Novell IFOLDER 3.8 Deployment Guide

Novell®

www.novell.com

Deployment Guide

iFolder

novdocx (en) 13 May 2009

AUTHORIZED DOCUMENTATION

3.8

November 2009

Novell iFolder 3.8 Deployment Guide

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 13 May 2009

Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 13 May 2009

4 Novell iFolder 3.8 Deployment Guide

Contents

About This Guide 9

1 Understanding iFolder Deployment 11

1.1 Before You Deploy iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.1.1 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.1.2 Security Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.1.3 Additional Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.1.4 Encryption and Key Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.2 Using a Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2 Single-Server Deployment 15

2.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.4.1 User Data Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.4.2 Document Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

novdocx (en) 13 May 2009

3 Multi-Server (Master-Slave) Deployment 19

3.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.4.1 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.4.2 Data Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Multi-Server (Master-Master) Deployment 23

4.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.4.1 Functional Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.4.2 Specialized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5 Master-Slave Deployment for a High Web Access Load 27

5.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.4.1 Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.4.2 Online Application Submission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Contents 5

6 Single-Server Cluster Deployment 31

6.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.1.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.2 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.3 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.5 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.5.1 Document Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

7 Multi-Server Master-Slave Deployment in a Cluster 35

7.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.1.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.1.2 Web Admin Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.1.3 Web Access Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.2 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.3 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

7.5 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

7.5.1 Business Services with High Volatility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

novdocx (en) 13 May 2009

8 Using an iFolder Master Server as a Load Balancer 39

8.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.4.1 Information Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.4.2 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

9 Using Fibre Channel to Deploy iFolder in a Storage Area Network 43

9.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.2 Web Admin and Web Access Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.3 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.4 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.5 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.6 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

9.6.1 Case 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

9.6.2 Case 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

10 Using Xen to Deploy iFolder as a Virtual Service 47

10.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

10.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

10.3 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

11 NAT-Based Configuration 51

11.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

11.2 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

11.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

11.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

6 Novell iFolder 3.8 Deployment Guide

12 Using Router Port Forwarding and Mod Proxy 53

12.1 Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

12.2 Mod Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

12.3 Port Forwarding and Mod Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

12.4 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

12.5 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

12.6 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

13 Deploying iFolder behind Access Manager or iChain 57

13.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

13.2 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

13.3 Additional Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

13.4 Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

14 Deploying the My Documents Folder as an iFolder 61

14.1 Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.1.1 Trusted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.1.2 Untrusted (User Network Alone) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.1.3 Untrusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.2 Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

14.2.2 Single Server and Multi-Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

14.2.3 Novell iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

14.2.4 Novell Web Admin Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

14.2.5 Web Access Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

14.2.6 Converting the My Documents Folder to an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . 64

14.3 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

14.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

novdocx (en) 13 May 2009

Contents 7

novdocx (en) 13 May 2009

8 Novell iFolder 3.8 Deployment Guide

About This Guide

Novell® iFolder® is designed with the basic principle of scalability to support organizational modifications. The Novell iFolder 3.8 Deployment Guide describes how to successfully deploy the following iFolder components for 3.7 and later versions in your production environment:

 iFolder Enterprise Server

 iFolder Web Access Server

 iFolder Web Admin Server

 iFolder

The cases considered in this guide are not exhaustive. They are intended to be examples that can be mapped to your organizational functions.

 Chapter 1, “Understanding iFolder Deployment,” on page 11

 Chapter 2, “Single-Server Deployment,” on page 15

Client

novdocx (en) 13 May 2009

 Chapter 3, “Multi-Server (Master-Slave) Deployment,” on page 19

 Chapter 4, “Multi-Server (Master-Master) Deployment,” on page 23

 Chapter 5, “Master-Slave Deployment for a High Web Access Load,” on page 27

 Chapter 6, “Single-Server Cluster Deployment,” on page 31

 Chapter 7, “Multi-Server Master-Slave Deployment in a Cluster,” on page 35

 Chapter 8, “Using an iFolder Master Server as a Load Balancer,” on page 39

 Chapter 9, “Using Fibre Channel to Deploy iFolder in a Storage Area Network,” on page 43

 Chapter 10, “Using Xen to Deploy iFolder as a Virtual Service,” on page 47

 Chapter 11, “NAT-Based Configuration,” on page 51

 Chapter 12, “Using Router Port Forwarding and Mod Proxy,” on page 53

 Chapter 13, “Deploying iFolder behind Access Manager or iChain,” on page 57

 Chapter 14, “Deploying the My Documents Folder as an iFolder,” on page 61

Audience

This guide is intended for iFolder administrators.

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to Feedback (http://www.novell.com/documentation/feedback.html) and enter your comments there.

Documentation Updates

For the most recent version of the Novell iFolder 3.8 Deployment Guide, visit the Novell iFolder 3.x

Documentation (http://www.novell.com/documentation/ifolder3).

About This Guide 9

Additional Documentation

For documentation, see the following:

 Novell iFolder 3.x documentation (http://www.novell.com/documentation/ifolder3/index.html)

 Novell Open Enterprise Server product site (http://www.novell.com/products/

openenterpriseserver)

 Novell Open Enterprise Server documentation (http://www.novell.com/documentation/oes/

index.html)

 Novell eDirectory

8.8 documentation (http://www.novell.com/documentation/edir88/

treetitl.html)

 Novell iManager 2.7 documentation (http://www.novell.com/documentation/imanager27/

treetitl.html)

 Novell Technical Support (http://www.novell.com/support/)

Documentation Conventions

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

novdocx (en) 13 May 2009

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.

10 Novell iFolder 3.8 Deployment Guide

Understanding iFolder

novdocx (en) 13 May 2009

Deployment

Administration overhead and handling user support calls are major tasks in the Information and Service department of any organization. Deploying a service without proper understanding of the current requirements, the quality of the service, and the projected organizational growth can cause unexpected demands on the system that lead to extra costs to manage the service.

This guide helps you understand the various scenarios in which the Novell deployed, based on requirements and future expansion plans. It addresses various iFolder deployment scenarios and use cases ranging from simple to complex, targeting small, medium, and enterprise users. You can also request assistance from Novell support personnel to help you implement these deployment scenarios.

 Section 1.1, “Before You Deploy iFolder,” on page 11

 Section 1.2, “Using a Deployment Manager,” on page 13

1.1 Before You Deploy iFolder

Before you install Novell iFolder, you must plan the setup that is suitable for your enterprise. You should organize the deployment based on your current requirements, the quality of service required, and the projected needs for future growth.

iFolder® service can be

Before you deploy iFolder, consider the following:

 Section 1.1.1, “Hardware and Software Requirements,” on page 11

 Section 1.1.2, “Security Considerations,” on page 12

 Section 1.1.3, “Additional Documentation,” on page 12

 Section 1.1.4, “Encryption and Key Recovery,” on page 13

1.1.1 Hardware and Software Requirements

 “Server Hardware Requirements” on page 11

 “Server Software Requirements” on page 12

 “Client Requirements” on page 12

Server Hardware Requirements

A Novell iFolder server has the following hardware requirements:

 A server class machine for Open Enterprise Server (OES) 2

 A minimum of 2 GB RAM

 200 GB dedicated storage (200 MB storage per user for 1000 users)

 Minimum 100 Mbps dedicated NIC

Understanding iFolder Deployment

This guide follows the OES 2 SP2 Linux recommended hardware for server, storage area network (SAN), and clients. This also includes the network requirements.

Server Software Requirements

A Novell iFolder server has the following software requirements:

 Novell Open Enterprise Server 2 Linux Support Pack 2 with updated Mono

patch channel for SUSE

 Apache* configured in work mode

 Apache configured for traditional NIC

Linux Enterprise Server 10 SP2

patches from the

Client Requirements

The Novell iFolder client supports the following workstation operating systems:

 SUSE Linux Enterprise Desktop (SLED) 10 SP1 and above

 SUSE Linux Enterprise Desktop (SLED) 11

 openSUSE 11.1

The iFolder Linux client requires the Mono framework for Linux and a GNOME* desktop for

iFolder Nautilus plug-in support.

novdocx (en) 13 May 2009

 Windows XP SP2 and above

 Windows Vista SP1 and above

 Windows 7 (32-bit and 64-bit)

 Macintosh OS X (Intel architecture) v10.4.11 and later (requires Mono 1.2.5 ). PowerPc

architecture is not supported.

1.1.2 Security Considerations

Based on your security requirements, you can create an encrypted iFolder or a normal iFolder. The communication between the iFolder server, clients, Web Admin server, and Web Access server for

3.7 and later versions can be set to non-SSL or SSL (secure) or both.

1.1.3 Additional Documentation

For more information, see the following:

 iFolder 3.8 Administration Guide

 “Planning iFolder Services”

 “Prerequisites and Guidelines”

 iFolder 3.8 Cross-Platform User Guide

 “Getting Started”

 Novell iFolder 3.8 Security Administration Guide

12 Novell iFolder 3.8 Deployment Guide

1.1.4 Encryption and Key Recovery

For detailed information on encryption and key recovery, refer to the following guides:

 iFolder 3.8 User Guide

 “Encryption”

 “Encryption Policy Settings”

 “Managing Passphrase for Encrypted iFolders”

 iFolder 3.8 Security Administration Guide

 “Creating an Encrypted iFolder”

 “Creating Strong Password And Passphrase”

 “Using the Recovery Agent”

 “Transferring the Encryption Key”

1.2 Using a Deployment Manager

novdocx (en) 13 May 2009

Novell iFolder 3.7 and later versions support auto-account creation through an XML-based response file. You can use any deployment manager, such as Novell ZENworks file along with the client to the user machines. After the client is installed, the client startup autocreates an account when the response file is detected. This is beneficial for large deployments. It also saves time for users and avoids support calls because of account creation errors.

, to distribute the response

Understanding iFolder Deployment 13

novdocx (en) 13 May 2009

14 Novell iFolder 3.8 Deployment Guide

Single-Server Deployment

A single-server setup consists of a single server with up to one thousand clients simultaneously connected to it. In such a setup, the iFolder server and the database are located on a single Open Enterprise Server (OES) 2 server, and the client workstations are connected to it. This scenario is illustrated in the following figure.

Figure 2-1 Single Server

novdocx (en) 13 May 2009

In a single-server setup, all three iFolder components are installed and configured on the same server. Authentication of users is always LDAP-based. This means that all the users trying to log in and access iFolder data are authenticated with the LDAP server first and then allowed to access iFolder data. All client-to-server communication and communication between server components is done via HTTPS. In this setup, a single server hosts the iFolder server, iFolder Web Access services, and iFolder Web Admin services. Load balancing cannot be performed in this setup and heavy Web Access usage is also not recommended.

The following sections describe the deployment of a single server setup in your environment.

 Section 2.1, “Key Benefits,” on page 15

 Section 2.2, “LDAP Configuration,” on page 16

 Section 2.3, “Scalability Parameters,” on page 16

 Section 2.4, “Deployment Scenarios,” on page 16

2.1 Key Benefits

The key benefits of a single-server setup are as follows:

 A single-server setup is easy to maintain because operations such as updating patches,

upgrading the server, taking a backup, and restoring a backup are limited to a single server.

Single-Server Deployment

 Sharing iFolders is faster in a single-server setup as opposed to a multi-server environment.

This is because in a single-server setup, users are provisioned to a single server, but in a multiserver environment users are provisioned across multiple servers.

 A single-server setup is beneficial for small setups of 500 to 1000 users. In such a scenario,

where all users are provisioned on the same server, the response time is guaranteed. For example, if a server has a dedicated network interface card (NIC) with a minimum of 1 Gbps capacity and each client has a NIC with a minimum capacity of 100 Mbps. With this configuration, a user can upload or download a 1 GB file in less than 5 minutes.

2.2 LDAP Configuration

The LDAP configuration information for a single-server setup is as follows:

novdocx (en) 13 May 2009

 eDirectory

 Ensure that all users are a part of either a container or a static/dynamic group on the LDAP

directory server. During iFolder installation, you must use the same container or group DNs to configure the Search context field.

 iFolder supports both secure and non-secure communication with the directory server. You can

choose any communication channel that fits your requirements. Ensure that the directory server is listening on standard LDAP ports for secure and non-secure channels.

, OpenLDAP*, and Active Directory* directory servers are supported.

2.3 Scalability Parameters

The scalability parameters for a single-server deployment are as follows:

 A single-server setup is ideal for small setups of 500 to 1000 users.

 Clients must have a dedicated network interface card (NIC) of 100 Mbps capacity.

 Web-based access must be low, and thick client access must be moderate with up to 500 active

connections.

 Data transfer (synchronization of user data) rate must be 10 MB per hour per client.

 The synchronization interval must be 10 minutes.

2.4 Deployment Scenarios

The following sections describe the deployment scenarios in a single-sever setup:

 Section 2.4.1, “User Data Backup,” on page 16

 Section 2.4.2, “Document Management,” on page 17

2.4.1 User Data Backup

Consider a scenario where an organization wants a set of 500 users to be able to back up their desktop data at regular intervals. The organization provides a dedicated LAN link to ensure that 500 users can synchronize the data at the rate of 10 MB per hour. A single-server setup is ideal in such a scenario. Before you use a single-server setup for this scenario, you must consider the following policies:

 “Limiting the Number of iFolders Per User” on page 17

16 Novell iFolder 3.8 Deployment Guide

 “Disabling Sharing” on page 17

 “Setting a Disk Quota” on page 17

Limiting the Number of iFolders Per User

In order to maintain the server load at an optimal level, you must limit the number of iFolders that a user can create. Use the Web Admin console to limit the number of iFolders per user in a given iFolder system. You can set this policy at user and system levels. The recommended limit of iFolders per user is 5.

Disabling Sharing

To enable an effective backup and to avoid user data collision, you must disable iFolder sharing. If necessary, you can enable sharing with read-only access. This is useful to maintain the 10 MB per hour data transfer rate at 500 simultaneous connections.

Setting a Disk Quota

The disk quota limit is based on the server capacity. The recommended limit is 4 GB per user. This requirement can be a floating value, so that an average of 4 GB per user is achieved. This means that default settings are used to achieve the requirement.

novdocx (en) 13 May 2009

2.4.2 Document Management

This deployment scenario illustrates the iFolder ability to synchronize documents across various levels in an enterprise. Consider a scenario where a customer in a bank initiates a loan request process by submitting an application form to a bank clerk. As a part of the loan request process, the application form is sent to an official at a higher level for approval.

In this scenario, you can create three iFolders named Submission, Level 1, and Level 2 for the initial submission and for the next levels of approvals. The first two iFolders, Submission and Level 1, can be shared between the clerk and the manager. The Level 2 iFolder can be shared between the manager and the senior manager and made inaccessible to the clerk.

After the initial verification, the clerk can move the loan application form stored in the Submission iFolder to the Level 1 iFolder. The manager accesses the verified loan application form from the Level 1 iFolder for further verification and approval. If the loan request is verified and approved, the manager moves the application form to the Level 2 iFolder for the senior manager’s approval.

The various levels of access allow you to use a single-server setup to easily manage the flow of documents in an enterprise.

Single-Server Deployment 17

novdocx (en) 13 May 2009

18 Novell iFolder 3.8 Deployment Guide

Multi-Server (Master-Slave)

novdocx (en) 13 May 2009

Deployment

A multi-server setup consists of multiple servers, which can each have more than a thousand simultaneous connections at any point of time. Multi-server configurations are of two types, mastermaster and master-slave. This section discusses the master-slave setup, and the master-master setup is discussed in Chapter 4, “Multi-Server (Master-Master) Deployment,” on page 23.

Multi-server configurations are beneficial for organizations that are expanding their employee strength. This type of setup is also useful for organizations that have their workforce spread across the globe with multiple branches across countries and continents. You can use a multi-server deployment to synchronize and share data across the globe with a predictable response time.

You can convert a single-server system to a multi-server system by connecting an additional server to the main server and creating a master-slave configuration. A multi-server (master-slave) setup is illustrated in the following figure.

Figure 3-1 Master-Slave

In this setup, the iFolder server and the iFolder database are located on Open Enterprise Server (OES) 2 servers with client workstations connected to the iFolder server. The iFolder master and slave servers are connected to each other to exchange metadata information. The Web Access and Web Admin consoles of the master server are accessed through a browser. User authentication is done through the eDirectory server communication is done via HTTPS.

The following sections describe a multi-server (master-slave) iFolder setup:

 Section 3.1, “Key Benefits,” on page 20

 Section 3.2, “LDAP Configuration,” on page 20

secure LDAP protocol and all the server-to-server and client-to-

Multi-Server (Master-Slave) Deployment

 Section 3.3, “Scalability Parameters,” on page 21

 Section 3.4, “Deployment Scenarios,” on page 21

3.1 Key Benefits

The key benefits of a multi-server (master-slave) setup are as follows:

novdocx (en) 13 May 2009

 Supports a secure communication channel (SSL) to secure the data exchanged on the wire and

secures iFolder data stored on the server with the Novell

patented encryption and recovery

mechanism.

 Ensures scalability with no theoretical limit on the number of servers participating. In addition,

each server can have multiple data volumes configured with any limit.

 Guarantees response time because the number of users that are provisioned per server is limited

to 1000, so that each user can have a predictable response from the server if the server has a dedicated network interface card (NIC) with a minimum of 1 Gbps capacity and each client has at least a 100 Mbps NIC. With this configuration, the user can upload or download a 1 GB file in less than 5 minutes, which is almost 4 MB per second.

 Enables users across different geographical locations to share data in a secure manner.

 Enables Novell iFolder servers across different geographical locations to be integrated with

Business Continuity Clusters (BCC) for data replication and high availability.

3.2 LDAP Configuration

The LDAP configuration information for a multi-server (master-slave) setup is as follows:

 eDirectory, OpenLDAP, and Active Directory directory servers are supported.

 The LDAP Search Context option must be set to an appropriate value for both master and slave

in order to optimize LDAP sync time on both servers. The Master LDAP search context specified must either be a superset of all the slave search contexts or a combined list of all slave search contexts as shown in the examples given below:

 Master context

o=org

, Slave1 context

ou=ku,o=org,

Slave2 context

ou=dl,o=org

 Master context

context

 Ensure that each iFolder server has its own eDirectory replicas so that the authentication

ou=dl,o=org

ou=ku,o=org##ou=dl,o=org

happens locally instead of walking the eDirectory tree.

 iFolder supports both secure and non-secure communication with the directory server. You can

choose any communication channel that you need. Ensure that the directory server is listening on standard LDAP ports for secure and non-secure channels.

20 Novell iFolder 3.8 Deployment Guide

, Slave1 context

ou=ku,o=org

, Slave2

+ 44 hidden pages

Novell IFOLDER 3.8 Deployment Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Novell iFolder 3.8 Deployment Guide

About This Guide

1.1 Before You Deploy iFolder

1.1.1 Hardware and Software Requirements

Understanding iFolder Deployment

1.1.2 Security Considerations

1.1.3 Additional Documentation

1.1.4 Encryption and Key Recovery

1.2 Using a Deployment Manager

Single-Server Deployment

2.1 Key Benefits

2.2 LDAP Configuration

2.3 Scalability Parameters

2.4 Deployment Scenarios

2.4.1 User Data Backup

2.4.2 Document Management

Multi-Server (Master-Slave) Deployment

3.1 Key Benefits

3.2 LDAP Configuration