Merrill Lynch Leaning on Active Directory

PRINCETON, N.J. (02/11/2000) - Investment giant Merrill Lynch is upgrading to Windows 2000 to take advantage of Active Directory and the technology's ability to policy manage the firm's Cisco network, including its IP telephony system.

Merrill Lynch is hoping that Active Directory will ease administration of granting users access to specific network resources, such as bandwidth and quality-of-service (QoS) guarantees.

The firm is trying to foster a "free seating" environment, in which network services are tied to users wherever they are in the organization, not to specific devices in a fixed location, such as switches, routers and IP phones.

Merrill Lynch's plan to embrace Active Directory is part of the company's overall push to equip its 55,000 employees with an all-IP network anchored by up to 2,000 routers.

Directory-enabling this network will help Merrill Lynch launch new Web services and maintain consistency among naming, security and remote access policies.

"The whole integration of policy management and Active Directory - that's where you tie in the user to the network service," says Adam Schoenfeld, director of private client architecture in Merrill Lynch's distributed systems development group.

Merrill Lynch is using Cisco's QoS Policy Manager (QPM) software to classify traffic and administer and enforce QoS policies for that traffic. But it's still a device-centric way of administering QoS policies.

Linking QPM to Active Directory will let Merrill Lynch administer QoS based on user profiles, which would couple the policy to the user - no matter where that user is - instead of to a specific Cisco device. QPM with Active Directory will ship this spring, Cisco says.

Similarly, linking Active Directory to its IP telephony infrastructure will let Merrill Lynch employees log on to the network from any phone on the company's campus and gain access to the QoS and network service privileges associated with their name.

"When we start pushing our next-generation voice services out, it's going to be a whole new ballgame," Schoenfeld says of the linkage between Cisco's IP phones and Microsoft's Active Directory.

Those next-generation voice services will be in a new, "PBX-free" campus Merrill Lynch is building in Hopewell, N.J. When that campus is completed this fall, 8,000 employees will be able to call one another over the IP network using a new release of Cisco's CallManager IP telephony software and new 7960 IP phones that feature, among other enhancements, integration with Active Directory.

This integration makes the 7960 IP phones a "userassociated device," Schoenfeld says, in which calling features are tied to the user instead of to the IP address of the physical handset. So if users with certain network-access privileges or restrictions are moving around the campus, they do not have to use a specific phone in order to activate those privileges or restrictions.

They log on using whatever 7960 phone they are closest to, and Active Directory will match the user's name with the IP network-access privilege policies in a Cisco policy server.

This will greatly improve the impact of moves, adds and changes, Schoenfeld says. "The costs associated with moves goes into the millions every year. It's a huge cost, and now that goes away."

The new version of CallManager can link directly to Active Directory or through a new version of Cisco's policy server that Merrill Lynch will soon be beta-testing. Linking CallManager, which provides basic call processing, signaling and connection services to packet telephony devices, to Active Directory can establish call-processing priorities for Merrill Lynch employees based on their user profile in the directory and associated service policy in the policy server.

In addition to the Active Directory links, the 7960 IP phones and CallManager software foster a more scalable IP telephony environment, Schoenfeld says. The new phones have a 100M bit/sec switched connection to a Cisco switch instead of the shared 10M bit/sec connection in earlier versions of the Cisco IP phones.

Also, CallManager software has been rearchitected to run on multiple servers, or a server cluster, which eliminates any restriction in the number of users the software can support, he says. Currently, CallManager 2.4 can support 300 or 400 phones before performance starts degrading, Schoenfeld says.

To ensure a pain-free implementation of Active Directory in its IP telephony and data network, Merrill Lynch has been testing the product in a development domain for more than a year. A few hundred developers are testing the product's capabilities and ensuring that applications will be compatible with Win 2000 and production rollout will go without a hitch.

The investment firm plans to install Win 2000 prudently. A small number of its 600 to 700 branches will get it initially, and then Merrill Lynch will gradually ramp up deployment based on the product's stability.

"By midyear, we'll have in the neighborhood of 25 branches running Win 2000," Schoenfeld says. If all goes well, 10 to 20 more branches per weekend will be migrating over, he says.

Once branches cut over to Win 2000, they'll have Active Directory stocked with network policies defined by user names. That does not mean Merrill Lynch's network will be directory-enabled - the firm will have to upgrade the versions of Cisco IOS software running on its routers and switches before it can tie them into the directory, Schoenfeld says.

The company hopes to have its network directory-enabled within the next year, depending on the performance of the new version of Cisco's policy server that Merrill Lynch will beta-test.

The new Cisco policy server will not only have links to Active Directory, it will let older Cisco gear - which may not be as policy-enabled as the newer equipment - communicate with the Microsoft directory through scripting, Merrill Lynch officials say.

The firm chose to go with Microsoft's Active Directory rather than Cisco's own Cisco Network Services/Active Directory because the Microsoft product is more tightly integrated with Win 2000, Schoenfeld says. That means the firm's Win 2000-based business applications should be more tightly integrated with the directory as well. "Deploying Windows 2000, IP phones and Active Directory for administration and service delivery is a bellwether for how we see Merrill Lynch operating in the future," Schoenfeld says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftSEC

Show Comments