chapter two: implementing edirectory services hands-on novell netware 6.0/6.5, enhanced edition
TRANSCRIPT
Chapter Two:Implementing eDirectory Services
Hands-On Novell NetWare 6.0/6.5, Enhanced Edition
Objectives
After reading this chapter and completing the exercises, you will be able to:
Configure a workstation to communicate with the network by using both Microsoft and Novell Client software
Describe the function and purpose of eDirectory and use distinguished and relative names to access network objects
ObjectivesAfter reading this chapter and completing the exercises, you will be able to:
Install and use NetWare management utilities to work with the eDirectory tree
Install and use NetWare Administrator, ConsoleOne, and iManage to browse the eDirectory tree, view object properties, and create new objects
Use ConsoleOne to view and work with partitions and replicas
Implementing the Client
To communicate and access network services, a user’s computer requires a network interface card (NIC) along with client and protocol software components, as shown in Figure 2-1
The NIC driver controls the network interface card so that it can send and receive packets over the network cable system
Client Protocols
Implementing the Client
An important part of Novell’s OneNet strategy is to provide network services that are compatible with the variety of clients shown in Figure 2-2
To make accessing NetWare file services simpler in a multi-client environment, NetWare 6 includes Novell’s new Native File Access (NFAP), which enables NetWare 6 servers to process file service requests formatted by non-Novell clients, such as Microsoft, Apple, and Unix
As shown in Table 2-1, accessing certain eDirectory or application services on a NetWare server still requires Novell Client to be installed on the workstation
NetWare Client Options
Web Browser Clients
Web browsers, such as Internet Explorer and Netscape, are clients that use the HTTP and WebDAV protocols to make requests to Web servers
Many Internet applications are now written to access data and services from Web browsers
Using the Microsoft Client
The Microsoft client is needed to access shared resources and services from other Windows-based computers
This client is optional on Windows 9x, but is automatically installed with the Windows 2000 operating system
When a computer running a Microsoft client attempts to access a NetWare 6 server running NFAP, the Windows client submits its local user name and password to the NetWare server in the same way it would attempt to log on to a Microsoft server
In addition to the user’s eDirectory password that Novell Client needs, NetWare keeps a separate password for each user account to use when logging on from Microsoft clients
The Microsoft Client Service for NetWare
Users who use both the Novell and Microsoft clients to log in must maintain two passwords
An alternative to installing Novell Client on Windows computers is to use Microsoft NetWare client
Windows 9x and 2000 come with an optional NetWare client—Microsoft Client Service for NetWare—to access services on NetWare 6 servers
The Novell Client
Novell Client offers the following advantages over the Microsoft NetWare client when logging in to the UASHOST servers: Easy access to network services through the addition of the
Novell menu in the taskbar and extra NetWare options in the My Computer, Network Neighborhood, and Explorer menus
More secure passwords The ability to use NetWare utilities, such as ConsoleOne and
NetWare Administrator Support for Z.E.N. works application services
Novell Clients
The Novell Client
As a network administrator, you can select any of the following methods to install Novell Client, depending on the workstation’s configuration and your personal preferences:
Install from CD-ROM
Install from the network
Automatic Client Upgrade (ACU)
Novell eDirectory Services
Starting with NetWare 4, Novell pioneered a directory service, using
a global database of network objects, called Novell Directory
Services (NDS)
NDS was based on an industry-standard naming system called
X.500
eDirectory Components
The eDirectory system uses a tree structure to organize network components, called objects, in a way that is very similar to how files and directories are organized on a hard disk
The eDirectory database consists of three major types of objects: The [Root] object Container objects Leaf objects
eDirectory Components
The [Root] object is important because it represents the beginning of the network directory service tree, in much the same way the root of a disk volume represents the beginning of the disk storage space on a drive
Container objects are used to group and store other objects
eDirectory Components
eDirectory supports three major types of container objects:
Country
Organization
Organizational Unit
Country container objects must be assigned a valid two-digit country code and can exist only within the root of a directory service tree
eDirectory Components
Organization container objects must exist within a Country container or directly under the root of the directory service tree
Organizational Unit (OU) container objects, which must exist within an Organization container or within another OU container, divide users and other leaf objects into appropriate workgroups, such as company divisions or departments
eDirectory Components Figure 2-6 illustrates
the sample eDirectory tree for UAS
Leaf objects represent network entities, such as users, groups, printers, and servers
A property is a field that can contain information about an object
eDirectory Object Types
eDirectory Components
Admin is an important user object because it has the Supervisor right to the entire eDirectory tree, allowing the Admin user to create and manage all other objects in the tree structure
Directory Context
The location of an object within the eDirectory tree is referred to as its context
Each object in the eDirectory database can be uniquely identified by its distinguished name, which consists of the object’s name along with its complete context, leading to the root of the eDirectory tree
A context specification that includes the object abbreviations is referred to as a typeful name
Directory Context
A distinguished name that does not contain the object type abbreviations is referred to as a typeless name
The location of your client computer within the eDirectory tree is referred to as its current context
If your client computer’s current context is set to one of the containers specified in the distinguished name, you can save keystrokes by using a relative name
A relative distinguished name, often referred to as just a relative name, starts with the current context and is specified by omitting the leading period
Designing an eDirectory Tree Structure
The first step is to define and document all users and other objects in the network
After identifying all the network objects, your next step was to determine what containers would be needed
When grouping objects, you should keep the design as simple as possible to reduce the number of containers that will be needed
A general rule is to avoid containers with fewer than 10 users unless the objects are in separate geographical areas with their own server and independent resources
A Simple eDirectory Tree Design
Designing an eDirectory Tree Structure
Introduction to NetWare Management Utilities
To work with the eDirectory tree, you need to become familiar with Novell’s management utilities
In NetWare 5, Novell introduced the ConsoleOne utility, which was written using the Java language so that it could run on multiple platforms, including the NetWare server’s console
With NetWare 6, in addition to NetWare Administrator and ConsoleOne, Novell introduced a new network management tool called iManager
Introduction to NetWare Management Utilities
With iManager, network administrators can manage their eDirectory trees from a Web browser, such as Internet Explorer, instead of requiring a workstation with the Novell client
Because it does not require the Novell client running on a Windows-based computer, the iManager utility is an integral part of Novell’s OneNet vision, allowing network management from any client on a connected network
Each utility has its advantages and disadvantages
Using NetWare Administrator
To run NetWare Administrator, you need a Windows 9x or
2000 workstation with at least 64 MB of RAM and the
Novell Client software
Although the Microsoft client allows users to access
NetWare file and print services, it does not have the
necessary components to run ConsoleOne or NetWare
Administrator
Installing and Using ConsoleOne
ConsoleOne remains the primary utility for managing most
aspects of the NetWare 6 eDirectory tree
In addition to having Novell Client installed, ConsoleOne
requires a workstation to have at least 128 MB of RAM and
a 300 MHz processor to run effectively
Implementing the eDirectory Tree
Your classroom eDirectory tree has been set up to allow you to create your own version of the Universal AeroSpace structure in your assigned ##UAS Organization (the ## represents your assigned student number)
Initially, your ##UAS Organization contains only your ##Admin administrator name that was created during the classroom server’s setup
The actual NetWare server and SYS volume objects are located in the UAS Organization
Creating Alias and Volume Objects
An alias object is a pointer to the real object located in another container
Alias objects are useful when you need to access physical resources, such as files and printers, from different contexts (several departments in a company, for instance)
Volume objects point to the physical data volumes on the server and are used to access data and store volume configuration and status information
When a new volume is created on the server, a corresponding volume object is created in the server’s eDirectory container
Creating Organizational Units with iManager
By default, the Admin user of the tree has the necessary rights to use iManager to perform all tasks, but by creating administrative roles, the administrator can grant rights to other users to perform certain management tasks in iManager
You could easily create your remaining OUs with NetWare Administrator, but in the activity on page 62 through 64, you practice using iManager to create container objects in your ##UAS Organization
Completing the Tree Structure with ConsoleOne
When you log in with the Admin user name, you risk accidentally changing the system configuration or erasing or corrupting server files
In addition, if the workstation from which you’re logging in has a computer virus in memory, the virus could infect program files on the server, causing the virus to quickly spread throughout the network
eDirectory Partitioning and Replicating
Each record in a database represents a single network object. The database itself is a hidden file stored on the NetWare server when the first server is installed on the network
When the new server is added, NetWare 6 will automatically place a copy of the entire eDirectory database on the new server, as shown in Figure 2-20
eDirectory Partitioning and Replicating
The copy of the eDirectory database placed on the new server is called a replica
There are five types of replicas: Master – Read/Write Filtered – Read-Only Subordinate
Filtered replicas are similar to R/W replicas, except that you can use a filter to specify what types of objects are included in the replica
eDirectory Partitions
A directory partition is a division of the eDirectory database that enables a network administrator to replicate only a part of the entire eDirectory tree
Initially, the eDirectory tree contains only one partition that starts at the root of the tree: the [Root] partition
With NetWare 6, the ConsoleOne utility is used to view, create, move, or merge partitions
As shown in Figure 2-22, the ConsoleOne utility enables you to identify which partitions exist in the eDirectory tree and determine on which servers the partition replicas are stored
Partitioning the eDirectory Database
The Partition and Replica View in ConsoleOne
Summary
Using Native File Access Protocol, NetWare 6 can process requests for file services for Microsoft, Apple, and Unix clients
One of NetWare’s major features is the global eDirectory database, which allows NetWare servers to share access to a common set of network objects that can be organized into a hierarchical tree structure
The location of an object within the eDirectory tree is called its context
Summary
The location of the client computer within the eDirectory tree is called the current context, which can be used to make access to objects easier by simply entering the object’s common name
NetWare 6 has two graphical Windows-based utilities for managing eDirectory objects: ConsoleOne and NetWare Administrator
Replicas are copies of the eDirectory database placed on NetWare servers; they provide fault tolerance if a server is down and enable faster access to network resources