Novell Open Enterprise Server Planning and Implementation Guide

Planning and Implementation Guide

Novell®

Open Enterprise Server

novdocx (en) 22 June 2009

AUTHORIZED DOCUMENTATION

2 SP2

November 10, 2009

www.novell.com

OES 2 SP2: Planning and Implementation Guide

Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 22 June 2009

Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 22 June 2009

4 OES 2 SP2: Planning and Implementation Guide

Contents

About This Guide 15

1 What’s New or Changed 17

1.1 Where’s NetWare?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.1.1 NetWare References in This Guide and Elsewhere . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.1.2 NetWare Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2 Links to What's New Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.3 New or Changed in OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.1 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.2 Base Platform Is SLES 10 SP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.3 CIFS DFS Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.4 Create EVMS Proposal Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.5 Cross-Protocole File Locking Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.3.6 Domain Services for Windows Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.3.7 Performance Increases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.3.8 PureFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.3.9 Upgrading Online. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.4 New in OES 2 SP1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.4.1 YaST Install Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.4.2 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.4.3 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.4.4 Novell Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.4.5 Migration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.5 New in OES 2 (Initial Release). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.5.1 Dynamic Storage Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.5.2 OES 2 Migration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.5.3 Xen Virtualization Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

novdocx (en) 22 June 2009

2 Welcome to Open Enterprise Server 2 25

3 Planning Your OES 2 Implementation 27

3.1 What Services Are Included in OES 2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.2 Which Services Do I Need? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.3 Exploring OES 2 services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.4 Plan for eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.5 Prepare Your Existing eDirectory Tree for OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.6 Identify a Purpose for Each Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.7 Understand Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.8 Understand User Restrictions and Linux User Management . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9 Caveats to Consider Before You Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9.1 Adding a Linux Node to a Cluster Ends Adding More NetWare Nodes . . . . . . . . . . . 37

3.9.2 AFP File Locking Requires Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.3 Always Double-Check Service Configurations Before Installing . . . . . . . . . . . . . . . . 37

3.9.4 Back Button Doesn’t Reset Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.5 Cluster Upgrades Must Be Planned Before Installing OES 2 . . . . . . . . . . . . . . . . . . 38

3.9.6 Do Not Create Local (POSIX) Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.9.7 Do Not Upgrade to eDirectory 8.8 Separately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.9.8 Follow the Instructions for Your Chosen Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Contents 5

3.9.9 If You’ve Ever Had OES 1 Linux Servers with LUM and NSS Installed. . . . . . . . . . . 39

3.9.10 iFolder 3.8 Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.9.11 Incompatible TLS Configurations Give No Warning . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.9.12 Installing into an Existing eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.9.13 NetWare Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.9.14 Novell Distributed Print Services Cannot Migrate to Linux . . . . . . . . . . . . . . . . . . . . 44

3.9.15 NSS Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3.9.16 Plan eDirectory Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.9.17 Samba Enabling Disables SSH Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.9.18 Unsupported Service Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.9.19 VNC Install Fails to Set the IP Address in /etc/hosts . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.10 Consider Coexistence and Migration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.11 Understand Your Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.11.1 OES 2 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.11.2 About Your Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.11.3 Use Predefined Server Types (Patterns) When Possible . . . . . . . . . . . . . . . . . . . . . 51

3.11.4 If You Want to Install in a Lab First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

3.11.5 If You Want to Install NSS on a Single-Drive Linux Server . . . . . . . . . . . . . . . . . . . . 52

4 Getting and Preparing OES 2 Software 53

novdocx (en) 22 June 2009

4.1 Do You Have Upgrade Protection? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.2 Do You Want 32-Bit or 64-Bit OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.3 Do You Want to Purchase OES 2 or Evaluate It? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.4 Evaluating OES 2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.4.1 Understanding OES 2 Software Evaluation Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4.2 Downloading OES 2 SP2 Software from the Novell Web Site. . . . . . . . . . . . . . . . . . 55

4.4.3 Preparing the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.4.4 Installing OES 2 for Evaluation Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.4.5 Evaluating OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4.4.6 Installing Purchased Activation Codes after the Evaluation Period Expires . . . . . . . 57

4.5 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4.5.1 The OES 2 Licensing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4.5.2 SLES Licensing Entitlements in OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4.5.3 OES 2 Doesn’t Support NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

5 Installing OES 2 59

5.1 Installing OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.1.1 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.2 Installing OES 2 Servers in a Xen VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6 Caveats for Implementing OES 2 Services 61

6.1 AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.1.1 Anti-Virus Solutions and AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.2 Avoiding POSIX and eDirectory Duplications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.2.1 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.2.2 Three Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.2.3 Avoiding Duplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.3 CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.3.1 Changing the Server IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.4 ConsoleOne Can Cause JClient Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.5 CUPS on OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.6 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.6.1 Avoid Uninstalling eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6 OES 2 SP2: Planning and Implementation Guide

6.6.2 Avoid Renaming Trees and Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.6.3 Default Static Cache Limit Might Be Inadequate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.6.4 eDirectory Fails to Start Automatically After a Command Prompt Install. . . . . . . . . . 65

6.6.5 One Instance Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.6.6 Special Characters in Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.7 iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.8 iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.8.1 Cluster Failover Between Mixed Platforms Not Supported . . . . . . . . . . . . . . . . . . . . 66

6.8.2 Printer Driver Uploading on OES 2 Might Require a CUPS Administrator Credential 67

6.8.3 Printer Driver Uploading Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.8.4 iManager Plug-Ins Are Platform-Specific. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.8.5 iPrint Client for Linux Doesn't Install Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.8.6 iPrint Disables CUPS Printing on the OES 2 Server . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.9 LDAP—Preventing “Bad XML” Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.10 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.10.1 iManager RBS Configuration with OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.10.2 Storage Error in iManager When Accessing a Virtual Server . . . . . . . . . . . . . . . . . . 69

6.10.3 Truncated DOS-Compatible Short Filenames Are Not Supported at a Terminal

Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.11 NCP Doesn’t Equal NSS File Attribute Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.12 Novell-tomcat Is for OES Use Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.13 NSS (OES 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.13.1 Understanding Name Space Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.13.2 The Role of EVMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.14 OpenLDAP on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.15 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.16 Virtualization Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.16.1 Always Close Virtual Machine Manager When Not in Use . . . . . . . . . . . . . . . . . . . . 71

6.16.2 Always Use Timesync Rather Than NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.16.3 Backing Up a Xen Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.16.4 Time Synchronization and Virtualized OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.16.5 NSS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

novdocx (en) 22 June 2009

7 Upgrading to OES 2 73

7.1 Caveats to Consider Before Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

7.1.1 About Previously Installed Packages (RPMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

7.1.2 iManager 2.5 Replaced by iManager 2.7 on NetWare. . . . . . . . . . . . . . . . . . . . . . . . 73

7.1.3 OES 1 Linux to OES 2 Service Differences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

7.1.4 Only One eDirectory Instance Is Supported on OES Servers . . . . . . . . . . . . . . . . . . 74

7.2 OES 2 SP2 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

7.3 NetWare 6.5 SP8 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

8 Migrating and Consolidating Existing Servers and Data 75

8.1 Supported OES 2 SP2 Migration Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8.2 Migration Tools and Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8.2.1 OES 2 SP2 Migration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8.2.2 Migrate Windows Shares Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

9 Virtualization in OES 2 77

9.1 Graphical Overview of Virtualization in OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

9.2 Why Install OES Services on Your VM Host? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

9.3 Services Supported on VM Hosts and Guests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Contents 7

10 Clustering and High Availability 81

11 Managing OES 2 83

11.1 Overview of Management Interfaces and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

11.2 Using OES 2 Welcome Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

11.2.1 The Welcome Site Requires JavaScript, Apache, and Tomcat . . . . . . . . . . . . . . . . . 84

11.2.2 <<<Accessing the Welcome Web Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

11.2.3 The Welcome Web Site Is Available to All Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

11.2.4 Administrative Access from the Welcome Web Site . . . . . . . . . . . . . . . . . . . . . . . . . 85

11.3 OES Utilities and Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

11.4 SSH Services on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

11.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

11.4.2 Setting Up SSH Access for LUM-enabled eDirectory Users . . . . . . . . . . . . . . . . . . . 95

12 Network Services 99

12.1 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.1.1 Coexistence and Migration Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.2 DNS and DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.2.1 DNS Differences Between NetWare and OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

12.2.2 DHCP Differences Between NetWare and OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . 101

12.3 Time Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

12.3.1 Overview of Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

12.3.2 Planning for Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

12.3.3 Coexistence and Migration of Time Synchronization Services . . . . . . . . . . . . . . . . 108

12.3.4 Implementing Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

12.3.5 Configuring and Administering Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . 111

12.3.6 Daylight Saving Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

12.4 Discovery Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

12.4.1 Novell SLP and OpenSLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

12.4.2 WinSock and Discovery Is NetWare only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.4.3 UDDI and Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.4.4 CIMOM and Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.5 SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.5.1 Why SLP Is Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.5.2 Comparing Novell SLP and OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

12.5.3 Setting Up OpenSLP on OES 2 Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

12.5.4 Using Novell SLP on OES 2 Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

novdocx (en) 22 June 2009

13 Storage and File Systems 123

13.1 Overview of OES 2 Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

13.1.1 Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

13.1.2 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

13.1.3 File System Support in OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

13.1.4 Storage Basics by Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

13.1.5 Storage Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

13.1.6 NetWare Core Protocol Support (Novell Client Support) on Linux . . . . . . . . . . . . . 128

13.2 Planning OES File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

13.2.1 Directory Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

13.2.2 File Service Support Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

13.2.3 General Requirements for Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

13.2.4 OES 2 Storage Planning Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

13.2.5 NSS Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

13.3 Coexistence and Migration of Storage Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

8 OES 2 SP2: Planning and Implementation Guide

13.3.1 MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

13.3.2 OES 2 Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

13.3.3 NetWare 6.5 SP8 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

13.4 Configuring and Maintaining Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

13.4.1 Managing Directories and Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

13.4.2 Managing NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

13.4.3 Optimizing Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

14 eDirectory, LDAP, and Domain Services for Windows 139

14.1 Overview of Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

14.2 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.2.1 Installing and Managing eDirectory on OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.2.2 Planning Your eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

14.2.3 eDirectory Coexistence and Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

14.3 LDAP (eDirectory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

14.3.1 Overview of eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

14.3.2 Planning eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

14.3.3 Migration of eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

14.3.4 eDirectory LDAP Implementation Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

14.4 Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

14.4.1 Graphical Overview of DSfW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

14.4.2 Planning Your DSfW Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

14.4.3 Implementing DSfW on Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

novdocx (en) 22 June 2009

15 Users and Groups 149

15.1 Creating Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

15.2 Linux User Management: Access to Linux for eDirectory Users . . . . . . . . . . . . . . . . . . . . . . 149

15.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

15.2.2 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

15.2.3 LUM Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

15.3 Identity Management Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

15.4 Using the Identity Manager 3.6.1 Bundle Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

15.4.1 What Am I Entitled to Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

15.4.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

15.4.3 Installation Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

15.4.4 Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

15.4.5 Activating the Bundle Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

16 Access Control and Authentication 163

16.1 Controlling Access to Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

16.1.1 Overview of Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

16.1.2 Planning for Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

16.1.3 Coexistence and Migration of Access Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

16.1.4 Access Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

16.1.5 Configuring and Administering Access to Services . . . . . . . . . . . . . . . . . . . . . . . . . 172

16.2 Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

16.2.1 Overview of Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

16.2.2 Planning for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

16.2.3 Authentication Coexistence and Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

16.2.4 Configuring and Administering Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Contents 9

17 File Services 179

17.1 Overview of File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

17.1.1 Using the File Services Overviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

17.1.2 FTP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

17.1.3 NetWare Core Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

17.1.4 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

17.1.5 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

17.1.6 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

17.1.7 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

17.1.8 Novell Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

17.2 Planning for File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

17.2.1 Deciding Which Components Match Your Needs . . . . . . . . . . . . . . . . . . . . . . . . . . 189

17.2.2 Comparing Your CIFS File Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

17.2.3 Planning Your File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.3 Coexistence and Migration of File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

17.3.1 Novell Client (NCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

17.3.2 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.3.3 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.3.4 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.3.5 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.3.6 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.4 Aligning NCP and POSIX File Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

17.4.1 Managing Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

17.4.2 Providing a Private Work Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

17.4.3 Providing a Group Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

17.4.4 Providing a Public Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

17.4.5 Setting Up Rights Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

17.5 PureFTP Remote Access Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

17.5.1 Configuring FTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

17.5.2 Path Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

17.5.3 SITE Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

17.6 NCP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

17.6.1 The Default NCP Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

17.6.2 Creating NCP Home and Data Volume Pointers . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

17.6.3 Assigning File Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

17.6.4 NCP Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

17.6.5 NCP Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.7 NetStorage Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.7.1 About Automatic Access and Storage Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.7.2 About SSH Storage Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.7.3 Assigning User and Group Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.7.4 Authenticating to Access Other Target Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

17.7.5 NetStorage Authentication Is Not Persistent by Default . . . . . . . . . . . . . . . . . . . . . 203

17.7.6 NetStorage Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.8 Novell AFP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.8.1 Implementing Novell AFP File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.8.2 Maintaining Novell AFP File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.9 Novell CIFS Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.9.1 Implementing Novell CIFS File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.9.2 Maintaining Novell CIFS File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.10 Novell iFolder 3.8 Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.10.1 Managing Novell iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.10.2 Configuring Novell iFolder 3.8 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.10.3 Creating and Enabling Novell iFolder 3.8 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.10.4 Novell iFolder 3.8 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.11 Samba Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

novdocx (en) 22 June 2009

10 OES 2 SP2: Planning and Implementation Guide

17.11.1 Implementing Samba File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.11.2 Maintaining Samba File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

18 Search Engine (QuickFinder) 207

19 Print Services 209

19.1 Overview of Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

19.1.1 Using This Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

19.1.2 iPrint Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

19.1.3 iPrint Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

19.2 Planning for Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

19.3 Coexistence and Migration of Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

19.4 Print Services Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

19.4.1 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

19.4.2 Implementation Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

19.4.3 Other Implementation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

19.5 Print Services Maintenance Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

20 Web Services 215

novdocx (en) 22 June 2009

21 Security 217

21.1 Overview of OES Security Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

21.1.1 Application Security (AppArmor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

21.1.2 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

21.1.3 Encryption (NICI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

21.1.4 General Security Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

21.2 Planning for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

21.2.1 Comparing the Linux and the Novell Trustee File Security Models . . . . . . . . . . . . . 219

21.2.2 User Restrictions: Some OES 2 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

21.3 Configuring and Administering Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

21.4 Links to Product Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

21.5 Links to Anti-Virus Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

22 Certificate Management 225

22.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

22.1.1 SLES Default Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

22.1.2 OES 2 Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

22.1.3 Multiple Trees Sharing a Common Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

22.2 Setting Up Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

22.2.1 Setting Up Automatic Certificate Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

22.2.2 Eliminating Browser Certificate Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

22.3 If You Don’t Want to Use eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

A Adding Services to OES 2 Servers 233

B Changing an OES 2 Server’s IP Address 235

B.1 Caveats and Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

B.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

B.2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

B.2.2 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Contents 11

B.2.3 Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

B.3 Changing the Server’s Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

B.4 Reconfiguring the OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

B.5 Repairing the eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

B.6 Completing the Server Reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

B.6.1 QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.6.2 DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.6.3 DSfW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.6.4 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

B.6.5 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

B.7 Modifying a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

B.8 Reconfiguring Services on Other Servers That Point to This Server . . . . . . . . . . . . . . . . . . . 241

C Updating/Patching OES 2 Servers 243

D Backup Services 245

D.1 Services for End Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.2 System-Wide Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.2.1 Links to Backup Partners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.2.2 Novell Storage Management Services (SMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.2.3 SLES 10 Backup Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

novdocx (en) 22 June 2009

E Quick Reference to OES 2 User Services 247

F OES 2 SP2 Browser Support 249

G Client/Workstation OS Support 251

H OES 2 Service Scripts 253

I System User and Group Management in OES 2 SP2 257

I.1 About System Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

I.1.1 Types of OES System Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

I.1.2 OES System Users and Groups by Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

I.2 Understanding Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

I.2.1 What Are Proxy Users? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

I.2.2 Why Are Proxy Users Needed on OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

I.2.3 Which Services Require Proxy Users and Why?. . . . . . . . . . . . . . . . . . . . . . . . . . . 260

I.2.4 What Rights Do Proxy Users Have? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

I.3 Planning Your Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

I.3.1 About Proxy User Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

I.3.2 Proxy User Impacts on User Connection Licenses . . . . . . . . . . . . . . . . . . . . . . . . . 267

I.3.3 Limiting the Number of Proxy Users in Your Tree . . . . . . . . . . . . . . . . . . . . . . . . . . 267

I.3.4 Proxy Users and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

I.4 Implementing Your Proxy User Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

I.4.1 Tree-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

I.4.2 Service-Specific Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

I.4.3 Partition-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

I.4.4 Server-Wide Proxy User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

I.4.5 Individual Proxy User Per-Server-Per-Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

I.5 Proxy Users and Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

12 OES 2 SP2: Planning and Implementation Guide

I.6 System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

I.7 System Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

I.8 Auditing System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

J Administrative Users in OES 2 SP2 277

K Coordinating Password Policies Among Multiple File Services 279

K.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

K.2 Concepts and Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

K.2.1 Prerequisites for File Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

K.2.2 eDirectory contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

K.2.3 Password Policies and Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

K.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

K.3.1 Example 1: Complex Mixed Tree with a Mix of File Access Services and Users from

across the Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

K.3.2 Example 2: Mutually Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

K.4 Deployment Guidelines for Different Servers and Deployment Scenarios. . . . . . . . . . . . . . . 283

K.4.1 Deployment Scenario 1: Complex Mixed Scenario with a Mix of File Access

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

K.4.2 Deployment Scenario 2: Mutually /Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . 286

K.4.3 Deployment Scenario 3: Simple deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

K.4.4 Modifying User Password Policies after AFP/CIFS/Samba/DSfW Is Installed . . . . 286

K.4.5 Adding New User eDirectory Contexts to AFP/CIFS after AFP/CIFS/Samba/DSfW Is

Installed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

K.4.6 Enabling File Access for DSfW Servers Across Domains . . . . . . . . . . . . . . . . . . . . 287

novdocx (en) 22 June 2009

Contents 13

novdocx (en) 22 June 2009

14 OES 2 SP2: Planning and Implementation Guide

About This Guide

Purpose

This guide provides:

 Planning and implementation instructions

 Service overviews

 Links to detailed information in other service-specific guides.

Audience

This guide is designed to help network administrators

 Understand Open Enterprise Server 2 services prior to installing them.

 Make pre-installation planning decisions.

 Understand installation options for each platform.

novdocx (en) 22 June 2009

 Implement the services after they are installed.

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with OES 2. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

Changes to this guide are summarized in a Documentation Updates appendix at the end of this guide. The lack of such an appendix indicates that no changes have been made since the initial product release.

Additional Documentation

The OES 2 SP2: Lab Guide for Linux and Virtualized NetWare is the hands-on counterpart to this guide and helps network administrators:

 Set up a basic lab with an OES 2 server, a virtualized NetWare

objects that represent the different types of users in OES 2.

 Use the exercises in the guide to explore how OES 2 services work.

 Continue exploring to gain a sound understanding of how OES 2 can benefit their organization.

server, a test tree, and user

Additional documentation is also found on the OES 2 Documentation Web site (http://

www.novell.com/documentation/oes2).

About This Guide 15

Documentation Conventions

The terms OES 2 and OES 2 SP2 are both used in this guide. Generally, OES 2 SP2 is used to differentiate something that is new or changed for the SP2 release of OES 2. Unless otherwise indicated, all statements that refer to OES 2 also apply to OES 2 SP2 unless otherwise indicated.

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path.

A trademark symbol (

, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party

trademark.

When a single pathname can be written with a backslash for some platforms, or a forward slash for other platforms, the pathname is presented with a forward slash to reflect the Linux* convention. Users of platforms that require a backslash, such as NetWare, should use backslashes as required by the software.

novdocx (en) 22 June 2009

16 OES 2 SP2: Planning and Implementation Guide

What’s New or Changed

This section summarizes the new features for each release of Novell® Open Enterprise Server (OES)

 Section 1.1, “Where’s NetWare?,” on page 17

 Section 1.2, “Links to What's New Sections,” on page 17

 Section 1.3, “New or Changed in OES 2 SP2,” on page 19

 Section 1.4, “New in OES 2 SP1,” on page 20

 Section 1.5, “New in OES 2 (Initial Release),” on page 22

1.1 Where’s NetWare?

Novell® Open Enterprise Server 2 SP2 does not include NetWare®. Anyone who wants to test NetWare in an OES 2 SP2 environment should download NetWare 6.5 SP8 from the Novell

download site (http://download.novell.com/Download?buildid=dpIR3H1ymhk~).

novdocx (en) 22 June 2009

1.1.1 NetWare References in This Guide and Elsewhere

Because many organizations are transitioning their network services from NetWare to OES, information to assist with upgrading from NetWare to OES 2 is included in this guide and in the OES 2 SP2 documentation set—especially in the OES 2 SP2: Upgrading to OES—Planning and

Implementation Guide.

1.1.2 NetWare Documentation

For NetWare documentation, including installation and configuration instructions, see the NetWare

6.5 SP8 Online Documentation Web site (http://www.novell.com/documentation/nw65).

1.2 Links to What's New Sections

The following table provides links to the What’s New sections in the documentation for all OES 2 products.

Table 1-1 What’s New

Product Link to What's New Section

Archive and Version Services 2.1 Linux Administration Guide

User Guide

DHCP Administration Guide

Distributed File Services Administration Guide

DNS Administration Guide

What’s New or Changed

Product Link to What's New Section

Domain Services for Windows Administration Guide

Dynamic Storage Technology Administration Guide

Identity Manager 3.6 Getting Started Guide (http://www.novell.com/

documentation/idm36/idm_install/data/ be1l5dw.html)

iManager 2.7 Administration Guide

Installation Installation Guide

iPrint Administration Guide

Migration Tool Administration Guide

NCP Server for OES 2 Administration Guide

NetStorage Administration Guide

Novell AFP Administration Guide

novdocx (en) 22 June 2009

Novell CIFS Administration Guide

Novell Client

Linux

Windows XP/2003 Administration Guide

Windows Vista* Administration Guide

Novell Cluster Services

Novell iFolder

3.8 Administration Guide

(High Availability) Administration Guide

User Guide

Novell Remote Manager Administration Guide

Novell Storage Services (NSS) Administration Guide

Nsure

Audit Administration Guide

OES 2 Installation Guide

OpenWBEM Administration Guide

QuickFinder

5 Administration Guide

Samba (Linux) Administration Guide

Server Health Monitoring This is now available in various Novell Remote

Manager dialog boxes on both platforms.

Shadow Volumes See “Overview of Dynamic Storage Technology” in

Storage Management Services (SMS) Administration Guide

Virtualization (Xen*) Virtualization Overview

18 OES 2 SP2: Planning and Implementation Guide

For more information, see “Health Monitoring

Services” on page 86.

the OES 2 SP2: Dynamic Storage Technology

Administration Guide.

1.3 New or Changed in OES 2 SP2

This section summarizes the new features introduced in Novell® Open Enterprise Server (OES) 2 SP2 that either involve multiple services or are not covered in service-specific documentation. For information on service-specific new features, see Section 1.2, “Links to What's New Sections,” on

page 17.

 Section 1.3.1, “Auditing,” on page 19

 Section 1.3.2, “Base Platform Is SLES 10 SP3,” on page 19

 Section 1.3.3, “CIFS DFS Support,” on page 19

 Section 1.3.4, “Create EVMS Proposal Option,” on page 19

 Section 1.3.5, “Cross-Protocole File Locking Change,” on page 20

 Section 1.3.6, “Domain Services for Windows Installation,” on page 20

 Section 1.3.7, “Performance Increases,” on page 20

 Section 1.3.8, “PureFTP,” on page 20

 Section 1.3.9, “Upgrading Online,” on page 20

novdocx (en) 22 June 2009

1.3.1 Auditing

OES 2 SP2 includes support for third-party developers to create auditing products. For more information, see Section 21.1.2, “Auditing,” on page 217.

1.3.2 Base Platform Is SLES 10 SP3

 With the release of OES 2 SP2, the Linux platform on which OES services run is changed from

SUSE

Linux Enterprise Server (SLES) 10 SP2 to SLES 10 SP3 and includes Tomcat 5.5.

1.3.3 CIFS DFS Support

This has been added in OES 2 SP2.

1.3.4 Create EVMS Proposal Option

The Partitioner in the YaST Install offers an option to “Create an EVMS Proposal.”

For unpartitioned devices over 20 GB in size, this option creates a boot partition and a container for

swap

the device as unpartitioned free space. The default larger, depending on the amount of RAM the server has.

and / (root) volumes in up to the first 20 GB, and leaves the remainder of the space on the

partition size is 10 GB. The swap size is 1 GB or

IMPORTANT: This option applies only if you are installing an NSS volume on the same disk as your Linux root (/) partition.

What’s New or Changed 19

1.3.5 Cross-Protocole File Locking Change

Starting with OES 2 SP2, cross-protocol file locking (CPL) is enabled by default as follows:

 All new servers with NCP installed have CPL turned on.

 If an upgraded server was not configured for CPL priot to the upgrade, CPL will be turned on.

 If an upgraded server was configured for CPL priot to the upgrade, the CPL setting

immediately preceding the upgrade is retained.

If a server is only accessed through NCP (AFP and CIFS are not installed), you can achieve an NCP performance gain of about 10%. However, there is a critical caveat. If you later install AFP or CIFS and you forget to re-enable CPL, data corruption can occur.

There are also obvious implications for clustering because the CPL settings for clustered nodes must match. For example, if an unmodified OES 2 SP1 node is clustered with an unmodified OES 2 SP2 node, their CPL settings will conflict and one of the nodes must be modified.

For more information about cross-protocol locking, see “Configuring Cross-Protocol File Locks for

NCP Server” in the OES 2 SP2: NCP Server for Linux Administration Guide.

novdocx (en) 22 June 2009

1.3.6 Domain Services for Windows Installation

The DSfW installation has been rearchitected with a focus on usability and simplicity.

1.3.7 Performance Increases

AFP, NCP, and Samba all have improved performance in OES 2 SP2.

1.3.8 PureFTP

Gateway parity with NetWare.

1.3.9 Upgrading Online

Support for upgrading through the SP Channel is included. For more information, see “Upgrading

Using the Patch Channel (Online)” in the OES 2 SP2: Installation Guide.

1.4 New in OES 2 SP1

 Section 1.4.1, “YaST Install Changes,” on page 20

 Section 1.4.2, “Novell AFP,” on page 21

 Section 1.4.3, “Novell CIFS,” on page 21

 Section 1.4.4, “Novell Domain Services for Windows,” on page 22

 Section 1.4.5, “Migration Tool,” on page 22

1.4.1 YaST Install Changes

The default behavior of the option to use eDirectoryTM certificates for HTTPS services changed in OES 2 SP1.

20 OES 2 SP2: Planning and Implementation Guide

In OES 2, eDirectory certificates were only used by default if you were installing a new server.

In OES 2 SP1, eDirectory certificates are used by default in all installation and upgrade scenarios, except when you are upgrading to SP1 from OES 2. For an upgrade, the option that you selected for the initial installation is retained.

For a brief summary of what happens in each scenario, see Table 22-2 on page 230.

1.4.2 Novell AFP

Novell® AFP is now available on the Linux platform to provide feature parity with NetWare®.

 Support for AFP v3.1 and AFP v3.2, providing network file services for Mac* OS X* and

classic Mac OS workstations

 Support for Universal Password greater than 8 characters

 Integration with Novell eDirectory

 Integration with the Novell Storage Services

 Support for Unicode* filenames

 Integration with the Novell Trustee Model for file access

(NSS) file system

novdocx (en) 22 June 2009

 Support for regular eDirectory users (no LUM required)

 Cross-protocol file locking with NCP

Novell AFP also offers the following features not available for NetWare:

 DHX authentication mechanism: Provides a secure way to transport passwords of up to 64

characters to the server.

 Management: You can use iManager to administer and configure the AFP server on OES 2.

iManager support for AFP on NetWare is unchanged and includes only starting and stopping the server.

 Auditing: You can audit the AFP server to check on the authentication process and any

changes that occur to the configuration parameters of the server.

For more information, see the OES 2 SP2: Novell AFP For Linux Administration Guide.

1.4.3 Novell CIFS

Novell CIFS is now available on Linux to provide feature parity with the existing NetWare release. It offers the following features:

 Support for Windows* 2000, XP, 2003, and Windows Vista* 32-bit

 Support for Universal Password greater than 8 characters

 Support for NTLMv1 authentication mode

 Integration with Novell eDirectory

 Integration with the Novell Storage Services (NSS) file system

 Support for Unicode filenames

 Integration with the Novell Trustee Model for file access

What’s New or Changed 21

 Support for regular eDirectory users (no LUM required)

 Cross-protocol file locking is planned for a future release

For more information, see the OES 2 SP2: Novell CIFS for Linux Administration Guide.

1.4.4 Novell Domain Services for Windows

This service creates seamless cross-authentication capabilities between Microsoft* Active Directory* on Windows servers and Novell eDirectory on OES 2 SP2 servers, and offers the following functionality:

 Administrators with Windows networking environments can set up one or more “virtual”

Active Directory domains in an eDirectory tree.

 Administrators can manage users and groups through MMC or iManager.

 eDirectory users can authenticate to the virtual domain from a Windows workstation without

the Novell Client™ for Windows being installed.

 eDirectory users can also access file services on

 Novell Storage Services (NSS) volumes on Linux servers by using Samba shares.

 NTFS files on Windows servers that use CIFS shares.

 Shares in trusted Active Directory forests.

novdocx (en) 22 June 2009

For more information, see the OES 2 SP2: Domain Services for Windows Administration Guide.

1.4.5 Migration Tool

The new OES 2 SP2 Migration Tool uses a plug-in architecture and comprises multiple Linux command line utilities and a GUI wrapper.

The Migration Tool supports:

 A single, enhanced GUI interface for migrating all OES services

 Service migrations from either a single source server or multiple source servers (consolidation)

to a target server.

 Transfer ID (server ID swap) migrations—transferring the services and identity from one

server to another server.

For more information, see the OES 2 SP2: Migration Tool Administration Guide.

1.5 New in OES 2 (Initial Release)

Novell Open Enterprise Server 2 included the following major features and enhancements that were not included in OES 1. All features are retained in SP1 unless otherwise noted in Section 1.4, “New

in OES 2 SP1,” on page 20.

 Section 1.5.1, “Dynamic Storage Technology,” on page 23

 Section 1.5.2, “OES 2 Migration Tools,” on page 23

 Section 1.5.3, “Xen Virtualization Technology,” on page 23

22 OES 2 SP2: Planning and Implementation Guide

1.5.1 Dynamic Storage Technology

OES 2 introduces Novell Dynamic Storage Technology, a unique storage solution that lets you combine a primary file tree and a shadow file tree so that they appear to NCP and Samba/CIFS users as one file tree. The primary and shadow trees can be located on different file systems, different servers, or even different types of storage.

This lets you manage storage costs in new and efficient ways that were not previously possible.

For more information, see the related sections in Chapter 13, “Storage and File Systems,” on

page 123 and the OES 2 SP2: Dynamic Storage Technology Administration Guide.

1.5.2 OES 2 Migration Tools

In addition to the legacy Server Consolidation and Migration Toolkit, OES 2 includes new migration tools for migrating data and services from NetWare to OES 2.

For more information, see Chapter 8, “Migrating and Consolidating Existing Servers and Data,” on

page 75.

novdocx (en) 22 June 2009

1.5.3 Xen Virtualization Technology

Both OES 2 and NetWare 6.5 SP8 can run in virtual machines on either an OES 2 or a SUSE® Linux Enterprise Server 10 SP1 or later server. This is especially valuable to those organizations that are deploying new hardware that doesn’t run NetWare as a physical installation.

For more information, see Chapter 9, “Virtualization in OES 2,” on page 77.

What’s New or Changed 23

novdocx (en) 22 June 2009

24 OES 2 SP2: Planning and Implementation Guide

SUSE Linux Enterprise Server 10

Novell Services

Welcome to Open Enterprise

novdocx (en) 22 June 2009

Server 2

Novell® Open Enterprise Server 2 (OES 2) includes all the network services that organizations traditionally expect from Novell.

Figure 2-1 OES 2 Overview

OES 2

Novell Services

• AFP

• Backup (SMS)

• Clustering (High Availability)

• DNS/DHCP

• eDirectory

• CIFS

• FTP

• iFolder 3.x

• NetStorage

• Novell Client Access

running

• Management Tools

• iPrint

• QuickFinder

• Novell Storage Services (NSS)

SUSE Linux Enterprise Server 10

NOTE: For a list of OES 2 services, see Table 3-1, “Service Comparison Between NetWare 6.5 SP8

and OES 2 SP2 Linux,” on page 27.

Welcome to Open Enterprise Server 2

novdocx (en) 22 June 2009

26 OES 2 SP2: Planning and Implementation Guide

Planning Your OES 2

novdocx (en) 22 June 2009

Implementation

As you plan which OES services to install, you probably have a number of questions. The following sections are designed to help answer your questions and alert you to the steps you should follow for a successful OES implementation.

 Section 3.1, “What Services Are Included in OES 2?,” on page 27

 Section 3.2, “Which Services Do I Need?,” on page 34

 Section 3.3, “Exploring OES 2 services,” on page 34

 Section 3.4, “Plan for eDirectory,” on page 34

 Section 3.5, “Prepare Your Existing eDirectory Tree for OES 2,” on page 35

 Section 3.6, “Identify a Purpose for Each Server,” on page 35

 Section 3.7, “Understand Server Requirements,” on page 35

 Section 3.8, “Understand User Restrictions and Linux User Management,” on page 36

 Section 3.9, “Caveats to Consider Before You Install,” on page 36

 Section 3.10, “Consider Coexistence and Migration Issues,” on page 48

 Section 3.11, “Understand Your Installation Options,” on page 49

3.1 What Services Are Included in OES 2?

Table 3-1 summarizes OES services and the differences in the way these services are provided.

Although extensive, this list is not exhaustive. If you are interested in a service or technology not listed, or for documentation for listed services, see the OES Documentation Web site (http://

www.novell.com/documentation/oes2).

Table 3-1 Service Comparison Between NetWare 6.5 SP8 and OES 2 SP2 Linux

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Access Control Lists Yes Yes In combination with NCPTM Server, Linux

supports the Novell access on NSS volumes and NCP volumes on Linux.

AFP (Apple* File Protocol)

Yes - NFAP Yes - Novell

AFP

AFP services on NetWare and OES are proprietary and tightly integrated with eDirectory (NSS).

trustee model for file

and Novell Storage Services

Planning Your OES 2 Implementation

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

novdocx (en) 22 June 2009

Apache Web Server Yes - NetWare®

port of open source product

Archive and Version Services (Novell)

Backup (SMS)

Yes Yes Setup varies slightly, but there are no

Yes Yes SMS provides backup applications with a

 SMS

 NSS-Xattr

CIFS (Windows File Services)

Yes - NFAP Yes - Novell

Yes - Standard Linux

CIFS

and

Novell Samba

Administration Instance vs. Public Instance on NetWare (http://www.novell.com/ documentation/oes2/web_apache_nw/data/ aipcu6x.html#aipcu6x).

What’s Different about Apache on NetWare (http://www.novell.com/documentation/ oes2/web_apache_nw/data/ail8hvj.html) .

functional differences.

framework to develop complete backup and restore solutions. For information, see the

OES 2 SP2: Storage Management Services Administration Guide.

NSS provides extended attribute handling options for NSS on Linux. For information, see “Using Extended Attributes (xAttr)

Commands (Linux)” in the OES 2 SP2: NSS

File System Administration Guide.

Both NFAP and Novell CIFS are Novell proprietary and tightly integrated with eDirectory and Novell Storage Services (NSS).

Samba is an open source product distributed with SUSE Server (SLES).

Linux Enterprise

Novell Samba is enhanced by Novell with configuration settings for eDirectory LDAP authentication via Linux User Management (LUM). Novell Samba is not tightly integrated with NSS on Linux and works with any of the supported file systems.

Clustering Yes Yes “Product Features” in the OES 2 SP2:

Novell Cluster Services 1.8.7 for Linux Administration Guide.

“Product Features” in the NW6.5 SP8:

Novell Cluster Services 1.8.5 Administration Guide.

DFS (Novell Distributed File Services)

Yes Yes In combination with NCP Server, DFS

supports junctions and junction targets for NSS volumes on Linux and NetWare. DFS also supports junction targets for NCP volumes on non-NSS file systems such as Reiser and Ext3. The VLDB command offers additional options to manage entries in the VLDB for NCP volumes.

28 OES 2 SP2: Planning and Implementation Guide

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

DHCP Yes Yes For a comparison between what is available

on OES 2 and NetWare, see Section 12.2.2,

“DHCP Differences Between NetWare and OES 2,” on page 101.

To plan your DHCP implementations, see “Planning a DHCP Strategy” in the OES 2

SP2: Novell DNS/DHCP Administration Guide for Linux and “Planning a DHCP Strategy” in the NW 6.5 SP8: Novell DNS/ DHCP Services Administration Guide.

DNS Yes Yes For a comparison between what is available

on OES 2 and NetWare, see Section 12.2.1,

“DNS Differences Between NetWare and OES 2,” on page 100.

See “Planning a DNS Strategy” in the OES

2 SP2: Novell DNS/DHCP Administration Guide for Linux and “Planning a DNS Strategy” in the NW 6.5 SP8: Novell DNS/ DHCP Services Administration Guide.

novdocx (en) 22 June 2009

Dynamic Storage Technology

eDirectory 8.8 Yes Yes No functional differences.

eDirectory Certificate Server

eGuide (White Pages) Yes No This functionality is now part of the Identity

FTP Server Yes Yes Support for eDirectory LDAP authentication

No Yes DST runs on OES 2. An NSS volume on

NetWare is supported only as the secondary volume in a shadow pair. When using DST in a cluster, each of the NSS volumes in a shadow pair must reside on OES 2. DST also supports NCP volumes as shadow pairs and Linux POSIX* volumes as shadow pairs.

Yes Yes No functional differences.

Manager 3.6 User Application. For more information, see the Identity Manager 3.6

Documentation Web Site. (http:// www.novell.com/documentation/idm36/ index.html).

has been added to PureFTP on OES 2. The FTP/SFTP gateway available on NetWare is not currently available on Linux. See

Section 17.1.2, “FTP Services,” on page 180.

See “Features of the NetWare FTP Server” in the NW 6.5 SP8: Novell FTP

Administration Guide.

Planning Your OES 2 Implementation 29

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

novdocx (en) 22 June 2009

Health Monitoring Services

Yes Yes The Health Monitoring Server, which was

included in OES 1, has been removed in OES 2.

This is now available in various Novell Remote Manager dialog boxes on both platforms.

For more information, see “Health

Monitoring Services” on page 86.

Identity Manager 3.6.1

Yes Yes No functional differences.

Bundle Edition

iPrint Yes Yes See “Overview” in the OES 2 SP2: iPrint for

Linux Administration Guide, and “Overview”

in the NW 6.5 SP8: iPrint Administration

Guide.

(Internetwork

IPX

Yes No Novell has no plans to port IPX to OES. Packet ExchangeTM) from Novell

iSCSI Yes Yes The iSCSI target for Linux does not support

eDirectory access controls like the NetWare target does. Nor is the iSCSI initiator or target in OES 2 integrated with NetWare Remote Manager management. You use YaST management tools instead.

LDAP Server for

Yes Yes No functional differences. eDirectory

Multipath Device

Yes Yes NetWare uses NSS multipath I/O. Linux Management

MySQL* Yes - NetWare

port of open

source product

Yes - Standard Linux

On the other hand, the iSCSI implementation for Linux is newer and performs better.

See Linux-iSCSI Project on the Web (http://

linux-iscsi.sourceforge.net).

See “Overview” in the NW 6.5 SP8: iSCSI

1.1.3 Administration Guide.

uses Device Mapper - Multipath that runs underneath other device management services.

See MySQL.com on the Web (http://

www.mysql.com).

See “Overview: MySQL” in the NW 6.5 SP8:

Novell MySQL Administration Guide.

30 OES 2 SP2: Planning and Implementation Guide

+ 258 hidden pages

Novell Open Enterprise Server Planning and Implementation Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

OES 2 SP2: Planning and Implementation Guide

About This Guide

What’s New or Changed

1.1 Where’s NetWare?

1.1.1 NetWare References in This Guide and Elsewhere

1.1.2 NetWare Documentation

1.2 Links to What's New Sections

1.3 New or Changed in OES 2 SP2

1.3.1 Auditing

1.3.2 Base Platform Is SLES 10 SP3

1.3.3 CIFS DFS Support

1.3.4 Create EVMS Proposal Option

1.3.5 Cross-Protocole File Locking Change

1.3.6 Domain Services for Windows Installation

1.3.7 Performance Increases

1.3.8 PureFTP

1.3.9 Upgrading Online

1.4 New in OES 2 SP1

1.4.1 YaST Install Changes

1.4.2 Novell AFP

1.4.3 Novell CIFS

1.4.4 Novell Domain Services for Windows

1.4.5 Migration Tool

1.5 New in OES 2 (Initial Release)

1.5.1 Dynamic Storage Technology

1.5.2 OES 2 Migration Tools

1.5.3 Xen Virtualization Technology

Welcome to Open Enterprise Server 2

3.1 What Services Are Included in OES 2?

Planning Your OES 2 Implementation