NDS 8: It's the Real Potato
Novell Cool Solutions: Feature
By Doug Jones
Digg This -
Posted: 22 Apr 1999
I'm originally from Idaho you know, that state with the license plates that proudly declare, "FAMOUS POTATOES." One thing I learned growing up is that if you can't dig it up, boil it, bake it, scallop it, and fry it up for breakfast, then it ain't real.
Which leads to some personal conflicts with a neighbor in Washington. Like a couple of years ago, when I attended a course (#689) on supporting a certain Washington company's enterprise technologies. The first unit of that course was titled "Implementing Directory Services Using Microsoftâ Windows NTâ Server 4.0".
Did they say directory services? I've never seen a directory service from Washington. Maybe some of you can e-mail me and clear this thing up.
Meanwhile, I've been working with a directory service from Utah ("The Olympic Bribery State?" "The Chicago Bulls Whipping Boy State?") for years now. This directory service, NDSÔ, is the real potato. It has always offered hierarchical management and many other features unavailable from Microsoft.
NDS has been a long time baking; it's stable, tested, and has been used happily in production environments for years. And now Novell has released 8, a real hot potato, which is what I wanted to tell you about.
NDS 8 Is New InsideIf you open up classic NDS and look at its insides (files hidden on the SYS volume of your NetWare server), classic NDS file storage structure looks something like this:
Novell has souped up this file storage mechanism for the 21st century by revamping its internal workings. First of all, it upgraded its fixed-length record data store with a highly scalable, indexed database. The database and all its high-speed indexes are contained in a single file called NDS.01. Actually, if this file should grow to over 2 GB, a new database file is created called NDS.02. The file sizes are always kept from exceeding 2 GB by the creation of new NDS.nn files, as shown below.
You'll notice that there are other files besides NDS.nn. The NDS.DB file contains control information as well as the roll-back log, which is occasionally used to abort incomplete transactions. The NDS*.LOG file contains the roll-forward log, which is used to reapply completed transactions that may not have been fully written to disk because of a power failutre or other system interruption. The stream files are like the files in Classic NDS: they hold login scripts and such.
NDS 8 Is HotUsing the new database architecture allows NDS to grow way beyond previous limits. Novell recommends the following realistic operating levels (not to be construed as absolute limits):
Of course, your hardware needs to support the database size. You should plan for approximately 1-2 KB of disk space on the SYS volume per user. And remember, your replica ring is only as strong as its weakest link. You should equip all servers holding large replicas with adequate hardware and NDS 8.
Thanks to fast indexes and intelligent caching, NDS 8 offers some fantastic performance increases with large databases:
Note that these numbers are for large databases. Operations on small databases will actually be slightly slower than Classic NDS, since several indexes are updated on any add, modify, or delete.
NDS 8 Manages Like Classic NDSNDS 8, from an administrator's point of view, works like the NDS you're used to. Objects are the same, rights inheritance is the same, partitioning and replication are the same, and management is the same (though an improved ConsoleOne administration tool is included).
In fact, you probably won't notice a difference once you upgrade to 8, except for a marked improvement in capacity and performance for large databases.
NDS 8 Works on NetWare 5NDS 8 is designed for NetWare 5 servers with Support Pack 2 (or later) installed. Don't try installing it on NetWare 4, or on NetWare 5 without the Support Pack. (A friend of mine tried this and he's still picking potato peels out of his teeth.)
It's Free!You can get NDS 8 free from Novell's product download site. While you're there, you can download Support Pack 2 and DSREPAIR. You'll need the DSREPAIR package if you install NDS 8 to a server that doesn't hold a replica of [Root].
The Support Pack 2 and NDS 8 downloads are huge, so if you're using a slow modem connection to the Internet, you might want to call your reseller or somebody with a fast connection to burn you a CD. Once you have the files, expand them in separate directories. If you're upgrading servers using RconsoleJ or RCONSOLE, these directories can sit on your workstation. Otherwise, you can copy the directories to the servers you're upgrading.
NDS 8 Prepares Your NDS TreeIf (and only if) you want to install NDS 8 first on a server that doesn't hold a replica of [Root], download the DSREPAIR package. Before you install NDS 8 on a non-[Root] server in the tree, you'll need to modify the schema by running DSREPAIR.NLM on one of your existing servers holding a replica of the [Root] partition.
Two DSREPAIR.NLMs are included in the package, one for NetWare 5 (without NDS 8) and one for NetWare 4.1x. Copy the appropriate version to the SYS:SYSTEM directory of a server that holds a replica of [Root]. Start DSREPAIR and select
Advanced Options Menu > Global Schema Operations > Post NetWare 5 Schema Update
Note: The NetWare 4.1x server should be running the latest NDS version. For NetWare 4.10, that's build 517 or later. For NetWare 4.11, that's version 602 or later.
You'll be prompted for the Admin (or equivalent) name and password.
This schema update prepares your NDS tree for the upgrade, most notably adding the Domain object class, which is an integral part of Novell's Internet directory strategy. So why do you need to run DSREPAIR to update the schema? The answer is that the radical containment changes can only be accomplished with the APIs available through DSREPAIR.
NDS 8 Installs EasyThe installation of Support Pack 2 and NDS 8 use about the same interface, so while you're doing one you might as well do the other. Just make sure you install the support pack first. Here's how it goes.
First, start NWCONFIG at the server's console. The server will reboot during the installations, so if you're installing using RCONSOLE or RConsoleJ, select NCF Files Options and look at your AUTOEXEC.NCF file. Make sure it contains the following commands:
- AUTOEXEC.NCF Commands For RCONSOLE
- REMOTE password
- AUTOEXEC.NCF Commands For RConsoleJ
- RCONSG6 password TCPport SPXport
Still in NWCONFIG, select
Product Options > Install a Product Not Listed
Specify a path to the Support Pack 2 files and the rest is pretty automatic. If you're installing remotely, you'll have to re-establish the remote session after the reboot. Then start NWCONFIG again and select
Product Options > Install a Product Not Listed
This time specify a path to the NDS 8 files. Again, the installation is pretty automatic, with a reboot at the end.
NDS 8 Installs a New LDAPThe speed of LDAP searches is much improved in this version of NDS. The final testing isn't done yet, but it looks like searching will be about ten times faster than with original NetWare 5.
Even if you didn't install LDAP as part of your NetWare 5 installation, the NDS 8 upgrade program will do it for you. You'll notice some new objects¾an LDAP Server object and an LDAP Group object.
- LDAP Server: This object contains information specific to the new NDS 8 server, such as what Key Material object to use for security.
- LDAP Group: This object stores information that can be used for multiple LDAP Servers. This information includes mapping of LDAP classes and attributes to NDS. For instance, this object maps the LDAP inetOrgPerson class to the User class in NDS.
NDS 8 Implements Security Services for LDAPFor highly-secure connections to LDAP, you'll need a digital certificate for your LDAP Server. Digital certificates are issued by a certification authority (CA) and are stored in a Key Material object (shown below).
You can create a new Key Material object using NetWare Administrator. The Key Material object must be in the same container as the NetWare Server object that will use it.
You can also create your own Certificate Authority (CA) under your Security object, which appears at the [Root] of the NDS tree.
The CA is used to generate public key certificates for your organization.
8 Installs a New ConsoleOneIf you were disappointed with the "speed" of ConsoleOne in NetWare 5, you'll like the new one better. It installs to a 32-bit Windows workstation (running the NetWare 5 client) and has performance somewhere between the old ConsoleOne and NetWare Administrator. Novell recommends a workstation with a 200-MHz processor and 64 MB of RAM.
ConsoleOne employs some new APIs that provide "paged results" from your NDS 8 server. Paged results apply to large containers with many objects. For instance, if you double-click a container with 50,000 objects in it, you don't have to wait all day for the server to reply. The server gives the results a page at a time to ConsoleOne, which in turn displays the pages without waiting for information on the whole load of objects.
To install the new ConsoleOne, map a drive to
Then run SETUP.EXE.
The new ConsoleOne also lets you search and filter the objects displayed. You can now configure Novell's LDAP services, extend the schema, control rights inheritance, and manage NetWare file services with ConsoleOne.
Even if you're addicted to NetWare Administrator, you might want to give ConsoleOne a look.
ConclusionNow Novell has a directory service for everybody, from the single-server shop to the ISP. NDS 8 handles huge organizations, it runs fast, and it includes great management and full integration with LDAP v3. And unlike vaporware from somewhere in Washington State, it's well-baked technology that can make a difference in your organization now.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com