David Kaiser wrote:
I completely disagree with you. I am one of the biggest critics of
Exchange BECAUSE I have been one that worried about directory services
for a large organization,
All I said was something I have found in my experience.
I still maintain that most of the biggest critics I have dealt with on
this issue are those who have not really had to seriously deal with
directory service nuances for large enterprises. You are but one of many
of those critics.
I also still maintain that NT's way of doing things has its place in
business environments. It is horribly limited compared to other
solutions, particularly messy campus ones (LSU might be a good example
that Brian can comment on), but it meets the immediate and future
business needs of lots of companies.
I can say that your analogy shows how little you understand about
non-Exchange environments. There is no such thing as a souped-up IMAP
server. A souped-up LDAP server, on the other hand, kick's Exchange +
Active Directory's @$$ - left, right and center. With the LDAP system
that I was setting up at LLU for example, you could do all directory
functions from any OS, Linux Windows Mac Solaris whatever. You could
authenticate for all kind of services, not just e-mail, manage your
password, maintain certain directory information, from ANY OS. Do
_that_ with an Active Directory setup!
Ok, if you're wanting to say you know more than me Directory Services,
I'll give you that. There are IMAP servers (their primary role) where
admins have hacked on various other programs to integrate it with
Exchange. A lot of other products (Zimbra) are very cool, although there
are still lots of things that they can't do. Enterprises that need
those few (and often times stupid) features that MS offers "cannot"
change to these (and I still maintain) "souped up IMAP" servers.
Souped up stuff comes with a price. It may run circles around other
solutions, but I've seen time and time again that the hotshot guy who is
really good at souping up things quite often is the same guy who likes
flipping the CEO the bird and has better things to do than justify to
others why he choose to make the decisions he did.
I see it as all about vendor lock-in. Do you want to use a product
which dictates every other components in the system?
Sometimes, yes.
Sometimes I don't care. And sometimes I really do care, but the client
doesn't care and isn't willing to pay the price.
It all depends on existing infrastructure, existing IT expertise, and
anticipated future use. Attitudes, skill sets, and budgets all sometimes
compel you to go with an "inferior" vendor lock-in solution.
Do you want to use Active Directory, where you have to run it on
Windows, have to authenticate from a Windows host, have to use only a
Windows host to change your password? Or do you want to use something
based on a standard protocol such as LDAP that does every one of those
functions better and allows you to do this from any OS?
I agree that MS AD is not as extensible as RADIUS, and I agree that it's
a vendor lockin. But those don't matter for many companies.
Do you want to use Exchange, which is an e-mail server that only works
with Active Directory, only allows for up to 12 e-mail rules per user,
limits the type of storage options (proprietary mailbox disk format
anyone?) etc... or do you want to have your choice of any of the
standards-based e-mail servers that allow for users to fully customize
their delivery rule options, and allow the administrator to have full
control over how the mail is stored?
Sometimes, yes.
I don't always have power users, and I know that the company's budget
compels them to hire a lower end administrator. Sometimes when I have to
bid out the job, I'm not quite sure how many hours these other solutions
will take.
I know how long can almost tell you to the minute how long certain tasks
will take on Microsoft. Some of these other open source solutions are
open variables, and I don't know them as well, and because I don't, I
don't bid them. Sure, I could figure them out, but there's little chance
that the company will want to inherit that solution afterwards.
Also, sometimes I do not want certain admin to have full control over
certain features. Some admins cannot handle sharp tools and we have to
limit the damage that they can do, while trying to maximize their
effectiveness by creating strict roles and not letting them stray too
far from those roles.
Well, eventually at LLU, and also with every story you've told about
your Exchange setups, the choice was not about selecting a system which
offered flexible options to ensure that the long-term maintenance was
manageable - it is always about ease of initial install. The real
reason Exchange gets installed over a standards-based e-mail system is
that the decision is left to pinheads that think clicking on SETUP.EXE
and running a wizard a few times gives them the optimal system.
Yes, that was a huge part of it.
Sure, the vast majority of Windows admins are in my opinion (as you put)
"pinheads". The Linux admins can be a different sort of pinhead. How
many Linux admins do you know who have tweaked out everything with no
documentation?
Pick your poison, but it's difficult to claim that either way is
categorically superior or inferior to the other.
Good NT admins know about official MS ways of doing things, know the
right registry tweaks, and know what MS is good for (and not good for).
Yes, if you really manage directory services for a large organization -
you'll see that true LDAP directories and multi-OS support wins out over
"ease of install but hard to fix later" Exchange.
I see this in almost any solution.
I work for a company that sells products that are (in one sense of the
word) more difficult than Cisco to configure. (Cisco is, in some ways,
the "Microsoft" of the networking world).
Most of the time, ease-of-use comes with the price of extensibility.
Pick your poison.
If this Exchange "drop-in replacement" application really serves
Calendars to Outlook clients and really does work with open and
standards based protocols on the backend, LDAP, IMAP, etc. then to a
professional sysadmin, it is certainly a viable replacement for
Exchange, if not a preferred one.
In your opinion, which one solution does this?
If not one solution, which home-rolled solutions?
