New role for directories

San Francisco - When it comes to managing networks of the future, directory services may prove to be the key integrating agent.

With users looking to set up virtual LANs, provide guaranteed levels of network service and establish policies for network resource access, network management is becoming increasingly complex.

If a directory service can store data pertaining to network hardware, the hassles of maintaining separate databases for network inventory, mapping and configuration applications could be eliminated.

Likewise, if dependencies between network devices are defined inside a directory, network modeling tools can easily query against it for probable cause and effect relationships. And emerging policy-based network management schemes from hardware vendors could tap into a directory service in order to tie user access and security privileges to network access.

"Directory services are becoming a prerequisite for managing these types of intelligent networks," said Mary Petrosky, senior analyst with the Salt Lake City-based consulting firm, The Burton Group.

For example, Cisco Systems, Inc. and Microsoft Corp. are already working on binding information about Cisco's products with the upcoming Windows NT 5.0 Active Directory services. And Netscape Communications Corp. and Novell, Inc. are looking to strike similar deals with other hardware vendors.

The Univerity of Michigan is considering tying network management to its extensive X.500 directory, said David Rusting, a network manager with the school.

"We can find a device's MAC [media access control] address now, but it would be nice to go beyond that and find out which user is accessing which ports for which services using the directory," Rusting said.

Larry Ketchersid, director of enterprise computing in Compaq Computer Corp.'s information management department, said he has often entertained the idea of tapping into a universal directory service to help out with network management issues.

"I would love to have integrated tools find the best network path for video clips going over the wire so they don't impact the network resources that we need to run our manufacturing system," Ketchersid said. However because of the complexity of the issues, he was doubtful products would be delivered soon.

"I think it is pretty science fiction at this point," Ketchersid said.

But vendors are arguing that directory-enabled management is closer than users may think.

Margaret Johnson, group product manager for Microsoft's Active Directory, called its partnership with Cisco a "jump-start" for getting directory-enabled management solutions to market.

"By the time we ship Active Directory, you will see the first solutions for managed network services," Johnson said. NT 5.0 is expected to be commercially available next year.

One obstacle to using directories services for network management is grounded in how existing services store data, said John Strassner, chief architect for Cisco's service provider systems division.

"Routers are a whole new beast" and need to be handled differently than traditional static directory objects such as user names, Strassner said.

Cisco and Microsoft are working on an extended directory schema that will help define the dynamic nature of routers and bridges. Cisco plans to submit this extended schema to a standards body so other hardware vendors can eventually use it to register their devices inside directory services.

The Cisco-Microsoft announcement was a wake-up call to the industry, said Tim Howes, a directory server architect with Netscape. He added that Netscape is talking with various network equipment companies on how to register their products inside Netscape's Lightweight Directory Access Protocol-based directory.

Novell officials - who also said they were in preliminary talks with several hardware device vendors - said Novell Directory Services (NDS) was well-suited to pick up more network management chores.

Ed Reed, chief architect for NDS, said the extensible schema that currently ships with NDS could easily be expanded to handle dynamic device information. Additionally, NDS also features referential integrity. This means the directory already tracks relationships between its objects and should a characteristic of one change, any necessary alterations to other dependent objects will happen automatically.