1.4 Plan Your OES Deployment

The information you need to gather and basic decisions you need to make before installing OES NetWare are outlined below.

For detailed help in planning your OES deployment, see the Novell OES SP2 Planning and Implementation Guide.

For information about coexistence of OES servers with existing networks, as well as issues involved in migrating to OES from your current network environment, see the OES Coexistence and Migration Guide.

1.4.1 Determine What Services to Install

Novell networking services delivered as part of OES include the following:

  • Directory services and identity management including Novell eDirectory™ and Novell Identity Manager
  • File services including Novell Storage Services™ (NSS) and Novell iFolder®
  • Print services including Novell iPrint
  • Collaboration services including Virtual Office
  • Open source services including Apache, Tomcat, MySQL*, and PHP/Perl
  • Software distribution and patch management services including Red Hat* Package Manager (RPM) and Red Carpet® Daemon (RCD)
  • Management consoles and interfaces common to all services through Novell iManager

The services you choose to install will depend largely on the intended purpose of your OES server.

To simplify the process of installing special-purpose servers, Novell provides a patterned deployment feature. For example, if you want to install an OES server with all of the components necessary to host open-source Web database applications, you simply select the NetWare AMP (Apache, MySQL, PHP, and Perl) Server pattern during the OES installation.

Novell recommends that you choose a pattern installation if one exists for the intended purpose of your server. Options are also provided to install basic and customized OES servers.

1.4.2 Plan Your eDirectory Tree

If you are creating a new eDirectory tree on your network, you must do some additional planning before you install the first server into the tree.

The first server you install into a new eDirectory tree is important for two reasons: first, you create the basic structure of the tree during the server installation; second, this server permanently hosts the Certificate Authority for your organization.

To ensure that your eDirectory tree meets your needs, take time to plan the following:

  • Structure of the eDirectory tree: A well designed tree provides containers for servers, users, printers, etc. It is also optimized for efficient data transfer between geographically dispersed locations.
  • Partitions and replicas: eDirectory allows the tree to be partitioned for scalability. Replicas (copies) of the partitions provide fault tolerance within the tree. The first three servers installed into an eDirectory tree automatically receive replicas of the tree's root partition. You might want to create additional partitions and replicas.
  • Time synchronization: eDirectory requires that all OES servers, both NetWare and Linux, be time synchronized. By default, the OES for NetWare installation synchronizes time automatically with the first server in the tree. However, you might want to synchronize with an external time source using Network Time Protocol (NTP).

For more information on eDirectory tree planning, see the Novell eDirectory 8.7.3 Administration Guide.

For more information on time synchronization with NTP, see the Novell Network Time Protocol Administration Guide for OES.

1.4.3 Rights Required for Installing OES NetWare Servers

The rights required to install a NetWare server vary depending on whether you use the Admin user account created during the Install program or set up separate user accounts as subcontainer administrators.

Rights Required to Install the First Server

To install the first OES NetWare server in an eDirectory tree, the user who installs the server must have the Supervisor right at the [Root] of the eDirectory tree. If you are installing the server into a new tree, the Admin user that is created during the OES NetWare Install program has full rights to the root of the tree. Using the Admin account allows the installer to extend the eDirectory schema for OES NetWare as necessary.

If you are installing the first OES NetWare server into an existing NDS®/eDirectory tree, be sure to run the Novell Deployment Manager first to prepare the tree so it is compatible with the version of eDirectory that comes with OES. This requires access to a server with a Read/Write replica of the Root partition. See Section 1.5, Prepare the Network with Deployment Manager for more information.

Rights Required for Subcontainer Administrators

For security reasons, you might want to create one or more subcontainer administrators with sufficient rights to install additional OES NetWare servers, without granting them full rights to the entire tree. A subcontainer administrator needs the following rights to install an OES NetWare server into the tree:

  • Supervisor right to the container where the server is to be installed
  • Read right to the Security container object for the eDirectory tree
  • Read right to the NDSPKI:Private Key Attribute on the Organizational CA object (which is located in the Security container)
  • Supervisor right to the W0 object (located inside the KAP object in the Security container)

These rights are typically granted by placing all administrative users in a Group or Role, and then assigning the above rights to the Group or Role.

Many of the products that can be selected to install along with OES NetWare require schema extensions of their own. Only an administrator with rights at [Root] can extend the schema of an eDirectory tree; a subcontainer administrator would not have sufficient rights. One way to work around this is to have a root administrator install an OES NetWare server with all products selected. This would take care of extending the schema for every possible server configuration. Subcontainer administrators could then install subsequent OES NetWare servers without having to worry about schema extensions.

Another option is to complete the Schema Update task in Deployment Manager. This task prompts you to select an NDS/eDirectory tree and then gives you the opportunity to select the products you plan to install on servers in that tree. After you have confirmed your product selections, Deployment Manager updates eDirectory with required and product schema extensions.

To synchronize the schema updates on other trees, run the dstrace utility as described in TID 10066604.

By default, the first three servers installed in an eDirectory partition automatically receive a replica of the partition. To install a server into a partition that does not already contain three replica servers, the user must have either the Supervisor right at the [Root] of the tree or administrative rights to the container in which the server holding the partition resides.

Novell recommends that you install the first OES server in a tree as the Admin user with rights to [Root]. Your ability to install the first OES server as a subcontainer admin depends on the existing eDirectory environment. In a NetWare 5 or 6.0 tree, you might need to give the subcontainer admin the Supervisor right to the Security container so that new Novell Modular Authentication Service (NMAS™) functionality can be installed for the first time. All core and product-specific schema extensions must have already been performed.

If existing eDirectory objects need to be modified that are outside the context where the subcontainer admin has rights, you must grant the subcontainer admin the necessary rights to those objects as well.

1.4.4 Gather Server Hardware and IP Address Information

The NetWare installation program can automatically detect many network boards and disk storage devices and load the appropriate drivers. If you have hardware that drivers are not included for in NetWare, you need to know the device properties, such as the interrupt and port address. For more information, contact the server hardware manufacturer.

If you plan to connect your server to the Internet using Internet Protocol (IP), you need the following configuration information:

  • An IP address, subnet mask, and router (gateway) address
  • The IP address of one or more domain name servers
  • The name of your domain

To obtain this information, consult your network administrator or Internet service provider (ISP).