Tech Talk 13 By Ken Baker
Pull the Trigger
Enhancements in Novell Open Enterprise Server 2 SP2 Make Now the Time to Move to Linux
The March 7, 2010 general end-of-support date for NetWare is fast approaching, but if you haven’t made the move from NetWare to Linux, the latest support pack for Novell Open Enterprise Server 2 will likely convince you that now is the time to pull the upgrade trigger. Novell designed Support Pack 2 to deliver the updates and enhancements you’ve been waiting on to make the move to Linux. This article focuses on the Support Pack 2 features that make the move to Linux better than ever.
Cross-Protocol File Locking
With the perpetual focus on interoperability, Novell provided Linux support for the Apple Filing Protocol (AFP) and the Common Internet File System (CIFS) protocol in its first support pack for Novell Open Enterprise Server 2. While this protocol support enabled native network file services for Mac OS and Windows clients accessing a Linux server, this initial release had limitations in terms of cross-protocol file locking. Novell Open Enterprise Server 2 SP2 eliminates these limitations by providing secure file locking regardless of whether a user is using an NCP, AFP or CIFS client.
With the number of Mac users increasing in the enterprise and education sectors, cross-protocol file locking makes it easier for Mac and Windows users to share files. It also gives you greater flexibility in supporting your Windows users. Instead of requiring a whole group of users to either use the Novell NCP Client or go native with CIFS, you can now let individual users choose. (See Figure 1.)
Perhaps the greatest benefit cross-protocol file locking provides is the maintenance and hardware savings you'll gain through server consolidation. If you had been using these native file services protocols on your Linux servers previously, to prevent inadvertent file corruption, you had to segment your servers. For example, you might have one server running AFP to support your Mac users, another server running CIFS to support your native Windows users, and yet another server for Windows users using the NCP client. With the cross-protocol file locking in Novell Open Enterprise Server 2 SP2, you can consolidate these functions onto a single server to support all of your client scenarios.
When you deploy Novell Open Enterprise Server 2 SP2, cross-protocol file locking will automatically be turned on, enabling file share modes. Share modes prevent applications from incorrectly assuming that they have exclusive access to a file. They allow applications running from Samba clients, Novell AFP clients, Novell CIFS clients and NCP clients to specify whether or not they will allow other clients to read and/or write to a file while they are using it. The typical scenario for share modes allows other clients to read the same file, but not write to it while the primary client is using it.
If you don’t have plans to use multiple access protocols, you can disable cross-protocol file locking to increase server performance. For example, if a server will only be accessed through NCP—with neither AFP nor CIFS installed—you can achieve an NCP performance gain of about 10 percent by disabling cross-protocol file locking. However, you need to be aware that if you later install AFP or CIFS and forget to re-enable cross-protocol file locking, you create the potential for data corruption to occur. Additionally, your cross-protocol file locking settings have implications for clustering, since the cross-protocol file locking settings for clustered nodes must match.
To disable or re-enable cross-protocol file locking, you simply use Novell Remote Manager for Linux to do the following:
- Log in to the server as the root user
- Select Manage NCP Services|Manage Server to view the Server Parameter Information
- Click the link for the CROSS_PROTOCOL_LOCKS setting
- In the New Value field, enter a “0” to disable cross-protocol file locking or a “1” to enable it
- Click Change to save your new settings
If preferred, you can also disable or enable cross-protocol file locking by modifying the /etc/opt/novell/ncpserv.conf configuration file in a text editor and restarting the Novell eDirectory (ndsd) Daemon.
Another major enhancement Novell Open Enterprise Server 2 SP2 offers is the ability to provide real-time capturing and logging of events that occur in the NSS file system on your Linux servers. (See Figure 2.) In today’s regulated world, this can greatly facilitate compliance efforts by allowing you to audit who accessed which files on your NSS volumes and when they were accessed. This feature is provided via an NSS auditing engine that the service pack installs by default for NSS volumes. It also includes an application interface that auditing client applications can access in order to address specific compliance requirements.
Both Novell Sentinel and Novell Sentinel Log Manager take advantage of the NSS auditing interface for their data collection activities on Linux servers running Novell Open Enterprise Server 2 SP2. For real-time analysis of events, you can use Novell Sentinel to automate the process of monitoring, identifying and responding to policy violations across your enterprise, as well as delivering compliance metrics to demonstrate the effectiveness of your critical IT controls. If you just need the ability to monitor and capture events for future auditing, you can take advantage of the simplified compliance and security that Novell Sentinel Log Manager delivers.
Subscribe to Connection Magazine
In addition to supporting audits of NSS events on Linux servers, Novell Sentinel and Novell Sentinel Log Manager monitor and capture events from SUSE Linux Enterprise Server, Novell eDirectory, Novell iManager, Novell Identity Manager, Novell Access Manager, NetWare, NMAS, and a wide variety of operating systems, databases and security systems from vendors like Apache, Check Point, Cisco, HP, IBM, McAfee, Microsoft, Nortel, Oracle, Red Hat, SAP, Sun, Symantec and more.
Novell Sentinel and Novell Sentinel Log Manager support these solutions through a collection of connectors and collectors that provide remote protocol connections, as well as mapping, parsing, normalizing and enhancing collected audit data. If you already have Sentinel or Sentinel Log Manager, you can immediately start taking advantage of the NSS audit feature in Novell Open Enterprise Server 2 SP2 by visiting the Sentinel plugins Web site and downloading and installing the Sentinel Agent (found under the Utilities tab) and the Novell Open Enterprise Server Collector Pack (found under the Collectors tab). Detailed installation instructions can be found in the Sentinel Agent documentation also available on the plugins Web site.
Beyond NSS auditing and cross-protocol file locking, Novell Open Enterprise Server 2 SP2 delivers several other valuable enhancements. The first of these is that it is now based on SUSE Linux Enterprise Server 10 SP3. This enables you to take advantage of the latest, higher performing hardware, as well as a broader array of certified software applications.
Novell Open Enterprise Server 2 SP2 also adds Active Directory Support for Novell iFolder. This is big news for organizations with an AD infrastructure that have long wanted to let their users take advantage of iFolder’s ability to synchronize, back up, share and access their files no matter where they are or what machine they’re using. To take advantage of this new capability, during the installation process you simply choose Active Directory as the LDAP source for iFolder and then specify the AD server’s host name/IP address, LDAP port, and LDAP secure port.
The list of additional new features included in this latest support pack includes the following:
- iFolder and iPrint client support or Windows 7, Mac 10.6, and SUSE Linux Enterprise Desktop 11
- Support for universal printer drivers in iPrint
- The ability to access DFS Junctions through a CIFS connection
- Unified remote server navigation for FTP servers across the enterprise, providing automatic authentication if you change to a directory on another server; an enhanced installation process for Domain Services for Windows, focused on simplicity and usability
- Performance increases for AFP, NCP and Samba users
The Tools to Move
Making it easier than ever to move to Linux, the migration utilities for Novell Open Enterprise Server 2 SP2 have also been improved with superior error logging, better health checks, automatic population of fields with values used in previous upgrades and more.
Through its Move It program, Novell also continues to provide training and support tools that streamline the upgrade path, including an Upgrade Advisor Support offering that lets you engage the services of a designated support expert to assist you with upgrade-related issues for 90 days, a free on-demand training course designed to bridge your NetWare skills to Novell Open Enterprise Server 2, and a cost-effective services bundle that puts you on the fast track from NetWare to Open Enterprise Server with IT consulting, technical training and support expertise.
With the last of the major features being ported to Linux in this release, Novell Open Enterprise Server 2 SP2 is an excellent landing place for your move from NetWare to Linux. (See Figure 3.) It has everything you need from NetWare, while offering the smoothest and easiest upgrade for your investment. With the end-of-general- support date for NetWare just around the corner, there's every reason to start experiencing the benefits of Linux. Now more than ever, it’s time to pull the upgrade trigger with Novell Open Enterprise Server 2 SP2.