Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,

Published byEdwina Thompson Modified over 9 years ago

Similar presentations

Presentation on theme: "UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,"— Presentation transcript:

1 UNITED STATES

2 Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager davidc@clemson.edu Clemson University Jeremy Campbell, Information Resource Consultant jerm@clemson.edu Clemson University

3 UNITED STATES Novell Directory Services (NDS) and the Computing Infrastructure A real world example: Division of Computing and Information Technology CLEMSON U N I V E R S I T Y

4 UNITED STATES Agenda )Background on Clemson information systems )Mission and support structure )Userid management )Network design )Server and network access )Public access labs )Printing )Electronic mail )Intranet )Authentication server )Futures

5 UNITED STATES Background on Clemson Information Systems

6 UNITED STATES Background )Large systems background )Strong development shop )Mainframe and open systems expertise )Departmental LANs ruled 90’s until Novell Directory Services (NDS) )NDS populated in Summer 1995 (36,000) )Departmental LANs gone—more centralized management of the network )NDS is centerpiece of security and authentication

7 UNITED STATES Mission and Support Structure

8 UNITED STATES Mission )Provide computing infrastructure )Empower users and departments )Provide guidance in selecting solutions based on industry standards )Deploy solutions to meet the needs of institutional computing )Provide user support and training

9 UNITED STATES Defining Groups )Network services # Supports the physical network (routers, hubs, backbone) )LAN systems # Supports application, group, and personal data servers )Client Support Group (CSG) # Supports faculty and staff via Technology Support Providers (TSPs)

10 UNITED STATES Defining Groups (cont.) )Systems Integration Group (SIG) # Supports students and departmental labs )Computer resources # Assists with user account problems & Division of Computing and Information Technology (DCIT) sponsored )College consultants # DCIT sponsored person and college sponsored person(s) that help support the end users of the college

11 UNITED STATES Defining Groups (cont.) )Technology Support Provider (TSP) # Supports faculty/staff end users )Help desk # Sponsored by DCIT to assist end users

12 UNITED STATES Support Structure )Support is based on a four tier model Problems Resources LAN systems Network services 1 Faculty Staff Students 4 TSPs Help desk 3 College consultant Client support Systems integration 2 Computer resources

13 UNITED STATES Server Strategy and Management )Novell and Windows NT servers maintained by DCIT )DCIT provides hardware and Network Operating System (NOS) )DCIT administers backups )DCIT performs user administration )Group maintains data and security with help of a TSP )Virus protection and software metering

14 UNITED STATES Userid Management

15 UNITED STATES Automatic Userid System (AUS) AUS MVS UNIX NDS PersonnelAdmissionsOther

16 UNITED STATES Automating User Maintenance MVS Old Method Daily UIMPORT run Summer ’97 USRMAINT.NLM FTP TCP/IP Real-time NDS •Add users •Modify user attributes •Delete users PersonnelAdmissionsOther AUS

17 UNITED STATES Network Design

18 Physical Network Design 100BT Switch FDDI Server 100BT T1

19 UNITED STATES Tree Design

20 Every Person Has a Place toZAZA ZA StudentsMisc.Employee Organizations ClemsonU to

21 Every Group Has a Place UsersAthleticsDCIT ForestryResearchDean's office CAFLSCES ClemsonU

22 Partition Design A StudentsEmployeeAthletics CSOCSG APS DCIT A B ZZ B ClemsonU

23 Use Dedicated “ROOT” Servers for NDS Replicas CU-ROOT-3 100BT Switch CU-ROOT-1 CU-ROOT-2 (ITC) Master for all R/W for all R/W for users “A” to “Z” Group Server R/W optional FDDI

24 Distribute Network Management

25 UNITED STATES Login Script Design )Based on profile scripts and user scripts )No container scripts )Use base profiles # EMPLOYEE # STUDENT )Base profile includes high level organizational scripts based on membership )Organizational scripts controlled by TSPs )Organization scripts may include departmental scripts managed by others

26 UNITED STATES Script Design & Management.EMPLOYEE.employee.clemsonu.ENG.ces.clemsonu.BioE.ces. ISALAB.Civil.ces..AG.cafls.clemsonu.Forestry.cafls..GROUPIFS.employee.clemsonu User Script

27 UNITED STATES Server Timesync Hierarchy Server C Ref Server A Prim Server B Prim Server D Secon Server E Secon External source

28 UNITED STATES Server and Network Resource Access

29 UNITED STATES Personal Storage (User Data Servers) StudentDn EmployeDn Any faculty or staff member Any student Office, lab, or dial-in Dorm, lab, or dial-in

30 UNITED STATES Personal Data Server Configuration EmployeD(2)StudentD(5) ProcessorDual Pro–200Pentium II–300 Memory1024MB512MB Disk90GB (RAID5)50GB (RAID5) ReplicasNone Home directories ~11,000~25,000 Base quota100MB25MB

31 UNITED STATES Collaborative Storage—“Group Servers” (Faculty and Staff) Group Server2 EmployeD Group Server1

32 UNITED STATES Collaborative Storage— “Applications Servers” (Students) StudentD Applications Server (N)

33 UNITED STATES Group/App/Root Server Average Configuration Group App Root Pro-200P-200P2-300 128MB64MB384MB 18GB9GB4GB Possible R/WNoneAll replicas 25–250 users 250–800 users*

34 UNITED STATES Collaborative Storage (Faculty and Students) App server EmployeD Group server1 StudentD

35 UNITED STATES Faculty/Student Collaboration )Faculty member wants to put data on the network that students can use )Student submission of work to faculty )Students collaborate on team projects with assistance from faculty member )Students and faculty collaborate on projects or assignments )Publish web pages as a team or class

36 UNITED STATES Faculty and TSP/Client Support Management Group Server1 Read Only Teams R/W with Tgroups Create Only Read Write

37 UNITED STATES Collaborative Storage and Network Bandwidth Group Server1

38 UNITED STATES Public Access Labs

39 UNITED STATES The Virtual PC

40 UNITED STATES Outline )Environment for the Virtual PC (VPC) )How the current VPC environment evolved )Mechanics of the VPC # Setting up the computer # Boot time # Login and login script # User Profiles )Software involved )Future directions

41 UNITED STATES Standard Lab )Standard set of applications )Standard operating system )Contextless login )Standard drive mappings )Identical hard drive contents

42 UNITED STATES The Environment as Seen by the Machine )Data servers )Application servers )Hard drive image )Handling locations and hardware

43 UNITED STATES Goals of the Virtual PC Paradigm )Easy maintenance )Provide global access to password protected network disk space )Allow user to customize his desktop )Same environment (“look and feel”) regardless of location, hardware, or facility ownership

44 UNITED STATES Evolution )Pre-NetWare )Windows 3.11 under NetWare )Windows 95 under NetWare

45 UNITED STATES How It Happens to the User

46 UNITED STATES Constructing the Machine )The rebuild disk )REBUILD {options} )Importance of Virtual Loadable Module (VLM) Client

47 UNITED STATES Boot Time Events )Location, PC type, “ISALAB”, and other environment variables )Some registry updates to ensure default desktop appearance and server failover keys

48 UNITED STATES Contextless Login )Can’t teach end users what a context is )Using commercial product because NetWare Software Developer Kit (SDK) lacks information

49 UNITED STATES The Login Script )Perform some basic actions )Perform group-specific actions )Perform lab actions )Load profile

50 UNITED STATES Isitcool—Failover Applications Server Attachment Applications Server(2) ISITCOOL NLM Applications Server(n) ISITCOOL NLM Applications Server(1) Work- station Lab 1 ISITCOOL NLM Workstation Disk Image Applications 1. Using IP, get info from primary app server Isitcool. 2. If attach failure or Isitcool reports no, try next server. 3. Attach to server using NetWare client. Isitcool? NO! YES!

51 UNITED STATES Loading the Profile )PC-Rdist is called by the login script )PC-Rdist imports user registry keys from directory mapped to drive U: )First-time lab users get setup )Printers

52 UNITED STATES Special Mappings and Events )Mapping shared disk # Most done by login scripts )Novell Application Launcher (NAL) # Will eventually be doing most special mappings

53 UNITED STATES Collaborative Storage—“Group Servers” (Faculty and Staff) Group Server2 EmployeD Group Server1

54 UNITED STATES Collaborative Storage (Faculty and Students) App ServerEmployeD Group Server1 StudentD

55 UNITED STATES Logout )Logout only # Export user registry )Logout and shutdown # Export user registry # Perform maintenance

56 UNITED STATES Problems )Present implementation not scalable )DCIT lab support must do all software installs )DCIT lab support must handle all initial lab setup operations )If present trends continue, labs of computers will be replaced by labs of network jacks )Image must live in the login directory (not protected) )Metering

57 UNITED STATES Summary of Novell Components )NetWare )Client 32 (intraNetWare client) )NAL )VLM client

58 UNITED STATES Summary of Novell Products We Can Almost Use )NAL # Requires execution of some applications # Will not permit re-mapping )snAppShot # We can’t distribute applications with NAL, so.AOT files are useless; this makes snAppShot useless )Client 32 (intraNetWare client) login # Need contextless login

59 UNITED STATES Summary of Novell Products We Can Almost Use (cont.) )Novell Replication Services (NRS) # Will not allow replication of directories on SYS (specifically, login)

60 UNITED STATES Summary of Third-Party Products )SofTrack )PC-Rdist and TrapSD # Need a NetWare client with integrated profile handling and event hooks )SFLOGIN # Need a contextless login with event hooks )NWCopy # NRS needs to allow us to replicate specific SYS volume directories

61 UNITED STATES Summary of Third-Party Products (cont.) )PCOUNTER # Need better auditing tools

62 UNITED STATES Clemson University Products )cumap )isitcool )datacool )editreg/patch95 )editini )difrator (in development) )labstats (in re-development)

63 UNITED STATES Future Directions for Us )Departmental software (hardware?) installations )Remote control of workstation )Queuing users waiting for a computer )Move from lab to laptop

64 UNITED STATES Future Directions for Novell’s Products? )Client 32 integrate PROFLOAD stuff )Logout exits )Client 32 should allow us to customize machine as well as user # We can think of a dozen uses for the computer object in NDS! )Basically, Novell should handle the profiles (store the sludge in NDS?) )Metering )Improve auditing tools

65 UNITED STATES Printing

66 UNITED STATES Printing Strategy )All shared printers are network attached supporting only IPX protocol (HP JetDirect) )All printer access is controlled through NDS print queues )UNIX print services makes any print queue available to UNIX/Multiple Virtual Storage (MVS)/??? hosts using standard Line Printer Daemon (LPR/LPD) protocols

67 UNITED STATES Printing Strategy (cont.) )UNIX print services also makes high speed institutional printers on MVS available to both NetWare and UNIX users/applications

68 UNITED STATES Printing Strategy OS/390 UNIX ??? Print Gateway PC Mac Q Q Q Q Q

69 UNITED STATES NDS Design for Printing B Library ITC... Printers Employees B Printers CivilMechanical CES A StudentsPrtDevCAFLS clemsonu A Poole

70 UNITED STATES Electronic Mail

71 UNITED STATES Electronic Mail Server )Based on Sun Solaris )No user accounts required on Solaris )Server software developed at Clemson )Multiple recipients/one copy of message )Server based on Post Office Protocol/ Multipurpose Internet Mail Extensions (POP/MIME) Internet standard protocols # Internet Messaging Access Protocol 4 (IMAP 4) coming?

72 UNITED STATES Electronic Mail Server )Eudora site license purchased by DCIT )List server gaining wide spread acceptance and use # Class/section list automated

73 Mail Server DOS POPc mainframe POPc Windows POPc Mac POPc UNIX POPc OS/2 POPc ? ? popD ListD Mail Server

74 UNITED STATES Mail Server: Statistics *based on partial year statistics through May 26, 1997

75 UNITED STATES Automated Distribution Lists MVS OS/390 ListMGR popD ListD Mail Server Mail Server TCP/IP Class Roles Departments

76 UNITED STATES Automated NDS Group Membership MVS OS/390 ListMGR popD ListD Mail Server Mail Server TCP/IP Class Roles Departments NDS GroupMGR NLM TCP/IP

77 UNITED STATES Student Interface to Collaborative Storage )Use DMOs along with a graphical tool to have users select and map network resources to make them available

78 UNITED STATES Managing Distribution Lists with NDS popD ListD Mail Server Mail Server GroupMGR.NLM Monitor group membership modifications RegisterForEvent() TCP/IP NDS 1. Membership 2. See also

79 UNITED STATES NDS Interface to the List Server )Enabler for collaborative work between faculty and students )Uses data from employee system on MVS to keep department NDS groups correct )Lets users use NWAdmin to administer E-mail lists )Eliminates need to make changes to NDS and the list server )Ensures that data is correct everywhere

80 UNITED STATES Intranet

81 UNITED STATES Web Serving )Institutional servers )Department or group servers )Organizational page servers )Personal page servers )Administrative and student application page servers

82 NDS Web Security via Windows NT/UNIX/???

83 UNITED STATES Authentication Server

84 UNITED STATES Authentication Server )Too many userid/password combinations for each user to remember )Need central set of secure servers that all systems use for authentication )Clemson University Personal ID (CUPID) )Based on Automatic Userid System (AUS) )Idea born in interdepartmental task force )Production on July 1, 1996

85 UNITED STATES Authentication Server Mail authC Web authC mainframe authC UNIX authC NetWare authC Sun authC Windows NT authC Oracle authC

86 NDSNDS intraNetWare Server BintraNetWare Server A AUTHSERV.NLM intraNetWare Server C Mainframe (MVS) VTAM RACF AuthClient Onlines MAIL (Solaris) AuthClient POPd NTServer (4.0) AuthClient Website Application User Workstation (Windows 95/NT and MAC Workstation) Eudora TN3270NetscapeLogin.exe OpenLinux AuthClient Apache Application AUTHSERV.NLM

87 UNITED STATES Authentication Server )NetWare Loadable Module (NLM) is multithreaded )Clients use common code base )Clients have built in failover capability )Communication based on TCP/IP sockets )> 90% successful password checks complete in less than 0.1 seconds )> 2 million requests serviced by primary server over a 6 week period (50,000/day)

88 UNITED STATES Back to Intranet

89 UNITED STATES NDS Authentication through Windows NT/UNIX/??? to the Web Application: Employee Information System (EIS) Type: Web Server OS: Windows NT 4.0 Server Enabling App: Website/Visual Basic

90 UNITED STATES Using NDS Security Across the Intranet Authenticated Client Server Auth Client Authentication Server NDS Netscape IIS 32-bit DLL AUTHSERV.NLM NDS Page request CheckEquiv Check Security Equivalence Locate user object and run equivalence list. NT 4.0

91 UNITED STATES AUTHSERV Client Functions )Password check )Password change )Resolve to fully distinguished name )Check security equivalence )Return group membership )Miscellaneous administrative functions

92 UNITED STATES Authentication Server as an NDS Data Gateway Application: Call tracking system Type: Web Server OS: Windows NT 4.0 Server Enabling App: Website/Visual Basic Not Assigned BILL BROYLES CCR DAVE DAVIDC DON JAMBO YATES DAVIDC

93 UNITED STATES Caldera OpenLinux and Apache )Web gateway to NetWare file system Caldera OpenLinux File Server File Server File Server AuthC Browser AuthServer File Server File Server

94 UNITED STATES Caldera OpenLinux and Apache )First attempt to provide web services via Novell made use of Novell’s intraNetWare Web Server 1.0 which simply was not reliable )Caldera OpenLinux provided robust UNIX connectivity to NDS and supported the industry standard Apache web server )Out of the box Caldera/Apache did not provide home directory redirection and/or authentication # It did however provide the source code needed to make these modifications

95 UNITED STATES Caldera OpenLinux and Apache Modifications )Added a module that would link Apache’s user directory directive to the user’s Novell home directory # Making http://www.clemson.edu/~erich point to EMPLOYED/USR02:\USERS\U20\ERICH\PUBLIC.WWW )Since Caldera is NDS aware, this also allows us to serve group web sites via their own group servers

96 UNITED STATES Web Interface to Home Directories via AUTHSERV NDS Gateway Application: Personal pages Type: Web Server OS: Linux Server Enabling App: Apache/Caldera http://www.clemson.edu/~acollin

97 UNITED STATES Web Interface to Department Pages Application: Departmental pages Type: Web Server OS: Linux Server Enabling App: Apache/Caldera http://dcitnds.clemson.edu/CSO/depts/maint

98 UNITED STATES Caldera OpenLinux and Apache Modifications )Added another module using the previously mentioned Authentication Server routines to provide both user and group authentication # Makes use of standard HTACCESS format with additional Novell directives

99 UNITED STATES Using NDS to Secure Web Pages NovellAuth on AuthName Novell Tree AuthType Basic require user gmcochr require user kellen require group.resadmin.groups.employee.clemsonu

100 WebAuth: Web Single Sign-On Workstation 3rd Party WebServer WebAuth Client AuthServ NLM NDS WebAuth NLM Auth Client Web Browser 1 Web Browser 2 DCIT Authentication WebServer WebAuth Trusted Client CHECK STORE Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user. Redirect

101 UNITED STATES Auditing NDS Connections )Have not had much luck with standard auditing in 4.x )Hook login/logout in AUDITLGN.NLM )Writes easy to manipulate log files )Data logged includes fully distinguished object name, login time, logout time, and MAC address )Monitor file server and print server as well as user connections

102 UNITED STATES Dial-In )Mostly rely on contract between users and Internet Service Providers (ISPs) for dial-in access # Campus-MCI )Some PPP connectivity through Livingston server with Remote Authentication Dial-In User Service (RADIUS) modified to use NDS via the Authentication Server

103 UNITED STATES Dial-In (cont.) )Attempting to get NetWare/IP deployed this summer for file server connectivity via PPP )Starting to deploy Dynamic Host Configuration Protocol (DHCP) for dial-in and dorm usage only

104 UNITED STATES Server Growth )Split user data servers # e.g., StudentD1 and StudentD2 )Common access server for both students and faculty/staff (scratch disk) )Develop tools for user disk clean up )Develop more tools to help end users get more out of NDS and the network in general

105 UNITED STATES What We Need )Web interface to unresolved as well as resolved issues at Novell )More out of Simple Management Protocol (SMP) )NDS on Windows NT (no replicas required) )Help from Novell on resolving “Windows NT Server” marketing-through-documentation issues

106 UNITED STATES What We Need (cont.) )Code exits in Novell products such as Client 32, RADIUS, FTP server, Web server )Good performance monitoring (SMP) tools

107 UNITED STATES Questions and Answers

108 UNITED STATES

Download ppt "UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,"

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
Computer networks Fundamentals of Information Technology Session 6.

Computer networks Fundamentals of Information Technology Session 6.
Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.

Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.
Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.

Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.

Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
12 Chapter 12 Client/Server Systems Hachim Haddouti.

12 Chapter 12 Client/Server Systems Hachim Haddouti.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 12 Reading assignment n From “Running Linux”, on reserve at PSU Main library (2-hour checkout) Chapter 1 (pages 1 through 41)Chapter 1 (pages 1.

Chapter 12 Reading assignment n From “Running Linux”, on reserve at PSU Main library (2-hour checkout) Chapter 1 (pages 1 through 41)Chapter 1 (pages 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Introduction to Networks Networking Concepts IST-200 VWCC 1.

Introduction to Networks Networking Concepts IST-200 VWCC 1.

Similar presentations

Ads by Google