Novell IFOLDER 3.8 Administration Guide
Novell®
www.novell.com
Administration Guide
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
iFolder
3.8
November 2009
®
Novell iFolder 3.8 Administration Guide
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please
refer to the Novell International Trade Services Web Page (http://www.novell.com/info/exports/) for more
information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary
export approvals.
novdocx (en) 13 May 2009
Copyright © 2004-2009 Novell, Inc. All rights reserved. Permission is granted to copy, distribute, and/or modify this
document under the terms of the GNU Free Documentation License (GFDL), Version 1.2 or any later version,
published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the GFDL can be found at the GNU Free Documentation Licence (http://www.fsf.org/licenses/
fdl.html).
THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE
TERMS OF THE GNU FREE DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING THAT:
1. THE DOCUMENT IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE DOCUMENT
OR MODIFIED VERSION OF THE DOCUMENT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A
PARTICULAR PURPOSE, OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY, ACCURACY,
AND PERFORMANCE OF THE DOCUMENT OR MODIFIED VERSION OF THE DOCUMENT IS WITH
YOU. SHOULD ANY DOCUMENT OR MODIFIED VERSION PROVE DEFECTIVE IN ANY RESPECT, YOU
(NOT THE INITIAL WRITER, AUTHOR OR ANY CONTRIBUTOR) ASSUME THE COST OF ANY
NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES
AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER; AND
2. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT (INCLUDING
NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL THE AUTHOR, INITIAL WRITER, ANY
CONTRIBUTOR, OR ANY DISTRIBUTOR OF THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE,
COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER DAMAGES OR LOSSES ARISING
OUT OF OR RELATING TO USE OF THE DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT,
EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see The Novell Documentation Web page (http://www.novell.com/documentation).
novdocx (en) 13 May 2009
Novell Trademarks
For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/
legal/trademarks/tmlist.html)
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 13 May 2009
Contents
About This Guide 13
1 Overview of Novell iFolder 15
1.1 Benefits of iFolder for the Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.1 Seamless Data Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.2 Data Safeguards and Data Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.1.3 Reliable Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.1.4 Encryption Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.5 Productive Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.6 Cross-Platform Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.7 Scalable Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.8 Multi-Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.9 Multi-Volume Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.10 Enhanced Web Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.11 No Training Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.12 LDAPGroup Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.2 Benefits of iFolder for Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3 Enterprise Server Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4 Key Features of iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4.1 iFolder Enterprise Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.2 iFolder Web Admin Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.3 iFolder Web Access Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.4 The iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.5 Multi Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.6 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.7 Shared iFolders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.8 iFolder Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.9 Account Setup for Enterprise Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.10 Access Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.11 File Synchronization and Data Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.12 Synchronization Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
novdocx (en) 13 May 2009
2 What’s New 25
2.1 What’s New in Novell iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.2 What’s New in Novell iFolder 3.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.3 What’s New in Novell iFolder 3.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.4 What’s New in Novell iFolder 3.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.5 What’s New in Novell iFolder 3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.6 What’s New in Novell iFolder 3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3 Planning iFolder Services 29
3.1 Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.2 Server Workload Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.3 Naming Conventions for Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.3.1 LDAP Naming Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.3.2 Multilingual Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Contents 5
3.4 Admin User Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4.1 iFolder Admin User and Equivalent Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4.2 iFolder Proxy User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.5 iFolder User Account Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.5.1 Preventing the Propagation of Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.5.2 Synchronizing User Accounts with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.5.3 Synchronizing LDAPGroup Accounts with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.5.4 Setting Account Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.6 iFolders Data and Synchronization Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.6.1 Naming Conventions for an iFolder and Its Folders and Files . . . . . . . . . . . . . . . . . . 35
3.6.2 Guidelines for File Types and Sizes to Be Synchronized . . . . . . . . . . . . . . . . . . . . . 35
3.7 Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.7.1 iFolder Configuration Plug-Ins for YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.7.2 Novell iFolder Web Admin for Novell iManager 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.7.3 Web Access Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.7.4 Installing iFolder Clients Through Novell ZENworks . . . . . . . . . . . . . . . . . . . . . . . . . 38
4 Comparing Novell iFolder 2.x with 3.7 and Later Versions 39
4.1 Comparison of Server Features and Capabilities of 2.x with 3.7 and Later Versions . . . . . . . 39
4.2 Comparison of Client Features and Capabilities of 2.x with 3.7 and Later Versions . . . . . . . . 42
4.3 Comparison of Web Access Features and Capabilities of 2.x with 3.7 and Later Versions. . . 45
novdocx (en) 13 May 2009
5 Prerequisites and Guidelines 47
5.1 File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2 Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2.1 Install Guidelines When Using a Linux POSIX Volume to Store iFolder Data . . . . . . 47
5.2.2 Install Guidelines for Other Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.3 Novell eDirectory 8.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.4 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.5 Novell iManager 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.6 Mono . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.7 Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.8 Web Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6 Installing and Configuring iFolder Services 51
6.1 Installing iFolder on an Existing OES 2 Linux SP2 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6.2 Deploying iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.2.1 Configuring the iFolder Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
6.2.2 Configuring the iFolder Slave Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.2.3 Managing Server IP Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.3 Configuring the iFolder Web Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.3.1 Configuring Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.3.2 Configuring iFolder Web Access for iChain or AccessGateway . . . . . . . . . . . . . . . . 73
6.4 Configuring the iFolder Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.4.1 Configuring Web Admin Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.4.2 Configuring iFolder Web Admin for iChain or AccessGateway . . . . . . . . . . . . . . . . . 75
6.5 Installing the Novell iFolder 3 Plug-In for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.5.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6.5.2 Installing a Plug-In When RBS Is Not Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6.5.3 Installing a Plug-In When RBS Is Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.6 Recovery Agent Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.6.1 Understanding Digital Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
6 Novell iFolder 3.8 Administration Guide
6.6.2 Creating a YaST-based CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6.6.3 Creating Self-Signed Certificates Using YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
6.6.4 Exporting Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
6.6.5 Exporting Self-Signed Private Key Certificates For Key Recovery . . . . . . . . . . . . . . 84
6.6.6 Exporting eDirectory CA Certificate Using iManager . . . . . . . . . . . . . . . . . . . . . . . . . 84
6.6.7 Using KeyRecovery to Recover the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
6.6.8 Managing Certificate Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6.7 Accessing iManager and the Novell iFolder Web Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6.8 Provisioning Users, Groups and iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
6.8.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
6.9 Distributing the iFolder Client to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.1 Accessing the OES 2 Linux Welcome Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.2 Downloading the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.3 Installing the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
6.10 Using a Response File to Automatically Create iFolder Accounts . . . . . . . . . . . . . . . . . . . . . . 91
6.10.1 Response Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
6.10.2 Using a Response File to Deploy the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . 94
6.11 Updating Novell iFolder 3.7 and Later Versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
6.12 Updating Mono for the Server and Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
6.13 Uninstalling iFolder Enterprise Server for 3.7 and Later Versions . . . . . . . . . . . . . . . . . . . . . 100
6.14 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
novdocx (en) 13 May 2009
7 Migrating iFolder Services 101
8 Running Novell iFolder in a Virtualized Environment 103
8.1 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
9 Clustering iFolder 3.8 Servers with Novell Cluster Services for Linux 105
9.1 Prerequisites for Clustering iFolder 3.8 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.2 Installing Novell Cluster Services for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.3 Configuring iFolder 3.8 Servers on a NCS for Linux Cluster . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.4 Updating Cluster Shared Pool Load and Unload Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.5 Managing Cluster Resource for iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.6 Sample Load Scripts for iFolder 3.8 Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.6.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.6.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
9.7 Sample Unload Scripts for iFolder 3.8 Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
9.7.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
9.7.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
9.7.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
9.8 Sample Monitor Scripts for iFolder 3.8 Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
9.8.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
9.8.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
10 Managing an iFolder Enterprise Server 115
10.1 Starting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.2 Stopping iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.3 Restarting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.4 Managing the Simias Log and Simias Access Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
10.5 Backing Up the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
10.6 Recovering from a Catastrophic Loss of the iFolder Server. . . . . . . . . . . . . . . . . . . . . . . . . . 118
Contents 7
10.7 Using TSAIF to Back Up and Restore the iFolder Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
10.7.1 Understanding TSAIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
10.7.2 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
10.7.3 iFolder Path Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
10.7.4 iFolder Path Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
10.7.5 SMSConfig Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
10.7.6 TSAIF and SMSConfig Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
10.7.7 NBackup Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
10.7.8 TSAIF and NBackup Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
10.7.9 Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.8 Recovering iFolder Data from File System Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.8.1 Recovering a Regular iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
10.9 Moving iFolder Data from One iFolder Server to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
10.10 Changing The IP Address For iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
10.11 Securing Enterprise Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
10.11.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
10.11.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 129
10.11.3 Configuring the Enterprise Server for SSL Communications with the LDAP Server 129
10.11.4 Configuring the Enterprise Server for SSL Communications with the iFolder Client 130
10.11.5 Configuring the Enterprise Server for SSL Communications with the Web Access
Server and Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
10.11.6 Configuring an SSL Certificate for the Enterprise Server . . . . . . . . . . . . . . . . . . . . 130
novdocx (en) 13 May 2009
11 Managing iFolder Services via Web Admin 131
11.1 Accessing the Novell iFolder Web Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
11.2 Connecting to the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
11.3 Managing Web Admin Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
11.4 Managing the iFolder System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
11.4.1 Viewing and Modifying iFolder System Information . . . . . . . . . . . . . . . . . . . . . . . . . 134
11.4.2 Viewing Reprovisioning Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
11.4.3 Configuring iFolder Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
11.4.4 Configuring System Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
11.5 Managing iFolder Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
11.5.1 Searching For Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
11.6 Securing Web Admin Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
11.6.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
11.6.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 150
11.6.3 Configuring the Web Admin Server for SSL Communications with the Enterprise
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
11.6.4 Configuring the Web Admin Server for SSL Communications with Web Browsers. 151
11.6.5 Configuring an SSL Certificate for the Web Admin Server . . . . . . . . . . . . . . . . . . . 152
12 Managing iFolder Users 153
12.1 Provisioning / Reprovisioning Users and LDAP Groups for iFolder . . . . . . . . . . . . . . . . . . . . 153
12.1.1 Manual Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
12.1.2 Manual Reprovisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
12.1.3 Round-Robin Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
12.2 Searching for a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
12.3 Accessing And Viewing General User Account Information. . . . . . . . . . . . . . . . . . . . . . . . . . 155
12.3.1 Enabling or Disabling an iFolder For an User Account . . . . . . . . . . . . . . . . . . . . . . 156
12.3.2 Deleting An iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
12.4 Configuring User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
12.4.1 Viewing the Current User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
12.4.2 Modifying User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
8 Novell iFolder 3.8 Administration Guide
12.5 Enabling and Disabling iFolder User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
13 Managing iFolders 161
13.1 Viewing Details And Configuring Policies for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
13.1.1 Accessing the iFolders Details Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
13.1.2 Viewing The iFolder Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
13.1.3 Searching for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
13.1.4 Managing iFolder Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.1.5 Managing an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.1.6 Managing iFolder Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
13.1.7 Enabling and Disabling an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
14 Managing an iFolder Web Access Server 169
14.1 Starting iFolder Web Access Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
14.2 Stopping iFolder Web Access Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
14.3 Distributing the Web Access Server URL to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
14.4 Configuring the HTTP Runtime Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
14.5 Securing Web Access Server Communications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
14.5.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
14.5.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 171
14.5.3 Configuring the Web Access Server for SSL Communications with the Enterprise
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
14.5.4 Configuring the Web Access Server for SSL Communications with Web Browsers 173
14.5.5 Configuring an SSL Certificate for the Web Access Server. . . . . . . . . . . . . . . . . . . 173
novdocx (en) 13 May 2009
15 Troubleshooting Tips For Novell iFolder 3.7 and Later Versions 175
15.1 iFolder Full Restore Using nbackup fails to restore in a Cluster Environment . . . . . . . . . . . . 175
15.2 Exception Error When Datapath on Server is not Mounted . . . . . . . . . . . . . . . . . . . . . . . . . . 176
15.3 Temporary files are getting synchronized as actual files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
15.4 Web Admin Console Fails to Start Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
15.5 Login to the Web Consoles Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
15.6 Enabling a Large Number of Users at the Same Time Times Out . . . . . . . . . . . . . . . . . . . . . 177
15.7 Changes Are Not Reflected After Identity Sync Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
15.8 Synchronizing a Large Number of Files Randomly Requires Multiple Sync Cycles . . . . . . . 177
15.9 iFolder Data Does Not Sync and Cannot be Removed from the Server . . . . . . . . . . . . . . . . 177
15.10 Samba Connection to the Remote Windows Host Times out . . . . . . . . . . . . . . . . . . . . . . . . 177
15.11 Exception Error while Configuring iFolder on a Samba Volume . . . . . . . . . . . . . . . . . . . . . . 178
15.12 LDAP Users Are Not Reflected in iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
15.13 Directory Access Exception on Creating or Synchronizing iFolders . . . . . . . . . . . . . . . . . . . 178
15.14 Changing Permission to the Full Path Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
15.15 List of Items Fails to Synchronize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
15.16 Access Permission Error While Logging in Through Web Access . . . . . . . . . . . . . . . . . . . . . 178
15.17 Web Admin and Web Access Show a Blank Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
15.18 On running simias-server-setup, the setup fails while configuring SSL . . . . . . . . . . . . . . . . . 179
15.19 iFolder linux client fails to startup if the datapath does not have any contents . . . . . . . . . . . 179
16 Frequently Asked Questions 181
16.1 iFolder 3.7 and Later Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
16.1.1 Is iFolder server for 3.7 and later versions supported on a 64-bit OS? . . . . . . . . . . 181
16.1.2 Is iFolder going to support non-eDirectory related platforms as an identity source? 181
Contents 9
16.2 iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
16.2.1 Are iFolder 3.7 and later versions supported on Windows Vista? . . . . . . . . . . . . . . 182
16.2.2 Are iFolder 3.7 and later versions supported on the Macintosh platform? . . . . . . . 182
16.2.3 Can I use the iFolder 3.x client to connect to iFolder 3.7 and later server?. . . . . . . 182
16.2.4 Can I can use iFolder 3.7 and later versions on different operating systems on different
workstations to access and share the files? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
16.2.5 There was a 10 MB file limitation using Web Access? Is it still applicable for iFolder 3.7
and later versions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
16.2.6 I deleted a file accidentally. Can I recover it? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
16.3 iFolder Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
16.3.1 What is the management console for iFolder 3.7 and later versions? . . . . . . . . . . . 183
16.3.2 What are the new features in the Web Admin console? . . . . . . . . . . . . . . . . . . . . . 183
16.3.3 Can the administrator control the ability to encrypt iFolder files? . . . . . . . . . . . . . . 183
16.3.4 Are there any enhancements for how bulk users are enabled for iFolder? . . . . . . . 183
16.3.5 How can the iFolder administrator manage the data owned by an iFolder user who has
been removed from the iFolder domain?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
A Caveats for Implementing iFolder 3.7 and Later Services 185
A.1 Loading Certificates to the Recovery Agent Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
A.2 Using a Single Proxy User for a Multi-Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
A.3 Slave Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
A.4 Novell iFolder Admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
novdocx (en) 13 May 2009
B Decommissioning a Slave Server 187
C Configuration Files 189
C.1 Simias.config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
C.2 Web.config File for the Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
C.3 Web.config File for the Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
C.4 Web.config File for the Web Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
D Managing SSL Certificates for Apache 201
D.1 Generating an SSL Certificate for the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
D.2 Generating a Self-Signed SSL Certificate for Testing Purposes . . . . . . . . . . . . . . . . . . . . . . 202
D.3 Configuring Apache to Point to an SSL Certificate on an iFolder Server. . . . . . . . . . . . . . . . 202
D.4 Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder
Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
E Product History of iFolder 3 205
E.1 Version History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
E.2 Network Operating Systems Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
E.3 Workstation Operating Systems Support for the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . 206
E.4 Web Server Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
E.5 iFolder User Access Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
E.6 Management Tools Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
F Documentation Updates 209
F.1 August 2009. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
F.1.1 Multi-Level Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
10 Novell iFolder 3.8 Administration Guide
F.1.2 Active Directory Integration for iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
F.1.3 Installation of iFolder on SLED and Windows Using ZENworks . . . . . . . . . . . . . . . 210
F.2 October 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
F.2.1 LDAPGroup Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
F.2.2 Recovery Agent Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
F.2.3 Recovering iFolder Data from File System Backup . . . . . . . . . . . . . . . . . . . . . . . . . 211
F.2.4 Viewing Reprovisioning Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
F.2.5 SSL Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
F.2.6 Simias.config File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
F.2.7 Web.config File for the Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
novdocx (en) 13 May 2009
Contents 11
novdocx (en) 13 May 2009
12 Novell iFolder 3.8 Administration Guide
About This Guide
novdocx (en) 13 May 2009
This guide describes how to install, configure, and manage Novell® iFolder® enterprise server, Web
TM
Access server, Web Admin server, and the iFolder
client for iFolder 3.7 and later versions. This
guide is divided into the following sections:
Chapter 1, “Overview of Novell iFolder,” on page 15
Chapter 2, “What’s New,” on page 25
Chapter 3, “Planning iFolder Services,” on page 29
Chapter 4, “Comparing Novell iFolder 2.x with 3.7 and Later Versions,” on page 39
Chapter 5, “Prerequisites and Guidelines,” on page 47
Chapter 6, “Installing and Configuring iFolder Services,” on page 51
Chapter 7, “Migrating iFolder Services,” on page 101
Chapter 8, “Running Novell iFolder in a Virtualized Environment,” on page 103
Chapter 9, “Clustering iFolder 3.8 Servers with Novell Cluster Services for Linux,” on
page 105
Chapter 10, “Managing an iFolder Enterprise Server,” on page 115
Chapter 11, “Managing iFolder Services via Web Admin,” on page 131
Chapter 12, “Managing iFolder Users,” on page 153
Chapter 13, “Managing iFolders,” on page 161
Chapter 14, “Managing an iFolder Web Access Server,” on page 169
Chapter 15, “Troubleshooting Tips For Novell iFolder 3.7 and Later Versions,” on page 175
Chapter 16, “Frequently Asked Questions,” on page 181
Appendix A, “Caveats for Implementing iFolder 3.7 and Later Services,” on page 185
Appendix B, “Decommissioning a Slave Server,” on page 187
Appendix C, “Configuration Files,” on page 189
Appendix D, “Managing SSL Certificates for Apache,” on page 201
Appendix E, “Product History of iFolder 3,” on page 205
Appendix F, “Documentation Updates,” on page 209
Audience
This guide is intended for system administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comment feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
About This Guide 13
Documentation Updates
For the most recent version of the Novell iFolder 3.8 Administration Guide, visit the Novell iFolder
3.x documentation Web site (http://www.novell.com/documentation/ifolder3).
Additional Documentation
For information, see the following:
Novell iFolder 3.x Security Administrator Guide (http://www.novell.com/documentation/
ifolder3/index.html)
iFolder User Guide for Novell iFolder 3.8 (http://www.novell.com/documentation/ifolder3/
index.html).
Novell iFolder 3.x documentation (http://www.novell.com/documentation/ifolder3/index.html)
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and
items in a cross-reference path.
A trademark symbol (
®
, TM) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
novdocx (en) 13 May 2009
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
14 Novell iFolder 3.8 Administration Guide
1
Overview of Novell iFolder
Novell® iFolder® 3.7 and later versions represent the next generation of iFolder, supporting multiple
iFolders per user, user-controlled sharing, and a centralized network server for secured file storage
and distribution. With iFolder, users’ local files automatically follow them everywhere—online,
offline, all the time—across computers. Users can share files in multiple iFolders, and share each
iFolder with a different group of users. Users control who can participate in an iFolder and their
access rights to the files in it. Users can also participate in iFolders that others share with them.
This section familiarizes you with the various benefits and features of iFolder and its main
components:
Section 1.1, “Benefits of iFolder for the Enterprise,” on page 15
Section 1.2, “Benefits of iFolder for Users,” on page 18
Section 1.3, “Enterprise Server Sharing,” on page 20
Section 1.4, “Key Features of iFolder,” on page 20
Section 1.5, “What’s Next,” on page 23
novdocx (en) 13 May 2009
1
1.1 Benefits of iFolder for the Enterprise
Benefits of iFolder to the enterprise include the following:
Section 1.1.1, “Seamless Data Access,” on page 15
Section 1.1.2, “Data Safeguards and Data Recovery,” on page 16
Section 1.1.3, “Reliable Data Security,” on page 16
Section 1.1.4, “Encryption Support,” on page 17
Section 1.1.5, “Productive Mobile Users,” on page 17
Section 1.1.6, “Cross-Platform Client Support,” on page 17
Section 1.1.7, “Scalable Deployment,” on page 17
Section 1.1.8, “Multi-Server Support,” on page 17
Section 1.1.9, “Multi-Volume Support,” on page 18
Section 1.1.10, “Enhanced Web Administration,” on page 18
Section 1.1.11, “No Training Requirements,” on page 18
Section 1.1.12, “LDAPGroup Support,” on page 18
1.1.1 Seamless Data Access
Novell iFolder greatly simplifies the IT department’s ability to keep users productive. It empowers
users by enabling their data to follow them wherever they go.
The days of users e-mailing themselves project files so they can work on them from home are gone,
along with the frustration associated with sorting through different versions of the same file on
different machines. iFolder stores and synchronizes users’ work in such a way that no matter what
Overview of Novell iFolder
15
client or what location they log in from, their files are available and in the condition that they expect
them to be. Users can access the most up-to-date version of their documents from any computer by
using the iFolder client or by using Web Access.
Figure 1-1 Access Methods for Novell iFolder 3.7 and Later Versions
novdocx (en) 13 May 2009
1.1.2 Data Safeguards and Data Recovery
With Novell iFolder, data stored on the server can be easily safeguarded from system crashes and
disasters that can result in data loss. When a user saves a file to an iFolder on a local machine, the
iFolder client can automatically update the data on the iFolder server, where it immediately becomes
available for an organization’s regular network backup operations. iFolder makes it easier for IT
managers to ensure that all of an organization’s critical data is protected.
1.1.3 Reliable Data Security
With Novell iFolder, LDAP-based authentication for access to stored data helps prevent
unauthorized network access.
16 Novell iFolder 3.8 Administration Guide
1.1.4 Encryption Support
In a corporate environment, enterprise-level data is generally accessible to the IT department, which
in turn can lead to intentional or unintentional access by unauthorized personnel. Because of this,
executives have been hesitant to store some confidential documents on the network.
With encryption support, iFolder ensures higher security for users’ confidential documents by
encrypting them at the client side before transferring them to the server. Data is thus stored
encrypted on the server, and is retrievable only by the user who created that iFolder.
iFolder makes it easier for IT managers to ensure that all of an organization's critical data is
protected on the iFolder servers without involving any significant risks. iFolder also gives Internet
Service Providers (ISPs) the ability to offer a user-trusted backup solution for their customers'
critical business or personal data.
1.1.5 Productive Mobile Users
A Novell iFolder solution makes it significantly easier to support mobile users. VPN connections
are no longer needed to deliver secure data access to mobile users. Authentication and data transfer
use Secure Sockets Layer (SSL) technology to protect data on the wire.
novdocx (en) 13 May 2009
Users do not need to learn or perform any special procedures to access their files when working
from home or on the road. iFolder does away with version inconsistency, making it simple for users
to access the most up-to-date version of their documents from any connected desktop, laptop, Web
browser, or handheld device.
In preparation to travel or work from home, users no longer need to copy essential data to their
laptop from various desktop and network locations. The iFolder client can automatically update a
user’s local computer with the most current file versions. Even when a personal computer is not
available, users can access all their files via Web Access on any computer connected to the Internet.
1.1.6 Cross-Platform Client Support
The iFolder client is available for Linux, Macintosh, and Windows desktops. Web Access server for
Novell iFolder 3.7 and later versions provide a Web interface that allows users to access their files
on the enterprise server through a Web browser on any computer with an active network or Internet
connection.
1.1.7 Scalable Deployment
iFolder easily scales from small to large environments. You can install iFolder on multiple servers,
allowing your iFolder environment to grow with your business. A single iFolder enterprise server
handles unlimited user accounts, depending on the amount of memory and storage available. Users
in an LDAP context can be concurrently provisioned for iFolder services simply by assigning the
context to an iFolder server.
1.1.8 Multi-Server Support
Handling large amount of data and provisioning multiple enterprise users in a corporate
environment is a major task for any administrator. iFolder simplifies these tasks with multi-server
configuration. Multi-server support is designed exclusively for meeting your enterprise
Overview of Novell iFolder 17
requirements. It serves the purpose of provisioning many users and hosting large amount of data on
your iFolder domain. You can scale up the domain across servers to meet enterprise-level user
requirements by adding multiple servers to a single domain. This will allow you to leverage underutilized servers in an iFolder domain. With multi-server deployment, thus, Enterprise level
provisioning can be effectively managed and Enterprise level data can be scaled up.
1.1.9 Multi-Volume Support
One of the key features of iFolder is its storage scalability. With multi-volume support, Internet
service providers and enterprise data centers can manage large amounts of data above the file system
restrictions per volume. This facilitates moving data between the volumes, based on file size and
storage space availability.
1.1.10 Enhanced Web Administration
Management of all iFolder enterprise servers is centralized through the enhanced iFolder Web
Admin Console. Administrators can perform server management and maintenance activities from
any location, using a standard Web browser. iFolder also frees IT departments from routine
maintenance tasks by providing secure, automatic synchronization of local files to the server.
novdocx (en) 13 May 2009
1.1.11 No Training Requirements
IT personnel no longer need to condition or train users to perform special tasks to ensure the
consistency of data stored locally and on the network. With Novell iFolder, users simply store their
files in the local iFolder directory. Their files are automatically updated to the iFolder server and any
other workstations that share the iFolder. iFolder works seamlessly behind the scenes to ensure that
data is protected and synchronized.
1.1.12 LDAPGroup Support
Provisioning and de-provisioning users separately is a task in itself when the total number of users
are more. Even while sharing a particular file with 10 or 20 members of a same team, you need to
select all members separately and then share. With the LDAPGroups feature, all the above problems
are resolved. You can use the group facility for provisioning and de-provisioning, for setting same
policy for a set of users. The users can share the iFolders with multiple users using groups.
1.2 Benefits of iFolder for Users
Typically, when users work in multiple locations or in collaboration with others, they must
conscientiously manage file versions. With iFolder, the most recent version of a user’s files can
follow the user to any computer where the iFolder client is installed and a shared iFolder is set up.
iFolder also allows users to share multiple iFolders and their separate content with other users of the
iFolder system. Users decide who participates in each shared iFolder, and also controls their level of
access. Similarly, users can participate in shared iFolders that are owned by others in the
collaboration environment.
18 Novell iFolder 3.8 Administration Guide
In the following example, Ulrik owns an iFolder named Denmark and shares it via his iFolder
enterprise account with Nigel, Luc, and Alice. Nigel travels frequently, so he also sets up the iFolder
on his laptop. Any iFolder member can upload and download files from the Denmark iFolder from
anywhere, using the iFolder Web Access server. In addition, Alice shares a non-work iFolder named
Scooters with her friend Ulrik.
Figure 1-2 Collaboration and Sharing with iFolder
novdocx (en) 13 May 2009
With an enterprise server, the iFolders are stored centrally for all iFolder members. The iFolder
server synchronizes the most recent version of documents to all authorized users of the shared
iFolder. All that the iFolder owner and iFolder members need is an active network connection and
the iFolder client.
Novell iFolder provides the following benefits:
Guards against local data loss by automatically backing up local files to the iFolder server and
multiple workstations
Prevent unauthorized network access to sensitive iFolder files.
Allows multiple servers to participate in a single iFolder domain, to allow scaling up the
number of users and data transfer bandwidth.
Transparently updates a user’s iFolder files to the iFolder enterprise server and multiple
member workstations with the iFolder client
Tracks and logs changes made to iFolder files while users work offline, and synchronizes those
changes when they go online.
Provides access to user files on the iFolder server from any workstation without the iFolder
client, using a Web browser and an active Internet or network connection.
Overview of Novell iFolder 19
With SSL encryption enabled, protects data as it travels across the wire.
Makes files on the iFolder server available for regularly scheduled data backup.
1.3 Enterprise Server Sharing
The iFolder client included in this release supports synchronization across multiple computers
through a central Novell iFolder 3.7 or later enterprise server.
Users can share files across computers.
Users can share files with other users or groups.
Each user can own multiple iFolders.
User are allowed to set the encryption policy for their individual iFolder files.
Each user can participate in multiple iFolders owned by other users.
Files can be synchronized via the central server at any time and with improved availability,
reliability, and performance.
Data is transferred encrypted over the wire.
Users are autoprovisioned for iFolder services based on their assignment to administrator-
specified LDAP containers and groups. If there are multiple servers participating in a single
domain, its users are balanced across the servers.
A list of iFolder users is synchronized at regular intervals with the LDAP directory services.
Local files are automatically backed up to the server at regular intervals and on demand.
novdocx (en) 13 May 2009
iFolder data on the server can be backed up to backup media and restored.
Administrators can manage the iFolder system, user accounts, and user iFolders using the
Novell iFolder 3 Web Admin.
1.4 Key Features of iFolder
Section 1.4.1, “iFolder Enterprise Server,” on page 21
Section 1.4.2, “iFolder Web Admin Console,” on page 21
Section 1.4.3, “iFolder Web Access Console,” on page 21
Section 1.4.4, “The iFolder Client,” on page 21
Section 1.4.5, “Multi Server Support,” on page 21
Section 1.4.6, “Encryption,” on page 22
Section 1.4.7, “Shared iFolders,” on page 22
Section 1.4.8, “iFolder Access Rights,” on page 22
Section 1.4.9, “Account Setup for Enterprise Servers,” on page 23
Section 1.4.10, “Access Authentication,” on page 23
Section 1.4.11, “File Synchronization and Data Management,” on page 23
Section 1.4.12, “Synchronization Log,” on page 23
20 Novell iFolder 3.8 Administration Guide
1.4.1 iFolder Enterprise Server
The iFolder enterprise server is a central repository for storing iFolders and synchronizing files for
enterprise users.
1.4.2 iFolder Web Admin Console
The iFolder Web Admin is an administrative tool used to manage the iFolder system, user accounts,
and user iFolders and data.
1.4.3 iFolder Web Access Console
The iFolder Web Access console for 3.7 and later versions provide users with an interface for
remote access to iFolders on iFolder enterprise server.
1.4.4 The iFolder Client
The iFolder client integrates with the user’s operating system to provide iFolder services in a native
desktop environment. It supports the following client operating systems:
novdocx (en) 13 May 2009
SUSE Linux Enterprise Desktop (SLED) 10 SP1 and above
SUSE Linux Enterprise Desktop (SLED) 11
openSUSE 11.1
The iFolder Linux client requires the Mono framework for Linux and a GNOME* desktop for
iFolder Nautilus plug-in support.
Windows XP SP2 and above
Windows Vista SP1 and above
Windows 7 (32-bit and 64-bit)
Macintosh OS X (Intel architecture) v10.4.11 and later (requires Mono 1.2.5 ). PowerPc
architecture is not supported.
An iFolder session begins when the user logs in to an iFolder services account and ends when the
user logs out of the account or exits the iFolder client. The iFolders synchronize files with the
enterprise server only when a session is active and the computer has an active connection to the
network or Internet. Users can access data in their local iFolders at any time; it does not matter if
they are logged in to their server accounts or if they are connected to the network or Internet.
The iFolder client allows users to create and manage their iFolders. For information, see the Novell
iFolder 3.8 Cross-Platform User Guide.
1.4.5 Multi Server Support
Hosting large amounts of data as well as provisioning multiple users is necessary in any enterprise
environment. In earlier versions of iFolder, the iFolder domain was dedicated to a single server,
which limits the number of users and the hosting bandwidth. With multi-server support, iFolder 3.7
and later versions overcame these major limitations.
Multi-server support expands an iFolder domain across servers, so that the enterprise-level user
provisioning can be effectively managed and enterprise-level data can be scaled up accordingly.
Overview of Novell iFolder 21
1.4.6 Encryption
Encryption support offers full security to iFolder users for their sensitive iFolder documents. Users
can back up and encrypt their confidential files on the server without fear of losing it or having it
exposed or falling into the wrong hands.
1.4.7 Shared iFolders
An iFolder is a local directory that the user selectively shares with other users in a collaboration
environment. The iFolder files are accessible to all members of the iFolder and can be changed by
those with the rights to do so. Users can share iFolders across multiple workstations and with others.
Because the iFolder client is integrated into the operating environment, users can work with iFolders
directly in a file manager or in the My iFolders window. Within the iFolder, users can set up any
subdirectory structure that suits their personal or corporate work habits. The subdirectory structure is
constant across all member iFolders. Each workstation can specify a different parent directory for
the shared iFolder.
1.4.8 iFolder Access Rights
novdocx (en) 13 May 2009
The iFolder client provides four levels of access for members of an iFolder:
Owner: Only one user serves as the owner. This is typically the user who created the iFolder.
The owner or an iFolder Administrator can transfer ownership status from the owner to another
user.
The owner of an iFolder has the Full Control right. This user has Read/Write access to the
iFolder, manages membership and access rights for member users, and can remove the Full
Control right for any member. With an enterprise server, the disk space used by the owner’s
iFolders count against the owner’s user disk quotas on the enterprise server.
If a user is deleted from the iFolder system, the iFolders owned by the user are orphaned.
Orphaned iFolders are assigned temporarily to the iFolder Admin user, who becomes the owner
of the iFolder. Membership and synchronization continues while the iFolder Admin user
determines whether an orphaned iFolder should be deleted or assigned to a new owner.
Full Control: A member of the shared iFolder, with the Full Control access right. The user
with the Full Control right has Read/Write access to the iFolder and manages membership and
access rights for all users except the owner.
Read/Write: A member of the shared iFolder, with the Read/Write access right to directories
and files in the iFolder.
Read Only: A member of the shared iFolder, with the Read Only access right to directories
and files in the iFolder. This member can copy an iFolder file to another location and modify it
outside the iFolder.
When used with an enterprise server account, the server hosts every iFolder created for that account.
Users create an iFolder and the enterprise server makes it available to the specified list of users. A
user can have a separate account on each enterprise server. A user’s level of membership in each
shared iFolder can differ.
22 Novell iFolder 3.8 Administration Guide
1.4.9 Account Setup for Enterprise Servers
The iFolder client allows you to set up multiple accounts, with one each allowed per enterprise
server. Users specify the server address, username, and password to uniquely identify an account.
On his or her computer, a user sets up accounts while logged in as the local identity he or she plans
to use to access that account and its iFolders. Under the local login, the user can set up multiple
iFolder accounts, but each account must belong to a different iFolder enterprise server.
1.4.10 Access Authentication
Whenever iFolder connects to an enterprise server to synchronize files, it connects with HTTP
BASIC and SSL connections to the server, and the server authenticates the user against the LDAP
directory service.
1.4.11 File Synchronization and Data Management
When you set up an iFolder account, you can enable Remember Password so that iFolder can
synchronize iFolder invitations and files in the background as you work. The iFolder client runs
automatically each time you log in to your computer’s desktop environment. The session runs in the
background as you work with files in your local iFolders, tracking and logging any changes you
make. With an enterprise server, you can synchronize the files at specified intervals or on demand.
novdocx (en) 13 May 2009
1.4.12 Synchronization Log
The log displays a log of your iFolder background activity.
1.5 What’s Next
Before you install iFolder, review the following sections:
“Planning iFolder Services” on page 29
“Prerequisites and Guidelines” on page 47
When you are done, install and configure your iFolder enterprise server and Web Access server. .
Overview of Novell iFolder 23
novdocx (en) 13 May 2009
24 Novell iFolder 3.8 Administration Guide
2
What’s New
Novell® iFolder® 3.x and the iFolderTM client offer many new capabilities as compared to Novell
iFolder 2.x. This section discusses the following:
Section 2.1, “What’s New in Novell iFolder 3.8,” on page 25
Section 2.2, “What’s New in Novell iFolder 3.7,” on page 25
Section 2.3, “What’s New in Novell iFolder 3.6,” on page 26
Section 2.4, “What’s New in Novell iFolder 3.2,” on page 26
Section 2.5, “What’s New in Novell iFolder 3.1,” on page 26
Section 2.6, “What’s New in Novell iFolder 3.0,” on page 27
2.1 What’s New in Novell iFolder 3.8
The following features are new in iFolder 3.8:
novdocx (en) 13 May 2009
2
Multi-level administration. For more information, see “Multi-level administration” on
page 136.
Active Directory integration for iFolder. For more information, see Section 5.4, “Active
Directory,” on page 48.
Support for mono 2.4 runtime environment. For more information, see Section 5.6, “Mono,” on
page 49
Passphrase recovery wizard. For more information, see section “Managing Passphrase for
Encrypted iFolders” in the Novell iFolder 3.8 Cross-Platform User Guide.
Support for changing iFolder account password using Web access console and iFolder clients.
For more information, see section “Changing the iFolder account password” and “Changing the
iFolder account password” in the Novell iFolder 3.8 Cross-Platform User Guide.
Enhanced User interface.
Enhanced iFolder client startup performance.
iFolder client for openSUSE 11.1 and SLED 11
64 bit version of iFolder client for Vista64.
2.2 What’s New in Novell iFolder 3.7
The following features are new in iFolder 3.7:
iFolder client for Macintosh and Vista
Server Migration by using the Migration Tool
SSL Communication
LDAPGroup Support
Auto-Account creation by using a Response file
iFolder Merge
What’s New
25
Improved file conflict management
Enhanced Web administration
Mechanism to re-provision users to another server
2.3 What’s New in Novell iFolder 3.6
The following features are new in iFolder 3.6:
Multi-sever support with no limit on the number of users and servers to allow expanding the
iFolder domain across multiple servers
Encryption support for users to store sensitive files secured on servers.
Enhanced Web Admin console to manage, deploy and maintain iFolder system.
Volume scalability support for iFolder servers to allow administrator to move data across
multiple volume on a single server.
With Multi-domain capability, iFolder 3.6 allows users to work with files belonging to two
iFolders that reside on two different iFolder servers
Enhanced web access for users to help them perform all the operations equivalent to that of
iFolder client through web access. It allow mobile users access their iFolder and thus perform
all the iFolder operations via mobile.
Simplified iFolder sharing via Web Access.
Enhanced reporting for better manageability.
novdocx (en) 13 May 2009
Support for multiple directories (eDirectory, OpenLDAP and SunOne)
2.4 What’s New in Novell iFolder 3.2
The following features are new in iFolder 3.2:
Localized user help for the iFolder client
Support for users to log in to the iFolder server with their common name or e-mail address. The
iFolder Admin User configures the option during installation and the setting applies to all
users.
2.5 What’s New in Novell iFolder 3.1
The following features are new in iFolder 3.1:
Support for the iFolder data store on Novell Storage Services
Support for Novell Cluster Services
Support for Mono 1.1.7.7x.
Interoperability for Novell iChain, Novell BorderManager, and Novell Security Manager.
TM
for Linux.
TM
(NSS) volumes on Linux
26 Novell iFolder 3.8 Administration Guide
2.6 What’s New in Novell iFolder 3.0
Novell iFolder 3.0 includes several important new features.
Multiple iFolders: A user creates as many iFolders as desired and manages each one
separately. Each iFolder functions independently to synchronize its own set of files. Users
specify the local path for each iFolder.
Shared iFolders: Each iFolder can be kept private or shared with a different group of users.
For a shared iFolder, the owner or a member with the Full Control right controls who
participates in the iFolder and the level of access granted to each member, such as Full Control,
Read/Write, or Read Only.
Centralized iFolder Synchronization and Storage: iFolder data is automatically
synchronized by the iFolder client to the iFolder enterprise server over an IP network. The
enterprise server stores files for each iFolder, then synchronizes them to other member
computers. Encryption is supported for data transfers. Administrators control whether data is
transported securely with HTTPS (SSL) connections during synchronization, or if data is
transported with standard HTTP BASIC connections.
Multiple iFolder Accounts: Users can concurrently access iFolder accounts on different
servers.
novdocx (en) 13 May 2009
Web Access to iFolders: Users access their iFolder enterprise server accounts from any
computer with Internet access. They create subdirectories, upload files, and download files to
any of their iFolders. All iFolders for the account are available, whether the user is the owner or
a member.
Client-Side APIs: Almost every function an end user can accomplish through the UI is
exposed as an API. This allows third-party developers to more easily integrate their
applications with iFolder and gives organizations the tools they need to customize iFolder.
What’s New 27
novdocx (en) 13 May 2009
28 Novell iFolder 3.8 Administration Guide
3
Planning iFolder Services
This section discusses the planning considerations for providing Novell® iFolder® services for 3.7
and later versions.
Section 3.1, “Security Considerations,” on page 29
Section 3.2, “Server Workload Considerations,” on page 29
Section 3.3, “Naming Conventions for Usernames and Passwords,” on page 30
Section 3.4, “Admin User Considerations,” on page 31
Section 3.5, “iFolder User Account Considerations,” on page 32
Section 3.6, “iFolders Data and Synchronization Considerations,” on page 35
Section 3.7, “Management Tools,” on page 36
3.1 Security Considerations
novdocx (en) 13 May 2009
3
For information about planning security for your iFolder 3.x system, see the Novell iFolder 3.8
Security Administration Guide.
3.2 Server Workload Considerations
iFolder 3.7 and later enterprise servers support a complex usage model where each user can own
multiple iFolders and participate in iFolders owned by other users. Instead of a single user working
from different workstations at different times, multiple users can be concurrently modifying files
and synchronizing them. Whenever a user adds a new member to an iFolder, the workload on the
server can increase almost as much as if you added another user to the system.
iFolder 3.7 and later versions provide multi-server and multi-volume support to enhance the storage
capability of its servers. Multi-Volume feature is exempt from the single iFolder per-volume
restriction, so it enables you to move the data across multiple volume available on a single server.
With the Web Admin console, you can add multiple mount points to a single server to increase the
effective space available. The iFolder server also has the capability to configure the volume on
which a particular iFolder needs to be created through the Web Admin console.
Multi-server support is another key feature in iFolder 3.7 and later versions that makes server
workload management significantly easier for administrators. In the past, an iFolder domain was
dedicated to a single server that limited the number of users and data transfer bandwidth. With
multi-server support, iFolder 3.7 and later versions have the capability to add more than one server
to a single iFolder domain, so enterprise provisioning is effectively managed and hosting enterprise
data is scaled up.
You can even set user account quotas to control the maximum storage space consumed by a user’s
iFolders on the server. The actual bandwidth usage for each iFolder depends on the following:
The number of members subscribed to the iFolder.
The number of computers actively sharing the iFolder.
How much data is stored in the iFolder.
The actual and average size of files in the iFolder.
Planning iFolder Services
29
The number of files in the iFolder.
How frequently files change in the file.
How much data actually changes.
How frequently files are synchronized.
The available bandwidth and throughput of network connections.
We recommend that you set up a pilot program to assess your operational needs and performance
based on your equipment and collaboration environment, then design your system accordingly.
The following is a suggested baseline configuration for iFolder 3.7 and later servers with a workload
similar to a typical iFolder 2.1x server. It is based on an example workload of about 12.5 GB of data
throughput (up and down) each 24 hours, including all Ethernet traffic and protocol overhead. Your
actual performance might differ.
Table 3-1 Suggested Baseline Configuration for an iFolder Enterprise Server
Component Example System Configuration
novdocx (en) 13 May 2009
Hardware 1.8 GHz Single processor
2 GB RAM
300 GB hard drive
iFolder Services 500 users per server (multi-server configuration)
500 MB user account quota per user
1 iFolder per user that is not shared with other users
5% change in each user’s data per 24-hour period
If iFolder server is serving large number of requests, it is possible that for some requests you may
receive HTTP 500 error. To manage this and to enable iFolder to serve more requests, do the
following:
1 Edit the
* soft nofile 100000
* hard nofile 110000
2 Save the
/etc/security/limits.conf file
limits.conf
file and reboot the server.
add the following lines:
3.3 Naming Conventions for Usernames and Passwords
Section 3.3.1, “LDAP Naming Requirement,” on page 30
Section 3.3.2, “Multilingual Considerations,” on page 31
3.3.1 LDAP Naming Requirement
Usernames and passwords must comply with the constraints set by your LDAP service.
30 Novell iFolder 3.8 Administration Guide
Loading...