Deployment Aids - PowerPoint PPT Presentation

1 / 66

About This Presentation

Title:

Deployment Aids

Description:

NetWare 3.2 mid size networks/older cpus. 1998 Netware 5.0 larger ... NetWare ... NDS eDirectory ships with NetWare 5.1 and is available in versions that run ... – PowerPoint PPT presentation

Number of Views:45

Avg rating:3.0/5.0

Slides: 67

Provided by: ricke

Learn more at: http://www.personal.psu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Deployment Aids

1
Deployment Aids

Sysprep used to help deploy Server and Advanced
Server.
Sysprep prepares a Pro or Server installation for
duplication to identical hardware.
Run sysprep, cut an image, copy image
Deletes security identifiers, user and system
specific data
Regenerates on reboot

2
Deployment

Remote OS Installation
Server hosted equivalent CD
Remote Installation Service
Requires DNS, DHCP, Active Dir.
Installed on a shareable volume
Cant be on the servers system drive
Formatted as NTFS

3
Command Interface

Start / Run / Command
Example
Netstat /?

4
Naming Conventions

Distinguished Name DN
Defines the domain and the related containers in
which the object resides.
Relative Distinguished Name RDN
An attribute of an object
Globally Unique Identifier
Avoids duplication, ensures uniqueness, a 128 bit
number assigned to an object on creation and
stored with it.

5
Naming Conventions

User Principal Name UPN
Combines the user account name with the domain
name where the account exists
Domain Component DC
Organizational Unit OU
Common Name CN

6
(No Transcript)
7
Microsoft Directory Services

MS does not support an extension of LDAP, called
LDAP Duplication Update Protocol.
Violation of directory rules can lead to
cascading errors in directory
Uses synchronization to populate and update
directories

8
Microsoft Directory Services

Microsoft left out major portions of the X.500
protocol in the AD.
B/C Dependent on OSI networking layer and lack of
public interest.
Elements include
Dir. Access Prot, Dir. Systems Prot., Dir Info
Shadowing Prot.,Dir Operational Binding
Management Prot.

9
What is a directory service?

A directory is like a database, but tends to
contain more descriptive, attribute-based
information. The information in a directory is
generally read much more often than it is
written.
Directory updates are typically simple
all-or-nothing changes, if they are allowed at
all.
Directories are tuned to give quick-response to
high-volume lookup or search operations.

10
LDAP

Lightweight Directory Access Protocol.
A directory service protocol that runs over
TCP/IP.
The details of LDAP are defined in RFC 1777 "The
Lightweight Directory Access Protocol."

11
LDAP

The LDAP directory service model is based on
entries.
An entry is a collection of attributes that has a
name, called a distinguished name (DN).
Each of the entry's attributes has a type and one
or more values.

12
LDAP

Types are typically mnemonic strings, like "cn"
for common name, or "mail" for email address.
mail attribute might contain the value
"bdobs_at_psu.edu
jpegPhoto attribute would contain a photograph in
jpeg format

13
How is the information arranged?

Directory entries are arranged in a hierarchical
tree-like structure that reflects political,
geographic and/or organizational boundaries.
Entries representing countries appear at the top
of the tree.
Below them are entries representing states or
national organizations.
Below them might be entries representing people,
organizational units, printers, documents,

14
LDAP Tree
CGB
CUS
OPSU
CNRick Evans
CNRichard Evans
mailrevans_at_psu.edu
15
How is the information referenced?

Entry is referenced by its distinguished name,
constructed by taking the name of the entry
itself (called the relative distinguished name,
or RDN) and concatenating the names of its
ancestor entries.
For example, the entry for Rick Evans in the
example above has an RDN of "cnRick Evans" and a
DN of "cnRick Evans, oPSU, cUS". The full DN
format is described in RFC 1779, "A String
Representation of Distinguished Names."

16
Resources

http//www.oblix.com/pointofentry/ldap/index.html

17
Trusts

Two-way transitive trust
Automatically achieved between domains in the
same tree or can be established between domains
on separate trees.
Explicit one-way trust
Created between specific domains in two different
forests and provide one-way restricted
permissions.

18
Domain Trees Child Domains

When should a child be created?
Is decentralized administration desired
Do you need tight/localized administration
Do business activities dictate separate domains
Do account policies need to differ

19
Domain Trees Child Domains

When should a forest be created?
Are the business activities extremely different?
Are there reasons for maintaining separate
identities
Unique trade names
Do joint venture or partner relationships exist
that require tighter control over network
resources.
Enforcing direct administrative and security
restrictions

20
User accounts

Unique identifier
SID security identifier
User and group SIDs form the security token
Unique, must be regenerated if account is
deleted.
Mapped to the Access control list
DACL discretionary access control list is a
security descriptor, who has permission to use.

21
(No Transcript)
22
Profiles

Local User maintained on each system in the
users profile directory.
Roaming allows users to move from system to
system, located in shared directory of server.
Mandatory restricted by sysadmin to permit
consistent desktops.
Ntuser.dat to Ntuser.man

23
Contents Profile Directory

Cookies
Desktop
Favorites
My documents
Start Menu

24
All users profile

Application Data
Local Settings
NetHood domains files accessed
PrintHood
Recent
Send To
Templates for Office Apps.

25
Novell NetWare

1983 NetWare/86 file print sharing
NetWare 286 multitasking
NetWare 386 larger networks
NetWare 4.11- IntraNetware
NetWare 4.2 NetWare for small Business
NetWare 3.2 mid size networks/older cpus
1998 Netware 5.0 larger networks
2003 Netware 6.5 - Internet

26
NetWare

IP protocol
Backward compatible to IPX
Java enabled
NSS Novell Storage System
Volumes Mounts

27
File Server Capacity
28
NetWare

NetWare Loadable Modules NLMs
Add hardware without rebooting
Remove without stopping server
Increase volume size while S is running
Multiprocessor kernel MPK
Supports symmetrical multiprocessing H/W (SMP)
Multithreading
Up to 32 processors - Questionable release date

29
NetWare

NetWare Directory Services
Organizes users, groups, devices into a tree like
structure
NDS Tree
Single user login
Scalable, up to unlimited sizing
1999 test had a billion users

30
NetWare

Novell's core-services are wrapped around NDS
eDirectory, a robust, cross-platform directory
service.
NDS eDirectory ships with NetWare 5.1 and is
available in versions that run natively on Linux,
Solaris, and Windows 2000 and NT - no NetWare
required.

31
NetWare

NDS - NetWare's central feature. All the services
that ship in the NetWare 5.1 box, all those
available from Novell separately and even most
third-party additions plug into the directory to
become part of a fabric of integrated services.
This integration gives administrators a
replicated, fail-safe, single point of
administration.
Users, get one place to search for enterprise
wide resources and one point of authentication to
gain access to those resources.

32
NetWare

Fault tolerance (3 Levels)
SFT1 single server, when a sector goes bad, the
bad sector to a good one. Hot fix.
Redundant volume data structures
SFTII level two, has all the features of one and
uses disk mirroring and duplexing
Duplexing has a controller for each drive

33
Mirror
Duplex
34
NetWare

Fault tolerance (Cont)
SFTIII Level three consists of SFT II plus server
mirroring, or redundant servers.
Two servers connected using a high speed Mirrored
Server Link (MSL)
Nonstop operation using an entirely redundant
server.

35
(No Transcript)
36
NetWare

Security
Public key infrastructure PKIS
Enables public key cryptography and digital
certificates. Local certificate authority SSL
Novell International Cryptographic Infrastructure
Enable cryptography services for confidentiality,
integrity, and authentication
Secure Authentication Services SAS
Auditing

37
NetWare 5.1's security

built on an RSA dual-key-encrypted security store
authentication methods-- passwords, tokens,
biometrics, smartcards and X.509 certificates
Cryptography services in the form of Novell's
International Cryptographic Infrastructure (NICI)
ship with and plug into NetWare's modular
security services and provide DES/RC2/RC4 data
encryption of 56-bit to unlimited strength.

38
NetWare 5.1's security

NetWare 5.1 automatically creates a
directory-based CA and generates a server
certificate, which it uses for the Web-accessible
NetWare Management Portal (NMP) and the
Enterprise Web Server.

39
NetWare 5.1's security

SSL-enabled and secure out of the box with
NetWare 5.1
NetWare supports minimum password lengths,
intruder detection lockout and unique passwords
does not have a built-in method for identifying
weak passwords or forcing users to use
punctuation marks or other special characters in
their passwords.

40
NetWare

DNS DHCP
LDAP
Web Server
Netscape FastTrack Server
FTP Unix printing services
NIS, telnet, XConsole

41
NetWare

Client support
Windows
UNIX
OS/2
MacOS
DOS

42
NetWare

ZENWorks Zero Effort Networks

43
NetWare

NetWare NFS services
Two parts NFS gateway NFS server
Gateway permits clients to access a Unix file
system as a NetWare volume
NFS server exports NetWare volumes to Unix and
other NFS clients
Access is granted using traditional Unix Mount
commands
Line printer/Line printer Daemon LPR/LPD
Built on Suns NFS services 2.0

44
NetWare

NDS for Non-NetWare Platforms
NDS for NT
NWAdmin Snap-in
NDS for Unixware
NDS for Solaris
Others

45
NetWare

NDS Directory Tree
Graphical display of the network
Consists of objects that are resources
Displays relationships
Objects have properties and values
Property defines a function
Value are the data for the property

46
NetWare

NDS tree Objects
Container (4)
Root
Country
Organization
Organizational Unit
Leaf objects
User, printer, file server (16)

47
NetWare

File System
File Server
Volumes
Directories
Files
Rights Supervisor,R,W,Create,Erase,Modify,File
Scan,Access Control

48
NetWare

Web-based management tool- NMP
create and delete NDS users and groups, manage
the Enterprise Web Server, the NetWare Web Search
Server and the NetWare News Server.
access volume management, trustee assignments,
server management, NDS management, remote-server
access to other NetWare 5.1 server portals and
limited access to the file systems on NetWare 5
and 4.x servers in the same tree.

49
NetWare

The NMP provides hardware information, console
screens and server-health monitors.
mount and dismount volumes, set volume attributes
and server parameters, restart servers, manage
connections, broadcast messages to connected
users, view statistics and graphical
representations of server performance, debug
problems, and execute console commands.

50
Costs

Windows 2000 Advanced Server, 3,999 with 25
client access licenses
NetWare 5.1, 3,155 for 25-connections
Solaris 8, free, Sun Microsystems

51
(No Transcript)
52
(No Transcript)
53
(No Transcript)
54
(No Transcript)
55
(No Transcript)
56
(No Transcript)
57
NetWare 6 Features

There are a broad range of features.
Many features are not available in other NOSs.

58
Storage Management

Server storage is divided into logical volumes.
A volume may be one or more hard drives, CD-ROMs,
DVDs, or SANs.
A storage volume can contain eight terabytes.

59
Storage Management
60
Storage Management

NetWare supports storage virtualization.
Storage pools can be from 1 to 254 volumes.
Storage pools can exceed the physical storage
currently available.

61
Deployment

No additional client software is required to
connect to a NetWare server.
NetWare automatically recognizes and supports
protocols from different client operating
systems.
NetWare 6 can be installed incrementally to
existing networks.

62
iPrint

Any LAN printer can be accessible through the
Internet.
iPrint can create a facility floor plan that
shows the physical location of printers.
Users click on the printer icon to select the
printer to use.
Printer drivers are automatically downloaded and
installed.

63
iPrint
64
iFolder