Domino R5 and Exchange 2000 Comparison A comparison of Domino R5 and Exchange 2000 Domino continues to provide more value to a wider audience Prepared by Lotus Development Corp., September, 2000 For the last several years, the messaging and collaboration marketplace has been a two-vendor race. Lotus has lead the market by providing the most value to the widest range of customers. Domino R5, available since March, 1999, contains rich features and capabilities which has resulted in continued market dominance. The Domino server has evolved over the years to provide its core collaborative services to an ever-widening set of users. Thus, deploying Domino has resulted in significant return on investment and customer satisfaction. Microsoft has recently shipped the third major version of Exchange server. Exchange 2000 represents an attempt to catch-up to Domino, an attempt which fails dramatically. Instead of concentrating on providing real business value, the Exchange team has spent most of their effort building integration between Exchange and Windows 2000, in an attempt to make Exchange 2000 the "killer application" for the new network operating system. The integration between application and operating system results in a set of product limitations and architectural deficiencies which may take years to resolve. As such, the product Microsoft is shipping will likely face significant challenges in real-world deployment scenarios, resulting in customer dissatisfaction and defections to other products. Further, Exchange 2000 has yet to be proven as anything more than the latest incarnation of Microsoft Mail; time will tell whether Exchange becomes a platform for collaboration beyond basic e-mail. Since most Exchange customers deploy the product for use as an e-mail server only, Lotus' comparison of Domino to Exchange which follows focuses on messaging and messaging-related capabilities. In the coming months, Lotus will publish additional research to show how Domino provides superior business value to Exchange. Check Lotus' "Compare" web site for updated reports. Additionally, a separate report is being published to show how Lotus' Sametime product is superior to Exchange Conferencing Server 1.0. As Microsoft has recently announced that the Conferencing Server will be spun off from the Exchange group, and the server has been priced separately from Exchange server, it is no longer appropriate to consider it a part of the Exchange environment. Core messaging services At its heart, Microsoft Exchange 2000 is just the latest e-mail product from Microsoft. Yet in key messaging areas, Exchange 2000 falls short of Domino R5. This section will examine the different approaches to providing mission-critical messaging. For more information about these core Domino strengths, visit www.lotus.com/itcentral. Scalability Microsoft Exchange 2000 attempts to address one of the biggest shortcomings of the previous Exchange versions: scalability. Yet in an attempt to rearchitect and address this problem, Exchange 2000 introduces a host of new ways for the product to fall short. Exchange 5.5 provides only one shared mail repository per server, an highly-contentious architectural bottleneck that becomes a single point of failure when problems occur. As such, most Exchange deployments have limited the number of mailboxes per server to only a few hundred. Exchange 2000 attempts to rectify this problem through storage groups. A storage group can host multiple mail/public folder databases, and an Exchange 2000 server can host multiple storage groups. However, there continues to be a hard limit of 20 active mail and public folders repositories per server, segmented into four storage groups. The problem? Storage groups now add a new layer of complexity, as administrators must manually assign mailboxes to storage groups. No tools are provided to aid in deciding which users to assign to which group Each database continues to be a point of high file I/O contention and a potential point of failure affecting numerous users. The old problem has thus simply been multiplied by 20 The Exchange mail router must now deliver mail to multiple data stores on a single server, decreasing performance. Each database requires 10 MB of real RAM on the server just to mount in the file system. Exchange 2000 servers will require significant amounts of RAM Microsoft originally promised 15 storage groups per server for Exchange 2000, and dropped to four by release date. The Exchange team blame the drop on memory limitations, claiming that Windows 64 is necessary for additional storage groups. Domino, and most other messaging products, offer greater scalability today, without needing a new operating system to make up for architectural deficiencies. Further impacting scalability in Exchange 2000 is the move towards Internet standards. Microsoft Outlook does not support SMTP/MIME when accessing an Exchange server, and Outlook Web Access 2000 doesn't retrieve or create native MIME. So, in the vast majority of client cases, Exchange 2000 is forced to perform costly MIME to MAPI conversions when sending or receiving mail. The overhead of switching content formats on every single message means that fewer messages can be accessed or delivered. Further, Microsoft created a proprietary format -- TNEF (transport neutral encapsulation format) -- for serving MIME messages to Outlook clients. As TNEF-encoded messages move through the Exchange environment, fidelity of the contents will degrade through multiple conversions. Exchange 2000 offers a server configuration option designed to improve scalability -- segmentation of front-end and back-end servers. However, Microsoft's approach comes with significant overhead. First, this configuration works only with Internet protocols (HTTP, POP, IMAP) -- Microsoft's own Outlook client (all versions: 97/98/2000), which uses MAPI, cannot utilize segmented servers. Second, the use of front-end/back-end configurations compromises the security of the Exchange environment -- data is sent unencrypted between the servers, and users must remember a different login sequence. Third, configuration of front-end servers is an entirely manual process, requiring administrators to edit the system registry with hardcoded address information for Active Directory services. Last, from a licensing perspective, Microsoft is requiring customers to license the enterprise edition of Exchange 2000 for front-end servers...servers that will not be hosting any data. This is an additional US$3300 per front-end server with no real benefit. How does Domino R5 compare to Exchange 2000 on scalability? Domino R5 provides superior scalability to Exchange 2000. Domino offers the flexibility to deploy single databases per mailbox, eliminating file contention and single points of failure. Domino databases can scale to unlimited size, and there is no limit on the number of mailboxes or applications per server. Domino R5 provides true native Internet standards for messaging, assuring speedy message delivery and high fidelity. Domino leverages the best scalability features of the underlying operating systems, especially environments like Solaris, AS/400, and S/390, to provide servers with thousands of active users. Reliability Exchange 2000 is a "completely new product" (DevX Newsletter, August 1999). It is built on top of Windows 2000, utilizing many key services from the Windows environment. Thus, infrastructure of this potentially-mission-critical application is build on a relatively new foundation. Yet some of the key deficiencies of Exchange 5.5 have been brought forward. Exchange 5.5 is a difficult environment to run reliably; according to Creative Networks (November 5, 1999), 42% of Exchange environments are not meeting their uptime targets. Exchange 2000 provides no utility to backup or restore an individual mailbox. Like Exchange 5.5, any failure of a mail database will affect all the users in that database. The entire storage group must be restored to a standby server, and users will be without mail during the entire restore process. Exchange customers typically implement restrictive mailbox quotas to ensure that mail databases do not grow too large; for example, Microsoft's internal deployment is limiting each user to 100 MB of mail, according to the case study posted on the Microsoft presspass web site. Exchange 2000 has no clustering capability of its own. It needs Windows 2000 Advanced Server to provide clustering services. Running on Windows 2000 Advanced Server, Exchange 2000 can provide two-way active/active clustering. However, both nodes must share a disk subsystem, making "hot site" clustering to remote locations impossible. Thus, if the disk subsystem fails -- file corruption, flood, earthquake -- both nodes will fail. Microsoft had previously promised four-way clustering for Exchange 2000, using Windows 2000 Datacenter Edition. This support was dropped at Exchange 2000 ship. The new routing architecture of Exchange 2000 introduces some new reliability problems. Every SMTP routing decision between Exchange 2000 servers requires a lookup in the Global Catalog, a separate directory from the Active Directory. This represents not only a huge duplication of data, but also massive additional synchronization overhead and considerable administration overhead to build and maintain the multiple Active Directory applications. Exchange 2000 deployments will require numerous copies of the Global Catalog distributed in the environment in order to handle the network load of all of these lookups. Because the Global Catalog must be synchronized, and because Exchange 2000 lacks field-level replication, Exchange 2000 servers will be busy keeping up with directory changes, leaving fewer cycles for serving users and routing messages. How does Domino R5 compare to Exchange 2000 on reliability? Domino R5 provides superior reliability to Exchange 2000. Domino supports six-way active/active clustering, even across network links, which can be used for both fail-over and load balancing. Domino's clustering does not require "advanced" or "datacenter" versions of the underlying operating systems; Domino clustering can even run on a freeware Linux server. Only Domino provides a true "Hot site" clustering model Domino support single mailbox backup and recovery, regardless of messaging architecture Domino performs automatic routing between servers on the same network, and highly efficient routing between networks Domino runs on multiple platforms, including extremely reliable platforms like AS/400, Solaris, and S/390 Manageability According to Chris Schraff, contributor to Exchange & Outlook magazine, "The administrative interface for Exchange 2000 is more complex than the 5.5 interface by an order of magnitude. I'm afraid that as it stands now, the complexity of administration will be a real barrier to small- and mid-sized businesses. Many real-world administrative tasks now require twice as many steps, or worse yet, a programmer to complete them." What is it about Exchange 2000 that makes it more difficult to manage? Aside from a gargantuan migration process (see related document), the transition to Windows 2000 as the management point means significant retraining for messaging administrators. In the Active Directory Users and Computers view, some dialog boxes have up to sixteen different tabs on them -- difficult for most system managers to keep track of. Further, most of the administrative concepts have changed from Exchange 5.5, with the introduction of administrative groups, routing groups, and storage groups. No tools are provided to aid the Exchange administrator in assigning and tracking all these different groups, meaning they have to be managed manually, and not surprisingly, none of them conceptually overlap. In the case of routing groups, they introduce a new single point of failure for Exchange 2000, as every server in a routing group must be able to access a master server for link state reports. The Exchange team created a new proprietary protocol in order for Exchange servers to communicate this information to each other; now network administrators will be forced to change firewalls and proxies in order to accommodate Exchange's supposedly-standards-based routing. Exchange 2000 brings with it some of the major management problems of the Exchange 5.5 environment. There is still no way to combine two logical Exchange organizations, and moving a server to a new system is still nearly impossible. Plus new issues are introduced, such as a 5,000 user limit on the size of a group (mailing list), Because many of Exchange 2000's services are provided by Windows 2000, administrators have to coordinate their use of overlapping utilities. For example, the Windows 2000 SMTP service, used by Exchange 2000, is provided by the separate Microsoft IIS server. IIS stores the configuration of the SMTP service in a metabase outside of the Windows registry, and Exchange 2000 must synchronize this data with the Active Directory every time configuration data is updated. Worse yet, the snap-in provided with Windows 2000 to administer the SMTP service no longer functions once Exchange 2000 is installed, meaning that administrators have to change tools to continue to manage the same service. How does Domino R5 compare to Exchange 2000 on manageability? Domino is easier to manage than Exchange 2000. Domino provides a unified administration tool, the Domino Administrator, as a consolidated control panel. Domino also uniquely provides a web-based system management tool for easy remote administration Domino R5 was found easier to manage than previous versions of Exchange in independent studies Domino provides drag-and-drop support for moving users between servers Domino provides built-in tools to proactively monitor and manage the entire Domino network from a single console Domino's dynamic client configuration configures Lotus Notes settings automatically Message system reporting is built into R5, providing tools to help administrators manage their systems proactively Linking two Domino-based organizations securely is as simple as a single cross-certification procedure Domino's databases are unlimited in size, number, and operate 24/7. The robust fifth-generation NSF architecture is time-tested and incorporates the best of IBM and Lotus technology Security Microsoft has always made security of the Exchange and Outlook environment a secondary concern. Exchange has never provided robust authentication, trust, or encryption capabilities, sometimes relying on additional products for these capabilities and other times simply never offering them. Exchange 2000's architecture continues to present security concerns. Exchange 2000 still does not offer an integrated public key infrastructure (PKI), instead requiring two separate products, Microsoft Certificate Server and Microsoft Key Management Server. When using these servers, administrators must manage a separate user authentication to the Exchange environment. The overhead of deploying a completely separate security infrastructure means that very few Exchange implementations include the baseline capability to digital sign a message or encrypt per-recipient. Because there is no integrated PKI in Exchange 2000, key features to protect user data are not available. For example, Exchange and Outlook do not offer an execution control list, which specifies what types of content and which authors are permitted to perform external operations in the user's environment. Further, use of collaborative applications on Exchange and Outlook becomes limited because most users lack digital signature capability. And local data encryption for mobile users is only available when using Windows 2000 workstations, and only then through an obscure feature not typically implemented. Microsoft often promotes the fact that Exchange and Outlook offer a single sign-on utilizing Windows 2000. The single-factor authentication of using a Windows networking password to access users' mailboxes means that any time a user is logged into the network, anyone can walk up to their machine and access their e-mail. Further, any software running on that user's desktop can generate mail messages without being required to separately authenticate. This lax security has provided entry points for viruses and trojans such as "Melissa," "Bubbleboy," and "ILOVEYOU". Only recently has Microsoft attempted to fix the problem, with a security patch for Outlook. Microsoft has no plans to include this security patch in future versions of Outlook, according to product manager Steve Lippner in a Chicago Tribunestory. In Exchange 2000, the single sign-on capabilities are only available in limited deployment scenarios. For example, when using separate front-end servers, Outlook Web Access users must provide a separate login and password, with the login information being different than their Windows login (format: domain/username). In fact, Microsoft documentation indicates, "Neither Windows Integrated Security, which supports both NTLM and Kerberos authentication, nor HTTP 1.1's Digest authentication, is supported by Exchange 2000 HTTP front-end servers. " Thus, even if users are already authenticated to other web applications, they must re-login to Outlook Web Access 2000. Another issue with the front-end/back-end server scenario is that data between the two servers passes in unencrypted clear text. E-mail contents will be available in plain view to anyone accessing the network traffic. This issue is all the more worrisome as the Exchange team are recommending that customers deploy front-end servers outside their firewalls so that travelling users can access their mail. How does Domino R5 compare to Exchange 2000 on security? Domino offers a more secure and controlled environment. Domino is so secure that the US Central Intelligence Agency has been a customer for years, even speaking about their deployment at past Lotusphere events. Domino has included a seamless PKI since version 1.0. It is so easy to deploy and manage, that almost every Domino/Notes customer uses these capabilities. Domino's integrated PKI provides the foundation for numerous security features, including: digital signatures and per-recipient encryption; access control -- down to the individual field level; execution control lists; local data encryption on Notes clients; and trust relationships in multi-organization and Extranet applications. Domino can encrypt any data travelling into or out of the Domino server, even on dial-up phone lines Domino/Notes offers single sign-on capabilities, using two-factor authentication, for Windows NT and Windows 2000 workstations through the Windows-standard GINA (Graphical interface network authentication). This feature will evolve further to use Network Providers based on Active Directory, for those customers planning to use AD. Domino offers single sign-on capabilities when using Microsoft IIS as its HTTP protocol layer. Users do not need to re-authenticate when moving into Domino applications Domino offers single sign-on capabilities when integrated with IBM Websphere. Applications which leverage the strengths of Websphere and Domino together are presented to the user as a unified experience Domino integrates with a variety of third-party and industry-standard PKIs, including Entrust and RSA Keon Directory Microsoft Exchange 2000 is, like many other Exchange 2000 services, entirely reliant on Windows 2000 for its directory. All Exchange 2000 users must be created and managed through the Windows 2000 Active Directory. Despite claims of openness, Exchange 2000 cannot use other directory services, such as LDAP or a corporate metadirectory, to manage or authenticate users. Thus, customers are forced to fully implement Active Directory, a technology which Network World called, "arguably the most complex technology ever produced by Microsoft." The inability to separate the messaging system's directory from the network operating system means control problems in the typical IT environment. Many corporate IT departments separate the management of network users and resources from messaging server users and resources. Exchange 2000 does not allow these to be separate operations, and network administrators and e-mail administrators will find themselves in the unusual position of affecting each others' environments. Exchange and Outlook Magazine pointed out that, "this unification means the objects within don't have a clear owner." Federal Computer Week highlighted this by saying, "For most large organizations that have separate network operating system and messaging architecture teams, this model will force greater collaboration between the groups." Is a turf war the quickest way to reduce the total cost of ownership of a messaging server? All of this assumes that Active Directory is solid in Windows 2000, and further, that Exchange 2000's modifications to Active Directory are complementary. However, it is already known that this is not the case. At installation, Exchange 2000 adds over 1000 fields to the Active Directory schema, modifying every user in the directory with n*1000+ changes. These modifications are not trivial; Windows 2000 makes it extremely difficult to remove fields from Active Directory once they have been added. Once these changes are made, they must be propagated to every server in the Windows 2000 domain which is hosting Active Directory, resulting in a huge burst of network traffic. Further burdening the network is Exchange 2000's reliance on Global Catalogs. Global Catalogs (GCs) are copies of the Active Directory which are used for authentication and directory lookups, and their creation and maintenance creates redundancy and extra overhead on an Exchange 2000 environment. Presenters at Microsoft's TechEd 2000 conference recommended one GC server for each four Exchange 2000 servers, and further emphasized that GC servers must be separate from Exchange 2000 servers. Making things even more difficult, administrators have no control over which GC server is utilized by Outlook clients in their environment; Outlook determines the "closest" GC server and makes a registry setting to always query that server. Thus, administrators looking to load-balance their GC servers must make manual registry modifications to redirect Outlook clients. The Global Catalog also has issues in a distributed environment; Exchange users cannot log on if they cannot access their GC server. If a network link goes down, e-mail capabilities may also go down, even if the Exchange mail server itself is on a local area network. The situation with Active Directory and Exchange 2000 could be much less cumbersome if Exchange 2000 was an open environment. Unfortunately for customers, Microsoft has made the linkage between the two so tight that Exchange cannot authenticate users from external directory sources. All Exchange 2000 users must be registered in Active Directory. This even applies to public folder access on the web storage system, meaning that authenticated Extranet applications will be difficult or impossible to build without integration of several Microsoft server technologies. A key question that Exchange 2000 customers should consider: Is Active Directory ready for my organization? Some Microsoft customers say no. In Network World Microsoft product managers acknowledge significant deployment blockers with the current version of Active Directory. These problems will not be fixed until "Whistler," the next version of Windows 2000, ships sometime in 2001. Exchange 2000 will then also have to be updated to utilize the new version of Windows, meaning that for some customers, the first real deployable version of Exchange may not be ready until 2002. How does Domino R5 compare to Exchange 2000 in use of directory services? Domino R5 provides a more flexible, manageable, directory environment. The Domino directory scales to millions of users Domino provides field-level replication to minimize network impact of simple directory changes Domino's directory is completely extensible Domino's directory can be populated from Windows NT/2000, and users can be synchronously managed between Windows User Manager and Domino The Domino directory can be managed separately from the network operating system Domino provides the flexibility to authenticate users from other directory sources, using LDAP v3 Summary -- Core Messaging Services Ian Campbell, analyst with Nucleus Research, spoke with eWeek about Exchange 2000. "When you look under the covers of Exchange 2000, there's not much there," Campbell said. "There are some changes for administrators, and there's some increased reliability. But when it comes down to whether there's any real reason to upgrade, that's a really iffy proposition for IT managers. I don't think end users will notice much of a difference." It remains to be seen how Microsoft Exchange customers can justify the time and expense of a migration that won't make much of a difference. Collaborative Applications For years, Microsoft has attempted to position Exchange as a collaborative applications server. Marketing messages notwithstanding, the real-world deployment of Exchange has not extended beyond e-mail and related content. In June, 2000, Creative Networks, Inc. reported that the typical Exchange customer is using only 10% as many applications built on Exchange as the typical Domino customer uses on Domino. Further evidence can be found in the Lotus business partner community, shipping thousands of real-world, complete solutions for Domino. No similar catalog of applications exists for the Exchange server platform, and the few that have been developed in the past have quickly migrated to other Microsoft technology more suited to their purpose. Exchange 2000 introduces few new capabilities for building collaborative applications. Further, it maintains the wide gap between building applications for Outlook/Office and web applications. This section provides a brief examination of the collaborative capabilities of the two environments. Out of the box capabilities Exchange 2000 offers limited collaborative capabilities when installed. Public folders are available for storing shared information, but they contain no application logic. To use public folders for anything beyond basic storage of documents, applications must be developed. As an aside, while Exchange 2000 offers the ability to segment public folders, Outlook clients can view only one public folder tree -- limiting the architectural choices of most organizations. Domino R5 comes with several complete applications in the box, including threaded discussions, document libraries, and Teamroom. Domino even includes a Microsoft Office document library, providing security, workflow, and distributed access to Office applications. All Domino applications are accessible both by Notes clients and by web browser users, with no modification or extra configuration required. Creating out-of-the-box Domino applications is as simple as File | Database | New Database. Application development tools Exchange 2000 has no dedicated or preferred application development environment. Developers must decide which among the Microsoft tools portfolio is the correct environment for building their particular application. Further, applications which are built for use in Microsoft Outlook or Office cannot be used through a web browser. Application developers must make an upfront decision whether to use the richness of a locally-installed client like Office or the openness of a web application. When looking at Exchange 2000, there are few new capabilities in the server that add value to collaborative applications. The value proposition of building applications on the Exchange server remains unclear in this release. Exchange 2000 provides no integration capabilities with back-end systems. Developers wishing to incorporate data from SQL server or other back-end systems must manually code query/save operations through ODBC or OLE/DB. Exchange 2000 applications may only be used while connected to the Exchange server. In some cases, content can be taken offline through folder synchronization, but application logic cannot be performed, or modified, while offline. Further, Microsoft provides no tools for updating application logic, requiring many customers to ship CDs around of the "latest version" of the few applications they are using with Exchange. Domino R5 is one of the most open, flexible application development environments available. In addition to the complete GUI development environment of the Domino Designer, various open interfaces and connectors are provided from Domino. These include COM, CORBA/IIOP, XML, FrontPage, C, C++, Dreamweaver, and NetObjects Fusion. Application developers are free to utilize the tools they are familiar with. The Domino Designer builds applications which are accessible by both Notes clients and web browsers, in a write-once, open to either approach. The Designer includes a formula language, Lotusscript (similar to Visual Basic), Java, and Javascript support. Domino includes Domino Enterprise Connection Services (DECS). DECS provides bi-directional connectivity natively to eighteen different data backends, including SQL Server, DB/2, Oracle, Peoplesoft, and more. Domino also includes Domino Off-Line Services (DOLS), which lets web-browser users take advantage of the same robust replication and off-line capabilities as Notes client users. All Domino applications can be used in a off-line or occasionally connected scenario, regardless of client type. Integration with Microsoft technologies Exchange 2000, not surprisingly, offers several different integration points with Office and other Microsoft technologies. In many cases, there are several different ways to approach applications in the Microsoft world, with Exchange/Outlook being only one possible technology combination. Domino R5 provides a significant amount of integration with Microsoft Office. A series of white papers and articles can be found at www.lotus.com/itcentral. Domino R5.05 includes several new Microsoft integration capabilities, including: Domino Network File Store, which allows any Domino database to be accessed via Windows Networking and turns Domino databases into network file sharing databases iNotes Access for Microsoft Outlook, which allows the Outlook 98/2000 client to be used for mail/calendar services on Domino mailboxes Domino Collaboration Objects, packaged functions to streamline Domino development using COM, and an OLE/DB connector, for native data movement between Domino and SQL Server 7 Summary -- Collaborative Applications Exchange 2000 is one of many servers in the Microsoft server portfolio. Microsoft has yet to explain to developers where to use Exchange vs. SQL server, BizTalk server, Commerce server, or Internet Information server. In most cases, Exchange 2000 will continue the Exchange tradition of being a messaging server only, leading companies down the path of increased cost of ownership by having to deploy multiple server technologies. Domino R5 provides a single infrastructure for collaborative applications, regardless of client environment. In most cases, Domino customers deploy dozens or hundreds of collaborative applications, all with the same tools, technology, and infrastructure as rich messaging services. Domino provides the only true return on investment by doing more with the same environment. Conclusion Since announcing "Touchdown" eight years ago, Microsoft has tried several times to gain dominance in the messaging and collaboration market. Exchange 2000, a product which took more than three years to build, conjures up a sense of deja-vu. The Exchange marketing team has attempted to position the new release as the one that will beat Lotus -- we've heard that before, many times. Ultimately, customer research has resulted in the selection of Domino in far-greater numbers than Exchange. The market is now at a point where customers who have failed in their attempts to deploy Exchange are upgrading to Lotus Domino, and Domino customers, freshly deployed with R5, are taking advantage of great new capabilities to further improve their business' ability to collaborate. These trends will continue for the forseeable future, as the latest Exchange is revealed in the market for what it really is -- a Windows 2000 add-on for electronic mail. Home Request Information Site Map Search Xpressite TrackMeet CommonStore Services Kolaco, Inc. 88 East Main Street, Suite 300H Mendham, NJ 07945 P 973.984.3000 sales@kolaco.com © 2012 Kolaco, Inc. All rights reserved.