Migrating to Pure IP
Novell Cool Solutions: Trench
Digg This -
Updated: 6 Apr 2005
Question: I'm preparing to migrate to a new server using the Server Migration Utility. We are currently running NetWare 5.1 SP6. When building the new servers, I'm not selecting the IPX protocol, because we have plans to go pure IP.
If I move the server with the master replica to the new server using pure IP, will it be able to communicate with the servers running IP & IPX? Are there any other things I should worry about?
Answer: It will be able to communicate with servers running IP&IPX, but not with those running IPX only.
You should also watch out for timesync. Unless you have configured timesysc resources to use IP only (set up a reference server and configure the other file servers to point to the timesysnc server as a reference), timesysnc won't work.
IPX uses RIP/SAP to find the time server(s). No IPX, no timesysnc. IP-only servers need to be told where the time sync server is.
Anyone else got any gotchas to add? Let us know.
- John Goutbeck
- Andrew Jachno
- John A. Resotko
- Geoffrey Carman
- Dariusz Trepkowski
- Kevin O'Neill
- Tony Pedretti
- Paul Caron
- Carl Ward
- Jörg Schiffer
- Dale Puotinen
- Roger Thomas
- Paul D. NEW
- Ensure all IP routing is working.
- Study and set Timesync using NTP.
- Study and setup SLP.
- Ensure IP Server name resolution with DNS, SLP, Hosts file.
- Study and setup NDPS printing (or iPrint).
- Keep IPX running and take away from one server at a time.
- Try very hard not to use SCMD.
Note that SCMD is ON by default when you install IP Only on the server. (Check Advanced Options when setting IP address.)
John Goutbeck provided a list which covers all the critical items. I'd like to mention specific details from two of his items that may not be obvious from reading his list.
Don't forget about routing at the core of your network. While not directly related to how you configure the servers, if you work in a routed environment with VLANs, and you use VLAN routing to restrict the broadcast IP traffic from bleeding over from one VLAN to the other, you may see some IP devices "disappear" once IPX is turned off (like printers using broadcasts to identify themselves to servers in another VLAN via IPX only.)
Don't forget that your servers and workstations aren't the only IPX broadcast devices. If you are using print servers such as the HP JetDirect card, Canon and Xerox multi-fuction devices, or other print devices, make sure they all support IP and have the latest firmware installed to support NDPS/iPrint before you convert to NDPS. This will go a long way to reduce your headaches when converting from queue-based printing to NDPS.
Finally, as a cleanup after the conversion to Pure IP, look at your broadcast traffic. If you were running both IPX and IP in a mixed environment previously, turn off the IPX protocol on workstations, printers, and any other devices using the Novell network. Reduced broadcast overhead can provide an increase in overall network performance. Also examine your router configuration, and if IPX is no longer needed, free up some CPU on the router. Why spend the cycles checking to route a protocol that no longer appears on your network?
That's my two cents worth. Best wishes for a successful conversion to IP.
When using IPX, HP JetAdmin printers have a built-in security model: NDS ACLs. When run in IP-only mode, via NDPS, they are wide open to LPR and port 9100 connections. You then need to implement some form of security for these printers.
Nprinter works over IPX, and while you can use LPR inbound, again, it has little to no security in the protocol.
You should make sure to check what ports your print servers use because it is not always 9100. Sometimes it can be 9900 (some new AXIS print servers use that, for example).
I began a similar transition this week (NW5.1 SP2b / GW 5.5). Although the first step in my case is more obvious, I would not overlook the latest service packs in your case either. TCP/IP 5.85v in particular. I installed NW51SP7e along with a few other patches on 4 remote servers. No problem.
I considered SCMD but I didn't feel right about adding during a subtraction operation. I was confident that all key applications were running on IP and that the few running IPX programs were already marked for replacement. I was running short on time so I built a mock up of the master server, REM'd the IPX bits and pieces in AUTOEXEC.NCF (no INETCFG yet) and looked to see what broke when I brought it up. Here's my list:
2-Arcserve 6.6 (Defaults to IPX but can be reconfigured for IP)
3-Inoculan 4.5 (Server end of life coming soon/workstation support already dead)
5-DS (I ran DSRepair once before and twice after. Server address errors gone after the 2nd run)
This was a desperate move and I am not promoting the method. I had done a good bit of homework so my only surprise was that Arcserve had IP capability.
Finally, I renamed the IPX/SPX related files, brought the server up and looked at the running modules to make sure I had disabled all the relevant processes. I checked logs and felt confident enough to go live with it. So far so good. Arcserve is last on the list as it also has service pack issues.
No IPX, no rconsole.
Fortunately, you have some great free replacements available:
- AdRem Free Remote Console
- rconip - A NetWare rconag6.nlm client
- Remote Debugging Tools
- Search the Novell Knowledgebase for various Technical Information (TIDs) and Manuals on using Novell's RconsoleJ.
- RConsoleJ for Linux
Two gotcha's I just encountered:
Our backup software, Legato, deals ONLY with IP. Great. But the backup client loaded on each server depends on IPX. So we ended giving the server a ServerID, removing a couple of protocol statements in the client's configuration and we were able to backup the server error free.
We use Adrem to remote control our IP/IPX servers. With an IP only server, it doesn't broadcast its name via NCP to Adrem, making the list of servers appear shorter than it really is. Per the technician who emailed me his findings:
- Currently Free Remote Console does not see IP only servers. You can enter IP address or server name in the "Server" drop-down list to connect to a server. You can also browse your NDS and find an appropriate server.
- Currently only SfConsole provides ability to detect IP-only servers. Maybe in the future this kind of functionality will also be implemented in Free Remote Console.
Veritas BackupExec Remote Agent also requires IPX loaded in order to work. It doesn't have to be bound to a NIC, but without it loaded, the Remote Agent will fail to load due to not meeting its pre-requisites.
The current shipping version (9.1) is also affected. Veritas has a TID for this on their site.
Not sure yet, but there may be a problem with pure IP and some network scanners. Specifically, we have two HP9050MFP printer/scanners, and a Xerox DC470 copier with scan functionality. None of these machines can connect to our new NetWare 6.5 server on which we selected not to install IPX. Also, there is little or no (at least none that we can find) help on installing IPX after the fact. We tried, but several files appear to be missing.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com