Ugly Storage Made Sexy in Novell Open Enterprise Server and Windows Environments
Novell Open Enterprise Server Architecture
description
Transcript of Novell Open Enterprise Server Architecture
Novell® Open Enterprise Server Architecture
Haripriya SrinivasaraghavanDistinguished [email protected]
Jason TaylorSenior Product [email protected]
© Novell, Inc. All rights reserved.2
Novell® Open Enterprise Server
• Open Enterprise Server 2 Linux – the migration path for NetWare®
• Get the unique capabilities of NetWare, with the proven application support, and ecosystem of SUSE® Linux
NetWare
Open Enterprise Server 2
SUSE Linux Enterprise Server
Migrate
The long-standing leader ofsecure networking services
NetWare services on top of anaward-winning open-source server fordelivering business-level applications
© Novell, Inc. All rights reserved.3
Agenda
• Product Overview
• Product Architecture
• Bundled Products - Highlights
• Common Frameworks
• Question and Answer
Product Overview
© Novell, Inc. All rights reserved.5
Open Enterprise Server 2Product Summary
• Product Goal– To be what NetWare® is to you and a lot more
> Provide the proven features and capabilities of NetWare to run your enterprise
» NCP, AFP, CIFS, Salvage, Remote FTP, SLP, and a lot more
> Provide additional powerful capabilities for your changing enterprise» Domain Services for Windows, Dynamic Storage Technology, new and improved
iFolder, iPrint, a whole lot of applications and vendor support that is part of the Linux ecosystem
• Product Life-stage– OES2 with its support packs (SP1, SP2, SP3)
> Heavy focus on closing the gaps with NetWare, and addressing any stability, performance, usability issues
> Targeted focus on migrations from NetWare to OES2
© Novell, Inc. All rights reserved.6
Open Enterprise Server 2The Making of OES2
SLEopenSUSE
SLED SLES OES2
Identity and WorkgroupSolutions
Open Source
Closed Source
© Novell, Inc. All rights reserved.7
OES
Open Enterprise Server 2Software Platforms and Hardware Architecture
• Open Enterprise Server NetWare®
– 32-bit– Virtualized
• Open Enterprise Server 2 Linux– SLES 10 - 32 bit (i386) - Intel 32 bit– SLES 10 - 64 bit (x86_64) - AMD64/EM64T
• For x86_64– Kernel is 64 bit, Supports 32 bit applications– /usr/lib and /usr/lib64– Some of OES2 x86_64 still 32 bit applications
> Kernel modules and other dependencies are 64-bit> 64 bit eDirectory™ since OES2 SP1
© Novell, Inc. All rights reserved.8
Open Enterprise Server 2Install Scenarios
• Concurrent Install– Install Open Enterprise Server 2 with SUSE® Linux
Enterprise Server 10 SP2
• Post Install– Install Open Enterprise Server 2 after SUSE Linux
Enterprise Server 10 SP2
• CD/DVDs• Network install
– Mini boot CD– install=[http|nfs]://<server>/<install path>
• AutoYaST– Install one server, create an AutoYaST file
© Novell, Inc. All rights reserved.9
Open Enterprise Server 2Upgrade Scenarios
• Down Server Upgrade
– Upgrade from the media by rebooting the server
• Channel Upgrade
– Upgrade through the OES2 channel
– New in SP2
© Novell, Inc. All rights reserved.10
Integrated YaST Install Experience
© Novell, Inc. All rights reserved.11
Open Enterprise Server 2The Novell® Virtualization Story
• Novell Virtual Machines are based on Xen technology– Open-source project, maintained by XenSource, with major industry players– Linux Virtual Machine Server (VMS) dom0– Virtual Machine (VM) domU– After the Host environment (Dom0) is installed, the Guest OES 2 server can be
installed
• Open Enterprise Server 2 Linux Guest– Para-virtualized in SLES 10 SP1 i386 or x86_64 Guest environments– All Open Enterprise Server 2 services are supported in either Guest environment
• Open Enterprise Server NetWare® Guest– Para-virtualized 32-bit Guest on i386 SLES 10 SP2 Host – Para-virtualized 32-bit Guest on x86_64 SLES 10 SP2 Host
> In this mode NetWare will be fully functional as a 32bit VM
• Open Enterprise Server 2 SP1 – over SLES 10 SP2
© Novell, Inc. All rights reserved.12
Novell® Virtual Machine Architecture
© Novell, Inc. All rights reserved.13
Registration: Novell® Customer Center
• During or after install you can register Open Enterprise Server 2
• Novell Customer Center
– http://www.novell.com/customercenter/
– Online service to manage your products, subscriptions and services
– Obtain critical Linux patches, updates, and support
– Helps to ensure licensing compliance
– Helps to reduce systems management costs
© Novell, Inc. All rights reserved.14
Partner Product Certification
• SUSE® Linux Enterprise Server provides a certification program for partners
– http://www.novell.com/partnerguide/
• SUSE Linux Enterprise Server is a true enterprise Linux server
– Protection from open source breakage– Releases are supported for 7 years
• Products certified on SUSE Linux Enterprise Server also supported on Open Enterprise Server
• Backup and anti-virus products supported on Open Enterprise Server 2
– http://www.novell.com/products/openenterpriseserver/partners/
OES Architecture
© Novell, Inc. All rights reserved.16
Bundled Products and Services Open Enterprise Server 2 SP1 – New/Modified
• Directory and Identity Services– Novell® eDirectory™ 64 bit– Novell Domain Services for Windows– Linux User Management (LUM)
• File Server– Novell Storage Services (NSS)– NCP™ Server (with Novell eDirectory)– Novell AFP– Novell CIFS– Open Enterprise Server 2 configured Samba– Open Enterprise Server 2 configured FTP
•
© Novell, Inc. All rights reserved.17
Bundled Products and Services Open Enterprise Server 2 (cont.)
• File Services– Dynamic Storage Technology– Distributed File Services– Novell® Archive and Version Server
• Novell Cluster Services™ (NCS)• Novell Backup / Storage Management Services (SMS)• Novell iFolder® 3.9• Novell iPrint • Novell NetStorage• Novell QuickFinder™
© Novell, Inc. All rights reserved.18
• Networking
– Novell® DHCP
– Novell DNS
• Management/Configuration/Monitoring
– Novell iManager
– Novell Remote Manager (NRM)
– OpenWBEM and CIM plugins
• CASA
Bundled Products and Services Open Enterprise Server 2 (cont.)
© Novell, Inc. All rights reserved.19
Base PackagesFrom SUSE® Linux Enterprise Server 10 SP3 (TBD)
• Kernel 2.6.16 (plus)• GCC 4.1.2 (plus)• Xen 3.2.0 (plus)• Tomcat5 5.0.30 (plus)• Apache2 2.2.3 (plus)• Samba 3.0.28 (plus)• Novell® LDAP Extension Libraries 1.0 – 3.4.1 (plus)• OpenLDAP2 2.3.32 (plus)• OpenSSL 0.9.8a (plus)• OpenWBEM 3.2.0 (plus)• MIT Kerberos5 1.4.3 (plus)
© Novell, Inc. All rights reserved.20
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUMJava
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
Migration
Tools
Migration
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUMJava
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
Migration
Tools
Migration
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.21
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
Quickfinder
eDirectory
+ DSFWLDAP
SMS
CASA
DST
LUMJava
File Systems and Storage Services
Migration
Tools
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFSDST
File Systems and Storage Services
© Novell, Inc. All rights reserved.22
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
SMS
DST
File Systems and Storage Services
File Acce ss Protoc ols
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
SMS
DST
File Systems and Storage Services
File Acce ss Protoc ols
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.23
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
eDirectory
+ DSFWLDAP
SMS
CASA
DST
LUM
File Systems and Storage Services
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
eDirectory
+ DSFWLDAP
SMS
CASA
DST
LUM
File Systems and Storage Services
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.24
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesHigh Availability
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesHigh Availability
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.25
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity Services
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.26
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
NRM (httpstk)
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity Services
Managem
ent
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
NRM (httpstk)
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity Services
Managem
ent
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.27
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUM
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.28
OES 2 SP1 - Component GroupsSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUMJava
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
Migration
Tools
Migration
NCP
CIFS
AFP
Samba
FTP
NS
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
XTier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUMJava
File Systems and Storage ServicesNetwork Services High Availability
File Acce ss Protoc ols
Directory and Identity ServicesProductivity Services
Managem
ent
Migration
Tools
Migration
NCP
CIFS
AFP
Samba
FTP
NS
© Novell, Inc. All rights reserved.29
OES2 SP1 Component ArchitectureSingle Server - Linux
NSS EXT3Reiser3
Versioning
DFS
Tomcat
J2SE
Apache
iManager Plugins
iPrint
Xtier
mono iFolder 3.7
NRM (httpstk)
Quickfinder
OpenWBEM
DHCP DNS
eDirectory
+ DSFWLDAP
SMSNCS
CASA
DST
LUMJava
Migration
Tools
IPP (631)
http (80)
https (443)
http (1008)
https (1010)
GIPC (224)
NCP (NDAP, File) (524)
http (1008), https (1010)
LDAPS (636)
LDAP (389)
NCP (524)
AFP ( 548)
FTP (21)
CIFS
(137, 138, 139)
CIFS
(137, 138, 139)
NCP
CIFS
AFP
Samba
FTP
NS WebDav ( 80)
DHCP (67) DNS (53)
CIMXMLS (5989)
CIMXML (5988)
Bundled Components
© Novell, Inc. All rights reserved.31
Open Enterprise Server 2 File SystemsTypes and Access Protocols
• Multiple choices for File Systems– Novell Storage Services™
– Posix File-Systems: Ext3, Reiser, XFS
• Multiple choices for File Access Protocols– NCP™ - Novell NCP
– CIFS/SMB – Novell® CIFS, Samba
– AFP – Novell AFP
– HTTP – NetStorage, Apache
– FTP – PureFTP with Novell changes
– NFS – Linux NFS
© Novell, Inc. All rights reserved.32
Novell Storage Services™
• Novell Storage Services file system provides unique and powerful file system capabilities
– Visibility and Trustee access controls with rich file attributes– Multiple simultaneous namespace support and Unicode– User and Directory quotas– Event file lists, and a file salvage subsystem
• Especially suited for managing file services for thousands of users in an organization
• Novell Storage Services volumes are cross-compatible between kernels
– You can mount a non-encrypted Novell Storage Services data volumeon either the Linux or NetWare® kernel and move it between them
– In a clustered SAN, volumes can fail over between kernels
• Salvage does not need user LUM enabling anymore
© Novell, Inc. All rights reserved.33
Apple Filing Protocol (Novell® AFP)
• Apple Filing Protocol support on OES 2 Linux SP1– Mac clients can access files from the OES 2 server– Closing the gap with NetWare®
• Feature Overview– Support for AFP 3.1, OSX 10.3, OSX 10.4– Authentication: Universal Password, DH1– Support for NSS volumes, NCS Clustering– Support for NetWare trustee and rights model– Support for Mac Resource Forks– Cross-Protocol Locking with NCP™, Samba– Simplified management using iManager– Migration from NetWare– Multi-processor support (not available on NetWare AFP)
© Novell, Inc. All rights reserved.34
Apple Filing Protocol (Novell® AFP)Architecture
NSS CASAstore
CIMProvider
NCPServer
eDirectory
AFPServeriManager
Plugin ncp-rpc
nmas-ldapxplat (ncp)
zAPI
conffile
© Novell, Inc. All rights reserved.35
Apple Filing Protocol (Novell® AFP)Linux Implementation • Install and Configuration
– YaST install– Configuration using iManager, CIM providers for configuration and management
• Design details– Stand-alone server communicating with eDirectory™ for authentication and
authorization– NSS file-system, resource forks fully supported, uses zAPI
• User access for AFP– Any eDirectory user with universal password enabled– User contexts to be configured for the AFP server– LUM-enabling of eDirectory users is not required
• Cross-protocol locking (CPL)– Byte-range locks and Share modes
• CPL supported across AFP, NCP™ and Samba
© Novell, Inc. All rights reserved.36
Novell® CIFS
• Novell CIFS support on OES 2 SP3 Linux– Support for SMB V1 and Browser protocol– Authentication: Universal password, NTLMv1– Support for NSS volumes and NetWare® trustee and rights model– Cross-protocol locking support– Management using iManager and CLI, Migration from NetWare– Multi-processor support (not available on NetWare CIFS)– LUM-enabling of users not required– Auditing support
• New in SP3– DST support, NTLMv2 support
© Novell, Inc. All rights reserved.37
Novell® CIFSArchitecture
CLI toolsNCP
Server
eDirectory
NSS CASAstore
trusteefile
CIFSServer
NW Rights+ Cache
libmanagus
_admin
iManagerPlugin nmas-
ldapxplat (ncp)
ncp-rpc
POSIX
IPC
CIM
IPC
© Novell, Inc. All rights reserved.38
Novell® CIFSLinux Implementation
• Install and Configuration– YaST install– Configuration using iManager, command-line tools
• Design details– Stand-alone server communicating with eDirectory™ and NCP™ server– Requires NCP Server on the same box, but no local eDirectory replica required– Uses standard POSIX interfaces, supports NSS file-system– Uses trustee.xml file managed by the NCP server
• User access for CIFS– Any eDirectory user with universal password enabled– User contexts to be configured for the CIFS server– LUM-enabling of eDirectory users is not required
• Unsupported– Interoperability with Domain Services for Windows on the same server
© Novell, Inc. All rights reserved.39
• Novell NCP Server for Linux enables support for– Login scripts, – Mapping drives, and...– Other services commonly associated with Novell Client™
• Services included with NCP (NetWare® Core Protocol)– File access and locking– Tracking of resource allocation– Event notification– Connection and communication management– Legacy print services and queue management, and...– Network management
Novell® NCP™ Server
© Novell, Inc. All rights reserved.40
Novell® NCP™ Server (cont.)
• NCP Server can run in front of POSIX file systems– EXT3, Reiser
– Virtual File System (VFS) layer
– Lossy mapping from Novell rights to POSIX attributes
• NCP Server can run in front of Novell Storage Services™ file systems
– Complete mapping for Novell rights and trustees
• Moving users from NetWare® to Linux– With Open Enterprise Server 2, you no longer need to
Linux enable the user just to run a Linux server
© Novell, Inc. All rights reserved.41
Domain Services for Windows
• An OES pattern– Emulates an Active Directory domain controller– Works with Samba, iPrint, and applications doing AD authentication– Supports interoperability in a mixed eDirectory™/AD environment
• Use cases– For AD application support (authentication only applications)– Client-less access (no NCP on wire)– Management using iManager or MMC
• Comprises of– OSS: NTP, Samba, DNS, glibc, MIT Kerberos, DCE-RPC– Closed source: Novell® eDirectory, LUM
© Novell, Inc. All rights reserved.42
Co-existence – A Typical Use Case
• Cross-domain and cross-forest trusts with AD
Mforest.abc.com
OrganizationUnit
Organization Domain
Root
eDirectory Replica Ring
MMCUser Add/Modify
User Add/Modify
eDirectory 8.7.3 SPx
eDirectory 8.8 SP1
User Add/Modify
User Add/Modify
DSfW
DSfW ADPHMaster
ConsoleOne
Cross Forest Trust
iManager
Domain
© Novell, Inc. All rights reserved.43
Domain Services for Windows
• New features
– New and improved DSfW install and provisioning
> Reduced DSfW install failures
> Improved install troubleshooting
– sysvol replication support
– Partner support
> Support for Citrix Server interoperability
> Support for VMWare
– Connected partition restriction on domains removed
© Novell, Inc. All rights reserved.44
Dynamic Storage Technology (cont.)
• Reducing the cost of storage with shadow volumes– Overlay 2 subdirectory trees to create 1 virtual volume– Transparent to clients– Define policies to manage file distribution between trees
• Benefits– Partition files based on “need to backup”– Can have different backup policies for each tree
> Smaller, faster backups for most important data
– Can use different storage for each tree> Less expensive storage for less important data
– Like HSM but without the pain
© Novell, Inc. All rights reserved.45
PRIMARY TREE:
Subdirectory – 1file – 1
file – 2Subdirectory – 2
file – 4
Important Data
Dynamic Storage Technology
Less Important Data
SHADOW TREE:
Subdirectory – 1file – 3
Subdirectory – 2file – 5file – 6
CLIENTS SEE:
Subdirectory – 1file – 1
file – 2file – 3 Subdirectory – 2
file – 4file – 5file – 6
© Novell, Inc. All rights reserved.46
Novell® Linux User Management (LUM)
• Linux User Management (LUM) enables eDirectory™ users to function as local POSIX users onLinux servers
• This functionality lets administrators use eDirectory to centrally manage remote users for access to one or more Open Enterprise Server Linux servers
• Delivered as a set of modules
– Pluggable Authentication Modules (PAM) “pam_nam”
– Name Services Switch “nss_nam”
– Caching Daemon “namcd”
© Novell, Inc. All rights reserved.47
Novell® Linux User Management (cont.)
PAM Enabled Apps
Closed Source
Closed Source
Open Source
Closed Source
Closed Source
Closed Source
PAM/etc/pam.d/*.conf
<app>.conf
pam_*.sopam_*.so
pam_*.so
pam_*.sopam_*.sopam_nam.so
/etc/nam.conf
namcd
LDAP
cache
LDAP(bind)
LDAP(proxy)socket
NSS
/etc/nsswith.conf
pam_*.sopam_*.solibnss_nam.so
socket
eDir
getFDN() getGUID()
schema
© Novell, Inc. All rights reserved.48
Novell® eDirectory™ 8.8 SP5 (TBD)
• Native 64 bit eDirectory
– The NCP Server also runs as 64 bit service
• LDAP Auditing
• Enhanced Authentication Protocol Support
• Enhanced Directory Monitoring in LDAP layer
© Novell, Inc. All rights reserved.49
Novell iFolder® 3.9
• File access from anytime anywhere– A simple and secure storage and synchronization solution
> Backup, Encrypt, Access and Manage files
• iFolder 3.7– Centralized Server Administration using Web Console– Enhanced conflict management– Response file support for large deployments– LDAP group support for access control– Secure communication– Server-side Migration: 2.x to 3.7– Mac Client Support– AD Support
© Novell, Inc. All rights reserved.50
Other components
• NCP Server – Can host any POSIX file-system with lossy mapping of rights– Can also host NSS file-system with complete support for Novell®
rights model– LUM-enabling not required– New 64-bit NCP Server on Linux
• iPrint– Added support for iPrint accounting API on Linux
• DNS/DHCP– Closed-source DNS, open-source DHCP– New Java Console on Windows
Common Frameworks
© Novell, Inc. All rights reserved.52
Open Enterprise Server 2 SP1Common Frameworks
• Migration– Migration Tools, SCMT
• Installation– YaST
• Configuration– iManager– Backend database: files or eDirectory™
• Management– NRM, iManager– CIM, CIM providers
> OpenWBEM
• Auditing– LAF
© Novell, Inc. All rights reserved.53
Upgrade/Migration Matrix
• Supported Upgrade Sources– NetWare® 5.1 SP8
– NetWare 6.5 SP6
– Open Enterprise Server 1 SP2 Linux
– SUSE® Linux Enterprise Server 10 SP1
• Supported Migration Sources– NetWare 5.1 SP8
– NetWare 6.5 SP6
– Open Enterprise Server 1 SP2 Linux
– Windows NT4 or Windows 2003
© Novell, Inc. All rights reserved.54
Open Enterprise Server 2 SP1Migration Framework
• Migration Tool– An integrated GUI with plugins for each service requiring
migration
– Backend CLI tools that can be used as well
• Theory of operation– Migration GUI Framework – Java-based
> Consolidated GUI – service UIs plug-in into this framework
> Uniform capabilities: Scheduling, check-pointing, notifications, parameters
> Skins on top of existing CLI commands where required
– Command-line tools for file-system migration
© Novell, Inc. All rights reserved.55
• Migration Scenarios– Upgrade, Migration, Consolidation (not supported)– Migration
> Same Tree, Server ID Transfer
• Supported Source Platforms– OES 1.0 SP2, NetWare® 6.5 SP6, NetWare 5.1 SP8
• Service Support– eDirectory™, Archive Version Services, DNS, DHCP, iPrint, iFolder, AFP,
Novell® CIFS, FTP, NTP– File System
> Supports NSS and traditional FS on NetWare as sources> Supports only NSS on OES 1.0> Supports migrations from NTFS
Open Enterprise Server 2 SP1Migration Scenarios, Platforms and Services
© Novell, Inc. All rights reserved.56
Learn More at BrainShare®...
• Attend any of the following related sessions:– IO101: Open Enterprise Server 2 Introduction, Overview
and Futures– IO104: Introduction to the Novell® Open Workgroup Suite– IO111: Migration Tools on OES 2– TUT106: Domain Services for Windows– TUT211: Enhanced Protocol Support in OES 2 SP1 – AFP and
CIFS– TUT109: DNS-DHCP on OES 2– TUT208: Dynamic Storage Technology
• Stop by the OES tables E8-E19 in the technology lab
Question and Answer
Backup Slides
© Novell, Inc. All rights reserved.59
Novell® Open Enterprise Server
• Novell Open Enterprise Server is a suite of services– File, Print and Storage Services– High Availability Services– Management Services– Productivity and Networking Services– Identity and Security Management
• Open, easy-to-deploy platform www.novell.com/oes
Background and History
© Novell, Inc. All rights reserved.61
A Brief History
• Novell® has ported NetWare® services to other platforms
– Windows, Unix, Linux
• Novell Nterprise™ Linux Services– First full suite of services similar to NetWare– Supported on SUSE® Linux Enterprise Server and RedHat
• Open Enterprise Server 1.0– Only supported on SUSE Linux Enterprise Server 9 (SLES)– Full mixed source distribution
• Open Enterprise Server 2– An add-on product hosted on SUSE Linux
Enterprise Server 10 SP1 (SLES10 SP1)– Update to OES2 slated for release in 4Q 2008
© Novell, Inc. All rights reserved.62
Open Enterprise Server 2Auditing/LAF
• SUSE® Linux Enterprise Server 10 introduces a new auditing subsystem
• LAF (Lightweight Audit Framework)– Kernel interfaces for kernel modules– User space interfaces for users space applications
• Many still write to syslog• Sentinel and other auditing products will have
LAF connectors• Audit log all system and security issues:
– Authentication– Authorization– Configuration changes
© Novell, Inc. All rights reserved.63
• Posix compliant file systems– Linux Attributes
> (u)ser, (g)roup, (o)ther> (r)ead, (w)rite, e(x)ecute> Example: 770 (user = rwx, group = rwx, other = ---)> Example: 644 (user = rw-, group = r--, other = r--)
– Linux Access Control Lists (ACLs)> More robust than attributes> user1 = rwx, user2 = r--, user 3 = r-x
• Non-Posix compliant file systems– Other rights models: Novell® ACLs; MS rights
Rights Models
© Novell, Inc. All rights reserved.64
Java (IBM, Sun, 32 bit and 64bit)
• Java 1.5– SUSE® Linux Enterprise Server 10 shipped with JVM 1.4.x– SUSE Linux Enterprise Server 10 SP1 will include JVM 1.5
• Vendors– SUSE Linux Enterprise Server 10 ships both IBM and
Sun JVMs
• Open Enterprise Server 1.0 defaulted to the Sun JVM• Open Enterprise Server 2 will default to the IBM
1.5 JVM• On x86_64
– Use the 32bt JVM (supports 32bit JNI) java-1_5_0-ibm-32bit– Careful with /usr/lib/jvm/java and /usr/lib64/jvm/java
•
© Novell, Inc. All rights reserved.65
Open Enterprise Server 2 SP1Security Focus
• Architecture Reviews– Secure communications– Protecting credentials
• Basic secure coding guidelines– Buffer overflow protection– Not running as root and reduced privileges– Separation of authentication from service
• Vulnerability Testing– System wide “nessus” testing
© Novell, Inc. All rights reserved.66
CASA
• CASA (Common Authentication Service Adapter)– Credential store for single sign on, Authentication Services– Client Store: Safely store shared secrets and credentials– Server Store: Safely store daemon secrets for booting with
authentication– Authentication: Simplified API for “kerberizing” applications
• Open Enterprise Server bundles CASA– Fully open sourced
• Programming support and Bindings (C, C#, Java)– Client: Authentication Token Client API, Secret Store API– Server: Authentication Token Verification Module API, Secret
Store API
© Novell, Inc. All rights reserved.67
Novell® Archive and Version Services
• Periodically captures and stores versions of your network files
• Uses an archive database• Uses a schedule that you determine• Users can search for a previous version of
a file and quickly restore it• Archive and Version Services on Linux was introduced
in OES2
© Novell, Inc. All rights reserved.68
OpenWBEM and CIMOM (cont)
OES Linux
CIMOM
browser
OES Linux
plugin
pluginiMgr
Management Servers
Managed Servers
OES NetWare
iMgr
plugin
plugin
plugin
CIM Client
OES NetWare
CIMOM
Other Management Consoles
• Command Line• Open Standard• Scriptable
HTML
plugin
CIMXMLCIM Client
plugin
plugin
provider
provider
provider
provider
provider
provider
© Novell, Inc. All rights reserved.69
Open Enterprise Server Architecture
• First level bullet (24pt)– Second level bullet (20pt)
> Third level bullet (16pt)» Fourth level bullet (14pt)
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.