NetWare 6.0 Web Infrastructure Part 1: Installation
Novell Cool Solutions: Feature
By Joe Harmon
Digg This -
Posted: 16 May 2003
Joe Harmon is part of Novell's Web Services Support team. This material is adapted from some excellent training sessions he recently presented here at Novell. He graciously allowed us to share it with you in this series of articles.
- Basic Web Infrastructure products - These are usually individual products that perform a specific function.
- Novell Portal Services
- NetWare WebAccess
- NetWare Enterprise Web Server
- Extended Web Infrastructure - Basic Web Infrastructure services working together to provide a solution.
- File Access
- Application Access
- The information in this article will be geared towards understanding the complexity of Web Infrastructure on NetWare 6.0. In essence, we will see how to integrate Basic Web Infrastructure (Web products) into Extended Web Infrastructure (solutions).
- This presentation is formatted to address the needs of novice and advanced users.
Pre-requisites to installation
(Pre-requisite section was taken from http://www.novell.com/documentation/lg/nw6p/index.html)
- Minimum System Requirements
- A server-class PC with a Pentium* II or AMD* K7 processor
- 256 MB of RAM (512 MB if running NPS)
- A Super VGA display adapter
- A DOS partition of at least 200 MB and 200 MB available space
- 2 GB of available disk space outside the DOS partition for volume SYS:
- One network board
- A CD drive
- A USB, PS/2*, or serial mouse (recommended but not required)
- Recommended System Requirements
- A multiprocessor PC with a least two Pentium III 700 MHz or higher processors
- 512 MB of RAM
- A Super VGA or higher resolution display adapter
- A DOS partition with 1 GB of available space
- 4 GB of available disk space outside the DOS partition
- One or more network boards
- A bootable CD drive that supports the El Torito specification
- A USB, PS/2, or serial mouse
- Upgrade System Requirements
- The server to be upgraded must be running one of the following:
- NetWare 5.1 with Support Pack 2 or later
- NetWare 5 with Support Pack 6 or later
- NetWare 4.2 with Support Pack 8 or later
- NetWare 4.0 with Support Pack 8 or later
- A server-class PC with a Pentium II or AMD K7 processor
- 256 MB of RAM
- A Super VGA display adapter
- A DOS partition with 35 MB of available space
- 2 GB of available disk space on volume SYS:
- One network board
- A CD drive
- A USB, PS/2, or serial mouse (recommended but not required)
- Software and Other Requirements
- NetWare 6 Operating System CD
- NetWare 6 License/Cryptography diskette
- Supervisor right at the [Root] of the eDirectoryTM tree
- Supervisor right to the container where the server will be installed
- Read right to the Security container object for the eDirectory tree
- DOS and CD drivers (required if the computer does not boot from CD) You can make a bootable floppy diskette using the MKFLOPPY.BAT program located in the INSTALL directory of the NetWare 6 Operating System CD.
- Client connection utilities (optional, for installing from a network):
- Novell? ClientTM for DOS and Windows* 3.1x (optional, for installing from a NetWare server running IPXTM).
- IP Server Connection Utility (optional, for installing from a NetWare server running IP only). For instructions, see PRODUCTS\SERVERINST\IPCONN.TXT on the Novell Client CD.
- IP address and domain names (required for connecting to the Internet):
- An IP address
- An IP address of a domain name server
- The name of your domain
- Network board and storage device properties, such as the interrupt and port address (required if not included in NetWare)
- Prepare the Network
- Run NetWare Deployment Manager (NWDEPLOY.EXE), located on the NetWare 6 Operating System CD.
- Complete all relevant tasks in the Prepare the Network section.
NetWare 6 Installation Considerations
- Is SSL up and running on my server, and is my Certificate Authority functioning properly?
- Have I considered the replica ring in which server (containing eDirectory) is going to reside? There are issues that will be discussed throughout the manual on this subject.
- Am I inserting this into an existing tree, performing an upgrade, or a migration? If so, have I properly prepared my server for the installation?
- Have I decided what services I want to run on this server and taken into consideration any performance or service conflicting issues?
- Am I going to use a single IP address or a multiple IP addresses?
- What ports are going to be used for which service?
- Who are these services going to be made available to?
- Where are these services going to made available? (intranet, extranet, or both)
Installation of NetWare 6 Products
(1) Choose ACCEPT LICENSE AGREEMENT and hit [ENTER] to continue.
(2) In this instance we want to create everything fresh with this NetWare 6 installation. Therefore, choose the option to CREATE A NEW BOOT PARTITION and hit [ENTER] to continue.
(3) The size of the boot partition can be modified if desired. I have heard it suggested that you have twice the disk space as you do RAM on your server. However, I have found that if you need to take a core dump of your server your disk space can be as little as half the amount of RAM on your system so long as you take the core dump without file cache. Select CONTINUE and hit [ENTER] to move on.
(4) Choose CONTINUE and hit [ENTER].
(5) After the new boot partition has been created, press any key to reboot the server.
(6) Now we are ready to start the installation. Hit [F10] to accept the license agreement.
(7) We want to modify this screen. EXPRESS is the type of install that comes up by default. We want to change this option to CUSTOM so we can select the basic web services to be installed. We will leave the other option at NEW SERVER. Choose CONTINUE and hit [ENTER].
** NOTE ** If choosing the option of UPGRADE or PRE-MIGRATION, you will need to take other factors into consideration. For example, who is the Certificate Authority (CA) of the Tree and is the CA functional? Does SSL currently work on this server? NetWare 5.1 had very few products that relied on SSL, so you may or may not know whether it is working properly. Even if this is a fresh install, if this is not the first server in the tree then you will want to verify that the CA is functional. NetWare 6 Web Infrastructure relies heavily on SSL, so if it is not functional, neither will be most of your Web Infrastructure after the install. Some other considerations should be content and whether or not the IP address will change. These can all have dramatic effects on the server installation and the functionality of the services after the installation.
(8) Accept the defaults, select CONTINUE, and hit [ENTER].
(9) Although it is not going to be covered in this training, it is important to note that if a language other than English is used, other products (such as NPS) will have a separate language configuration. For our purposes select CONTINUE and hit [ENTER].
(10) Accept the defaults, select CONTINUE, and hit [ENTER].
(11) Accept the defaults and hit [ENTER] to continue.
(12) Select the proper Network board and hit [ENTER] to continue.
(13) Create the desired size of the SYS volume and then hit [ENTER] to continue.
(14) Now enter in the name that you want for your server. The name of the server can either match the host name that you will be using or it can be different. For example, let's say that our server and host name are WEB and our domain is NOVELL.COM -- then our full DNS name would be WEB.NOVELL.COM and our server name would be WEB. The only advantage to this is that it makes it easier to remember which full DNS name belongs to which server. It is not required and will not be done with this install, but is mentioned as a common practice.
(15) Insert the license and select [NEXT] to continue.
** NOTE ** The only real considerations with licenses is to know that if your licenses are limited and you go over that limit then web services that require a licensed connection can fail. Or if you are installing a demo license that will expire, and it does expire, then web services will fail to load.
(16) There are several services that can grow in size which may fill up your SYS volume. You may want to create another volume that will allow for this growth. Some of these services may include iFolder (file storage and log files), Apache (web site and log files), NES (web site and log files), NetStorage (file storage), etc. If you desire to create another volume, select the FREE SPACE section and select CREATE. Once the volume has been created, select [NEXT] to continue.
(17) I want you to pay close attention to the IP address that I am binding to my NIC. This will have significant impact later on during the install. Just remember that it ends with a 77.
(18) Remember in step 13 that we discussed the option of having the server name and the host name the same. Well to show the point that they don't have to be the same (and because my IP address is already registered with a DNS name that doesn't match the server), my server name will be NW6_TRAINING, my host name will be JHARMON-TEST4, my domain will be PROVO.NOVELL.COM, and my full DNS name will be JHARMON-TEST4.PROVO.NOVELL.COM.
** STOP! ** If you are putting in a non-registered DNS name or non-existent DNS servers, then you may adversely affect any service that is configured with that DNS information. In other words, if your DNS does not resolve and your configuration files are configured with a non-resolvable DNS information, then your web services WILL NOT WORK without significant modifications. So now you might ask, what if I am in a test environment and do not have DNS setup? Is there a way to configure the services to only listen on the IP address? The answer to this is YES, but you will need to understand that if this is moved to production some reconfiguration will be needed for services that require reverse proxy. If DNS is not available then you can skip past this screen with the understanding that you may affect services that require DNS resolution.
(19) The most important thing to note here is that NetStorage can be adversely affected if time is not setup properly. I had a server that was two hours behind on its time and a workstation that was unable to access NetStorage via IE (but could through Netscape) because the time on the server was behind the time on the workstation. This was the only time that I ever saw this issue, but I did want to mention it for reference sake.
(20) For this training we will select the option to create a NEW NDS TREE. Be aware that if you are installing NetWare 6 into an existing tree, certain things will need to be prepared before that happens. We already spoke about the issues with SSL, but there are also issues with SCHEMA. It is not the design of this training to go into these issues separately but rather to make you aware of potential downfalls during the install.
** IMPORTANT ** Products that require eDirectory on NetWare 6 can have a problem installing schema if a version of DS 7.x or lower is contacted during the extension of the schema. The reason this could be a problem is that some NetWare 6.0 products have AUX classes. These classes are not understood by versions of DS 7.x or lower. The best solution for this situation is to have eDirectory in its own partition or in the same replica ring as other eDirectory servers. If you have to have a mixed replica ring then be sure that the master replica is held by eDirectory. OnDemand and Novell Portal Services are two products that have seen this problem.
** NOTE ** DS versions 8.73 and 8.77 that can be installed with NetWare 5.1 are NOT eDirectory. This is a common misconception. eDirectory versions are 85.12a, 86.2, etc.
(21) Now we will need to put in the name of the tree and the top O as well as the admin's password.
** IMPORTANT ** There are certain services that require access to the root of the tree. Two of these services are iManager and NetWare WebAccess. If you are installing as a container admin and do not have rights to the root of the tree, then the installation of these products can fail.
(22) This next screen is just verifying your information. Select [NEXT] to continue.
(23) Select the license and click [NEXT] to continue.
** NOTE ** In step 15 we discussed the issue with installing without a license. Please refer to that step if you have any questions about the INSTALL WITHOUT LICENSES option that is located at the bottom of this screen.
(24) Here we are just asking where you want to install the license. For this training, accept the default and click [NEXT] to continue.
** NOTE ** If your licenses are limited, be aware that ROLE BASED SERVICES (used for iManager) require a licensed connection. The licenses need to be placed properly in order for you to access iManager.
(25) The only services which are selected but can't be seen are iPrint and the NetWare Enterprise Web Server (NES). I want to stress selecting these products because of the impact they can have on Web Infrastructure. Novell Advance Audit Services was left selected by mistake in this screen shot. Although it will have no affect on the products being installed, you don't need to select it for this training. Be sure the following products are selected then click [NEXT] to continue.
- NetWare Enterprise Server
- NetWare FTP Server
- NetWare Web Search
- NetWare WebAccess
- Novell iFolder Storage Services
- Novell NetStorage
** IMPORTANT ** There are a couple of services that do not show up during the original install, but they will be installed. One is Novell Certificate Server (for SSL), and the other is Web Manager (installs Tomcat and Apache).
(26) Single IP Address VS. Multiple IP Address.
** NOTE ** NetWare 6 has the ability to use Multiple IP Addresses or a Single IP Address to load handle its web servers. The reason for this is simple. Both Apache and the Enterprise Server use the same ports (80 and 443). This brings us to the reason for the choice between using a single IP address or multiple IP addresses.
If you have a single IP address you will need to assign ports other than 80 and 443 to one of the services (if both are being installed). The issue here is that port 80 represents HTTP and port 443 represents HTTPS. So long as you are specifying HTTP or HTTPS there is no need to place the port number at the end of the URL. The ports are assumed. If you specify the single IP address option you will need to specify the port at the end of the URL. Example: http://192.168.0.1:1000. If you specify the multiple IP address option, you can assign port 80 and 443 to another IP address, thus eliminating the need to place the port at the end of the URL.
**IMPORTANT** You can allow the same IP address to listen on multiple ports. You can allow the same port to listen on multiple IP addresses. You CANNOT allow the same IP address to listen on the same port multiple times.
Since there are several services within NetWare 6 that want to use the same ports, you are given the option to have one IP address with multiple ports or multiple IP addresses with the same ports. The following services on NetWare 6 try to use port 80 or 443.
- NetWare Enterprise Server
** IMPORTANT ** If you choose the option for SINGLE IP ADDRESS, you will need to decide which ports you want to use. Keep in mind that the ports may already be taken by another product. For a list of common ports, see NetWare 6 Port Assignments. By default, if the NetWare Enterprise Web Server is installed, it will take over port 80 and 443. If desired you can change this over to the Apache-based Services. However, one thing to keep in mind is that you will have to configure Apache through a configuration file vs. the Enterprise Server being configured through a GUI interface.
** IMPORTANT ** Whichever service owns port 80 and 443 will also receive the NetWare 6 home page. If assigned to the Enterprise Server, the NetWare 6 home page will be copied out to the SYS:/NOVONYX/SUITESPOT/DOCS directory. If assigned to Apache-based Services then the NetWare 6 home page will be copied out to the SYS:/APACHE/NWDOCS directory. If you desire to keep the NetWare 6 home page and host your own home page on port 80 and 443, then it is suggested that you choose the multiple IP address option. You can still choose the single IP address option and host both the NetWare 6 page and your own home page, but it will require additional configuration after the installation.
** IMPORTANT ** Be sure that you engrave this next point into your mind. There is a section for the IP address, DNS name, and ports to be used for each service. During the install the section for DNS name is used to configure most of the web services configuration files. This is why the services will fail if the DNS name does not resolve. I spoke about this in step 18. If you are running a test box and do not want to worry about DNS resolution, then you can place the IP address in the host field as well as in the IP field. This will then configure your files with the IP address and not the DNS name. The only time where you will run into a problem is if you need to setup reverse proxy for outside access. Reverse proxy will need information within certain products to be the DNS name and not the IP address. But for testing purposes this should be fine.
(26a) Single IP address option
** NOTE ** In this instance port 80 and 443 are defaulting to the Enterprise Server. If left this way the NetWare 6 home page will be given to the Enterprise Server. If this is an upgrade then your INDEX.HTML file will be renamed. If you had an existing Enterprise Server installed, it is suggested that you give port 80 and 443 to Apache-based Services. That way Apache will be hosting the NetWare 6 home page. The last thing I want you to note here is the secure port for iPrint. IPrint will take 443 for its secure port. This is required by the RFC. If you load a Web Service and iPrint on the same box you will need to change port 443 for the web service. iPrint is grayed out and does not allow you to change the port.
(26b) Multiple IP address option
** REMEMBER ** Back in step 17 you were asked to remember what IP address was being given to the server. I gave the server 220.127.116.11 for its IP address. By default the main IP address will be given to the first one on the list. If the Enterprise Server is installed it will default to that service. In this instance I will change that to the Apache-based Services. This is not necessary, but will cause a lot less confusion. Remember that if you already have the Enterprise Server installed and this is an upgrade, the NetWare 6 home page (which is an INDEX.HTML) will rename any existing INDEX.HTML that exists. This is another reason to give the main IP address to Apache. See a more detailed explanation below.
If you choose the multiple IP address option, there are a few things you should note to avoid confusion. The main IP address that you give to the server will be picked up by the NetWare Enterprise Web Server by default. The main IP address will also host the NetWare 6 home page.
Option 1 - If the main server IP address is given to the NETWARE ENTERPRISE WEB SERVER, the following will occur:
(1) The NetWare 6 home page will be run by the NetWare Enterprise Web Server under the SYS:/NOVONYX/SUITESPOT/DOCS directory.
(2) Apache Services will be available on the secondary IP address. However, the Web Manager (which runs through Apache) will be listening on the main IP address (the same one the Enterprise Server is using) on port 2200.
(3) Apache will be available to run your home page under the SYS:/APACHE/NWDOCS directory since it is not using the NetWare 6 home page. However, if you plan on using the NetWare Enterprise Server to host your pages you will lose the NetWare 6.0 home page.
Option 2 - If the main server IP address is given to APACHE-BASED SERVICES, the following will occur:
(1) The NetWare 6 home page will be run by Apache Services under the SYS:/APACHE/NWDOCS directory.
(2) Apache Services will be available on the main IP address along with the Web Manager running on port 2200 on that IP address.
(3) Apache will not be able to run your home page by default because it will be hosting the NetWare 6 page. The Enterprise Server will be available to host your home page at this point under the SYS:/NOVONYX/SUITESPOT/DOCS directory.
Therefore, if you want Apache to host your pages on port 80 and 443, give the Enterprise Server the main server IP address so that Apache will be open on port 80 and 443 (Option 1). If you want the Enterprise Server to host your pages on port 80 and 443, give Apache-Based Services the main Server IP address (Option 2).
(27) This next screen just shows the components that will be installed. Click [NEXT] to continue.
(28) In this situation you will notice that we are creating a CA. The reason for this is because this is the first server into the tree. If the CA is properly installed then you won't have many of the issues that can occur with SSL. If the CA portion of the screen is grayed out then you already have a CA. If you already have one then make sure that it is functioning properly before you continue. For our training installation, this will be the only server in the tree so the CA should be fine.
(29) This section has caused much confusion. The warning on this screen explains that if you select this option it will create a security risk. Well, that is true to a point and we will discuss this in much more detail under the deployment section, but let's quickly discuss the advantages, disadvantages, and when we should and should not deploy this option. To do this we will look at an example of a product that uses LDAP for its communication.
Novell Portal Services (NPS) uses LDAP for communication between the Portal Server and the LDAP server. Therefore, depending on your deployment, your LDAP and Portal Server may or may not be on the same box. Remember we are talking about the communication between the LDAP server and the Portal Server. If they are on the same server then there is no reason for encryption. The communication all occurs on the same server. Remember the reason that we have encryption in the first place is to mask the communication so that if it is intercepted it can't be read. However, since encryption is a process of converting or hashing the information being sent, and then undoing that process, you take a performance hit. So the advantage to SSL is the encryption of information and the disadvantage is slower performance than clear text (non-SSL). The advantage to clear text is better performance and the disadvantage is that it is not encrypted.
However, there is a place for both. The green box in the above illustration represents the same server. If LDAP and Portal are on the same server then there is no reason to encrypt the data. Why? Well who is going to be able to pick up that information? The server is not taking over the network, it is talking to itself. If LDAP is on a different server then you may want to implement SSL.
(30) First thing to note is that this in NOT GroupWise WebAccess. NetWare WebAccess was built off of Novell Portal Services. It ships with a few basic gadgets that provide services such as file access, e-mail, printing, address book, etc. To create the objects needed to configure and run this service, we will need to decide where the WebAccess container will reside. You cannot change the name of the container. It will remain WebAccess.
(31) When you choose the option of multiple IP address vs. single IP address, make sure you know which service (Apache or Enterprise) will be running the NetWare 6 home page. NetWare WebAccess will reference several files that are contained within that same location. If the default configuration is kept and the NetWare 6 home page information is hosted by NES, NetWare WebAccess will require configuration after the installation is complete. The reason for this is that the NetWare WebAccess configuration will point to Apache by default.
(32) A very common issue is related to the screen shown above. What this is basically saying is that there are some template files that are required in order for NetWare WebAccess to be able to pull in the information from GroupWise WebAccess. If the files are not copied out to the proper location, or if they are not copied at all, then the users will receive the error that webaccess is unreachable.
(33) iFolder Server Options (33a) Let's start with the User Data location in this screen. This is where the files are going to be stored for each user's iFolder account. If you leave this on the SYS volume, you have the potential of filling up your SYS volume.
(33b) If you decide to have more than one admin for administering iFolder you will need to add them under the ADMIN NAMES section. They must be separated by a semi-colon with no space. If you do not separate them by a semi-colon then it will read the admin, not know where how to read them as separate names, and you will not be able to login to iFolder administration application.
(33c) The NETWORK DOMAIN section is asking for a DOMAIN. Not a DNS name or a host name. Remember this formula:
HOST NAME + DOMAIN = DNS NAME
If a DNS name was NET.PROVO.NOVELL.COM, the host would be NET and the domain would be PROVO.NOVELL.COM. This should pick up the domain from the domain that was setup during the DNS resolution screen that was seen in step 18.
(33d) The ADMINISTRATORS E-MAIL ADDRESS is simply for Apache's error screens. If an error occurs it will tell you to contact your administrator at the e-mail address that is listed in this box.
** IMPORTANT ** iFolder is NOT running on the default instance of Apache that is installed with the server. iFolder will be running its own instance of Apache on the server in protected memory.
(34) If I can stress anything here it would be rights. In order for you to create this object and to properly assign roles you will need to be installing the server with rights to the root of the tree.
(35) NetStorage is a new type of configuration. Most of its configuration is done in the registry. In order to be able to edit that information after that installation is complete you will need to put on SP1.
** IMPORTANT ** Remember, if you have configured your server with a non-registered DNS name then it will affect the performance of some products. NetStorage is one of those products. If NetStorage is configured with a non-registered domain name then it will not function.
(36) This screen is just giving you one last chance to back up and change anything if needed. Click [NEXT] to continue.
(37) After the installation has completed, be sure that you remove any diskette and CD from the server and then click YES to restart the server.
** NOTE ** The consideration that will need to take place here is covered in the deployment section. I am covering this here in an effort to show what will happen if it is not considered at this point and time.
Post-Installation of NetWare 6 products
- How to install Novell Portal Services 1.5 on NetWare 6 with Tomcat and Apache.
**NOTE** Unlike Novell Portal Services (NPS) 1.01, NPS 1.5 can be installed from the NetWare 6 GUI. It can also be installed from a workstation on the network if desired. However, you will need JVM 1.3 or higher to install this product. Since NetWare 6.0 has JVM 1.3 by default, we will perform this installation from the NetWare 6 server. To do this, either place the NPS 1.5 CD in the CDROM and then type CDROM at the server console, or copy the CD over to a volume on the server and run it from there. Then from the server console prompt, type in the following command:
JAVA -JAR VOL:/PATH/NPS_SETUP.JAR
This will launch the GUI and will start the installation. If the GUI does not start after a few moments you will need to check the path that you are typing in.
(1) The initial screen that you will are presented is the Novell Portal Services (NPS) welcome screen. Just click next to continue.
(2) The next screen is the license agreement screen. After reading the agreement, if you agree with the license, click next to continue.
(3) Here we will enter the destination of the web server. The web server can be either on the same server or running on a different server. Either the IP address or the domain name (DNS name) can be used. However, if you use the domain name, DNS resolution will need to have been previously setup for the web server's IP address.
(4) Next we will choose the operating system, web server, and web application server. For this installation, we will choose NetWare 6.0, Apache, and Tomcat. Novell Portal Services 1.5 is not supported on NetWare 5.1 or lower.
(5) The first section within this dialog box is the "Protocol Inter-Server Communication" section. This section is for encryption between the portal server and services running on other servers. This is not to be confused with encryption between the web server and a user's browser. This is a service that would be provided with the web server, iChain, or similar service. The next section is for pointing to the directory structure within the web application server that will hold the NPS web application. Click NEXT to continue.
(6) In this dialog box you are asked whether or not you wish to upgrade NetWare WebAccess. If you choose to upgrade, NetWare WebAccess will no longer be accessed from the /webaccess URI. It will be accessed from the /nps URI. [If you are going to upgrade, you will need to look at the following document.] In this example we are going to choose NO to the upgrade. This will allow us to have Novell Portal Services running side by side with NetWare WebAccess. This means that NetWare WebAccess will be accessed from the /webaccess URI, and Novell Portal Services will be accessed from the /nps URI.
** NOTE ** You will only get this message if an NPS directory exists under SYS:\WEBAPPS from a previous installation of Novell Portal Services. If you choose YES, the NPS directory will be overwritten. This message is not an upgrade option. This message is telling you that it will overwrite the directory. If you do not want to overwrite the directory , choose NO. In this example we will choose YES. Again, you will only receive this dialog box if you already had the NPS directory installed. If you do not get this dialog box, don't worry. You are not missing a step here.
(8) Now you are prompted to setup the LDAP server. You will need a user with administration rights before proceeding. The DIRECTORY SERVER AND PORT section is where you input the IP address or Domain Name for the LDAP server. If you are going to use the Domain Name, you will first need to have DNS resolution setup. In this example we will use the IP address. To the right of this section are the SSL (encryption) options. The first one is if you are installing Novell Portal Services over a remote connection and you want to encrypt the install. The second is used if your LDAP server is not on the same server as your portal server and you want the information between the portal server and the LDAP server to be encrypted. Turning this option on will affect performance. The next two sections are for the administrator's user name and password. This section requires the fully distinguished, type-full name in LDAP format (using commas).
**NOTE** This error will occur if there is an issue resolving the administrator's user name and password. This can be caused for several reasons. One, you have chosen not to install over SSL and you do not have ALLOW CLEAR TEXT PASSWORDS checked in the LDAP Group object. Two, you are not using eDirectory. (eDirectory is installed on NetWare 6 by default). Three, your LDAP server is not running. Four, you are using NDS format instead of LDAP format (periods instead of commas). If you do not get this error, don't worry. This error will only occur if NPS is unable to resolve the administrator's name. [For more troubleshooting refer to the following document.]
(9) Now we need to create the Portal Configuration Object (PCO). To make administration simple, it is suggested that you create an Organizational Unit to place all of your Portal objects in. This is not necessary to run Novell Portal Services, but will be done in this example. Using ConsoleOne, an NPS directory was created under the main Organization. Here we will place the PCO, gadgets, public user, etc. Again, this needs to be in LDAP format, fully distinguished, and type-full. In this example we will name the object 'Portal'.
(10) Now we need to create a public user that will be used to hold the authentication gadget, which allows us to login to Novell Portal Services. Again, we will place this object under the NPS directory and the public user will need to be specified in LDAP format, using the fully distinguished, and type-full name.
**NOTE** You do not need to worry about creating the public user before installing Novell Portal Services. If the user has not been created, you will receive the dialog bog asking if you want to create the user. Click YES to continue.
(11) This is where you specify the containers that you would like to use context-less login. If you have multiple O's at the same level, you can hold down your CTRL key and select more than one O. Rights flow down from there.
(12) You have the option to change the name and location of the gadgets being installed. For this example we will leave everything at their defaults and click NEXT to continue.
(13) By default the community's OU will be created under the O or OU that you have specified to hold portals gadgets. If you want community support, make sure that the ENABLE SUPPORT FOR COMMUNITIES box is checked. Again, you can change the name and location of the gadgets that will be installed if desired. For this installation we will accept the defaults and click NEXT to continue.
**NOTE** This dialog box will appear if you chose the option to install the communities OU. Click YES to create the OU and continue with the installation.
(14) If you have any other *.NPG files that the installation can pick up, you will have the option to install them here. Click NEXT to continue.
(15) Here is the list of which components will be installed and where, along with the amount of hard-drive space NPS will consume. Click NEXT to continue.
**NOTE** Installation time will vary depending on the system you are installing Novell Portal Services from.
(16) The last screen is just a summary of what was installed. Click FINISH.
(17) Now we need to test the installation of Novell Portal Services. To do this we will go to the following URL:
http://DomainName/nps -OR- http://IPaddress/nps
(18) Increasing the amount of RAM that Tomcat can use.
Once Portal Services is installed we will need to adjust the amount of Memory that is allocated to Tomcat. The reason for this is that applications such as NPS and eGuide are more memory-intensive web applications and will require a higher memory setting. If this adjustment is not done the users may receive a java.lang.outofmemory error.
(A) Open your TOMCAT33.NCF file found in the SYS:/TOMCAT/33/BIN directory. Here we will need to add two parameters to the file. One for the minimum heap size and one for the max heap size. The parameters are as follows:
(B) Now we will insert these parameters into the TOMCAT33.NCF file. At the bottom of the file you will find the following line:
java -envCWD=$TOMCAT_HOME -classpath $TOMCAT_CLASSPATH -Dtomcat.home=SYS:\tomcat\33 org.apache.tomcat.startup.Main -f sys:/tomcat/33/conf/nwserver.xml %1
(C) We will add the heap size parameters to this line, right after the "java" directive. The new line will look as follows.
java -Xms128m -Xmx256m -envCWD=$TOMCAT_HOME -classpath $TOMCAT_CLASSPATH -Dtomcat.home=SYS:\tomcat\33 org.apache.tomcat.startup.Main -f sys:/tomcat/33/conf/nwserver.xml %1
** IMPORTANT ** Each java process is allocated 512 meg of user space within the RAM that it can use. Some of that is used for java threads, socket communication, etc. So what is really available is not much more than 400 meg which can be allocated to a java process. This information can be seen at the server by typing in the command JAVA -SHOW and then finding out what the ID is for the Tomcat java process. Then at the server console you can type JAVA -SHOWMEMORY# with the # representing the Tomcat process ID. Then switch over to the logger screen and you should see how much memory is being allocated within the Tomcat process. An example is shown below:
Memory Statistics For Class: org.apache.tomcat.startup.Main
Reserved Heap: 68161536
Committed Heap: 11124732
Reserved Virtual Memory Pool: 67108864
Committed Virtual Memory Pool: 11272192
NLM Data Memory: 225280
Per Thread Data And OS Stacks: 3403776
Virtual Memory Pool Overflow: 0
JVM Tracking Memory: 23381
Socket Communication Memory: 101616
Total Committed Virtual Memory: 22622204
Total Physical Memory: 3528773
Total Committed JVM Memory: 26150977
** NOTE ** The main statistics to look at here are the reserved heap and the committed heap. The reserved heap represents our -Xmx switch. This is the maximum memory that is allocated to the individual java process. What we show here by default is 68161536 which equates to 65 meg. The committed heap represents the -Xms switch. This is the minimum amount of memory that will be committed to the individual java process. In this instance we have 11124732 which equated to 8 meg of committed memory.
(D) To verify that our switches have changed our committed and reserved heap sizes, we will need to take down java and then restart tomcat. See example below:
** IMPORTANT ** If the console comes back with MODULE JAVA.NLM UNLOADED, then you can startup tomcat by typing in TOMCAT33 at the console prompts. If it comes back that it is still cleaning up resources in the background, and you have a console prompt, then you can type in JAVA -EXIT again to force java down.
(E) Once tomcat is started again, you can check the memory again and it should now show up.
Memory Statistics For Class: org.apache.tomcat.startup.Main
Reserved Heap: 272633856
Committed Heap: 136314876
** TROUBLESHOOTING ** If you do not show the new memory size, one of the following probably happened.
(A) You reloaded Tomcat before JAVA was completely unloaded.
(B) You specified a maximum heap (-Xmx) that was too large. The most that this can be is around -Xmx386m without addition configuration. (C) Your -Xms parameter is larger than your -Xmx parameter.
On NetWare 6 we have the option of loading the AUTOEXEC.BAT file with a -u switch to increase the amount of memory that can be used by the JVM. This switch can be used in conjunction with java heap parameters to dedicate more memory to memory-intensive Web Applications. Examples of memory-intensive web applications on NetWare 6 are Novell Portal Services 1.5 and eGuide 2.0
There are a few things that should be noted before using the -u parameter. The -u parameter allows you to specify a higher amount of memory than exists on your server. This could create problems if you are trying to specify memory that you don't have. So what should be done to avoid this? Well, don't exceed the amount of RAM that you have on your server with the -u parameter. In fact it would be well advised for you to not go above three-quarters of the amount of RAM that you have. Remember that the JVM is not the only application on the server that will be using the RAM. Take care to leave some RAM available for other processes.
(F) Edit the AUTOEXEC.BAT file found at the root of the C:\ drive. It should look similar to the example below:
(G) After editing the file to add the -u switch, it should look similar to the example below, with the exception that the number value may be different depending on the desired amount of RAM needed for the JAVA process.
** NOTE ** In this example we are specifying 1 GIG of RAM to be used. The parameter is measured in bytes. This will get past the limit specified in step (4). You should now be able to increase your heap size above 400 MEG.
- eGuide Installation
(1) To install eGuide on NetWare 6 we must use the class path (-cp) java command. At the server console prompt type the following:
JAVA -CP VOL:/INSTALL/NETWARE/INSTALL.ZIP INSTALL
This will launch the GUI installation.
** NOTE ** eGuide 2.0 MUST be installed from the server. It cannot be installed via remote console.
(2) Once the GUI has launched you will receive the Welcome screen. Just click [NEXT] to continue.
(3) Here we are explaining that NetWare 6 shipped with Apache and Tomcat pre-installed. Just click [NEXT] to continue.
(4) The next screen is the license agreement. Choose the Accept radio button and then click [NEXT] to continue.
(5) The next screen should pull up the SYS:\WEBAPPS directory structure by default. This directory is where Novell Web Apps (running on Tomcat) reside. Click [NEXT] to continue.
(6) This is your last chance to go back and change anything. (Although nothing should need to be changed.) Click [INSTALL] to continue.
(7) The last screen is just an installation complete screen. Click [DONE].
(8) eGuide can be a memory-intensive application. We would normally adjust the amount of RAM that is associated to Tomcat, but that was already done with Novell Portal Services.
(9) To have the installation take effect, type the following at the server console:
- Part 1: Installation
- Part 2: Deployment
- Part 3: Increasing the Amount of RAM that Tomcat Can Use
- Part 4: NetWare WebAccess Configuration
- Part 5: iFolder Administration
- Part 6: Apache
- Part 7: Apache Web Server Installation and Deployment Considerations
- Part 8: Tomcat
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com