Technically, a directory is a mapping from a search string to a resultant string. In the case of the telephone directory, it maps a person's name and possible street address to a telephone number. Note that the country and area codes are implicit in the phone book listings.

Directory Enabled Networking correlates all LAN directories and integrates them into a single centralized logical entity. It also provides automatic-mapping mechanisms to switch back and forth between different data formats. DEN formally separates parts of the network into separate entities, such as the Policy Server, the Directory Server, the Application Server and anything else that would benefit from logical and/or physical separation.

 

The X.500 Directory Project

The first attempt to define a global, open standardized directory was the X.500 Directory Services Standard, which was promulgated by a combined technical sub-committee of ISO/CCITT. (CCITT has been renamed the ITU.) Initially driven by the need of the world's telephone companies to provide a directory service for the e-mail standard, X.400, it was intended that the directory would automate the world-wide White and Yellow Page telephone directories. However, the ISO participants quickly realized that the standard would be applicable to a far-wider range of applications, particularly in the area of distributed applications running over various lower architectures.As a result, the standard took more than a decade to develop.There are three official versions-1988, 1993 and 1997-representing increasing complexity. But that complexity has resulted in a standard that is very difficult to implement in an industrial-strength instantiation.

 

Schema Descriptions

The individuals who developed the X.500 standard quickly realized that there were many more ways to address entities than just by their names. So the concept of schema descriptions of entries was introduced.A schema is a formal way of defining how data is to be organized and represented from a logical, physically independent viewpoint. When each participating site is given the schema for an entry, it can store and retrieve local data relating to an X.500 request locally and can transmit that data to other sites when requested. Thus, one of the important standards activities was to define a universal set of common schema that every participating directory would understand, and permit cooperating directories to exchange schema among themselves.As an example, an e-mail name would be common universally. But a local organization might have schemas that were private to its extranet.

 

The X.500 Directory

The entire X.500 directory service is referred to as the 'Directory' even though there may be many (possibly millions) separate servers holding parts of the overall directory data. Directory contents are attribute-based and the fundamental directory entity is an entry.An entry is a collection of attributes that has a unique name (called the Distinguished Name).The schema describes the form that these attributes can take. If cooperating directories understand each other's schema, they can exchange data even though the local individual representation may be quite different. These names are hierarchically organized in a tree structure. Each of the entries has a 'type' definition and one or more values associated with that type.Types are typically mnemonic strings like "email" for e-mail addresses. An e-mail attribute might be "jjones@sympatico.ca" for example.The required attributes needed in an entry are controlled by a special attribute called an objectclass.

 

The directory can store information related to network entities, their attributes and current status, IP addresses, e-mail locations and a host of related information.

With this capability, for example, a local PC could request the services of a color printer on the network for printing out a color document. In this example, the directory would respond with the address of the closest available printer, queue the request and inform the client. Since its schema describes the client's data, the directory could invoke a translation program if the printer could not accept the data in that particular form. With these capabilities, its clear that X.500 can serve as the unifying factor that enables Directory Enabled Networking. As long as the appropriate schema is defined, LANs can be interconnected and applications can invoke translation programs whenever necessary.

In addition to enabling access to network devices based on their abstract attributes, X.500 has a corollary definitionÑthe X.509 universal security standard, which is the certificate authentication portion of X.500.

LDAP

The X.500 standard, however, is so massive and resource intensive that efficient implementations, such as using X.500 for dynamic routing in a network, are difficult.To address this question of efficiency, a stripped down version of the X.500 access protocol called LDAP (Lightweight Directory Access Protocol), which avoids the heavy overhead mandated by the X.500 standard, was developed in the early 1990s.This version is now accepted by all major vendors and has emerged as the most likely standardized directory services access protocol.

 

LDAP is neither a directory nor a database. It is an access protocol that works in conjunction with other facilities such as relational database software. LDAPv3 (RFC 2251) is the latest version of the standard and, in addition to defining a basic access protocol, defines an information model that is hierarchically organized in terms of its entries, which are structured according to their attributes and specific values. That is done by defining a schema for common standard values such as people, organizations and countriesÑvalues, for example, that one would need to facilitate e-mail. LDAP is fully compatible with standard X.500 and has been adopted by all major directory vendors, forming the infrastructure for true directory interoperability.

LDAP defines standard operations that clients can use in accessing, updating and massaging data in a directory environment. In addition to defining how its functions are to be mapped onto TCP/IP, it also supplies a standard set of function calls and definitions that application programs can use to access the directory.

LDAP and the Internet
Work is also underway to formally integrate Internet directory information into LDAP (RFC 2247, 2377). In parallel with the X.500 development, the Internet has the same need to find and interconnect millions of servers.This was solved on the Internet by developing a simplified directory services protocol called the Domain Name Service (DNS) that quickly locates IP server locations. Integrating the two services is a critical part of a Directory Enabled Networking.

DMTF and the Common Interface Model
It is not enough, however, to simply use LDAP to create a Directory Enabled Network. Schemas have to be defined among all cooperating directories on the network.This requires a universal set of common definitions that can be used by all networks.

This problem has been addressed by the Distributed Management Task Force (DMTF), which has defined a Common Information Model (CIM).The CIM is a standard object-oriented model that formally represents objects in terms of instances, properties, relationships, classes and subclasses. The Directory Enabled Network initiative, which is an ad-hoc group of DMTF consisting of more than 70 companies, has worked out a specification for modeling functionality and management of network elements and services.The DEN LDAP work is closely aligned with CIM and is approved by the DMTF. But this alignment only defines the exchange and publication of common schema. One of the areas not addressed by LDAP is replication, i.e., the ability to provide for backups in case of a single directory component failure. Since replication is mandatory for robust Directory Enabled Networking, LDAP has defined an interim solution, LDUP (LDAP Interchange Format).An IETF task force is currently defining the LDAP Duplication/Replication/Updating standard that will provide for automatic replication services. Several RFCs have been released and the final definition should be available by the beginning of the year 2000.

The Policy Server

The Policy Server is the second critical component for DENs. It enables what has been called "policy-based networks," enterprise-wide networks that can automatically provide different service levels to different classes of users or applications depending on their varying bandwidth, latency, security and priority requirements, etc.The Policy Server can have either static or dynamic policies.The network administrator sets these and indeed, one could imagine an intelligent agent also doing the resetting on an as-needed basis.

 

Some examples of static allocations are:

  • Groups of users are permitted/denied access during certain times of the day, week, month or year. For example, a university might restrict student access during normal business hours or restrict administrative access during the last week of classes.
  • Particular applications are always given highest priority when run. The e-mail coming from the office of the CEO always jumps to the head of any queue, for example.
  • The Registrar's department always gets 90% of the network during the first week of registration.
  • A user always has the same e-mail address regardless of where she is at any given time.
  • The Accounting Department is always given 25% of the total network bandwidth regardless of general traffic. Allocations can also be dynamic.When a certain condition is met, the corresponding policy is invoked. Examples include:
  • If bandwidth utilization of all kinds exceeds 50%, then general web access is denied.
  • If the aggregate usage from a single department exceeds a high-water mark, then no further usage is permitted from that department.
  • If a vice-presidential videoconference is scheduled, then all other traffic is delayed.
  • If a user accesses the network from a remote location, then appropriate authentication is performed and an audit trail maintained.

Directory Enabled Networks

Directories of all sorts are being deployed throughout the business enterprise today. We can expect the number of enterprise directory deployments to increase dramatically over the next few years.As an example, IDC estimates that the installed base of Microsoft's Active Directory will increase from three million in 1999 to six million in 2003, and NDS to grow from one million in 1999 to three million in 2003.

 

A key element of the Directory Enabled Networking approach is to separate the physical details of the network from the logical attributes of the application area. Having to memorize specific references such as IP addresses or even telephone numbers is an indication of a hard-coded technological solution, which does not scale, is expensive to maintain and is fraught with the possibility of errors.

A DEN solution with these attributes would drive down operating costs, lower the costs of expansion and make the entire network more responsive to delivering the right information to the enterprise's users in a fast, efficient manner.

The DEN, therefore, should have certain fundamental attributes and characteristics:

  • It should enable the network to rapidly reconfigure itself in changing business or technical climates.
  • It should enable the network to work with other platforms.
  • It should have the capability to be self-managing.
  • It should be scalable.
  • It should be fault-tolerant.
  • It should allow the network to recognize people and applications by their pertinent attributes and characteristics, not numerical sequences like IP addresses.
  • The network should be essentially invisible to the end user.
  • It should reduce the cost of ownership of the network by reducing the complexity, expense and knowledge required to build and operate it.

Directory Enabled Networks provide growing organizations with the ability to automatically manage the business enterprise.They enable the management of the network to be based on the business processes of the organization and/or the application demands, not on the physical details of the hardware. Consider an example of a large organization as illustrated in Figure 1.

Figure 1 illustrates the complexity of the connections.This enterprise network contains a large number of devices, ports, protocols, user applications and services.All of these elements hold information relating to their configurations, operation status and relationships.They also produce useful information during their operation. Network directories provide a mechanism to centralize and effectively use the network information available at a system level to maintain abstract service agreements.

Objectives of Directory Enabled Networking

As Directory Enabled Networks are being built, it is important to focus on the reasons for their use and development.A Directory Enable Network is used to:

 

  • Implement abstract policy rules that are divorced from the specific details of device/vendor implementations
  • Simplify system configuration and device control
  • Centralize knowledge of dynamic network elements
  • Create dynamic bindings with the Network Operating System
  • Reduce the total cost of ownership through reduced troubleshooting time, simplified network administration and reduction of network complexity
  • Provide for multiple directory server interoperability across a multivendor environment
  • Provide the foundation of policy management and accounting applications
  • Bring the promise of the single user logon challenge closer to reality

Directory Enabled Networking makes it possible to implement new applications and services such as voice/video/data convergence, virtual private networks, policy-based networking, service level agreements, usage-based accounting and billing, IP multicast, etc.

Separation of the Physical from the Logical Network Figure 2 shows the logical operation of the network, separated from the physical network illustrated in Figure 1.

Here the applications, including voice and video, are highlighted. As we have mentioned, the two critical components that enable the logical features to be mapped onto the physical are the Policy Server and the Directory Server, shown on the left of the illustration.The Policy Server contains the rules by which the enterprise wants the network to run.The Directory Server contains the mapping information that enables the mapping from logical, application-oriented characteristics onto actual physical devices. Note that the interior engines that serve the network, switches and routers use the directory for instructions.

Directory Enabled Networking enables complex rules that allow the network to perform as intended to be defined andimplemented. For example, DEN allocates priorities in web traffic and prioritizes voice and video. Each organization has its own unique setting of these priorities, which are captured in the policy server.

DEN Improves Network Management

In addition to supplying vastly increased flexibility to the network, Directory Enabled Networking also reduces overall network management costs to the organization. It does this by:

 

  1. Automating configuration management
  2. Implementing policy-based user support
  3. Reducing trouble-shooting time
  4. Simplifying operations

To put this into context, Figure 3 illustrates an estimate of the time spent by LAN management personnel in executing various activities.The directory improves the operations of 75% of these functions.


Automating Configuration Management

Automating configuration management dramatically reduces costs.As the number of entities that need to be managed grows throughout the enterprise (possibly into the tens of thousands), the need to make wholesale changes quickly, cheaply and without error becomes mission critical. Consider, for example, the problem of upgrading a version of Microsoft WordTM on 10,000 different PCs.A single click of the browser of a Directory Enabled Network can make thousands of appropriate actions execute immediately because of the knowledge stored in the directory. It provides automatic support for hundreds of different vendor products and new installations can be managed without costly, specialized and often hard-to-find technical experts.

 

Directory Enabled Networking can:

  • Establish parameters for network operations regardless of the number of physical devices moved, added or changed
  • Quickly and correctly configure router and switch parameters to guarantee traffic QoS (Quality of Service), security access policies, or broadcast control
  • Enable revision control and verify system and application configurations

Policy-Based Networking

Directory Enabled Networking can easily implement policy-based networking. Policies are typically defined in terms of QoS (Quality of Service) or security parameters. QoS specifies necessary bandwidth, acceptable latency and the relative traffic priority as defined by 802.1p, IP ToS etc. Security is defined in terms of authentication (password control), authorization (does this entity have the right to access this resource), X.509 certificates, audits using access control lists, IEEE SmartCard access and many upcoming techniques such as retina scanning and fingerprint verification.

 

Universal Access

Directory Enabled Networking is the repository for the rules that govern users and their applications, and manages the mapping of logical needs onto the physical devices available at that instant. It makes it immaterial how the user approaches the network.A user can roam around the organization, use remote models, even cell phones and attach in each case with the same uniform interface. Directory Enabled Networking can also control multicasting over the network. It can set up subnets and selectively enable or disable multicasting. It can enforce access controls for subnet membership, specify channels on the subnets and protect sensitive data streams. It can also define who is allowed to be a sender and who is not. Note that these changes can be made on the fly, in one place and take place immediately.

 

Solves Network Problems

Directory Enabled Networking provides significant advantages in troubleshooting network problems. Difficult issues such as service degradations and traffic congestion, which occur more often than actual hardware downtime and affect many more users on the network, are hard to find and diagnose.The Directory and the Policy Rules ensure that performance rules are not violated.

 

When hard downtime occurs, DEN is a significant aid in quickly identifying the offending physical component. Directory-enabled switches can reduce troubleshooting times by identifying which users, groups or applications are on the network.

Single Directory Entry

Directory Enabled Networking can make normal business functions efficient and error-free. For example, there needs to only be a single record for each employee in the organization. All applications needing employee information would use this record.Thus, for example, changing a phone number is done once, in one spot and immediately all applications see the change.All customer records are similarly rationalized.

 

Single User Logon

By using several of the above components, a single point of logon to an enterprise network comes closer to reality. Directory Enabled Networking facilitates the single user logon through its use of a directory infrastructure. By using a single directory entry combined with universal access and policy-based networking, a user of the network will be able to log on to the network once, and never need to be challenged for their identity again. Each application, database, or resource that the user wants access to will automatically know this users access privilege, their QoS parameters, and any other data pertinent to the application.

 

An Evolutionary Approach to Enabling Directories

It is useful to examine a process that allows an organization to deploy a Directory Enabled Network. One standardized approach is to use the following three steps:

 

Step 1 Policy and Configuration Storage in the LDAP Directory
First, the organization must define its internal Service Level Agreements.These SLAs must then be translated into the mapping QoS and Access Control List Parameters (ACL) parameters.To affect this, the Policy Manager needs to add a LDAPv3 client in order to store policy profiles in the directory. Each of the network switches must be configured to support the QoS and ACL parameters. It would be helpful if the DEN platform had an appropriate easy-to-use GUI to enable the simple definition of a policy parameters. The policies, once entered, are stored as network objects in a common directory.The Policy Manager then uses SNMP (Simple Network Management Protocol) to configure the Policy Rules into the network devices. Details of the configuration must be stored in the LDAPv3 Directory, and switches need to be provisioned with a LDAPv3 client and DEN-based schema.

Step 2 User-to-Address Mapping and User Mobility
The system management software collects device changes from the switches using the SNMP protocol. This system manager can also pipe the system-wide details to third-party management application and browsers. It enables a global search of dynamic network elements and users. User-to-address mapping allows users to move to different computers or access the network from different locations.The policy rules of QoS and security still apply. In simple terms it means that data can be accessed from any computer in the organization.Appropriate entries in the Directory Enabled Network, for example, allow employees to be reached through a single phone number regardless of the actual phone number or location.

Step 3 NOS Directory Integration via Dynamic LDAP
LDAPv3 clients in switches dynamically query the directory for User Schema.This enables automatic and immediate association of the organization's policy with the individual. This phase integrates the entire Network Operating System, providing user authentication, authorization and auditing trails.

What to Look For in a DEN Product

As the organization begins to consider how best to implement a DEN network, the offering should be evaluated with these considerations in mind.

 

Experience in Directories
Because of the relative newness of the DEN concept and its complexity, a vendor should be experienced and have significant history in DEN technology.The vendor should support an open system, multivendor approach.The product should be scalable and handle replication appropriately. The evaluator should look at how directory distribution is handled and what the performance is like.

Directory Software and Management
The software must be LDAPv3 compliant and the management platform must be capable of supporting the entire enterprise-wide operation.

Directory-Enabled Hardware
Policies should be administered and enforced in the hardware devices with automatic feedback of status information to the directory.

Directory Professional Services Expertise
The vendor should be positioned to assist in cost-justifying the Directory Enabled Networking proposal and offer after-service agreements and pre- and post-sales support to assist in the deployment and provisioning of the network.

Remaining DEN Issues

Some problems still remain to be resolved with DEN. Directories can be huge and must, of necessity, be distributed throughout the network.To maintain performance, it may be necessary to cache data in local servers, which introduces synchronization problems with other servers. Local changes must be propagated throughout the network. If two changes occur at the same time, synchronization problems need to be resolved.

 

Another issue is the above-mentioned problem of replication. In the DEN, the directory itself can fail.The X.500 solution is to provide replication in which a selected subset of the original directory is copied onto a physically remote backup. If the main server fails, the directory can recover the data on the replica.There may be several replicas or the replicas may themselves be replicated.Again, when a piece of data changes, all of the replications must be updated.There will be a delay in the network, called transient inconsistency, until the data is synchronized.There may be situations where the inconsistencies could affect overall network performance.

How these details will be worked out is still uncertain. But these open issues will have to be resolved soon.Another major challenge is agreement on a standard definition for a complete schema to be used.The DEN/CIM group has begun this process and it is hoped that final standard definitions will be available shortly. Both of these groups now fall under the Distributed Management Task Force (DMTF).

Summary

The benefits of these DEN characteristics appear in two areas: total cost of ownership is significantly reduced and accuracy and response time for end-users are increased enterprise wide.The economic advantages of Directory Enabled Networking to the enterprise are clear. It is likely the best solution to deploy in order to cope with the networking challenges of the 21st century. As networks grow and interwork, the size and complexity of the addressing task grows greater each day. It seems clear to industry experts that DEN is not simply a different way to do things, but is fast becoming the only way to do things on the network.

 

Choosing a vendor that best fits with the organization is a difficult but necessary first step in deploying Directory Enabled Networking.The field is constantly evolving so choosing a vendor with a proven track record in the field and one that has a staged Directory Enabled Networking implementation approach is mandatory.
csu, dsu, dacs, bandwidth manager, frame relay, remote access, pri, channel bank, bri, adtran, enterprise, fxs, fxo, t1, e1, tsu, isdn, pbx, atm, clec, plesiochronous, point-to-point, fractional, voice, data, e&m, analog, router, pstn, v.35, dsx, fsx, dbu, ethernet, network management, osu, multiport, multi-mode fiber, snmp, t3su, dacsing, ds0, ds1, ds3, drop/insert, hssi, u-interface, hdsl, imux, mux, multiplexers, cross-connect, bonding, dte, hdlc, pots, chassis, psu, rcu, eia232, ground start, foreign exchange, dpo, plar, rackmount, wallmount, tdu, ft1, t1/ft1, did, 2-wire, rj-11, spanning tree, bridging, 4-wire, eia-530, rst-232, fiber, t3, esu, dial back, sdlc, ip routing, sna/sdlc, bisync, slip,async, tbop, safe-t-net, dce, h0, h11, in-band, facilities data link, fdl, pro, sdlc-llc2, ppp, v.34, sw56, xdsl, 10baseT, vt100, ccitt/v120, ip/ipx, mlppp, remote loopback, local loopback, multilinks, aggregating, aggregate, dtr assertion, rs-366, y cable, spid, lzs compression, v.120, video conferencing, termination units, redundant power supply, g.shdsl, sonet networks, mlt, ringdown, pcm, tr-08 Back to Home csu, dsu, dacs, bandwidth manager, frame relay, remote access, pri, channel bank, bri, adtran, enterprise, fxs, fxo, t1, e1, tsu, isdn, pbx, atm, clec, plesiochronous, point-to-point, fractional, voice, data, e&m, analog, router, pstn, v.35, dsx, fsx, dbu, ethernet, network management, osu, multiport, multi-mode fiber, snmp, t3su, dacsing, ds0, ds1, ds3, drop/insert, hssi, u-interface, hdsl, imux, mux, multiplexers, cross-connect, bonding, dte, hdlc, pots, chassis, psu, rcu, eia232, ground start, foreign exchange, dpo, plar, rackmount, wallmount, tdu, ft1, t1/ft1, did, 2-wire, rj-11, spanning tree, bridging, 4-wire, eia-530, rst-232, fiber, t3, esu, dial back, sdlc, ip routing, sna/sdlc, bisync, slip,async, tbop, safe-t-net, dce, h0, h11, in-band, facilities data link, fdl, pro, sdlc-llc2, ppp, v.34, sw56, xdsl, 10baseT, vt100, ccitt/v120, ip/ipx, mlppp, remote loopback, local loopback, multilinks, aggregating, aggregate, dtr assertion, rs-366, y cable, spid, lzs compression, v.120, video conferencing, termination units, redundant power supply, g.shdsl, sonet networks, mlt, ringdown, pcm, tr-08E-Mail   VoxTechnologies Corp. - Industrial Computer Leader
Tel: 972-234-4343 Fax: 972-234-4295 Toll-Free: 1-888-568-6224
 

An Industrial Partner 1999-2002. All rights reserved.

CompactPCI, Embedded SBCs, Flat panel Displays, Industrial Chassis, IndustrialPC Peripherals, Industrial Power Supplies, Backplanes, Single Board Computers, Rackmount Servers, Network Communication, Open Frame Panel Computer, PC/104, Flash Disk, CTI, RAID Back to Home CompactPCI, Embedded SBCs, Flat panel Displays, Industrial Chassis, IndustrialPC Peripherals, Industrial Power Supplies, Backplanes, Single Board Computers, Rackmount Servers, Network Communication, Open Frame Panel Computer, PC/104, Flash Disk, CTI, RAID E-Mail

VoxTechnologies Corp. - Industrial Computer Leader
Tel: 1-972-234-4343 Fax: 1-972-234-4295 Toll-Free: 1-888-568-6224

For over a decade, VoxTechnologies has been a leading source of industrial computers and complete system products for the O.E.M. and Systems Integrator. Our primary goal is to provide a solution source for engineers that have the challenging task of interfacing and controlling the real world.

Telephone: 1-972-234-4343 General Info: info@voxtechnologies.com Sales Info: sales@voxtechnologies.com
 
We accept all major credit cardsRelated Links Adtran AFC CAC Larscom Metrobility Moxa NetAnchor
VTC SBCs, VTC Chassis, VTC Backplanes, VTC CompactPCI, VTC Power Supplies, VTC Peripherals, Other SBCs, Other Backplanes, Other Chassis, Other Power Supplies, Other Embedded SBCs, Other CompactPCI Devices, Other Servers, Other Network Storage, Other VME, RAD,
CAC, Charles, Eastern, Transition, Other PC/104 Products, Other Subsystems, Other KVM Switches, Other Flat Panels, Other Plasma Engine Computers, Other ACTI Platforms, Other Industrial Peripherals, Other Network Communication Products, IPCMall, PLCPartner, Moxa, Telco, Etasis, Axiom, IEI, Channel Banks, Adtran, PowerSupplyPartner, DelvingWare
Archives
Send mail to webmaster@voxtechnologies.com with questions or comments about this web site.
Copyright © 1999 VoxTechnologies Corporation- An Industrial Partner
Last modified: November 30, 2002   Proud Sponsor of Dallas Jazz