Integration of Macintosh Computers into a Novell Environment
Novell Cool Solutions: Feature
By David Henderson
Digg This -
Posted: 9 Nov 2004
Victor Central Schools
I have been using and supporting Macs and Windows computers for almost 20 years. When people ask me what home computer to purchase, I at least suggest they take a look at a Mac. For a home computer, Macs have several advantages over Windows machines.
On Victor's campus, as with all schools and private sector organizations, additional criteria are considered when deciding on the effectiveness of a particular solution. How well the Mac fits in with existing infrastructure becomes very important. This white paper details the state of integrating the Macintosh into a predominantly Novell environment. My department as a whole has many years of experience in the area of systems integration ranging from:
- NetWare 3.1–>NetWare 5–>NetWare 6–>NetWare 6.5
- GroupWise 5–>GroupWise 6–>GroupWise 6.5
- BorderManager 3.7–>BorderManager 3.8
- Win95–>Win98–>Win2000–>WinXP Pro
- MacOS 8.6–>MacOS 9.2–>MacOS X
While there is always more to learn, we consider ourselves as versed as anybody on integrating Macs with the various software products offered by Novell Corporation. I start out with a quick overview of our existing infrastructure followed by detailed descriptions of the Novell products we use and how the Mac works with each of them. Where applicable, I point out how one Novell product is strongly influenced by the behavior of another Novell product. I provide a lot of detail for two reasons:
- As the old saying goes ?The devil is in the details?
- The details I describe are the ones my department sweats over and ultimately end users must live with
I tried to make this a balanced assessment highlighting areas where Novell products are working well for us and categorizing problems as either major or minor. Much of what I talk about makes a comparison between the functionality of the Novell products while using a Windows machine versus a Macintosh. What I document here is not unique to Victor Schools. I regularly hear from other users across the country who are involved with integration of Macs with Novell products and they are experiencing similar issues.
Current computing environment
Victor is blessed with a single 192 acre campus. Instead of speaking of a wide area network, we have one large local area network. Backbone connections between wiring closets are gigabit ethernet with 100Mb switched to the desktop. We use a Cisco 6509 core switch, are fully subnetted, and have new servers all running with gigabit connections. We have four NetWare 6.5 file servers, a GroupWise 6.5 server for e-mail and calendaring, and BorderManager 3.8 for a proxy server. Victor has about 300 Windows desktops all running XP Pro and 500 Macs, about half running MacOS 9.2.2 with the remainder running MacOS 10.3.5.
NetWare 6.5 file service
Novell released Native File Access (NFA) for Macs about 2 years ago. This service is loaded on our 4 NetWare servers and allows the Macs to login and save files using Apple File Protocol. This is a fast stable product that Victor started using during the 2003-2004 school year.
Major Problem - Native File Access is server centric and not network centric
Faculty at Victor typically login to one of our NetWare servers each morning to gain access to their home directory. Once classes begin, faculty access our student information system to take attendance. This piece of software is located on a different server than where their home folder resides. This results in another login to this second NetWare server. Contrast this with a Windows machine that is network centric. Once authenticated against eDirectory, a faculty member using a Windows machine can access any resource (files, folder, or applications) they need on any of our NetWare servers, they are never hit with a second login. This sounds like a minor problem but is causing grief on our campus when coupled with the GroupWise and BorderManager logins that Mac users must do.
Minor Problem - users find it a little more difficult maneuvering to their home folder on a NetWare server when saving a file using a Mac
When logged into NetWare from a Windows machine, end users get a drive mapping (H drive) directly to their home directory to aid in saving files. In fact, within the Microsoft Office suite (Word, Excel, &Powerpoint) we change the default saving location to the H drive. On the Mac, end users log into a NetWare server and mount on their desktop the server volume. Below I show the process that end users must go through to save a file.
Within the next two weeks, Condrey Consulting, a third party developer, will be releasing a plug in for MacOS X that should make this process easier. According to their website, www.condreyconsulting.com, Kanaka integrates with the Mac OS X log-in subsystem to provide users with contextless single-sign on to both their Mac OS X computer and the Novell network. Once a user authenticates to eDirectory, Kanaka then auto discovers and mounts on the desktop the user's home directory and collaborative storage locations based on eDirectory attributes and group membership.
Several months ago Novell released a java based cross platform GroupWise client. Victor has this client loaded on all of its Macs that run MacOS X. While a step up in many ways from the client that ran under MacOS 9, this new client is still a work in progress.
Minor Problem - GroupWise cross platform client login dialog box is confusing
When the GroupWise client is launched, the first thing a user sees is a prompt for a password. This is the GroupWise password for the last user that logged in. Only after hitting the Cancel key will this password dialog box change to display a spot to type in a new user name and password.
Hitting the Cancel key to invoke a change in the login dialog box is not intuitive and certainly not in keeping with the functionality of the Cancel key in other Macintosh applications. Faculty and staff are quite mobile within our district. Every time the client is launched, a dialog box should be displayed providing a spot where a person can type in their GroupWise name and password. The name of the last person to login to GroupWise on this machine could be remembered and displayed. It would be even better if single sign on was tied in with this client just as it is with the GroupWise Windows client.
Major Problem - GroupWise cross platform client lacks a spell checker
In the read me file for the cross platform client it states that the product does not yet include a spell checker, rules, or junk mail handling. In Victor's case, lack of a spell checker has been something that faculty have noticed, especially when the Windows client includes one.
Minor Problem - GroupWise cross platform client is slow
The client is slow to launch, slow to login, and slow when switching amongst items (calendar, mailbox, sent items, and trash).
Minor Problem - hot link from an e-mail address on a webpage is not tied into the GroupWise cross platform client
When a Windows user encounters a hot linked e-mail address on a website and they click it, it launches GroupWise (if it is not already open) and generates a new mail message with the To: field filled in.
Major Problem - list of extensions and default web browser are specified by logged in user on a computer by computer basis for the GroupWise cross platform client
Within the GroupWise client, under preferences I can set what program should be associated with what extension. This list is used by the client when opening e-mail file attachments. When I did this association for 8 of our most common applications it worked great.
I made the assumption that this setting, as well as the setting for default web browser, was set on a machine basis. Only after we had cloned 100 machines and distributed them to teachers did I find out I was mistaken.
The GroupWise client on the Mac creates a hidden folder inside the logged in users folder called .GroupWise. If Dave Henderson logs into his GroupWise account (login name HendersonD), a folder called HendersonD is created inside this hidden GroupWise folder. Within the HendersonD folder is where Dave Henderson's GroupWise client preferences are kept. There is a file called extensions.properties inside the folder HendersonD that stores what programs are associated with what extensions for HendersonD. The screen shots on the next page illustrate this folder and file structure. On this particular machine, there is a user account called Administrator. While logged in as Administrator on the local machine I logged into my GroupWise account. Notice the .GroupWise folder inside of the Administrator's User folder. Within the .GroupWise folder you can see the HendersonD folder. Inside of HendersonD is the file extensions.properties that stores the application/extension association list shown in the screen shot on the previous page.
The problem is the list of applications and associated extension is empty when the user first logs on. Adding to this list is easy for somebody familiar with computers but I have many faculty members who cannot be expected to populate this list, even with a good set of directions.
I think this is a HUGE oversight with this client. Even if I can get a teacher to go through the process of populating this list (ie. associating Word with doc, etc.), as soon as they go to another Mac (like one in a computer lab) and login, they have to populate the list again or they cannot open file attachments.
The model that Novell uses here needs some serious work. Perhaps a model where this list of extensions and applications as well as default web browser is machine specific and not user specific. After all, doc is always associated with Word, xls with Excel, etc.
We have also looked at having Mac users use webmail instead of the client. While this is a viable option when at home or at a conference, for day to day use on campus it has two shortcomings:
- Webmail is not as a robust as the fully functional client available to Windows users. One example of this is the handling of file attachments.
- The logout within BorderManager becomes problematic. Mac users who use the webmail on campus have to login to BorderManager several times each day.
BorderManager proxy server
BorderManager has evolved over the past 3 years into a stable flexible product that meets Victor's needs in many ways. We have our BESS content filter integrated with BorderManager allowing us to setup filtering rules, change them on the fly, and apply these rules to adults and students differently. This, coupled with BorderManager's ability to cache web pages and keep a log of sites visited by each user, has made BorderManager a good fit for Victor.Major problem - SSL login to BorderManager for Mac users and subsequent logout
More and more of the services on our campus are web based or heading that way.
- We use IEP Direct (www.iepdirect.com) to produce Individual Educational Plans for our 350 special education students.
- We are in the process of changing student information systems from SASI to Powerschool. Powerschool has the advantage of being web based.
- We have used a program called Choices for many years in our Junior/Senior High School. It is a nice piece of software students use to explore careers and find college information. We are in the process of switching to eChoices, the web based version.
- The web is being used extensively for research and instruction.
When Windows users log using the NetWare client and then launch their web browser, they are not hit with another login. Mac users are hit with a login as soon as they launch their browser. With this login, there is a timeout period of 20 minutes. Student A walks into one of our Mac labs, launches their web browser, and logs in. After surfing the net all period they quit their web browser and leave. Ten minutes later another class is in the same lab and Student B launches the web browser on the same machine that Student A used. Since the 20 minute timeout had not expired, Student B is browsing under Student A's name. This means our BorderManager logs are incorrect. Contrast this with Windows users, as soon as they logout of NetWare, any connection through BorderManager is severed so logs are always accurate.
It seems like the sensible thing to do is to decrease the timeout period to 5 minutes. With it set this low, faculty and students are timed out quite often. Just taking a quick phone call, running to the bathroom, or jumping back to your word processing package for a few minutes is enough to log you off of BorderManager. Two fixes come to mind:
- Single sign on - once a Mac user authenticates against eDirectory, when they launch their web browser they are not hit with another logon. As soon as they logoff, the connection with BorderManager is severed.
- Have the ability to set the timeout period different for students and adults. If this timeout period could be set by NDS groups, this option would work for Victor. Everybody on campus is a member of a group that identifies them as an adult or student.
Major problem - Safari will not work with BorderManager
BorderManager only works with Netscape Navigator, IE, and Firefox. Apple's web browser, Safari is not supported. Apple's web browser is not only faster than IE and Netscape, it is still being actively developed and improved.
- Major Problem - Native File Access is server centric and not network centric
- Minor Problem - users find it a little more difficult maneuvering to their home folder on a NetWare server when saving a file using a Mac
- Minor Problem - GroupWise cross platform client login dialog box is confusing
- Major Problem - GroupWise cross platform client lacks a spell checker
- Minor Problem - GroupWise cross platform client is slow
- Minor Problem - hot link from an e-mail address on a webpage is not tied into the GroupWise cross platform client
- Major Problem - list of extensions and default web browser are specified by logged in user on a computer by computer basis for the GroupWise cross platform client
- Major problem - SSL login to BorderManager for Mac users and subsequent logout
- Major problem - Safari will not work with BorderManager
Three important conclusions can be drawn looking at this list:
- None of these problems are present when using a Windows PC on our campus
- Having single sign on with a Macintosh computer would solve a number of these issues including numbers 1, 3, 8, and 9. One login that gave Mac users access to any file they had rights to on any of our NetWare servers, the ability to launch GroupWise without a login, and the ability to launch a web browser without a login, would go a long way towards providing equity with Windows PCs.
- If the next iteration of the cross platform client made a big leap forward in functionality, problems 4, 5, 6, and 7 would be solved.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com