Novell, Inc.
464-000064-008 Novell AppNotes Order Desk PO Box 14530 Fremont, CA 94539 Ap USA ® p
Notes Novell AppNotes Tel 925 463 7391 Tel 800 395 7135 •
August 200 3 Novell Research www.novell.com Call 1-800-395-7135 for subscriptions AUGUST 2003
Novell’s Technical Journal for Implementing, Managing, and Programming to one Net
Spotlight on NetWare 6.5 APPNOTES 4 What’s New in NetWare 6.5? 24 Novell Server Consolidation Utility, Migration Wizard, or MEDIA MAIL Volume Split/Move: Which U.S. Postage Should I Use? PAID Fremont, CA 33 Virtual IP Addresses in the Permit# 774 NetWare 6.5 TCP/IP Stack Novell Appnotes Returns c/o Zomax, Inc. 46 Apache Manager: A Directory-Based Approach to
1640 Berryessa Rd, Suite A S p Managing Apache Web
San Jose, CA 95133 o t
USA l Servers i g h t
DEVELOPER NOTES o
CHANGE SERVICE REQUESTED n 57 Overview of Novell Web and N
e Application Services in t W NetWare 6.5 a r
e 70 New Developer Features in
6 Novell eDirectory 8.7.1 . 5 SECTIONS
83 Net Management 99 Net Support 107 Code Break 124 Viewpoints AppNotes ®
Novell’s Technical Journal for Implementing, Managing, and Programming to one Net August 2003 Volume 14, Number 8
Editor-in-Chief Richard L. Smith Novell AppNotes® (formerly Novell Application Notes, ISSN# 1077-0321, and now including the former Novell Developer Notes) is published monthly by Novell, 1800 S. Managing Editor Ken Neff Novell Place, Provo, UT 84606. The material in the AppNotes is based on actual field experience and technical research performed by Novell personnel, covering topics in these Senior Editor Edward Liebing main areas:
Editor Rebecca Rousseau • Network design and optimization strategies • Network management tactics Research Engineer Jeff Fischer • Novell product internals and theory of operations • Novell product implementation guidelines Graphics Wes Heaps, Michelle Barnum • Integration solutions for third-party products • Network applications development and tools Online Production Robert Rodriguez This information is designed to benefit Novell’s technical audience consisting of systems Production Zomax Incorporated engineers, support engineers, consultants, programmers, network managers, and information systems personnel. This AppNotes edition was produced Subscription Information using Adobe FrameMaker 7, Illustrator, Photoshop, QuarkXPress, WebWorks The AppNotes subscription rate for a 1-year subscription (12 issues) is US $99. To order, call Publisher Professional, and HP LaserJet (800) 395-7135 or (925) 463-7391. Orders can also be faxed to (510) 657-1473 or sent by e- printers. mail to [email protected]. Or use the order form at the back of each AppNotes edition. (Bulk subscriptions are available at a discounted rate.) For subscription service questions and changes of address, call (800) 395-7135 or fax (510) 657-1473.
AppNotes on the Web
The AppNotes are accessible on the World Wide Web at http://www.novell.com/appnotes.
Permissions Reader Service You must obtain permission before reproducing any material from the Novell AppNotes in For subscription service questions and any form. To quote from or reprint any portion of an AppNote, send a written request to changes of address, call: Novell Research Editor-in-Chief, 1800 S. Novell Place, Provo, UT, 84606, or fax to (801) 861-4123. (800) 395-7135 or (925) 463-7391 AppNote Back Issues
Or send e-mail to: You can order back issues of the past year of Novell AppNotes, subject to availability, for [email protected] $15 each, $20 each outside the United States. (Bulk orders are available at a discounted rate.) The Publications List in each AppNotes edition provides part numbers for back issues. For Editorial Comments more information, see the order form at the back of this AppNotes edition.
Direct any comments or suggestions about the content of AppNotes to: Copyright © 2003 by Novell, Inc., Provo, Utah. All rights reserved.
Richard L. Smith Novell, Inc. makes no representations or warranties with respect to the contents or use of Novell Research these Application Notes (AppNotes) or of any of the third-party products discussed in the Novell, Inc. MS PRV F-141 AppNotes. Novell reserves the right to revise these AppNotes and to make changes in their 1800 S. Novell Place content at any time, without obligation to notify any person or entity of such revisions or Provo, Utah 84606 USA changes. These AppNotes do not constitute an endorsement of the third-party product or Voice (801) 861-6508 products that were tested. Configuration(s) tested or described may or may not be the only Fax (801) 861-4123 available solution. Any test is not a determination of product quality or correctness, nor does E-mail [email protected] it ensure compliance with any federal, state or local requirements. Novell does not warranty products except as stated in applicable Novell product warranties or license agreements. Letter from the Editor
August 2003
Dear AppNotes Readers:
Recently I was a participant in a training session here at Novell. The purpose of the training was to help members of our team fully understand the Novell Linux strategy and how we could contribute to the success of the company efforts. Now, you are likely asking yourself, “Why do I care about this?” I’m glad you asked that question. There were a number of issues surrounding the focus we have placed on Linux that might have been a bit confusing without further explanation. My first question was “How can Novell and its customers make money in the Linux market where basically everything is free?” The answer to that question comes from data that identifies the major concerns that companies have regarding using Linux in the enterprise. Lack of support, lack of applications, and immaturity of products are identified as the primary reasons for not deploying Linux. Novell Nterprise Linux Services address the first two reasons and provide developers with the tools to address the third. Product maturity and support are strengths that Novell brings to the table, along with providing what developers need to create those missing applications. Stay tuned for more coverage of the Linux efforts at Novell, and be sure to check out the new Linux Corner column that debuts in our Net Management section this month. You can also keep current with Novell’s Linux strategy by visiting http://www.novell.com/linux.
This month heralds the release of NetWare 6.5, which continues the tradition of cutting-edge technologies and extremely effective use of IT resources by enhancing existing features and adding new capabilities. “What’s New in NetWare 6.5?” provides the details of what NetWare 6.5 delivers to IT managers, end users, and developers. “Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use?” demystifies the various upgrade options for NetWare 6.5. “Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack” introduces a powerful new feature of the enhanced TCP/IP stack. “Apache Manager: A Directory-Based Approach to Managing Apache Web Servers” details the use of the new Apache Manager tool in NetWare 6.5 to simplify the management of Apache Web servers. NetWare 6.5 also includes a number of tools and products to aid you in Web development. “Overview of Novell Web and Application Services in NetWare 6.5” outlines NWAS from the Web databases to the selection of application servers available. And eDirectory has been enhanced as well for NetWare 6.5, as you’ll read about in “New Developer Features in Novell eDirectory 8.7.1.”
Be sure to check out the latest projects available at the Novell Forge site at http://forge.novell.com. While you are there, visit the new AMP community and maybe drop off a project or two to share. The Forge site is growing quickly and AppNotes will highlight projects and activities from the site in a new Forge Ahead column also debuting this month.
Look for us at BrainShare Europe 2003, September 7-11 2003 in the Developer Den. This will be the first Developer Den at BrainShare Europe and there will be many fun and informative activities for the attendees. For details on attending BrainShare Europe, go to http://www.novell.com/brainshare/europe/.
Have a great August and I’ll see you in September. Richard L. Smith Richard L. Smith [email protected] Editor-in-Chief
1 Contents August 2003
APPNOTES (S p o t l i g h t o n N e t W a r e 6. 5 )
4 What’s New in NetWare 6.5? Ken Neff Provides an overview of the benefits and new features included in NetWare 6.5, code-named “Nakoma,” the latest update to Novell’s secure, reliable Net services platform.
24 Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use? Bruce Cutler Covers the new features in two updated utilities that ship with NetWare 6.5: the Migration Wizard 6.5 and the Server Consolidation Utility 2.5, and introduces the NSS Volume Split/Move feature.
33 Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack Jambunathan K Introduces the virtual IP address feature in the enhanced TCP/IP stack that ships with NetWare 6.5, highlights its advantages, and suggests scenarios where it could be put to best use.
46 Apache Manager: A Directory-Based Approach to Managing Apache Web Servers Dave Mitchell, Brad Nicholes Explains the new Web-based Apache Manager tool in NetWare 6.5, which allows the Apache configuration files to be stored in a hierarchy of directory objects.
DEVELOPER NOTES
57 Overview of Novell Web and Application Services in NetWare 6.5 Excerpted from the NetWare 6.5 documentation Introduces Novell Web and Application Services (NWAS), a collection of open source and Novell technologies integrated with NetWare 6.5 for building, deploying, hosting, and utilizing Web sites and Web applications.
70 New Developer Features in Novell eDirectory 8.7.1 Adapted from a Novell DeveloperNet Webinar Summarizes the new features and enhancements in Novell eDirectory 8.7.1, which ships with NetWare 6.5, from a developer’s perspective.
www.novell.com/appnotes 2 SECTIONS
83 Net Management Linux Corner - Novell Nterprise Linux Services Network Novice - iManager Roles Defined: Part 3 Tips and Tricks - What to Do Before Calling Technical Support for OS Issues, Novell Portal Services Integration with a Directory, Navigating Novell’s Web Site Effectively Directory Primer - Installing eDirectory on Windows and Linux
99 Net Support TIDbits - The categories for this month include Novell Directory Services (NDS) or eDirectory, Novell Small Business Suite 6, NetWare 5, NetWare 6, Novell iChain, ZENworks for Servers 3, Novell Client for Windows NT/2000/XP, GroupWise 6.5, Novell iFolder 2.1 and Novell exteNd Director 4.1. Dear Ab-End - Answers to technical questions about terminating a directory connection in exteNd and iChain, high utilization with NW6SP3 on a Compaq DL-380 BorderManager 3.7 server, no new blocked.txt file in GroupWise 6.5 upgrade, NetWare 6SP3 not recognizing Adaptec SCSI controller, what courses are necessary to become a CNA, disabling SNMP on the server, saving changes on a Branch Office server, restoring an ex-employee’s e-mails, new employee to access old employee’s e-mail correspondence, making changes to a ZfD imaging BootCD, recreating a new SMDR configuration, Novell Forge, speeding up NetStorage file loading, and getting a NetWare server to go down. Coolest of the Cool - Two of the most popular articles that appeared in the June 2003 Cool Solutions: Rule for Filtering Offensive GroupWise Spam, and Running NetWare 6 Under VMware Workstation for Windows.
107 Code Break Developer Scene - News items of interest to the developer community: Novell’s Strategy for Delivering Secure Directory-enabled Web Services using Novell exteNd and Nsure Solutions, Novell XForms Technology Preview, and NDK CD-ROM Images Now Available. Developer Q & A - Answers to developer-related questions about binding a secondary IP address to the instance and port of MySQL running on a server, how to insert data into a MySQL database using C, accessing the GroupWise Address Books, how to get the username from an eDirectory user in order to show it on an ASP page, how to authenticate and create a user using the HJCL clientless Java API, and code to retrieve the IPX/SPX network address of a workstation object. DeveloperNet News - BrainShare Europe 2003: Fill Your Head with Real-World Leverage, Novell Nterprise Linux Services: Way Beyond Cool, Check Out Novell Nsure Audit, DeveloperNet: One-Stop Novell Development, Truth with a Capital N, Novell Releases Guide to Secure Identity Management, and YES, Tested & Approved Product Search. Forge Ahead - What’s New on Novell Forge and How to Get Started at Novell Forge.
124 Viewpoints Ramblings - To Web Services or Not. . . Lightweight Access - The Answer Is Obvious
August 2003 3 What’s New in NetWare 6.5?
AppNotes Feature Article NOVELL APPNOTES
Ken Neff Managing Editor Novell, Inc. [email protected]
This AppNote is adapted from the NetWare 6.5 Reviewer’s Guide, the NetWare 6.5 documentation, and various other sources available on Novell’s product Web site.
Novell has announced the release of NetWare 6.5, code-named “Nakoma,” to give customers a reliable services platform for delivering secure, non-stop access to network and information resources. This AppNote provides an overview of the benefits and new features in this new version of NetWare.
Contents: • Introduction • NetWare 6.5 Feature Overview • Business Continuity Features • Virtual Office Features • Web Application Development Features • Open Source Features • Other New Features • NetWare 6.5 Installation Enhancements • Conclusion
Top ic s NetWare 6.5, NetWare upgrades, features overview Products NetWare 6.5 Audience network administrators, consultants, developers Level beginning Prerequisite Skills familiarity with the NetWare operating system Operating System NetWare 6.5 Too ls none Sample Code no
www.novell.com/appnotes 4 Introduction In 2003, CIOs and those responsible for IT strategy, implementation, and maintenance have the same pressing concerns they have had for years: demands for more capability, maintaining security, staying technologically current, and simplifying administration—all while holding a lid on expenses. Today, organizations of all types and sizes face challenges in the areas of cross-platform network services, secure identity management, and Web-based application development and hosting.
Novell’s release of NetWare 6.5 takes square aim at these issues and provides a AppNotes reliable services platform for delivering secure, non-stop access to network and information resources. NetWare 6.5 builds on the success of NetWare 6.0 to deliver the power, security, and features required by today’s most demanding consumers of Internet and network services.
The enhancements made to NetWare 6.5 enable businesses to stay current with the latest technologies, while still enjoying an unprecedented level of security and stability. Executives at customer organizations who take advantage of NetWare 6.5 will be putting powerful new tools in the hands of their IT departments, not to mention their end users. The net results will be an increased ability to reap the potential of Novell Nterprise solutions—managing the constant interaction of people with business systems, regardless of who they are, where they are, or what time of day it happens to be.
Those responsible for meeting tight IT budgets will be happy to know that the enhanced capabilities of NetWare 6.5 do not come at an increase in cost. In fact, administrators, users, and developers can do much more for much less because NetWare 6.5 enables them to take advantage of greater management capacity with less effort, greater user flexibility for access and mobility, and widely available and open source Web applications.
This AppNote provides an overview of the new services, utilities, applications, and development tools provided with NetWare 6.5.
NetWare 6.5 Feature Overview NetWare 6.5 addresses four categories of concern to network services administrators, end users, and Web developers (see Figure 1):
• Business continuity
• Virtual Office
• Web services
• Open source
August 2003 5 Business Open Continuity Source AppNotes
Web Virtual Services Office
Figure 1: NetWare 6.5 addresses these four strategic areas.
All four of these areas have been thoroughly addressed in NetWare 6.5 with new features, applications, performance enhancements, and a lengthy list of tools and utilities. NetWare 6.5 delivers quantifiable value in each category.
Business Continuity Services NetWare 6.5 provides the peace of mind associated with a robust services infrastructure that not only keeps customers’ enterprises running securely, but also assures that the information that runs their businesses is never at risk. Today’s organizations are dispersed across multiple geographic areas creating problems around user access, application integration, and information backup. This added complexity drains already scarce IT resources.
NetWare 6.5 supplies the technologies to solve these problems through intelligent consolidation strategies, which reduce complexities and deliver substantial IT cost savings. It offers tightly integrated capabilities for server consolidation, branch office support, backup, and availability. These are made possible by an advanced management system that lets you install, upgrade, and maintain systems from any place at any time using a Web browser.
NetWare 6.5 supports your business continuity needs by enabling you to:
• Create a centralized, highly available storage area network that leverages lower-cost iSCSI standards over standard Ethernet or on standard fibre channel arrays.
• Establish a disaster recovery system that ensures a complete geo-site failover, minimizing business risks.
• Slash connection and management costs associated with running satellite offices while giving remote users the same performance and services that users at headquarters enjoy.
• Protect critical information with centralized backup and restore.
www.novell.com/appnotes 6 Virtual Office Services The Virtual Office services included in NetWare 6.5 provide a personal and team productivity environment that allows quick and easy access to file and print services, e-mail, instant messaging, and other team collaboration tools. These browser-accessible services drive end user productivity by giving users secure access to the right information and tools—whenever and wherever they need them. The enhanced collaboration capabilities of Novell Virtual Office offer users they tools they need for effective teamwork, and a simplified yet powerful work environment to help maximize their productivity. This is further enhanced with self-help features that eliminate help desk calls, wasted time, and administrative AppNotes headaches.
Virtual Office includes the following productivity-enhancing services:
• Novell iFolder gives users access to critical information from any location, with any Web-enabled device. Novell iFolder automatically backs up, synchronizes, and securely stores personal files to ensure information integrity and protection.
• Novell iPrint gives users secure, global access to printers. Using a standard Web browser, users simply click the printer they want to install, and iPrint does the rest. Users can install printers from a customized list, or administrators can create custom maps to help users find the closest printers.
• Novell eGuide lets users locate names, addresses, fax numbers, and e-mail addresses stored in Novell eDirectory or in other data sources across the Web. With the help of the DirXML Starter Pack that is included with NetWare 6.5, users can connect with different user groups and other employees to exchange ideas and information via secure directories and databases.
• Virtual Teams lets users from any location create teams, organize projects, and share information through enhanced collaboration and real-time interaction. Employees can conduct meetings, connect with key team members, and keep business moving—regardless of their location.
• Automatic file versioning lets users find and restore previous versions of their files without involving IT resources.
Web Application Services NetWare 6.5 provides a comprehensive environment engineered for deploying and managing applications based on Java and Web services standards. Customers can move forward with their Web services strategy while taking full advantage of greater interoperability among applications, reduced development costs, and increased efficiency from the Web services model.
August 2003 7 NetWare 6.5 ships with the Novell exteNd Application Server, which provides the power to unify your technology environment with Web services, and the freedom to create more effective business solutions for your customers, partners, and employees. With Novell exteNd, you can deliver open, standards-based Web services, while realizing a fast, simple, and cost-effective process for developing Web-based applications. And since you can run J2EE (Java 2 Enterprise Edition) applications on the NetWare 6.5 application platform, you’ll not only save time and money, you’ll leverage and protect your existing systems while allowing complete application portability.
AppNotes With the Web services capabilities of NetWare 6.5, you can:
• Run J2EE applications on the NetWare 6.5 platform and leverage your existing systems.
• Take full advantage of the Web services model, including greater interoperability among applications, reduced development costs, and increased efficiency.
• Add other components of the award-winning Novell exteNd application development suite (such as Novell exteNd Composer and Novell exteNd Director) to eliminate information boundaries and transform the information locked inside your closed, single-purpose applications into open, flexible Web services.
Open Source Services NetWare 6.5 can host the best solutions available from the open source community. As a result, you’ll realize the significant cost benefits associated with these solutions running on the industry’s most scalable, reliable, secure platform. NetWare 6.5 protects the technology investments you have already made and gives you an easier, more consistent way to integrate your business systems and services. It provides the open, flexible foundation, based on open standards and technologies—such as SOAP, UDDI, Java, Perl, Apache, PHP, and MySQL—that can help you adapt more quickly to new business requirements and capitalize on the advantages of standards-based solutions, regardless of your schedule or budget.
An open source system is only as good as the platform it sits on. With Novell and NetWare 6.5, you can count on a reliable, supported environment that delivers to users the benefit of non-stop access. And you can take advantage of open source services without reducing system availability or increasing management costs.
NetWare 6.5 supports open source solutions in a variety of ways:
• Open source services such as Apache, Tomcat, MySQL, Perl, and PHP are integrated with NetWare 6.5.
• You can seamlessly manage open source projects through the NetWare 6.5 browser-based interface, making it easy to orchestrate processes across the entire organization and have them appear as a single, integrated business solution.
www.novell.com/appnotes 8 NetWare 6.5 Graphical Overview Figure 2 is a graphical overview of the NetWare 6.5 environment, showing how you can use the features and capabilities of NetWare 6.5 to build an integrated, end-to-end solution. AppNotes
Figure 2: Graphical overview of the NetWare 6.5 environment.
The following sections go into greater detail on the new features and enhancements available in NetWare 6.5.
Business Continuity Features In order to get their jobs done, almost every individual in today’s organizations is dependent on the viability, security, and stability of network services. Information technology enables communication, productivity, and the flow of business for and between organizations of all types and sizes. It is therefore imperative that network services and net business solutions are secure, always available, and able to recover from any type of disaster.
New NetWare 6.5 services and utilities ensure business continuity across locations and organizations in the event of unplanned emergencies and disaster, while simplifying responsibilities of administrators and reducing IT costs.
August 2003 9 Novell iManager 2.0 NetWare 6.5 includes iManager 2.0, a single browser-based management tool that enhances the productivity of the IT staff. iManager provides the ability to mangage Novell eDirectory and all of its associated resources and applications. In addition, iManager 2.0 provides administration capabilities for NSS, Product Metering, iPrint, iSCSI, DNS Server, FTP Server, and Nsure UDDI Server.
Server Consolidation Utility 2.5 With the increased capacity of NetWare and Novell Cluster Services,
AppNotes consolidating existing servers is often desired and feasible. The new Server Consolidation Utility included in NetWare 6.5 allows for easy consolidation of your server and printer infrastructure, thus simplifying administration and lowering costs without degrading performance.
The Novell Server Consolidation Utility 2.5 enables you to do the following:
• Consolidate multiple servers within the same tree or between trees.
• Copy from any volume type to any other volume type (NCS, NSS, or traditional).
• Copy file system data from anywhere to anywhere within the same eDirectory tree and maintain all file system trustees, ownerships, and attributes.
• Move printer agents from any print services manager to any other print services manager in the same tree.
The source server can be running NetWare 4.x, 5.x, or 6.x; the destination server can be either NetWare 5.1 or 6.x.
For more information, see “Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use?” in this issue of AppNotes.
Novell Cluster Services (NCS) 1.7 NetWare 6.5 includes Novell Cluster Services (NCS) 1.7, a reliable and cost-effective server clustering solution that provides you with virtually uninterrupted access to your critical storage resources. With support for up to 32 nodes per cluster, NCS allows you to create a storage area network (SAN) system connected via fibre channel hardware. NCS’s automatic redundancy and failover help ensure that your critical systems are always available.
NCS 1.7 has been enhanced with Cluster Volume Broker (CVB) rebuild capabilities, a maintenance mode to pause the change of heartbeat information, refreshed IP information when a new node joins the cluster, cascade failover to detect and isolate bad resources, and script-based cluster management.
www.novell.com/appnotes 10 iSCSI SAN Support iSCSI is an emerging standard for running SCSI block storage protocols over high-speed TCP/IP networks. NetWare 6.5’s support for iSCSI provides the ability to create low-cost storage area networks (SANs) using standard Ethernet hardware. This provides signicant cost savings when compared to the costs required to create a SAN using third-party fibre channel hardware and RAID storage arrays. iSCSI 1.0 for NetWare 6.5 allows you to build a SAN using the same hardware that is used in a traditional LAN. It consists of software that you add to your existing NetWare servers to create a SAN and a NetWare cluster. The iSCSI AppNotes “initiator” software is installed and configured on servers in the SAN that will be used to access shared storage. Initiators can be cluster servers. They use the iSCSI protocol to communicate with an iSCSI storage server or “target” over a TCP/IP network. The “target” software is installed on a NetWare server and provides access to shared disks through the iSCSI protocol. It enables the server to function as a disk controller for the shared disk system. iSCSI is configured and managed through Novell Remote Manager.
DirXML Starter Pack DirXML is a bidirectional data sharing service that leverages Novell eDirectory to distribute new and updated information across directories, databases, and critical applications on the network and across firewalls to partner systems. DirXML achieves uniform data integrity and automated efficiency by helping to eliminate the manual and repetitive tasks of creating and modifying user identities in different systems and applications within an enterprise. It makes automatic changes based on business rules and preserves authoritative data sources.
NetWare 6.5 includes the DirXML engine and DirXML drivers for Novell eDirectory, Microsoft Active Directory, and Windows NT Domains.
Backup and Storage Enhancements The NetWare 6.5 Storage Management Services (SMS) have been enhanced to provide better performance, increased scalability with optimized hardware configurations, and more cost-effective management of storage resources across the network.
For example, business continuity functions are improved with NetWare 6.5’s Snapshot Backup feature, which makes possible a continuous backup to a server over a network so that work is safer. Backups are no longer restricted to rigid backup windows, making backup schedules more flexible and encouraging a higher level of backup.
August 2003 11 Nterprise Branch Office For distributed enterprises looking to save time and money deploying and managing network services at remote sites, Nterprise Branch Office, included in NetWare 6.5, is the answer. Its secure replication of branch office information to the data center and automatic identity provisioning eliminates the need for a costly dedicated connections and simplifies management. This multifunction software appliance provides the following features: • Auto-provisioning. Nterprise Branch Office automatically grants users—whether they be onsite, mobile, or visiting—access to appropriate AppNotes resources, on demand. If the user does not exist in the local directory, Nterprise Branch Office checks the corporate LDAP directory and caches the user’s identity locally. • Network Attached Storage (NAS). Nterprise Branch Office appliance acts as a workgroup NAS appliance, allowing users to access and share files over any protocol. • Printing. Users can discover and install printers using a Web browser, and print to local printers using Nterprise Branch Office as a local print spool. • Centralized Backup. Because all data and services located on the Nterprise Branch Office appliance are also available at the central office, the local Nterprise Branch Office appliance is really just a disposable service cache, which allows for a high level of disaster tolerance.
Other benefits of Nterprise Branch Office include the ability to consolidate environments, build an employee portal, and allow users the freedom of secure communications and application access across the Internet without the high user cost associated with VPNs. You can replace your old WAN infrastructure with faster Internet connections, decreasing connectivity costs by as much as 50 percent while experiencing up to a ten-fold increase in bandwidth. You can also leverage Nterprise Branch Office with other Novell technologies such as Novell Cluster Services, ZENworks Synergy, and ZENworks for Desktops to create an full-featured Internet office.
Virtual Office Features In general, users of network services are more mobile today, even if it’s just the requirement to work at home once in a while. The ability to access network resources from any location—whether it be the main office, a remote or branch office, an Internet kiosk, the office of a customer or partner, at home or any station on the Internet—is critical.
NetWare 6.5 includes several services that enable the Virtual Office and provide secure file, application, and printer access from anywhere with a minimum of backend integration and management effort. In addition, it is easier than ever before to integrate communication and collaboration services and universal access to create a user-friendly, single-login Web experience though NetWare 6.5 Virtual Office. With NetWare 6.5, end-users are more connected, even if mobile, and can be much more productive.
www.novell.com/appnotes 12 Following are brief descriptions of the end-user productivity improvements in NetWare 6.5.
Virtual Office NetWare 6.5 can be configured to create a complete “virtual office” for end-users that provides file and application access, printing, and team communication and collaboration from any point on the Internet. Virtual Office provides users consistent access, as well as self-help and self-service options in a portal environment (see Figure 3). AppNotes
Figure 3: Virtual Office presents users with consolidated access to corporate resources.
Virtual Office components include:
• Web-based e-mail access through a standard browser to Novell GroupWise, Microsoft Exchange, and Lotus Notes back-ends • Powerful Web document searching capability for personal and public files. • An organized “Favorites” collection of preferred locations/documents/data. • Password management capability to create and reset personal passwords. • Personal Web page creation gives Virtual Office users a powerful way to publish documents and other information to a wide audience through a system-generated Web page. All creation and posting of the Web page can be easily completed without IT intervention. • Single point of access and authentication to other Virtual Office components such as Novell iFolder, iPrint, and eGuide. • Virtual Teams group collaboration resources, which are described next.
August 2003 13 Virtual Teams Virtual Teams provides specific Web-based applications for group communication and collaboration. End users can create or join a virtual team where each member of the team has common access to team resources. Virtual Team components include:
• Shared folders, which provide common file and directory access to any member of the team. • Internet chat (instant messaging), which allows users to engage in real-time,
AppNotes online dialog using a responsive and intuitive interface. • Team calendar, which gives team members the ability to track team events and activities. • Team discussions, which allows team members to participate in online threaded messaging by posting queries and comments and monitoring message board discussions. • Team favorites, which is a collection of addresses and resource locations pertinent to the team objective. • Team public Web page, which creates a system-generated Web page that provides a select view of team documents and information to be made available to individuals outside the team.
Novell iFolder 2.1 Novell iFolder provides data synchronization technology that enables users to access updated information for any device from any location. In effect, Novell iFolder provides a virtual, centralized file repository through the Internet. Each time a user device activates the Novell iFolder client, the files at both the client and server are checked for updates and any new changes are synchronized. Novell iFolder tracks all changes and keeps all subscribed clients and the server in sync with the latest modifications over standard HTTP Internet connections. Files from the virtual file server are securely updated at every client where a user connects. The reality is that files follow users online, offline, all the time.
Novell iFolder employs state-of-the art security to ensure that iFolder files can only be accessed by authorized parties. Login to iFolder requires a user ID and password which is enforced by eDirectory. Files are transmitted using encryption based on a pass phrase that only the user knows and has access to. Both login and transmission are securely protected.
New Novell iFolder features for NetWare 6.5 include: • Server pooling. Multiple Novell iFolder servers can be pooled from multiple locations to act as a single system. • PDA file access. Personal digital assistants can access files through a standard PDA browser. • Local iFolder directory specification. You can specify any directory on the local client (such as MyDocuments) as the Novell iFolder directory.
www.novell.com/appnotes 14 • Billing and management reporting. Organizations desiring to charge for Novell iFolder services can now track and log Novell iFolder use for billing. • Apache 2 support. Novell iFolder is now supported on Apache 2.
Novell iPrint Novell iPrint enables printing to any printer on the Internet. Using Internet Printing Protocol (IPP) and Novell Distributed Print Services (NDPS) technology, iPrint allows users to browse for available printers via an online map, automatically download and configure drivers, and print to the printer as if it were
local. AppNotes
New iPrint features in NetWare 6.5 include: • Printer Auditing. You can now track who printed, to what printer, and how many pages. • Local LPT port redirection. You can redirect a local printer port to an iPrint printer (similar to Capture functionality in NetWare’s QMS-based printing). • Moving printer agents. iPrint now provides the ability to move printers to different print managers. • User install. Power users can install iPrint printers on Windows workstations for Internet access. • Terminal server support. The iPrint client now supports a terminal server environment. • Enhanced SNMP support. Novell Remote Manager, iManager, and SNMP monitors can receive out-of-paper, toner low, busy, and other printer messages.
Novell eGuide 2.1.1 Novell eGuide was developed as an end-user tool to provide controlled and rapid access to information contained in eDirectory. Users are able to search for names, addresses, phone/fax numbers, e-mail, and any other information which may be stored in eDirectory or an LDAP-based repository.
New Novell eGuide capabilities in NetWare 6.5 allow:
• Self-service. End users can manage their own personal directory information. • Organization Charts. Using the inherent eDirectory user/group/organization structure, end users can determine personnel reporting structures and even generate org charts.
Automatic File Versioning NetWare 6.5’s automatic file versioning feature protects data by allowing users to find and restore previous versions of files. Through a browser interface, users can access properties of the file, including restoring recent versions and managing rights to files and folders.
August 2003 15 Web Application Development Features Web-based access to network resources is a primary requirement for today’s IT services. End users demand access from any Internet location, not just to Web sites and e-mail, but to files, applications, collaboration tools, and other network resources. Since many of these information resource requirements are unique to each organization, it is critical that development resources are available, based on open standards, and are cost feasible.
Web development technologies in NetWare 6.5 include Novell exteNd
AppNotes Application Server, which is a foundation for building and deploying cross-platform, high-performance, J2EE and Web service-based applications. The exteNd offering includes exteNd Workbench, a high-productivity J2EE and Web services development environment.
Novell exteNd Application Server With SilverStream now part of Novell, the exteNd Application Server has been included with NetWare 6.5 at no additional cost. This comprehensive, integrated services environment simplifies and accelerates the creation and delivery of Net business solutions. exteNd Application Server 5.0 provides the most complete foundation for building and deploying cross-platform, high-performance, J2EE and Web service-based applications.
exteNd provides breakthrough technology for XML integration to legacy systems, business process management, and advanced, Web-based applications. Features include personalization, content management, user management, wireless device support, and core functionality for creating J2EE and Web Services applications. Besides a J2EE Client and support for HTML, HTTP/HTTPS, LDAP, and XML, exteNd Application Server compatibility support includes: Common Object Request Broker Architecture (CORBA) 2.3, Enterprise JavaBeans 2.0, Java Connector Architecture 1.0, JavaMail 1.1, Java Remote Method Invocation (RMI) 1.0 and Internet Inter-ORB Protocol (IIOP) 1.0, Java Message Service 1.0.2, Java Server Pages 1.2, Java Database Connectivity (JDBC) 2.0 + extensions, Java Transaction APIs 1.0, Servlet 2.3, Simple Network Management Protocol (SNMP), Simple Object Access Protocol (SOAP) 1.1, Secure Sockets Layer (SSL) 3.0, Transport Layer Security (TLS) 1.0, Universal Description, Discovery and Integration (UDDI) 1.0, and Web Services Definition Language (WSDL) 1.0.
exteNd Workbench exteNd Application Server includes Novell exteNd Workbench, a high-productivity J2EE and Web services development environment, and industry-leading, high-performance CORBA, JMS, transaction management, and Web Services engines.
Beans for Novell Services These provide developers with an easy-to-use suite of Java components for rapid and effective development of Web applications with Net services.
www.novell.com/appnotes 16 NetWare Web Search Server Another Web-based tool included with NetWare 6.5 is the NetWare Web Search Server, which is a powerful full-text search engine you can use to add search capabilities to your Internet or intranet Web sites.
For more information on NetWare 6.5’s Web features, see “Overview of Novell Web and Application Services in NetWare 6.5” in this issue of AppNotes.
Open Source Features AppNotes NetWare 6.5 includes all of the “open source” development resources that are necessary for organizations to quickly and easily develop and implement sophisticated Web-based solutions. Open source support delivers advantages on two fronts. First, existing open source applications, utilities, and modules can now run in a NetWare environment without modification. Thousands of these are available from sources such as http://www.sourceforge.net and http://www.hotscripts.com. Second, it opens the way for AMP-based solutions to be deployed on NetWare 6.5. (For examples of AMP solutions running on NetWare, see http://osnamp.com.)
According to TheOpenEnterprise, “Apache . . . is the most widely-used of all Web servers. PHP, meanwhile, is most often deployed as an Apache add-on. Developers have been writing server scripts in Perl since the Web’s first days. And MySQL gained traction serving Web pages, leaving transaction-intensive jobs to commercial databases.” These services, commonly referred to as AMP (Apache, MySQL, PHP/Perl), are now available on NetWare and provide organizations the ability to host Web-based applications—whether existing or self-developed—with a minimum of integration effort and expense.
In addition, the large, existing LAMP (Linux, Apache, MySQL, Perl/PHP) developer community and its body of work is now available for NetWare environments. There are over 23 million Apache Web servers running, seven million existing PHP scripts, and over four million MySQL licenses.
Apache Web Server NetWare 6.5 includes Apache Web Server version 2.0.45. This version of Apache on NetWare has been optimized for better performance and has improved Web-based administration. For more information, see “Apache Manager: A Directory-Based Approach to Managing Apache Web Servers” in this issue of AppNote.
Tomcat Application Server Tomcat is an application server developed by the Apache Group that accommodates Java Servlets and JavaServer Pages (JSP). Tomcat version 4.0.18 is included with and runs on NetWare 6.5. It is installed automatically for NetWare Web applications and is available for use by developers.
August 2003 17 MySQL Also included with NetWare 6.5 is the MySQL Database Server v4.0.12. Considered by many to be the world’s most popular open source database, MySQL is fast and easy to customize. Extensive reuse of code within the software and a minimalistic approach to producing functionally-rich features has resulted in a database management system unmatched in speed, compactness, stability, and ease of deployment. MySQL’s unique architecture with separation of the core server from the storage engine makes it possible to run with strict transaction control or with ultra-fast transactionless disk access. AppNotes Perl NetWare 6.5 includes a new version of Perl, the general purpose programming language for Web-based applications. Capabilities include support for mod_Perl 5.8 and increased performance for the scripting engine through the exteNd Application Server. Perl scripts can be executed from the Apache Web Server using mod_Perl. Perl APIs also support LDAP extensions for eDirectory. Perl for NetWare, Novell’s previous Perl solution, is also supported.
PHP for NetWare PHP Hypertext Preprocessor (PHP) is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP has enjoyed phenomenal growth since its introduction and is primarily focused on server-side scripting to collect form data, generate dynamic page content, or send and receive cookies. In addition, PHP has extensive support for various output formats including images, PDF files, and Flash, plus strong support for text processing, database, protocols, and other extensions.
NetWare 6.5’s inclusion of PHP version 4.2.3 for NetWare enables a large collection of existing PHP applications to run without modification on NetWare. It also provides developers with the scripting, command line, and GUI application tools necessary to create state-of-the-art Internet and XML applications.
OpenSSH OpenSSH lets you perform secure transactions to and from your NetWare network via scripts, file copy, and FTP with most OpenSSH-compliant clients.
Nsure UDDI Server Novell’s Nsure UDDI Server leverages open standards such as HTTP, XML, and SOAP. It works with any LDAP v3 compliant directory in the backend. If you integrate UDDI server with Novell eDirectory, it leverages the eDirectory features such as authentication, authorization, unified account management, replication, and synchronization. It also provides centralized management of UDDI services.
Novell Nsure UDDI Server provides a Web interface that performs UDDI operations. The UDDI administration interface and UDDI user interface are Web-based utilities that run in a browser window and manage the UDDI registry. They share a common interface with other utilities that are based on the iManager framework and use eDirectory services.
www.novell.com/appnotes 18 Other New Features Here are brief descriptions of some of the other new features in NetWare 6.5 Auditing Novell Nsure Audit 1.0 provides robust auditing services to effectively monitor and track system activity so you can make informed decisionst hat ensure the safety of your valuable corporate information. Authentication
Novell Modular Authentication Services (NMAS) 2.2 provides advanced levels of AppNotes authentication to strengthen security. Supported methods include Smart Cards, biometrics, RADIUS, tokens, and X.509 certificates. Graded authentication lets you restrict access based on user identity or access method. Multifactored authentication secures access through multilevel authentication methods.
Internet Protocol v6 NetWare 6.5 includes support for Internet Protocol v6 (IPv6). IPv6 solves the Internet scaling problem (addresses), provides a flexible transition mechanism, meets the needs of mobile users, and supports automatic configuration (plug-and-play).
TCP/IP Stack Enhancements The TCP/IP stack for NetWare 6.5 has been enhanced with new features such as Virtual IP Addresses. Also provided is a centralized framework that stores and displays the IP addresses of the applications running on the server. This also helps in resolving IP address and port conflicts. For more information, see “Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack” in this issue of AppNotes.
Licensing NetWare 6.5 has a simplified licensing scheme based on users, not servers. This reduces licensing costs and allows unlimited connections per user.
Native File Access Protocols NetWare 6.5’s support for native file access protocols (NFAP) allows Macintosh, UNIX/Linux, and Windows users to natively access files on NetWare servers from these desktop operating systems. Files stored on NetWare servers appear and are manipulated just as if they were Macintosh, NFS, or Windows files. This simplifies network use in mixed desktop environments and reduces training requirements. Improvements to NFAP in NetWare 6.5 include: • Macintosh. NetWare 6.5 includes AFP 3.1 support for Mac OS X natively, encrypted passwords, long file names (256 characters), files greater than 4GB, and cluster failover auto reconnect. • NFS. Native file access for NFS has been completely redesigned for better performance and new capabilities, which include file locking, NetWare rights mode, files greater than 4GB, easier NFS filename export and format, and Web-based NFS server administration.
August 2003 19 • Windows. Native file access for Windows has improved context handling and login methods with support for encrypted passwords, full UNICODE support, improved CIFS performance, Microsoft login scripts, and 64-bit support for files greater than 4GB.
NetWare Remote Manager NetWare Remote Manager is a global server management utility that lets you manage servers remotely, thus boosting IT staff productivity. Improved inventory management and group management features in NetWare 6.5 let you manage more NetWare servers globally and synchronize specific settings on them. AppNotes
Novell eDirectory 8.7.1 NetWare 6.5 comes with eDirectory 8.7.1, the industry’s most popular directory. For a listing of new features, see “New Developer Features in Novell eDirectory 8.7.1” in this issue of AppNotes.
NetWare 6.5 Installation Enhancements The NetWare 6.5 installation procedure has been simplified and modularized to allow flexibility in creating different server configurations. A DOS boot partition is still required, but the installation process from the bootable NetWare 6.5 CD1 (Operating System) CD automatically creates this partition. NetWare 6.5 installation has been further enhanced with the introduction of the remote upgrade feature and “patterned deployments.”
Remote Upgrade One of the new features in NetWare 6.5 is the ability to remotely upgrade any servers in your network from any location, eliminating the time and expense of travel to remote sites. The process is a simple one that can be accomplished either through the Remote Upgrade option in iManager 2.0 or by selecting Remote Upgrade from the NetWare Deployment Manager.
Patterned Deployments Patterned deployments allow administrators to select from any one of a number of server installation options which reduces the time and steps required to set up a new server. The following installation options are available.
Basic NetWare Server. The “basic” NetWare file server option has been reduced to installing just the Apache Web server and Tomcat application server. These servers are used for NetWare administration and management. The install of other products has been modularized and all other services can be installed later at any time. Manual creation of a DOS partition is no longer required and installation is automated if using a bootable CD-ROM.
Custom NetWare Server. The “custom” NetWare server option allows advanced administrators to individually select which services, applications, and utilities they will install. Customized components available for install include:
www.novell.com/appnotes 20 • Apache 2 Web server and Tomcat 4 Servlet Container • eDirectory SNMP Subagent • exteNd Application Server •MySQL • NetWare FTP server • NetWare Web Search Server • Novell DNS/DHCP Services
• Novell eGuide AppNotes • Novell iFolderr • Novell iPrint • Novell Nsure UDDI Server • Novell Nterprise Branch Office - Central Office Server • Novell iManager 2.0 • Novell Virtual Office • OpenSSH • WAN Connectivity • WAN Traffic Manager
Pre-Configured Servers. The following Pattern Deployment options are available for creating pre-configured NetWare servers with a minimum amount of effort: • DNS/DHCP Server • exteNd J2EE Web Application Server • LDAP Server • NetWare AMP (Apache, MySQL, PHP/Perl) Server • NetWare Backup Server • NetWare Web Search Server • Nterprise Branch Office Server • Apache/Tomcat Server • Network Attached Storage (NAS) Server • iSCSI Storage Server • Management Server • Novell iFolder Server • Virtual Office Server
Pre-Migration Server. The Pre-Migration Server feature creates a NetWare 6.5 server to which an existing server can be migrated.
August 2003 21 Installation Requirements The minimum system requirements for NetWare 6.5 are: • A server-class PC with a Pentium II or AMD K7 processor • 512 MB of RAM • A Super VGA display adapter • A DOS partition of at least 200 MB with 200 MB available space • 2 GB of available disk space for volume SYS: (unpartitioned space outside
AppNotes the DOS partition) • One or more network adapters •A CD drive • A USB, PS/2, or serial mouse (recommended but not required)
Note: Some NetWare 6.5 installation options have other recommended system requirements. For more information, see the related installation documentation.
The software requirements for NetWare 6.5 are:
• NetWare 6.5 CD1 (Operating System) • NetWare 6.5 CD2 (Products) • DOS 3.3 or later (Do not use the version of DOS that ships with Windows 95, Windows 98, or Windows NT operating systems. A bootable OS floppy diskette can be created when booting the NetWare 6.5 Operating System CD.) • DOS CD drivers • Client connection utilities (optional for installing from a network) • Novell Client for DOS and Windows 3.1x (optional for installing from a NetWare server running IPX) • IP Server Connection Utility (optional for installing from a NetWare server running IP only)
Other pre-installation requirements include the following: • If this is the first NetWare 6.5 server on the network, you must have Supervisor rights at the [Root] of the eDirectory tree. • If this is not the first NetWare 6.5 server on the network, you must have Supervisor rights to the container where the server will be installed and Read rights to the Security container object for the eDirectory tree. • If you will be connecting your NetWare 6.5 server to the Internet, you’ll need an IP address for the server, the IP address of a Domain Name Server, and the name of your domain.
A complete (or even cursory) description of how to install NetWare 6.5 and all associated NetWare services is beyond the scope of this AppNote. For more information, refer to the installation documentation.
www.novell.com/appnotes 22 Conclusion NetWare 6.5 is the most reliable services platform for delivering secure, non-stop access to network and information resources. It is engineered to deploy business-critical, open source-enabled services. With NetWare 6.5, Novell provides customer choice and flexibility, greater application interoperability, continuous availability, and tools that deliver new levels of productivity.
As customers pursue the business advantages of the one Net vision in general, and Nterprise solutions in particular, NetWare 6.5 will play a central role, bringing
new capabilities to people in all parts of the enterprise. It provides end users with AppNotes services that enhance personal and team productivity. For IT administrators, it provides infrastructure and administrative tools to manage a complete business continuance solution. And it offers a strong Web services and open source strategy for IT developers.
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
August 2003 23 Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use?
AppNotes Feature Article NOVELL APPNOTES
Bruce Cutler Software Engineer Novell, Inc. [email protected]
This AppNote provides an overview of two updated utilities that have been released along with NetWare 6.5: the Migration Wizard 6.5 and the Server Consolidation Utility 2.5. It covers the new features of each and explains when you would use one over the other. It also introduces the NSS Volume Split/Move feature in NetWare 6.5.
Contents:
• Introduction
• Overview of the Utilities
• Migration Wizard 6.5 Features
• New Features in the Server Consolidation Utility 2.5
• Conclusion
Top ic s NetWare server upgrades, server migration, server consol- idation, NSS volumes Products NetWare 6.5, Migration Wizard 6.5, Server Consolidation Utility 2.5 Audience network administrators, installers Level beginning Prerequisite Skills familiarity with NetWare servers Operating System NetWare 6.5 Too ls none Sample Code none
www.novell.com/appnotes 24 Introduction With the release of NetWare 6.5, Novell has released two updated utilities: the Migration Wizard version 6.5 and the Server Consolidation Utility version 2.5. There is also a third related capability called NSS Volume Split/Move.
The purpose of this AppNote is to clarify what these utilities do and when you would use one over the other. It will also cover some of the new features of the Migration Wizard and the Server Consolidation Utility.
For the remainder of this article, whenever I refer to eDirectory, it also applies to AppNotes NDS. eDirectory is simply a newer version (8.x) of NDS.
Overview of the Utilities This section provides a brief overview of the utilities and the primary uses for each one.
Migration Wizard 6.5 The Migration Wizard 6.5 utility is designed to help you transfer the identity of one server to another server. This is what is referred to as a server hardware upgrade. (If you are going to add a new server with a new name into the tree, you wouldn’t use the Migration Wizard.) By transferring the identity from one physical server to another, you won’t need to update any client applications that may be doing drive mappings or running applications based on the server name. All file system data, including meta-data such as file trustees, ownerships and attributes, is copied from the old machine to the new one (see Figure 1).
Source Server Destination Server
"Server 1" New "Server 1" File System Data File System Data
Bindery Objects NDS Objects
NetWare 3.2 NetWare 6.5 Original server is not modified
"Server 2" New "Server 2" File System Data File System Data
NDS Database NDS Database Backed Up Restored
NetWare 4.2 NetWare 6.5 5.0, or 5.1 Replaces and assumes identity of old "Server 2"
Figure 1: Server hardware upgrade with the Migration Wizard 6.5.
August 2003 25 The eDirectory files are also transferred from the old server to the new one without any additional work on your part. After the migration, the eDirectory partitions that existed on the old server will exist on the new server. This is because the Migration Wizard backs up the entire eDirectory database on the source server and restores it on the destination server.
Once the migration is complete, the old (source) server will be brought down and the new (destination) server will be rebooted. When it comes back up, it will have the source server’s name. Most of the process is automated, but you will have to manually change the IP address of the destination server to match that of the AppNotes source server. Products and services are not migrated. Once the migration is complete, you will need to re-install all applications and reconfigure them, if necessary.
Server Consolidation Utility 2.5 The Server Consolidation Utility copies file system data and meta-data from one location to another within the same eDirectory tree or between trees. It also moves printer agents from one print manager to another within the same tree. If you are moving data between trees, it allows you to match up file trustees. If the file trustees are User objects or Group objects, you can create new users and groups in the destination tree based on the users and groups in the source tree (see Figure 2).
Source Servers Destination Server
TREE 1
File System Data File Trustees S1 (User and Group Objects) Printer Agents Super Server 1 OR
S2 File System Data File Trustees (User and Group Objects)
TREE 2 Super Server 2 S3 NetWare 4.1, 4.11, 4.2 NetWare 6.5 5.0, 5.1, or 6.0 (or NT 4.0 Domains)
Figure 2: Combining multiple servers into one with the Server Consolidation Utility 2.5.
NSS Volume Split/Move Another feature in NetWare 6.5 is NSS Volume Split/Move, which is accessed via the Novell Storage Services (NSS) utilities. This feature allows you to take an existing volume and split it across two different physical locations. It keeps the same physical volume name but it is logically split between multiple locations (see Figure 3).
www.novell.com/appnotes 26 NetWare 6.5 NetWare 6.5 Server Server
S1 S2 AppNotes
SYS VOL 1 APPS SYS
Extra space on this disk configured as part of logical volume S1/VOL1:
Figure 3: Extending a NetWare 6.5 volume with the NSS Volume Split/Move feature.
You can use the Volume Split/Move capability if you have a volume that needs more space on one server and you have extra space available on another server. Because the volume is made larger while keeping the same logical volume name, no clients will have to be modified.
Migration Wizard 6.5 Features This section provides additional details on the features of the Migration Wizard 6.5.
Source and Destination Server Versions The Migration Wizard allows you to do a hardware upgrade from and to servers running the following versions of NetWare:
Old Server Version New Server Version
3.12, 4.11, 4.2, 5.0, 5.1 5.1, 6.0, 6.5 6.0 6.0 6.5 6.5
The first question you are probably asking is, why can’t I migrate from NetWare 6.0 to 6.5? There are two parts to the answer.
August 2003 27 First, with the introduction of NetWare 6.0, a large number of services were added to the operating system. When you upgrade a server, these applications need to be upgraded at the same time. This means that, not only would you have to change the server hardware and upgrade the operating system (OS), but you would also be upgrading multiple applications. It has been our experience that the more changes you make at one time, the more risk there is of something going wrong. Conversely, the more you can control the changes, the easier it is to find and fix any problems that may occur. Upgrading the hardware, OS, and applications all at the same time created what we deemed an unacceptably large risk. Therefore, we eliminated the direct approach of upgrading the hardware, OS, and applications all AppNotes at once.
Second, in NetWare 6.5 a new Remote Upgrade option has been introduced which will allow you to remotely upgrade a running server from your workstation. Previously, you had to go to the server to do the upgrade. Now you can do this from the comfort of your office, through the Remote Upgrade option in either iManager 2.0 or the NetWare Deployment Manager.
In light of these changes, you now have two choices to move from NetWare 6.0 to 6.5:
• You can do an in-place upgrade from NetWare 6.0 to 6.5 on the old hardware, if your hardware meets the NetWare 6.5 requirements.
• You can install NetWare 6.0 on a new destination server, migrate the source server to it using the Migration Wizard, make sure it functions correctly, and then use the Remote Upgrade option on the destination server to upgrade it to NetWare 6.5.
Based on the rationale presented above, in the future the Migration Wizard will only be used to perform hardware upgrades (same NetWare OS on both source and destination).
New Features Rather than detail all of the features that have been brought forward from previous releases of the Migration Wizard, this section will simply address the significant new features in the Migration Wizard 6.5. For information about the features available in previous releases, see “Upgrading or Migrating to NetWare 6” in the October 2001 issue of Novell AppNotes, available online at http://developer.novell.com/research/appnotes/2001/october/02/a011002.htm.
File Copy. The file copy operation no longer requires you to have exactly the same volumes on the source and destination servers. Now you can model the project by dragging and dropping folders from the source server to the destination server. Once you have completed the model, you select to begin the migration.
www.novell.com/appnotes 28 When the project is created, you drop the standard SYS folders from the source into the SYS:SYS.MIG directory of the destination. The standard SYS folders are defined as any folders that exist on the destination folder’s SYS volume when you create the project. You can back them out, if desired, prior to doing the migration. You can also drop other folders from the source to the destination. You can select a container, click the right-mouse button, and select “Show Dropped Directories” to see all the dropped folders, including the ones you’ve dropped and the ones the system dropped for you.
When you’ve completed the file modeling phase, select the Project/Migrate menu option or click the Migrate button. You will then see the familiar four-step AppNotes migration process from the previous version of the Migration Wizard, as shown in Figure 4.
Figure 4: The four-step migration process in the Migration Wizard.
• In Step 1, the files are copied according to what you have dragged and dropped in the project model. • Step 2 is Edit Configuration Files. • Step 3 is Begin eDirectory/NDS Migration. • Step 4 is Continue eDirectory/NDS Migration.
Steps 1, 2, and 4 have not substantially changed. Step 3 still goes through the same process as the previous version, but it stops after each sub-step to allow you to verify that the step completed correctly.
• The first sub-step modifies the configuration files on the destination server. • The second sub-step backs up the eDirectory /NDS database on the source server and copies it to the destination.
August 2003 29 • The third sub-step downs the source server. • The fourth sub-step removes eDirectory from the destination server and renames the destination server. • The fifth sub-step restores and upgrades eDirectory/NDS to the destination server. • The final sub-step of the process reboots the destination server with the source server’s name.
Since each step adds complexity to restoring, you need to make sure that each step AppNotes completes correctly. If any of these steps fail, you are given a procedure to bring the old server back online without any loss of data. This is done by following the dialog box instructions. You can abort the migration at any step except for the final sub-step, and relatively easily back out of the migration. Once the destination server reboots and starts advertising as the source server, it is more difficult to get the old server back to its pre-migration state. That’s why the Migration Wizard asks you to make sure all the previous steps have completed successfully before performing the final step.
New Features in the Server Consolidation Utility 2.5 A number of new features have been added to the Server Consolidation Utility since version 1.0 was released. • The 1.0 release only allowed you to copy files between servers within the same tree. You can now move data between trees, maintaining all trustees and ownerships. • The NT-to-NetWare migration capability has been moved from the Migration Wizard to the Server Consolidation Utility.
The following sections highlight some additional new features.
File Synchronization In addition to being able to refresh the destination server with newer files from the source server, you can also select to delete files and folders from the destination that don’t exist on the source. This way you can copy a set of files and, at a later point in time, refresh the files, which will copy all newer files and delete any files from the destination that were deleted from the source since the last update.
File Comparison If you want to be assured that all of the file system data copied correctly, you can select to have the Server Consolidation utility check for you. If this option is selected, the utility will compare the file and directory names, dates (Last Accessed, Last Modified, Created), size, attributes (Read-only, Hidden, System, and so on), trustees, and ownerships. You can also select to have it compare the actual file contents. Of course, this final option could be rather time consuming; however, the client does all of the processing for the comparison routines so as not to burden the servers unnecessarily.
www.novell.com/appnotes 30 Date Selection You can select to copy files based on dates. For example, you might not want to copy any files that haven’t been accessed for a long time. The three date selections are: Last Accessed, Last Modified, and Created. There is an “On or Before” and an “On or After” date for each type (see Figure 5). AppNotes
Figure 5: Filtering files based on dates.
Wildcard Selection You can select to exclude certain files from being copied based on file extension. For example, if you don’t want to copy MP3 files that your users have stored on the network, you can select to exclude them from the copy process by entering “*.mp3”. You can also select individual files that you don’t want copied as well. This is done by entering the full name of the file, such as “Sam’s file.doc” (see Figure 6).
Figure 6: Excluding files through wildcard selection.
August 2003 31 Space Check You can have the utility check to make sure there is enough room on the destination volume to copy the files. It adds up the space for all dropped directories for each volume and reports the estimated size requirements. Obviously, if you have already copied some or all of the files and are just refreshing the copy, it would appear that you don’t have enough space. This would be an erroneous message because you might actually have enough space. We’ve all seen this before, especially when reinstalling applications.
Disable Login AppNotes If you want to be absolutely sure that all files copy, you can have the utility disable the login on the source server while copying files from it. Of course, you will have to initially get everyone off the server. The utility doesn’t delete connections prior to disabling the login.
Server-to-Server Copy This is not a new feature, but it is worth noting. The Server Consolidation Utility copies the files directly from server to server, without them passing through the workstation. Once the copy begins, the workstation is only used to monitor the copy process.
Conclusion With the release of NetWare 6.5, the Migration Utility and the Server Consolidation Utility have been greatly enhanced for your benefit. These enhanced utilities, along with the new NSS Volume Split/Move feature, are designed to help you get the most out of your investment in NetWare.
If there are features that you would like to see in future releases of these utilities, we’d like to hear about them. We’d also be interested in your success stories. Novell has grand plans for these utilities, especially the Server Consolidation Utility, as they move to the Linux platform. Send your feedback to [email protected].
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
www.novell.com/appnotes 32 Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack
Feature Article AppNotes NOVELL APPNOTES
Jambunathan K Senior Software Engineer Novell, Inc. [email protected]
Thanks to Brad Rupp for his valuable contributions to this AppNote.
With the release of NetWare 6.5, Novell has enhanced the TCP/IP stack to support virtual IP addresses. This new feature is another high-availability offering that enables administrators to easily manage name-to-IP address associations of business services. It complements the existing load balancing and fault tolerance features of the TCP/IP stack and enhances the availability of servers that reside on multiple subnets. This AppNote introduces this feature, highlights its advantages with simple examples, and suggests scenarios where it could be put to best use.
Contents: • Introduction • Virtual IP Addresses: Basic Concepts • Advantages of Virtual IP Addresses • Other Added Features • Reducing the Consumption of Additional IP Addresses • Typical Deployment Scenarios • Conclusion
To pics virtual IP address, TCP/IP stack, IP addresses, NetWare features Products NetWare 6.5 TCP/IP stack Audience network administrators Level beginning Prerequisite Skills familiarity with TCP/IP concepts Operating System NetWare 6.5 To ols none Sample Code no
August 2003 33 Introduction A virtual IP address is an IP address that is bound to a virtual NIC that is driven by a new virtual driver named VNIC.LAN. As the name suggests, this virtual NIC is a purely virtual entity that has no physical hardware counterpart.
Conceptually, a virtual NIC can be thought of as a conventional TCP/IP Loopback Interface with added external visibility. Similarly, virtual IP addresses can be thought of as conventional Loopback addresses with the “127.0.0.0” IP network constraint relaxed. AppNotes You can think of a server with a virtual NIC and a virtual IP address as an interface to a virtual “internal IP network” which contains the server as the one and only host. This simple analogy is helpful in understanding virtual IP addresses and appreciating their advantages that will be detailed in this AppNote.
Regardless of their virtual nature, the virtual IP address and the virtual NIC essentially behave like physical IP addresses and physical NICs and are similarly configured through the command line, the INETCFG server-based utility, or the NetWare Remote Manager (NRM) Web-based utility.
Virtual IP Addresses: Basic Concepts
Definitions Here are some definitions of terms relating to virtual IP addresses.
Virtual driver. The VNIC.LAN driver provided by Novell.
Virtual board (NIC). Any board configured over the virtual driver.
Virtual IP address. Any IP address that is bound to a virtual board.
Virtual IP network. An IP network of which the virtual IP address is a part. In practical terms, this is defined by the virtual IP address together with the IP network mask with which it is configured.
Host mask. The IP network mask consisting of all 1s - FF.FF.FF.FF (255.255.255.255).
Physical IP address. Any IP address that is not a virtual IP address. In practical terms, it is an IP address that is configured over a physical hardware NIC.
Physical IP network. An IP network of which a physical IP address is a part. In practical terms, a physical IP network identifies a logical IP network that is configured over a physical hardware wire.
www.novell.com/appnotes 34 Unique Characteristics of Virtual IP Addresses Virtual IP addresses are unique in that they are bound to a virtual “ether” medium as opposed to any “physical” network medium such as Ethernet, Token Ring, and so on. In other words, the virtual IP address space is exclusive from the physical IP address space. As a result, virtual IP network numbers need to be different from any other physical IP network numbers. However, it should be understood that this mutual exclusivity of the IP address space for the physical and virtual networks doesn’t preclude the possibility of configuring multiple virtual IP networks in a network domain. AppNotes
Advantages of Virtual IP Addresses In spite of their simplicity, virtual IP addresses offer two main advantages over their physical counterparts:
• High availability • Unlimited mobility
These advantages mainly stem from the fact that virtual IP addresses are purely virtual and are not bound to a physical network wire. These two unique advantages are explored in detail in the following sections.
High Availability If defined on a multi-homed server (one with more than one physical NIC), a virtual IP address is a highly-reachable IP address on the server when compared to any of the physical IP addresses, particularly in the event of server NIC failures. This assumes that the server is running a routing protocol and advertising its “internal” virtual IP network— which only it knows about and can reach—to other network nodes. The limited reachability of physical IP addresses is due to two reasons:
• TCP/IP protocols use link-based (network-based) addressing to identify network nodes. As a result, the routing protocols preferentially deliver a packet to the server through the network that the target IP address is part of. • Dynamic routing protocols are extremely resilient to intermediate link and router failures, but they do not adapt well to failures of links at the last hop that ultimately delivers a packet to the destination. This is because the last hop link is typically a “stub” link that does not carry any “routing heartbeats.”
Therefore, if one of the physical cards in a server fails, the server—as well as any service that it hosts on the corresponding physical IP address—may become inaccessible. This could be the case in spite of the fact that the server is still up and running and can be reached through the other network card.
August 2003 35 The virtual IP address feature circumvents the above problem by creating a virtual IP network different from any of the existing physical IP networks. As a result, any packet that is destined for the virtual IP address is forced to use a virtual link as its last hop link. Because it is purely virtual, this last hop link can be expected to always be up. Also, because all other real links are forcibly made to act as intermediate links, their failures are easily worked around by the dynamic routing protocols.
The above reasoning can be better understood with the help of a simple example. Consider a network configuration as shown in Figure 1. AppNotes
Server
1.1.1.1 X 2.2.2.1 1.1.1.2 2.2.2.2 Router 1 Router 2
3.3.3.1 3.3.3.2
3.3.3.3
Client
Figure 1: A multi-homed server with all nodes running some dynamic routing protocol.
In this network, the server is a multi-homed server hosting a critical network service. For simplicity’s sake, assume that all nodes are running some dynamic routing protocol.
If the client wants to communicate with the server with the IP address 1.1.1.1, it will try to reach the server through the nearest router, which is Router 1. If the 1.1.1.1 interface were to fail, Router 1 would continue to advertise reachability to the 1.0.0.0/FF.0.0.0 network and the client would continue to forward packets to Router 1. Being undeliverable, these packets would ultimately be dropped by Router 1. Therefore, in spite of the fact that the service is still up and running and can be reached through the other active interface, it is rendered unreachable. In this scenario, a recovery would involve the ability of the client application to retry the alternate IP address 2.2.2.1 returned by the Name Server.
www.novell.com/appnotes 36 Now consider the same scenario but with the server configured with a virtual IP address and the client communicating with the virtual IP address instead of one of the server’s real IP addresses, as shown in Figure 2.
4.4.4.1 (Virtual IP) Server AppNotes
1.1.1.1 X 2.2.2.1 1.1.1.2 2.2.2.2 Router 1 Router 2
3.3.3.1 3.3.3.2
3.3.3.3
Client
Figure 2: A multi-homed server configured with a virtual IP address.
In this configuration, if the 1.1.1.1 interface were to fail, the client would ultimately learn the new route through Router 2 and would correctly forward packets to Router 2 instead of Router 1. Thus, despite physical interface failures, a virtual IP address on a multihomed server acts as an always-reachable IP address of the server.
Generalizing the above discussion, it can be said that if a connection between two machines is established using a virtual IP address as the end-point address at either end, the connection will be resilient to interface failures at either end.
There are two important side-effects that directly follow from the highly- reachable nature of virtual IP addresses:
• They completely and uniquely identify a multi-homed server. A multi-homed server with a virtual IP address no longer needs to carry multiple DNS entries for its name in the naming system. • They significantly enhance the LAN redundancy inherent in a multi-homed server. If one of the subnets to which a server interfaces were to fail completely or be taken out of service for maintenance, the routing protocols will re-route the packets addressed to the virtual IP address through one of the other active subnets.
August 2003 37 Bear in mind that this resilience against interface failures provided by virtual IP addresses depends on the fault resilience provided by the dynamic routing protocols, as well as fault recovery features such as retransmissions built into the application logic.
Unlimited Mobility Virtual IP addresses are highly mobile, as opposed to physical IP addresses which are limited in their mobility.
The degree of mobility is determined by the number of servers to which an IP AppNotes address on a specific server could be moved, given a choice. In other words, if you choose a physical IP address as an IP address of a network resource, you are limiting the set of potential servers to which this resource could be transparently failed-over to a set of servers that are bound to the same wire (that is, on same subnet).
On the other hand, if you choose a virtual IP address, the set of servers to which the resource could be transparently moved is potentially unlimited. This is due to the sheer nature of virtual IP addresses; they are not bound to a physical wire and as a result carry their virtual network to wherever they are moved. Again, there is an implicit assumption here that the location of virtual IP address, wherever it be, is advertised through the owning server through some routing protocol.
The ability to move an IP address across different machines becomes particularly important when it is required to transparently move (or “fail over” in clustering parlance) a network resource that is identified by an IP address (which could be a shared volume or a mission-critical service) to another server.
This unlimited mobility of virtual IP addresses is a boon to network administrators, offering them more ease of manageability and greatly minimizing network reorganization overhead. For network administrators, the shuffling of services between different IP networks is the rule rather than the exception. The need often arises to move a machine hosting a particular service to some other IP network, or to move a service hosted on a particular machine to be re-hosted on some other machine connected to a different IP network. If the service is hosted on a physical IP address, accommodating these changes involves re-hosting the service on a different IP address pulled out from the new network, and appropriately changing the DNS entry for the service to point to the new IP address. However, if the service is hosted on a virtual IP address, the necessity of changing the DNS entries for the service is eliminated, thereby saving time on an additional overhead.
Other Added Features
Support for Host Mask Virtual boards support the configuring of virtual IP addresses with a host mask.
www.novell.com/appnotes 38 Source Address Selection for Outbound Connections As mentioned earlier, full resilience of connections to interface failures can be ensured only when the connections are established between machines using virtual IP addresses as end-point addresses. That means an application which initiates outbound connections to a virtual IP address should also preferably use a virtual IP address as its local end-point address.
This wouldn’t be much of a problem if the application bound its local socket end-point address with a virtual IP address. But there are some legacy applications that bind their sockets to a wildcard address (such as 0.0.0.0). When these applications initiate an outbound connection to other machines, TCP/IP chooses AppNotes the outbound interface’s IP address as the local socket end-point address. In order for these legacy applications to also take advantage of the fault resilience provided by the virtual IP address feature, the default source address selection behavior of TCP/IP has been enhanced to accommodate the use of a virtual IP address as the source IP address. As a result, whenever a TCP or UDP application initiates an outbound connection with a wildcard source IP address, TCP/IP will choose the first bound virtual IP address as the source IP address for the connection.
This enhanced source address selection feature can be enabled or disabled globally as well as on a per-interface basis. This feature is enabled by default on all interfaces.
Reducing the Consumption of Additional IP Addresses The only drawback in reaping the benefits of virtual IP addresses is the consumption of additional IP addresses. This constraint stems from the requirement that virtual IP network addresses must be different from all other real IP network addresses. While this constraint is not particularly severe in enterprises that use private addressing (where the IP address space is potentially large), it could become limiting in organizations that do not use private addresses.
In enterprises that use fixed-length subnetting together with a dynamic routing protocol like RIP-1, each virtual IP address could consume a large number of host IP addresses. One way to circumvent this problem is to configure a virtual IP address with a host mask of all 1s (that is, FF.FF.FF.FF), thereby consuming only one host IP address. Of course, the viability of this option depends on the ability of the RIP-1 routers on the network to recognize and honor the advertised host routes.
In autonomous systems that use variable-length subnet masking (VLSM) together with routing protocols like RIP-II or OSPF, the consumption of additional IP addresses is not a big problem. You could simply configure a virtual IP address with as large an IP network mask as possible (including a host mask of all 1s) and thereby limit the number of addresses consumed by the virtual IP address space.
Note: As of this writing, the propagation of virtual IP addresses to other network nodes is supported only through RIP. However, Novell is planning to add support for OSPF in the near future.
August 2003 39 Typical Deployment Scenarios Virtual IP addresses can potentially be used in any scenario that necessitates exploiting of their unique advantages discussed in this AppNote. This section details some typical deployment scenarios that are expected to be widely used.
Business Continuance Clusters With the amount of mission-critical information being stored electronically today, businesses can no longer afford to lose access to their data. Access problems lead to expensive downtime, loss of revenue, or even failure of the business. To protect AppNotes against this, many IT managers see the need to implement a disaster recovery solution. Using Novell Cluster Services, an IT department can build a highly- available disaster recovery solution using commodity hardware.
A Novell Business Continuance Cluster is a group of two or more independent, geographically-dispersed clusters. The data is replicated between the two clusters using SAN (Storage Area Network) hardware. Figure 3 shows the essentials of this clustering solution.
Clients Clients
N N N N N N N N
SAN
Cluster Site 1 Cluster Site N
Figure 3: A Business Continuance Cluster.
As an example, consider a fictitious company called Acme Data Services. Because of the mission-critical nature of Acme’s data, they have chosen to build a disaster recovery solution using a Novell Business Continuance Cluster. The primary cluster and data center is in New York, while the secondary cluster and data center is in New Jersey. The two data centers are connected via a SAN. Furthermore, clients have connectivity to all the nodes in both clusters. In the unfortunate event that some form of disaster destroys Acme’s primary data center, services can quickly and easily be restarted on the cluster nodes in the secondary location.
www.novell.com/appnotes 40 In any network environment, one of the first obstacles that must be tackled is how clients locate and connect to the services. A Business Continuance Cluster can exacerbate this problem because services can migrate to nodes on a completely different network segment. While there are many potential solutions to this problem, such as DNS and SLP, none of them offers the simplicity and elegance of virtual IP addresses. With virtual IP addresses, the IP address of the service can follow the service from node to node in a single cluster, as well as from node to node in separate, distinct clusters. This makes the client reconnection problem trivial; the client only has to wait for the new route information to be propagated to the routers on the network. No manual steps are required, such as modifying a DNS server. AppNotes
To use a virtual IP address in a Business Continuance Cluster, the use of a host mask is recommended. To understand why, consider the fact that each service in a clustered environment must have its own unique IP address—or, in this case, a unique virtual IP address. Furthermore, consider that each virtual IP address belongs to a virtual IP network whose route is being advertised by a single node within a cluster. Because Novell Cluster Services can migrate a service and its virtual IP address from one node to another, it follows that the virtual IP network must migrate to the same node as the service. If multiple virtual IP addresses belong to a given virtual IP network, one of two events must occur:
• All services associated with the virtual IP addresses on a given virtual IP network must fail-over together. • The virtual IP addresses on a given virtual IP network must go unused, thereby wasting a portion of the available address space.
Neither of these situations is desirable. Fortunately, the use of host masks remedies both.
Once the appropriate virtual IP addresses and host masks have been determined, virtual IP addresses can be enabled in a Business Continuance Cluster via a three-step process.
First, the AUTOEXEC.NCF file on each node in both clusters must be modified to add the following lines, which load the virtual driver and create a virtual board named “VNIC”. The new virtual board is then bound to the real IP address 1.1.1.1.
LOAD VNIC NAME=VNIC BIND IP VNIC Mast=255.255.255.0 Address=1.1.1.1 Second, the command to bind a virtual IP address for the service must be added to the cluster resource load script. The following is an example of a cluster resource load script for a standard NetWare volume called “Homes”. This example uses host masks and assumes the virtual board has been named VNIC. Notice the addition of the “BIND IP VNIC Mask=255.255.255.255 Address=4.4.4.1” command, which binds the virtual IP address to the virtual board.
August 2003 41 nss /poolactivate=HOMES mount HOMES VOLID=254 CLUSTER CVSBIND ADD BCC_HOMES_SERVER 4.4.4.1 NUDP ADD BCC_HOMES_SERVER 4.4.4.1 BIND IP VNIC Mask=255.255.255.255 Address=4.4.4.1
Finally, the command to unbind the virtual IP address must be added to the cluster resource unload script. The following is the matching cluster resource unload script for the same NetWare volume discussed above. Notice the addition of the “UNBIND IP VNIC Address=4.4.4.1” command, which unbinds the virtual IP address from the virtual board. AppNotes UNBIND IP VNIC Address=4.4.4.1 CLUSTER CVSBIND DEL BCC_HOMES_SERVER 4.4.4.1 NUDP DEL BCC_HOMES_SERVER 4.4.4.1 nss /pooldeactivate=HOMES /overridetype=question
Virtual Server Farms Behind L4 Switches Over the last few years, enterprises have seen a large increase in network traffic seeking to access their mission-critical services. As a result, administrators are increasingly resorting to a Virtual Server Farm architecture in which a cluster of servers is configured behind a Layer 4 (L4) switch. The L4 switch distributes the incoming traffic across these servers, thereby providing better response times and increased scalability.
The popularity of these deployments has resulted in varied architectures for L4 switches. One such architecture is “MAC Bridging.” In this architecture, the L4 switch and the individual servers in the farm share a common subnet and a “Virtual IP Address” over which the service is hosted. Even though this address is shared across both the L4 switch and the individual servers in the farm, every incoming IP packet addressed to the “Virtual IP Address” is intercepted only by the L4 switch. The switch then “bridges” the packet to a selected server in the farm by replacing the target MAC address (which is its own) with the MAC address of the selected server in the cluster.
Figure 4 shows a typical Virtual Server Farm configuration.
www.novell.com/appnotes 42 10.0.0.1/ff.ff.ff.ff 10.0.0.1/ff.ff.ff.ff (Virtual IP) (Virtual IP)
Server 1 Server 2 AppNotes
10.0.0.3 10.0.0.4 10.0.0.5
10.0.0.1 10.0.0.2
L4 Router Internet Switch
Figure 4: A typical Virtual Server Farm configuration.
Two key necessities in this architecture are:
• Individual servers in the farm must recognize the bridged packet from the L4 switch as their own. Therefore, the virtual IP address needs to be bound on the servers.
• Only the L4 switch should intercept incoming requests, not any of the individual servers. For this to work, the servers should not respond to any incoming ARP queries for the virtual IP address.
These necessities are easily met by configuring the “Virtual IP Address” of the farm as a virtual IP address on the virtual NIC.
Deploying Pre-production Servers in Enterprise Networks With ever-changing business needs and increasingly fierce competition to provide better services, all enterprises must keep themselves abreast of emerging trends, technologies, and products. Therefore, network administrators are frequently required to procure and deploy new server software solutions. New solutions should be validated in a typical test environment before they are deployed in production environments.
August 2003 43 However, it is a common observation that, no matter how sophisticated test environments are, they cannot exactly imitate real production environments that are less controlled and more dynamic. Thus the initial deployment of pre-production quality servers in a real production environment is an inescapable concern for network administrators. They must balance the two seemingly- conflicting requirements of exposing the pre-production server to the rigors of real-life production traffic, while at the same time provide a way to immediately revert back to the proven production environment in case of a failure.
In this type of scenario, it would be a boon to network administrators if there were AppNotes a solution that automatically falls back upon the regular service in case of an unpredicted outage of the pre-production server and which automatically switches to the pre-production server once it is brought online. Such a solution is quite feasible—on a primitive level with minimal investment—by using the host mask binding feature supported with a virtual board.
All the network administrator has to do is configure the IP address of the production server on the virtual board of the pre-production server, but with a host mask. This configuration, together with the enabling of a dynamic routing protocol on the network, would ensure that the preferred destination for that IP address is the pre-production server. The routing topology would fall back upon the production server in case of an unpredicted outage of the test server.
Figure 5 shows a typical pre-production server configuration.
10.0.0.1/ff.ff.ff.ff (Virtual IP)
Production Pre-Production Server Server
10.0.0.1/ff.0.0.0 10.0.0.2/ff.0.0.0
Enterprise Network
Network Traffic when Pre-Production server is functional
Network Traffic when Pre-Production server is non-functional
Figure 5: Deploying pre-production servers on an enterprise network.
www.novell.com/appnotes 44 Other Possible Uses for Virtual IP Addresses In addition to the scenarios detailed above, virtual IP addresses could also be preferentially used for:
• Remote control of a multi-homed server
• End-point addresses of IP-over-IP tunnels
• LAN-mapping address for point-to-point connections AppNotes Conclusion The TCP/IP stack included with NetWare 6.5 supports virtual IP addresses. This new feature complements the existing load balancing and fault tolerance features of the TCP/IP stack and enhances the availability of servers that reside on multiple subnets. Virtual IP addresses enable administrators to easily manage name-to-IP address associations of business services.
The information provided in this AppNote is derived strictly from test scenarios; there may be deviations from these results in real user scenarios. Novell does not recommend deploying any new configurations directly in a production network. Configuration changes should always be verified in a simulated test network before being deployed in a production environment.
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
August 2003 45 Apache Manager: A Directory- Based Approach to Managing Apache Web Servers AppNotes Feature Article NOVELL APPNOTES
Dave Mitchell Brad Nicholes Software Engineer Software Engineer Novell, Inc. Novell, Inc. [email protected] [email protected]
With the release of NetWare 6.5, Novell provides a powerful new Apache management tool called the Apache Manager. It is a Web-based utility that leverages Novell eDirectory to manage one or many Apache Web servers running on NetWare, Linux, Solaris, IBM-AIX, or Windows. This AppNote explains the advantages associated with storing Apache’s configuration files in a hierarchy of directory objects, which provides the underpinnings for a superior methodology for managing a Web farm environment.
Contents:
• Introduction • Overview of the Apache Web Server • Advantages of Using the Apache Manager • How the Apache Manager Functions • Conclusion
Top ic s Apache Web Servers, Web-based management, Web technologies Products Apache Manager, NetWare 6.5 Audience network administrators, installers Level intermediate Prerequisite Skills familiarity with Apache Web Server configuration Operating System NetWare 6.5 Too ls none Sample Code none
www.novell.com/appnotes 46 Introduction With the release of NetWare 6.5, Novell provides a powerful new Apache management tool called the Apache Manager. This Web-based utility leverages Novell eDirectory to manage one or many Apache web servers running on NetWare, Linux, Solaris, IBM-AIX, or Windows. This AppNote provides an overview of the Apache Manager and explains the advantages associated with storing Apache’s configuration files in a hierarchy of directory objects. This concept provides the underpinnings for a superior methodology for managing the configuration of a Web farm environment. AppNotes There are a number of advantages to this approach. They include platform independence, a central point of management for all instances of Apache, and consolidation of common directives. Apache Manager consists of two separate pieces: the Apache Manager Web utility and the configuration daemon. These components are built on top of industry standards that are open and universally accepted. This allows them to fully interoperate insulated from the underlying demands of the operating system, which in turn satisfies the needs of a cross-platform world.
One of the truly powerful aspects of Apache Manager is its integration with Novell’s highly scalable and distributed directory service. The directory not only acts as the database where the configuration directives are stored, it also provides an environment that allows configuration objects to be shared and inherited. The basic concept is that when identical directives exist for multiple Apache servers, these directives can be stored in a single directory object rather than duplicated in multiple configuration files.
Apache Manager provides the Web administrator with a powerful time saving tool that increases productivity, as each directory object holds a common set of directives that may be inherited by lower level objects in the eDirectory tree. The “Apache Group” is the highest object in the tree. It contains a set of directives that are common across all instances of the Apache web server regardless of the platform it is running on. The end result is that Apache Manager is not only capable of managing a large number of Apache web servers, it will also manage different versions of Apache running on different platforms. The specific requirement is that the platform provides a supported JVM and the ability to connect to a directory service through the LDAP protocol.
Overview of the Apache Web Server The origins of the Web began with an information project known as CERN. Today, this is where the world’s largest particle physics laboratory still operates. This project later developed into what is known as the World Wide Web Consortium (W3C). As Web technologies evolved, there emerged specific software, protocol sets, and conventions to govern them. At the root of this digital ancestral tree are browsers and HTTP servers. One of the dominant players in this Internet ecology is the Apache Web Server, the most widely deployed Web server on the Net. According to the most recent surveys from Netcraft, Apache Web Servers represent 62.5 percent of the total Web server deployments.
www.novell.com/appnotes 48 Until very recently, managing an Apache Web Server was a fairly primitive task, accomplished mainly through the editing of a text file known as the httpd.conf file. This file contains the key configuration directives for an Apache Web Server. Novell’s Apache Manager helps to solve many of the problems that are associated with the current Apache administration methods and procedures. One of the most important is the ability to manage multiple Apache Web Servers as part of a centralized management system. Prior to this, managing multiple instances of Apache was tedious and time consuming.
Manually Configuring an Apache Server The most commonly used method of managing the Apache web server is to AppNotes manually edit the configuration file using a text editor. The Apache configuration file, called the httpd.conf file, is stored in the conf subdirectory under the Apache root directory. This simply constructed text file holds all of the directives necessary to successfully configure a Web server and any of its additional modules that may need to be loaded (see Figure 1).
Figure 1: Apache’s HTTPD.CONF file.
This simple list of directives and their associated values define how the Apache Web Server will handle requests. Because of the simplistic nature of this file, most administrators responsible for managing a single instance of Apache choose to manage the Web server manually rather than use a management tool that provides additional functionality.
August 2003 49 An administrator of a typical Apache server manages the configuration by manually changing the contents of the configuration file. For a single instance of the Web server or even a small number of servers, this method of administering the server is tolerable. But it becomes much more tedious in a Web farm environment. If a directive needs to be changed or a new module loaded on all servers, each server’s httpd.conf file will need to be opened, changed, and saved. Apache must then be restarted so that the changes can be applied.
Some alternatives to manual administration have been proposed and some have been implemented. But for the most part, these alternatives are platform-specific AppNotes and can only be run on a machine that has direct file access to the httpd.conf file. Some of these solutions provide a simpler user interface and perform some simple tasks during configuration file management, but they only solve the problem for a single localized Apache server. The real problem of easily administering an Apache Web farm still exists. The answer to this problem is couched within a directory-based approach to configuration, as implemented by Apache Manager.
Advantages of Using the Apache Manager Apache Manager provides a simple solution to the problem of managing an Apache Web farm. Some of the advantages provided by Apache Manager include platform independence, single Web-based location for managing all instances of Apache, and consolidation of common directives across Apache instances. Apache Manager eliminates the need for an administrator to have to edit and maintain a large number of configuration files, as many of the directives are common across each Apache Web Server instance.
Platform Independence Apache Manager was designed and built specifically with platform independence in mind. The basic idea is that since Apache is a cross-platform Web server, managing Apache should also be a cross-platform activity. With this in mind, the runtime environment, as well as the implementation of the administration tool, had to be cross-platform.
There are few technologies that could be considered completely cross-platform. The most obvious was to build a Web-based management utility that implemented Java technology in tandem with LDAP as the protocol for accessing the directory. Apache Manager is composed of two separate pieces: the Apache Manager Web utility and the configuration daemon that runs alongside the Apache Web Server. Both of these pieces are built using Java and LDAP technologies, thus allowing the solution to run on all major operating systems.
The Apache Manager Configuration Daemon is built as a Java utility that utilizes the Java Naming and Directory Interface (JNDI) classes, along with an LDAP provider to access an LDAP-compliant directory. The Web pages are implemented as Java Server Pages (JSP) and take advantage of the same JNDI interfaces for reading and writing data in the directory.
www.novell.com/appnotes 50 The only platform requirements associated with the Apache Manager instance is a Web server, a JSP/servlet engine, an LDAP-compliant directory, and a Java Virtual Machine (JVM). All of these exist on all of the major operating system platforms. The Apache Web Server and the configuration daemon are the only pieces that must be running on any platform when managed through the Apache Manager instance. The Apache Web management interface need only run on one server in the network.
Single Web-Based Location Apache Manager has the ability to manage the configuration for any number of Apache servers through a single interface. Administrators can log in to a single AppNotes instance of Apache Manager to view and configure every instance of Apache running on their network. Once the configuration has been changed in the directory, the configuration daemon handles saving the new configuration to the httpd.conf file, as well as restarting Apache web server.
This solves the problem of having to physically access the configuration file of each individual Apache server just so the administrator can manually edit the configuration files and then restart each Web server. Apache Manager allows the administrator to do it all from one single location while leveraging the Web-based interface.
Common Directive Consolidation Since the Apache Web Server is a cross-platform application, configuring Apache on different platforms is basically the same. For the most part, a configuration file used to configure Apache on one platform can easily be used to configure Apache on another platform. This means that most of the configuration directives themselves are completely common, regardless of the platform that the Web server is running on.
Apache Manager allows directives that are common across multiple Apache servers to be stored in a common location, while being inherited by each Apache server. For example, assume that the directive on every Apache server for “HostNameLookups” is set to “On”. With Apache Manager, this directive can be stored in a Server Group object that is inherited by every Apache server. If the administrator wants to change the value of “HostNameLookups” to “Off”, the change can be made in the Server Group object and all Apache servers would automatically inherit the configuration change.
This saves the administrator from the tedious task of manually changing each server’s configuration file. It also provides the administrator with a much easier way of adding new Apache servers to the Web server farm. All that is needed is to add a single Server object to the directory with just a few specific directives. The remainder of the configuration file can be constructed by inheriting the common set of directives that were already established in the directory. This eliminates having to duplicate directives that have already been defined in another configuration file.
August 2003 51 How the Apache Manager Functions Apache Manager has three basic parts: the directory service, the configuration daemon, and the Web interface. The directory service not only acts as the database where the configuration directives are stored, it also provides an environment that allows configuration objects to be shared and inherited. The configuration daemon is a small Java application that runs in parallel with the actual Apache server software. It extracts the configuration directive out of the directory server objects, and assembles them to create the httpd.conf file. In addition to creating the configuration file, it is also able to restart the Apache Web Server when AppNotes specific flags have been set in an Apache Server object within the directory. The Web interface presents the Apache configuration in an easy-to-manage format, enabling changes to be made quickly to one or many Apache servers through a Web browser.
Apache Manager uses a directory-based, hierarchical object model to simplify the management of and share configuration directive within a Web farm. The basic idea is that when an identical directive exists for multiple Apache servers, that directive can be stored in a single directory object rather than duplicated in multiple configuration files. This allows the directive to be shared among multiple Apache server configurations and provide a way for the administrator to modify the directive once and apply the modification across multiple servers. The implementation of this idea is more complex, but Apache Manager masks the complexity and presents the administrator with a simple solution to managing the Web farm.
The Directory Apache Manager divides the Apache configuration file into a hierarchy of configuration objects and then stores them in a directory service. By storing directives in a hierarchy of objects, those directives can be applied to a single server, a group of servers, or to an entire Web farm.
An HTTPD.CONF file can be broken up into a set of parts that can be represented by five different object classes. These object classes are:
•Server Group
•Server
• Virtual Host
• Module
•Block
www.novell.com/appnotes 52 By defining a server object within the directory service and combining the object with one or more virtual host, module, and block objects, an entire configuration for an Apache Web Server can be stored, manipulated, and shared through the directory service. Each object class contains a set of attributes that can store the data required to produce a portion of the configuration in a complete httpd.conf file. Additionally, each object class may store any number of specific directives that the administrator wants defined at that location of the object hierarchy.
The definitions of the five object classes are as follows:
Server Group. The Server Group is a representation of a set of Apache AppNotes configuration directives common to all server objects contained in the group. A server group may contain any number of server groups, servers, modules, and blocks.
Sever. The Server object is a representation of a single Apache server. It contains standard attributes such as Server Name. It is used as a definition of any single server and is an anchor point for its configuration. It may contain any number of virtual hosts, modules, and blocks.
Virtual Host. The virtual host object is a representation of a virtual host within an instance of an Apache server. The object contains the necessary attributes to create a
Module. The module object is a representation of an Apache module. The module object defines the “LoadModule” directive and the
Block. The block object is a representation of a Directory, Location or File block or any of their derivatives. It defines the
Configuration Daemon As explained in the object hierarchy section, the configuration for any given Apache Web Server is stored in a series of objects in the directory. The information in the directory is extracted by a configuration builder service known as the Apache Manager Configuration Daemon. The daemon runs in parallel with each instance of Apache and knows how to extract the objects from the directory and order them to construct the httpd.conf file.
August 2003 53 Therefore, each Apache server on the network should also have a Configuration Daemon running with it. The configuration daemon is the conduit between the physical configuration file stored for each Apache Web Server instance and the directory service that holds the configuration objects (see Figure 2). AppNotes Configuration 2 Directory Daemon Configuration File 1 3
6 4 5
Apache Web Server
Figure 2: The Apache Manager Configuration daemon.
After the daemon is started, it monitors the directory for any changes made to a particular server. If a change is detected, it updates the configuration file and notifies the Apache Server that it is time to reload its configuration file.
Additionally, if an Apache server’s configuration has not been stored in the directory, the daemon has the ability to import the current configuration file into the directory. For example, the first time the daemon runs in conjunction with a specific instance of the Apache Web Server, it will create a Server object in the object hierarchy to ensure that the configuration stored in the directory matches the current configuration file of the Apache server.
In addition to importing a new configuration, the daemon also has the ability to detect when a physical configuration file has been changed. If an administrator makes a change directly to the Apache configuration file stored on disk, the daemon can detect the change and import it into the server configuration previously stored in the directory. One purpose of the configuration daemon is to make sure that the configuration file used to configure a specific instance of Apache remains synchronized with the shared configuration objects in the directory.
www.novell.com/appnotes 54 Web Interface The Apache Manager Web interface is a browser-based administration utility that allows administrators to view and configure the entire Web farm from a single location on the Internet. The Web interface simply displays the current configuration for each Apache server as it is stored in the directory and allows the administrator to manipulate the configuration objects.
Object Frame. The interface is simple (see Figure 3). The “Objects” frame gives a view of the Apache configuration objects that are currently stored in the directory and gives the user the ability to navigate the hierarchy. The object hierarchy begins with a server group, generally called “Apache Group.” The top AppNotes group contains other groups that define an organization that will make sense for the administrator. Apache groups may be organized according to platform, deployment, or some other configuration model.
Figure 3: The Objects frame.
Each object in the directory holds a common set of directives that may be inherited by lower level objects in the tree. The “Apache Group” object or the highest object in the tree contains the set of directives that are common across all instances of the Apache web server regardless of the platform that it is running on. Objects that appear at lower levels in the tree, define directives that are specific to particular configurations. The lower the object sits in the tree, the more specific or unique the directives are to a particular Apache web server configuration. The complete configuration for a particular Web server is a combination of the directives contained by the server object along with the directives contained by each object within its hierarchical path.
August 2003 55 Directives Frame. The “Directives” frame is the central view which displays the configuration contents held by the currently selected object. This frame gives the administrator the ability to manage the directives that are contained in the object, add child objects or alter the attribute values of the object itself. Additionally, for server objects, the “Directives” frame allows the administrator to view the server’s configuration file as it would be created by the configuration daemon. In the configuration file view, all directives are linked back to the object where they were defined. This makes it easy to navigate to an object that holds a specific directive without having to know where the directive came from (see Figure 4). AppNotes
Figure 4: The Directives frame.
The Apache Manager interface also allows the administrator to restart each Apache Web Server that is administered through this interface. If the configuration file for a specific server has been changed manually, this will be communicated back to the directory by the configuration daemon and displayed in the web interface. It gives the administrator the option of importing the changes or rejecting them in order to maintain synchronization between the physical server and the directory. It displays the current status of each Apache server indicating whether the server is currently running or not.
Whenever a change is made in the directory, a flag within the Apache server object can be set that directs the configuration daemon to rebuild the physical configuration file for a particular Apache server and restart it. Through the Web interface, the administrator has a view of all of their servers within a Web farm and the ability to manage those servers.
www.novell.com/appnotes 56 Conclusion Apache Manager is a platform-independent administration solution that allows an administrator to manage multiple Apache Web Server configurations from a single Web interface. By taking advantage of the directory, it provides the necessary tools to consolidate common configuration directives into a hierarchy of objects, stored in a single location so that all Apache servers may be easily managed from the Internet.
Apache Manager is an excellent solution for administrators that are responsible
AppNotes for managing multiple Apache Web Servers. Apache Manager is not only capable of managing a large number of Apache Web Servers, it will also manage different versions of Apache running on different platforms. The only real requirement is that the platform supports a JVM and the ability to connect to a directory service through the LDAP protocol. Apache Manager removes the complexity and overhead common to managing multiple Apache Web Servers.
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
www.novell.com/appnotes 57 Overview of Novell Web and Application Services in NetWare 6.5
Feature Article NOVELL APPNOTES
Excerpted from the NetWare 6.5 documentation at http://www.novell.com/documentation
Novell Web and Application Services (NWAS) is a collection of open source and Novell technologies integrated with NetWare 6.5 for use in building, deploying, hosting, and utilizing Web sites and Web applications. This AppNote introduces NWAS and its components, and explains how you can begin using them to meet the demands of your business.
Contents: • Introduction • Key Features and Benefits of NWAS
• Basic Components of NWAS
• Putting It All Together Developer Notes • About Installing NWAS Components
• Conclusion
To pics Web application development, Web site hosting, Web ser- vices, scripting, open source software Products Apache Web Server 2.0, NetWare Web Search Server, MySQL, Tomcat Server, Novell exteNd Application Server Audience developers Level beginning Prerequisite Skills familiarity with Web services and applications Operating System NetWare 6.5 To ols none Sample Code no
August 2003 57 Introduction
Novell Web and Application Services (NWAS) is a collection of open source and Novell products integrated with the NetWare 6.5 operating system that let you build, deploy, host, and utilize Web sites and Web applications that speed up business processes without jeopardizing the security of business information.
This overview introduces you to the key features and benefits of NWAS, how its individual components work together, how they are used by NetWare 6.5, and how they can be installed either individually or as part of a special purpose server.
Key Features and Benefits of NWAS
Figure 1 illustrates how the Novell and open-source software included with NetWare 6.5 can be used to host Web sites and implement Web applications on the World Wide Web, within a corporate intranet, or with customers and partners in an extranet environment. Developer Notes
Figure 1: NetWare 6.5 includes both Novell and open-source software.
www.novell.com/appnotes 58 Features of NWAS When used together, NWAS products let you host Web sites and deploy Web applications that you can either build yourself or download from the World Wide Web. With NWAS, you can:
• Host multiple Web sites on a single NetWare server • Manage all instances of the Apache Web server from one interface using the new Apache Manager (regardless of what platform they are running on in your network)
• Choose from hundreds of free Web applications that can be downloaded from the Internet and run on your NetWare 6.5 server
• Build and host your own Web database applications • Choose from five popular scripting languages to build your own dynamic Web content • Build powerful Web applications and services using the new Novell exteNd Application Server, which includes SOAP and UDDI components, as well as rapid application development support and application deployment capabilities
• Add search and print functionality to any Web site, anywhere on the World Wide Web or on a company intranet
Benefits of NWAS From hosting simple Web pages to hosting large Web applications and services, NWAS has the technological components you need. Each open source technology offers an important building block that allows you to build the solutions that best meet your business needs. Developer Notes
Some of the key benefits NWAS has to offer include:
• Open source components that help you steer away from vendor lock-in and proprietary solutions; applications that you develop can run on any other J2EE compliant platform, including UNIX and Linux operating systems
• Valuable services for end users that enhance personal and team productivity
• A strong J2EE and open source development model
• A broad range of industry standard API sets
• A broad selection of development tools and deployment models for developers (this provides tremendous flexibility in those cases where IT organizations decide to re-purpose their NetWare servers)
• Lower IT spending because open source products are free and platform independent
August 2003 59 Basic Components of NWAS
The components of NWAS offer everything you need to host dynamic Web content and Web applications. Additional components also included with NetWare 6.5 can be added to your NWAS solution. For example, if you are going to integrate existing software using Web services technologies, you would add SOAP and UDDI.
Figure 2 shows the basic architecture of NWAS components and includes all other components available in NetWare 6.5 that you can use to build Web applications and services.
Figure 2: General architecture of key NWAS components and other available technologies.
The following sections introduce each NWAS component.
Apache Web Server 2.0 Developer Notes The Apache Web Server 2.0 serves as the foundation Web server upon which you can build Web sites and host Web applications for use in your business.
Apache is the Web server of choice for more than 67% of all Web servers being used on the World Wide Web today. Its popularity comes from the fact that it is the most reliable and secure Web server available. It runs on all major platforms, is capable of hosting even the most complex Web sites and can scale to handle thousands of simultaneous connections.
Here are some of the key uses and benefits of using Apache on NetWare:
• Provides a highly reliable and fast Web server for hosting simple or complex Web sites • Offers tight integration with eDirectory and Secure Sockets Layer (SSL) through the use of a customized NetWare-specific Apache module, providing a highly-secure method for sharing sensitive company information over the Internet
www.novell.com/appnotes 60 • New Apache Manager tool that lets you configure a single Web server, or a host of Web servers running on multiple platforms, all from a single interface • Pre-configured to work with Jakarta-Tomcat, the servlet container created by the Apache Foundation, which can be used to host servlets and JavaServer Pages (JSPs) for automating business processes • Compatible with the new Novell exteNd Application Server for deploying Web applications and Web services • Ideal for Web application development and testing • Lets you set up multiple virtual hosts for hosting multiple Web sites (with their own domain names) all from a single installation of Apache (see Figure 3) Developer Notes
Figure 3: Apache running on NetWare 6.5 and hosting multiple Web sites, each with its own domain name.
Scripting: Support for PHP, Perl, Novell Script, NSP, and UCS NetWare 6.5 provides a choice of scripting languages and the engines to run them, which you can use for the development of Web applications and administration utilities. Scripting simplifies the task of developing NetWare based applications and is much easier than writing NLMs using C or C++.
The scripting technologies integrated with NetWare 6.5 include industry standard PHP, Perl, Novell Script for NetWare, Novell ScriptPages (NSP), and Universal Component System (UCS). These scripting engines must be enabled in Apache in order to use them.
For more information about using these scripting languages, see the Novell Developer Kit at http://developer.novell.com/ndk.
August 2003 61 Web Search Capability: NetWare Web Search Server No Web solution is complete without capable searching functionality that provides users with a method for finding information they need, when they need it. NetWare Web Search Server lets you add search and print functionality to any Web site, anywhere on the World Wide Web or on a company intranet. You can use it on your own enterprise-wide Web site or to host search services for business partners or clients.
Visitors to your Web or intranet site enter search terms in the Web Search form you place on the pages of your Web site. The search term is used to find matches contained in Web Search indexes you create using the Web Search Server Manager, a Web-based management utility. Search results, including matching URLs are sent back to the user’s Web browser (see Figure 4). Developer Notes
Figure 4: How NetWare Web Search Server handles a user’s search query.
For more information about installing and using NetWare Web Search Server, see the NetWare 6.5 Web Search Server Administration Guide.
Web Databases: MySQL MySQL is an open source, structured query language (SQL) database. When combined with a Web application, MySQL serves as a very reliable and scalable database for use in hosting eCommerce and business-to-business Web applications.
Figure 5 shows how MySQL can be used to host Web database applications such as eCommerce or inventory tracking.
www.novell.com/appnotes 62 Figure 5: Hosting multiple Web database applications with MySQL.
For more information about installing and using MySQL, see the MySQL on NetWare Administration Guide.
Web Applications: Jakarta-Tomcat Server or Novell exteNd Application Server When you need greater processing power beyond what scripting has to offer, NetWare 6.5 offers two choices: Jakarta-Tomcat and Novell exteNd Application Server. Which one you choose depends on what you need.
For example, if you need Java API support beyond servlets, JSPs, tag libraries, or Developer Notes basic Java Bean components, either immediately or in the future, you should select the Novell exteNd Application Server. Also, if you are going to use any of the high-end development tools included with NetWare 6.5, such as the Novell exeNd Director or Composer products, exteNd is the better choice because Tomcat is not supported by these tools.
However, if you need only very basic Java servlets and JavaServer Pages (JSPs) and you do not plan to migrate to a more robust solution, you should select Tomcat. Tomcat is also the better choice if you are relatively new to, or inexperienced with, Java programming.
Jakarta-Tomcat. The Jakarta-Tomcat server is an open source, Java-based Web application container created to run servlet and JavaServer Page Web applications. Tomcat is very stable and includes all of the features of a commercial Web application container. It is the official reference implementation for the Java Servlet and JSP technologies.
August 2003 63 Figure 6 illustrates how Tomcat can work together with Apache to deliver dynamic Web content to the consumers of your Web site content.
Figure 6: Using Tomcat and Apache to deliver dynamic Web content.
Tomcat 4.1, the version included with NetWare 6.5, implements the Java Servlet 2.3 and JSP 1.2 specifications.
For more information about installing and using Tomcat, see the Tomcat Administration Guide for NetWare 6.5.
Novell exteNd Application Server. When scripting or Web application hosting
Developer Notes with Tomcat are not robust enough to build the solution you need to build, or when you need to employ more sophisticated Web services using SOAP and UDDI, the Novell exteNd Application Server provides the application hosting power you need.
The Novell eXtend Application Server is a comprehensive, J2EE certified platform for building and deploying enterprise-class Web applications. It supports the full Java 2 Enterprise Edition standard: JSP, Enterprise JavaBeans (EJBs), and all other J2EE 1.3 components and technologies.
For more information about installing and using exteNd, see the Novell exteNd Application Server documentation.
www.novell.com/appnotes 64 Putting It All Together
When you combine all of the NWAS components, you have a complete Web and application solution. Choosing which components you need begins with determining what the needs of your organization or company are and then deciding which components to use to fill those needs.
This section highlights one of the quickest and simplest combinations of NWAS components: Novell AMP. It also explains how NWAS components are used by NetWare.
Novell AMP: Apache, MySQL, PHP, and Perl One of the NetWare 6.5 dedicated installation options is Novell AMP. Combining the HTTP power of Apache with the database power of MySQL and the flexibility of PHP lets you build very fast and functional Web applications. But even better, there are thousands of applications available for download from the World Wide Web. Most of them are free.
After installing Novell AMP, you can download applications from Web sites such as http://www.hotscripts.com/PHP, and within minutes, install them to your Novell AMP server and start benefiting from their use (see Figure 7). Developer Notes
Figure 7: With a Novell AMP Server, you can download, install, and run thousands of AMP-ready applications.
For more information about Novell AMP, refer to the Novell Developer Kit Web site at http://developer.novell.com/ndk.
How NWAS Components Are Used by NetWare Two of the NWAS components, Apache and Tomcat, are used by many of the Novell products included with NetWare 6.5. For example, Novell NetStorage depends on the administration instance of the Apache Web server for HTTP processing and on Tomcat for running its servlets.
August 2003 65 Some of the NWAS components depend on each other. For example, the NetWare Web Search Server also depends on Apache and Tomcat. This is why by default there are two instances of Apache and Tomcat configured to run on NetWare: one for use by Novell software (the administration instances), and another for your own use (the public instances).
Table 1 summarizes the dependency of various Novell products on the Apache 2 Admin Server and on the Tomcat 4 Admin Container.
Table 1: NetWare products that depend on NWAS components.
Apache 2 Admin To m c at 4 Ad mi n Novell Product Server Container
Novell iPrint X
Novell iFolder X
NetStorage X X
Novell exteNd Director X X
Virtual Office X X
Java Virtual Machine (JVM) X X
For any necessary information about making modifications to these NWAS components, refer to each Novell product’s individual documentation.
About Installing NWAS Components Developer Notes NWAS components can be installed as part of a special purpose server, which installs a combination of products for a specific use, or each NWAS component can be installed individually through the Customized NetWare Server install option during the NetWare 6.5 install process. (For detailed information about installing NetWare 6.5, see the NetWare 6.5 Overview and Installation Guide.)
This section explains how to install one or more NWAS components.
Set Up a Dedicated or Special Purpose NWAS Server NetWare 6.5 includes several special purpose server installation options, some of which include NWAS components. For example, if you want to dedicate a server to hosting Web applications, you can select the exteNd J2EE Application Server install. Or if you want to dedicate a server for hosting Web search services, you can select the NetWare Web Search Server install. When you do, only the required components (along with the NetWare operating system) are installed.
www.novell.com/appnotes 66 The available special purpose NWAS servers are:
• NetWare AMP (Apache, MySQL, PHP, Perl) Server
• Apache/Tomcat Server • NetWare Web Search Server
• exteNd J2EE Web Application Server
NetWare AMP Server. The NetWare AMP (Apache, MySQL, PHP, and Perl) Server lets you host Web-based database applications on your NetWare 6.5 server. Web database applications are available from the open source community. They can be downloaded from the World Wide Web and easily deployed to your NetWare AMP server. Or, if you are familiar with the structured query language (SQL) and PHP or Perl scripting languages, you can develop and host your own Web-based database applications.
NetWare AMP includes the following components:
• Apache Web server (the leading Web server on the Internet today)
• MySQL (a fast, easy-to-use, relational database management system) • phpMyAdmin (a utility for managing MySQL from a Web browser)
• PHP/Perl scripting engines (engines for processing PHP or Perl scripts)
• Apache Manager (a browser-based utility that lets you manage multiple Apache Web servers as an eDirectory object, regardless of the platform they are running on)
Apache/Tomcat Server. The Apache/Tomcat Server lets you deploy and host Developer Notes servlets and Java Server Pages (JSPs). It installs Apache Web Server 2.0 and the Tomcat Servlet Container 4.1 for use in hosting dynamic, application-driven Web sites. eDirectory Java LDAP beans are also included to provide a broad range of eDirectory authentication and identity mechanisms that are customized for use in setting up browser-based access to protected information. For additional development and deployment power, install the Novell exteNd Workbench IDE from the NetWare 6.5 Client CD.
If you need more functionality than you can get from servlets and JSPs, consider installing the special purpose exteNd J2EE Web Application Server instead.
NetWare Web Search Server. The NetWare Web Search Server lets you add search and print functionality to any Web site, anywhere on the World Wide Web or on a company intranet. You can use it on your own enterprise-wide Web site or to host search services for business partners or clients.
August 2003 67 Typically, you would dedicate a server to Web Search if you want to offload Web site traffic from your main Web server, or to provide failover for your Web Search services.
exteNd J2EE Web Application Server. The exteNd J2EE Web Application Server lets you deploy enterprise-class Web applications that take advantage of the full Java 2 Enterprise Edition standard: JSPs, Enterprise JavaBeans (EJBs), and all other J2EE 1.3 components and technologies. The Novell exteNd Web Application Server provides high performance, scalability, and reliability, support for rapid application development, application deployment facilities, and server management facilities.
MySQL, Apache, and other software is installed also.
Install Individual NWAS Components If you want to install one or more individual NWAS components, you can by selecting the Customized NetWare Server option during the NetWare 6.5 installation process. Each of the NWAS components available on the Components list during install is described below.
Note: Some component options are available only during a post install of NetWare 6.5. These are indicated in the following sections.
NWAS components available for individual installation include the following:
• Apache 2 Admin Server • Apache 2 Web Server and Tomcat 4 Servlet Container
• NetWare Web Search Server
Developer Notes •MySQL
• Tomcat 4 Admin Container
Apache 2 Admin Server. Available only during a NetWare 6.5 post install, the Apache 2 Admin Server component installs an administration instance of the Apache Web server. Apache is used on NetWare in two ways: as an administration server (Apache 2 Admin Server) and as a dedicated Web server (Apache 2 Web Server). The Apache 2 Admin Server is installed by default and runs in protected address space on your NetWare 6.5 server.
Apache 2 Web Server and Tomcat 4 Servlet Container. Selecting the Apache 2 Web Server and Tomcat 4 Servlet Container component installs the Apache Web server 2.0 and the Tomcat Servlet Container 4.1 for your own use as a dedicated Web hosting solution. Tomcat is used for running Web servlets and JSPs.
www.novell.com/appnotes 68 NetWare Web Search Server. NetWare Web Search Server lets you add search and print functionality to any Web site, anywhere on the World Wide Web or on a company intranet. You can use it on your own enterprise-wide Web site or to host search services for business partners or clients.
MySQL. MySQL is an open source, SQL database. When combined with a Web application, MySQL serves as a very reliable and scalable database for use in hosting business solutions such as eCommerce and business-to-business.
If you do not have Apache installed and you want to host Web servlets or applications, consider installing either the Apache 2 Web Server and Tomcat 4 Servlet Container component, or the special purpose Apache/Tomcat Server.
Tomcat 4 Admin Container. This selection installs Tomcat Servlet Container 4.1, which is used for running Web servlets and Java Server Pages. Typically, Tomcat is used with the Apache Web server.
Conclusion
This AppNote has introduced the Novell Web and Application Services (NWAS) technologies included in NetWare 6.5. It has provided an overview of what these components are and how they can be used to build, deploy, host, and utilize Web sites and Web applications in the NetWare environment.
For Additional Information For more information about the technologies discussed in this AppNote, refer to the following resources:
• For more information about Novell open source components and Novell Developer Notes Forge, visit http://developer.novell.com/ndk/qstart/opensource.htm.
• For information about AMP on NetWare, visit http://www.osnamp.com.
• For NDK software, sample code, and developer documentation, visit http://developer.novell.com/ndk.
• For information about developer training, visit http://developer.novell.com/training.
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
August 2003 69 New Developer Features in Novell eDirectory 8.7.1
Feature Article NOVELL APPNOTES
Adapted from a Novell DeveloperNet Webinar http://developer.novell.com/training
Novell eDirectory 8.7.1, which ships with NetWare 6.5, contains numerous new features and enhancements that are of interest to developers. This AppNote summarizes these new features.
Contents: • Introduction
• Dynamic Groups
• Extensible Match • eDirectory Events
• Transport Layer Security Developer Notes • New LDAP Authentication Methods • SOAP Access to eDirectory
• Other New Features in eDirectory 8.7.1
• Conclusion
Top ic s Novell eDirectory 8.7, directory-enabled applications Products Novell eDirectory 8.7 and 8.7.1 Audience developers Level intermediate Prerequisite Skills familiarity with Novell eDirectory Operating System n/a Too ls none Sample Code no
www.novell.com/appnotes 70 Introduction
In early 2003 Novell released eDirectory 8.7, a major update to its industry-leading cross-platform directory service. This highly scalable, high-performing, secure directory service can store and manage millions of objects, such as users, applications, network devices, and data. Novell eDirectory provides centralized identity management, infrastructure, Net-wide security, and scalability to all types of applications running behind and beyond the firewall. It natively supports the directory standard Lightweight Directory Access Protocol (LDAP) v3.
Novell eDirectory 8.7 introduced a number of new features, such as Web-based and wireless management capabilities, extensible match search filters, Simple Network Management Protocol (SNMP) monitoring, and enhanced backup and restore capabilities. It also provided support for Transport Layer Security (TLS) services based on the OpenSSL source code.
This AppNote covers some of the features of eDirectory 8.7 that are of interest to developers, with emphasis on those that are new since eDirectory 8.6.x. It also lists the new features in eDirectory 8.7.1, an updated version which ships with NetWare 6.5.
Dynamic Groups
Dynamic groups have been supported since eDirectory 8.6, but this feature has been further enhanced in eDirectory 8.7 and 8.7.1. As a review of how groups work in directory services, suppose you have an application for which you want to assign rights to multiple users. You can create a group, add the users to that group,
and then assign rights to the group instead of having to assign the rights to each Developer Notes individual user. Every user who is a member of the group will automatically have the rights necessary to run the application. So groups are a useful tool in managing rights for applications, files, printers, and whatever you might want to secure using directory services.
Traditionally, groups have been static in nature. In other words, the “member” attribute had to be populated manually. As an example, suppose you created a static group called “Managers” to give rights for certain restricted applications to your organization’s managers, directors, and vice presidents. You have added each manager individually as a member of this group. But then a temporary manager comes in just for a couple of months. You’d have to assign him as a member of the Managers group, and then remember to remove him from the group when his temporary managership ended. If not, he would continue to have access to the manager-only applications after he no longer required it.
August 2003 71 As the name implies, dynamic groups allow membership in a group to be determined dynamically, in additional to explicitly assigning members. A dynamic group can use an LDAP search filter in URL form (as specified in RFC 2255) to assign all users with a certain attribute value to its membership list. So in the example above, instead of having a Managers group that is defined statically, you could add an attribute called “Title” to all User objects. If a user is a manager, you would populate the Title attribute with a string such as “Manager”. Then the LDAP search filter would look for all users that have the Title of “Manager” and automatically make them members of a dynamic group. They would then gain all the rights necessary to run the manager applications. When a person is no longer a manager, all you’d have to do is change the Title attribute on that person’s User object, and the user would immediately lose the rights he or she had as a member of the dynamic group.
If you look at the schema for eDirectory 8.7, you’ll see that there are two new classes that describe dynamic groups. The first one, dynamicGroup, is a structural class. You would use this structural class when you want to create a new group that you want to be a dynamic group. Within the dynamicGroup class are three attributes.
• The memberQueryURL attribute specifies the search filter to use to describe the dynamic group. In the above example, you would have a search query URL that had the Title attribute in it. When users want to access the group, the LDAP server would search for members based on this search filter in the memberQueryURL attribute.
• The excludedMember attribute allows you to specifically exclude certain objects from the group. You would use this if you had, for example, User objects that are not supposed to be in a dynamic group, but for some reason
Developer Notes match the search filter.
• The uniqueMember attribute allows you to specifically include certain objects in a group. This would be useful if had User objects that should belong to a dynamic group, but for some reason don’t match the search filter. Reading the uniqueMember (or “member”) attribute returns specifically identified objects, as well as objects which satisfy the query.
The second object class, dynamicGroupAux, is an auxiliary class. This class allows you to convert static groups that you have already established into dynamic groups. You do this by simply adding dynamicGroupAux to the objectClass attribute of an existing group, and then setting a search query in memberQueryURL.
You can obtain a member list of a dynamic group in the same way as for a static group, by simply running a query on the “member” attribute. By default, the implicit search is limited to the local server.
www.novell.com/appnotes 72 A new feature added in eDirectory 8.7 is a Web-based utility to help manage dynamic groups. The Novell iManager utility includes a Dynamic Group Management role to create and modify Dynamic Group objects.
Extensible Match
Another new feature in eDirectory 8.7 is partial support for extensible match searching. The LDAP v3 core protocol specification defined in RFC 2251 requires LDAP servers to recognize a search element called an extensible match filter. An extensible match allows an LDAP client to specify the following items in a search filter:
• An attribute name (optional) • A matching rule (optional)
• A flag to indicate if the DN attributes should be considered part of the entry
• The value to be used for the match LDAP v3 supports multiple matching rules for the same types of data. This would allow you to implement new rules such as “sounds like.” However, eDirectory 8.7 currently supports only an exact value match and thus ignores this field. eDirectory 8.7 does allow DN (Distinguished Name) elements to be used in the search criteria. The inclusion of DN attributes in the search via the extensible match filters allows matching to be done on specific values in the DN of an object.
To show you how this can be valuable, consider the example task shown in Figure 1. Within this sample tree here are several OUs, and some of these OUs have Administrative Assistants in them. The task is to find all of the Admin Assistants in the Sales OUs. So you want to find Terry, Sam, Alice, and Bill, but not Hilda Developer Notes because she’s in the Finance OU.
Figure 1: Sample tree for the task of finding all Admin Assistants in Sales OUs.
August 2003 73 Using a traditional LDAP search, you'd have to first search for all the Sales containers in the tree. Then using each Sales container as a base, you would have to do a subtree search for users in the Admin Assistant container. This method requires four separate searches to find the four Admin Assistants you want and to make sure you do not find Hilda. Even then, it may not provide complete results.
Thanks to eDirectory's support for extensible match, you can include the DN of “Sales” in your search criteria. You’d simply search for all Admin Assistant containers in the tree whose DN contains a Sales container. Here is what the extensible match search filter would look like:
(&(ou:dn:=Sales) (organizationalRole=adminAssistant))
This filter indicates that you’re looking for everyone who has “Sales” in their DN and who has their organizationalRole equal to “adminAssistant”. So by using extensible match, you only have to do one search to get the results you want.
SDK Sample Code references: extmatch.c, extmatch.java
eDirectory Events
Novell eDirectory has an event service that enables applications to be notified of significant events that occur within the directory. Some of these events are general events that can pertain to any directory service; other events are specific to eDirectory and its special features. In previous version of eDirectory, this event service was accessible only on the NetWare platform. With eDirectory 8.7 and above, it is accessible on all of the platforms that eDirectory runs on.
Developer Notes Some of the tasks you can do with eDirectory events include:
• eDirectory monitoring • Auditing
• Automation of infrastructure changes
• Automated business logic
All of these things can be done only with eDirectory. They don’t exist in the same form in other directory products. As a developer, you can use these events to watch for changes in the directory. When you store information in the directory, you’re going to want to be able to find out when that information is changed and who changed it, so that your applications can react to changes on key information.
eDirectory defines several directory-related events which can be used for debugging, auditing, and management purposes, including:
• Operations on individual entries and their attributes • Partition and replica operations
www.novell.com/appnotes 74 In eDirectory 8.7, Novell added access rights control for events. If you are registered for an event and you do not have the required privileges, either the request will fail or you will not be able to see the event.
Novell has provided access for developers to register eDirectory events across all supported platforms. eDirectory events are exposed to applications through two different LDAP mechanisms: the Persistent Search Control and the Monitor Events extension. Why two mechanisms? Persistent Search is an IETF specification that focuses on the ability to gather events on objects and data within the directory. In eDirectory, however, the event system also provides access to information about events occurring on the directory itself, such as when a new partition or replica is created. This event information is not accessible through Persistent Search, so Novell created an LDAP extension to allow you to access it.
Persistent Search Control Let’s talk a little more about Persistent Search and how it works. Persistent Search is a control added to an LDAP search that basically allows the search operation to keep going after the initial set of matching entries is returned. It moves the burden of checking for updates within a search result set from the client to the server. Persistent Search is an alternative to implementing some type of polling mechanism to detect changed information.
In an LDAP search operation, the client can apply a search filter to describe what type of objects are being requested and other parameters such as the location in the tree from which the search is to begin, whether to search just one level or the entire subtree, and so on. Normally, the request is made to the LDAP server and the server issues a SearchResultDone message when all of the matching results are returned. With the Persistent Search Control applied, the search operation maintains a connection so that the client can be updated each time an entry in the Developer Notes result set changes. This allows the client to maintain a cache of the entries it is interested in, or trigger some logic whenever an update occurs.
In specifying in the control what type of results you would like, you can specify whether you want to know about just additions, deletions, modifications, or renames, or put them all together and get notification about all types of events. The changeTypes (IN) is a bit-wise OR integer containing the following flag values:
• LDAP_CHANGETYPE_ADD
• LDAP_CHANGETYPE_DELETE
• LDAP_CHANGETYPE_MODIFY
• LDAP_CHANGETYPE_MODDN
• LDAP_CHANGETYPE_ANY
August 2003 75 Another thing you can specify in this control is whether you want to receive the current data set along with any changes that occur in the future, or just the changes only. This is done via the changesOnly (IN). If it is set to zero, the results of the initial search are returned and then the control will block, waiting for additional events to occur. When they do, entries that are subsequently changed are returned to the client. If it is set to a non-zero value, no initial results are returned, but all subsequent changed entries are returned.
Monitor Events Extension The second mechanism for eDirectory event notification is called Monitor Events, an extended LDAP operation that is specific to eDirectory. This extension allows an LDAP client to be notified of the occurrence of various events on an eDirectory server. It uses the LDAP v3 extended operation extension mechanism, and is available on all platforms supported by eDirectory 8.7. It also uses an intermediate response Protocol Data Unit (PDU) as described in the IETF draft (http://www.ietf.org/draft-rharrison-ldap-intermediate-resp-00.txt).
If you just want access to data within the directory, Persistent Search is the preferable method. If you want to monitor changes to the directory itself, whether for debugging, auditing, or management purposes, the Monitor Events extension would be a good way to do that.
Transport Layer Security
Novell eDirectory 8.7 added support for Transport Layer Security (TLS) 1.0 to provide privacy and data integrity between LDAP clients and LDAP servers, so you can make sure your connections are secure. TLS is very similar to Secure
Developer Notes Socket Layer (SSL), which was developed by Netscape. When the IEFT subsequently took ownership for that standard, the result was TLS. There's really only a few minor header changes between SSL and TLS.
TLS allows for connections to be encrypted in the Session layer. The entire packet is encrypted so that sniffers are unable to decode data sent across the network. This ensures that the connection is private and reliable. With TLS, user identities can be authenticated using asymmetric or public key cryptography. The negotiation of shared secrets is done entirely between the client and the server; there is no “middle man.” The reliability of the negotiation is ensured via an attacker detection mechanism.
www.novell.com/appnotes 76 An LDAP client can either start a TLS session by connecting to secure port 636 (the implied TLS port on an LDAP server) or connect to the clear-text port and later use TLS to upgrade the connection to an encrypted connection. As an example of this, say you’re using LDAP to connect to a Web site. As you’re surfing through the public portion of the site looking at non-secure information, you have an open connection through a clear-text port. But then you decide you want to order something from the site using your credit card. In the past, you had to drop the connection and reauthenticate over the SSL port. But with TLS you can send a startTLS extended request along with the query to read your credit card information and TLS will switch you over to a secure connection without you having to reauthenticate.
You can configure the eDirectory LDAP server to do the TLS handshake in three different ways:
• Server certificate only • Request client certificate
• Require the client certificate
You configure this in the new Novell iManager utility that comes with eDirectory 8.7 and above.
After your order has gone through and you no longer need to have a secure connection, either the client or server sends a stopTLS request and the connection automatically reverts to a public connection. When you stop TLS, the LDAP service removes any authentication previously established and your authentication state changes to Anonymous. Therefore, if you want a state other than Anonymous, you must reauthenticate. Developer Notes SDK Sample Code references: strt_tls.c, tbd.java
New LDAP Authentication Methods
Traditionally, with eDirectory and LDAP, users have been able to log in by providing a username and password. In eDirectory 8.7, Novell has added support for Simple Authentication and Security Layer (SASL), an authentication negotiation framework that allows the use of various other authentication methods. These methods must be registered with the Internet Assigned Numbers Authority (IANA). The server lists registered authentication mechanisms in the registeredSASLMechanisms attribute of the root DSE. The client chooses the authentication method and the server implements the appropriate authentication policy.
SDK Sample Code references: getdse.c, getdse.java
August 2003 77 Supported Authentication Methods The eDirectory 8.7 LDAP server supports the following three authentication methods:
• EXTERNAL
• DIGEST-MD5
• NMAS_LOGIN These mechanisms are installed on the server during an eDirectory installation or upgrade. The LDAP server queries SASL for the installed mechanisms when it gets its configuration, and automatically supports whatever is installed. Because these mechanisms are registered, you must enter them using all uppercase characters. Otherwise, the LDAP server won’t recognize them.
The LDAP bind protocol allows the client to use various SASL mechanisms for authentication. When the application uses the LDAP bind API, it would either need to choose the simple bind and supply a DN and password, or choose the SASL bind and supply the SASL mechanism in uppercase, and any associated SASL credentials required by the mechanism.
EXTERNAL. The EXTERNAL mechanism is based on certificates. In other words, the TLS handshake establishes client identity by means of certificate-based client authentication. An LDAP bind request using the SASL EXTERNAL mechanism instructs the server to do the following:
• Ask an EXTERNAL layer what the credentials were
• Authenticate the user as those credentials and user
Developer Notes During the handshake and identification portion of establishing a connection, the server requested credentials from the client and the client passed them to the server. The LDAP server received the certificate that was passed from the client and authenticated the user as whatever DN was supplied in the certificate. LDAP then uses that identity for the user connection.
SDK Sample Code references: saslext.c, tbd.jav
DIGEST-MD5. The SASL DIGEST-MD5 mechanism does not require TLS; the LDAP server supports DIGEST-MD5 over clear and secure connections. DIGEST-MD5 allows you to send your password securely over a clear-text connection. This requires that the server maintain a clear-text copy of your password. The way this is done in eDirectory 8.7 is to put a copy of the clear-text password in the NMAS encrypted store. This store can be hashed using data provided in the bind and then compared to hashed data that is sent to the server.
SDK Sample Code references: saslmd5.c, tbd.java
www.novell.com/appnotes 78 NMAS_LOGIN. The NMAS_LOGIN mechanism provides the LDAP server with the full functionality of Novell Modular Authentication Services (NMAS) applied to LDAP binds. As with the other methods, the login policy is maintained by the LDAP server. NMAS allows multiple levels of authentication and identification. This means you can use any NMAS-compatible method such as certificates, smart cards, and biometric devices, such as fingerprint readers, alone or in combination with username-password methods. Since NMAS is a modular authentication service, it can support all sorts of different devices. Developers can even write their own authentication method to work with NMAS.
One of the limitations of NMAS in the past has been that it requires the Novell NetWare Client to be present. Thus NMAS could only be used on clients that were connecting to a NetWare server. With the SASL NMAS_LOGIN method in eDirectory 8.7, the connection is now done over LDAP so you can use your NMAS devices to connect to LDAP servers wherever eDirectory is running.
For more information about NMAS, see http://www.novell.com/products/nmas.
SDK Sample Code references: saslnmas.c, tbd.java
SOAP Access to eDirectory
Integrating eDirectory into the Web services world is now easier than ever with Directory Services Markup Language (DSML), an OASIS specification that enables developers to express LDAP functions and retrieve data in XML. Support for DSML v2 is available for eDirectory 8.7 and above. Although the DSML v2 Server provides no new eDirectory functionality, it makes it very easy for developers familiar with using XML and SOAP to integrate with the directory
using the tools you know. Developer Notes
With DSML for eDirectory, you can now use SOAP to access eDirectory. A full DSML v2 SDK is available for eDirectory 8.7 and above. It provides a DSML SOAP connector that connects to eDirectory and any LDAP directory, including prior versions of eDirectory that are running the LDAP service. Also included is the ability to use authentication information from the HTTP header.
Figure 2 illustrates the architecture of the DSML connector. This implementation conforms to the JNDI Service Provider specification from Sun.
August 2003 79 Web Server Reader
DSML Java SOAP LDAP Servlet Writer API DSML eDirectory SOAP LDAP LDAP J2EE Container
SOAP UDDI DSML URL DSML WSDL
Figure 2: Architecture of the DSML connector for eDirectory 8.7.
DSML bridges the gap between developing to Web services and developing to a directory by allowing traditional LDAP directory operations and their results to be represented as XML request/response operations. Common DSML operations include searching for specific directory objects and returning selected attribute values. Using SOAP, such XML-based information sent by the client is picked up by the Web service. Through DSML, the XML information is interpreted, turned into an LDAP request, and sent to eDirectory. When the response is returned, it's converted back into XML format and is sent on to the Web service.
Also in the SDK is sample code showing how to use DSML to access eDirectory in the JNDI environment (if you're familiar with the JNDI provider), in the Microsoft .NET environment, and with the Novell exteNd Web services engine, jBroker Web. Developer Notes
Other New Features in eDirectory 8.7.1
For your reference, here are brief descriptions of some other new features included in eDirectory 8.7.1.
• Clientless install (Windows only). This provides the ability to install eDirectory on a Windows NT or 2000 server without the Novell Client. • Novell iMonitor 2.1. This new version of iMonitor provides SSL support on all platforms, object statistics reports, enhanced obituary processing reports, server advertising reports, enhanced tracing functions, and event monitoring and statistics.
• Novell iManager 2.0. This utility provides a single Web-based management console for the administration of Novell products on NetWare 6.5. iManager standardizes all Novell Web-based administration utilities into a single management framework. It also provides an architecture for easy
www.novell.com/appnotes 80 development of Web-based administration and management modules through open standard application interfaces. This utility uses Roles to delegate eDirectory administration, management, and services tasks.
Novell iManager consists of two pieces: eDirectory Management Framework (eMFrame) and eDirectory Management Toolbox (eMBox). Novell eMFrame plug-ins communicate over standard directory access protocols to perform routine management tasks and also communicate with eMBox. EMBox is the server-side piece that works with iManager to access functionality in various eDirectory utilities. The eDirectory utilities available in Novell iManager include DSRepair, DSMerge, Backup and Restore, LDAP, WAN Manager, and the Novell Import Convert Export utility. These are the same utilities that shipped in eDirectory 8.6.2, with fixes in DSRepair to accommodate Extensible Match. A new SNMP management utility is also included. • Universal Password. In the past, administrators have had to manage multiple passwords (simple password, NDS RSA passwords) because of password limitations. Administrators have also had to deal with keeping the passwords synchronized. Universal Password addressed these problems by creating a single password that can be used by all protocols to authenticate users. In addition, all Novell utilities are now UTF8 encoded. When a password is reset by a user or an administrator, the Secure Password Manager (SPM), an NMAS components, will take the unicode password and convert it to a Universal Password (UTF8-encoded) and reset the NDS password. It will also reset the simple password if there is one. • Backup and Restore. eDirectory 8.7 introduced a new focus for backup and restore, called “hot continuous backup.” With the new Backup eMTool, you back up the eDirectory database for each server individually, and you can do it while eDirectory is running. This tool is great for restoring an individual Developer Notes server after a hard drive failure or for moving a server's data to a new machine. It’s much faster than using the Target Service Agent (TSA) for NDS to back up the tree. (The legacy TSA for NDS backup still works as documented in eDirectory 8.6; both TSA for NDS and the new backup tool can be used if necessary.)
In eDirectory 8.7.1, backup of server-specific information has been implemented using the Backup eMTool.
• Novell eGuide 2.11. eGuide provides a Web-based GUI for searching, viewing, and editing information stored in Novell eDirectory and other directory data sources. Because eGuide is highly customizable for any type of environment, administrators can configure it to their own specifications. Users access eGuide via a standard Web browser.
August 2003 81 Conclusion
This AppNote has provided an overview of the new features included in Novell eDirectory 8.7.1 from a developer’s perspective. For more information about eDirectory, including a free evaluation version and redistribution kit, visit http://www.novell.com/products/edirectory.
For Additional Information Information about these new features, along with API documentation and sample code, is available in the eDirectory/LDAP SDKs from Novell at http://developer.novell.com/ndk.
The LDAP SDKs are also available as open source on http://www.openldap.org.
Industry links:
• Open Group - LDAP certification and directories: http://www.wwldap.org
• Directory Interoperability Forum: http://www.opengroup.org/dif IETF standards:
• LDAP v3: http://www.ietf.org/rfc/rfc2251.txt • Dynamic groups: http://www.ietf.org/internet-drafts/draft-haripriya-dynamicgroup-01.txt • Filters and extensible match: http://www.ietf.org/rfc/rfc2254.txt
• Persistent Search: http://www.ietf.org/proceedings/01mar/I-D/ldapext-psearch-03.txt Developer Notes • TLS protocol: http://www.ietf.org/rfc/rfc2246.txt
• startTLS extension for TLS: http://www.ietf.org/rfc/rfc2830.txt
• SASL: http://www.ietf.org/rfc/rfc2222.txt
Copyright © 2003 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.
All product names mentioned are trademarks of their respective companies or distributors.
www.novell.com/appnotes 82 Check out Linux pl target the will now fo industry asbenchmarks equation. Both have long brings itssupport and training organizations into the th of Linux Servicesaspart who will industry leaders the Linux platform. And withthe support of other nologies such as eDirectory Nterprise Linux Services br reliable infrastructure in orde with anyoperating system,Linuxneedsastrong As nity. reac stirred significant the fu in what toexpect tion Novell istaking andwill give you some idea on This press release will Linux. se and future oping tothese cover the technica Nterprise Linux Services. announcement regarding the fu month we’llpresentthe column. This Welcome toourfirst“LinuxCorner” the Red Hat Enterprise Li Enterprise the RedHat integrated packageruns andwill besupportedon that messaging, directoryandmana Linux Services, giving cu 7—NovellNetWare todayintroduced Novell Nterprise Linux—including theentire servicesstack in thefuture network servicesforbusinesson advanced customers the choice of running all of Novell’s part ofitsrecently As Linux ServicestoTheir Customers IBMtoOfferNovellNterprise Dell, HP,and Services Novell NterpriseLinux program. mation on NovellNterpris [email protected] AppNotes Novell Editor-in-Chief Richard Smith http://www.novell.com/linux l details of implementing and devel- details ofimplementingand l announcedplan toprovide tion acrossthe Linux commu- help youunderstandthedirec- ture. This announcementhas June 24, 2003 Novell nux and SuSE Linux Enter- nux andSuSELinux stomers file, print, been recognized inthe been provide NovellNterprise Future Linux Corners will r other organizations and e Linux Services beta eir offerings, Novellalso rvices and offerings on , DirXML, and iFolder to proven Novelltech- ings atform for theirservices. r tobeasuccess.Novell gement services inan ture releaseofNovell for moreinfor- implementation and migrati strategy and return-on-investme consulting delivers Novell’s Nterprise LinuxServ Novell Certified Linux Engi includi training services, consulting, Novell’s Linux inma sion-makers resolving thesein issues likely togoalongwaytowards Linux is support Novell’s move toexpand support issues withongoing tion’s abilitytointegrateLi and experience inthe tise mainstream acceptanceincl has indicated thatLinux face “I IDC, said, research for presidentvice ofSystemSoftware Dan Kusnetzky, administrationLinux Services. forNterprise of browser-based, singlepoint a iManager provides exteNd Director StandardEd Virtual Officefor end-user management services via ZE via iPrint,messag services services vi DirXML, file include identityservices integrated intoasinglebusiness solution.These is comprisedof anumberNovellnetworkservices The initialversionof Nove and hardwareplat system proven Novellnetwork se will be ab customers ensures And themarket. supportofthemajorhardwareplayers networking tothe rapidly growing Linux server the valuesecure, of scalable andreliable Novell provension ofour cross-plat Providing network services on many with successfully model chairman andCEOof Nove ating systemthey’re usi where they’relocatedorwhatoper- kindof deviceor people withthe same quality thatis onsecure provide solutions focus “Novell’s training andsupport. customers,Novell toprovidefull workingwith vendors will offer Novell’s hardware majorthe three through which HP, andIBM Novell todayalsoannounced Novell. proven, rock-solidsupport a th Linux Servicescombines training andconsultingserv along withcomprehensive No prise Server distributions. ny organizations.” direction-setting offerings such as ng,” said Jack Messman, ng,” saidJack the minds of IT deci- ng the recentlyannounced a Novell iFolder, printing a NovelliFolder, via NovelleDirectory and DC’s demand-sideresearch form of theirchoice.” customers’ options and rvices on the operating organization, anorganiza- Available laterthis year ing services via NetMail, ing servicesvia technical support and ll Nterprise LinuxServices access andproductivity via nux intotheir network, and uding lackofLinuxexper- on services,andbeginning Linux solutions to their e benefits of Linux with e benefitsofLinux ices for Linux,Nterprise ll. “We’ve followed this of Linux environments. of nd network servicesfrom neer program, roundout neer Nworks for Servers, and a le to obtain andrun these and brings form strategy experience, no matter s several impediments to ition. In a agreements withDell, of our solutions already. vell techni ices solution.Novell Linux isa natural exten- nt analysisas well as ddition, Novell cal support, August 2003 August complete Linux solution. solution. Linux complete supportcal fora services gic consulting and techni- Server,strate- along with SuSE Linux Enterprise Enterprise Linux and Hat Red on management saging, directoryand mes- print, file, integrated givescustomers Services Linux Nterprise Novell 83
Sections net management
in late 2003, Novell’s Certified Linux Engineer Linux to make enterprise computing simpler and more program will combine certified expertise on Novell’s cost effective. As more customers turn to Turbolinux Linux offerings with Linux Professional Institute (LPI) and demand the benefits of Linux, Novell’s strategic certification recommended as prerequisite knowledge. direction and its Nterprise Linux Services will help Novell is also empowering its top channel partners to feed that demand and provide customers with proven provide the same quality support to the customers they solutions from a proven vendor.” serve. Computer Associates Senior Vice President and Chief Novell will continue to develop and enhance Architect of the Linux Technology Group Sam Green- NetWare—a premier platform for delivering advanced blatt: “Computer Associates is looking forward to network services for business—as its impending supporting Novell Nterprise Linux Services with our delivery of NetWare 6.5 illustrates. NetWare 6.5 backup and antivirus solutions for Linux. Customers includes business continuity, open source, Web appli- are demanding software services on Linux that are reli- cation development and virtual office features, all of able and secure, and CA and Novell are committed to which will also be available and supported on the providing solutions that deliver exactly that.” Linux kernel in the future. NetWare 6.5 and Nterprise EMC Vice President of Global Solutions Don Swatik: SuSE Linux CEO Richard Linux Services provide parallel paths for NetWare and “EMC and Novell have worked together to integrate Seibt: “Now, customers can Linux users until they meet at NetWare 7, when the EMC Automated Networked Storage with Novell leverage Novell’s depth of complete Novell services set will run on both the experience in mission-criti- Nterprise Linux Services. Our joint efforts ensure that NetWare and Linux kernels. cal infrastructure—com- customers deploying these innovative services from bined with SuSE’s proven Novell partners and industry leaders agree that Linux is Novell can take full advantage of the information world-class technol- ogy—to build the next gen- growing as a platform for critical enterprise services management, sharing and protection capabilities of eration of secure, scalable and Novell will add significant value to the Linux EMC automated networked storage systems and soft- and platform-independent enterprise. ware.” applications. Novell Nter- prise Linux Services—run- SuSE Linux CEO Richard Seibt: “Now, customers can Ximian President and CEO David Patrick: “Novell has ning on SuSE Linux leverage Novell’s depth of experience in mission-crit- much to offer the Linux market with its innovative Enterprise Server—marks a ical infrastructure—combined with SuSE’s proven technology and established support infrastructure. The seismic shift in the market for this truly disruptive world-class technology—to build the next generation synergies between Ximian and Novell will help drive technology.” of secure, scalable and platform-independent applica- enterprise adoption of Linux by providing customers tions. Novell Nterprise Linux Services—running on with cost-effective solutions that are easy to deploy SuSE Linux Enterprise Server—marks a seismic shift and affordable to manage.” in the market for this truly disruptive technology.” Open Source Development Lab (OSDL) CEO Stuart Red Hat Vice President of Channel Sales Mike Evans: Cohen: “Novell Nterprise Linux Services offers Linux “Red Hat welcomes Novell Nterprise Linux Services users proven infrastructure capabilities backed by running on the Red Hat Enterprise Linux family of enterprise-class support. Novell’s announcement is products. With Novell’s services, supported by confirmation that Linux is enterprise ready and should Novell’s worldwide support organization, running on be considered by customers who want to take advan- Red Hat Enterprise Linux, customers now have even tage of its benefits.” more reasons to look to Linux for their mission-critical Nterprise Linux Services is part of Novell Nterprise, a infrastructures. We look forward to working with set of offerings that improve communication, simplify Novell and our common global OEM partners—Dell, and automate network management, and allow workers HP and IBM—to deliver robust solutions to the to be productive regardless of location, device or plat- market.” form. Novell’s GroupWise client for Linux desktops, Conectiva CEO Jaques Rosenzvaig: “As Conectiva for example, will be available later this year and will sees Linux adoption increase in the marketplace, we give customers additional choice for taking advantage also see the value of software services that make the of the most trusted and secure messaging platform in platform even more attractive to enterprise customers. the industry. Novell Nterprise Linux Services combines Novell’s Novell Nterprise Linux Services 1.0 beta testing begins technical expertise and proven market leadership to the Sections in July. Pricing and general availability will be benefit of the entire Linux community, including announced at a later date. For more information about customers, developers and partners.” Nterprise Linux Services and Novell’s Linux strategy, Turbolinux President and COO Koichi Yano: or to apply to be a beta tester, visit “Turbolinux has built its business as a provider of http://www.novell.com/linux.
www.novell.com/appnotes 84 net management
to this common set of resources without having to assign the resources to each user object. This greatly simplifies administration. To create a group object, follow the steps below: 1. Login to iManager with a user assigned to the Group Management role. 2. Expand Group Management. iManager 1.5 Roles Defined: 3. Click Create Role. Part 3 4. Enter in a name for the group and context as shown in Figure 1. Jeff Fischer Research Engineer 5. Click OK to create the group. Novell AppNotes 6. Click OK to return to the home menu. [email protected] To delete a group, follow the steps below: Last month we discussed DHCP Management, DNS 1. Expand Group Management. Management, and eDirectory Administration roles. 2. Click Delete Group. This month we continue to define the roles in the Novell iManager 1.5 utility. 3. Type in the full distinguished name of the object Group Management role Group Management allows you to create logi- cal groups in the eDirec- Group Management role allows you to create tory tree. logical groups in the eDirectory tree. The concept of a group is fundamental to what a Directory can provide for your network. Groups can be useful to help you manage administrative resources as well as user resources. We have previously talked about using groups to manage your administrative users. For example, you can create a group called administrators and assign to the group the rights or roles necessary to administrator a Figure 1: Creating a group for group management purposes. network resource, such as rights to folders and files on a server. or use the object browser to browse to the object. It’s also a good idea to use groups to manage network Notice that you can select multiple objects as well. resources. For example, you could create a group 4. Click OK to delete the object. called DevUsers. This group object would have rights to a certain network resources, such as printers or 5. Click OK to return to the home menu. folders, etc. Members of this group would have access To modify the properties of a group, follow the steps below: 1. Expand Group Management. 2. Click Modify Group. 3. Type in the full DN of the object or use the object browser to browse to the object. Notice that you can
select multiple objects as well. Sections 4. Edit the properties as needed, as shown in Figure 2. 5. Click OK to modify the group. Figure 2: Modifying an already created group in Group Management.
August 2003 85 net management
Help Desk Management 5. Click OK to return to the home menu. The Help Desk Management role takes a few of the common tasks that could be asked of Help desk LDAP Management personnel and groups them into a role. Users assigned LDAP Management is a role that helps you administer to this role can create users in the tree, set passwords, eDirectory LDAP Services. A complete tutorial of all and clear an account lockout for a user object. the LDAP services eDirectory provides is way beyond what I could detail in this column. However, I will To create a user, follow the steps below: cover the three tasks that pertain to this role. If you 1. Login to iManager as a user assigned to the Help would like more information specifically about eDirec- Desk Management role. tory and LDAP, visit the eDirectory 8.7 documentation at http://www.novell.com/documentation. 2. Expand Help Desk Management. 3. Click Create User. Simply put, LDAP is a communication protocol used to access a Directory. The two objects responsible for 4. Fill in the properties you need for the user. Note providing LDAP services are the LDAP Group Object that the username, lastname, and context are and the LDAP Server object. The LDAP Group object LDAP is a communication required fields. manages the LDAP properties for an LDAP server. protocol used to access a Directory. 5. Click OK to create the user. The LDAP Server object manages the way LDAP soft- ware clients connect to the server. 6. Click OK to return to the home menu. To set a password for a user, follow the steps below: The LDAP objects are created during eDirectory installation, but you can use the LDAP Management 1. Expand Help Desk Management. role to change the LDAP properties from their defaults. 2. Click Set Password. You can also create them if there is a case where you would need to. 3. Type in the full DN of the object you want to set a password for or use the object browser to browse To create an LDAP Server object, follow the steps to the object. below: 4. Enter in a password for the user. 1. Login to iManager with a user that is assigned to the LDAP Management role. 5. Confirm the password in the second field. 2. Expand LDAP management. 6. Click OK to set the password. 3. Click Create LDAP object. 7. Click OK to return to the home menu. 4. Specify whether the object is an LDAP Server or An account can become locked if an intruder attempts Group object. to login with a username and then tries to guess the password. If intruder detection is enabled, the account 5. Enter a name for the object and specify its context can become locked after a certain number of bad as shown in Figure 3. attempts to login with the username/password. 6. Click Next. More commonly, an account can become locked after a 7. Specify the server that will host the LDAP user changes his/her password and does not remember services. it. The user may repeatedly try to login using several passwords hoping to remember which one they used until their account becomes locked. The user would then need to call the help desk to unlock their account. To unlock an account, follow the steps below:
Sections 1. Expand Help Desk Management. 2. Click Clear Lockout. 3. Type in the full DN of the user or use the object browser to browse to the object. Figure 3: Creating an LDAP server object. 4. Click OK to clear the lockout.
www.novell.com/appnotes 86 net management
8. Click Start. 8. Enter the context into which you will install the To delete an LDAP object, follow the steps below: license. This can be the context of the server object. 1. Expand LDAP Management. 9. Click Install. 2. Click Delete LDAP object. To delete a license from the eDirectory tree, perform 3. Select the objects to delete. the following steps. 4. Click Delete. 1. Expand License Management. The LDAP Overview tasks lets you see the settings for 2. Click Delete License. the LDAP objects. Here you can change things such as using a secure LDAP connection, LDAP mappings, 3. Use the browse button and browse to the license connections, and searches. file you wish to delete. 4. Click OK. To view the LDAP Overview, follow the steps below. To move a license to a new location in the tree, follow 1. Expand LDAP Management. the steps below: 2. Click LDAP Overview. 1. Expand License Management. 3. Notice that you can select to see LDAP Groups or 2. Click Move License. Servers. 3. Click the browse button to browse to and select a 4. Click View LDAP Servers. license. eDirectory allows you to 5. Click the link to view the LDAP properties for a 4. Click Next. store and manage the server as shown in Figure 4. licenses you need to run 5. Browse to and select a new location for the license eDirectory. 6. Click OK when you are finished viewing or and click OK. editing the properties you desire to see. The License Management role also lets you manage License Management the properties for a license. Follow the steps below to manage the properties for a license: eDirectory allows you to store and manage the licenses you need to run eDirectory. The License Management 1. Expand License Management. role allows you to install, delete, and manage the prop- 2. Click Manage License Properties. erties of a license installed into your eDirectory tree. 3. Click the browse button to browse for and select a To install a license into the tree, follow the steps license object. You can select a License outlined below: Container, Certificate, or Service Provider and 1. Login to iManager with a user assigned to the view the properties of that object. License Management role. 2. Expand License Management. 3. Click Install License. 4. Click the browse button and browse to a license file. 5. You can view the properties of the license file by clicking the View button. 6. Click Next.
7. Mark the checkbox next to Sections the license in order to install it and click Next.
Figure 4: Viewing the LDAP properties.
August 2003 87 net management
4. To view the properties of a license, select a License Certificate object in the browser and click OK. 5. View all the properties of the object and click OK when you are finished. Figure 5: Blocking and unblocking rights in the IRF.
Rights Management 8. You can also add a new property by clicking the Managing rights assignments in the tree can be a daily Add Property button. Managing rights assign- task. Since I have already discussed in detail how to ments in the tree can be a 9. Mark the rights you want the trustee to have. daily task. manage rights on a network using ConsoleOne, I’ll only show how to perform the tasks in iManager. 10. Click Done. To modify an IRF in iManager, perform the following 11. Click OK twice to return to the home menu. steps: To view and modify the rights an object has to other 1. Login to iManager with a user assigned to the objects in the tree, follow the steps below: Rights Management role. 1. Expand Rights Management. 2. Expand Rights Management. 2. Click Rights to Other Objects. 3. Click Modify Inherited Rights Filter. 3. Browse to and select the object you want to view, 4. Using the browse button, select an object from the such as a user object. tree where you want to apply or modify the IRF. 4. Select the context from which to search. To view 5. Click OK. the top most rights that an object has, select to search from [Root]. 6. Click Add Property to add a property you want to filter from locations below this object of the 5. Select to include subcontainers. eDirectory tree. 6. Click OK. 7. Unmark the rights you want to block as shown in 7. To add additional rights, select the Add Property Figure 5. button. 8. Click OK. 8. Choose the rights you want to assign and mark To modify trustee assignments, follow the steps below: these rights. 1. Expand Rights Management. 9. Click Done. 2. Click Modify Trustees. 10. Click OK twice to return to the home menu. 3. Using the browse button, browse to the object to To view the effective rights a trustee has on an object, which you want to assign the trustee, such as a perform the following steps: container object if you are going to assign a 1. Expand Rights Management. trustee rights to a container. 2. Click View Effective Rights. 4. Click OK. 3. Using the object browser, select the trustee you 5. Click Add Trustee. want to view. 6. Browse to and select the object you will use as a Sections 4. Click OK. trustee. 5. Highlight the properties in the Property Name 7. Click the assigned rights link for the new field and view the effective rights for this trustee assignment. in the Effective Rights field. 6. Click Done.
www.novell.com/appnotes 88 net management
Server Management The Server Management role lets you open the NetWare Remote Manager for a server. The Remote Manager is a browser-based utility that lets you manage the server itself. You can access the console screens, change SET parameters, as well as monitor server performance. To launch the Remote Manager, follow the steps What to Do Before Calling below: Technical Support for OS 1. Login to iManager with a user assigned to the Server Management role. Issues 2. Expand Server Management. Robert Rodriguez 3. Click Launch NetWare Remote Manager. Research Engineer 4. Using the object browser, browse to and select the Novell, Inc. NetWare server you want to administer. [email protected]
5. Click OK and you will be logged in to the Remote NetWare is very reliable, but there are times when Manager utility. problems can arise. When trouble comes to your NetWare server, it is sometimes helpful to have a list When trouble comes to User Management of steps that help you identify the root cause of the your NetWare server, it is User management is an important daily network task. problem. sometimes helpful to have a list of steps that helps iManager allows you to create, delete, move and TID #10016899 is such a document, from which this you identify the root cause modify users. Since we have already created users, I Tip and Trick has been adapted. The TID has five of the problem. will only show the steps to enable and disable users simple steps that help you determine what the problem through the iManager utility. might be. If you can’t find the solution, these steps also To disable an account for a user, perform the prepare you for contacting technical support at Novell. following: So let’s go down through these steps. 1. Expand User Management. Step 1: What version of NetWare do you 2. Click Disable Account. have? 3. Using the object browser, browse to the user you You can probably answer this without even looking. If want to disable and click OK. not, you will need to download the file CONFIG.NLM 4. The user has been disabled and will no longer and find out. (The current version is available at have access to the network. http://support.novell.com/servlet/filedown- load/uns/pub/confg9.exe/.) 5. To re-enable the account, click Enable Account. What about other Novell software that’s running on the 6. Using the object browser, browse to the user you server? What about third-party software? All of these want to enable and click OK. pieces may be playing a part in your server problem. 7. The user account has been re-enabled. Get versions on all of the software that you’re using.
Conclusion Step 2: What patches have been applied This concludes this month’s article on the iManager to the server? roles. In this article, we documented the steps to Is your server current? If not, go to perform the tasks within the Group Management, Help http://support.novell.com/produpdate/patchlist.html Desk Management, LDAP Management, License and find out. If the server is out of date, get it current. Management, Rights Management, Server Manage- What about patches for other Novell software and ment, and User Management roles. Next month we will third-party applications? If they’re not current, update Sections conclude the discussion about iManager roles by them also. And don’t forget your drivers—make sure detailing the remaining roles. they are up to date as well.
August 2003 89 net management
Step 3 This full-text search only searches the AppNotes If there are still problems, then it’s time to identify the archives. symptoms your server is having. If you want to search all of Novell, use the search dialog at the top of any Novell web page. There is 1. Is there anything in the error logs? a drop down window that allows you to refine 2. Are there any error messages? your search to specific sub-sites, such as 3. Does the problem occur only under certain http://developer.novell.com or http://support.nov- conditions? ell.com.
4. Can you duplicate the problem? (If so, list the • Try the support forums. This service is free and steps.) has some of the most knowledgeable sysops 5. Could the problem be with hardware? around. Begin your search at http://support.novell.com/forums/. 6. If you unload certain applications or NLMs, does the problem go away? • Check your manuals, online documentation, and so forth. Novell’s online documentation is at 7. When was the last time you scanned for viruses? http://www.novell.com/documentation/. Also, Are the virus definitions up to date? don’t forget those readme files on your product 8. When did the problem first appear? CDs. They sometimes contain late-breaking 9. What has recently changed in the system? information that never made it into the product documentation. Step 4 • TID #10012765 At this point, it is time to use a few utilities to see if the (http://support.novell.com/cgi-bin/search/searchti d.cgi?/10012765.htm) covers Performance, problem can be isolated. Support recommends the Tuning, and Optimization. While this isn’t exactly following: troubleshooting, many of the tips found in this 1. Use CONFIG.NLM and config reader to check TID can fix related server problems. software versions. In some cases, the output of this NLM will be requested by technical support. 2. Run VREPAIR.NLM if you are having volume problems. Novell Portal Services 3. Run DRVSPEC.EXE to verify compatibility of Integration with a Directory ODI modules and LAN drivers. The current version is at Jeff Fischer http://support.novell.com/servlet/filedownload/un Research Engineer s/pub/drvspc.exe. Novell, Inc. [email protected] Step 5 This tip is a portion of the DeveloperNet University If you’ve gone through the previous steps without a course “Novell Portal Services Overview and Gadget resolution, it is now time to review some documents Development” found at http://devel- that cover diagnosing and solving problems. oper.novell.com/education/tutorials/portal/. • TABNDx.EXE is the Abend Troubleshooting Novell Portal Services (NPS) requires a directory to Guide. The current version is available at function properly. The directory is the underlying inte- http://support.novell.com/servlet/filedownload/un gration point for NPS; the directory maintains and s/pub/tabnd2a.exe/. The Abend Trouble- stores most of the following: shooting Guide contains diagnostic programs and utilities as well as documentation. • Configuration • Search for your specific problem in the TID • Access Control Sections (Technical Information Database) Knowledgebase • Relationships at http://support.novell.com/search/kb_index.jsp. • Layout Information • Check AppNotes for solutions. The AppNotes Search page is at In addition to these items, user information (name, http://developer.novell.com/research/search.htm. password, privileges, and preferences) is stored in the
www.novell.com/appnotes 90 net management directory. NPS leverages the directory to authenticate • XML—Any URL streaming XML data can be and build a personalized “page” of data for the user. formatted with a style sheet at the portal and included. Who you are in the directory matters! All assignments for what can be viewed in the portal are based on direc- • Java—Any backend service that can be accessed tory assignments: via a Java API can be presented in the portal.
•User Gadget Development Basics • Groups With a basic understanding of HTML, CSS, XML, • Containers DTD, and XSL, we are ready to dive into a study of • Attributes Gadget Development Basics. This section will be followed by a more advanced Gadget Development Gadgets discussion. In this part of the course, we will cover the following topics: Gadgets are the basic building blocks of NPS. Gadgets are applications that reside within the portal framework • What Is a Gadget? and serve to interact with other (external) resources • Gadget Architecture and Lifecycle such as directories, databases and web pages. Gadgets • Calling Gadgets communicate to any back-end system to gather data for the user. NPS provides single sign-on functionality to • Sending Data these back-end systems. A Gadget is represented in the • Configuration LDAP directory as a gadget object. NPS offers a wide variety of gadgets with the product, including those • Available Settings listed in the following table: • Secret Store NPS utilizes the following technologies: Collaboration System Application • Java (including “server-side” concepts) •Exchange • Authentication •Applet •GroupWise •HTML •Citrix •HTTP Mail •iFrame •News •XML •GroupWise • PortalStats • Phonebook Calendar •Portal Admin- •Stock •XSL •POP3/IMAP istration •NetworkFile • NNTP • Registration Gadget Knowledge in these areas is required for successful •RSS NPS gadget development. However, the following two •Shortcut technologies are good to know, but are optional: •User Admin •XML Remote •HTML • JavaScript, CSS, and so on Novell provides an array of Gadget Development Tools. The exteNd Directory Gadget Developer Kit What Is a Gadget? provides tools to develop, test, and deploy gadgets. A gadget is an NPS application that is used to interface Check out the offerings at Novell’s Developer Site at with a resource. A gadget consists of Java code and http://developer.novell.com/ndk/npssdk.htm. XSL stylesheet(s). It sits inside the NPS framework The exteNd Directory Gadget Developer Kit includes and outputs XML. It may receive user input from a documentation, extensive sample code, and the SDK browser. It may also interface with one or more libraries. external data sources such as applications, databases, and Web sites. Interfacing Content to Gadgets How a Gadget Works There are several ways of bringing content into the portal. Some of which include: When a user first brings up a portal page in the browser, the portal creates a new instance of each Sections • HTML—Any URL generating HTML can be gadget on that page and assigns it a unique ID. The linked into the portal (HTML, ASP, JSP, gadget instance maintains state information about the scripting, and so on). user’s session and continues to exist until the servlet engine drops the session. The portal then calls the init(String[] args) method of each gadget.
August 2003 91 net management
Creating a Gadget. This course is designed to give TENT_TYPE=yes in the request URL. Setting this you the basics for Gadget creation on any of the plat- parameter causes the portal to call another version of forms supported by the GDK. However, when you processRequest that takes HttpServletResponse as an download the GDK, detailed documentation is additional argument and requires the gadget to provided for using the following IDEs: generate the entire response. It also prevents the portal from calling getData. • Borland JBuilder 4/5/6/7 • Symantec/WebGain Visual Café 4 A gadget often needs to process several different kinds of requests, and needs a separate method for each Of course the JDK command-line environment will request rather than funneling everything through also work. processRequest. The portal supports this arrangement through “actions.” The gadget instance needs to have a When you create a Gadget, you can either implement a separate handler method with the signature void GadgetInstance or extend the BaseGadgetInstance. For onXXXAction(HttpServletRequest) that throws in a example: GadgetInstanceException, where XXX is the name of public class MyGadget extends the action.
com.novell.nps.gadgetManager.BaseGadget The GadgetInstance object must implement the addAc- Instance tionListener method to allow it—and possibly others— to register for the actions they want to handle. Each { listener must have the appropriate onXXXAction //... method. The GadgetInstance object must also imple- } ment the handleAction method, which is called by the portal instead of the processRequest method. Gadget Lifecycle. When implementing a Gadget, there are several important methods to implement. The handleAction method calls the onXXXAction Three of these are: method of each registered listener for action XXX. • public void init() Fortunately, if you extend BaseGadgetInstance, these methods are implemented for you and all you have to • public void getData() throws do is write the onXXXAction methods and invoke GadgetInstanceException addActionListener to add your gadget instance as a • public void processRequest() listener for each action. Let’s look at each of these in a little more detail, An action is specified in the request using the NPAc- init() This method performs instance initialization for tion=XXX parameter, where XXX is the name of the the gadget. action. If the NPAction parameter is not present, the getAction method is called to allow the gadget to getData() This method can override to return an XML specify the action. If no action is specified, the portal page to the output stream. It is also the default method calls the processRequest method; otherwise, it calls the to return data. It is always called unless there is a state handleAction method, which in turn calls the onXXX- change, which we will talk about later in the course. Action method for each registered listener (normally processRequest() Many gadgets need to receive and only the gadget instance itself). respond to user input such as forms or request parame- The processRequest is followed by a call to getData. ters embedded in the URL query string. The portal However, there is an exception: parameter distinguishes the requests that need processing by the CUSTOM_CONTENT_TYPE=yes passed in the presence of the GI_ID parameter in the URL or as a request URL. This also allows some processing to take hidden field in a POSTed form. The portal then uses place before getData() is called. It is also a good place the specified gadget instance ID to identify the target to have State changes (setState()) as a result of data in GadgetInstance object and calls its processRequest the request header. method to allow it to process the request. Calling Gadgets. Each gadget is called by the Gadget- Normally, the call to processRequest is followed by a Manager and the XML output from the gadget is itself
Sections call to getData in order to get the updated display, “wrapped” with XML from the GadgetMaseter. This which is presumably updated to reflect the request just “wrapping” tags on the GI_ID to the XML output from processed. Sometimes, however, a gadget needs the Gadget. Here is an example: complete control over the HTTP response that is sent back to the browser. For example, the gadget might
need to send a redirect or a download file. This can be ... XML output from gadget ... achieved by setting the parameter CUSTOM_CON-
www.novell.com/appnotes 92 net management
Gadgets can take advantage of this wrap- ping to access the GI_ID in their stylesheet (main.xsl). For example, if we are one level deep in the DOM tree of the gadget XML, then the corresponding XSL document can access the GI_ID attribute by traversing two levels up the tree:
Navigating Novell’s Web Site Effectively
Robert Rodriguez Figure 2: The Top Level Home page. Research Engineer Novell, Inc. Basic Page Styles [email protected] Before any discussion of menus and organization, it is important to know about the basic page templates used Novell has a huge, complex website. In fact, just about in Novell. There are basically four types of pages. everything that Novell does is on the web. So how does anyone find a specific page, document or file on some- Tier 1. The first type of page is the “Novell Home thing so big—especially when someone doesn’t know page” (see Figure 1). This template is used for exactly what they’re looking for? This article will take http://www.novell.com and nowhere else in Novell. In a look at the different types of pages on truth, this is primarily a marketing page and we don’t http://www.novell.com and what kind of information mean marketing in a bad way, because this is the page you can expect to find on them. Future articles will first-time visitors see. This page contains information look at how Novell’s Web site is organized and how to about the company, news and special offers. Like all use the menu system. other Novell pages, it has the top navigation bar which we will discuss in detail in a later article. Tier 2. The second type of page is the “Top Level Home page” (see Figure 2). Pages using this template correspond to the links on the Top Navigation Bar: • Company • Solutions • Products •Training • Support •Partners • Developers. The page type has three columns:
• Column one is a customer quote. Sections • Column two has descriptions and links to content related to the pages’s topic. Figure 1: The Novell Home page. • Column three is related news, promotions, and items of interest.
August 2003 93 net management
Obviously the most important area on these pages is the center or second column. These are the links that allow a customer to drill deeper into the topic. Just about everything in this center column is a link. Tier 3. The third level page is called a “Subject Home page”. These pages correspond to specific products or Figure 3: The Subject Home page. topics such as NetWare or the AppNotes home page (see Figure 3). doesn’t have links that go “up” the website and it is These pages have two or three columns, depending on usually specific to the topic covered by the page. The the amount of material that they cover: left navigation will be present for all pages under the Subject Home page (although the links can sometimes • Column one is navigation change). • Column two is a description of the topic and links Column two usually contains links that drill deeper to that content. into the site, but sometimes there is also general • If there is a column three, it contains information content. For example, the AppNotes home page similar to the third column in Tier2 pages. (http://developer.novell.com/research) contains links to all the current articles and the left navigation provides access to archives, ebooks and feed- back. Tier 4. These are “Content pages.” This is the template that contains all the information (see Figure 4). These pages are very similar to the Tier3 pages. They have the same left naviga- tion and may Figure 4: The Content Page have links in the content to other These pages introduce the left-side navigation. This areas. However, they always primarily deal in the Sections navigation bar is specific to the subsite. It generally subject matter.
www.novell.com/appnotes 94 net management
Requirements for Putting eDirectory on Windows Installing eDirectory on Windows is a great way to add directory capabilities to your Windows network. This gives you all the advantages of using the directory, but with the capability to use software packages that may not run on the NetWare platform. Installing eDirectory on When you install eDirectory on Windows, you must remember a few things. First of all, in a production Windows and Linux environment you must have the necessary hardware to give you acceptable performance. While 256 MB of Jeff Fischer RAM is recommended, but I would not install eDirec- Research Engineer tory on Windows on a box without at least 512 MB of Novell, Inc. RAM. [email protected] The reason is that eDirectory is very I/O intensive. Last month Kevin talked about how to access the That seems obvious, right? The point of a directory is Directory from the JNDI Application Programming to store and retrieve information, which produces a lot Interface. Kevin has done an excellent job covering the of read and write operations. The ideal performance topic of eDirectory in this column. Just recently I was from eDirectory comes when you can cache all or most given the assignment to take over this column. It is my of the Directory into available RAM. eDirectory tries hope to begin where he left off and to continue to to cache itself in order to increase I/O performance, so provide you with important content about eDirectory. if you can allocate more memory to eDirectory, the better performance you will see--especially when running on Windows. An Eye Toward Multiple Platforms As I begin this column, I plan to talk about eDirectory Next, you will need a user with administrative rights, in the context of running it on multiple platforms. I the latest service pack from Microsoft, and a static IP think most people who are familiar with eDirectory address, since this box will be a server. If you are have run it on NetWare. Now, with Novell’s current installing the server into an existing eDirectory tree, cross-platform strategy, I will detail how to install, run you will need Supervisor rights to [Root] in order to and manage eDirectory from Windows and Linux. extend the schema and place the server object into the tree. For those eDirectory experts who have run eDirectory on NetWare for years, it will be very important to learn You can install eDirectory on Windows NT and 2000, the differences on how to run eDirectory on Windows but not XP. You must also install eDirectory on an and Linux. In fact, the environment I will use in prepa- NTFS partition, which provides for a more stable and ration for this column each month is an eDirectory 8.7 secure environment for the directory. tree with a NetWare server, a Windows 2000 server, As you think about the hardware requirements for your and a Red Hat 9.0 Linux server. I will concentrate my eDirectory box, consider this scale as a rough estimate thoughts on running the Directory on all three plat- for the space you will need. A base installation of forms. eDirectory with no extra schema additions will require To begin the column this month, I will walk through an about 74 MB of space for every 50,000 objects. As you installation of eDirectory on Windows and Linux. I add attributes to the schema and fill out existing prop- will then talk about the new features of eDirectory 8.7 erty values, the space required will grow from there. that will help you optimize your Directory tree. You can use this as a guide as you consider how much Following these discussions, I will talk about how to memory and hard disk space your eDirectory server write applications that leverage the Directory. will need. Sections
August 2003 95 net management
8. Select the path where to install eDirectory. The default is fine. 9. I selected Install into an Existing Tree since I already have a NetWare 6 server running as shown in the Figure 1. 10. Fill out the information for your tree name and context for the server object. 11. Click Next to select the LDAP ports as shown in the Figure 2. 12. Select all methods of authentication for NMAS. 13. Click Finish. Continue and install ConsoleOne so you can manage eDirectory on the Figure 1: Installing eDirectory for Windows into an existing tree. Windows platform. With those things done, you have now installed eDirec- tory on Windows. Installing eDirectory on Windows eDirectory on Linux Enough about requirements--let’s install eDirectory on Windows. You can download eDirectory from Novell Running eDirectory on Linux has many strong points. at http://www.novell.com/download. The installation First, Linux is a great, stable operating system. It is program for eDirectory isn’t that different from an excellent at managing its hardware resources. eDirec- eDirectory installation on NetWare or a typical tory does not make quite the foot print on Linux that it Windows installation for any other Windows program. does on Windows. Also, Linux is a cheaper alternative You need to specify whether to create a new tree, an to Windows. existing tree, and specify the license as well as the A lot of skepticism surrounds Linux because it is ports you’ll want the server to use for administrative different. People say it is not as intuitive as Windows services and for LDAP services. and not quite as user friendly. While many strong To install eDirectory on Windows, follow the steps Linux advocates will fight these claims to the death, below: the truth of the matter is that using Linux and specifi- 1. Download eDirectory 8.7 from Novell’s web site. 2. Extract the contents of the ZIP file to a directory on your computer. 3. Browse to the NT directory and launch the setup.exe file. 4. Mark the box to install Novell Directory Services and ConsoleOne. You can install an SLP DA (Service Location Protocol Directory Agent) at a later time if you need SLP Sections services on the Windows box. 5. Click Next. 6. Click I Accept.
7. Mark English as your language Figure 2: Configuring the LDAP ports. and click Next.
www.novell.com/appnotes 96 net management cally running eDirectory on Linux is a little different, especially if you have never used a Unix version before. Even though NetWare borrows many aspects from the Unix world, working with Linux is still quite a bit different than NetWare or Windows. Linux is known for running on small and even outdated hardware. While I would not put a machine into a production envi- ronment that didn’t not have sufficient hardware, you could run eDirectory suffi- ciently on less of a machine than a Windows box. For a production environ- ment, I would still follow the recommen- dations to put sufficient amounts of RAM, high processor speed (above 1Ghz), and hard disk space (as covered in the Windows section). Figure 3: Installing eDirectory on Linux. I’m going to install eDirectory 8.7 on a Red Hat 9 system with the latest patches from Red Hat. 12. Type cd Linux/setup to change to the setup I am using GNOME as my desktop manager, but KDE directory. will be fine too. In fact, we will use a terminal window 13. Type ls to list the contents of the directory. You for about everything. should see a file called nds-install as shown in Follow the steps below to install eDirectory on Linux. Figure 3. 1. Download eDirectory for Linux from Novell’s 14. Type ./nds-install to begin the installation process. web site. Save the file to a home directory as well The period and the slash are important in the as the license file. Linux world. 2. Open up a terminal window. You can do this by 15. Press Enter to begin. opening up the desktop menu and going to System 16. Press q to view the bottom of the license instead Tools > Terminal. of having to page the whole way down the screen. 3. At the console window, type su - to login as the 17. Press y to accept the license. root user. 18. Type 1,2,3 to install all three applications. 4. Type in the password. 19. Enter the path for the license. My path is 5. You should now see root@ on the terminal /home/jfischer/edir/edlic. window. 20. Watch for a few minutes while eDirectory is 6. Type cd to change to the directory where you installed. downloaded the eDirectory file. 21. Select English as the language. 7. Type gunzip eDir_file_name. (Replace 22. Type 8 to install all the snap-ins for the eDir_file_name with the name of the file.) ConsoleOne utility. 8. Type mkdir edir to create a new directory where 23. If you don’t have a JRE installed on your Linux you want to extract eDirectory. box, you will want to install it. I already have it 9. Type mv eDir_file_name_with_tar edir to move installed so I selected n to not install the JRE. the .tar file to the edir directory. 24. When the prompt finally returns, you have 10. Type tar xvf eDir_file_name to extract the installed eDirectory but not inserted the server Sections contents of the tar file to the edir directory. into a tree. That is next. 11. Type ls to list the contents of the directory and 25. Notice the note on the screen to update two you should see folders such as documentation, environment variables. You will need to update Linux, and nmas. these variables before we go on.
August 2003 97 net management
26. To update the variables, open a new terminal window and type su - and login as root again. 27. Type vi /etc/profile to open the profile file in the vi text editor. 28. Hit the letter i on your keyboard to change to insert mode. 29. Use the arrow keys to scroll to the bottom of the file. 30. At a new line, type the two lines as shown on the previous terminal window.
PATH=/usr/ldaptools/bin:$PATH
MANPATH=/usr/ldaptools/man: $MANPATH Figure 4: DP_version.jpg: As you run NDSSTAT, you should see the tree name, export PATH the server name, eDirectory version, etc. export MANPATH 37. Enter your tree name. 31. After typing the lines above, hit Esc to leave 38. Enter the context for the server object. Insert mode. 39. Watch as eDirectory is configured. 32. Hit the Shift key and a colon. 40. Type ndsstat to confirm that eDirectory is 33. Type wq and hit Enter. running. You should see the tree name, server 34. Type exit and hit Enter twice to exit the terminal name, eDirectory version, and replica depth on window and return to the other terminal window. this output as shown in Figure 4. 35. At the original terminal window, type ndsconfig This month, we have installed eDirectory on Windows add. and Linux. Next month, we will begin a discussion about how to run and use the eDirectory tools on 36. Enter the full context of your eDirectory admin Windows and Linux such as ConsoleOne, iManager, user and the password. iMonitor, and DSRepair, DSTrace, and others. Sections
www.novell.com/appnotes 98 a numberof modules, including: covers installationinstructi installedinstallatioon afull The TIDgoesontoexplainthatis onlytobe it Root.” or Masterof mended thatthispatchfirst “This patchupdates 8.7.0 (DSModule Build - 10410.98). currently applied toservers update isfor AIX, Linuxand update tothe original release of eDirectory 8.7.0. This “This patchcontainsNovell following: “eDirectory 8.7.0.4 for UNIX,”the TID explains the that canbefoundinTID#2966149. Entitled Unix There’s anewupdated patch eDirectory or Services (NDS) Novell Directory 4.1. Novell exteNdDirector NT/2000/XP, GroupWise 6.5, ZENworks for Servers 3, N Suite 6,NetWareNetW 5, Services (NDS)or eDirectory, Novell Small Business The categories for this month include Novell Directory addresses. ofthesummary ries, giving issue youabrief theTID be looking at a se which you canfind at Novell’s brought toyouby The Technical Information Documents (TIDs) are NDSCONFIG • •HTTPSTK•EMBOX iMANAGER • •SNMP iMONITOR • LDAP.NLM • •DSREPAIR.NLM•DS.NLM lection of TIDs lection of schema. Thereforeis recom- it http://support.novell.com are 6,NovelliChain, ons, followed by updated to Support Connection site, Support running NovelleDirectory ovell ClientforWindows be appliedon aReadWrite n of 8.7.0. The TIDnof 8.7.0. then eDirectory 8.7.0.4, an for eDirectory8.7.0 Solaris. It should onlybe Novell iFolder 2.1and from several catego- . We’ll . We’ll ?/2966149.htm http://support.novell.com/cg edir8704.tgz togeteDirecto To godirectlyto TID#2966149 anddownload thefile ?/10018210.htm http://support.novell.com/cg at TID#10018210, which can be found at if you’re strugglingwithHP you can follow to get rid of your printing problem. So Hang UpintheQueue,”thisTIDgivesyou some steps TID #10018210.Entitled “Troubl familiar If suchproblemssound seeing: the problemsyouare Among you fits. now yourHPprinterisgiving Pa 4.6 Support Novell Client you 6 and Small BusinessSuite having printingproblems.Yo the biggiesandyouare of one is certainly printing wi company asmall You are Suite 6 Business Novell Small Port 123 is following messages: Synchronizati Your Time Pa Support or NovellNetWare6 If you arerunningNovell NetWare5.1 SupportPack5 NetWare 5 change that was made the following aboutthe caus tled “NTP Request Packet Timed Out,” this TID states consult TID #10073706.seeing suchmessages, Enti- •SAS/JSAS•eGuide•SAL•NMAS • Print jobs Print notprinting • out queue butneverprint the print to jobs get Print • jobsup inthe Print hang queue • • *** Unable to communicate with server with ***Unabletocommunicate • Timesync debugscreenkeeps repeating“NTP • SINGLE/REFERENCE server is pointingto an • NTP Request Packet Timed out • xx.xx.xx.xx:123! ***inTi Request Packet Timedout” external NTP time source not beingblockedonthe . . in these support packs: on may bereceiving the ry 8.7.0.4 for UNIX, see 8.7.0.4 forUNIX, ry e of the problem andthe i-bin/search/searchtid.cgi i-bin/search/searchtid.cgi ck 2 for Windows NT and NT ck 2forWindows th modest needs,but printing, firsttakealook u are running the Novell have justinstalledthe mesync debug screen to you, takealookat ck 1 or 2,takenotice. eshooting, Print Jobs eshooting, Print firewall. Ifyou are August 2003 August 99
Sections net support
“The NTP source being specified is an external NTP 2.1 or earlier, the alert for the LOG volume will be sent source on the other side of the firewall. Even though when the space drops below 1MB. This difference is port 123 may be open, all of the high ports are being due to the difference in block size when the volumes are blocked (ports 1024 and higher). created in 2.2 vs. 2.1. “In previous versions of TIMESYNC.NLM, both the To quickly access TID #10077498 and read up on all request and the reply went through port 123. In the of the alerts that the Novell Volera Excelerator gener- newer versions, the request still goes out through port ates, go to 123, but by default the reply comes back through a http://support.novell.com/cgi-bin/search/searchtid.cgi dynamic port that can be any port between port 1024 ?/10077498.htm. and 32768.” The TID then explains what you need to do to get around this particular problem. To get to TID ZENworks for Servers 3 #10073706 and get your time synchronization running properly, go to You are running Novell ZENworks for Servers 3.0 and http://support.novell.com/cgi-bin/search/searchtid.cgi the products has failed to set rights for ?/10073706.htm. Distributor_servername.container.container because of the following error:
ZFS3 installation log: “(Error 0x889A) An attempt to resolve the Switched Virtual Circuit (SVC) is partial.” NetWare 6 Do you know how to capture an LPT port so you can You must do the following for the Distributor to function print to a Novell Enterprise Printing Services (NEPS) correctly: or to a Novell Distributed Print Services (NDPS) Set the password of printer? If you have misgivings on such a procedure, Distributor_servername.container.container. to be take a look at TID #10028007. "distributor_password" Entitled “How to Capture an LPT Port to Print to a Make Distributor_servername.container.container a NEPS/NDPS Printer,” this TID gives you the steps trustee of [Root] with Write and Inheritable rights to necessary to make this procedure happen. To read TID "zenappstedApplicationCopies" and #10028007, see "zenappstedApplicationCopies2" http://support.novell.com/cgi-bin/search/searchtid.cgi ?/10028007.htm. If you have seen such a message, or part of this message, get over to TID #10073915 and read through the Symptom, Cause, and Fix for the solution. To go directly to TID #10073915, peruse your browser to Novell iChain http://support.novell.com/cgi-bin/search/searchtid.cgi If you are running Novell iChain as well as the Novell ?/10073915.htm. Volera Excelerator, you might be curious of all of the SNMP, email, and Syslog alerts that the Excelerator generates. If you have such an inquiring mind, I would have you take a look at TID #10077498. Novell Client for Windows 2000/XP Your Windows NT clients are running the Novell Entitled “Alert Thresholds, Text, Details,” the TID Client 4.7 or 4.71 for Windows NT/2000, or they are gives you the GUI, the Command Line Interface (CLI), running the Novell Client 4.6 SP2 for Windows NT. the alert text, the service that is sending the alert, and Now you are having one or some of the following the trigger that made the alert pop up in the first place problems with passwords: (trigger). An example of such an alert is presented below: • NT password synchronization fails during expired GUI: Disk space shortage password handling for the NDS user password.
Sections CLI: set alert diskspaceshortage= Alert Text: “The system is short on disk space and • Password change for incorrect local NT account operations may fail” attempted when NetWare password has expired. Service: Netware Operating System • Windows NT still prompting user for old Threshold: If the system was imaged to 2.2, this password even though password synchronization Generates an alert when the available disk space on the SYS volume (where config data is stored) or the LOG was completed without any errors reported. volume drops below 16MB. If the system was imaged to
www.novell.com/appnotes 100 net support
• When user logs in the NDS password has To alleviate this annoyance, grab TID #10084654. changed, but the Windows NT password is still Entitled “Cannot Login to Global Settings in iFolder the old one. Server Administration,” you can then follow the • Change Password dialog shows correct NetWare simple steps laid out here. To read TID #10084654, see user account (
August 2003 101 net support
No New Blocked.txt File in GoupWise 6.5 Upgrade Dear Ab-end: I’m upgrading from GroupWise 6 to GroupWise 6.5 and the GWIA is not creating the new “blocked.txt” file when I add new exceptions to our access list. There is also no “blocked.new” file under the GWIA. What could be the problem? Where should I start looking? Terminating a Directory Connection in —Steven “No New” in Seim exteNd and iChain Dear Ab-end: How can I integrate Novell exteNd Dear Steve: During the installation of the administra- Director and iChain so that a logout issued from within tion files you might have been asked whether you the portal actually terminates the directory connection should overwrite newer files. Although generally it is that you can see in the portal statistics gadget? seen as a good idea to do so, if you have applied —Randy Redirector GroupWise 6 Service Pack 3, the administration files will be newer than the GroupWise 6.5 shipping code. Dear Randy: Portal needs the following parameters To fix this, go to the Admin directory of your Group- (from either form inputs or from the querystring Wise Software Distribution Directory and run parameters): install.exe. When you get to the product selection • NPService=AuthenticationService screen, uncheck all options except “install administra- tion files.” When prompted, verify that you wish to • NPServiceDataType=PortalData overwrite the newer files. • logoutButton=Logout To logout of iChain, you will also need the following parameter: NetWare 6SP3 Not Recognizing Adaptec • ICSLogoutPage=http://myichain.mydomain.com/c SCSI Controller md/BM-Logout Dear Ab-end: I have a NetWare 6.0 server with a tape So in xsl, an href might look like this: drive attached to an Adaptec SCSI controller. After installing Support Pack 3, my tape drive is no longer href=“{$Portal.Servlet.Normal}NPService=Authenticatio nService&NPServiceDataType=PortalData&l recognized. ogoutButton=Logout&ICSLogoutPage=http://myich —Andie Adaptive in Altay ain.mydomain.com/cmd/BM-Logout” Dear Andie: The Adaptec SCSI drivers Or you can use a form with inputs, such as those found AHA2940.HAM, AIC78U2.HAM, ADPT160M.HAM in and ADPU320.HAM that are installed by Support portal\gadgets\com.novell.nps.authentication.Authentic Pack 3 all have problems. You should either use the ator\skins\default\devices\default\main.xsl drivers from the TOOLS\UNSUPDRV directory of SP3 or go back to the SP2 drivers.
High Utilization with NW6SP3 on a Compaq DL-380 BorderManager 3.7 Server What Courses Are Necessary to Become a Dear Ab-end: I applied NetWare 6 Support Pack 3 to CNA? my BorderManager 3.7 server and now it gets high uti- Dear Ab-end: I don’t know if you answer nontechni- lization, sometimes this is followed by a hard freeze. cal questions such as this, but here goes. I have some The server is a Compaq DL-380. questions regarding what courses it takes to become a —Calley Compaq Certified Novell Administrator. Is there somewhere at
Sections Novell I can ask these kinds of questions? Dear Calley: Apply the latest system ROM flash from —“Upping the Ante” Alex from Alasehir Compaq and your server should once again work fine. Dear Alex: Yes, there is. Novell Education maintains a forum at news://edugen-forums.novell.com/novell.educa- tion.gen.cert for questions regarding how
www.novell.com/appnotes 102 net support to become certified on Novell products. There is also a Dear Peter: Depending on the time period since the less user-friendly HTTP front-end for the forum at deletion (shorter the better), try the following steps: http://edugen-forums.novell.com. 1. Copy the USERxxx.DB to a safe directory.
Disabling SNMP on a NetWare Server 2. Import a user with the same FID (File ID) as the ex-employee using the GWImport utility or a Dear Ab-end: How do I disable SNMP on my Net- similar utility. Ware server? 3. Copy back the USERxxx.DB to the OFUser —Cid “Mr. Server” from Sydney directory. Dear Cid: The module SNMP.NLM is referenced by 4. Log into GroupWise and check the e-mails. various other protocol NLMs and you can’t unload it to completely disable SNMP. However, you can deny SNMP access by loading INETCFG.NLM and New Employee to Access Old Employee’s selecting: Manage Configuration > Configure SNMP Parameters. E-mail Correspondence Dear Ab-end: An employee has left the company and Now for both the “Monitor” and “Control” options, the replacement should have access to the old select the option “No Community my Read/Write.” employee’s e-mail correspondence. What are my Note that this will only be active after your next server options? reboot. To also activate the new SNMP settings without reboot, execute the following console —Taking Over in Three Forks command: Dear Taking: There are a couple possibilities that you SNMP MONITORCOMMUNITY can do, depending on the functionality you need: CONTROLCOMMUNITY 1. Setup the new person as a proxy user in the old employee’s email. 2. Rename the email account to the new employee Saving Changes on a Branch Office Server and associate it with their NDS account. Dear Ab-end: I unlocked the console on my Branch The first option gives the new employee the ability to Office (BO) server and made some changes. But after I read the emails and limits the deletion/editing capabili- restarted the server, all my changes are gone. What ties of the stored emails. The second option gives the happened? new employee a full copy of the person’s email, —Barney Orbbie —“Mr. BO Too” calendar, and frequent contacts/address book.
Dear Barney: Be aware that when the Branch Office server boots, it overwrites some configuration files with “clean” files to make sure that no corruption has Making Changes to a ZfD Imaging BootCD taken place. This means that some of the changes you Dear Ab-end: Why does my ZENworks for Desktops make while the box is unlocked have the potential of Imaging BootCD not work after I use WINIso to make being overwritten and returned to their “default” state changes to it? when you reboot the box. —Charlie Change in Chesapeake More information is available in this document: http://www.novell.com/documenta- Dear Charlie: You have to use the Save tion/lg/nbo/index.html?page=/documenta- option—using the Save As option will corrupt the tion/lg/nbo/adminguide/data/agtb6u0.html image.
Recreating a New SMDR Configuration Restoring an Ex-Employee’s E-mails Sections Dear Ab-end: I need to check the e-mails of an Dear Ab-end: After installing TSA5UP12.EXE, the ex-employee whose ID has been recently deleted. Do I command “SMDR NEW” produces the following need to restore the entire post office to a test server to error: do this? The specified context is invalid —Peter Perfect in Pirna ERROR:Invalid user context
August 2003 103 net support
Could not obtain configuration information/create Speeding Up NetStorage File Loading configuration file Dear Ab-end: I am having difficulty uploading large How can I recreate a new SMDR configuration? files through the NetStorage HTML interface on a Net- Ware 6 server. The problem is that it’s too darn slow. —Recreating in Raleigh What can I do to speed things up? Dear Raleigh: The “SMDR NEW” command is no —Slow Sandy in Santa Ana longer supported without additional parameters. All options now have to be included at the command line. Dear Sandy: Greg Leong has provided a solution that Use one of the following two possibilities: will help you with this: Turn off TCP Delayed Acknowledgements. Here’s how you do this: smdr new ndsDisable [slpDisable] [sapDisable] [hostsDisable] • Launch NetWare Remote Manager (http://dns_or_ip_address:8008). or • Log in as Admin or equivalent user. smdr new GroupContext SMDRContext UserName • Click the Configure button. Password [slpDisable] [sapDisable] [hostsDisable] • Change View Hidden Set Parameters to Yes. • Select “Set Parameters” in the left pane. • Select the “Communications” link. Novell Forge • Scroll down until you see the “TCP Delayed Dear Ab-end: I have heard a lot about Novell embrac- Acknowledgment” option. The default is On; you ing Linux, its philosophies and the open source move- should set the value to Off. ment. I have also heard the discussion of something called “Forge.” Would you mind filling me in about That should do it—good luck! “Forge” and how my company and I can become a part of this movement? —Forging in the New World of Furneaux Getting a NetWare Server to Go Down Dear Forging: Novell introduced Forge at BrainShare Dear Ab-end: I am having some NetWare server prob- Salt Lake City, April 2003. Needless to say, it was lems. I type DOWN at the server prompt, but the server received with great enthusiasm. There are several seems to hang. What do I do now? I am tempted to turn websites for information about Forge, but let me the power off to the server. but I have heard that I suggest: http://forge.novell.com/modules/news, which could lose a lot of data doing that. Help! takes you straight to the Forge news page. —Downing a Server in Scarlettsville In order to create a new project, you will need to create Dear Downing: Yes, I agree with you that it’s not a a Forge account for yourself. However, you can good idea to intentionally cut the power to a NetWare browse existing projects now. For example, you can server. I can suggest a few options to you for downing look at and download the Novell UDDI Server, which the server in a more graceful manner. is a featured project in Forge. • Try holding the Ctrl+Alt+Shift+Esc keys all at the FYI, here is a quick blurb about Forge. Novell Forge is same time. After this key combination is pressed, a place where developers can form communities to NetWare allows you to select the option to bring share ideas, experiences, news, documentation, tips, down the server. source code and configuration files about their indi- vidual projects within a secure environment. To get • The other option—and I can’t guarantee that you started, open an account and add your project to Forge. won’t lose data—is to enter the NetWare internal debugger by pressing Shift+Shift+Alt+Esc and then typing Q for quit and Y to confirm your return to DOS. Sections
www.novell.com/appnotes 104 net support
1. Identify a list of words that are offensive to you that you want to stop “seeing” in e-mail. Be careful not to include words that may prevent you from getting e-mail that you want to receive; start out with blatantly offensive stuff. If you can keep the list down to the twelve most common offensive words that you’ve received, it will simplify things (as you will see below). Top-rated Cool Solution 2. With GroupWise open, click on Tools > Rules. Articles and Tips 3. Click on New. 4. Title the Rule “Offensive Email Filter,” or whatever you wish. Novell Cool Solutions is an online community dedi- 5. Click on Define Conditions. Change the first cated to helping Novell customers get the most out of drop-down box to read “Subject.” In the second their products. Since it is a community, reader contri- field, enter the first word from your list. Change butions and feedback are an important element in the the button that says “End,” to “Or,” and you will weekly issues, and there are a variety of metrics by see that it creates a new row for a new condition. which we can judge the effectiveness of specific arti- Repeat these steps until you’ve got a new line for cles. each word. Create another condition line, but By special permission of Novell Cool Solutions, here change the first box to “Message,” rather than are two of the most popular articles (based on articles “Subject,” and repeat this section for each word in printed via Printer Friendly) that appeared in Cool your list. Leave the last button of the last line as Solutions in June 2003. You can read these and other “End.” Click OK. articles on many Novell products and solutions at Note: There seems to be a limit of 24 conditions per http://www.novell.com/coolsolutions. rule. Therefore, if your list of words is greater than twelve (twelve for Subject plus the same twelve for Message), it will require a separate rule. Rules are pro- cessed sequentially. Rule for Filtering Offensive 6. Click on the drop-down for Add Action, click GroupWise Spam Empty, and click OK. 7. Test your rule by sending yourself something Mike Schmid contains one of your words. You can use http://www.novell.com/coolsolutions/gw non-offensive test words if you want (example: mag/features/tips/t_tip_filter_offensive_ “offensiveword1,” “offensiveword2,” and so on), spam_rule_gw.html to avoid sending offensive words through your employer’s e-mail system. If your rule worked, Problem: As the frequency and volume of “spam” you should not receive it. e-mail increase, the occurrence of randomly mailed offensive spam also increases. Many of these e-mails contain offensive words in the sender’s e-mail address, the subject line, or the body of the e-mail message. Running NetWare 6 Under Furthermore, because the senders’ e-mail addresses VMware Workstation for vary wildly, filtering by sender requires constant rule modification for each new address. Windows Solution: By creating a rule that detects and discards Roger Foss e-mail based on offensive words showing up either in http://www.novell.com/coolsolutions/net the sender’s e-mail address, the subject line, or the ware/features/a_vmware_nw.html message body, the offensive e-mail no longer has to be Sections viewed, and the rule requires less maintenance. Here’s the official definition of VMware (lifted straight from the Web site http://www.vmware.com/. “VMware Workstation enables multiple operating systems to run on physical computers in secure, trans-
August 2003 105 net support
portable, and high-performance virtual machines. As a svga.8bitonly=“true” result, technical professionals spend more time being This will ensure that VMware doesn’t complain productive and less time configuring hardware, about running in an 8-bit video mode. installing software, rebooting, or reconfiguring systems.” • Save the file The following describes the special steps that Roger 4. Change the display mode of the HOST OS: documented and that you need to follow in order to • You need to change your host OS color depth to install NetWare 6 as a guest OS under VMware Work- 256 colors (8-bit) during the install of NetWare. station 3.0. Once you’re done installing it, however, you can go back to using gazillion colors. 1. What you need: 5. Install NetWare 6: • A host PC running Windows NT 4, Windows 2000 or Windows XP • Start VMware and the new Virtual Machine. • 384MB RAM or more • Start the NetWare 6 installation as usual, either from a NW6 CD or from an ISO image if you • VMware Workstation 3.0.0, build 1455 (release have one. code) An evaluation version can be downloaded from • As soon as possible after the install begins, insert http://www.vmware.com/download/workstation.ht a floppy with the NW5-IDLE.NLM, ALT-ESC ml switch to the console, and type: • You’ll also need to register for an evaluation LOAD A:\NW5-IDLE.NLM license. • When NetWare tries to load the LAN driver (use • A floppy with NW5-IDLE.NLM handy. You can PCNTNW.LAN), it will fail because it broadcasts download this from for its own IP address (doing an ARP?) and then http://www.vmware.com/software/Nw5-idle.nlm. hears its own packets. This causes IP networking to fail. 2. Create a new Virtual Machine as follows: You can get around this by ALT-ESC switching to • In the New VM Wizard, choose Custom. the System Console and entering: • Choose Other as the Guest operating system. SET ALLOW IP ADDRESS DUPLICATES=ON • Enter a name for the VM (i.e., ‘NW6’) and a Alternatively, you can LOAD MONITOR !h, go folder to place the virtual disk file. into Server Parameters, Communications, and find • Specify at least 192 MB of memory for VM. the above parameter and set it to ON. • Choose a network connection type (I used NAT, Now, ALT-ESC switch back to the GUI install others may work as well). screen and retry loading the LAN drivers. • Create a virtual disk of an appropriate size 6. Install the NetWare CPU Idle NLM (usually the default 4 GB). • Copy NW5-IDLE.NLM to SYS:SYSTEM and to • Optional: Use the Configuration Editor and C:\NWSERVER in your Guest OS. remove the USB Controller. • Load it from AUTOEXEC.NCF as early as • Optional: Specify an ISO image of NW6 for the possible. CD-ROM drive, if you have it. This will speed the 7. Once installed, you can switch your HOST OS installation of the OS. color depth back to what it was. • Exit VMWare. 3. Edit the VMWare configuration file: Things to Be Aware Of • Load the config file (c:\VMs\NW6\NW6.vmx) If you run in full screen mode and NetWare switches to into an editor. graphical mode, you sometimes get the Windows
Sections • Find the guestOS=“other” line and change the taskbar at the bottom. This seems to be a problem with value to “netware6”. This will allow the PAE Windows. mode of NetWare 6 to be accepted by VMware. • Add a new line beneath the guestOS line as follows:
www.novell.com/appnotes 106 story. thiswas agreat addition Novell tothe development portal interactive dynamic, integrate that applications Software, enablesITorgani suite, exteNd Novell The developers Novell exteNdfor ability to secureapplic those thebusinesses, more importanttotoday’s more and As building and deploying and NsureSolutions exteNd Novell using Services Web Directory-enabled Secure, forDelivering Strategy Novell’s accessible yet secureapplicaccessible software developeryouneed its Novell exteNd and Nsure solutionfamilies. Novell exteNd and its building advanced strategy for JavaOne Developer Conferen J2EE- andWeb services-based solutionssecuring forbuildingandand the besttools strengths ofbothtoprovide Novell offerings.This in (now brandedexteNd)traditional products withthe donetheyear workhasbeentointegrateSilverStream ering standards-basedweba Software, then a recognized marketing leader in deliv- A littleover ayear agoN leverage theseexistingsolutions. expect newapp more likely unlikely toabandon whattheyhavethatworksand will are businesses success, to critical so savings cost With solutions withexistinginfrastructure andapplications. today’s enterprise revolve highly importantas providing thissecurity ment based on industry stan create proprietary solutions pect of software development in of software development pect to yoursolutions.Another tegration highlightsthe ovell acquired SilverStream ovell acquired acquired withSilverStream s around integrating new s around existing system Web applicationsbecome . Secure identity manage- solutions.developers, For ations without lications to integrate and developers and customers developers zations torapidly build dards is the foundation for the foundation dards is pplications. Over the past pplications. Overthe ations becomes ways toprovide highly ce Novell announced its ce Novellannounced Webapplications with applications.AtSun’s s anddeliver having to vital. Asa industry-leading platforms. enterpriseon solutions ofthe toolsneed have all of thisAll means that as bench. Work- exteNd projects)exteNd usingthe Director deployed aspart of, larger easily integratedwith,and be environment, orcan be deployed Composer can JMS, and other datasources. Messaging HTML streams, EDI, JDBC, flat streams, include connectivitywith capabil Composer’s core Enterprise Using WSDL. 100% web-technology-aware in J2EE executionenvironment. services-oriented integrati testing, anddeployingrobustXML-based, of asetrapid-devel integration broker. fied XML Novell be licensed separately by ISVs. each madeof J2EE modules ture consistsofaset self-service portals. Directo wirele ment, userprofiling, includewo personalization, easier todevelop standard tion, deployable tomultiple Novell dards-based applications. and deploying cross-platform you withthefoundation mostcomplete forbuilding comprehensive support forWe able, andreliableJ2EE-compatible with server Novell exteNd integration. for industry-leading XML presentation capabi provides tightintegrationwith the NovellexteNdplatform,Workbenchpart of the leadingJ2EE-compatible application servers. As freedom andflexibilitywith one integrated environm and descriptors us ment plans and createJ2EEdeploy-using ourpowerful wizards cations. Asadeveloper,yo ment and deployment of We ronment builtto simplify a Novell exteNd Composer exteNd Director exteNd Workbench Application Server Application lities andwithexteNd Composer opment toolsforbuilding, NetWare andwell as other loosely coupled subsystems, ent. Workbenchprovides is a true 100% J2EE applica- ities can beextended to a Java/J2EE developer, you ed todevelop and deploy files, CICS transactions,files, CICS Connect functionality, on applications, andarobust 3270, 5250 andTelnet data s-based applications that applications (including nd acceleratethe develop- u can createu aWeb Service (Composer) is a J2EE certi- (Composer)is aJ2EE ss delivery, security,and rkflow, content manage- r’s configurable architec- r’s configurable directly from the design directly from enabled application via one-button deploymentto is acomprehensive envi- J2EE servers. It makes it Itmakes J2EE servers. b Services a , that can stand alone, thatcan and Applicationscreatedin Composer is comprised Composeris , high-performance, stan- These applications are are applications These ing visual editors, allin ing visual exteNd Director forrich b Services.Itprovides areas like SOAP and areas likeSOAP isaproven, scal- nd J2EEappli- August 2003 August 107
Sections codebreak
Novell Nsure for Developers http://www.novell.com/news/press/archive/2003/06/pr Novell Nsure helps businesses get the right resources 03038.html. to the right people - anytime, anywhere by simplifying the management of user identities and securing access to enterprise applications. As part of the Nsure strategy, Secure Identity Management solves a key Novell XForms Technology business problem CIOs of organizations today face: Preview How do I cost-effectively deliver real-time, role-based resources to my distributed workforce, partners and Novell’s XForms Technology Preview is designed to customers from any location - wired or wireless - yet provide developers with a hands-on introduction to the keep my systems safe? Developing solutions with XForms standard. XForms 1.0 is a Candidate Recom- Novell’s Secure Identity Management products mendation from the W3C. This new technology provides you flexibility and gives you the agility reduces the complexity of developing Web pages and needed to keep pace with tomorrow’s dynamic, forms that interact with Web Services and display service-oriented system environment. information to any Web-enabled device. Novell exteNd (formerly SilverStream Software) is well Novell eDirectory provides new business growth by known for its participation in the development of new building and maintaining secure and highly customized standards and has been a leader in the rapid develop- e-business relationships while leveraging your current ment space with its award winning Page Designer. technology investments. XForms is a way to bring developer productivity to DirXML is a bi-directional data sharing service that standards-based applications that will run on the leverages Novell eDirectory to distribute new and leading J2EE Application Servers. Novell’s XForms updated information across directories, databases and Technology Preview is only the beginning of things to critical applications on the network and across fire- come from Novell. Keep your eye on this site for more walls to partner systems. in the coming months. Directory Services Markup Language for eDirec- XForms 1.0 is now a Candidate Recommendation from tory (SOAP), or DSML, an OASIS specification, the W3C and a direct descendant of HTML Forms that enables developers to express LDAP functions and we know today. XForms improve on HTML Forms by retrieve data in XML. Common DSML operations separating data, logic, and presentation into three include searching for specific directory objects and distinct areas. This clean separation makes it easier for returning selected attribute values. developers to customize the interface for users and devices, without rewriting the form or its associated iChain provides identity-based web security services logic. XForms also includes a powerful event model that control access to application and network that allows the user to easily bind a form control to a resources across technical and organizational bound- piece of client-side logic without extensive scripting. aries, as one Net. For more information on XForms, please see XForms Nsure UDDI Server provides visibility of Web Resources below. Services for enterprise developers and contains Web Developer Benefits of XForms: Service description metadata published by departments or groups within the organization. • XML-based, strongly typed submission for increased data integrity When combined, Novell exteNd and Nsure solutions deliver the industry’s most comprehensive • Reusable schemas improves developer services-oriented architecture for developers to productivity and time to market leverage to build the solutions needed today. • XML 1.0 standard provides ease of internationalization You can read the JavaOne press release regarding the Novell exteNd and Nsure product strategy at: • Abstract controls reduces complexity of development for multiple devices Sections
www.novell.com/appnotes 108 codebreak
If you do any development that requires HTML forms, then XForms is a technology you will want to investi- gate. As the successor to HTML forms, XForms along with XHTML will help avoid the limitations of HTML and HTML forms when used for e-commerce applica- tions. XForms improves presentation, data handling and transport and because it is based on XML, it can be easily integrated with many new and powerful web technologies. Q. I recently installed MySQL on NetWare and have a few questions. Since I am new to using MySQL, For much more information on Novell’s XForms Tech- please bearwith my questions. Should I create separate nology Preview, go to http://devel- SQL server instances with different ports for each oper.novell.com/tech/xforms.html. There you will find users(s) DB or will one instance of the DB do for most white papers, downloads of the preview for multiple light DB applications? platforms, and additional resource links. Are there applications available that can be used to create or test DB's on my mySQL server. Most that I have run into have the abilty to connect to most every NDK CD-ROM Images Now other DB but MySQL. Available I have read many pages of documentation and am still In a continuing effort to improve developer’s access to a little unclear as to how to create users for all of the resources available as part of the Novell authentication to the MySQL server for our end users. Developer Kit (NDK), the ISO images of the complete Of course root user is intact but not something I’m NDK are now available to be downloaded. With these willing to just have everyone use. downloads, a CD-ROM burner, the appropriate soft- ware and blank CD-ROMs, a developer can now build Am I to assume that most applications that utilize a MS a complete set of the NDK CDs. This allows you to SQL db can also utilize the MySQL with a little take advantage of the easy to use interface available on massaging or some type of conversion utility? the NDK. I noticed that on the MySQL status screen that the IP You may download the latest NDK CDs at: Address reads 0.0.0.0 and could find nowhere to http://developer.novell.com/ndk/downloadiso.htm specify. By default I assume that the instance of MySQL that I start uses the IP addess bound to the server NIC. If this is the case then the only thing I need to have users connect to is the servers IP address and port 3306 (or whatever port). Is this a correct assumption?
Can I use secondary addressing and bind the seconday IP address to the instance and port of MySQL running on my server(s)?
A. A single server instance of MySQL is usually sufficient. You can create a number of users, each with rights to specific databases. Multiple instances are useful when you want root users in each instance that don’t have access to each others data, which gives complete isolation. Sections There are a number MySQL client tools, both free and pay tools. I have used phpMyAdmin (http://phpmyadmin.net) and MyCC (http://www.mysql.com/downloads/mysqlcc.html). You can also try http://www.mysql.com/portal/partners/software/index.
August 2003 109 codebreak
html, Q. I am installing MySQL on my Novell NetWare 6 http://www.mysql.com/portal/software/index.html, or box with SP3 installed. Can anyone please tell me if it do a search for MSQL client tools on Google. The is possible to insert data in the database using C and above tools will help you create users. how to do this if it is possible? http://www.mysql.com/doc/en/Adding_users.html (Adding New Users to MySQL) is also very helpful. A. I have attached a sample here. It’s mytest.c, The partners and software links above also contain which comes with the MySQL sources. I modified it conversion tools from many different databases just a bit for NetWare, and created a Makefile which (including MS SQL) to MySQL. Applications that use you can use with GNU make and CodeWarrior ANSI SQL can be moved to MySQL quite easily. commandline tools. However I’ve not tested if the MySQL will not support stored procedure until version NLM works correctly, but it compiles without errors. It 5.0, and so you might run into some problems in that needs the libmysql.nlm which also comes with the area. MySQL distribution.
‘0.0.0.0’ is special ip address that maps to the primary ip address on the current machine. This is a default for most applications on NetWare. You can change this value to the actual primary ip address (or a secondary ip address) with the “bind-address” parameter.
#ifdef WIN32 #include
#include
#define DEFALT_SQL_STMT"SELECT * FROM db" #ifndef offsetof #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
#endif
/******************************************************** ** main :- ** ********************************************************/
int main( int argc, char * argv[] ) {
char szSQL[ 200 ], aszFlds[ 25 ][ 25 ], szDB[ 50 ] ; int i, j, k, l, x ; const char * pszT ; MYSQL * myData ; MYSQL_RES * res ;
Sections MYSQL_FIELD* fd ; MYSQL_ROW row ;
//....just curious.... printf( "sizeof( MYSQL ) == %d\n", sizeof( MYSQL ) ) ; if ( argc == 2 ) { strcpy( szDB, argv[ 1 ] ) ;
www.novell.com/appnotes 110 codebreak
strcpy( szSQL, DEFALT_SQL_STMT ) ; if (!strcmp(szDB,"--debug")) { strcpy( szDB, "mysql" ) ; printf("Some mysql struct information (size and offset):\n"); printf("net:\t%3d %3d\n",sizeof(myData->net),offsetof(MYSQL,net)); printf("host:\t%3d %3d\n",sizeof(myData->host),offsetof(MYSQL,host)); printf("port:\t%3d %3d\n",sizeof(myData->port),offsetof(MYSQL,port)); printf("protocol_version:\t%3d %3d\n",sizeof(myData->protocol_version), offsetof(MYSQL,protocol_version)); printf("thread_id:\t%3d %3d\n",sizeof(myData->thread_id), offsetof(MYSQL,thread_id)); printf("affected_rows:\t%3d %3d\n",sizeof(myData->affected_rows), offsetof(MYSQL,affected_rows)); printf("packet_length:\t%3d %3d\n",sizeof(myData->packet_length), offsetof(MYSQL,packet_length)); printf("status:\t%3d %3d\n",sizeof(myData->status), offsetof(MYSQL,status)); printf("fields:\t%3d %3d\n",sizeof(myData->fields), offsetof(MYSQL,fields)); printf("field_alloc:\t%3d %3d\n",sizeof(myData->field_alloc), offsetof(MYSQL,field_alloc)); printf("free_me:\t%3d %3d\n",sizeof(myData->free_me), offsetof(MYSQL,free_me)); printf("options:\t%3d %3d\n",sizeof(myData->options), offsetof(MYSQL,options)); puts(""); } } else if ( argc > 2 ) { strcpy( szDB, argv[ 1 ] ) ; strcpy( szSQL, argv[ 2 ] ) ; } else { strcpy( szDB, "mysql" ) ; strcpy( szSQL, DEFALT_SQL_STMT ) ; } //.... if ( (myData = mysql_init((MYSQL*) 0)) && mysql_real_connect( myData, NULL, NULL, NULL, NULL, MYSQL_PORT, NULL, 0 ) ) { if ( mysql_select_db( myData, szDB ) < 0 ) { printf( "Can't select the %s database !\n", szDB ) ; mysql_close( myData ) ; return 2 ; } } else { printf( "Can't connect to the mysql server on port %d !\n", MYSQL_PORT ) ; mysql_close( myData ) ; return 1 ; }
//.... Sections if ( ! mysql_query( myData, szSQL ) ) { res = mysql_store_result( myData ) ; i = (int) mysql_num_rows( res ) ; l = 1 ; printf( "Query: %s\nNumber of records found: %ld\n", szSQL, i ) ; //....we can get the field-specific characteristics here.... for ( x = 0 ; fd = mysql_fetch_field( res ) ; x++ )
August 2003 111 codebreak
strcpy( aszFlds[ x ], fd->name ) ; //.... while ( row = mysql_fetch_row( res ) ) { j = mysql_num_fields( res ) ; printf( "Record #%ld:-\n", l++ ) ; for ( k = 0 ; k < j ; k++ ) printf( " Fld #%d (%s): %s\n", k + 1, aszFlds[ k ], (((row[k]==NULL)||(!strlen(row[k])))?"NULL":row[k])) ; puts( "======\n" ) ; } mysql_free_result( res ) ; } else printf( "Couldn't execute %s on the server !\n", szSQL ) ; //.... puts( "==== Diagnostic info ====" ) ; pszT = mysql_get_client_info() ; printf( "Client info: %s\n", pszT ) ; //.... pszT = mysql_get_host_info( myData ) ; printf( "Host info: %s\n", pszT ) ; //.... pszT = mysql_get_server_info( myData ) ; printf( "Server info: %s\n", pszT ) ; //.... res = mysql_list_processes( myData ) ; l = 1 ; if (res) { for ( x = 0 ; fd = mysql_fetch_field( res ) ; x++ ) strcpy( aszFlds[ x ], fd->name ) ; while ( row = mysql_fetch_row( res ) ) { j = mysql_num_fields( res ) ; printf( "Process #%ld:-\n", l++ ) ; for ( k = 0 ; k < j ; k++ ) printf( " Fld #%d (%s): %s\n", k + 1, aszFlds[ k ], (((row[k]==NULL)||(!strlen(row[k])))?"NULL":row[k])) ; puts( "======\n" ) ; } } else { printf("Got error %s when retreiving processlist\n",mysql_error(myData)); } //.... res = mysql_list_tables( myData, "%" ) ; l = 1 ; for ( x = 0 ; fd = mysql_fetch_field( res ) ; x++ ) strcpy( aszFlds[ x ], fd->name ) ; while ( row = mysql_fetch_row( res ) ) { j = mysql_num_fields( res ) ; printf( "Table #%ld:-\n", l++ ) ; for ( k = 0 ; k < j ; k++ ) printf( " Fld #%d (%s): %s\n", k + 1, aszFlds[ k ], (((row[k]==NULL)||(!strlen(row[k])))?"NULL":row[k])) ; puts( "======\n" ) ; } //.... Sections pszT = mysql_stat( myData ) ; puts( pszT ) ; //.... mysql_close( myData ) ; return 0 ;
}
www.novell.com/appnotes 112 codebreak
Q. I’m having a problem accessing the GroupWise A. Here is VB code to find the local name of the Address Books. Can anyone show me an example of name field in the Novell Address book. accessing them?
Set objApp = CreateObject("NovellGroupWareSession") Set objRootAccount = objApp.Login("", "") Set objAddressBooks = objRootAccount.AddressBooks If objAddressBooks.Count Then For Each objAddressBook In objAddressBooks GoTo NovellABFound 'The Novell Address book is always thefirst Next End If NovellABFound: Set objAddressBookEntries = objAddressBook.AddressBookEntries 'Finding the name of the name field (different in different languages) If objAddressBookEntries.Count Then For Each objAddressBookEntry In objAddressBookEntries Set objABEFields = objAddressBookEntry.Fields If objABEFields.Count Then y = objABEFields.Count For i = 1 To y 'MsgBox objABEFields.Item(i).Name + "*" + objABEFields.Item(i).Value + _ ' "*" + str(objABEFields.Item(i).FieldID) If objABEFields.Item(i).FieldID = "805371934" Then
strFieldNameName = objABEFields.Item(i).Name GoTo EndLoop End If Next End If Next EndLoop: End If
If you want to make DLL calls directly (you are writing your own control), theres a VB WhoAmI Q. I would like to know how to get the username sample at from an eDirectory user in order to show it on an ASP http://developer.novell.com/support/sample/tids/vbwh page for our Intranet site. The standard ways like oami/vbwhoami.htm Request.ServerVariables("LOGON_USER")or Request.ServerVariables("REMOTE_USER") is just getting blanks. Q. I am trying to authenticate and create a user A. If you want to use the Novell ActiveX control using the NJCL clientless Java API. So far I have there’s a sample whoami at managed to create a session manager through the RMI http://developer.novell.com/support/sample/tids/aspact server and perform lookups with no problem because x/aspactx.htm this is public. However, in order to create a user, I need to authenticate as an admin and then create the You can only use this from a client side ASP since a user. serverside ASP doesn’t have access to client state information as it runs from the service space. I have found many examples on how to create a user, however none of them are for use with the clientless Sections NJCL API using RMI. Does anyone have any code examples that could point me in the rightdirection?
August 2003 113 codebreak
A. The API to create a user doesn’t vary between client and clientless connections. The only difference is how you do your inital authentication.
Q. Does anyone have any code to retrieve the IPX/SPX network address of a workstation object? I can get as far as retrieving an enumeration of the BrainShare Europe 2003: Fill “Network Address” attributes of the object, but I can’t work out how to get any values. Please help. Your Head with Real-World Leverage A. Making sense of what’s returned from a network address is a pain. The network address attribute can be Web services, Portals, XML and Enterprise Applica- cast off to a NdsNetAddress object. Use the tion Integration on your mind? Life for today’s devel- getAddress() method of this class to retrieve an array oper is basically the same in any language, right? of unsigned bytes that contains the address. You then Developers bring networking to life, and at BrainShare have take this array and convert each unsigned byte in Barcelona, Spain, from September 7-11, there will into a useful int value like this: be more deep content and code to help you deliver one Net solutions with Novell than ever before. int addressSegment = b[i] & 0xff; Visit the BrainShare site at I have attached a method I use to do this for “Network http://www.novell.com/brainshare/europe to check out Address” attributes. This method works for User over 100 sessions in the online BrainShare session objects and is useful in determining if a user is logged catalog and preview all developer-related sessions to in. For workstation objects, I think you only need to be presented. You can also filter on the “exteNd change the attribute that is retrieved to “WM:Network Track” to view 18 sessions that focus on Novell Address”. It works for IP, UDP, TCP, and IPX exteNd. New sessions are being added regularly. If you addresses. It just returns a vector of strings like “IP: don’t see a subject you would like to have covered by 192.168.53.53”. If the vector size is 0, no addresses Novell at BrainShare Europe, don’t hesitate to let us were found. know! What will happen between BrainShare Europe 2003 sessions to keep you entertained and fed? How about soft couches, a big screen TV with movies, and treats? Visit the Developer Den for everything you need to refresh your batteries, relax and catch your breath between sessions. Look what DeveloperNet has in store for you: • Take the Novell Robotics Challenge and compete against other developers to win awesome prizes, including a notebook computer, Lego Mindstorms Kits and other cool prizes. • Learn more about Novell Forge – Novell’s new collaborative open source development site at http://forge.novell.com. • Pick up free issues of Novell AppNotes and Novell Developer Kit CDs (while supplies last). • Find out about including a 250,000-user version
Sections of Novell eDirectory with your commercial software or hardware solution for free. • Take 20% off a DeveloperNet Professional-level membership, now available with your choice of a 5-user or 100-user version of the Novell Software
www.novell.com/appnotes 114 codebreak
Evaluation and Development Library (NSEDL), The initial version of Novell Nterprise Linux Services only at BrainShare Europe 2003. is comprised of a number of existing Novell network BrainShare registration is integrated with Novell Login services integrated into a single business solution. this year, giving you one convenient username and These include identity services via Novell eDirectory password to get into BrainShare and access secure and DirXML, file services via Novell iFolder, printing areas on http://www.novell.com. Be sure to keep a services via iPrint, messaging services via NetMail, record of your username and password. You will need management services via ZENworks for Servers, and a them when you come back for session registration, Virtual Office for end-user access and productivity via which opens August 7, and to pick up your BrainShare exteNd Director Standard Edition. In addition, Novell ID badge when the conference opens on September 7. iManager provides a browser-based, single point of administration for Nterprise Linux Services. Regardless of language or platform, you need leverage as a developer and Novell will be providing it to Brain- Novell Nterprise Linux Services brings network Share attendees in Barcelona, Spain in September. So owners closer to the Novell promise of one Net, register for BrainShare Europe today! For more infor- enabling networked organizations to extend their open mation about BrainShare Europe 2003, visit source platform with the comprehensive set of secure http://www.novell.com/brainshare/europe. network services needed to enable and manage the constant interaction of people with business systems. Novell is the first major software vendor to deliver a comprehensive set of Linux System Base-compliant network services that run on top Linux platforms, Novell Nterprise Linux including Red Hat Enterprise Linux and SuSE Linux. Services: Way Beyond Cool In addition, Dell, HP and IBM will offer Novell’s Linux solutions to their customers, working with IDC Research is predicting massive growth in the Novell to provide full training and support. Linux server market and wider use of Linux on desk- tops over the next four years. IDC expects Linux to Enterprise Enabling Services ship on over 162,000 servers in Western Europe in 2003, a market already worth $621 million. By 2007 Novell Nterprise Linux Services is a key component of this figure is expected to triple, when Linux will be the Novell promise to deliver a networking environ- running on half a million servers. The increasing enter- ment without information boundaries. Developers and prise adoption of open source software and Linux in customers can take advantage of the open source bene- particular is clearly no longer confined to a few thou- fits of Linux through a powerful set of enterprise sand isolated IT geeks using the latest and greatest services previously only available on NetWare, technologies. It’s broad scale growth that is being including: derived from solving real business problems, including • Personal File Management that lets your users’ those involving critical issues of network security, critical business data securely follow them, no identity management, messaging, and the ability to matter where they go or what machine they reduce IT spending. For development and consulting happen to be using. businesses, it’s an opportunity to grow bottom-line • Directory Services that strengthen enterprise revenues by targeting customer business pain with security and decrease management costs of solutions built on Linux services from Novell! cross-platform business systems. Along with Novell’s commitment to providing open, • Print Services that let users easily print from any cross-platform networking solutions for a variety of location and reduce help desk calls. markets and vertical industries, Novell’s open source and open standards activities are a key part of its one • Internet Messaging and Calendaring that promote Net vision of a world without information boundaries. productive collaboration and easily scale to match Novell Nterprise Linux Services brings together your organization’s growth. Novell’s proven file, print, messaging, directory and • System Management for simplifying and reducing management services in an integrated package that will the costs of managing your business system be supported on the Red Hat Enterprise Linux and platforms. Sections SuSE Linux Enterprise Server distributions. Available later this year along with comprehensive Novell tech- • Web Experience providing integrated access to nical support, training and consulting services for customers, employees and partners, anytime, Linux, Nterprise Linux Services combines the benefits anywhere. of Linux with proven, rock-solid support and network For more information about Novell Nterprise Linux services from Novell. Services, visit http://www.novell.com/linux
August 2003 115 codebreak
For a developer-centric view of Novell Nterprise Linux • Automatically trigger notifications in real-time Services, visit http://developer.novell.com/linux. based on pre-specified event filtering conditions via a variety of notification methods • Permit users to view event occurrences in a Check Out Novell Nsure Audit real-time, dynamic and graphical display • Allow users to leverage logged data with More than ever, organizations need to extend their prewritten and custom reports and queries business system resources to employees, customers Novell Nsure Audit extends the Novell eDirectory and business partners—without jeopardizing the confi- schema and includes Novell iManager 2.0 plug-ins for dentiality, integrity or availability of these resources. administration and management. The administrator can This requires a comprehensive and effective secure configure and manage Novell Nsure Audit compo- identity management (SIM) system. A key component nents—including Logging Applications—using Novell of SIM is an auditing system that automatically gathers iManager or, in environments where Novell eDirectory and logs events across the enterprise network, and is not present, using Novell WebAdmin. permits the organization to leverage the event data in a variety of ways. Novell Nsure Audit includes many innovative features that distinguish it from other event logging systems, Novell Nsure Audit is a comprehensive secure logging including data integrity and security, notifications, and auditing solution. It tracks, records and reports on real-time monitoring, reporting and analysis, data all network events across a heterogeneous enterprise archiving, localized logs and support for legal activi- network, scrutinizing events on all instrumented appli- ties. Novell Nsure Audit answers customers’ requests cations including Novell and eventually third-party for an auditing capability that enables them to perform applications. Novell Nsure Audit captures not only a number functions essential to their SIM implementa- warnings and errors but also positive events such as tions, including: successful logins and successful file writes. It also tracks when events do not occur within specified time • Gather all security-related events across the periods (heartbeat events). In addition, Novell engi- network and record them in a single, neers have optimized Novell Nsure Audit to enable tamper-evident data store applications to log a very high volume of events • Analyze event data to determine compliance with without significantly slowing performance. corporate policies and government regulations The intersection of auditing technology and identity • Watch for specific occurrences and generate alerts management is now more apparent than ever. automatically when these occurrences are detected According to Burton Group analyst Gerry Gebel, • View system activity in real time “Consolidated auditing and reporting across all infra- structure components, including network, application With these capabilities, organizations can meet the and identity management, is becoming increasingly challenge of extending their business resources to addi- important for enterprises. The ability to monitor, track tional users both inside and outside their organizations, and evaluate how access rights are being used is a and do it in a secure manner that maintains or enhances necessity to meet government regulations and their ability to meet government regulations. Novell mandates for proper corporate oversight.” Nsure Audit also allows organizations to quickly and easily identify suspicious activity and creates a Novell Nsure Audit records all event data into a single non-repudiative audit trail that can be used to forensi- data store using a common data structure, and includes cally reconstruct the sequence of events after an illegal tools for leveraging the logged data. It also provides or unauthorized event occurs; and it does so in a way real-time event information for notification and moni- that the collected data will be admissible in legal toring. This rich functionality enables Novell Nsure proceedings. Audit to provide a number of capabilities, including: In addition, Novell Nsure Audit positions organiza- • Securely log events to a central data store from tions to fully exploit the exciting possibilities of Web Novell applications, datastores and operating services. Without the capabilities of a scalable auditing Sections systems, and potentially any third-party system such as Novell Nsure Audit, it would be application, datastore and operating system. extremely difficult, if not impossible, to manage and • Ensure the integrity of logged data through secure Web services systems effectively. Web services signing and chaining of events will eventually involve a large number of internal and external service providers and service consumers that are highly distributed and widely dispersed geographi-
www.novell.com/appnotes 116 codebreak
cally. Novell Nsure Audit is designed specifically to • Advantage (contract) handle the large-scale, highly distributed nature of the • Premier (contract) Web services environment. Depending on subscription level, program membership Potentially, any application can be instrumented to log deliverables include: to Novell Nsure Audit by reporting events to the Novell Nsure Audit Platform Agent through the C and • Novell Software Evaluation and Development Java APIs that are provided in the Novell Nsure Audit Library (NSEDL) on CD ROM Software Developer Kit (SDK). The SDK is available • Novell Developer Kit (NDK) (Online and CD for free download at: http://devel- ROM) oper.novell.com/ndk/naudit.htm. • Novell AppNotes Novell Platinum Partner Novacoast has already used • DeveloperNet University the Novell Nsure Audit SDK to integrate the auditing technology with third-party applications, including an • Yes, Tested and Approved Certification intrusion detection system and a help desk application. • Novell Developer Kit Support “Novell Nsure Audit offers a very rich feature set Incidents/Developer Support Forums that’s relatively simple to tap into using the develop- ment tools Novell provides,” said Novacoast CTO Got problems to solve? Get tools, documentation and Adam Gray. “As part of a broader solution, Novell support now! DeveloperNet provides a wealth of tools, Nsure Audit opens a significant opportunity to help our support, training and face-to-face engineering enterprise customers manage issues around regulatory resources to help any type of developer bring projects compliance and policy enforcement.” to completion or quickly get up to speed with Novell development. Join for free, or dive into a Professional For more information about Novell Nsure Audit, visit membership to get everything you need delivered to http://www.novell.com/products/nsureaudit. your door, including two paid support incidents. Visit http://developer.novell.com to learn more, sign up and start building better applications with Novell. DeveloperNet: One-Stop Novell Development Truth with a Capital N Open source or proprietary code. Object-oriented or low-level. Java. Perl. MySQL. Apache. .Net. Each month in Truth with a Capital N, we bring you Windows, Linux, NetWare, Solaris, and AIX. You some of the best commentary about Novell, gathered name it, and Novell DeveloperNet can help you “in the wild” from online forum posts and from feed- succeed with development to Novell technologies on back responses to articles focused on Novell technolo- your target platform. gies. DeveloperNet’s mission is to empower software and This month’s content was sent to Novell via email to hardware developers who develop with Novell and Novell by Brad Bendily of Southeastern Louisiana open source technologies. DeveloperNet provides University. Mr. Bendily was unable to post his subscription-based access to Novell products and solu- comments on NewsForge.com at http://news- tions, developer tools, technical resources, and engi- forge.com/newsforge/03/04/16/1431222.shtml?tid=11 neering support, helping developers deliver applica- because the particular forum topic had been closed to tions and services that leverage Novell’s Nsure, further posts. Nterprise and exteNd solution sets via eDirectory, the I got your e-mail address from the News Forge article NetWare platform, DirXML, NetMail and other indi- with Novell and OSS. You were talking to someone else vidual Novell products. about their eDirectory implementation. I just thought I Four levels of DeveloperNet membership provide indi- would give you a few details about our usage of eDir vidual programmers, developer teams and entire [eDirectory] 8.7 and how well it works for us. companies with “good-better-best” access to Novell’s I am a Network Administrator for Southeastern Loui- Sections products, standards-based interfaces, development siana University (SLU) in Hammond, Louisiana. We frameworks, and engineering support: have been using NetWare as our main file server OS • Online (Free) for about 10 years. Recently (January 2003) we imple- mented a new e-mail system based on Red Hat Linux • Professional ($395) Advanced Server 2.1. We have two IBM Netfinity x360
August 2003 117 codebreak
servers with four Pentium 4 3.06Ghz Xeon and how to logically design and deploy those compo- Hyper-threaded processors each. These two servers nents to solve real business problems. The free docu- are in a cluster and are connected to a Xiotech Magni- ment, “A Superior Foundation for Secure Identity tude SAN. In addition, we use eDirectory as our main Management,” also introduces Novell’s Identity Auto- repository for storing e-mail account information. mation Framework—the company’s highly flexible Users authenticate to this directory via LDAP. We technical architecture underlying the future of all of its have roughly 20,000 active e-mail accounts and Nsure solutions. “A Superior Foundation for Secure eDirectory handles this load without even breathing Identity Management” can be downloaded from hard. We have also started authenticating other apps http://www.novell.com/nsure/iaf_guide. to the LDAP dir. Our PeopleSoft 8 implementation is Implementing a secure identity management solution is web based and these users authenticate via LDAP. We an imposing challenge for any enterprise customer. have several other in-house written apps and Web apps Not only are there significant technological and polit- that also authenticate to our LDAP tree. ical considerations, but many identity management We have over 100,000 objects in our eDirectory tree. offerings are of limited purpose, addressing only provi- The unfortunate caveat about this is that Novell’s sioning or single sign-on, instead of the greater delivered administration applications don’t really problem. Deploying these silos of identity often only handle hundreds of thousands of objects very well. We makes the situation worse. have a in-house menu program mostly written in Perl “Like any successful business, we can’t afford to (http://www.perl.org). tackle short-term problems at the expense of I would just like to say that eDirectory is a solid, well long-range vision and strategy,” said Dustin Sanders, designed directory system and I am glad that I have the director of Networking Services for Packaging Corpo- opportunity to work on such a system. I would like to ration of America, one of the largest manufacturers of thank the Novell team for producing excellent and corrugated packaging products in the United States. exciting products that I plan to use well into the “By offering the industry’s most comprehensive secure future.” identity management solutions and an unparalleled understanding of the associated business issues, Novell Brad Bendily - CNA is helping companies like Packaging Corporation of Network Specialist America balance those interests and drive the most Southeastern Louisiana University value out of every IT investment.” The gem in Mr. Bendily’s message is in the univer- sity’s custom menu program written in Perl and opti- mized to manage over 100,000 directory objects. Further discussion with Mr. Bendily revealed a solid YES, Tested & Approved understanding of Novell and the value of open source software in producing custom applications which best Product Search support the university’s complex network infrastruc- ture. DeveloperNet is working with Mr. Bendily to Need another compelling reason to test and certify learn more about the SLU’s in-house menu program, your software or hardware as YES, Tested & and to hopefully provide a corporate Novell developer Approved? Here it is! Novell makes it easy for success story in the near future! customers to find your certified-compatible solutions on its Web site. The Novell YES, Tested & Approved Product Search is a rich database of solutions based on Novell technologies and DeveloperNet partner prod- ucts. It’s an ideal way to broadcast the availability of Novell Releases Guide to your Novell-compatible solution to potential buyers Secure Identity Management around the globe. See http://developer.novell.com/nss/ to browse the YES, Tested & Approved Product Novell has released a new secure identity management Search database. For more information about Novell’s architectural guide designed to help customers (and YES, Tested & Approved Program, visit http://devel- even battle-hardened developers) understand the essen- oper.novell.com/yes. Sections tial building blocks of secure identity management,
www.novell.com/appnotes 118 codebreak
1. Search - The search function searches the project database by project name and description. The results of your search will include a link that will take you to the project page. 2. Projects - This feature presents a tree or list view of all the projects in the project database. You can use this to navigate and locate the project you What’s New on Novell Forge want. 3. If you know the short name of the project you On behalf of the Novell Forge team, we would like to want, you can type the URL directly into your annouce the availability of the Apache MySQL and browser. The format is Perl/PHP (AMP) community at the Novell Forge site http://forge.novell.com/modules/xfmod/project/?s (http://forge.novell.com). This community is dedi- hortname, replacing shortname with the short cated to helping improve the sharing of development name of the project. information and code for building AMP applications with Novell products. How to Navigate a Project Over the next few months, we will continue adding The project page is the portal page for the management more information that will help AMP developers. We of a project. Through it one can access all the tools would like to invite those interested in AMP tech- needed to manage a project. nology to participate by sharing information, sample The main project page displays such things as informa- code, articles, or applications that you have built. The tion and statistics about a project, a list of users who Novell Forge AMP community can be found at: are members of the project, current file releases for the (http://forge.novell.com/modules/xfmod/commu- project, project news, and a public area with informa- nity/?amp). tion about bugs, enhancement requests, documenta- tion, and other items. The menu bar along the top of each project page is How to Get Started at Novell useful for navigating to different portions of project management. Whether you are browsing a project, Forge contributing to a project, or administering a project, you can find a wealth of information by perusing these Novell Forge provides the ability to host and manage areas of a project. projects. A project is centered around the creation of a software project and contains tools that allow you to manage the development and distribution of your soft- How to Create a Project ware project. To create a project: Projects and communities seem very similar (indeed, 1. Click on the Start New Project link in the Main they are implemented nearly identically and share a lot Menu. You will be presented with the first of four of code). The primary difference is that of purpose. A pages that you navigate through to create your community is centered around an idea, concept, disci- project. pline, technology, market, or other similar topic; 2. The first two pages present information about the whereas a project is centered around the creation, project and general guidelines for use. These development, and distribution of a software product. outline the primary services provided by Novell Some of you may have questions concerning finding , Forge and describe some of the terms of service in navigation or creating projects at Novell Forge. So this lay terms. month we will go though some of basic how to infor- 3. The third page presents the terms of service mation to get you started. document. This is a legal document; you must agree to the terms of service in order to create a How to Find a Project project. Questions about the terms of service Sections There are three ways to get to the project page for a document should be directed to the site project. administrator.
August 2003 119 codebreak
4. The fourth page allows you to enter information approved. You are then free to add users to your about your project - project name, license, project; create news, trackers, or forums; upload code description, etc. You need to fill out this form in to your CVS repository; create releases, or anything order to complete your project submission. else. It is important to take your time and fill out your project submisison accurately and completely. The How to Contribute to a Project following fields are especially important: There are many ways you can contribute to a project. • Project Purpose - The project purpose will • Release Technician - an individual who is in primarily be used to make the determinition charge of creating file releases. whether to approve or reject your project. • Tracker Manager - an individual who can create • License - You have your choice of several and manage the trackers used by the project. different types of software license, almost all of which are approved by the Open Source Initiative • Task Manager Admin - an individual who can (OSI). You are strongly encouraged to select a create and manage subprojects and tasks. license that is OSI approved, since an OSI • Task Manager Tech - an individual to whom approved license ensures that the content covered tasks can be assigned. by the license conforms to the Open Source • Forum Moderator - an individual who can Definition (meaning that it has the essential approve and moderate forum postings. characteristics of open source software). We encourage you to visit the Open Source Initiative • Documentation Editor - an individual who can website to learn about open source software and edit and approve document submissions, as well the license(s) you are considering before you as submit documentation. make a selection. • Tracker Admin - an individual who can At your option, you may submit your own license administer trackers, like Bugs or Enhancement terms for consideration with your project. Please Requests, including approving or submitting consider, however, that Novell Forge is an out- tracker items and assigning those items to others. ward demonstration by Novell of its commitment • Tracker Tech - an individual to whom tracker to the advancement of the open source commu- items, like Bugs or Enhancement Requests, can be nity. It is likely that a project submitted with a assigned. non-OSI approved license will be rejected. • Project Admin - an individual who has full It is possible for you to change the license of your administrative rights to a project. project in the future - after all, it is your project. You must become a member of a project in order to Novell Forge allows you to select a license at contribute. When you become a member of a project, project creation time, and again when you catego- you will be given permissions to contribute to a project rize your project, for ease of categorizing and in defined ways as noted above. You will also have the searching projects. Officially, the license of your ability to add to or modify the source code base. project is the license you distribute with your project. Keep in mind, though, that Novell Forge In order for you to become a member of a project, a reserves the right to disable your project if you project admin must add you to the project. If you want change to a license that is not an approved license. to contribute to a project, you can always send an email or private message to one of the project admins and Once you submit the final form for your project, the request that you be added to the project. Whether you information about your new project is submitted to the are actually allowed to become a member is up to the site administrators for approval. You will be notified discretion of the project administrators.You can also when your project is approved (or rejected). You check the “Help Wanted” section by clicking on the should keep the email messages you receive for future link in Main Menu. Projects that are currently looking reference, as they contain important information about for contributors may advertise for help in this section. managing your project. You can apply for posted jobs and possibly be selected Sections as a project member in this way. When your project is created, you should then go to your project page and perform a few administrative tasks, such as categorizing your project in the trove and How to Administer Your Project changing mailing list passwords. The information that First off, you must be an administrator of a project in describes how to do this is contained in the e-mail order to perform administrative tasks. You become a messages you received when your project was project administrator one of two ways:
www.novell.com/appnotes 120 codebreak
• Create a project. All the tools used within the project also have an • Be granted project administrator status by another administrative console for each tool. To get to the administrator. administrative pages for a tool, click on the name of the tool in the project menu, then click on the Admin Click on the Admin link in the project menu to get to link that appears. the primary project administration page. This page has several subsections. How to Download a Project Release Admin - This is the main project administrative page. Within a project, the files that you can download are From this page you can perform the following tasks: organized as follows: • Change the trove categorization • A Project can have zero or more Packages. • Enable and disable CVS access controls • A Package can have zero or more Releases. • Access administrative panels for all project tools • A Release can have zero or more Files. • Add users to your project - simply enter their This concept is perhaps best illustrated with an username and click Add User example. User Permissions - From within this page you will see Suppose you administer a project that is developing a an overview of all the members of your project and the simple GUI LDAP browsing client, and suppose you permissions they have within the project. Click on a have a compiled executable of your project for Linux member's username to bring up the permissions platforms. This is a perfect candidate for release. In management page for that member. Using this page, order to release your executable, you would first you can make changes to the permissions of any user, decide what package the executable belongs in. You including yourself. may have the packages Windows, Linux, Netware, and Note: Project Roles exist for the purpose of helping Macintosh, so the Linux package would be the obvi- you remember what each person does on your project. ously correct choice. Assigning a user to a role does not have any effect on the permissions that user has within your project. Next you need a release within the package. Perhaps the release itself is RedHatLinux8.0_v1.1, to denote Edit Public Info - This page allows you to modify the the 1.1 release of the software as a compiled execut- information that is publicly available about your able on Red Hat Linux 8.0. project. You can change your project name, project description, or project homepage within this page. You Finally, you would create the file within the release by can also use this page to activate or deactivate certain simply uploading the file and assigining it to the project tools or features, like forums, surveys, mailing release. lists, or tasks. The existence of packages, releases, and files allows Project History - You can use this page to quickly you complete control over the organization and view a log of the administrative changes that have management of your file releases. taken place within your project. If you are the consumer of a project, it is even easier. Edit Release Files - It is within this page that you On the main project page, the files available for down- create and manage your project releases. You can load are listed underneath the heading Latest File create and manage packages, releases for each Releases. Simply click on the release you are interested package, and files for each release here. View the in and you will be taken to a page where you can click Downloading Projects section for more detailed on the file(s) you want to download. instructions on how to manage your file modules. Post Jobs - You can use this page to post jobs to for How to Use Project Forums your project that will appear in the “Help Wanted” Forums are available for use within projects to allow a section. This is a good way to advertise to get addi- medium of information exchange between participants. tional help on your project. Threaded discussions allow participants to follow topics and resolve issues around those topics of Edit Jobs - From within this page, you will see a view Sections of all the jobs that are currently active for your project. interest. By clicking on a job, you will be presented with a page where you can modify any information about a job you How to Use Trackers posted. Trackers allow you to create categories and issues within categories for tracking purposes. Trackers offer
August 2003 121 codebreak
similar functionality to that of tasks; however, tasks are create subprojects. For example, your software project primarily for monitoring the planned path of develop- may have tasks such as framework, user interface, ment for your project, whereas trackers are primarily APIs, or documentation. Once you create subprojects, for monitoring other important issues that arise during you then create tasks within each subproject. You can the development of a project. then assign tasks to members of your project and track the progress of your project. Using the tracking system, you can manage both the categories within which your issues will be placed, and To create a subproject, you first click on the Tasks link the issues themselves. in the project menu, then click on Admin, Subproject List, and Add A Subproject. Fill in the simple form Select Trackers from the project menu and you will be and submit to create a subproject. taken to the trackers page. You can select here from the available trackers. Once you select a tracker, you can: To manage a task, go to the tasks window by clicking on the Tasks link in the project menu, then select a • Submit New Tracker Items by clicking on the subproject from the list to add the tasks to. From this Submit New link and filling out the form. point, you can create new tasks, manage existing tasks, • Browse Open Items by defining the desired or view tasks that are assigned to you within the search criteria and then clicking the Browse project. button. Once you have created and assigned tasks, the • Modify an Item by selecting the item from the assignees can keep you informed on their progress by search results and then making changes to the updating the information on their task, including item. Some of the changes you can make include: current information or issues, setting or updating esti- • Assigning the item to a project member mated completion dates, and maintaining information • Changing the item priority regarding current state of completion. Each task also includes dependency information, so you can set up • Changing the item status dependencies within your task structure to organize To administer this page, click on the Admin link. Here your effort and know what needs to be done and when. you can: • Create a new tracker by filling out and How to Use Project Documentation submitting the form at the bottom of the tracker Novell Forge offers you the ability to upload and administration page manage all types of documents that pertain to your • Modify settings on existing trackers by clicking project or community. The document management on the tracker, selecting the appropriate category, feature is available for both projects and communities. and submitting the changes To access the documentation page, click on the “Docs” • Disable trackers by clicking on the tracker, link in the project or community menu. You will be selecting the “Update preferences” link and presented with all the publicly available documents. deselecting the “Publicly Available” setting By clicking on the Admin link, you will go to the document management page where you can submit You will notice that the title of each of your default documentation, add or modify the available document trackers appears in the project menu. You can get to a categories, edit information about previously specific tracker by selecting it from the project menu, submitted documentation, or set the state of a docu- from the main project page, or by clicking on the ment. For example, documents with the state of active “Trackers” link and then selecting the tracker from this are publicly viewable, whereas documents with the page. state of pending are those which have been submitted Once you have selected a tracker, you will be but not yet approved. presented with a page that is specific to that tracker. To submit a document, click on the Submit new docu- You can use this page to submit new items to the mentation link in the document management page. tracker, such as a bug report. You also use this page Documents are managed as uploaded files, so all you administratively to assign items to members of your need do is upload the document and it will be stored
Sections project, or to monitor the progress of existing items. and managed on the server.
How to Use Tasks How to Use Mailing Lists Tasks provide a means by which a project adminis- Mailing lists are offered for both projects and commu- trator can assign and delegate responsibilities within a nities. A set of mailing lists are automatically created project to individuals. When using tasks, you first whenever a project or community is approved. You do
www.novell.com/appnotes 122 codebreak
not have the option of creating additional mailing lists How to Use CVS or of deleting existing lists. CVS is the source code repository control system used When you send e-mail to a mailing list, all the by Novell Forge. When you create a project, you are subscribers of the list receive a copy of the e-mail you allowed the option of whether you wish to make use of send. This is a means by which interested parties can CVS to manage the source code for your project. remain informed on a project or community, and If you want others to be able to contribute to and collaborate with other subscribers by sending and enhance your project, you should strongly consider receiving mail on the list. To send e-mail to the mailing using our CVS server to host your project. Access to list, you simply create an e-mail addressed to the CVS server is limited only to individuals who are [email protected], where list-name is the members of your project. name of the list. As an option, you can select to enable anonymous CVS Anybody may subscribe to a mailing list. To do so, access to your source code. If you enable anonymous simply navigate to the mailing list page for the project CVS access, any user of the site, even users who are or community in question, and select the “subscribe” not logged in, will be able to view and download a link. Then fill out the form and submit. You will snapshot of your source code. A user must still be a receive an e-mail notification of your subscription member of your project in order to make changes to request that will tell you what to do next. your source code. Novell Forge uses the GNU Mailman mailing list soft- To enable anonymous CVS access, click the Admin ware, including their subscription and list administra- link in your project page, then make sure the “Anony- tion pages, to manage mailing lists. As the adminis- mous CVS Access” property is selected underneath the trator of a project, you have the ability to manage “CVS Administration” heading. traffic, volume, subscribers, and other aspects of your mailing lists. For details on how to use Mailman, check You can trust the integrity of your source code. Our their website. CVS server is backed up daily to prevent the loss of your source code. In addition, the CVS server itself utilizes eDirectory to enforce access rights to projects How to Use Surveys and source code, but does not allow shell logins to the You can create your own surveys for your project and server itself. In other words, you can trust that your use them to gain insight from consumers of your source code will only be available to the people to project. Surveys provide this information in a confi- whom you wish it available, and only under the terms dential manner, so that the identity of the participants you provide. is not revealed. The CVS link in the project menu takes you to the Polls is another name for surveys. Check the Polls help CVS management page. Within this page you are page for more information. shown the information that you need in order to begin managing your source code using our CVS server. If How to Use News you have allowed anonymous access to your reposi- tory, this page also includes instructions for anony- You can create your own news items for your project. mous download, and a link to view the contents of your This is a good way to provide summary information repository online. about the current state of your project. There are many CVS clients available that can Check the News help page for more information. consume a CVS resource like the one provided at Novell Forge. For details on how to set up your specific client, refer to the documentation provided with the client software. Sections
August 2003 123 Sections effort. minimal with organization information tothe entire important timely, cate waytocommuni- effective for collaborationandan Portals are agreat tool 124 www.novell.com/appnotes the strengths and weakness are thefoundation forbuilding Webservices.Manyof Ramblings, I’vehighlightedth an “allornothi services is that woul ment because I won’t add “that is the question” to the above state- containing the data needed client application makes adi to connecting userstodata m client-server The foundationconsider itasthefor your applications. client-server modelthat ma There are advantages a traditional client-serververywell inthe network. As forline-of-businessappl Networking Keeping Traditional Client-Server tion with minimal effort. timely, important informatio collaboration andeffectivean waytocommunicate tool for areagreat Portals the “Intranet.” it is perhaps optionof anIntranet or most useful for useaspart A customizableHTML. corporate portalfirst istheand thatof applicationsuti An intranet allows you to take advantage of the wealth intranet?” needan you maybeasking“WhydoI Now perhapswith anintranet. very well with justa clie find thattheycan function enterprises may and larger that Web servicescan br needing thetypesofconnect function offer. Theymay Not every organization will partic But, whatifyoudon’t You MayOnlyNeed anIntranet To WebServicesorNot.. as part of yourbusinesssolution.as part may helpdetermine howyou [email protected] Novell AppNotes Editor-in-Chief Richard Smith odel is a simple two-tier approach is asimpletwo-tier odel lize theHTTPprotocoland nd disadvantages to the d imply thatusingWeb d nt-server basednetwork—and ing. Manysmallbusinesses very well withoutever ng” proposition. In previous . By usingthismodel,. a by the programandtypi- by y influence your decision to es ofthese ications, many will work will many ications, need what Web services ularly needWebservices? rect connection to a server n tothe entire organiza- ions to outside resources ions tooutside implement Webservices e maintechnologiesthat technologies used the server’s resource used theserver’s serverserver, and executedprogramsresidentonthe a screenandkeyboard)was connectedtoasingle terminal-server topographywher The client-server model evolvedfrom the client session. cally will maintain that connection forthe length ofthe time,I’ll justkeeprambling. on . computers aretohelp here us, aren’tthey?Until next ning, you can realize long-te pickingfrombegin- andchoosingright path the the dealing withthe co But by roadmapyouthere. toget Simple, right? Notreally. what the finaloutcome Be prepared toexaminewhat you currentlyhave and strategies that blending ofthe “all ornothing”propositions And don’tthinkthatWebserv when planningisdone much lesspainfulfor both The implementation phases. overbe savedmany times a given situation.The time factors is critical in determining the proper solution for development anddeployment, processing needs. As with deciding what approach to I’ve addedanother factorforconsideration yet when To Do? Need Do I What That IHaveOptions, Now costly, frustrating,andtime-consuming process. that has application must new versionofanapplication software on anumber of cl theto consider is costofmaintaining theapplication memory, and storage.Perhapsa more important aspect presgiven the in thepast applications. Thisisnot as computers containsufficie On thenegative side,thism the network itself. into thissystemdirect, musthave physical access to network’s security. Anyone wishingtosomehow hack would beverydifficult foranyonethe tobreach worl outside to the access ical makes adirect connection to the server without phys- the client-server model. Sincethe clientcomputer side,security most isthe si advantages ofclient-server are the way, what history outofthe bit of that With performto thecomputingthemselves. resources computers became powerfulenough and hadsufficient Client-server computing ca before you desire, then build a then build you desire, ent-day lowcostof PCs, s (memory and disc space). (memory anddisc s mplexities up-front and mplexities up-front during the development and usinggnificant advantageto nt resourcestohostthe most aspectsofsoftware ient machines.time Any a developers and end-users developers and much of aconcernasitwas take to solve your data computing? On the positive computing? On me about whenpersonalme spent on this analysis can odel requiresthat rm benefits.all, After . Therewill likely bea entire process will be be updated. This can be a be beupdated. Thiscan d (suchastheInternet), it you begin to code. to youbegin bestfitsmostsituations. ices andclient-server are is available, every client the analysisallthese of e a terminal (basically e the client client the viewpoints
Q. A Buddhist living in England cannot be buried on church grounds even if he converts to Christianity. Why not? A. You don’t bury living people.
Q. If two is company and three is a crowd, what are four and five? The Answer Is Obvious . . . A. Nine. Q. If you take two apples from five apples, how Here are some real brain-puzzling questions for you, in many do you have? the grand tradition of “Who is buried in Grant’s Tomb?” But be warned—the answers might not be as A. Two. obvious as you think! Q. If you had only one match and entered a dark Q. How many cubic feet of dirt are there in a hole room containing an oil lamp, a newspaper, and some measuring 3 feet wide by 4 feet long by 5 feet deep? kindling wood, what would you light first? A. None; there is no dirt in a hole. A. The match.
Q. Where was Queen Cleopatra’s temple? Q. How many animals of each species did Moses take into the ark? If you had only one match A. On the side of her head. and entered a dark room A. None; it was Noah who built the ark. containing an oil lamp, a Q. How many marbles can you put into an empty newspaper, and some kin- bag? Q. If a red house is made of red wood and a white dling wood, what would house is made of white wood, what is a green house you light first? A. One; after that the bag is no longer empty. made of?
Q. How long will a seven-day grandfather clock run A. Glass. without winding? Q. What do Kermit the Frog and Atilla the Hun A. Without winding, it won’t run at all. have in common?
Q. Why do Chinese men eat more rice than A. Their middle name. Japanese men? Q. What do you sit on, sleep on, and brush your A. There are more of them. teeth with?
Q. How far can a dog run into a forest? A. A chair, a bed, and a toothbrush.
A. Half-way; the rest of the way he’s running out. Q. Is it legal to marry your widow’s sister?
Q. What was the highest mountain in the world A. It’s impossible; if your wife is a widow, you’re before Mount Everest was discovered? dead! A. It’s always been Mount Everest. Error Message of the Month Q. Where are the kings and queens of England crowned? A. On their heads.
Q. Some months have 30 days and some have 31 days. How many have 28 days?
A. All of them. Sections Disclaimer: Lightweight Access brings you humorous Q. How many times can you take 3 from 25? observations and refreshing diversions to give you a break from the daily grind. Any opinions expressed do A. Once. not reflect Novell’s official position on anything.
August 2003 125 Novell Research Publications Recent issues only are available for order. For information on how to order these publications, refer to the Order Form. All articles can be viewed in HTML format and downloaded in Adobe Acrobat (PDF), eBook, Palm, or Windows CE formats at http://www.novell.com/appnotes. To obtain a complete, updated list, call the AppNotes Order Desk at 800-395-7135. Outside the U.S. and Canada, call 925-463-7391.
Novell AppNotes (formerly Novell / NetWare Application Notes)
Date Part Number Titles
Aug 03 464-000064-008 What’s New in NetWare 6.5? Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use? Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack Apache Manager: A Directory-Based Approach to Managing Apache Web Servers Overview of Novell Web and Application Services in NetWare 6.5 New Developer Features in Novell eDirectory 8.7.1
Jul 03 464-000064-007 Linux: The “Other” Operating System Managing Handheld Devices Using Novell ZENworks for Handhelds 5 A Tiered Structure for Governing and Managing Large-Scale Directories Getting Started with Novell exteNd Director 4.1 Enterprise Edition How to Build J2EE Applications Using Novell Technologies: Part 9
Jun 03 464-000064-006 Deploying Novell ZENworks for Desktops 4 in a Pure Microsoft Windows Environ- ment Using ZENworks for Server 3 Server Management Understanding the Novell SecretStore 3.2 APIs Error Processing in exteNd Composer: Simplifying Maintenance and Debugging
May 03 464-000064-005 An Introduction to Novell Nsure Secure Identity Management Sending Secure and Encrypted Messages with GroupWise 6.5 A Technical Overview of Novell SecretStore 3.2 How to Use Perl, Python, and PHP to Access eDirectory 8.7 via LDAP How to Write NetWare Loadable Modules (NLMs) as Dynamic Libraries
Apr 03 464-000064-004 Accessing Network Files with the Novell Native File Access Pack (NFAP) Creating and Enforcing an Internet Acceptable Use Policy Apache 2.0: All New and Engineered for the NetWare Environment Administering MySQL on NetWare Novell exteNd Directory Pluggable Security Realm for eDirectory/WebSphere
Mar 03 464-000064-003 What’s New in GroupWise 6.5 Using WebSpy Analyzer and WebSpy Live on Novell BorderManager Proxy Log Files How to BuildJ2EE Applications Using Novell Technologies How to Use Novell Nsure UDDI Command Beans in Building Web Service Enabled Applications Integrating Log4j and the Novell exteNd Application Server
Feb 03 464-000064-002 IP Address Configurations and Usage for the NetWare 6.5 TCP/IP Protocol Stack NetWare 6 Trustee Rights: How They Work and What to Do When It All Goes Wrong Using Public-Domain Site Blocking Lists with Novell BorderManager Understanding and Using Persistent Search in Novell eDirectory An Asynchronous Transaction-Enabled J2EE Application: A Message Driven Bean Example
Jan 03 464-000064-001 A "Quick Start" Guide to Novell NetMail 3.1 Blocking Browser Ads with Novell BorderManager A Competitive Upgrade: LANDesk Management Suite to ZENworks for Desktops 4 Distributing the Mozilla 1.x Web Browser Using Novell ZENworks for Desktops How to Replicate User and Group Information Between exteNd Application Servers
www.novell.com/appnotes 126 Novell Research Publications
Date Part Number Titles
Dec 02 464-000063-012 What’s New in Novell iFolder Professional Edition 2.0 Implementing a High Availability Web Access Solution with GroupWise 6 Enhancing TCP Performance Through the Large Window and SACK Options Convergence of Technology: Integrating CollabraSpace Collaboration Server with Novell exteNd Installing and Configuring NetWare AMP (NetWare 6, Apache, MySQL, and PHP/Perl) How to Build J2EE Application Using Novell Technologies, Part 7
Nov 02 464-000063-011 Novell Nterprise Branch Office: Remote Office Management Made Easy Understanding the Atlas Feature in ZENworks for Servers 3 Implementing Protocom’s SecureConsole in a Large Network How You Can Help Improve the Quality of Novell’s Software How to Build J2EE Applications Using Novell Technology: Part 6 How to Port an ANSI C/POSIX Application to NKS/LibC
Oct 02 464-000063-010 Getting the Most Out of the NetWare Server Consolidation Utility Troubleshooting Novell iChain 2.1 Authorization Issues How to Configure NIC Teacming Drivers Using INETCFG How to Configure and Customize the Discovery System in ZENworks for Servers 3 An Introduction to MySQL for NetWare Effectively Reading a DirXML Trace File
Sep 02 464-000063-009 Troubleshooting Novell iChain 2.1 Authentication Issues Managing Windows 2000 Group Policies with ZENworks for Desktops 3 How to Use the Alarm Management System of ZENworks for Servers 3 A Methodology for Troubleshooting DirXML Implementing a Utility for Searching Windows Executable Files on NetWare How to Build J2EE Applications Using Novell Technologies: Part 5
Aug 02 464-000063-008 DirXML and the Reporting & Notification Service (RNS) How to Perform a Health Check of Novell Account Managment 2.1 for Windows NT Monitoring Proxy Information on Novell BorderManager Advanced Features of DirXML, Part 2: Channel Write-Back How to Build J2EE Applications Using Novell Technologies: Part 4 How to Write Start-up Code for NLMs
Jul 02 464-000063-007 Novell Storage Services (NSS) Performance Monitoring and Tuning Tuning the NetWare 6 TCP/IP Stack via SET Parameters How to Build J2EE Applications Using Novell Technologies: Part 2 Advanced Features of DirXML, Part 1: Queries Leveraging the System Management BIOS Information in NetWare-Based Applications
Jun 02 464-000063-006 Technical Considerations for Choosing the Best Directory Authenticating Users to UNIX Systems with Novell eDirectory and LDAP Accessing Data on Multiple eDirectory Trees with a Single Login Using Novell NetStorage Novell BorderManager Filter Configuration through iManager Update on the Centralis AXE Utility: What’s New in Feature Release 1? How to Build J2EE Applications Using Novell Technologies: Part 2
May 02 464-000063-005 Understanding and Troubleshooting Novell's Security Infrastructure Using Novell SecureLogin to Enable Web Applications for Single Sign-on Interoperability of Novell BorderManager with Other Novell Services How to Build a Personalized, Secure Web Portal Using eDirectory, iChain, and Cor- porate Yahoo! Enterprise Portal How to Build J2EE Applications Using Novell Technologies: Part 1
August 2003 127 Novell Research Publications
Date Part Number Titles
Apr 02 464-000063-004 A Technical Overview of Novell TCP/IP in NetWare 6 Managing Browser Configuration for Novell BorderManager Proxy Clients Upgrading from iChain 1.5 to 2.0 One eGovernment: Bringing Governments to the Net How to Manage and Use Dynamic Groups in Novell eDirectory
Mar 02 464-000063-003 Novell iChain 2.0 Installation and Configuration Quick Start What's New in Novell BorderManager 3.7? Link Level Load Balancing and Fault Tolerance in NetWare 6 Creating Applets for Novell GroupWise with Advansys Formativ How to Uninstall Novell Account Management 2.1 for Windows NT How to Extend the NetWare Scripting Environment by Creating UCX Components
Feb 02 464-000063-002 ZENworks for Desktops Preboot Services: A Technical Overview Blocking Virus Requests in Novell BorderManager’s HTTP Accelerator Building eDirectory-Enabled Applications Using Delphi: Low-Level How to Use the Security Features in Novell Portal Services How to Audit DirXML Events Using Stylesheets, Java, and JDBC
Jan 02 464-000063-001 Cluster-Enabling a ZENworks for Servers 2 Development Understanding Novell BorderManager’s HTTP Proxy Logs How to Implement Complex Business Rules Using DirXML Stylesheets and Java How to Write a ConsoleOne NDS Management Snap-In Using the eCommerce Bean for LDAP How to Manage Internet Directories Using Beans for Novell Services
Dec 01 464-000062-012 Ensuring High Performance and Availability from NetWare 4.x and 5.x Servers Building eDirectory-Enabled Applications Using Delphi: ActiveX How to Use the Novell Kernel Services Programming Environment and Standard Run-Time Library: NetWare 6 Update How to Access Remote ActiveX Controls from NetWare How to Define a Corporate Naming Policy Using DirXML Stylesheets How to Certify an NLM Application on NetWare 6
Nov 01 464-000062-011 Should I Use a Directory, a Database, or Both? Preparing a Disaster Recovery Plan for NetWare and eDirectory Building eDirectory-Enabled Applications using Delphi: Overview How to Use the eCommerce Beans for LDAP in Servlets, Java Server Pages, and Enterprise JavaBeans How to Install and Configure NetWare Enterprise Web Server or Apache Web Server with Tomcat
Oct 01 464-000062-010 What’s New in NetWare 6? A Features Overview Upgrading or Migrating to NetWare 6 iFolder: Data Accessibility, Where and When You Need It Novell iPrint: A Best-of-Breed Print Solution for Business High Availability Networking with NetWare 6: NSS 3.0 and Cluster Services 1.6 Multiprocessing Support in NetWare 6
Sep 01 464-000062-009 Troubleshooting the Novell BorderManager 3.6 VPN Client Moving Novell’s Legacy Print Services Between Volumes and Servers Implementing SecuGen’s Fingerprint Recognition Technology with NMAS 2.0 Ten Guidelines for Designing Effective Schema Extensions How to Install ZENworks for Desktops 3 How to Use eDirectory-Based Home Directories with the Apache Web Server How to Access NDS from HTML or ASP, Part 6 (online article)
www.novell.com/appnotes 128 Novell Research Publications
Date Part Number Titles
Aug 01 464-000062-008 Getting to Know LDAP and Directories: What to Consider Enhancing ZENworks for Desktops 3 Imaging with ENGL Zim How to Showcase Your Web Content Using Novell Portal Services How to Use Novell Directory Control (NWDir), Part 3 How to Use Perl, Python, and PHP to Access NDS eDirectory 8.5 via LDAP How to Access NDS from HTML or ASP, Part 5 (online article)
Jul 01 464-000062-007 An Overview of Biometrics Support in NetWare Through NMAS Quick Guide to Installing and Configuring Novell iChain 1.5 Community Services Printing from a Macintosh on an IP-Only NetWare Network with NDPS How to Integrate NDS eDirectory with Your Web Application Using the eCommerce Bean for LDAP How to Access NDS from HTML or ASP, Part 4 (online article)
Jun 01 464-000062-006 Configuring a Fault-Tolerant Messaging System Using GroupWise 5.5 and Novell Cluster Services Quick Guide to Installing and Configuring Novell iChain 1.5 Authorization Services How to Use the ODBC Driver with XML How to Clear a User’s Connection Using a Perl Script Centralis Contex: The ConsoleOne Extensions for Thin Client Server Solutions (online article)
May 01 464-000062-005 Performing an Unattended Installation of ZENworks for Desktops 3 on Remote Serv- ers Centralis AXE: The Power Utility for ZENworks for Desktops Health Check Procedures for NDS eDirectory on Supported Platforms Quick Guide to Installing and Configuring Novell ICS and iChain 1.5 How to Use Novell Directory Control (NWDir), Part 2 How to Access NDS from HTML or ASP, Part 3 How to Integrate NDS eDirectory, JDBC, and EJB (online article)
Apr 01 464-000062-004 How to Maintain Caching in eDirectory 8 and eDirectory 8.5 Creating the “Digital Airlines” Novell Technology Demo Custom Development with Novell iChain 1.5 Process Foundations for Successful Solution Deployment How to Use the ODBC Driver with NDS, Part 3: Understanding XML How to Access NDS from HTML or ASP, Part 2
Mar 01 464-000062-003 How to Monitor NetWare Servers Using a Wireless Device Policy-Based Management of Mobile Phones How to Use Novell Directory Controls (NWDir), Part 1 How to Write a Simple DirXML Stylesheet How to Access NDS from HTML or ASP, Part 1 (online article) How to Analyze NDS.DTD to Construct XDS Documents for DirXML
Feb 01 464-000062-002 Understanding Novell’s iChain: A Technical Overview How to Use NDS eDirectory to Secure Apache Web Server for NetWare How to Program to NDS eDirectory on NetWare Using Perl How to Analyze NDS.DTD to Construct XDS Documents for DirXML How to Build an NDS-Enabled Application Using Visual Basic and the Novell Con- trols for ActiveX, Part 2
Jan 01 464-000062-001 Novell OnDemand Services: Architecture and Customization How to Optimize Novell Licensing Services How to Use a Perl Script to Reboot a NetWare Server Using a UPS How to Write a Simple NLM Using Novell Script for NetWare
August 2003 129 Novell Research Publications
Date Part Number Titles
Dec 00 464-000060-012 How to Manage Active Directory with Novell’s eDirectory How to Use MVC Beans for eBusiness to Administer eDirectory Using Your Browser How to Use the ODBC Driver with NDS, Part 2 How to Use the GroupWise Filter and Query How to Use GroupWise Tokens New Features of the Novell Kernel Services Programming Environment for NetWare 6 Programming
Nov 00 464-000060-011 NDS eDirectory 8.5: A Detailed Overview Personalizing and Customizing Web Content Using NDS eDirectory at CNN How to Configure WebSphere, Oracle, NetWare Enterprise Web Server, and eGuide on a NetWare Server How to Use the ODBC Driver with NDS: Part 1 Overview of the Universal Component System (UCS)
Oct 00 464-000060-010 Using NDS Corporate Edition to Manage Windows NT and Windows 2000 Using the Novell Import Convert Export Utility NDS Tree Walking Issues and Recommendations How to Update Applications, ZENworks Application Objects, and snAppShots Resid- ing on Multiple Servers KLib: A Kernel Runtime Library GroupWise Object API in Visual Basic and C++ Accessing Novell Services from Perl on NetWare
Sep 00 464-000060-009 Using Novell Net Publisher to Publish, Share, and Store Files on the Web Protecting Your Network from Hackers with Advanced BorderManger Packet Filter- ing Migrating from NT to NetWare with the NetWare Migrating Wizard How to Configure and Optimize eDirectory LDAP Servers Time Functionality in the Standard C Library How to Add C3PO Custom Buttons with GroupWise Object APIs in Visual Basic
Aug 00 464-000060-008 Multimedia Streaming with NetWare 5.1 Implementing Strong Passwords in an NDS Environment Troubleshooting BorderManager Licensing Issues Choosing a Scripting Language on NetWare How to Develop Web Applications for WebSphere Using MVC Beans NetWare Installation Guide for Non-NetWare Users Novell Controls for ActiveX and Microsoft Excel
Jul 00 464-000060-007 An Introduction to Novell’s DirXML What It Really Means to be Integrated with NDS eDirectory System Requirements for NDS eDirectory Novell eGuide: One-Click Connection to Directory-Based Information How to Supercharge LDAP Searches with NDS eDirectory Indexes How to Use Metrowerks CodeWarrior Building an NDS-Enabled Application Using Visual Basic and Novell Controls for Active X, Part 1
June 00 464-000060-006 Implementing an Enterprise-Wide White Pages/Yellow Pages Lookup Service with NDS eDirectory Troubleshooting TCP/IP Communication Issues in the NetWare 5 Environment NetWare Security: Closing the Doors to Hackers
May 00 464-000060-005 Standardizing Network Server Configurations with Server Policies in ZENworks for Servers NDS eDirectory Design, Implementation, and Maintenance Guidelines Enabling Roaming Lotus Notes Users with ZENworks for Desktops Configuring BorderManager Authentication Services for Use with ActivCard Tokens
www.novell.com/appnotes 130 Novell Research Publications
Date Part Number Titles
Apr 00 464-000060-004 An Introduction to NDS Corporate Edition Understanding and Configuring SLP Directory Agents (DAs) and Scopes Troubleshooting and Diagnosing NetWare 5.1 Server Problems Through the Net- Ware Portal Utility Implementing Software Metering with ZENworks
Mar 00 464-000060-003 Providing Web Services on the Internet: Why I Chose NetWare 5 Over Windows NT and Linux An Introduction to ZENworks for Servers Novell Internet Messaging Service (NIMS) Configuration Tips What’s New in ManageWise 2.7 Protecting NDS from Malicious Internal Attacks with NetVision’s DirectoryAlert
Feb 00 464-000060-002 Novell’s Support for Windows NT, Windows 2000, and Active Directory Understanding Novell’s Single Sign-On How to Set Up and Use Remote Control with ZENworks 1.1 and 2.0 A Strategy for Migrating to Novell Distributed Print Services in a Pure IP Environ- ment
Jan 00 464-000060-001 What’s New in NetWare 5.1: The Complete Solution for Web-Based Networking Rolling Out NetWare 5.1 with the NetWare Deployment Manager Upgrading Novell Client Software Across the Network Using ACU.EXE An Overview of NetWare 5.1’s Management Portal Utility Taking Advantage of NetWare’s Public Key Infrastructure with Novell Certificate Server 2.0 An Introduction to WebSphere: The Next-Generation Web Application Server
Dec 99 464-000057-012 The Novell Controls for ActiveX and Visual Basic: Writing NDS Field Values Features of the Novell Kernel Services Programming Environment for NLMs: Part Four WebSphere Components Introduction to NetWare 5 Memory Enhancements Novell, Java, and Voyager Novell to Ship NetWare 5.1 Beta Novell Year 2000 Testing
Nov 99 464-000057-011 Configuring Your Client Application for LDAP Secure Binds ASN.1, OIDs, and NDS—The Common Fit Features of the Novell Kernel Services Programming Environment for NLMs: Part Three Novell SSL for Java SecretStore Single Sign-on Programming on NetWare Made Easy with Perl Scripting Developer Tools: Contest Winners Use NDS and NetWare to Create Prize- Winning Apps
Oct 99 464-000057-010 The Novell Controls for ActiveX and Visual Basic: Searching NDS Field Values Using JNDI and Novell’s NJCL to Access NDS Using the NetWare Deployment Kit to Upgrade to NetWare 5 Features of the Novell Kernel Services Programming Environment for NLMs: Part Tw o Features of the Novell Kernel Services Programming Environment for NLMs: Part Tw o Overview of New Features in BorderManager Enterprise Edition 3.5 Novell Developer Workshop Tour ‘99
August 2003 131 Novell Research Publications
Date Part Number Titles
Sep 99 464-000057-009 The Novell Controls for ActiveX and Visual Basic: Reading Field Values NDS Glossary The Future of Application Development on NetWare with NLMs SCHMAP: NDS Schema Extension and LDAP-to-NDS Mapping Utility Features of the Novell Kernel Services Programming Environment for NLMs: Part One SCHMIG: Schema Migration Utility Developer Tools: Credentia ViaNet/NDS
Aug 99 464-000057-008 White Pages Application NDS Programming Tutorial: Directory Concepts White Pages Application NDS Programming Tutorial: The Demo Application Building Web Database Applications Using Novell Script for NetWare The Business Case for Directory-Enabling Your Application with NDS Benefits of NDS
July 99 464-000057-007 Designing NDS Schema Extensions The Novell Controls for ActiveX and Visual Basic: Logging In Extending the NDS Schema with DSAPIs NDS 8 Update Novell Delivers High-Availability Solution for NetWare 5
June 99 464-000057-006 Programming with the Novell Controls for Active X and Visual Basic: Getting Started Configuring JavaBeans for Novell Services Schema Enhancements for NDS 8 Runtime Programming in Java; A Technology Primer Using BulletProof’s JDesignerPro 3.0 to Build Java Applications on NetWare 5
May 99 464-000057-005 Introduction to NDS for Developers Applications for NetWare 5, Part 4 Overview of NDS for NT 2.0 BorderManager Authentication Services 3 EPC C/C++ Enterprise Edition for Novell NetWare Novell SuperLab NDS for Solaris: An Overview Active Server Pages (ASP) on NetWare
Apr 99 464-000057-004 Understanding and Using Novell’s Universal Component System The Novell Developer Kit NDS for NT Q & A Applications for NetWare 5, Part 3 Using Novell’s Year 2000 Information Ferret to Determine Your Y2K Status Developer News Minimum Patch List
Mar 99 464-000057-003 Introduction to NDS v8 DeveloperNet University’s NDS 102 Using C and LDAP Stick a Fork in it: 1998 Novell Developer Workshop Tour Series Well Done Applications for NetWare 5, Part 2 The Winners’ Circle Novell Java Q & A
Feb 99 464-000057-002 The Winners’ Circle NDS102: Authenticating to NDS Using C (NDAP) APIs Why Develop to NetWare 5? Part 2 Whats New in NetWare 4.2? NetWare 5 Tested and Approved Applications
www.novell.com/appnotes 132 Novell Research Publications
Date Part Number Titles
Jan 99 464-000057-001 Developing NLMs with Metrowerks CodeWarrior NetWare 5 Overview, Part 2 Writing Java Applications on NetWare Using Legacy NLMs Why Develop to NetWare 5? Cisco and Novell to Provide NDS with Interoperability with Cisco Routers and Switches
Dec 98 464-000055-012 CodeWarrior’s Architectural Advantage DeveloperNet University’s NDS101 Using C and LDAP Novell’s Controlled Cryptographic Services Developing Target Service Agents Using CCSCL AnyInfo Example 7: Using JDBC to Access an Oracle8 Database
Nov 98 464-000055-011 Configuring LDAP Services for NDS DeveloperNet University’s NDS101 Using C Using Java Naming and Directory Interface (JNDI) to Develop NDS-Enabled Applica- tions
Oct 98 464-000054-010 Enhancements to Novell Directory Services in NetWare 5 Using Z.E.N.works to Distribute and Manage Applications on a Network A Z.E.N.works-Friendly Location Independence Strategy for NetWare Networks Assessing the Business and Technical Aspects of Public Key Infrastructure Deploy- ment ManageWise 2.6: New Features and Enhancements
Sep 98 464-000054-009 What’s New in the NetWare 5 Operating System? Installing NetWare 5: Tips and Tricks Migrating to Pure IP with NetWare 5 Compatibility Mode Installation and Configuration Printing in NetWare 5 with NDPS 2.0 New Security Features in NetWare 5
Aug 98 464-000054-008 Quoi de Neuf: What’s New in NetWare 5? Troubleshooting Synchronization with NDS Manager Implementing NDS-Enabled Solutions at Clemson University, Part 2 GroupWise 5.2 Performance Tuning and Capacity Planning Collecting and Interpreting NetWare 3.x and 4.x Server Statistics with STAT.NLM Break the Web Server Speed Limit with a Web Server Accelerator Using BorderManager to Improve the Quality of Service for International Access to WWW.NOVELL.COM
Jul 98 464-000054-007 Implementing NDS-Enabled Solutions at Clemson University Using NDS Manager’s Graphical Schema Manager Tool in NetWare 4.11 ManageWise 2.5 Configuration and Usage Tips Charlotte: An Automated Tool for Measuring Internet Response Time
Jun 98 464-000054-006 An Introduction to NetWare for Small Business 4.11 Using NDS Manager for Partition and Replica Administration Using Z.E.N.works to Manage Users’ Desktops Novell GroupWise Performance Management on Compaq Servers
May 98 464-000054-005 Novonyx Product Overview: Netscape Enterprise, FastTrack, and Messaging Servers for NetWare An Introduction to Z.E.N.works: Zero Effort Networking for Users Using DSREPAIR to Maintain the Novell Directory Services Database SQL Integrator: A Data Request Broker for Heterogeneous Data Access
August 2003 133 Novell Research Publications
Date Part Number Titles
Apr 98 464-000054-004 An Introduction to Novell Distributed Print Services (NDPS) Easing TCP/IP Network Management with Novell’s DNS/DHCP Services Using the Graphical SYSCON Utility in NetWare 3.2 Using the Novell Internet Access Server (NIAS) and a Modem to Connect Your Net- Ware Server to an ISP
Mar 98 464-000054-003 Managing Mixed intraNetWare and Windows NT Networks with NDS for NT Maintaining IPX Compatibility During a Migration to TCP/IP on a NetWare Network Using the Novell Upgrade Wizard Network Address Translator (NAT) Theory and Troubleshooting Supporting PCI Hot Plug Technology in the Novell Architecture DeveloperNet: The Source of Opportunity for Application Developers
Feb 98 464-000054-002 What’s New in NetWare 3.2 Accessing the Novell Support Connection Web Forums on the Internet Using the SAPMON Utility to Monitor SAP Traffic and Troubleshoot Network Prob- lems Novell SuperLab Hosts the SuperLab Challenge Networking Case Study: The Novell Connecting Points Network at COMDEX/Fall ‘97 BorderManager FastCache: Single Proxy Server Supports 67,000-Seat Network for Utah Schools
Jan 98 464-000054-001 The New Face of Networking Consumer Gas Company, Ltd. Migration to IntranetWare from NetWare 3.12: A Case Study A Practical Guide to Using Novell Application Launcher (NAL) 2.01 Improving Novell BorderManager Scalability with Intelligent Server Adapters Improving Sun Web Server Performance and Scalability with BorderManager Web Server Acceleration
Nov/ 464-000052-011 Achieving Class C2 Security in a Network EnvironmentNetwork Security for the 21st Dec 97 Century: Concepts and Issues Devising an Information Security Policy: Environment, Risk, and Assurance Overview of the NetWare Enhanced Security Architecture and Configuration Implementing Class C2 Security with NetWare 4.11 Protecting Your Network Against Known Security Threats Security Issues for International Commerce
Oct 97 464-000052-010 A Quick Guide to Web Server Acceleration Maintaining a Healthy NDS Tree: Part 2 Troubleshooting Server Problems Using the ABEND.LOG File and Memory Images (Core Dumps) Electronic Commerce: The Quest for a Global, Secure Infrastructure
Sep 97 464-000052-009 Three Ways to Deliver Cached Performance to Your Intranet and Internet Users Novell Storage Services (NSS): Pushing IntranetWare to New Heights Setting Up a “Change Password Administrator” in NetWare 4 Accessing the Internet with Eicon’s SCOM for IntranetWare Kit
Aug 97 464-000052-008 Web Server Acceleration with Novell’s BorderManager: A Case Study of WWW.NOV- ELL.COM Learning and Applying the Rules of NDS Security Maintaining a Healthy NDS Tree: Part 1 Using Novell Application Launcher 2.0 and snAppShot for Application DeliveryJul 97 Novell’s Project 2000: Meeting the Challenge of Century Compliance Installing the “First” NetWare/IP Server An Overview of Novell’s GroupWise Document Management Strategy Novell’s Class C2 Level Security Evaluation “For a Network”
www.novell.com/appnotes 134 Novell Research Publications
Date Part Number Titles
Jun 97 464-000052-006 Controlling Access to Open Systems with IntranetWare BorderManager An Introduction to Novell Replication Services Implementing Novell’s NT Workstation Manager Migrating to GroupWise from Message Handling Services From Paper to Electrons: Initiating Safer Electronic Commerce
May 97 464-000052-005 Overview of Novell’s IntranetWare Client for Windows NT Installing the IntranetWare Client for Windows NT Configuring the IntranetWare Client for Windows NT Accessing IntranetWare Resources Using the NWGINA Logon Interface and the Net- Ware Provider Setting Up Network Printing with IntranetWare Client for Windows NT Workstation
Apr 97 464-000052-004 Overview of Novell / Windows NT Integration Products Installing the NWAdmin Plug-Ins for Windows NT Workstations and Servers Integrating Windows NT Users and Groups into IntranetWare Using Novell Adminis- trator for Windows NT Managing NT and NDS Account Information Using the Novell Workstation Manager Using the Novell Application Launcher with Windows NT Migrating to IntranetWare from LAN Server, LAN Manager, or NT Server
Mar 97 464-000052-003 Optimizing IntranetWare 1 and 2 Server Memory IntranetWare Server Automated Abend Recovery NetWare Over TCP/IP: Integrating NetWare Services into the TCP/IP Environment GroupWise 5 Architecture Overview
Feb 97 464-000052-002 Effectively Networking Windows NT with Novell’s IntranetWare Using the Directory Services Trace (DSTRACE) Screen Disconnecting NetWare Clients that Have Automatic Reconnection Enabled The Role of the Physical Network in Network Installation and Optimization
Jan 97 464-000052-001 Design Rules for NDS Replica Placement ManageWise 2.1 Configuration and Optimization Tips Branch Office Deployment, Part 2: An Imaginary Branch Installation Project Managing the Physical Network: A Beginner’s Guide
Dec 96 164-000050-012 Architecting a Full-Service Intranet with Novell’s IntranetWare Connecting to the Internet from a Novell NetworkNovell AppNotes (cont.) How to Select WAN Hardware for Your Novell Product Capacity Planning for the IntranetWare IPX/IP Gateway
Nov 96 164-000050-011 Overview of NetWare Client 32 for Windows 95 Installing NetWare Client 32 for Windows 95 Upgrading Windows 95 Workstations with Automatic Client Update (ACU) Configuring NetWare Client 32 for Windows 95 Accessing Network Resources with the GUI Login Utility and the NetWare Provider Using the Novell Application Launcher (NAL) with Client 32 for Windows 95 Setting Up Network Printing with Client 32 for Windows 95 Troubleshooting and Optimizing NetWare Client 32 for Windows 95
Oct 96 164-000050-010 What’s New in NetWare 4.11 Migrating to NetWare 4.11 Using the Across-the-Wire Method Backing Up and Restoring Novell Directory Services in NetWare 4.11 Server Maintenance: Maintaining NDS Information for a NetWare 4.11 Server During a Brief Shutdown
Sep 96 164-000050-009 Exploring the NetWare Web Server, Part 3: A Complete Innerweb Solution An Introduction to Novell’s IntranetWare IPX/IP Gateway Branch Office Deployment, Part 1: A Product Development Approach
August 2003 135 Novell Research Publications
Date Part Number Titles
Aug 96 164-000050-008 NetWare/IP 2.2 Implementation and Troubleshooting Guidelines Network Security: Determining Your Risk Index Choosing a LAN-based Imaging System for the Small Office Environment Lessons Learned While Upgrading to NetWare 4.1
Jul 96 164-000050-007 Extending ManageWise for the Challenges of the Enterprise Licensing and Serialization in NetWare 4.1 A Study of Novell Directory Services Performance and Benefits Shaping the Infrastructure for Information Security in the 21st Century
Jun 96 164-000050-006 NetWare on One CPU Outperforms Windows NT Server on Four CPUs Managing Novell Directory Services Traffic Across a WAN: Part 1 NetWare Connect Services: Your Pathway to the Global Business Village Business Process Re-engineering: A Turning Point in Novell’s Imaging Studies
May 96 164-000050-005 NetWare Client 32 for DOS/Windows: Overview of Architecture and Features Installing NetWare Client 32 for DOS/Windows Upgrading Network Client Software with Automatic Client Update (ACU) Using the Client 32 GUI Login Utility and the NetWare Application Manager (NAM) Using Novell’s NetWare User Tools (NWUSER.EXE) for Client 32 Workstations Setting NET.CFG Parameters with the NWSETUP Utility and Accessing Online Help
Apr 96 164-000050-004 Ten Proven Techniques to Increase NDS Performance and Reliability Universal Guidelines for NDS Tree Design Overview of NetWare Link/ATM Technology GroupWise Remote for the Road Warrior Auditing NDS Objects with AuditWare for NDS NDS Expert: Using NDS Checksumming to Eliminate Packet Corruption Problems
Mar 96 164-000050-003 Roaming a NetWare Network with NetWare Mobile IPX Interconnecting NetWare Networks with ISDN Exploring the NetWare Web Server: Part 2 New Bottlenecks in LAN-based Imaging Systems Large NetWare Networks: Results of Compaq’s 1000-User Server Benchmark Tests Understanding SCANTREE.EXE’s Statistics Net2000: Enhancing the NetWare Platform
Feb 96 164-000050-002 Exploring the NetWare Web Server Inside the NetWare Server’s Packet Burst Statistics Screen Installing and Configuring GroupWise Remote Using DS Standard to Migrate Networks to NetWare 4.1Novell AppNotes (cont.)
Jan 96 164-000050-001 Applying X.500 Naming Conventions to NDS Basic GroupWise Concepts for Support Professionals Using Packet Size Distributions to Uncover Hidden Network Utilization Bottlenecks Performance Analysis: Isolating the Real Bottleneck in a System Net2000: Interface and Implementation
Dec 95 164-000047-012 Global Network Services: Novell’s Strategy for Enabling a Smart Global Network A Look into the Future: Distributed Services and Novell’s Advanced File System An Inside Look at SPX Communications between RPRINTER/NPRINTER and the Net- Ware Print Server LAN-based Imaging Revisited
www.novell.com/appnotes 136 Novell Research Publications
Date Part Number Titles
Nov 95 164-000047-011 NetWare Link Services Protocol: An Advanced Theory of Operations Guidelines for Implementing NetWare/IP Tuning the Server Memory Calculation WorksheetOct 95 Using TRACK and Other Console Utilities in a Mixed NetWare Environment MHS Services’ Role in Novell’s Messaging Strategy Using AppWare to Automate PerfectOffice Applications
Sep 95 164-000047-009 An Introduction to Novell’s NetWare Client32 for Windows 95 Overview and Benefits of Novell Embedded Systems Technology (NEST) Using UnixWare 2 to Set Up a Web Server: A Case Study Comparing Novell’s IPX-to-IP Connectivity Solutions: IP Tunneling, NetWare/IP, and IP Relay
Aug 95 164-000047-008 Backing Up and Restoring NetWare Directory Services in NetWare 4 SBACKUP Configuration and Usage Notes Troubleshooting Tips for NetWare Directory Services
Jul 95 164-000047-007 Installing and Configuring UnixWare 2.0 Understanding the NetWare UNIX Client (NUC) NLM 2.0 Configuring Asynchronous Connections with the NetWare MultiProtocol Router 3.0 Software
Jun 95 164-000047-006 Centralized Multiserver Backup over 100VG-AnyLAN Networks Using Novell’s NetWare User Tools (NWUSER.EXE) for MS Windows Clients Anatomy of a Voice Processing NLM ABEND Recovery Techniques for NetWare 3 and 4
May 95 164-000047-005 The Benefits of Using Intelligent LAN Adapters in NetWare Servers Using the NTSWD Utility to Diagnose MS Windows Workstation Problems Upgrading to NetWare 4.1 Across a LAN/WAN Using RCONSOLE Using NDS User Object Properties in NetWare 4.1 Login Scripts
Apr 95 164-000047-004 Integrating the NetWare DOS Requester (VLMs) with Windows for Workgroups Importing User Information into NetWare Directory Services Using UIMPORT Unified Messaging: Paving the Road to Pervasive Computing Using NetWare/IP Over Satellite Networks Understanding NetWare HostPrint 1.1x The NetWare 4 Memory Architecture / Understanding Memory Fragmentation in NetWare Servers Using MONITOR to Track NetWare 4 Memory Allocation
Mar 95 164-000047-003 Using the DSMERGE Utility in NetWare 4.1 Support Issues for the NetWare DOS Requester (VLM) 1.2 Black Screen of Death Explained NetWare Workstation Security Architecture What’s New in UnixWare 2 NetWare for SAA 2.0: An Overview of Novell’s Next Generation SNA Connectivity Product Tuning Cache with the NetWare 4 LRU Sitting Time Statistic
Feb 95 164-000047-002 Inside Novell’s High Capacity Storage System (HCSS) Resolving Critical Server Issues Computer Telephone Integration: Call Control vs. Voice Processing Wide Area Networking with Frame Relay and NetWare MultiProtocol RouterNovell AppNotes (cont.)
August 2003 137 Novell Research Publications
Date Part Number Titles
Jan 95 164-000047-001 What’s New in NetWare 4.1 NetWare 4.1 CIT Interoperability Testing Overview NetWare 4.1 Interoperability Test Configurations and Troubleshooting Planning an NDS Tree Understanding and Using NDS Objects
Dec 94 164-000036-012 NetWare IPX Routing Enhancements Customizing Your NetWare Link Services Protocol Routing Configuration Managing Basic MHS Printing to Network Printers in Windows 3.1 Configuring UnixWare’s Point-to-Point Protocol (PPP)
Nov 94 164-000036-011 Characteristics of TCP/IP, IPX/SPX, and NCP Protocols Over VSAT NetWare Management System (NMS) Components and Functionality Upgrading to NetWare 4.01: A Case Study of Canadian Tire Corporation, Ltd.
Oct 94 164-000036-010 Migrating from NetWare Name Services to NetWare Directory Services Understanding the Role of Identification and Authentication in NetWare 4 Managing and Using FirstMail Configuring NetWare Connect with TCP/IP Remote Clients Installing and Configuring UnixWare 1.1
Sep 94 164-000036-009 Using Novell’s CDROM.NLM to Run CD-ROM Drives as NetWare Volumes What’s New in NetWare 4.02 Effectively Managing RIP and SAP Traffic with Filtering UnixWare 1.1 as a NetWare Client Troubleshooting Printing in a NetWare for Macintosh Environment
Aug 94 164-000036-008 An Introduction to Novell’s Open Security Architecture Using DOS Batch Files with NetWare 4 to Ease the Transition from NetWare 3 Installing Basic MHS and FirstMail TUXEDO System Release 4.2.2: The Path to Reliable Client/Server Computing Unattended OS/2 CID Installation Using NetWare Navigator
Jul 94 164-000036-007 Configuring NetWare 4 for the Mobile User Key Issues Surrounding Enterprise E-Mail Testing Performance of NetWare SNA Remote Host Connectivity Products Customizing Autodiscovery Using NMS Records Management: Document Storage and Retrieval Challenges in an Enterprise Network Application of Networked Multimedia in Business and Education
Jun 94 164-000036-006 NET.CFG Parameters for the NetWare DOS Requester 1.1 Using Network-Direct Print Devices in NetWare 4 Compression and Suballocation in NetWare 4 Managing the Branch Office: Part 2 Implementing NetWare MultiProtocol Router Products in an IBM Source-Route Bridged Environment
May 94 164-000036-005 The Functions and Operations of the NetWare DOS Requester v1.1 Managing the Branch Office: Part 1 Performance Tuning NetWare Connect 1.0 Optimizing NetWare Wide Area Networks NetWare Link Services Protocol: Link-State Routing in a NetWare Environment
Apr 94 164-000036-004 SPECIAL EDITION: Building and Auditing a Trusted Network Environment with NetWare 4
www.novell.com/appnotes 138 Novell Research Publications
Date Part Number Titles
Mar 94 164-000036-003 An Introduction to AppWare and Visual AppBuilder Management Procedures for Directory Services in NetWare 4.01 Optimizing NetWare as a Database Platform Providing DOS and MS Windows User Access to UNIX/NFS Files Ghardenstone: A Novell Methodology for Network Performance Evaluation A Review of Bridging and Routing Techniques
Feb 94 164-000036-002 Implementing Naming Standards for NetWare Directory Services Implementing and Configuring Novell/AT&T Telephony Services NetWare Distributed Management Services: An Integrated Approach for Managing Network Computing Environments Certification Programs for Networking Professionals
Jan 94 164-000036-001 Novell’s Corporate-Wide Upgrade to NetWare 4 Upgrading to NetWare 4: The Chase Manhattan Bank’s CC and FMI Groups Time in the NetWare Environment Computer-Telephone Integration with Novell’s Telephony Services An Overview of Multimedia Technologies
Dec 93 164-000032-012 Installing NetWare 3.12 from CD-ROM Wide Area Networking with VSAT: A Customer Installation Workstation Memory Management: Using QEMM386 7.01, 386 To THe Max 7.0, and MS-DOS 6 IBM AS/400 Connectivity Using NetWare for SAA 1.3 in an Ethernet Environment
Nov 93 164-000032-011 Time Synchronization in NetWare 4.x Designing NetWare 4.x Security Packet Burst Update: BNETX vs. VLM Implementations Multi-Segment LAN Imaging: Departmental Configuration Guidelines
Oct 93 164-000032-010 NetWare 4.x Performance Tuning and Optimization: Part 3 What’s New in NetWare 4.01 NetWare 3.12 Enhancements Using NetWare HostPrint for AS/400 Host Printing Managing Memory in a DOS Workstation: Using Novell DOS 7
Sep 93 164-000032-009 Optimizing Printing with NetWare 4.x and 3.1x Understanding and Using NDS Alias Objects NetWare Migration Utilities Part 2: The Across-the-Wire Migration Utility An Introduction to Network Workflow Migrating Ethernet Frame Types from 802.3 Raw to IEEE 802.2 Multilingual PC Setup with DR DOS
Aug 93 164-000032-008 NetWare for Macintosh 3.xx Print Services: A Configuration Tutorial Exploring Hard Disk Compression NACS 3.0 and NetWare Access Server 1.3 Integration
Jul 93 164-000032-007 Using NETADMIN to Create and Administer NDS Objects A Test Workload Analysis of LANQuest Lab’s Application Benchmark (LAB) Test Suite Multi-Segment LAN Imaging Implementations: Four Segment Ethernet A NetWare Interface for Visual Basic Understanding Relational Theory
August 2003 139 Novell Research Publications
Date Part Number Titles
Jun 93 164-000032-006 NetWare 4.0 Performance Tuning and Optimization: Part 2 NetWare 4.0 Bindery Emulation: An Overview Bindery Emulation and NetWare for Macintosh NetWare Migration Utilities Part 1: The In-Place Upgrade NLM Administering DOS Paradox and Paradox for Windows on NetWare Virtual Server Technology and DataClub File Sharing
May 93 164-000032-005 NetWare 4.0 Performance Tuning and Optimization: Part 1 Tips and Techniques for Troubleshooting Drive Deactivation in NetWare 3.1x Imaging Test Results: Retrieval Rates on Single- and Multiple-Segment LANs An Introduction to Videomedia and NetWare
Apr 93 164-000032-004 NetWare 4.0 Special Edition Overview of NetWare 4.0 New Features An Introduciton to NetWare Directory Services Planning a NetWare 4.0 Directory Tree Understanding NetWare Directory Services Rights Planning for NetWare 4.0 Installation, Server Migration, and Coexistence Using the DOS Requester with NetWare 4.0 Migrating to NetWare 4.0: An Example
Mar 93 164-000032-003 An Introduction to Developing Cross-Platform Client/Server GUI Applications Installing and Configuring NetWare TCP/IP on a NetWare 3.11 Server NetView LAN Management: RUNCMDs Made Easy NetWare and Windows for Workgroups Integration Using Production Workload Characteristics to Validate Performance Evaluation Studies
Feb 93 164-000032-002 Mapping Between UNIX Permissions and NetWare Rights in NetWare NFS ODINSUP Interoperability Configurations for DOS Workstations Imaging Configuration Performance Test Results
Jan 93 164-000032-001 The State of the Infrastructure for Distributed Computing IBM AS/400 Connectivity Using NetWare for SAA v1.3 Imaging Configurations and Process Testing
www.novell.com/appnotes 140 Order Form
Use this form to order subscriptions to Novell AppNotes (now including Novell Developer Notes), and back issues of AppNotes and Developer Notes (subject to availability). Please type or print.
Name Title Company Address City State Postal Code Country E-mail Address Phone Fax
APPNOTES SUBSCRIPTION Qty Description Unit Price Total Price One-year subscription to Novell AppNotes (now includes Developer Notes) US$99.00* BACK ISSUES OF THE PAST 12 MONTHS Qty Part Number (required) Month/Year or Report Title Unit Price** Total Price
All prices are subject to change without notice. TOTAL
Payment All orders must be prepaid.
*Shipping and taxes are included in subscription price. Check or money order enclosed. **Back Issue Prices Bill credit card number: Expiration date ______
1 copy US$15.00 each plus shipping & handling
*Back issues of only the past 12 months are available. VISA MasterCard American Express Cardholder signature ______Cardholder name (printed) ______
Mail or fax this completed form to: or call:
Novell AppNotes Order Desk Fax Number: (800) 395-7135 (U.S. & Canada) PO Box 14530 (510) 657-1473 (925) 463-7391 (other locations) Fremont, CA 94539 Please have your order and credit card information ready.
Novell, Inc. • 1800 South Novell Place • Provo, Utah 84606-6194 • 801-861-6000 Pcode=APNOR Novell AppNotes Feedback Form August 2003
To help us give you the kind of information you need to better design, configure, install, and maintain your network, please take a moment to answer a few questions about the Novell AppNotes. Fax the completed form to 801-861-4123. Thanks—we value your feedback.
1. How useful is each article in this issue?
Somewhat Article Title Indispensable Very useful useful Not at all useful What’s New in NetWare 6.5? Novell Server Consolidation Utility, Migration Wizard, or Volume Split/Move: Which Should I Use? Virtual IP Addresses in the NetWare 6.5 TCP/IP Stack Apache Manager: A Directory-Based Approach to Managing Apache Web Servers Overview of Novell Web and Application Services in NetWare 6.5 New Developer Features in Novell eDirectory 8.7.1 Net Management (Beyond the Basics, Network Novice, Small Business Solutions, Directory Primer, Tips & Tricks) Net Support (Network Troubleshooter, TIDbits, Dear Ab-end) Code Break (Developer Scene, Developer Q&A, DeveloperNet News) Viewpoints (Ramblings, Lightweight Access)
2. I would like to see more articles on:
Network design and optimization Network management Other______Novell product implementation NetWare theory and internals Third-party product integration NetWare programming
3. The type of article that is most useful to me is: Theory/conceptual Tutorial Troubleshooting/support Technical case study
4. My affiliation with Novell is: CNE/ECNE/MCNE Programmer Systems Integrator MIS CNI Reseller Systems Engineer Network Supervisor CNA Consultant Technical Support Other ______
5. I use the following Novell-related products: NetWare 6 ZENworks for Desktops Novell eDirectory ManageWise NetWare 5 ZENworks for Servers DirXML Novell Portal Services NetWare 4 GroupWise NetWare for SAA iChain NetWare 3 or 2 BorderManager NetWare NFS Developer Tools Other______
6. General comments about the Novell AppNotes: ______Novell, Inc.
464-000064-008 N o v e l AppNotes Order Desk PO Box 14530 Fremont, CA 94539 A p USA ® p
N o t e s Novell AppNotes Tel 925 463 7391 Tel 800 395 7135 •
A u g s t 2 0 3 Novell Research www.novell.com Call 1-800-395-7135 for subscriptions AUGUST 2003
Novell’s Technical Journal for Implementing, Managing, and Programming to one Net
Spotlight on NetWare 6.5 APPNOTES 4 What’s New in NetWare 6.5? 24 Novell Server Consolidation Utility, Migration Wizard, or MEDIA MAIL Volume Split/Move: Which U.S. Postage Should I Use? PAID Fremont, CA 33 Virtual IP Addresses in the Permit# 774 NetWare 6.5 TCP/IP Stack Novell Appnotes Returns c/o Zomax, Inc. 46 Apache Manager: A Directory-Based Approach to
1640 Berryessa Rd, Suite A S p Managing Apache Web
San Jose, CA 95133 o t
USA l Servers i g h t
DEVELOPER NOTES o
CHANGE SERVICE REQUESTED n 57 Overview of Novell Web and N
e Application Services in t W NetWare 6.5 a r
e 70 New Developer Features in
6 Novell eDirectory 8.7.1 . 5 SECTIONS
83 Net Management 99 Net Support 107 Code Break 124 Viewpoints