Behind the Scenes with Novell Connecting Points: Part III
Novell Cool Solutions: Feature
By Karen L. Grant
Digg This -
Posted: 13 Dec 2000
After major tradeshows like Comdex and Brainshare, we always receive a lot of e-mail asking for details about how the Connecting Points network is set up. Our readers are very impressed with the tight security, reliability, and scalability of these temporary networks that take such a huge pounding throughout these events, and wonder what kinds of tricks are being used behind the scenes. Not that any of you have exactly this kind of network (knock on wood...), but you never know what you might be able to use.
Here's the third part of a three-part series that reveals how it's done. Part One was all about Planning the Tradeshow Networks. Part Two was all about Setting up the Connecting Points Servers. If you have further questions, let us know and we'll try to corner this frequent-flying team and get more info.
Setting Up Connecting Points Clients
It's opening day of Fall Comdex, and excitement is in the air. You've got your big "shopping bag" and you're grabbing every free tee-shirt, squeezy stress ball, and brightly colored water jug you can find. Around every corner you find contests to enter...hey, who needs slot machines when you have Comdex to attend? And how about those Spice Girls, uh I mean, Device Girls? Now, that's entertainment at its finest! What a job. A great diversion after all those late nights you've spent at the office. But there's a couple of people you won't find taking in the sights of Comdex and that's the Novell Tradeshow team. They're the ones tucked away in the Network Operations Center (NOC) ensuring Novell Connecting Points is up and running.
Says Gary Norton, Novell Tradeshow team member, "When we do Brainshare where we have 300 machines, 2000 wireless cards, and all the machines in our tech labs. You may think, that's 7,000 users--no big deal. But then when you step back and look at simultaneous connections and the duration of those connections you will see at any given time we have 2,500 live connections at 100 percent of the time. And not only that, our system is fast. All of a sudden a little 7,000 user show becomes very impressive." Yep, those Novell tradeshow people are busy.
In Part One of this series I described the planning process through which the Novell Tradeshow team undergoes before a big tech show. In Part Two I told you about how the team sets up and configures servers for Connecting Points. So, now let's see how the team gets the clients up and going.
- Getting the Client Hardware Ready
- Configuring the Master Client
- Installing and Configuring ZENworks for Desktops
- Assigning Rights for Users
- Installing Custom Programs
- Installing Software to Simplify the Screen
- Installing Software to Customize Client Settings
- Creating a Guest User Account
- Installing WebAccess and GroupWise Login Software
- Installing Software to Clean Up the Client
- Changing the Wallpaper
- Configuring the Browser
- Building a Backdoor
- Turning Off Autologin
- Double-checking the Master Client Configuration
- Making the Final Touches
- It's Testing Time
- It's Show Time!
- About the Author
During the planning process the team defines the number of clients needed. This number is dictated by the size of the show and by good, old fashioned past-experience. The team then sets out to gather the needed hardware. As mentioned in Part Two, this task can be very time consuming since the equipment is often spread around the four corners of the earth.
Once the hardware is gathered together, it is set up and tested to ensure each piece is working. The machines are then cleaned up, with all the software being removed. In addition, the BIOS for each machine is standardized to one version.
Shawn Bezzant, the tradeshow team member responsible for Connecting Point clients, configures a master client with the prerequisite software, which includes Win 98 Second Edition, a NIC card, Novell NetWare 5 client, GroupWise client, and Netscape Navigator version 4.x (any version of Netscape later than 4.0). Later on, he will use Norton Ghost to create an image of the master client and then push the image out to all the Connecting Point client machines. When ZENworks 3 is released, Shawn plans on using it to create and push down the master client image to the Connecting Points clients.
Note--For all shows, with the exception of Brainshare, Shawn installs GroupWise Web Access. At Brainshare, he installs the actual GroupWise client (not GroupWise WebAccess) and relies on internal programs to automate the login to GroupWise, similar to the automated GroupWise WebAccess login.
Usually, the servers and clients are configured in Utah prior to sending them to a tradeshow. However, there are some things that can only be configured on the clients at the show, such as the proxy, printer addresses, and e-mail context.
With prerequisite software installed on the master client, Shawn is ready to start installing his custom programs. But before he can finalize the configuration of the clients, he must first install ZENworks on the Connecting Points servers.
At this point, the Connecting Points servers are set up and in the process of being tested by Gary Norton. Shawn installs ZENworks for Desktops on the servers in the NDS ring, which consists of servers that have an NDS partition , or have at least one server in each partition (for more on the NDS ring see Part Two of this series).
Novell ZENworks is a great tool. In fact, I think it is one of the best things to happen to the networking world.. And I'm not the only one who feels that way! Says Gary, "With NDS-V8 and ZENworks our traditional workload has been simplified by 700 to 800 percent." That's pretty significant. Shawn adds, "My first show was Comdex '97. We had about 25 people working on this 250,000 user show. Now, we have four people and a manager to do the same thing. ZEN has played a part in that. Before ZENworks I would have to manually go to each Connecting Points workstation and make my changes. Now I put it in one place and let ZEN do all the work for me."
ZENworks has saved the reputation of Connecting Points many times. For example, at Fall Comdex a couple of years ago, the Novell tradeshow team discovered within the first hour of the show a problem of gargantuan proportions. It seems the registration company encoded the badges of international attendees differently than domestic attendees, and, unfortunately, forgot to let the Novell tradeshow people know about it. Shawn had to quickly whip up a new login program. Then, using ZENworks and NAL, he pushed the new login program to all 300 clients. Very few Comdex attendees ever knew there was a problem. ZEN saved the day!
Well, back to Shawn...after installing ZENworks for Desktops on the servers, Shawn gives all users Read and File Scan Access rights to the \sys\public directory on one of the servers in the NDS ring. He then creates a new directory under Sys:Public where he can place files that need to be pushed down with the NAL feature of ZENworks. Remember, Novell oftentimes uses Connecting Points to test (and show off) new, unreleased software. As bugs are found and fixed, Shawn pushes patches down to the clients. Users need read and file scan rights to the new directory, and they automatically have it because it is under the SYS:Public directory.
Shawn is now ready to start building the Connecting Points master client. I have been impressed with the tradeshow team's ability to find ways to make their system do what they want it to do. In the past, they have had to do some custom programming. Says Shawn, "People say, 'Where can I buy the software that you have to make your client look the way it looks?' But I tell them it's not for sale; it's just not standard software that a company would want--it just happens to work for me." He adds, "Fortunately, the Client (developing) team has been implementing some of the functionality that we've put in with our own proprietary software. Our Client team will soon be able to give package solutions to do what we do. And that's what we'll be using in the future. Novell will say here's some package solutions, go to our site, we'll show you how to put it together and give you the solution you need." Now, that's something to look forward to.
Shawn creates a c:\apps\ncp directory, which will house his custom programs. He then installs his custom program fence.exe. The Front End NetWare Client Environment program (or fence.exe) replaces the Windows shell (explorer.exe) in Win 95/98. Fence simplifies the appearance of the desktop by removing the icons and status bar. All the user sees is the background screen. In addition, Fence contains custom code to authenticate the user into the NDS tree and accommodates multiple methods of authentication, such as logging in manually, ID cards, and Smart cards. When authenticating from information on a card, Fence automatically takes the data from the card and passes it to NDS. Once the user is authenticated, Fence launches NAL.
After Fence is installed, Shawn creates and copies the fence.txt file into the c:\apps\ncp directory. Fence.txt specifies the programs that Shawn wants to start after the client authenticates to NDS. In the fence.txt file, he replaces the reference to explorer.exe in the Windows directory with fence.exe. He then edits the system.ini file and replaces the reference to explorer.exe with fence.exe.
After installing Fence, Shawn installs frontgate.exe into the c:\apps\ncp directory. Frontgate places customized settings for the client environment in the Windows registry. These customized registry settings are used by Fence, Netscape, and other custom programs, and includes form settings, user settings, Netscape settings, card swipe settings, command settings, and Web link settings. With Frontgate Shawn can:
- Customize the appearance of the login screen used by Fence
- Designate which tree Fence logs into
- Define the context for that tree
- Identify the default user if the client fails to authenticate
Frontgate provides a single place where all the client configuration is stored.
After Shawn installs Frontgate, he creates a default (guest) user account that provides limited access, such as access to the Web and Word. The default user allows access for attendees who either did not preregister or who registered late. In either case, such attendees don't have user accounts. In the past, these attendees have become frustrated or confused about why they couldn't login. With the default user account, they can get Web access, but not access to GroupWise. Observation has shown the tradeshow team that most attendees use Connecting Points for Web access and e-mail. Many users can have multiple e-mail accounts and most of those are accessible via the Web. Access to the Internet does not require a separate authenticated NDS account. Thus, the default user is the ideal solution to the problem of accommodating late-registering attendees. Shawn uses frontgate.exe to set up the user id and password for the default user. He then adjusts the form, user, Netscape, command, and webrun settings to conform to what was predefined by the tradeshow team during the planning session.
Shawn installs WebRun56 into the c:\apps\ncp directory. WebRun56 passes the user id and password through the browser to provide GroupWise WebAaccess. Because it is a secure session, GroupWise WebAccess requires a user ID and password. But the user id and password are usually numbers and are not known by the attendee. When an attendee clicks on the GroupWise WebAccess button on a Connecting Points client, WebRun56 launches the browser and brings up the correct login page for GroupWise WebAccess. WebRun56 then passes in the correct user ID and password to GroupWise WebAccess, which automates the login process. The GroupWise password and user ID are the same as the NDS password and user ID. WebRun56 then logs the user into GroupWise.
After installing WebRun56, Shawn copies the webrun.txt file into the c:\apps\ncp directory. Webrun.txt contains the URL to the WebAccess server and also the IP address of the server. Shawn edits webrun.txt to add the proper path to the WebAccess URL. Having the IP address of the WebAccess server allows it to be pinged to see if it is up. If the server is not up, WebRun56 pings another server to see if it is up. And so on. At most shows, the tradeshow team has three or four WebAccess servers running because they don't want 150 users accessing the same server at the same time. That could create a bottleneck, not to mention a bad headache. Shawn wants to spread the load for each WebAccess server, and he does it by adding some randomization functionality to WebRun56. WebRun56 randomly picks one of the WebAccess servers for each WebAccess request. So, WebRun56 provides not only fault tolerance, but also load balancing for the WebAccess servers.
Shawn installs cleanup.exe into the c:\apps\ncp directory. Cleanup removes any changes made to the client during a user's session. It cleans up any history in Netscape, any mail left on the machine, anything they've done in Word, and any files that have been downloaded. Cleanup returns the client machine back to the state it was in before the first attendee used it. In addition, Cleanup keeps the hard drive from being loaded up and resets the Windows registry back to the defaults. When a user logs out from a Connecting Points client, Cleanup automatically runs.
After installing Cleanup, Shawn copies the cleanup.txt file into the c:\apps\ncp directory and edits it to specify the tasks to be performed upon shutdown.
After installing and configuring all the custom programs, Shawn creates a c:\temp directory and a c:\windows\reg directory on the client. He then copies the default registry files from a storage volume on the server into the c:\windows\reg directory. These default registry files or keys are the ones that cleanup.exe copies over the registry files and keys that existed during the Connecting Points session. Copying the default registry files and keys after each session ensures any registry files or keys that are modified during a session are returned back to the default.
Note: While these custom programs used by the Tradeshow team are proprietary and not available to the public, you can create your own programs using the Novell Software Developers Kit. Says Gary, "If you know basically what our programs are doing and you are a little creative, you can probably come up with a better solution than what we have. Novell's developer kit is incredible. I am constantly amazed at what's in that kit. It's always updated and they have great sample code. Your readers will probably read the article and say, 'Gary should have done it this other way'. And I'm open to any suggestions!"
It's now time for some housecleaning....Shawn configures the client with the Connecting Points wallpaper and login screen. To change the wallpaper, he copies the ncp.bmp (the default login screen for Connecting Points client) and ncpwall.bmp (the default wallpaper for Connecting Points) to the c:\windows directory and then changes the default wallpaper in Windows to ncpwall.bmp.
As you may know, when Netscape is set up for the first time, it creates a directory called "default" underneath Program files\netscape\users\. Shawn renames the default directory to NCP, so it fits into the path he uses when running Cleanup.exe. He then creates a default Netscape user in the c:\programfiles\netscape\users\ncp directory. The name of this user is NCP. NCP is the only Netscape user for all Connecting Points sessions.
Shawn uses a Netscape program called Mission Control to lock preferences for Netscape. For example, suppose you don't want users changing the default home page that comes up when Netscape is launched. Mission Control allows you to lock this preference. Shawn sets all the Netscape settings he wants for the Connecting Points clients and then locks some of them. Not all settings are locked. For example, the mail settings are left unlocked so that users can customize their Netscape mail settings. The mail settings are stored in a file named netscape.cfg, which. Shawn creates using Mission Control. He makes a copy of the netscape.cfg file, names it netscape.reg and puts it in the program directory. When a user exits the Connecting Points client, the netscape.cfg file is deleted and the netscape.reg stored in the program directory is renamed netscape.cfg. Thus, the next user is prevented from seeing the previous user's mail settings.
To ensure the Netscape defaults are returned back to the original settings after each Connecting Points session, Shawn copies the cookies.txt, prefs.txt, bookmark.txt into the Program files\netscape\users\ncp directory and renames them with .reg extensions. At the end of each Connecting Points session, cleanup.exe deletes the .txt files and renames the .reg files to the .txt files.
It's now time to create a backdoor. Shawn installs backgate.exe into c:\apps\ncp directory. Backgate is a proprietary administrative program that replaces the Task Manager in Windows. Backgate provides password-protected access to the file system on each Connecting Points client and also launches the Windows control panel, regedit, etc. Because Connecting Points clients are configured so that the Windows status bar does not display, users may start applications by pressing ctrl/esc, which brings up the Task Manager. However, the Task Manager also gives users access to the file system, which the tradeshow team wants to protect. So, Shawn deletes taskman.exe and replaces it with backgate.exe. Users can still access the applications they want and Shawn limits the access to the file system. After Shawn installs Backgate, he copies backgate.exe into the Windows directory, renames taskman.exe to taskman.old, and renames backgate.exe to taskman.exe.
Wanting to have a self-contained system, Shawn uses his own program to log in tradeshow attendees. Thus, Connecting Points clients don't need the NetWare Client login. Shawn turns off the windows login and NetWare login so they don't show up by creating a binary key in the Windows registry in the [HKEY_LOCAL_MACHINE]\Software\ Microsoft\Windows\ CurrentVersion\Network folder called "Autologon" with a value of "0".
The master client is now configured...but don't relax yet. Shawn now conducts some testing to ensure the clients are functioning properly. He first runs frontgate.exe and checks the values very carefully, especially the User settings. There's no room for error now. He creates a default user in the Users container and places the user id and password in the appropriate fields in Frontgate. He does this to ensure everything is set up correctly.
Shawn replaces the Windows shell by editing the \windows\system.ini file and changing the shell=Explorer.exe line to shell=c:\apps\ncp\fence.exe.
After setting up the client, it's time to set up the NAL feature of ZENworks for Desktops to distribute applications. Shawn does this and then associates the applications with the user container. He creates two ZENworks user policy packages, one for attendees that restricts almost everything and the other for administrators that opens everything. The attendees policy package restricts certain system settings, like the reg editor, control panel, network properties. These are all options that are available by creating user polices in ZEN (NAL). The nice thing is that this provides some security, because once the system settings for attendees are all locked down through ZEN, they stay locked until an administrator goes in and unlocks it. An attendee can't unlock anything.
Shawn finally sets up the printers. The printers have already been created in NDS, they just need to be installed at each Connecting Points location. Shawn has to visit each location to set up the printers at that location.
The master client is now configured. Shawn uses Norton Ghost to create an image of the master client and to push that image out to the other Connecting Points clients.
When all the clients have been set up and configured it's time to test the system. As mentioned in Part Two of this series, Shawn creates a test user account using a mock user. He uses this test user account to ensure the user can login, access the applications, and use GroupWise. If everything is working right, Shawn adds more mock users and tests the network again. He continues this testing until he is satisfied that users can access the network. He then tests ZENworks to ensure he can push down any patches or software updates that might be needed. Supposing all the tests are passed, the team downloads the actual "pre-show import file" containing data for pre-registered attendees. The network is again tested.
If the testing is passed, Shawn then conducts "Lunch Time Testing sessions with Novell employees to once again prove the network (see Part Two of this series for more information). While all this testing does not guarantee Connecting Points will be problem-free, it does tend to catch any glitches before they become headaches.
When all the equipment gets to the show, the team gets everything setup. This includes stringing wire from the NOC, which is where the servers reside, to each of the Connecting Points client sites. They have fiber channel switches at the NOC and each of the client sites, with fiber optic cable strung in between the two points. Ethernet cable is then connected from the switches to each client. The clients are the last thing to get set up....the tradeshow team first gets the servers up, then they get the physical connections up, and then they get the clients up.
So, there you have it. A rather brief description of what the Novell Tradeshow team goes through for each tradeshow. But it is a labor of love. You can see it in their eyes. They love the challenge, and they really believe in their product. Says Shawn, "Our system smokes! Once our products are installed and set up, ZEN and NetWare are as easy to manage as anything Microsoft has, and even better because we have a single point of administration." Gary adds, "We're a networking company and it's tough to show off what we do. And the truth is, regardless of how easy it is for me to set up the backend and how easy it is for Shawn to administer the computer, users want to go to those machines and send e-mail and use the Internet. We give them that and that's impressive." So, the next time you attend Comdex, walk by the NOC and give the tradeshow team a thumbs up...and maybe one of those free stress squeezy balls you have in your shopping bag. I have a feeling they may need it!
Karen Grant is a technical writer with many years of experience documenting Novell products. She works for Write Tech, Inc, in Spanish Fork, Utah.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com