1. Novell NetWare CS363 11 February, 1999

2. NetWare 3.1x NetWare Architecture Directory and File Structure Security –Account Restrictions –Trustee Assignments –Inheritance –File/Directory Attributes

3. NetWare 3.1x Bindery Services Print Services Protocols –IPX, SPX –NCP –SAP Utilities

5. Architecture Core OS + Modules of functionality –four types of modules.LAN- Network Interface drivers.DSK- Hard disk controller drivers.NAM- Name space drivers.NLM- Enhancement Utilites

6. NLMs LAN –NE2000.LAN –3C5x9.LAN DSK –IDE.DSK –AHA1520.DSK NAM –MAC, OS/2, DOS(loaded by default)

7. NLMs NLM –TTS - Transaction Tracking System –CDROM - allows for mounting of a CD –3rd Party - ArcServe,FaxServe, BackupExec

8. NetWare Architecture

9. NetWare Client

12. Client32

13. Directory Structure

18. Search MAP Search Maps will add themselves to the PATH variable. It will either OVERWRITE the spot in the PATH (MAP S1:=) Insert and push right existing (MAP INS S1:=) Map S16:= will assign next avail search map, til 16, then overwrites

19. MAP Command ROOT - creates a fake root of the file system (great for applications and security) –MAP ROOT H:=SYS:\USERS\%LOGIN_NAME –H:=sys:\users\BillS C - changes a Network map to a Search map (or vice versa) –MAP C Z: –Z: is now no longer a search map but is a regular map NEXT - assigns the next available drive letter

20. MAP Command If only one FS don’t need FS in command, if multiples, it’s a good idea –MAP drive:=FS\VOL:directory\directory –slash direction before the : is not important –after the colon goes by DOS conventions

22. Access All access to the network (3 or 4) is based on the User Account Without a valid account created by an admin there is virtually no access

23. File System Security Basis is User Account Trustee assignments determine Who can do Rights determine What user can do

24. File System Security Default Assignments –User “Home” if created with NW utils Most rights [RWCEMF] –Public [RF] –Mail [C] (this is where user login scripts are stored in 3.x)

26. Rights W (Write) o R (Read) M (Modify) F (File Scan) A (Access Control) C (Create) E (Erase) S (Superviory) Changes contents used to make a word Open and Execute Changes the Attribs See the F or D in a list Sets Trustees, IRF Makes a new F or D Deletes the F or D All of the Above

28. FS Security Gain Rights by –Trustee Assignment –Membership in a Group –Inheritance (rights flowing down) Lose Rights by –New Trustee Assignment –Inheritance Rights Mask(3) or Filter(4)

33. Planning Trustees

34. Plan Rights Plan with least access at the root to more access in the branches (user level)

35. Attributes

37. Bindery Services

38. SAP Protocol for Bindery Updates

40. Login Scripts Used to set the environment for Users 3.x –System Login Script –User Login Script –Default (part of Login.EXE)

41. Script Processing

44. NetWare Printing Services Currently everything is based on Queues Printing Services must be ADDED (they are not part of the core OS) PServer provides printing services to the network NPrinter broadcasts the availability of a printer at Server - Rprinter at a WS.

48. Queue Location

50. Capture Commands

51. Utilities 3.x –User Account - SYSCON Menu driven DOS utility There is a new GUI version with 3.2 To make multiple user accounts use MAKEUSER –File System - FILER Menu driven DOS utility –Print Services PCONSOLE

52. NetWare 3 vs. 4 File System is pretty much the same Database is the significant difference –3 used Server Centric Bindery –4 uses Global Distributed Database - NDS Memory Management is improved in 4 Printing setup was simplified

53. User Account Basis of all network access You can not access the network beyond looking without a valid account Consists of UserName and Last Name All access rights are part of the User object (NDS and File System)

54. Login Process

55. NetWare File Services Part of the core OS There are default directories created –Login,Mail,Etc,Public,System,Deleted.Sav System created - Queues, Doc, DocView FS Security is part of the FS and is separate from Directory Security, Login Security

56. Everything has 2 Names

57. Drive Pointers - Same

58. Access All access to the network (3 or 4) is based on the User Account Without a valid account created by an admin there is virtually no access(exception is [public] trustee in 4.x)

59. Database Information 3.x - All Resources associated with a server are stored in the Bindery –3 Files make up the Bindery NET$OBJ - List of objects NET$PROP - List of properties assoc. to objects NET$VAL - The values of the properties 4.x - All Resources associated with the Network - stored in Novell Directory Service

60. Databases Bindery is Server centric (associated with a single server) NDS is Enterprise based -includes all resources (not just network) of the corporation and is a global, distributed database. (more later)

61. Utilities 4.x –User Account NetWare Administrator (NWAdmin) GUI –File System NWAdmin FILER –Printing NWAdmin PCONSOLE

62. User Account User Account Restrictions –Password Required (?) min length expiry unique –Login MAC address time protocol (4.x)

63. File System Security Basis is User Account Trustee assignments determine Who can do Rights determine What user can do

64. Novell Directory Services NDS –Composed of Objects, Properties and Values –Extends the X.500 Specification for Directory Services –Is extensible (can add objects and properties) –Is integrated with Email apps, DB apps so it can be used for complete Enterprise resource management

72. Object Rights B (Browse) C (Create) D (Delete) R (Rename) S (Supervisory) Lets you see the object Make a new object Remove an object Assign a new name All of the above PLUS S “All Property” rights

74. Property Rights S (Supervisory) C (Compare) R (Read) A (Add Self) W (Write) l All the rights below Logical comparison of values Read the prop. values Add self to ACL Make changes used to make a word

75. Selected Property Rights Using Selected overrides the All Properties assignment for the Selected Property only Beware the Object Trustee (ACL) Property with the W or A rights.

78. NDS Security Use the defaults where ever possible –98% of time these are adequate Two cases to add rights –Profile Login Script give R Property Right to Login Script property –Directory Map Object give R Property Right to Path property Making Administrators

80. NetWare Printing Services Currently everything is based on Queues –NetWare 5 introduces NDPS Printing Services must be ADDED (they are not part of the core OS) PServer provides printing services to the network NPrinter broadcasts the availability of a printer

86. Capture Commands

87. Login Scripts Used to set the environment for Users 3.x –System Login Script –User Login Script –Default (part of Login.EXE) 4.x Login Scripts –Container-- User –Profile-- Default

91. Directory Fault Tolerance In order to provide fault tolerance for the Directory Database Novell uses Partitioning and Replication –Partitioning - process of breaking the database into pieces –Replication - process of copying the pieces on to servers around the network.

92. The Directory

93. Partitioning The partitioning of the database is done along container lines Default partition is [root] and contains the whole tree Partitions are named for the highest most container Database must be partitioned before it can be replicated

94. Partitions

95. Partition Root objects

96. Replicas

97. Replication Once the database has been partitioned it can be replicated to other servers A server can hold several different partition replicas on it There are four types of Replicas –Master, Read/Write, ReadOnly, Subordinate Reference

98. Replicas Stored on Many servers

99. Master Replica Is a complete copy of the partition information Can be used for partition changes Can be used for Object changes –in other words, you can log in from a Master Replica

100. Read/Write Replica Contains a complete copy of the replica information Can NOT be used for partition changes, but forwards all those requests to the master Can be used for Object changes (can login to a R/W replica) Used to improve Directory performance and Fault Tolerance

101. Read Only Replica Contains a complete copy of the partition information Can NOT be used for partition or object changes (can’t login to a R/O replica) Is used for Fault Tolerance only

102. Subordinate Reference Not really a replica It is exists to aid in Tree walking

103. Replica Table

104. Planning is the Key

105. NetWare Fault Tolerance File System –Hot Fix area –Dynamic management of block writes prevents fragmentation Hardware –Mirroring, Duplexing –SFT II - Server Duplexing

106. Sub-Block Allocation

108. Time Synchronization If the database is spread around the world Servers are around the world, how do we keep track of “Network Time” Single Reference model Time Provider Group model

109. Single Reference Default method –easy to setup, doesn’t require planning –Uses a single reference (first server installed) and everything else is secondary (receiver) –Single reference typically uses its own hardware clock but could use an external source –Okay for closely knit network

110. Single Reference

111. Time Provider Group Reference Time server –this is the big kahuna –all time is set by this server –uses an external time source (usually) Primary servers, get their time from Reference. –If Reference goes down, they vote on network time

112. Time Provider Group All servers that are not Reference or Primary are Secondary (time consumers) and do NOT vote for network time.

113. Time Provider Group