Insights on the Enhancements in Novell Open Enterprise Server 2 SP3
Written by Ken Baker
The upcoming release of Novell Open Enterprise Server 2 SP3 is all about greater simplicity, manageability, performance and reliability. To get a behind-the-scenes perspective on how the product’s new services and features deliver these benefits, Novell Connection talked with Haripriya S., a Distinguished Engineer at Novell, and Glen Davis, Novell Product Manager.
The most exciting aspects of Novell Open Enterprise Server 2 SP3 come from the enhancements in Domain Services for Windows that make it more enterprise-ready and easier to roll out to existing eDirectory deployments.
Enterprise-Ready Domain Services
According to Haripriya, some of the most exciting aspects of Novell Open Enterprise Server 2 SP3 come from the enhancements in Domain Services for Windows that make it more enterprise-ready and easier to roll out to existing eDirectory deployments. In the past you had to create a partition in your directory tree for each Active Directory (AD) domain. This meant that only the users within that partition could belong to that AD domain.
This configuration and management hurdle made it difficult for some mixed environments to take advantage of the benefits that Domain Services for Windows delivers. With the release of Novell Open Enterprise Server 2 SP3, that hurdle has been removed. (See Figure 1.) Now the AD domains provided by Domain Services for Windows can span multiple partitions, allowing users anywhere in your eDirectory tree to use the AD authentication that it provides.
“In the past, you could not combine multiple partitions into a single domain,” Haripriya says. “SP3 lets you start a domain at any partition root in the tree and include other partitions within that tree as well. This makes it much easier for enterprises to map their Domain Services for Windows domains to a normal AD domain directory. It also makes it easier to map traditional eDirectory trees into more of a domain design, which allows you to maintain consistent domain mapping when you have sites across multiple countries or domains.”
Davis indicates that Novell Open Enterprise Server 2 SP3 also adds a number of other enhancements that makes Domain Services for Windows easier for enterprises to deploy. The first of these is the removal of the old requirement to have a master replica of the root of the tree. A second enhancement is that your AD domain name no longer needs to be the same as the name of your eDirectory container. Your domain hierarchy can also now be different from your eDirectory hierarchy. Additionally, Domain Services for Windows has the ability to add a second DNS server to your AD domain controller. This provides you with a level of fault tolerance, so if one DNS server goes down you have another one to back it up. And finally, Windows 2008 Member server support has been added to Domain Services for Windows.
File Service Improvements
Novell Open Enterprise Server 2 SP3 delivers a number of new file service improvements, especially in the area of enhanced CIFS support. One of these is support for NTLM version 2 in CIFS, which gives you a more secure way to authenticate. “The NTLM 2 support simplifies administration efforts since it’s the default security mechanism for both Windows Vista and Windows 7,” Haripriya says. “Now that Novell Open Enterprise Server matches that default security, you don’t have to make any changes on your clients to let users take advantage of the native Windows access in CIFS.”
As an additional security enhancement, Novell Open Enterprise Server 2 SP3 supports Novell Modular Authentication Services (NMAS) in CIFS on the server side. So instead of retrieving a password from eDirectory to authenticate, CIFS trusts eDirectory to validate the user using NMAS in a secure fashion.
In terms of simplifying the administration of CIFS users, top-level LDAP context sub-tree search has been added to Novell Open Enterprise Server 2 SP3. This allows CIFS to search for users in the entire base context. To enable it, you first enter novcifs -y yes in the command line and then add the base context through the iManager CIFS plug-in.
Novell Open Enterprise Server 2 SP3 also delivers CIFS support for Windows 7 “offline folders” connecting to a Novell Open Enterprise Server file share. This shows the level of commitment Novell has to interoperate with Microsoft Desktop features.
But the biggest enhancement in the CIFS area is support for Dynamic Storage Technology on Novell Storage Services (NSS) volumes. In the past you had to use the NCP client to take advantage of Dynamic Storage Technology’s ability to dynamically allocate and optimize your storage resources on Novell Open Enterprise Server. (See Figure 2.) Now your users can just use their native Windows CIFS client. To leverage this capability, you need to install NSS when you install your CIFS server and Dynamic Storage Technology.
In the area of other file service improvements, you can now have multiple instances of FTP running on a server. This is particularly beneficial for cluster environments where a user might have an FTP share on one cluster resource and an additional FTP share on a second cluster resource. With Open Enterprise Server 2 SP3, if one of those cluster resources happens to fail over to the other cluster resource, there won’t be a problem with those different FTP instances running on the same server.
Another FTP improvement is that you have greater flexibility in configuring users’ default home directories. An FTP session used to default to the user’s home directory on Linux, but now you can have the home directory on a more traditional NSS home directory, a different partition or some other desired location.
The biggest enhancement in the CIFS area is support for Dynamic Storage Technology on NSS volumes.
Easier Management, Enhanced Security
Davis reports that one of the most popular features among beta users of Novell Open Enterprise Server 2 SP3 has been the consolidation of proxy users. Previously, you had to have a different proxy user for every service you installed on your server. So, you would have a different proxy user for AFP, CIFS, DHCP, and so on. Sometimes you would end up with several of these different proxy users per tree, which could make management quite difficult. With consolidation, all of your services will authenticate through a single proxy user per server, greatly simplifying administration.
In addition to the consolidation of the proxy service users, Novell Open Enterprise Server now automatically manages the passwords for those proxy users. This can provide significant administration relief, especially if your organization has policies that require users’ passwords to change at specified intervals. According to your policies, Novell Open Enterprise Server can automatically generate new passwords for these service-level proxy users as needed, so you no longer have to worry about them.