Why from Novell to Microsoft?
Wait or change?
Comparison of file system permissions on Novell and Microsoft
Many IT departments are still using part or all of Novell Fileserver. But Novell, now only a brand belonging to the company Micro Focus, has stopped the operation to a large extent. Support expires if it has not expired long ago. So why do companies still rely on the old systems? What speaks for switching to Microsoft, what is more critical to see? And: What will change with a migration from Novell to Microsoft? We address these questions in the context of access rights management.
General differences of the authorization systems
We used to talk about the Novell feeling and still do it occasionally today. Because the Novell eDirectory, counterpart to Microsoft Active Directory, made it possible to assign authorizations easily and consistently many years ago. In the world of Novell, the admin sets the access rights for users, groups or OUs (organizational units) as so-called trustees. The Novell system independently takes care of the technical administration so that, for example, list authorizations are automatically set so that the authorized user can browse his resources. The question of who has access where can also be reliably answered with Novell's on-board tools. Anyone who has to manage hundreds or thousands of users cannot do anything with the native Microsoft tools.
Video digression
Of this comfort remains little under Microsoft. To understand the access rights to be managed here, one has to deal with Access Control Lists (ACL), Access Control Entries (ACE) and nested group structures. This is not only more complicated in theory - the Microsoft on-board administrative tools are also much worse off.
Because Microsoft provides the admin with essential authorization information, so that no reliable statements about effective access rights can be made. Not even the list authorizations, which are completely self-evident for a Novell Admin, are automatically managed by the Microsoft system, but have to be handwritten during the assignment of rights.
What does the migration of Novell still necessary?
The Novell entitlement is great, no question. And for the time after the end of support, there are certainly specialists who can help in an emergency. But far more speaks today against another use of Novell file systems. For example, application compatibility is limited. Often there are problems with file, print and software distribution systems. CITRIX and terminal servers are not supported. Access is only possible through special client software or an intermediate layer, which hinders a homogeneous IT infrastructure. And it was not all that great about Novell - Thus, the administrative effort for maintenance and management of the file server by switching to Microsoft is much more efficient and also flexible. In addition, because certain new Microsoft systems are no longer fully compatible with Novell, there is an incompatibility beyond individual specific applications.
Novell can do it itself, Microsoft needs an Identity & Access Management System (IAM)
The problem is as old as the first version of Active Directory. Anyone switching from Novell needs to rebuild all access rights, adhering to different best practice guidelines. The result is a complex structure of groups and access rights. It quickly becomes clear that this structure can not be managed manually for hundreds or thousands of users. And Microsoft's on-board tools are of no great help in either managing or analyzing permissions.
Identity & Access Management systems have made a name for themselves in recent years. Such a system is essential from a few hundred users so that the assignment of authorizations can be carried out simply, transparently and consistently again. The administration of the authorization group structure is automated and the administrator gets his Novell feeling back. But not only that. If implemented correctly, a IAM such as tenfold Enforce the entire user management from the HR department to the individual systems and applications. From employee entry through department change to leaving the employee, everything can be recorded and automated in processes.
An IAM is therefore not only a necessary evil to compensate for the weaknesses of the Microsoft on-board means. Out of the need to rely on such a system in the Microsoft world, a variety of functions and processes have been established that benefit users and IT alike.
Compliance with standards (DSGVO, ISMS, ISO: 27001, BSI)
At this point, we do not want to go into the details of each policy and law that describes the various aspects of IT security. The basic tenet is having data under control. Where is the data? Who can access it? What happens to the data and how are they processed? Have appropriate processing been fixed? Do the measures work demonstrably? In particular, personal data are subject to the DSGVO special protection.
Whitepaper GDPR & Authorization Management
Read more
In order to take into account the strict regulations of the GDPR in particular, it is advisable to store the affected processes directly in a suitable IAM or IDM system. If the system is still able to maintain access rights not only on the file server but also in other systems such as SAP, Sharepoint, Outlook, etc., this can significantly strengthen compliance. The effort to implement GDPR & Co. drops significantly as soon as processes can be automated and thus handled uniformly. Corresponding solutions also enable reports on the status of data and authorizations, through to answering investigative questions in specific (suspected) cases or information about the whereabouts of certain personal data.
Conclusion
Whose Novell installation is still running and no problem, it does not have to shut it down here and now. However, the situation should now be analyzed at the latest. Is your Novell system relevant for productive operation? Are important business processes connected to it? What dependencies exist on other software or will there be in the future? When does the support expire? What alternatives exist and what would the migration path look like?
On Our Own Behalf
Aikux.com is an authority on authorization management in the world of Microsoft - and the way there, Talk to us about a potential migration of your old Novell systems. We provide with a lot of experience and selected solutions making sure that your file servers arrive well in the Microsoft world and that you do not have to give up your Novell feeling yourself.
Tags:Arguments, Microsoft, Migration, Novell
