ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Easing adminstration with Windows 2000

February 18, 2000
Web posted at: 1:28 p.m. EST (1828 GMT)

(IDG) -- Investment giant Merrill Lynch is upgrading to Windows 2000 to take advantage of Active Directory and the technology's ability to policy manage the firm's Cisco network, including its IP telephony system.

Merrill Lynch is hoping that Active Directory will ease administration of granting users access to specific network resources, such as bandwidth and quality-of-service (QoS) guarantees.

The firm is trying to foster a "free seating" environment, in which network services are tied to users wherever they are in the organization, not to specific devices in a fixed location, such as switches, routers and IP phones.

Technology - IDC: Windows 2000 a winner for MS

Gates officially unveils Windows 2000

Microsoft disputes reports of 63,000 bugs in Windows 2000

Flurry of products released for Windows 2000

W2K Day: Let the buying begin

Hong Kong first to see future of Windows 2000

Will bugs scare off users of new Windows 2000?

Merrill Lynch's plan to embrace Active Directory is part of the company's overall push to equip its 55,000 employees with an all-IP network anchored by up to 2,000 routers.

Directory-enabling this network will help Merrill Lynch launch new Web services and maintain consistency among naming, security and remote access policies. "The whole integration of policy management and Active Directory - that's where you tie in the user to the network service," says Adam Schoenfeld, director of private client architecture in Merrill Lynch's distributed systems development group.

Merrill Lynch is using Cisco's QoS Policy Manager (QPM) software to classify traffic and administer and enforce QoS policies for that traffic. But it's still a device-centric way of administering QoS policies.

Linking QPM to Active Directory will let Merrill Lynch administer QoS based on user profiles, which would couple the policy to the user - no matter where that user is - instead of to a specific Cisco device. QPM with Active Directory will ship this spring, Cisco says.

Similarly, linking Active Directory to its IP telephony infrastructure will let Merrill Lynch employees log on to the network from any phone on the company's campus and gain access to the QoS and network service privileges associated with their name.

"When we start pushing our next-generation voice services out, it's going to be a whole new ballgame," Schoenfeld says of the linkage between Cisco's IP phones and Microsoft's Active Directory.

  Active Directory skinny
  Forget Y2K; it's on to W2K
  More Windows 2000 resources's network operating systems page
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Those next-generation voice services will be in a new, "PBX-free" campus Merrill Lynch is building in Hopewell, N.J. When that campus is completed this fall, 8,000 employees will be able to call one another over the IP network using a new release of Cisco's CallManager IP telephony software and new 7960 IP phones that feature, among other enhancements, integration with Active Directory.

This integration makes the 7960 IP phones a "userassociated device," Schoenfeld says, in which calling features are tied to the user instead of to the IP address of the physical handset. So if users with certain network-access privileges or restrictions are moving around the campus, they do not have to use a specific phone in order to activate those privileges or restrictions.

They log on using whatever 7960 phone they are closest to, and Active Directory will match the user's name with the IP network-access privilege policies in a Cisco policy server.

This will greatly improve the impact of moves, adds and changes, Schoenfeld says. "The costs associated with moves goes into the millions every year. It's a huge cost, and now that goes away."

The new version of CallManager can link directly to Active Directory or through a new version of Cisco's policy server that Merrill Lynch will soon be beta-testing. Linking CallManager, which provides basic call processing, signaling and connection services to packet telephony devices, to Active Directory can establish call-processing priorities for Merrill Lynch employees based on their user profile in the directory and associated service policy in the policy server.

In addition to the Active Directory links, the 7960 IP phones and CallManager software foster a more scalable IP telephony environment, Schoenfeld says. The new phones have a 100M bit/sec switched connection to a Cisco switch instead of the shared 10M bit/sec connection in earlier versions of the Cisco IP phones.

Also, CallManager software has been rearchitected to run on multiple servers, or a server cluster, which eliminates any restriction in the number of users the software can support, he says. Currently, CallManager 2.4 can support 300 or 400 phones before performance starts degrading, Schoenfeld says.

To ensure a pain-free implementation of Active Directory in its IP telephony and data network, Merrill Lynch has been testing the product in a development domain for more than a year. A few hundred developers are testing the product's capabilities and ensuring that applications will be compatible with Win 2000 and production rollout will go without a hitch.

The investment firm plans to install Win 2000 prudently. A small number of its 600 to 700 branches will get it initially, and then Merrill Lynch will gradually ramp up deployment based on the product's stability.

"By midyear, we'll have in the neighborhood of 25 branches running Win 2000," Schoenfeld says. If all goes well, 10 to 20 more branches per weekend will be migrating over, he says.

Once branches cut over to Win 2000, they'll have Active Directory stocked with network policies defined by user names. That does not mean Merrill Lynch's network will be directory-enabled - the firm will have to upgrade the versions of Cisco IOS software running on its routers and switches before it can tie them into the directory, Schoenfeld says.

The company hopes to have its network directory-enabled within the next year, depending on the performance of the new version of Cisco's policy server that Merrill Lynch will beta-test.

The new Cisco policy server will not only have links to Active Directory, it will let older Cisco gear - which may not be as policy-enabled as the newer equipment - communicate with the Microsoft directory through scripting, Merrill Lynch officials say.

The firm chose to go with Microsoft's Active Directory rather than Cisco's own Cisco Network Services/Active Directory because the Microsoft product is more tightly integrated with Win 2000, Schoenfeld says. That means the firm's Win 2000-based business applications should be more tightly integrated with the directory as well. "Deploying Windows 2000, IP phones and Active Directory for administration and service delivery is a bellwether for how we see Merrill Lynch operating in the future," Schoenfeld says.

Technology - Gates officially unveils Windows 2000
February 17, 2000
Technology - Microsoft disputes reports of 63,000 bugs in Windows 2000
February 17, 2000
Use Windows 2000, save money?
February 16, 2000
Opinion: Windows 2000 is short on exciting changes
February 8, 2000

Forget Y2K; it's on to W2K
(Network World Fusion)
Active Directory worth the hassle; Terminal Server surpises
(Network World Fusion)
In the directory domain
(Network World Fusion)
Forum: Active Directory users could learn from NDS
(Network World Fusion)
Active Directory skinny
(Network World Fusion)
Active Directory: Great leap forward or long march?
(Network World Fusion)
Watch out for Active Directory
(Network World Fusion)
More Windows 2000 resources
(Network World Fusion)

Exploring Directory Services
Active Directory features at a glance
Windows 2000

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.