Novell Home

NDS 8 and NetWare 5 @ Novell

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 22 Jun 1999
 

Grettir Asmundarson (which is just a ridiculous pseudonym by the way) is back this week to give you a glimpse of how he and the rest of the IS&T team rolled out NDS 8 on the production servers (no small task) here at Novell. Long before the product shipped, Grettir and company were enduring sub-zero temperatures in the server rooms making sure that we (everyone from the receptionist to Eric Schmidt) were using NDS 8.

Grettir has collected all the stuff they learned, and created this from-the-trenches-style guide that you can use as a companion to the installation doc as you roll out NDS 8. He gives you the heads up on a few gotchas and guides you through in true system admin spirit. So, put your feet up, relax, and enjoy Grettir's observations about implementing NDS 8. Here's Grettir.

So, What's NDS 8 Anyway?

This is the boring part, so I'm going to let the marketing folks take over for a minute, and I quote:

With NDS 8, Novell has now extended its directory reach to the Internet. NDS 8 sets a new standard for scalable performance, reliability, and security—and eliminates the need for special purpose Internet directories. Already deployed and proven as a directory in the enterprise with some 50 million users NDS now allows companies to solve their immediate needs, grow their businesses without disruption, and build the necessary infrastructure required for electronic commerce.

Why Bother?

So, what does the release of NDS 8 mean to you? Why should you upgrade from your current version of NDS? There are plenty of reasons:

It's Bigger
Scalability, scalability, scalability. NDS 8 allows you to have billions of objects per tree and millions of objects per container. I don't know about you, but I never thought I'd see the day when I would need billions of objects in my tree. Then again, I remember when I never thought I would fill my 210MB hard drive or need more than 4MB of RAM.

Keep in mind Grettir's Law. Grettir's Law says, "Every eighteen months the number of objects in your tree will increase tenfold, the number of containers necessary to manage those objects will triple, and your waist size will increase by at least one inch."

Let's say that you implement DNS/DHCP 3.0 and set up an entire Class B address space, which has roughly 65,000 addresses. Once you're through with all of the DNS entries and IN-ADDR.ARPAs, you will have added about a quarter of a million objects to your tree. When we first started upgrading our servers to NetWare 5 @ Novell and implementing DNS/DHCP 3.0, we went from 18,000 objects to 120,000 objects almost overnight. Suddenly, the ability to support billions of objects doesn't seem like overkill.

It's Smaller
After upgrading to NDS 8, the sizes of the NDS databases on our DSMaster servers, which contain a very large number of replicas, were reduced from about 200MB to 110MB.

It's Faster
NDS 8 is faster in a number of ways. For one thing, NDS 8 databases open much faster. Our DSMaster servers now open their databases about 75% faster than before. And the database doesn't really bog down as you stuff more and more objects into your tree. LDAP search queries will essentially take the same amount of time, whether you have ten objects or ten million. After all, what's the use of having billions of objects if it's going to take forever to get to them?

It's Safer
NDS 8 uses the Direct File System (DFS) which provides better protection of your data. Because the database is manipulating the data directly, there's almost no chance of data loss.

A great test of this is the "Pull The Plug" test. Don't try this at home?

  1. Boot the server.
  2. Open the database.
  3. Start synchronization.
  4. Pull the plug.

In over 500 attempts, we were unable to cause any database corruption. Another testimony to the robustness of NDS 8 is that fact that we've upgraded 203 production servers to NDS 8. Since the servers were upgraded, we haven't had a single server that has experienced any sort of database corruption, and this was using alpha and beta code.

It's More Efficient
In the old days (meaning two months ago), for maximum speed and efficiency you would want enough RAM in your file server that you could cache the entire NDS directory in RAM. Since NDS 8 is so much more efficient at accessing information, this is no longer a requirement.

That doesn't mean that you should go around ripping RAM out of your servers. Obviously, most processes will still perform better the more RAM you have. But if things get tight, NDS 8 is much more forgiving.

It's Standards-Based
NDS 8 has native support for LDAP v3, the de facto, de rigueuer, and de lovely directory standard of the Internet. Almost every major Internet application and service that is being developed now includes support for LDAP. And now, by extension, they also support NDS, or rather, NDS supports them.

That means that if you have applications that were written specifically for NDS, you can take full advantage of all of the richness that NDS provides. But, if you have an application that only supports LDAP, you can still take partial advantage of the richness that NDS provides in the case of that one particular application, while still taking full advantage of the richness that NDS provides everywhere else.

It's Free
And, lastly, we're not charging a penny for it. Any other company would have taken this same code, called it their "Enterprise Edition," and charged up the wazoo for it. (Many people aren't aware that the word "enterprise" is derived from the Old French word "entreprende," which translates to "outrageously inflated pricing structure.")

How To Go About It

Here's how we did it. Before you begin you'll probably want to skim through the Readme file for any late-breaking issues we didn't encounter. Also, for good measure you'll want to read the install documentation before you start. (We've got a link to it a little later on for easy access.) It's always best to be well-informed before diving into these types of projects.

1. Prepare The Tree
If the first server that you are going to be upgrading to NDS 8 contains a replica of the [Root] partition, you don't need to do anything special to prepare the tree. But, if the first server that you're going to be upgrading doesn't contain a replica of [Root], you'll need to extend the NDS schema on one of the servers that does (contain a replica of the root that is) first.

You can do this using an updated copy of DSRepair that is included in the NDS 8 package. Choose one of your servers that contains a replica of the [Root] partition, and use the version that corresponds with the version of NetWare running on that server.

\DSREPAIR\4X\DSREPAIR.NLM (For NetWare 4.x servers?)
\DSREPAIR\5X\DSREPAIR.NLM (For NetWare 5 servers?)

Copy the appropriate version of DSRepair to the SYS:SYSTEM directory of your chosen [Root] server. Then run DSRepair and choose: Advanced Options Menu > Global Schema Operations > Post NetWare 5 Schema Update.

And while we are on the subject of DSRepair, it's a good idea to run a DSRepair on the local database before migrating to NDS 8 to clean up any NDS replica irregularities and ensure that local replicas are properly synchronized.

2. Deploy The New Versions Of DSRepair To All Of Your Other Servers, Too
Earlier versions of DSRepair don't properly handle LDAP auxiliary classes when importing the schema from NDS 8 servers, so once you've started upgrading servers to NDS 8, you'll never want to use an old version of DSRepair on any server again. (Even those you haven't upgraded yet.)

3. Pick A Target
Many people assume that the first server you upgrade to NDS 8 needs to contain a replica of [Root]. But as you probably guessed from Step 1, you have a choice. If you read the first of our beigepapers, Implementing NetWare 5 @ Novell, you'll know that we prefer to never deploy anything for the first time on something as important as our DSMaster servers. Again, we would remind you of the instructions found on most household laundry products:

Warning!
If in doubt about the reaction of a particular fabric to this product, test on an inconspicuous area of the garment prior to use.

To start with, we would vote for extending the schema on one of your DSMaster servers, but then doing the initial deployment of NDS 8 on something a little less important.

4. Perform A Complete Backup
I have great faith in the quality of our product, but it's always a good idea to take basic precautions to protect your data.

5. Install NetWare 5 Support Pack 2
Support Pack 2 is a required prerequisite to the NDS 8 upgrade, so if you haven't installed it yet, you'll need do this before you go on. You can pick up a copy of Support Pack 2 on the Minimum Patch List.

6. Choose A Method
You can either install NDS 8 from a CD, from a directory on the server being upgraded, or across the wire (for example, from a directory on a different server).

7. Mount All Volumes
During the upgrade, the trustee assignments of all of the files on the server are updated. If a volume is not mounted, the migration utility won't have access to the files on that volume and you will lose the trustee assignments on those files. This could be a Very Bad Thing.

8. REM Out Third-Party NLMs From The AUTOEXEC.NCF
During the migration, volumes will be dismounted/re-mounted and the server will be rebooted, and as you know some NLMs don't take kindly to losing access to their files this way. Although we haven't had any significant problems, you might want to play it safe and REM out all third-party NLMs from the AUTOEXEC.NCF, and then restart the server.

9. Close The AUTOEXEC.NCF
If you have the AUTOEXEC.NCF open (either in EDIT or NWCONFIG), you'll need to close it before you start the upgrade process. During the upgrade process, your AUTOEXEC.NCF is modified to run NDS8.NCF, which converts your old database to NDS 8 format. If the file is open, the upgrade process is unable to add the NDS8.NCF entry. So when the server restarts you'll get a -723 error because the old database hasn't been converted yet, and you'll be running the new NDS 8 NLMs on top of the old database. This doesn't work too well.

If this happens to you, just manually run NDS8.NCF to convert the old database to NDS 8 and continue the upgrade process.

10. If you are running in a Pure IP environment, load IPXSPX.NLM.
The NDS installation requires BTRIEVE, which in turn requires that IPXSPX.NLM be loaded. Purists needn't worry, because when the server reboots as part of the upgrade process, IPXSPX.NLM won't reload, making you Pure IP again.

11. Run The Install Detailed installation instructions accompany the NDS 8 package and are available on the web, so we'll move on?

12. Re-Enable Your Third-Party NLMs Remove the REM statements that you added before your third-party NLMs in Step 6, and restart the server so they have a chance to load again.

13. Update your backlinked objects.
Your internal NDS identifiers changed during the upgrade, so you'll want to update your backlinked objects by starting the backlinker process. Type the following at the console:

SET DSTRACE=*B

The backlinker process would eventually start automatically after 50 minutes, but you're better off doing it manually as soon as possible after the upgrade, especially if the server you updated was not one of your DSMasters.

14. Extend the LDAP Schema If you want LDAP to be able to support having other types of containers within the Domain object, you'll need to make sure that the new LDAP schema extensions are propagated throughout your tree by using the same version of DSRepair that you used in Step 1. But this time choose: Advanced Options Menu > Global Schema Operations > Optional Schema Enhancements.

There are also some individual schema extensions that you might want to apply (inetOrgPerson, residentialPerson, newPilotPerson). If you want to apply any of these extensions, you can download the individual schema files from the NDS 8 download site, run NWCONFIG, and then click Directory Options > Extend Schema.

15. Run DSRepair (The New Version, Remember?)
The first time you run DSRepair after extending the schema, it will apply the new containment rule base to all of your objects. So, if you see the following error:

Error: Adding property 'Object Class' value: ndsLoginProperties.

?don't panic. This is perfectly normal.

16. Fill 'Er Up (Optional)
If you need to add, modify, or delete a large number of NDS objects after your upgrade (for instance, if you were McDonalds, and you wanted to import the names of each of the "Billions and Billions Served"), you could use the BULKLOAD.NLM and LDIF files to simplify/automate the process.

Before running BULKLOAD.NLM on particularly large LDIF files (yes, "Billions and Billions Served" counts as large), make sure that the partitions into which you are importing those objects are synchronized.

Things That Caught Us By Surprise

This section is going to be surprisingly short, because the only problem we ran into when we started deploying NDS 8 on a large scale involved a third-party product.

After upgrading a server to NDS 8, Seagate's Backup Exec 8.0 for NetWare was no longer able to access its queues. Backup Exec uses the Backup_Exec user's Object ID to identify the files in which it stores backup jobs. When that Object ID changed as a result of the NDS 8 upgrade, Backup Exec lost its ability to see the old queue files.

To work around the problem, we used the BEQBACK.NLM utility that is included with Backup Exec 8.0 to backup our queue files before the NDS 8 upgrade and restore them after the upgrade had been completed.

I only mention this because there may be other third-party applications that have the same sort of problem. So, after upgrading your first server to NDS 8, make sure that all of your third-party applications are behaving as they should before moving on. Otherwise you could roll it out everywhere before realizing that you were messing up the backup folks. And, in my experience, backup folks are not the kind of people who take that sort of thing well.

Conclusion

Conclusions are sort of arbitrary things, don't you think? I mean, if I haven't made a compelling case or explained things clearly in the rest of the beigepaper, summing things up in a nice, easily-digestible, management-friendly, sound bite isn't going to help, is it?


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell