Novell NetWare

Novell NetWare


Brief Introduction of Novell NetWare

                                    The most popular network system in the PC world is Novell NetWare. It was designed to be used by companies downsizing from a mainframe to a network of PCs. In such systems, each user has a desktop PC functioning as a client. In addition, some number of powerful PCs operates as servers, providing file servers. Novell NetWare is based on the Client-Server model.


                        The physical and data link layers can be chosen from among various industry standards, including Ethernet, IBM Token Ring and ARCnet. The network layer runs an unreliable connectionless internetwork protocol called IPX. It passes packets transparently from source to destination, even if the source and destination are on different networks. IPX is functionally similar to IP, except that it uses 10-byte addresses instead of 4-byte addresses.

                        Above IPX comes a connection-oriented transport protocol called NCP (Network Core Protocol). NCP also provides various other services besides user data transport and is really the heart of Netware. A second protocol, SPX, is also available, but provides only transport. TCP is another option. Applications can choose any of them. The file system uses NCP and Lotus Notes uses SPX, for example. The session and the presentation layers do not exist. Various application protocols are present in the application layer.
            As in TCP/IP, the key to the entire architecture is the Internet datagram packet on top of which everything else is built.  

The checksum field is rarely used, since the underlying data link layer also provides the checksum. The packet length field tells how long the entire packet is, header plus data. The transport control field counts how many networks the packet has traversed. When this exceeds a maximum, the packet is discarded. The packet type field is used to mark various control packets. The two addresses each contain a 32-bit network number, a 48-bit machine number (the 802 LAN address), and 16-bit local address (socket) on that machine. Finally, we have the data, which occupy the rest of the packet, with the maximum size being determined by the underlying network.
            About once a minute, each server broadcasts a packet giving it’s address and telling what services it offers. These broadcasts use the SAP (Service Advertising Protocol) protocol. The packets are seen and collected by special agent processes running on the router machines. The agents use the information contained in them to construct databases of which servers are running where.
            When a client machine is booted, it broadcasts a request asking where the nearest server is. The agent on the local router machine sees this request, looks in it’s database of servers, and matches up the request with the best server. The choice of server to use is then sent back to the client. The client can now establish an NCP connection with the server. Using this connection, the client and server negotiate the maximum packet size. From this point on, the client can access the file system and other services using this connection. It can also query the server’s database to look for other servers.


An Introduction to Netware Directory Services:

                        Netware Directory Services (NDS), in its simplest terms, is a distributed database of network information. It contains information that defines every object on the network. Objects include network resources such as users, groups, printers, print queues, servers and volumes.

                        For each type of network entity that will operate on the network, an NDS object will be created. Each NDS object contains several properties, which are pieces of information that define the object. For example, a User object contains properties that define the user’s full name, his or her ID number, an e-mail address, group memberships, and so on. Each type of object, such as a user, print queue, or server, is referred to as an Object Class.

Categories of Object classes:

Root Object: The Root object is unique and is situated at the very top of the directory tree.

Container Object: These are objects that contain other objects. There are three available container classes: Country,  Organization, and Organizational Unit.

Leaf Objects: These objects represent the entities on the network leaf objects, such as users, servers, and volumes, cannot contain other objects.

NDS Schema:            The types of NDS objects, their properties, and the rules that govern their creation and existence are called the NDS schema. The schema defines which objects and properties are allowed in the NDS database, and determines how those objects can inherit properties and trustee rights of other container objects above it.

NDS Replicas and Partitions: Because the NDS database is common to all servers on the network, if the database itself were stored on only one server (with all other servers accessing it from that server), the entire network would be disabled if that server went down.

                        To prevent this single point of failure, Netware can create replicas of the NDS database and store those replicas on different servers. There are four types of replicas that can be created and stored on servers:

Master Replica:          The master replica is the only replica that can make changes to Directory partition, such as adding, merging, or deleting replicas. There is only one master replica per partition.

Read – Write replica: Read-Write replicas will accept requests to modify NDS objects. Any number of these replicas can exist in the network.

Read – Only replica:  The information in a read-only replica can be read, but not modified. Any number of these replicas can exist in the network.


Subordinate reference replica:  A subordinate reference replica exists on a server if that server holds a replica of a parent partition, but does not hold a replica of the child partition.


                        To create, delete, or merge partitions, you can use the Windows-based NetWare utility called NetWare Administrator or the DOS-based utility called PARTMGR.


Managing Users and Groups


                        Once installed the only user objects that exist in the tree are as follows:

-                      The Admin User object
-                      The Supervisor User object


                        Before users can began using the network, user accounts have to be created for each of them. In addition, users can be organized into groups to more easily manage security, printer assignments, and other issues that may affect many or all of the users in the same way. Login scripts and menus can also be created to make the network easier to use for the users.

Information required for the users:

Before a user can really work on the network, many of the following tools or characteristics must be set up:
1)      The user’s NDS account (which is an object for the user with its associated properties filled in, such as the user’s last name, full name, telephone number,  and so on).

2)      The user’s group memberships.

3)      A home directory for the user’s individual files.

4)      A login script that maps drives to directories and applications to which the user will need access.


5)      NDS trustee rights (to control how the user can see and use other NDS objects in the tree)

6)      File system trustee rights to the files and directories the user needs to work with (to regulate the user’s access and activities in those files and directories).


7)      Account restrictions, if necessary, to control when the users logs in, how often the user must change passwords, and so on.

8)      An e-mail account, if necessary.

9)      Access to network printers.

10)  A menu program to prevent the user from having to use commands at DOS prompt.


Creating Users and Groups:

                        Users are the individual people who have accounts on the network. Users are assigned to groups, so that security, login script commands and other things can be managed for many people simultaneously, rather than one-by-one.

                        To create a new user group on the network, the NetWare Administrator utility from a workstation should be used. The NetWare Administrator is a Windows- based NetWare utility, called NWADMIN.EXE, and located in SYS: PUBLIC. To run NetWare Administrator, its program icon is to be added to the workstation’s desktop.

                        The steps followed while creating users and groups are : Setting up the NetWare Administrator utility, creating a user from this utility by creating a user first from Object Menu and then creating a home directory for the user, creating groups and assigning group memberships to the user, using a user template to assign all the users some identical properties  etc.

Basic User Network activities:

                        In most cases, users on a network will notice very little difference from working on a stand-alone computer. The primary differences for most of users are that they have to enter a login name and password.

                        For most users, three Netware utilities will take care of their networking tasks:

-                      LOGIN
-                      LOGOUT
-                      Netware User Tools.



Logging in and out:

                        To log in to the network, the user uses the LOGIN utility at the DOS prompt and specifies a login name and a password. There are two ways to make sure LOGIN finds the user’s correct name context. The first way for the user to specify a complete name, all the way back to the root of the tree which can  be a little cumbersome. The other way is to specify the context in the NET.CFG file under the NetWare DOS Requester heading.

                        To logout, the user simply enters the command:
                        LOGOUT.



Using Netware User Tools:

                        NetWare includes a special utility, called NetWare User Tools that allows end users to perform their most common network tasks such as:

1)      Set up print queues and control how their print jobs are printed on the network.

2)      Send short messages to other network users.

3)      Map drive letters to network directories.

4)      Change passwords.

5)      Log in to and out of Directory trees and network servers (but without a login script executing).

6)      Change their own name context in the Directory tree.

7)      Edit user login scripts (DOS version only).
 

Network Security


                        NetWare uses several different types of security mechanisms to allow you to have control over your network’s security. Those types of security are as follows:

1)      Login security, which ensures that only authorized users can log in to the network.

2)      NDS security, which controls whether NDS objects, such as users, can see or manipulate other NDS objects and their properties.

3)      File system security, which controls whether users can see and work with files and directories.

4)      Intruder detection, which automatically detects someone trying to break into an account and locks them out.

5)      NCP Packet Signature, which prevents fraudulent packets from being forged on a network.

6)      Server protection, which includes ways to prevent unauthorized users from accessing the server.

Login Security:
                        Login security ensures that only authorized users can get into the network in the first place. Login security means that users are required to have valid user accounts and valid passwords.
                        Account restrictions can also be used to limit the times that users can log in, the workstations they can use, and such things as the length of their passwords and how frequently they must change their passwords. A tabular description of account restrictions is given below:



Restriction

Description

Login Restrictions
Control whether the account has an expiration date (which might be useful in situations such as schools, where the authorized users will change with each semester) and whether the user can be logged in from multiple workstations simultaneously.
Password restrictions
Control whether passwords are required, how often they must be changed, whether they must be unique so that users can’t reuse them, and how many grace logins a user can have before being locked out of the account.
Login time restrictions
Control the times of day by which users must be logged out of the network. By default, users can be logged in at any time; there are no restrictions.
Network Address restrictions
Control which network addresses (workstations) a user can use to log in. by default, there are no restrictions on addresses.


                        To make the information about the objects in your tree secure, you can use NDS trustee rights to control how objects in the tree can work with other objects and their properties. NDS trustee rights  are permissions that allow users or objects to perform tasks such as viewing other objects, changing their properties, deleting them, and so on.

                        There are two types of NDS trustee rights. Object rights  control how the user works with the object but don’t affect whether the user can see or work with the object’s properties. These are listed below.



NDS Object rights :


NDS Object Right

Description

Supervisor
Grants the trustee all NDS rights to the object and all of its properties. It can be blocked by the inherited rights filter.
Browse
Allows the trustee to see the object in the NDS tree
Create
Allows the trustee to create a new object in this container.
Delete
Allows the trustee to delete an object
Rename
Allows the trustee to change the object’s name.




NDS Property Right

Description

Supervisor
Grants the trustee all NDS rights to the property. It can be blocked by the inherited rights filter.
Compare
Allows the trustee to compare the value of this property to a value the user specifies in a search.
Read
Allows the trustee to see the value of this property.
Write
Allows the trustee to add, modify or delete the value of this property.
Add or delete self
Allow trustees to add or remove themselves as a value of this property. This right only applies to properties that list user objects as values, such as group membership list or the access control list.




File System Security:

                           File System Security ensures that users can only access the files and directories, which are to be seen and used. There are two different types of security tools that you can implement in the file system, either together or separately to protect the files:


File System Trustee Rights:

  These are assigned to user and groups just as NDS object rights and NDSproperty rights control what users can do with other objects, file system trustee rights control what each user or group can do with the file or directory.

Attributes which you can assign directly to files and directories. Unlike file system rights, which are specific to different users and groups, attributes belong to the file or directory, and they control the activities of all the users, regardless of those users file trustee rights.





File System Right

Abbreviation

Description

Read
R
Directory: allows the trustee to open and read files in the directory.
File: allows the trustee to open and read the file.
Write
W
Directory: allows the trustee to open and write to files in the directory.
File: allows the trustee to open and write to the file.
Create
C
Directory: allows the trustee to create sub directories and files in the directory.
File: allows the trustee to salvage the file if it was deleted.
Erase
E
Directory: allows the trustee to delete the directory and it’s files and sub directories.
File: allows the trustee to delete the file.
Modify
M
Directory: allows the trustee to change the name, directory attributes, and file attributes of the directory and it’s files and sub directories.
File: allows the trustee to change the file’s name and file attributes.
File Scan
F
Directory: allows the trustee to see the names of the files and sub directories within the directory.
File: allows the trustee to see the name of the file.
Access control
A
Directory: allows the trustee to change the directory’s IRF and trustee assignments.
File: allows the trustee to change the file’s IRF and trustee assignments.
Supervisor
S
Directory: grants the trustee all rights to the directory, it’s files, and it’s sub directories. It cannot be blocked by an IRF.
File: grants the trustee all rights to the file. It cannot be blocked by an IRF.


The other security features are assigning various attributes to files and directories such as hidden, purge, rename, system, don’t, immediate, archive, execute only, read-write, read-only, shareable, transactional, copy inhibit etc., intruder detection – the feature by which NetWare can detect if an unauthorized user is trying to break into the network by locking the user accounts after a given number of login accounts, server protection in various ways such as locking the server in a separate room, lock the server’s console with MONITOR.NLM, prevent loadable modules from being loaded from anywhere but SYS:SYSTEM by using the SECURE CONSOLE command at server’s console, etc.

File Management:

                        File management in Netware includes the following features:

1)      Planning the file system – to consider how the file system will be structured when you first set up your server

2)      Managing the directories that are created automatically – some directories are created automatically when NetWare is installed, which contain the files that are needed to run and manage NetWare such as LOGIN, SYSTEM, PUBLIC etc.

3)      Creation of application directories such as APPS which contain word-processing, spreadsheet and other applications.

4)      Creation of DOS and WINDOWS directories – to enable setting up of workstations so that they run DOS or WINDOWS from a network directory.

5)      File Compression and Block sub allocation – to save the server’s hard disk space.

6)      Purging and Salvaging files: to remove unnecessary files and recover deleted files etc.

The other features include backing up and restoring files, working with volumes, protecting databases with TTS and managing files and directories.

s
Other Important features that must be considered as a part of Novell Netware:

The features that are considered primary for setting up Netware and make it working up to it’s fullest extent are discussed as follows:

a)      Setting up Netware print services – the services which take care of printing jobs in the network.

b)      Managing Protocols: the features of NetWare which implement various layers of OSI model

c)      Disaster Planning and Recovery: Various feature provided with Novell Netware which take care of recovering the data and system information in cases of catastrophic failures.

 

Conclusion



                        Novell Netware support a variety of different file protocols, all of which are standards in their own markets, file protocols allow different client machines to communicate with the Netware file system.

                        With Netware (version 6), iMac can be plugged into the network and immediately begin accessing files off a Netware server without installing any additional client software. The same holds true for a Windows client, a UNIX workstation, an FTP client, or a Web browser. The emphasis is to work within an existing infrastructure, capitalizing on the strengths of each platform and clients, not to rip out the existing infrastructure and replace it with a one-size-fits all solution.

Four things are certain about computing for the future: users will no longer be tied to a work station, security will become more critical, systems must become easier to manage, and users will expect systems to run non-stop.

Netware delivers the tools you need to access, secure and control your information in today’s one Net world.

References


1.    Novell’s Netware Administrator’s Handbook
 By Kelley J.P. Lindberg.

2.    Network magazine – Network Review Vol IV and V

3.   Novell’s Four Principles of NDS Design  
By Jeffrey F. Hughes and Blair W. Thomas.

4.    Computer Networks by
By Andrew S. Tanenbaum

0 comments:

Post a Comment