Novell NetWare CS February, 1999

NetWare 3.1x NetWare Architecture Directory and File Structure Security –Account Restrictions –Trustee Assignments –Inheritance –File/Directory Attributes

NetWare 3.1x Bindery Services Print Services Protocols –IPX, SPX –NCP –SAP Utilities

Architecture Core OS + Modules of functionality –four types of modules.LAN- Network Interface drivers.DSK- Hard disk controller drivers.NAM- Name space drivers.NLM- Enhancement Utilites

NLMs LAN –NE2000.LAN –3C5x9.LAN DSK –IDE.DSK –AHA1520.DSK NAM –MAC, OS/2, DOS(loaded by default)

NLMs NLM –TTS - Transaction Tracking System –CDROM - allows for mounting of a CD –3rd Party - ArcServe,FaxServe, BackupExec

NetWare Architecture

NetWare Client

Client32

Directory Structure

Search MAP Search Maps will add themselves to the PATH variable. It will either OVERWRITE the spot in the PATH (MAP S1:=) Insert and push right existing (MAP INS S1:=) Map S16:= will assign next avail search map, til 16, then overwrites

MAP Command ROOT - creates a fake root of the file system (great for applications and security) –MAP ROOT H:=SYS:\USERS\%LOGIN_NAME –H:=sys:\users\BillS C - changes a Network map to a Search map (or vice versa) –MAP C Z: –Z: is now no longer a search map but is a regular map NEXT - assigns the next available drive letter

MAP Command If only one FS don’t need FS in command, if multiples, it’s a good idea –MAP drive:=FS\VOL:directory\directory –slash direction before the : is not important –after the colon goes by DOS conventions

Access All access to the network (3 or 4) is based on the User Account Without a valid account created by an admin there is virtually no access

File System Security Basis is User Account Trustee assignments determine Who can do Rights determine What user can do

File System Security Default Assignments –User “Home” if created with NW utils Most rights [RWCEMF] –Public [RF] –Mail [C] (this is where user login scripts are stored in 3.x)

Rights W (Write) o R (Read) M (Modify) F (File Scan) A (Access Control) C (Create) E (Erase) S (Superviory) Changes contents used to make a word Open and Execute Changes the Attribs See the F or D in a list Sets Trustees, IRF Makes a new F or D Deletes the F or D All of the Above

FS Security Gain Rights by –Trustee Assignment –Membership in a Group –Inheritance (rights flowing down) Lose Rights by –New Trustee Assignment –Inheritance Rights Mask(3) or Filter(4)

Planning Trustees

Plan Rights Plan with least access at the root to more access in the branches (user level)

Attributes

Bindery Services

SAP Protocol for Bindery Updates

Login Scripts Used to set the environment for Users 3.x –System Login Script –User Login Script –Default (part of Login.EXE)

Script Processing

NetWare Printing Services Currently everything is based on Queues Printing Services must be ADDED (they are not part of the core OS) PServer provides printing services to the network NPrinter broadcasts the availability of a printer at Server - Rprinter at a WS.

Queue Location

Capture Commands

Utilities 3.x –User Account - SYSCON Menu driven DOS utility There is a new GUI version with 3.2 To make multiple user accounts use MAKEUSER –File System - FILER Menu driven DOS utility –Print Services PCONSOLE

NetWare 3 vs. 4 File System is pretty much the same Database is the significant difference –3 used Server Centric Bindery –4 uses Global Distributed Database - NDS Memory Management is improved in 4 Printing setup was simplified

User Account Basis of all network access You can not access the network beyond looking without a valid account Consists of UserName and Last Name All access rights are part of the User object (NDS and File System)

Login Process

NetWare File Services Part of the core OS There are default directories created –Login,Mail,Etc,Public,System,Deleted.Sav System created - Queues, Doc, DocView FS Security is part of the FS and is separate from Directory Security, Login Security

Everything has 2 Names

Drive Pointers - Same

Access All access to the network (3 or 4) is based on the User Account Without a valid account created by an admin there is virtually no access(exception is [public] trustee in 4.x)

Database Information 3.x - All Resources associated with a server are stored in the Bindery –3 Files make up the Bindery NET$OBJ - List of objects NET$PROP - List of properties assoc. to objects NET$VAL - The values of the properties 4.x - All Resources associated with the Network - stored in Novell Directory Service

Databases Bindery is Server centric (associated with a single server) NDS is Enterprise based -includes all resources (not just network) of the corporation and is a global, distributed database. (more later)

Utilities 4.x –User Account NetWare Administrator (NWAdmin) GUI –File System NWAdmin FILER –Printing NWAdmin PCONSOLE

User Account User Account Restrictions –Password Required (?) min length expiry unique –Login MAC address time protocol (4.x)

File System Security Basis is User Account Trustee assignments determine Who can do Rights determine What user can do

Novell Directory Services NDS –Composed of Objects, Properties and Values –Extends the X.500 Specification for Directory Services –Is extensible (can add objects and properties) –Is integrated with apps, DB apps so it can be used for complete Enterprise resource management

Object Rights B (Browse) C (Create) D (Delete) R (Rename) S (Supervisory) Lets you see the object Make a new object Remove an object Assign a new name All of the above PLUS S “All Property” rights

Property Rights S (Supervisory) C (Compare) R (Read) A (Add Self) W (Write) l All the rights below Logical comparison of values Read the prop. values Add self to ACL Make changes used to make a word

Selected Property Rights Using Selected overrides the All Properties assignment for the Selected Property only Beware the Object Trustee (ACL) Property with the W or A rights.

NDS Security Use the defaults where ever possible –98% of time these are adequate Two cases to add rights –Profile Login Script give R Property Right to Login Script property –Directory Map Object give R Property Right to Path property Making Administrators

NetWare Printing Services Currently everything is based on Queues –NetWare 5 introduces NDPS Printing Services must be ADDED (they are not part of the core OS) PServer provides printing services to the network NPrinter broadcasts the availability of a printer

Capture Commands

Login Scripts Used to set the environment for Users 3.x –System Login Script –User Login Script –Default (part of Login.EXE) 4.x Login Scripts –Container-- User –Profile-- Default

Directory Fault Tolerance In order to provide fault tolerance for the Directory Database Novell uses Partitioning and Replication –Partitioning - process of breaking the database into pieces –Replication - process of copying the pieces on to servers around the network.

The Directory

Partitioning The partitioning of the database is done along container lines Default partition is [root] and contains the whole tree Partitions are named for the highest most container Database must be partitioned before it can be replicated

Partitions

Partition Root objects

Replicas

Replication Once the database has been partitioned it can be replicated to other servers A server can hold several different partition replicas on it There are four types of Replicas –Master, Read/Write, ReadOnly, Subordinate Reference

Replicas Stored on Many servers

Master Replica Is a complete copy of the partition information Can be used for partition changes Can be used for Object changes –in other words, you can log in from a Master Replica

Read/Write Replica Contains a complete copy of the replica information Can NOT be used for partition changes, but forwards all those requests to the master Can be used for Object changes (can login to a R/W replica) Used to improve Directory performance and Fault Tolerance

Read Only Replica Contains a complete copy of the partition information Can NOT be used for partition or object changes (can’t login to a R/O replica) Is used for Fault Tolerance only

Subordinate Reference Not really a replica It is exists to aid in Tree walking

Replica Table

Planning is the Key

NetWare Fault Tolerance File System –Hot Fix area –Dynamic management of block writes prevents fragmentation Hardware –Mirroring, Duplexing –SFT II - Server Duplexing

Sub-Block Allocation

Time Synchronization If the database is spread around the world Servers are around the world, how do we keep track of “Network Time” Single Reference model Time Provider Group model

Single Reference Default method –easy to setup, doesn’t require planning –Uses a single reference (first server installed) and everything else is secondary (receiver) –Single reference typically uses its own hardware clock but could use an external source –Okay for closely knit network

Single Reference

Time Provider Group Reference Time server –this is the big kahuna –all time is set by this server –uses an external time source (usually) Primary servers, get their time from Reference. –If Reference goes down, they vote on network time

Time Provider Group All servers that are not Reference or Primary are Secondary (time consumers) and do NOT vote for network time.

Time Provider Group