NetWare 6.5 Web Components Part 1: Fresh Install
Novell Cool Solutions: Feature
By Joe Harmon
Digg This -
Posted: 6 Aug 2003
This is the first installment of the long-awaited sequel to Joe Harmon's training series on NetWare 6.0 Web Infrastructure. That series was so popular with readers, Joe agreed to create a new series to help you get acquainted with the brand-new NetWare 6.5. Joe Harmon is part of Novell's Web Services Support team, so this is kind of an experimental approach to "proactive" support that is offered before you encounter a problem. We'd like to keep Joe's managers happy so they keep letting him work on these, so please take a minute to fill out this survey when you're done reading this installment.
Here at Novell we are trying to cater to the needs of the customer and their Nterprise. We know that you are under constant pressure to Nsure the security of your network to all of your internal and external customers. We know that budgets are getting tighter than ever. We know that the "rip and replace" scenario is not the solution that any company is looking for. So in order to meet your needs, Novell has created the OneNet vision. In this vision, four major developments have come into the industry which allow you to:
- Properly construct your Nterprise by adding Novell solutions where they are needed, as well as enhancing and condensing existing services to help reduce the TCO (Total Cost of Ownership).
- Nsure that you can provide the maximum services in the securest environment through Secure Identity Management on eDirectory backbone allowing you to control, modify, create, link, condense, your users, objects, devices, information, services, and much much more?
- Provide the ability to exteNd your Nterprise over the ever growing network of the World Wide Web, introducing the latest technologies to get the most out of your services and information.
- Last but not least, allow you to Ngage some of the best minds at Novell through Novell Consulting and Novell Support. Thus receiving the best practices and specialized help needed for your situation.
Purpose of this book (note by the author)
Over the years I have seen the need to create documents that provide a combination of deployment guides, quick starts, TID's (Technical Information Documents), documentation and troubleshooting information. This need has evolved into creating this document. The purpose of this document is to help you understand, install, and configure the most common Web components with NetWare 6.5. My hope and desire is that you will better understand what Novell has to offer, and to give you the tools and information necessary to make your life a little easier during this process. This document is not going to be a description of how every feature works within a product. If this is what you are looking for then you will need to go to www.novell.com/documentation.
Table of Contents
- Building your Nterprise - Cross-platform services and management
Some of the first questions that we should ask ourselves are as follows:
- What are the different paths to getting to NetWare 6.5?
- Fresh Install
- Fresh Install - When would I choose a fresh install and why?
- How much data needs to be migrated? - In some instances a customer may only have a few Web pages on an old Web server that can just be copied over once the new server is built. It is my considered opinion that if there is not a large amount of data (in the form of files, directories, etc, not data from eDirectory) then why should you do an upgrade or migration.
- Who is going to need access to this service?
- Group of users
- Active Directory Users
- Sun One Users
- Where are they going to need access to this service?
- Internal Only
- External Only
- Both internal and external
- When are they going to need access to this service?
- Restricted by day and/or time
- 24 x 7
- How are they going to access this service?
- Fat Client
- No Client
- Do I have a Web page or some other existing Web content?
Let's break these down even further:
- This first screen presents you with the option of INSTALLING A NEW SERVER or CREATE A NEW FLOPPY. If you choose to create a boot floppy then your server will not start without that boot floppy. In this deployment I want my server to startup automatically, so I will choose the option to INSTALL A NEW SERVER.
- This next option is for determining whether you have IDE CDROM drivers, or SCSI CDROM drivers. If you are not sure what you have, choose option 'A' to auto search for the drivers. Otherwise choose option 'I' or 'S'.
- Depending on which option you chose in the previous step, your next option will be asking you which driver you want to load for your CDROM. You will only receive this option if you choose option 'I' or 'S'. If you followed my example and choose A then you will not receive the option to choose the driver.
- Again we will select the 'A' option. If you desire one of the other options to restore a floppy then feel free to choose another option, however it will not be covered in this manual.
- Next we will determine whether or not we want to perform an upgrade from a powered down server. If you choose Auto here then you will be performing a fresh installation of NetWare. If you choose Manual here then we will be able to perform an upgrade option. If this is the option that you are choosing then STOP HERE. There are new procedures for an upgrade process. These options are discussed in the upgrade section, not the installation section. Again, we are assuming that you are performing a fresh install and will be choosing option 'A'.
- Here we shall select the language in which to install the server. Hit ENTER to continue.
- Now select the COUNTRY, CODE PAGE, and KEYBOARD. If you selected to install in English and are in the US, then the defaults should suffice. If not then select the proper setting before continuing.
- The screen below is the NetWare 6.5 software license agreement. After reading the license agreement press F10 to accept it and continue.
- Now you are presented with JREPORT license agreement. Again, after reading the license agreement, press F10 to accept it and continue.
- Now we have the option for a Default or Manual installation.
- If a DEFAULT installation is chosen then you will receive the default size and location for the DOS partition and an auto detect will be performed for the drivers. Basically you will go through the file copy status and then move on to GUI portion of the install.
- If a MANUAL installation is chosen, then you will have the option to select or modify the volumes, drivers, etc.
- We will choose the Manual install just so that we can describe the options you will run into during a manual install. It doesn't matter whether or not you choose a default install, but if you do choose a default install, then you will skip past some of the screen option that we are about to cover during the installation.
- Here you are prompted to create a boot partition if one has not already been created. If you have already installed a previous version of NetWare (or other OS) then you will see that partition in this list. For a fresh install it is suggested that you highlight those partitions and then hit the delete key if that space is going to be used for the NetWare 6.5 Operating System. Once you have the desired free space you can create a boot partition by hitting the ENTER key.
- To create a boot partition select the MODIFY option and then hit ENTER. You will then be prompted as to how much hard drive space your DOS partition should have. The default is 500 Meg. The only consideration that should be taken is with regards to the amount of RAM that your server has. If you ever need to take a core dump (memory dump) and want to be able to place this on your DOS partition then you should at least specified more hard drive space that you have in RAM. ** NOTE ** In reality, when taking a core dump you have the option of not adding the file cache and compressing the core dump. If these options are chosen, then you can easily get by with hard drive space which equals half the amount of your RAM.
- Here you can change the ability to load the server at reboot, add or change set parameters if needed, and change the video option if needed. If the defaults suffice, then select CONTINUE.
- This screen shows NetWare laying down the DOS partition and startup files.
- If other device types are needed, such as Platform Support Modules, HotPlug Support Modules, or other Storage Adapters they can be selected here. For this installation we are going to keep the defaults and select CONTINUE.
- If you have a Network Board or Storage Device that is not detected, then you will need to select modify and to add these devices. You will know if it is not detected because the NETWORK BOARDS section will not show a driver in it. If you driver is not on the list, then you may wan to make sure that you NIC is a supported NIC. Once the driver information has been put in, select CONTINUE.
- Now we will need to create an NSS volume. The default for the SYS volume is 4 Gig. If you desire to add more hard drive space then it can be added here. Select CREATE to continue.
- Here you can manage or add other NSS volumes and devices. You can either continue or follow the steps below to create another volume.
- Since there is certain data that we expect to grow we will not want to place it on the SYS volume so we don't fill up the SYS volume. An example of this would be file storage. In order for us to create another volume, we will first need to create a POOL of partition space. Go to POOLS and hit the INSERT key. Since all of the space for the Pool is going to be for one volume, I am going to give the Pool the same name that I am going to give the volume. However, it doesn't matter what you call it. In this instance I am going to call the Pool, DATA.
- Now that we have created the pool, we will need to determine the partition size that we are to allocate to that pool. In this instance I am going to give it everything that is left. How much you give is up to you. Hit ENTER to get the prompt for the Pool size. Once you have the desired size, hit ENTER again.
- Now we will need to create the volume. Hit ESC to go back to the main menu and then go into the VOLUMES section. Once in the VOLUMES section just hit the INSERT key to create a volume. You will be asked for a volume name. We will use the name of DATA for our volume.
- When you enter in the name of the volume, you will be prompted for the desired pool. Select the DATA Pool to continue.
- Now you will be able to set all of the desired properties for this volume. For this example we will accept the defaults and click CREATE.
- Select CONTINUE INSTALLATION to move forward.
- Now we will lay down the SYS volume in preparation for its configuration.
- Novell has now setup pattern deployments to allow you a choice between a Pre-Configured Server designed as a dedicated and optimized service for one server. Or if desired, you can control the installation yourself if you are performing a Migration, Basic, or Custom installation. The screen shot below shows the entire list of server patterns and deployments. With this demonstration a CUSTOM installation will be used to show the individual components being installed. Click NEXT to continue.
- Below is just an expanded list so that you can see all of the Pre-Configured server options. Again, for our demonstration we will be using the customized option so that we can install everything. However, if this is going to be a server that is dedicated to one resource, then you may want to consider the Pre-Configured server installations.
- There are several components that ship with NetWare 6.5. For this demo we are going to install all of them.
- This is your last chance to back up and make any changes before moving on. Please review the list and make sure you didn't forget anything. Select COPY FILES to continue.
- Replace the OS CD with the NetWare 6.5 Product CD. Click OK to continue.
- How you name your server is entirely up to you. However, a few common practices will be discussed. Often it has been seen that an administrator will keep the server name and the host name the same. This is by no means a requirement, just an option. An example of this would be as follows: I have called my server JOE65. My DNS name is joe65.internal.com. Again, this does not matter. There are plenty of administrators who prefer to keep the server name and the host name separate. Click NEXT to continue.
- Enter the location of your NetWare 6.5 Cryptography License. This is a unique server key that is used for SSL and certificate generation. Click NEXT to continue.
- Due to the ever decreasing use of IPX, it will not be installed or discussed in the manual. IP is the only requirement here for the Web services products. Enter in the proper IP Address, Subnet Mask, and Gateway. You can refer to your recorded network information to obtain the proper information.
- Extensive discussion will be held here to insure proper configuration of your DNS information. However, before this discussion can occur there are several questions that need to be answered. If the pre-installation steps have been followed, then these questions should already have been answered.
- Is this server going to be accessed from the outside world, and if so then how?
- Network Address Translation (NAT)
- Is NAT loopback allowed with your NAT service.
- Reverse Proxy
- Public IP access
- Is this server going to serve as an extranet only? Meaning this server is only going to have one NIC and that NIC will be a Public NIC?
- Is this server going to serve as an intranet only? Meaning this server is only going to have one NIC and that NIC will be a Internal NIC?
- If you are going to be on a private IP address then I would make a suggestion here. The easiest configuration in my mind is to have the same DNS name for internal and external customers. You don't necessarily have to have an internal DNS server to setup this configuration. If you are using NAT and your firewall or device does not allow for NAT loopback then you will most likely need an internal DNS server. An example of where this has been seen is with a SONIC firewall.
- Select the proper time zone and click NEXT to continue.
- If you are going to create your own eDirectory tree, then you can pretty much follow the defaults.
- I am calling my tree INTERNAL_TREE. You can call yours whatever you want. If you need to change any prior screens this is your last chance to do it for this section. Fill out the information and click NEXT to continue.
- This next screen is just letting you know that eDirectory was successfully installed. If you receive any errors then please note those errors and stop here. Otherwise click NEXT to continue. Now move down to the section where you start installing the licenses.
- If you are going to install into an existing tree then you will need to prepare that tree to receive NetWare 6.5. Otherwise you will get an error when trying to install it into the tree.
- In earlier version of NetWare you had to look at several considerations before installing into an existing tree. NetWare 6.0 is a good example. NetWare 6.0 has auxiliary classes which are not understood by servers that are DS 7.x or lower. Therefore if you were installing a product (like Novell Portal Services) into the tree that required extending auxiliary schema classes, then you could possibly run into an issue if a DS 7.x server was contacted during that extension. If this was the case then the schema would not be fully extended. Below are some questions that you would need to ask yourself when installing a NetWare 6.0 server.
- Are there any DS 7.x servers in the same replica ring?
- Is there a functioning certificate authority in the tree?
- Is there more than one tree with which this tree will integrate?
- Are other vender directories going to be used in conjunction with this eDirectory tree?
- If this is an upgrade or migration, is the certificate server functioning on the server?
- Is time in sync?
- With NetWare 6.5 we take care of this for you when you prepare your tree using the NetWare Deployment Manager. To perform this action, place the NetWare 6.5 OS CD in a workstation and double click on the NWDEPLOY.EXE option. Once the Deployment Manager has launched you will have many tasks that can be performed. Many of these will be covered in detail in the next chapter. For a fresh install of NetWare 6.5 into an existing tree, only two of them are required.
- Under SEARCH TREE FOR EDIRECTORY / NDS VERSIONS you will have the option to VIEW AND UPDATE NDS. Use this option to search your tree and perform the updates as needed.
- You will see a list with all of the servers that need to be updated. If no servers need to be updated you will receive a popup window explaining that no servers needed to be updated and you can just click on EXIT.
- Under the PREPARE FOR NEW EDIRECTORY section you will find a utility called EXTEND THE CORE SCHEMA. Running this utility will upgrade prepare the existing schema to be compatible with NetWare 6.5 schema.
- You will be presented with a list of server containing a Master or R/W replica of the root partition. Choose the desired server and click NEXT to continue.
- Once finished you can now install a NetWare 6.5 server into your tree. Click on EXIT and move on to the next step.
- Now you can choose the option INSTALL SERVER INTO AN EXISTING EDIRECTORY OR NDS TREE. Click NEXT to continue.
- Now you will need to select the tree and the context in which you want to install the server. Click NEXT to continue.
- This next prompt is just a warning about preparing your tree to receive a NetWare 6.5 server. If you have not prepared you tree to receive a NetWare 6.5 server then STOP and GO BACK. It is a simple couple of steps. If you don't prepare it then you can very well run into issues. In our case we have prepared so we select YES to continue.
- This screen is just a summary. Click NEXT to continue.
- Make sure you have your license diskette in the floppy drive. Select the proper license(s) and click NEXT to install them.
- Next is the container where you want to install the license(s). Be sure that you select the proper container. Make sure that the licenses are at the same level or above the users within the eDirectory tree. Click NEXT to continue. This is explained in the description section of this screen. Licenses are valid for all servers and users at the same level as this container and below. That is why I said that your license must be at the same level or above the users and servers in question. Remember that rights flow down not up. The same concept is true for licenses. Click NEXT to continue.
- The REQUIRE TLS FOR SIMPLE BIND PASSWORD option is asking if you do NOT want to allow clear text passwords. If this option is unchecked, it simply means that you will be allowed to use the Clear Text Port as well as the SSL port. If this option is checked then the ability to use the clear text port will not be available.
- A common misconception is that this is referring to encryption between the browser and the service. This is not the case. This is referring to the encryption that occurs between the LDAP server and the service in question. If the service in question and the LDAP server are on the same box, then the communication is not going anywhere. However, if it is allowed an anonymous bind can be made to the LDAP server users would be able to see whatever the [PUBLIC] user or proxy user can see. Depending on how you have the LDAP group setup.
- The only time where you absolutely need this unchecked is if you are going to be using contextless login for NetStorage. This option requires that you allow clear text connections between your service (in this case NetStorage) and the LDAP server. If you are going to use NetStorage and you check this option then your contextless login will work for the first context, but not other contexts.
- Novell Modular Authentication Service is a service that controls your multiple authentication methods. NDS is a required install, and if you desire any other tokens or methods for authenticating they can be configured here. Since we are only going to use NDS authentication, we will accept the defaults and click NEXT to continue.
- The DNS/DHCP option will be installed if you choose to have an internal DNS server. The most common reason for this is if DNS resolution is needed on the internal network, or if you are planning on running DHCP services (ie: if you are planning on handing out the IP addresses automatically) In this case I will let these services Install at the default and click NEXT to continue.
- There are three sections here that you really need to understand: the first is the LDAP CONTEXT FOR ADMINS section. This section coincides with the IFOLDER ADMIN NAMES section. The context which is used in the LDAP CONTEXT FOR ADMINS must be a container in which there is an admin user who has sufficient rights to extend schema (ie. Rights to root). Even if these rights are temporary. The reason for this is that we extend the schema and create the objects that hold the iFolder configuration the first time that we log into GLOBAL SETTINGS within the iFolder Administration page. Once this is done, iFolder can be administered by a container admin with less rights. If you do decide to change the LDAP CONTEXT FOR ADMINS to a container lower down in the tree, then make sure that it is in LDAP format, (example: ou=iFolder,o=web) that you have an admin with sufficient rights to extend schema, and that the admin user is listed in the IFOLDER ADMIN NAMES section. You can add other admins to the list of the IFOLDER ADMIN NAMES section by separating then with a semicolon. An example of this would be admin;iFolderAdmin. If you place any other character than a semicolon, then the user names will be read as one user name and your authentication to the iFolderAdmin will fail. The next setting we want to look at is the USER DATABASE PATH. This is where the users accounts will reside on the server. You could leave this on the SYS volume for test purposes, but in production I would suggest that you point it to a different volume. This will keep the SYS volume from being filled. In our case the information will be changed from SYS:\iFolder to DATA:\iFolder. You can also add iFolder administrators here.
- The MySQL database will need a password for the root user. The root user to MySQL is synonymous to the admin user within eDirectory, so you will need to keep note of the password.
** NOTE ** A password is required. The SECURE INSTALLATION option will be discussed in the next few steps.
- If you choose to secure the installation then your rights will be setup as shown in the graphic below. You will notice that root@% is not listed. This means that if you are planning on using MyCC that you will not be able to connect from a workstation without putting root@% in as a user. You will however be able to use the phpMyAdmin utility because it does a server connection. In other words it connects over local host. The other users, appserver and audituser, are installed for exteNd application server and the advanced audit services respectively. The reason that they allow connection on the server, "localhost" and client "%" access is due to the need of performing specific operations. One example of this would be publishing a Web application from exteNd workbench (which runs on the client).
- If you do NOT choose a secure installation then the rights to the MySQL database will be setup as shown in the graphic below. There are three different rights that come with a non-secure MySQL installation. The one of most consequence is that you receive root@%. What this means is that you can connect to the MySQL server from a workstation running MyCC or some other database administration program. Without the % connection you would only be able to connect from the server.
- The user that is defined here is the locksmith for the Server Management Console utility that is used for managing the exteNd Application Server. If you choose the RESTRICT ACCESS option, then you will be required to login before you can access Server Management Console. If you uncheck that option then the utility can be run by anyone who has access to the server console.
** NOTE ** The password is required. Click NEXT to continue.
- This next section is setting up the data base user and database within MySQL for the exteNd Application Server. The defaults should suffice here, but you can change the password to something else if desired. As far as the option EXECUTE SILVERMASTERINIT, I would leave it checked. This will create the database for the exteNd Application Server. Click NEXT to continue.
- The biggest concern here is to verify that the DNS name listed is resolvable. If it is not, then you will run into problems. If you don't have DNS resolution at this point then you will probably want to stop set it up. You can continue with a non-resolvable DNS name but you must understand that some of your services will not run until it is resolvable. You can change this to the IP address if desired, but the real issue here is that DNS is a required setup.
- The second section here is the setup of an ALTERNATE EDIRECTORY SERVER. This section allows you to have a limited fault tolerance for login. If this option is used then the PRIMARY EDIRECTORY SERVER must be on a different server. The idea is that if TCPIP communication goes down on the first server that we will revert to the second server for communication. However, this requires TCPIP to time out, which is about a two minute delay. Therefore this option is not widely used. If you are looking at fault tolerance, you may want to look at running a second instance of NetStorage and clustering the Apache and Tomcat portions of NetStorage. I am not suggesting this option and will not be using it in this example.
- If you leave the iFolder section blank, then iFolder will not show up within NetStorage. In our example we will leave it in. Click NEXT to continue .
- Next is the RSYNC license agreement. RSYNC does backup and restore. After reading the agreement, if you agree then click on I ACCEPT to continue.
- Now we will perform a configuration of all of the services.
- At the very end you will be asked to remove any CD or disk and to reboot the server.
** STOP ** If you are installing this server into an existing tree then you MUST first prepare the tree to receive you NetWare 6.5 server. If you have not done this then do NOT move on until you have prepared your tree to receive NetWare 6.5.
If you are going to be creating a new eDirectory tree then follow the next few steps. If you are going to be installing into an existing eDirectory tree then move down a page to that section that describes how to install into an existing tree.
Creating a New eDirectory Tree
Installing into an Existing eDirectory Tree
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com