Netware 6 Concepts for the System Administrator

Glossary

Term	Definition
Automatic Failback	Applications and resources are set back to their preferred node when failed server returns to the cluster.
Cluster Resource Template	An NDS object that allows the administrator to easily create multiple resources that are similar - for example applications that are running on the cluster.
Data Shredding	The ability of NSS to overwrite purged disk blocks with random characters to prevent unauthorized access.
DirXML	Allows eDirectory to update/synchronize to non-NDS directories with changes that were made in the NDS using XML formatted data exchange.
Dynamic Group	Similar to the traditional "static group" but it's members are computed as needed by criteria rather than using a fixed member list. Rights assignment to the dynamic group applies to all of it's members just like a static group.
Epoch Number	This is a counter of the number of times the cluster state has changed.
Failback	The process a cluster goes through when a failed server is returned to service.
Failover	The process a cluster goes through to transfer services and IP addresses to a new server when a server fails.
Filtered Replica	Replica of a partition that only has pre-selected objects and attributes.
Gadget	Java components that access server data sources. WebAccess is comprised of Netware 6 specific gadgets.
iFolder	Technology for easy access and synchronization files as a result of offline/mobile usage.
iManager	Browser based eDirectory administration technology that uses a 3 tiered approach (web browsers, web servers, eDirectory servers). Easy to create role-based administrators using plug-in modules.
iMonitor	Web based interface to monitor the health of the NDS
iPrint	Use and management of printers using IPP. Allows use of web browsers and html.
Load Script	The commands necessary to start a service or mount a volume on the cluster.
Logical Volume	Volumes that are created from the NSS storage pool.
Manual Failback	Allows the administrator to choose which server the resources are moved to when the node failure is resolved.
Manual Failover	Allows the administrator to choose which server the resources are moved to when a node failure occurs.
Native File Access Pack (NFAP)	Technology that allows a Netware server to handle clients who use their native protocols, not using Novell Client software.
NDS iMonitor	Web based interface to server information provided by dstrace, dsbrowse, dsdiag and dsrepair commands.
NetDrive	Internet client that allows the Windows Explorer to map a drive to a Netware server without using the full Novell Client software. It can use the ftp, ifolder and webdav protocols to access the server.
Net Storage	WebAccess gadget that allows users to securely access home directories, mapped drives and iFolders from a web browser.
Novell Storage Services (NSS)	New filesystem to replace the tradition Netware File System
Overbooking	When the sum of the logical volumes exceeds the size of the storage pool. The logical volume borrows unused space from other logical volumes - as long as unused space is available.
Preferred Node	The first server in the nodes list in the Nodes property page of a cluster.
RBS Objects	Role Based Services objects used in eDirectory 8.7 for role based administration of the directory.
Rebuild	Uses the existing leaves of an object tree to rebuild all the other trees in the file system. To use this utility you must deactiveate the storage pool and it's volumes. This utility should only be used as a last resort.
Remote Manager	Web based server administration tool that provides status from multiple servers.
Resource Migration	Moving services to other servers in the cluster before a server fails (planned maintenance, load balancing, etc).
Snapshot	The ability of NSS to keep a copy of all open files incase the file gets corrupted during modification.
Storage Pool	A specified amount of storage space that you obtain from all of the storage devices.
Unload Script	The commands necessary to terminate a service in the cluster.
Verify	Checks the file system integrity of an NSS pool.
WebAccess	Web-based portal that gives users access to commonly used Netware server functions from a web browser, such as printing, files, password changes and phone numbers.

General Information

Express setup will make a 4GB SYS: Volume

Clustering Services

Components:

Consists of from 2 - 32 Netware Servers.
Running Netware Cluster Services
Shared Disk System
Highspeed Disk channel (ie Fibre Channel or High Speed SCSI)

Manage through ConsoleOne Cluster Configuration and Monitoring GUI

Cluster Status

Green - Everything is normal
Red - If a Server is red, that indicates it has failed. If a Resource is Red then that means it has stopped and needs to be "failed over" to another server.
Grey - If a Server is grey, that indicates it is in an unknown state, or that it is not part of the cluster. If a Resource is Grey that means it is not assigned to a server (and is not running).
Yellow - This indicates the Master Server in the cluster.

LDNCS.NCF - Loads the Cluster Service

ULDNCS.NCF - unloads the Cluster Service

Resource States:

Alert - Resource failover or failback is set to manual and it is awaiting action
Comatose - Resource need admnistrative action
Loading - Resource is loading on the target server
NDS_Sync - Properties of the object have changed and NDS is syncing
Offline - Resource is either shutdown, dormant or in-active
Quorum Wait - The resource is waiting for a quorum (the minimum number of nodes that must be running) before it can begin to load
Running - normal running state
Unassigned - This resouce is not assigned to a node in the cluster
Unloading - The resource is in the process of unloading from a server.

DNS/DHCP

DNS

Load NAMED

DNS Server Object - contains the DNS server configuration parameters (zone list, server ip address, domain name, server options, forwarding list)
DNS Zone Object - container that contains all of the data for a zone
DNS Resource Record Set - leaf object located in the zone object that contains items about the zone such as domain name, address class and ttl

DHCP

Load DHCPSRVR

DHCP Server Object - represents the DHCP server and identifies the address ranges it services
Address Range Object - range of addresses to be included or to be excluded from the dynamic allocation
Subnet Pool Object - identifies a pool of subnets for remote Lan address assignement
Subnet Object - a container for IP Address and address range objects
IP Address Object - represents a single IP address

DNS/DHCP Management Utility - web based utility that manages both DNS and DHCP - URL = https:\\xxx.xxx.xxx.xxx:2200\eMFrame\iManager.html

During installationt the schema is extended and the following objects are created:

DNS/DHCP Locator Object - contains global defaults
DNS/DHCP Group Object - this group gets permissions to the DNS and DHCP data
RootSrvrInfo Zone - identifies root servers

If the installation does not complete, use the dnipinst.nlm to manually extend the schema.

DSTRACE

Basic Troubleshooting Procedure:

SET DSTRACE=ON            ;Turns on DSTRACE
SET TTF=ON                       ; Will save dstrace screens to SYS:SYSTEM\DSTRACE.DBG
SET DSTRACE *r                ; Resets DSTRACE.DBG to be overwritten
SET DSTRACE=+sync        ; Enable error messages for the synchronization process
SET DSTRACE=+S            ;
SET DSTRACE *h                ; Starts the heart beat process, skulker synchronization
SET TTF=OFF                    ; Stops the DSTRACE.DBG file

Other parameters:
SET DSTRACE=+PART        ; Enable error messages for the partition operations
SET DSTRACE=+SCHEMA ;Enable error messages for the schema process
SET DSTRACE=+MISC        ;Enable error messages for misc processes
SET DSTRACE=+J                ;Enable error messages for the janitor or cleanup processes

Procedure to force a process:

set dstrace=*r                        ;Reset log file
set dstrace=*u                       ;Force server status as up
set dstrace=*f                        ;Force the janitor process
set dstrace= *h                    ;Force a heartbeat

eDirectory

NDS.DB - This is the control file for the NDS Directory Information Base, and it also contains the rollback log for un-doing transactions.
NDS.01 - All of the records and indexes on an NDS server are stored here. It is limited to 2GB, and will be extended into a series of files - nds.0X (nds.02, nds.03, etc).
NDS*.LOG - used as a roll-forward log to complete interupted transactions
STREAM FILES - hold attribute information of variable length such as login scripts. They consist of hexadecimal characters with a NDS extension

Platform independent
Runs LDAP 3 natively

block cache - caches physical blocks from the database, useful for update operations
entry cache - caches logical entries from the database, useful for operations that browse the tree

Filtered Replicas

Replica of a partition that holds objects and attributes that the administrator has selected. This reduces replication traffic.
Only one replication filter can be created per server - it will apply to ALL filtered replicas stored on that server..
Snap-ins available for NWAdmin and ConsoleOne.
Servers running eDirectory 8.5 and above will filter replication traffice BEFORE sending the update to a server with a filtered replica.
Servers before 8.5 send ALL information, but the filtered replica on the server only updates the attributes and objects that are permitted.

DirXML
Ability of NDS to update non-NDS directories with changes made to the NDS. Changes are formatted in XML using XSL .

Drivers provided in DirXML to interface to dirctory services:

NDS eDirectory
Active Directory
Lotus Notes
Exchange
LDAP
NT Domain
Delimited Text
PeopleSoft
Java Database Connectivity (JDBC)

eDirectory Federation - method for NDS to connect to other trees to share authentication information to avoid duplication of user accounts in both trees.

eDirectory 8.7

Addition of Role Based Services objects to allow role based administration of the directory:

rbsCollection - container that holds all of the RBS objects
rbsModule - created automatically when iManager plug-in package is installed
rbsTask - represents a specific function such as resetting passwords
rbsRole - identifies the tasks associated with this role
rbsScope - identifies the context in the directory tree where the role will be performed.

iFolder

This technology allows travelling users to easily access their files and synchronize network versions of the same file with local versions. Can be used from with client software running on a PC or from a client web browser plugin. iFolder uses LDAP for authentication. Secure access does not need a VPN.

iFolder Server -

iFolder Clients - installing the client creates an iFolder folder on the server and on the client (C:\MyDocuments\iFolder\username\Home

Encyption - uses Blowfish 128 bit symmetric block cipher

Clear text
Encrypted with pass phrase (key may not be recoverable)
Encrypted with pass phrase using an escrowed key (key is recoverable)

Migration Wizard

Phases:

Copy Volumes - Backs up the directory and file trustees and saves them in files. If the SYS: volume is going to be migrated, it will not overwrite the target server, instead they are migrated to SYS:SYS.MIG directory. Open files are not copied, and duplicate file names need to be handled by don't copy, always copy or overwrite only if newer options.
Edit Configuration Files - This phase allows the administrator to modify .NCF and .CFG files. This is done by comparing the file on both the source and destination and allowing the administrator to drag lines to the target server.
Begin NDS Migration - Updates licensing, schema and the source server's NDS identify is transferred to the target server. The autoexec.ncf if modified for server name, server id, timezone, time type and bindery context.
End NDS Migration - licensing is installed and NDS is synchronized.

Netware Distributed Print Services (NDPS)

Controlled Access Printer - a printer that can control who can use it, the printer is an NDS object.
Public Access Printer - a printer that all users can access without being authenticated to the tree, printer does not have a separate NDS object.
Printer Agent - software that takes the place of print queues and printer servers. It connects the client to the printer. It is either an NLM or embedded in the printer.
Gateways to Printer Agents - consists of the PDS and PH. It is software that directly links printer agents to printers
Print Device Subsytem (PDS) - retrieves and stores printer specific information which is then used to create the Printer Agents.
Port Handler (PH) - ensures that the PDS can communicate with the printer over any interface (serial, parallel, network)
NDPS Broker Services - consists of 3 services:

Service Registry Service - allows public access printers to advertise themselves
Event Notification Service - allows printer notifications to be configured
Resource Management Service - allows resources such as fonts and drivers to loaded in a central location and be downloaded to clients as needed.

NDPS Manager - NDS Object that control Printer Agents. Each Printer Agent needs and NDPS Manager, but the NDPS Manager can support multiple Printer Agents.

IPPSRVR.NLM is required to run on every server that is running an NDPS Manager (NDPSM) and has one or printers that are configured for iPrint.

Netware File Access Pack

Access to a Novell server without using a Novell client, but using native protocols instead.
File Access Packs include:

Netware File Access for Macintosh - Apple Filing Protocol (AFP)
Netware File Access for Unix - Network File System (NFS)
Netware File Access for Windows - Server Message Block (SMB)/Common Internet File System (CIFS)

Uses "simple passwords". These passwords are stored in the user object, but not by using a one-way hash. These passwords use Novell Secret Store technology and are retrievable.

Types of Password Choices:
Windows Local Password - stored on the client's hard disk
Windows Domain Controller Password - stored on the windows Domain Controller
Netware Password - Normal novell password stored in eDirectory and requires and Novell Client to use.
Simple Password - Password is also stored in eDirectory, but does not require a Novell Client.

Novell Storage Services (NSS) 3.0

Unlimited number of disk volumes - 255 may be mounted simultaneously
Volume maximum size is 8TB
Fast volume mount
Only 4 - 10 MB of RAM required to mount any volume size
Fast object access through the use of b-tree (balance trees)
Multiple name spaces supported in the same storage space
Supports user and directory quotas
Supports the legacy technology of TTS, mirroring and hot fixing (SFT I and SFT II)
Journaling file system allows faster disk recovery since incomplete transactions are reprocessed rather than examining the entire volume which is what VREPAIR did.

NSS is the default storage and file system for Netware 6.

NSS volumes are called logical volumes.

Instead of vrepair, NSS uses "rebuild" and "verify" for disk maintenance.

Flush files immediately saves data to the file immediately rather than waiting for the next flush cycle.

Snap shot keeps a copy of the most recent version of a closed file prior to opening it. This way if a file gets corrupted while it is open, a recent version of the file exists.

Hot fix also enables mirroring for a partition. By default it reserves 2% of space for redirection blocks.

A storage pool is created from free space on all of the storage devices. Free space on the disk must first be partitioned, each disk partition can only have 1 storage pool. Logical volumes are created from storage pools. An individual logical volume can not be larger than the storage pool, but a storage pool may have multiple logical volumes. It is possible for the sum of the logical volumes to be larger than the storage pool - this is called overbooking. Overbooking borrows unused space from the other logical volumes as long as space is available.

Media Access Layer (MAL) - provides connection to a wide range of devices such as hard drives, CD, DVD, RAM disks and network clusters.

Object Engine - manages and stores objects using b-tree data structures for quick access. Has a 64 bit interface for scalability

Common Layer Interface - interfaces the Semantic Agents to the object engine by providing naming services (object naming and lookup), object services (standard and direct input and output to and from objects) and management services (locking, addition and registration of new objects, etc.).

Semantic Agents - loadable modules that provide client interaces to storage objects, such as for Netware 6 clients, http, NFS, Macintosh, etc.

load dosfat.nss makes dos fat partitions available as volumes.

Volume Copy Utility (VCU) is used to copy metadata and user data fromt traditional and NSS volumes to other NSS volumes

Remote Manager/Netware Management Portal

Web based management utility.
Uses SSL for secure communications.
Remote Manager requires a logon before any information can be viewed
Management Portal allows a limited amount of information to be viewed without a logon.

SAdmin - special account that is not stored in eDirectory but is local to Netware Remote Manager and Netware Management Portal.

Netware Management Portal Options:

Volume Management
Server Management
Application Management
NDS Management
Remote Server Access
Hardware Management
Health Monitor

Netware Remote Manager Options:

Diagnose Server
Manage Server
Manage Applications
Manage Hardware
Manage eDirectory
Use Server Groups
Access Other Servers
NetWare Usage

Access the manager with the following URLs:

nonsecure - http://serverIPaddress:8008
secure - https://serverIPaddress:8009

iMonitor - http://serverIPaddress/nds

Service Location Protocol (SLP) V2

User Agent (UA) - retrieves service information from Servica Agents or Directory Agents
Service Agent (SA) - a process that works on behalf of services to advertise the service
Directory Agent (DA) - a process that collects service advertisements
Scope - services are grouped together into scopes. The scope string is used by UAs to limit the services they can see.

UA issues a multicast requesting a service. The SA will respond with a unicast containing service information.

Larger networks use DAs. The SAs will register their services with the DA. The UA will send a unicast to the DA requesting a service and the DA will respond with a unicast.

DA discovery is performed using multicasts by both UAs and SAs.

WebAccess

A portal interface to Netware 6. It uses gadgets to provide access to resources:

NetStorage - gadget that accesses files in mapped drives, home directories and iFolders.
Printing - gadget that access iPrint printing services
Phonebook - gadget that uses LDAP to access phone information stored in eDirectory
Change Password - gadget that allows users to change their password