B ased on the ICEcore open source project, Novell Teaming and Novell Teaming + Conferencing provide an open collaboration framework that, as the names suggest, consist of two technologies that work closely together to deliver integrated teaming and conferencing functionality. This is the first in a two-part series that takes a deep dive look at these solutions, with this article focusing on implementing the teaming component.
Novell Teaming creates an online environment that empowers individuals in an organization to work together more effectively and productively. It facilitates the creation of virtual teams based on the match between skills, availability and business need, rather than proximity or org charts. With Teaming, users can create teaming workspaces to collaborate on their projects. It enables enterprise social networking by bringing the right people together to handle business challenges.
> Follow the Directions
According to consulting specialists experienced in deploying Novell Teaming and its predecessor products, one mistake clients often make is jumping into a deployment based on existing knowledge about some of its component technologies. The reality is that Novell Teaming combines a number of open technologies in unique ways, and it pays to invest a little time understanding these components and Novell's specific recommendations for installing and deploying them by reading the installation instructions in the documentation. In many cases, making Novell Teaming components work together correctly hinges on maintaining the login names, usernames, permissions, file structures and a variety of other configuration components in accordance with the installations default parameters.
>Things to Know Before You Install
Whether you're experienced in deploying open source technologies or new to the components in the following list, you'll benefit from a brief component review before beginning the installation process. Novell Teaming runs on Novell Open Enterprise Server 2, SUSE Linux Enterprise Server 10 SP1 or Windows 2003 Server. It requires the following components:
- Liferay portal system
- Tomcat application server
- Lucene index server
- Java Development Kit (JDK)
- Database Management System
The Liferay portal, the Lucene index server and Tomcat are all included in Novell Teaming.
The Lucene index server is an open source information retrieval library that provides full text and searching capability for Novell Teaming. As content is added to the system, it is parsed for indexing. The Lucene index server then provides fast access to all of this contentincluding text within most document typesfor both simple and complex searches.
Novell Teaming creates an online environment that empowers individuals in an organization to work together more effectively and productively.
The Liferay portal,a popular open source enterprise portal solution, provides a core set of functions for delivering the user interface. Novell Teaming is served up to the user in small and full-page portlets that display inside of a container within the Liferay portal. (See Figure 1.) The Liferay portal manages the initial authentication into the teaming environment. Liferay, along with its bundled Tomcat application server, delivers Novell iChain and Novell Access Manager integration, load balancing and other standard Web application features.
Liferay also provides a good framework for additional Web services by allowing you to provision other JSR-168 portlets along with your Novell Teaming portlets. If you have already deployed Liferay in your organization, youll have to complete a new installation of the Liferay portal for Novell Teaming. Support for deploying Novell Teaming into an existing Liferay portal (and other JSR-168 portals) will be available in the future.
If you plan to run Novell Teaming on Novell Open Enterprise Server 2 or SUSE Linux Enterprise Server 10 SP1, you can take advantage of the MySQL and JDK components that are available in the distribution. Novell Open Enterprise Server 1 (which is based on SUSE Linux Enterprise Server 9) and SUSE Linux Enterprise Server 10 do not include the updated versions of these components required by Novell Teaming. Note that the version of My SQL included in SUSE Linux Enterprise Server 10 SP1 (MySQL 5.0.26) is sufficient to deploy Novell Teaming, despite the warning the installer gives you. You can also download and install a later 5.0.x version of MySQL from the MySQL Web site. Do not download and install MySQL 5.1, as it is not yet supported.
SUSE Linux Enterprise Server 10 SP1 delivers both the default SUN 1.4.2 JVM and an IBM 1.5 JVM. Make sure you use the IBM 1.5 JDK and not the SUN 1.4.2 JVM. To get the IBM JDK, be sure to deploy the JRE to get the core Java functionality and the -devel rpm to get the JDK functionality. If you choose to, you can download and install the SUN 1.5 JDK from the SUN Web site. Do not download and install a 1.6 JVM, as it is not yet supported.
The final installation prerequisite is to increase the Linux open file limits that are established by default when you install Novell Open Enterprise Server or SUSE Linux Enterprise Server. To increase the limits, use a text editor to open the file /etc/security/limits.conf and add the following lines to the bottom of the list:
- hard nofile 65535
- soft nofile 4096
Use the following four main steps to install Novell Teaming.
- Install the JDKMake sure its a supported version of the JDK, as described above. For a large deployment, consider using a 64-bit JDK to give you increased memory allocation and better performance. After you install the JDK, be sure to set the JAVA_HOME environment variable. For example, in Linux it might be export JAVA_HOME=/usr/java/jdk_1.5.0_11 and in Windows it could be JAVA_HOME=C:\Program Files\Java\jdk1.5.0_11. You should set the location of the JDK by editing the Environment section of the installer.xml file.
- Install and Configure the Database ServerWhile the default database for Novell Teaming on both Linux and Windows is MySQL, it also supports Oracle 9 and Oracle 10 on both Linux and Windows, and SQL Server 2000 or SQL Server 2005 on Windows. Because Novell Teaming is a Unicode-enabled application, the database character set must be set to either UTF8 or AL32UTF8 for proper operation. Novell Teaming and the Liferay portal use separate databases within the database server. If your database user has sufficient privileges to create the Liferay and the Teaming databases on the database server and make necessary schema changes, then the installation process will be able to create the databases and associated schemas with little user invention. If the database user doesnt have sufficient rights, part of this process will need to be performed manually. The databases in Novell Teaming have modest disk storage requirements because they are primarily used for storing metadata and descriptive text. Folder entries are stored as files. The documentation contains a formula that can be used as a guideline for determining disk space requirements.
- Edit the installer.xml FileThe installer.xml file provides the Novell Teaming installer with detailed configuration information regarding network, memory, database, file system, e-mail, presence and other settings. Use the file named sample-installer.xml as a template for the installer.xml file. Make the necessary configuration edits to this file and then rename it or copy it to installer.xml. If you are doing an upgrade from a previous version, make any necessary edits to your existing installer.xml file and place it in the same directory as the installer program.
- Run the InstallerWhen you run the installer, you will be presented with a variety of different options, one of which is Full Install. Selecting this option will install the Novell Teaming application software, create the Novell Teaming databases and set up the initial portal. (See Figure 2.)
> Directory Integration
While Novell Teaming allows you to create groups and users locally within the solution, if youre already using an LDAP directory, it makes sense to leverage it. The directory integration in the solution supports secure LDAP authentication to both Novell eDirectory and Microsoft Active Directory.
In the case of eDirectory, before you configure LDAP authentication, you need to know the following:
- The hostname of an LDAP server where an eDirectory replica is available
- The port number used for LDAP connections to the server, which is usually 389 for non-SSL or 636 for SSL communication
- The eDirectory context location of the users that will have Teaming accounts created for them (LDAP format)
- An eDirectory username and password with sufficient rights to read the user objects in the specified eDirectory context
When configuring LDAP authentication, it must be done for both the Liferay portal and Novell Teaming. A frequent mistake made in the past is that administrators configured LDAP for Novell Teaming, but forgot to configure LDAP for the Liferay portal as well. Liferay is configured from within the Liferay Enterprise Admin portlet, and Novell Teaming is configured from the Teaming Administration portlet.
When configuring LDAP authentication, it must be done for both the Liferay portal and Novell Teaming.
As you test Novell Teaming, there are a few LDAP-related gotchas that sometimes surface in a test environment, but not in a production environment. The first one deals with the change password upon first login default setting in eDirectory. If you dont disable that setting when you create users in eDirectory for your test environment, that user wont be accessible after you synchronize your directory with Novell Teaming. The reason for this is that Novell Teaming does not yet support the change password upon first login setting and doesnt recognize that the password needs to be reset. To avoid this problem, you can simply synchronize with a set of real users. If you want to create new users for your test, be sure that the change password upon first login default is not set.
Another test environment gotcha deals with SSL certificates. The documentation does a nice job of explaining the particulars of configuring SSL, including making sure you have openSSL available at the command line, inserting secure certificates in the key store, and so on; however, the documentation assumes you will be working with certificates issued from a valid certificate authority, which is not always the case in a test environment. If youre not using valid SSL certificates in your test environment, you need to set up a test certifying authority for your test certificates and add that certifying authority to the cert file on the server where Novell Teaming is installed.
One last recommendation for the test environment: dont use admin as your first test account. Since the admin user needs to be able to log into the system even if LDAP happens to experience problems, it is treated differently than other users in Novell Teaming.
> Clustering and Load Balancing
To increase availability, scalability and performance, you can add clustering and load balancing to your Novell Teaming environment. While you can only run one instance of the database and indexing service, you can run multiple instances of the teaming application and portal software. To set up Novell Teaming with clustering and load balancing, youll want to adhere to the following guidelines:
- Shared file storageSet up a shared file storage that is accessible to all nodes in a manner supported by your chosen platform.
- Lucene Index ServerIn a clustered environment, you need to install the Lucene index server on a machine other than the one running Novell Teaming, because all of the cluster nodes will share this index server. The documentation explains how to set up a stand-alone Lucene index server.
- Synchronized time serviceNovell strongly recommends the use of a synchronized time service in the cluster to make sure all nodes remain set to the same time.
- Novell Teaming on each nodeNovell Teaming and the Liferay portal should be installed on each node in the cluster.
- Single database initialization scriptSince all the nodes in the cluster will share the same database server, the database-initialization SQL scripts should not be executed more than once. Running the database initialization script on multiple cluster nodes can cause the database to be overwritten. To make sure you configure the script to initialize only once, use the installers Full Install option on the first cluster node and then use the Update option on all other cluster nodes. (See Figure 2.)
- Same installer.xml fileTo ensure that all cluster nodes are configured uniformly, set up your cluster so that each node can use the same installer.xml file. In addition, the following settings must be uniform across the cluster:
- The database connection settings on each node need to be configured to use the same database.
- All the file system settings need to point to the same shared file storage server.
- The network settings (e.g., name and port) need to be set to the name of the LOAD BALANCER system.
- In the Lucene section, set luceneLocation="server" and set lucene.index.hostname to the hostname of the machine on which you installed the Lucene index server.
- Portal configured for clusteringThe Novell Teaming portal needs to be configured to work in a clustered environment. Instructions on how to do this for the Liferay portal can be found at wiki.liferay.com.
- Configure the load balancerA variety of load balancing solutions will work with your Novell Teaming environment. For example, Novell uses Novell iChain in its production environment for the load balancer in conjunction with a Layer 4 switch. Additionally, the Novell Teaming documentation provides a sample configuration of a widely used sticky session technique that leverages the balancer module built into Apache 2.2.4.
> Security Considerations
In addition to the basic security controls you normally implement at the hardware and software level for your environment, youll also want to take advantage of the solutions access control features. Access control in Novell Teaming uses roles to determine how different users can view and participate in different workspaces. While you can add your own custom-defined roles, the solution includes the following predefined roles:
- Site AdministratorBy default, site administrators have every access right for every workspace and folder.
- Workspace and Folder AdministratorWorkspace and folder administrators have every access right for the specific workspaces and folders for which they are responsible.
- Team MemberFor any workspaces or folders in which they are members, team members have the ability to add comments, add folders, add workspaces, create entries, delete entries, modify entries, read entries, generate reports and manage community tags.
- ParticipantFor any workspaces or folders in which they participate, participants have the ability to add comments, create entries, delete their own entries, modify their own entries and read entries.
- VisitorFor any workspaces or folders they have authorization to visit, visitors can add comments or read entries.
- Workspace CreatorBy default, all users are assigned the role of workspace creator in team workspaces, which gives them the right to create new team workspaces.
Global workspaces are meant to be managed by a central site or workspace administrator. This ensures that global workspaces can consistently reflect the enterprise structure or business goals. However, in a team workspace tree, all your users inherit the role of workspace creator by default, allowing them to create and name team workspaces as needed. If you want a more structured teaming environment, you can change this default to allow only specific users to be workspace creators. (See Figure 3.)
As you consider how to structure your Teaming environment, remember that the default access control settings have been configured to facilitate quick team formation and open communication. This configuration is based on the assumption that workspaces will be used primarily for sharing information. As a result, many default access rights lean toward allowing at least universal read access. You should decide what makes sense for your organization, based on its unique values and needs, and then adjust the access control settings accordingly.
When assigning roles, Novell recommends that you assign them to groups rather than individuals. This simplifies management and will eliminate the need to manually rescind access to multiple workspaces when individuals change roles or leave the organization. Also, take advantage of and be mindful of the solutions access control inheritance capability.
To increase availability, scalability and performance, you can add clustering and load balancing to your Novell Teaming environment.
One of the best security practices you can implement is to train all of your Administrators and Workspace Creators how to protect sensitive information in their workspaces. By default, Visitors can view any workspace. If someone creates a workspace that is going to contain sensitive information, access to it should be limited. Also, if your workspaces will be accessible to people outside of your organization, you may want to hide the contact information for your team members, which is visible by default.
You should examine a few other security considerations that are covered in the documentation, just as there are more details on how to successfully implement Novell Teaming. As mentioned previously, the implementation for Novell Teaming is really straightforward, and taking advantage of the information in the documentation can help ensure that youll be able to roll out the system without a hitch. Once you do, you'll find that your users get the most out of the workspace collaboration and workflow capabilities it offers. Once the product is successfully installed, you'll have an open and effective collaboration environment that enables your individuals to succeed, your teams to thrive and your organization to enjoy unparalleled business success.