DSfW is designed to simplify the network infrastructure in mixed Windows/OES environments, thereby reducing costs and streamlining IT operations. Minimal changes are required to the default authentication, authorization, and replication mechanisms in existing eDirectory and Active Directory environments. DSfW enforces the Active Directory security model in eDirectory and applies it to all users and groups within the DSfW domain, regardless of the tool used to create the users and groups. Both Microsoft and Novell applications can be used unmodified. Resources in either the Active Directory or eDirectory environment remain securely accessible by eDirectory users.
Specific benefits of DSfW include the following:
Figure 1-1 Overview of DSfW
Clientless login and cross-platform file access for Windows users: From a standard Windows workstation, users can authenticate to an OES server running eDirectory without the need for the Novell Client software or multiple logins. After the Windows workstations have joined the DSfW domain, authorized users can log in and access the file and print services they are authorized to use, whether the services are provided by OES servers in the DSfW domain or Windows servers in a trusted Active Directory domain.
Unified repository of user account information: DSfW is not a directory synchronization solution. Each user is represented by a single user account, and that account can reside in either eDirectory or Active Directory. A single password is used to authenticate each user to resources in either environment.
Support for cross-domain and cross-forest trust relationships: DSfW allows administrators to create cross-domain and cross-forest trusts between a Windows 2003 Active Directory domain/forest and a DSfW domain/forest. This allows authenticated and authorized DSfW users to access data on servers in an Active Directory domain/forest.
Support for existing management tools: Administrators can use familiar tools for their environment, such as iManager for OES and Microsoft Management Console (MMC) for Windows, thus eliminating the need for re-training.
Network administrators can manage file systems using the native tools of each server, as well as centrally administer Samba shares on OES /DSfW servers using iManager. Administrators can use MMC to create one-way cross-forest trusts between DSfW domains and Active Directory domains. For example, Windows server/workstation policy settings in the domain Group Policies can be changed by using MMC.
Support for common authentication protocols and open standards: DSfW supports common authentication protocols used in the Windows environment, including Kerberos, NTLM, and SSL/TLS.
Single Password to Login: One of the biggest benefits Domain Services for Windows provides end users is it eliminates multiple logins if they need access to both Active Directory- and eDirectory-based services. The trust relationship between eDirectory and Active Directory enables them to employ a single password for the services provided by either directory. From an IT perspective, this also greatly simplifies user management as objects for those users only need to be maintained in one directory repository instead of two.