Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.

Similar presentations


Presentation on theme: "Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting."— Presentation transcript:

1 Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting

2 © March 9, 2004 Novell Inc. 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

3 © March 9, 2004 Novell Inc. 3 The one Net vision Novell Nterprise is an innovative family of products which give you the power to enable and manage the constant interaction of people with your business systems — regardless of who they are or where they are. Novell Nterprise ™ Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

4 © March 9, 2004 Novell Inc. 4 Agenda DirXML Overview DirXML Starter Pack Prerequisites Installation Configuration Licensing Troubleshooting

5 DirXML Overview

6 © March 9, 2004 Novell Inc. 6 What is DirXML? Data-sharing service Provides bi-directional data flow between eDirectory™ and enterprise applications Administrator determines the data to be shared Matches existing business processes Runs on the following Novell eDirectory supported platforms (NetWare ®, Win2K, NT, Solaris, Linux) Manages the data relationships between the connected applications Requires no changes to existing applications Transforms data into the format required by the target application

7 © March 9, 2004 Novell Inc. 7 HR ERP Operating System Databas e Mai l PBX Directory Islands of isolated data

8 © March 9, 2004 Novell Inc. 8 Sharing data through the directory HR ERP PBX Directory Mai l Operating System Databas e Identity Manager

9 9 DirXML Architecture Novell eDirectory DirXML Engine DirXML Driver Policies Subscriber Channel Publisher Channel Application Novell ® DirXML Server

10 10 Remote Loader Shim DirXML Architecture – Remote Loader Novell eDirectory DirXML Engine DirXML Driver Policies Application Novell DirXML Server Remote Loader Service Subscriber Channel Publisher Channel

11 11 Password Sync Architecture Domain Filter DirXML maintains domain and account name on eDirectory object Filters on DC notify agent of change Novell client notifies agent of change Agent pushes change to remaining security domains Domain Filter NDS Tree AD Forest Domain Password Synchronization Agent Password Communication Novell Clients

12 DirXML Starter Pack

13 © March 9, 2004 Novell Inc. 13 Benefits Leverage the value of working in a mixed OS environment without the complexity of managing a mixed environment Avoid vendor lock-in. The DirXML Starter Pack provides the flexibility to choose the technology that meets your business needs Automate the process of creating, managing and deleting user accounts and passwords across Microsoft Active Directory, Windows NT and Novell eDirectory Increase user productivity and satisfaction Solves key business problems and gives you the foundation to build a complete secure identity management solution

14 © March 9, 2004 Novell Inc. 14 What does it Include? The DirXML Starter Pack comes with NetWare 6.5 The number of licenses you purchase for NetWare 6.5 is the number of licenses to which you are entitled for the DirXML Starter Pack. Includes drivers for eDirectory Windows NT Domains Active Directory Includes Password Synchronization Separate Installation iManager is the Configuration & Administration tool Standard configuration may not require consulting. Custom configurations are possible and require additional training.

15 15 NetWare 6.5 with DirXML Starter Pack NetWare 6.5 with DirXML Starter Pack Users enjoy services from both networks System Administrator maintains accounts in either network Users Account Synchronization NetWare Services Microsoft Windows Services

16 © March 9, 2004 Novell Inc. 16 Additional Drivers The DirXML Starter Pack CD contains additional drivers for Lotus Notes LDAP Exchange 5.5 GroupWise Delimited Text JDBC PeopleSoft SAP HR Workflow Any of these drivers may be installed and configured. They will operate fully for 90 days. You must purchase separate licenses for each driver you want to activate. After the purchase has been accepted by Novell, you can request and install the activation for that driver.

17 © March 9, 2004 Novell Inc. 17 Activation Required! The DirXML activation is a separate task. It is not accomplished by installing the NetWare license. DirXML uses a different activation model than the one used by NetWare. DirXML activation is different, but not difficult.

18 Prerequisites

19 19 Typical Configuration Tree 1 NW 5.1 or Later Tree 2 NW 6.5 Web Server NT Primary Domain Controller NT PDC ADDC Active Directory Domain Controller Active Directory Driver PwdSync Filter Remote Loader NT Domain Driver PwdSync Filter Remote Loader DirXML Engine eDirectory Driver eDirectory DirXML Engine eDirectory Driver eDirectory Novell Client PwdSync Agent DirXML Plug-ins iManager 2.0

20 © March 9, 2004 Novell Inc. 20 Planning the deployment NetWare Considerations Replica Placement Rights Active Directory Considerations Authentication Remote Loader Password Agents Password Filters

21 © March 9, 2004 Novell Inc. 21 NetWare Replica Placement Make sure that certain Novell eDirectory objects are replicated on servers where you want to run the DirXML engine. (You can use filtered replicas, as long as all of the objects and attributes that the driver needs are included in the filtered replica) A DirXML driver can’t synchronize objects unless a replica of those objects is the DirXML server. If you want a driver to synchronize all user objects, for example, the simplest way is to use one instance of the driver on a server that holds a master or read/write replica of all your users. However, many environments don’t have a single server that contains a replica of all the users. Instead, the complete set of users is spread across multiple servers. In this case, you have two choices: (1) Aggregate users onto a single server. You can create a single server that holds all users by adding replicas to an existing server. Filtered replicas can be used to reduce the size of the eDirectory database if desired, as long as the necessary user objects and attributes are part of the filtered replica. (2) Use multiple instances of the driver. For instance. If all your user objects were spread across servers X and Y you could install two drivers. One on server X and one on server Y. There are scope filtering issues to be discussed in this type of scenario.

22 © March 9, 2004 Novell Inc. 22 NetWare Rights The DirXML Driver object must have sufficient eDirectory rights to any objects it is to synchronize with connected systems, either by explicitly granting rights to the Driver object, or by making it security equivalent to an object that has the desired rights. When DirXML authenticates as a Driver object, it uses passwords which contain numeric characters and special characters and which can be up to 35 characters long. If using Universal Password and Password Policies, assign a Password Policy to the DriverSet that does not have Universal Password enabled.

23 © March 9, 2004 Novell Inc. 23 Active Directory Authentication LSA Access Driver must be instantiated on the DC LSA access must not be restricted No authentication ID or password used Domain Authentication (Authentication ID) User used must be a member of domain admins Typicaly use the administrator account Only required when not instantiating driver on a domain DC or in cases where LSA access has been restricted Domain Location (Authentication Context) Directory domain controller. For example: LDAP://mycontroller.mydomain.comLDAP://mycontroller.mydomain.com Not required when running on DC

24 © March 9, 2004 Novell Inc. 24 Remote Loader Seperates the engine from the driver shim Can enable SSL between the engine and the remote loader Highly efficent Multi-Platform environments eDirectory running on NetWare, Solaris, or Linux Saves hardware costs Windows Environments Decreased load on domain controllers Corporate policy may restrict running enterprise applications on the domain controllers Remote loader has a small footprint

25 © March 9, 2004 Novell Inc. 25 Password Agent Number required One per managed eDirectory tree May have two or more for fault tolerance Filters automatically fail over to next agent if default one becomes unavailable What is does Accepts passwords from password filters Routes password changes to all registered domains Password changes are passed securly

26 © March 9, 2004 Novell Inc. 26 Password Filters What they do Intercept password changes before they are encrypted Pass password changes to a password sync agent Where they are installed One required on every domain controler in AD and for NT on the PDC Requires a reboot Multiple agents will require password filters to be installed again Novell client 32 acts as the password filter for eDirectory

27 Installation

28 © March 9, 2004 Novell Inc. 28 Installing the DirXML Engine Demo

29 © March 9, 2004 Novell Inc. 29 Installing the Remote Loader Demo

30 © March 9, 2004 Novell Inc. 30 Installing the iManager Plugins Demo

31 Configuration

32 © March 9, 2004 Novell Inc. 32 Importing the Driver Configuration Demo

33 Licensing

34 © March 9, 2004 Novell Inc. 34 Licensing Purchase licenses and the software media kit for NetWare 6.5. The DirXML Starter Pack disk is included with the NetWare 6.5 media kit. Install and configure the DirXML Starter Pack product The DirXML Starter Pack has a 90 day configuration period for you to configure and run the product without activation. At any point during the configuration period you can request and install the activation credential. If the configuration period expires before the activation credential is installed, the DirXML Starter Pack stops creating and updating objects across systems. If this happens, simply request and install the activation credential. The product will resume creating and updating objects. After the product is running successfully you can activate your configuration by following these steps:

35 © March 9, 2004 Novell Inc. 35 Activating – Step 1 Administrative tools, installed with the product, are used to create the activation request iManager plug-in for DirXML ConsoleOne snap-in for DirXML From within iManager (or ConsoleOne) select a driver set, supply the Customer ID from the notification email. Save the Activation Request File

36 © March 9, 2004 Novell Inc. 36 Activating – Step 2 The activation web site is http://www.novell.com/activatorhttp://www.novell.com/activator If you have a Novell eLogin account, use it to login. Otherwise create an eLogin account. Note: When you create an eLogin account you must specify an associated email address. Novell strongly recommends that you use your company email address, not a personal email address. (example use jdoe@novell.com, NOT jdoe@yahoo.com)jdoe@novell.com jdoe@yahoo.com The activation web site allows you to upload the Activation Request file (created in Step 1), or to paste its content into a web form After verifying your purchase of NetWare 6.5 an activation credential file is created and emailed to you and to the designated company representative The activation credential will activate the three drivers included in the DirXML Starter Pack in the network where the request was created The credential is non-transferable

37 © March 9, 2004 Novell Inc. 37 Activating – Step 3 Use iManager (or ConsoleOne) to install the activation credential Ideally the activation credential is installed before the end of the 90 day configuration period. If the 90 day configuration period has expired, the DirXML Starter Pack will stop creating and updating objects. If this happens, simply request and install the activation credential, and the DirXML Starter Pack will resume

38 Troubleshooting

39 © March 9, 2004 Novell Inc. 39 Using DSTRACE Set the DirXML-DriverTraceLevel to 3 on the driver set. DSTRACE -ALL DSTRACE +DVRS

40 © March 9, 2004 Novell Inc. 40 More Information The EPD website: http://www.novell.com/partners/partnerplace/epdhttp://www.novell.com/partners/partnerplace/epd contains information on Electronic License Delivery (ELD) Activation Electronic Software Delivery (ESD) DirXML product website: http://www.novell.com/products/edirectory/dirxml/ Whitepapers Documentation Deployment Guides DirXML Cool Solutions site: http://www.novell.com/coolsolutions/dirxml/ Tips and Tricks Free Tools

41

42 © March 9, 2004 Novell Inc. 42 General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.


Download ppt "Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting."

Similar presentations


Ads by Google