Novell® NetWare® 6 is the delivery vehicle for Net Services, building the foundation for the one Net view of the world (wherever you go, there's your network). File services, long the shining performance star in a NetWare server, now provide more services to non-Novell clients while decreasing management overhead.

NetWare 6 storage offers "ubiquitous client access" as a primary function. What does that mean, exactly? It means any client running any operating system will be able to interact with the Novell Storage System. In other words, any client anywhere can access information stored on a NetWare 6 server (with proper authentication, of course).

NetWare 6 makes a giant leap forward in supporting the one Net vision by accepting any client at any time from anywhere. No one said such support is simple, as evidenced by the fact that no other operating system offers this wide client support. But to make one Net a reality, and stretch your network to wherever you are rather than forcing you to stretch to your network, improvements were needed.

NetWare 6 includes many file service improvements; some are evolutionary, and some are revolutionary. One of the revolutionary aspects, Novell Native File Access Pack (NFAP), is explained in the following pages.

The phrase "standard file protocols" carries a much different meaning than a similar phrase like "standard communication protocols." When speaking of communications, a proprietary communication protocol like Novell's IPX™ (Internetwork Packet eXchange) gives way to a set, committee-endorsed standard like TCP/IP. All participating vendors work from the same specifications, all vendors have their chance to provide input to the developing standard, and customers feel confident each vendor adjusts their products to work with products from all other vendors adhering to the same standard.

File protocols and file access remain a mixture of standards (FTP and HTTP) and proprietary formats accepted as standards (CIFS, AFP, and NFS). FTP (File Transfer Protocol) came from the IETF (Internet Engineering Task Force) early on in the days of TCP/IP standardization. HTTP (Hyper Text Transfer Protocol), developed by Tim Berners-Lee for the World Wide Web, comes under the standards jurisdiction of the W3C (World Wide Web Consortium at www.w3.org).

The other file protocol "standards" earned their reputation as a standard by market penetration rather than committee vote. CIFS (Common Internet File System) comes from Microsoft, building upon SMB (Server Message Block) protocol used in NETbios file sharing. Called a "public" variation of SMB, CIFS has been proposed to the IETF to become an Internet application standard, but Microsoft developed CIFS from the beginning. Linux* systems include SAMBA, an open-source alternative for SMB access that works as a rudimentary CIFS but includes printer sharing, lacking in CIFS.

AFP (Apple Filing Protocol) appeared with the first Macintosh* systems back in 1984. Apple developed this protocol, and other vendors who want to access AFP-based storage must follow Apple's rules. Novell first introduced AFP support in the middle 1980s, and NetWare servers have long been the focal point of Macintosh networks.

NFS (Network File System) can be called a true distributed file system, and came from "the network is the computer" people at Sun. Technically a client/server application, NFS allows remote clients to "mount" a local file system at designated mount points. To the remote client, the mounted file system looks exactly like a subdirectory branch structure of the local file system. Sun released the specifications for NFS to allow other vendors to get involved, but they remain in control.

What do all these file protocols, but official and de facto standards, have to do with NetWare? Plenty, because NetWare supports them all. Novell File Services has included AFP support for over a decade, and NFS support for nearly a decade. TCP/IP support came back with NetWare 386, as did FTP. HTTP support appeared in NetWare in the early 1990s, during the birth of the Web. CIFS support is more recent only because CIFS itself hasn't been around as long.

NetWare Server Now Universal File System Host

Make no mistake—Novell File Services, both the traditional version for the last two decades and the newer Novell Storage Services™, are proprietary file systems developed by Novell engineers. They are not standards, but they integrate and support standard file protocols better than any other file system available.

Novell applies the "standards" part of the file system to the other side—the client. Any client operating system, whether Windows*, Macintosh, UNIX*, or Linux, is now supported by the NetWare file server with NetWare 6.

Most importantly, this wide range of clients need NOT run any type of Novell client software. Many advantages come from using the Novell client, of course, such as full NDS® integration and better performance. However, NetWare 6 servers will be a "universal file system host" and accept any client from any operating system.

We'll get to the details of the Novell Native File Access Packs in a bit, but first let's cover the underpinnings and technology that makes the universal file system host possible. NetWare 6 includes multiple advantages in the way file protocols are handled, up to and including full multi-processor support for the TCP/IP stack.

Early on, the bottleneck in server performance was the CPU. Those days are long past, thanks to innovations by Intel and competitors pushing processor performance so far Apple could advertise one of their systems as a "supercomputer" on a desktop without getting laughed out of the room (OK, snickers, but not laughter).

As CPU horsepower ramped up, the performance bottleneck moved to the disk channel. Improvements in hard disk access speeds, pushed by intelligent, CPU-enabled controllers, now means more data zooms off faster-spinning disks than ever before.

For most network servers today, the bottleneck has moved to the protocol layer. Packet handling doesn't take huge amounts of server horsepower, but often gets delayed by other server operations. While everything in a server can be called time-critical, packets flowing into and out of a central server impact many users. Speeding up these transactions became a serious concert to Novell engineers. Improvements had to be made on the server side, since Novell's default communication protocol now is TCP/IP, rather than IPX, so Novell engineers couldn't change the protocol for better NetWare performance.

How serious is Novell about TCP/IP performance? Not only is TCP/IP a core function woven into the kernel of NetWare, TCP/IP is now multi-processor enabled. In fact, TCP/IP packets are given the highest-priority threads.

For our purposes, let's call the three levels of threads within the NetWare kernel:

Run to completion (task will not relinquish processor control)

Normal (task will probably relinquish processor control)

Generic (task will relinquish processor control)

NetWare 6 tags all TCP/IP packets with the "run to completion" flag so they do not relinquish control of their assigned CPU until they finish processing. Since individual packets zoom by pretty quickly, this isn't a problem. But it also means TCP/IP packets get handled before other processor tasks in a NetWare server.

Besides TCP/IP, these other protocol stack components are MP-enabled:

HTTP
WebDAV (Web-based Distributed Authoring and Versioning)
NetWare News Server
NetWare Core Protocol™ (of course)
LDAP (Lightweight Directory Access Protocol)
SLP2 (Service Locator Protocol)
Gigabit Ethernet, 100 Megabit Ethernet, 10 Megabit Ethernet
Token Ring 16

Multi-processing enhancements have their own section; the list above just illustrates the lengths Novell engineers have gone to for improved file service of all kinds, not just TCP/IP.

One neat trick added to TCP/IP that really improves the Clustering Services software. With NetWare 5.1, multiple NICs (Network Interface Cards) each had to have their own gateway IP address configured. If one NIC or network link went down, the users on other NICs couldn't use the gateway that matched the missing NIC. NetWare 6 allows multiple NICs to share the same gateway IP address. If one NIC or network link goes down with NetWare 6, all users still have access to their configured gateway. A small detail, perhaps, until you need it for your network. Then you'll want to send a Thank You card to the appropriate Novell engineers.

HTTP became a core protocol with NetWare 5.1, improving performance and reliability. Adding TCP/IP as a core protocol, and adding SMP (symmetrical multi-processing) support makes HTTP even more efficient, since HTTP rides on TCP/IP layers.

Don't assume HTTP only supports Web browsers anymore, because many new devices take advantage of HTTP being available on almost every server today. All those network appliances you read about that may or may not succeed
in the market will use HTTP. Every new device with a management interface will support HTTP. Strong HTTP performance improves network performance in ways you might not imagine, so be glad NetWare 6 treats HTTP as one of the most critical protocols in networking.

There were two goals for early Internet developers: file transfer and remote login. FTP became the realization of that first goal, and has been a critical Internet component for over 30 years.

Primitive though FTP may be in Internet years, it remains the easiest way to exchange files between two networked systems, regardless of their operating systems. There are only a few commands, and the main ones are:

PUT—Put a file on a remote system
MPUT—Put multiple files on a remote system
GET—Get a file from a remote system
MGET—Get multiple files from a remote system

Other standard FTP commands, such as pwd (Print Working Directory), cd (Change Directory), and ls (LiSt) are also supported by the NetWare FTP.NLM program. Anonymous FTP, where the client doesn't need specific authentication to access publicly available files, restrict the use of commands like DELETE and RENAME for obvious reasons. FTP authentication is rarely necessary any more, since many downloadable files on Web servers use FTP and therefore service clients from any where. If you look carefully, you can sometimes see the "http://" at the beginning of a URL change to "ftp://" for the file download process.

Does Novell support standard FTP commands as specified in RFC 959 (Request For Comment, the IETF method of describing standards)? Absolutely. NetWare servers have doubled as FTP servers since TCP/IP first appeared in NetWare 386. Earlier versions used special filtering software to translate FTP commands on a NetWare server to NCP™ (NetWare Core Protocol) commands to PUT and GET files from attached NetWare servers that did not have FTP or even TCP/IP loaded. Clever hack, but little use today, since almost all NetWare servers now have TCP/IP running as their primary, or at least secondary, protocol.

Following the FTP philosophy, any client system or other server can connect with a NetWare server running the FTP.NLM and use standard FTP commands back and forth. Many Webmasters use FTP to upload large groups of files to and from Web servers (MPUT), so FTP remains an important protocol and file transfer function to support.

If a non-Novell client or server wants files from a NetWare server, FTP works perfectly well without adding any type of Novell client software on the remote client or server. Some configuration will be necessary to place publicly accessible files in a directory known to the FTP.NLM utility, but that requires little effort. Using FTP, a NetWare server can become an involved member of a file transfer network regardless of the other operating systems in use.

The dream of making your NetWare server a "universal file system host" now becomes a reality. Novell Native File Access Packs, developed for and included with NetWare 6 but available for NetWare 5.1, allow your NetWare server to support clients that do NOT run any Novell client software at all.

Just like the NAS (Network Attached Storage) devices discussed in the Storage Services section, a NetWare server running a NFAP (Native File Access Pack) accepts all client access within a fairly loose security structure. This means a broad range of clients can natively access (using their native access protocols, not Novell's) NetWare storage right out of the box. Any client can get access to files stored on a NetWare server from anywhere, within certain limitations.

NFAP products offers these fundamental NetWare 6 advantages:

Mature protocol stacks
High performance file systems (Traditional and NSS)
NMAS™ (Novell Modular Authentication Services) authentication
File access managed by eDirectory™, even without the Novell client software

NFAP allows clients to use NetWare services, but these clients must still be configured inside NDS eDirectory. These clients may not have Novell client software, but they still require NDS configuration for authentication and access controls.

No Need for Novell client Software

Traditionally, Novell client software must be involved in the connection between the client and a NetWare server. Security and authentication issues demanded that linking clients to servers be a client/server application. Intelligence at both ends of the connection worked together to verify the client was who they claimed to be, and that file controls would be followed when using shared server files.

Advances in security utilities and a convergence on TCP/IP make NFAP possible. Since all client operating systems supported (Windows, Macintosh, UNIX, and Linux) understand file access requests from the server, the server can manage the access process without special client software on the far end of the wire. Using NDS for each of these operating systems makes life and file security easier and more manageable, but that's not necessary.

Since the NetWare server must coordinate with other operating systems at the client side for NFAP, some NetWare advantages are lost. Don't expect NFAP to end the need for Novell clients in every situation because a network configured that way will not be the type of network you want to manage.

Any Operating System Client Can Share NetWare 6 Disk Resources

Make no mistake about this new NetWare 6 feature: any client operating system can use NetWare disk resources without running any type of NetWare software. Some people don't understand what a big deal this is, especially NetWare competitors who try to ignore this new feature and hope their users don't find out.

Before NetWare 6, companies with SAN (Storage Area Network) systems had to jump through configuration hoops to support multiple operating system storage. No company with a SAN has just one operating system client in their building; no matter how heterogeneous a company believes they are, the truth upon inventory always finds at least three operating system.

Most SANs have trouble supporting more than one operating system per volume or partition (depending on the vendor's nomenclature). If a company supports Windows, Macintosh, and Linux operating systems, their SAN must have three partitions. No common file area for all three client operating systems exist with most SANs today.

NetWare 6 SAN software, especially when used with Novell Cluster Services™, adds a new dimension to client support. Since Novell's SAN is powered by NSS (Novell Storage System), all the advantages of NetWare file system support are available with NetWare SAN software and cluster services. All supported client operating systems can use all disk volumes and partitions, and even share files among the different operating systems (assuming the file formats are supported by each operating system).

Have WinNT clients? They get access. Win2000 clients? They get access. Macintosh clients, from MacOS 8.1 through OS X? They get access. UNIX and Linux clients? They get access. All client operating systems can use NetWare SAN resources (or regular old server disks sitting inside the server) concurrently. NetWare SAN software makes the disk sharing possible, and Novell Cluster Services guarantees the SAN system remains up and available at all times.

Use Novell client for Stronger Security and Manageability

Do you want users to have the easy method for mapping drives and capturing printers offered by the big red N on the taskbar for Windows clients? Again, you need the Novell client software.

Novell's client software more than matches the level of security and utility found in Windows, Macintosh, UNIX, or Linux networking; it far exceeds all those examples. Novell client software offers great benefits, in ways that appeal to user and to managers. Doing away with Novell client software offers advantages, but your network suffers some disadvantages as well.

Lost NetWare File Attributes

Take a look at the list of NetWare file attributes, then compare those to the file attributes in Windows, Macintosh, UNIX, or Linux networks. Who has more control over files? NetWare, by a large margin. You will lose that control if you don't have Novell client software in the loop.

Of course, not all applications require the control and granularity offered by NetWare. Many informational files will be adequately protected just by setting the Read Only attribute, a flag supported by all the operating systems. Do you put sample boilerplate contracts or other documents in a public area? Since they are used by clients who download them, change them, and save them under different names, a lower level of file control can be accepted.

Just be aware that CIFS files will not show compression flags or ownership, to name two useful NetWare file flags. Every convenience comes at a cost, including NFAP.

NDS Works Everywhere, If You Wish

NDS for Windows NT*/2000 and NDS for UNIX/Linux operating systems turn many jerry-built networks from management chaos to management efficiency. When using NFAP with NDS on the client systems, security improves and management gets easier.

Even if clients don't have Novell client software, they still need passwords. Using NDS for each involved operating system enables managers to assign one password for NT/2000 and NetWare, or UNIX/Linux and NetWare. Even better for many networks, NetWare servers no longer need their bindery context settings for the remote NDS servers to use.

Yet some companies prefer to use native user management tools rather than NDS eDirectory on their non-NetWare operating system. NFAP works fine with that, although eDirectory can obviously no longer change passwords on remote systems.

Without NDS across all operating systems supporting clients attaching to NetWare servers running NFAP, extra authentication steps are necessary. These steps aren't complicated and will not delay users too long, but do add complexity.

NMAS (Novell Modular Authentication Services) intercepts passwords from non NetWare operating systems attempting to authenticate to NFAP-enabled servers. Acting as a proxy, NMAS presents the passwords to NDS. Once authenticated, the clients have access rights according to their authority inside NDS. Windows, Macintosh, and UNIX/Linux clients no longer need Novell client software, but they still remain under NDS control.

CIFS comes from Microsoft's mediocre MS-NET networking technology using SMB (Server Message Block) from back in the DOS days. SMB technology still powers Windows 95/98 peer-to-peer networking, and the security level, poor early on, deserves a failing mark today.

Trying to update SMB to something more open and reliable, Microsoft sent CIFS to the standards committees. The good news about CIFS over SMB comes from the protocol support: TCP/IP rather than NetBIOS. If nothing else, be thankful that Microsoft finally purged NetBIOS from (most of) their systems, eliminating the need to try and manage a weak, local, insecure communication pseudo-protocol.

When you notice a Linux server includes a SAMBA server, that's an open-systems solution to emulate a Windows server. Handy, but insecure. Novell File Access Protocols for CIFS goes far beyond the standard SAMBA emulation server software.

Windows Networking Changes

Microsoft renamed SMB to CIFS when they extended the protocol for OS/2, but few people noticed. A number of other implementations, such as Linux, were also released, but the open systems world seems stuck on SAMBA for the time being.

CIFS works as follows:

Client A accesses a file on the server, causing the server to lock the file.
Client B requests access to the same file on the sever.
The server sends a Lock Break Request to Client A, causing Client A to empty its buffer.
Client B is then allowed to open the file.

The file lock/unlock dance continues as long as it takes to ensure both clients have the same information. Not anywhere near as tight at NetWare, but at least there's an effort to maintain file integrity.

Good news about NFAP for CIFS:

Runs over TCP/IP for a single-protocol solution
Uses DNS for scalability
Uses the SMB protocol for easy interoperability
Allows all applications, not just Web browsers, to open and share files across the Internet
Requires authentication, adding better security to a process sorely lacking in control

Sometimes one must step backwards to go forwards, and we have that situation here. With NFAP for CIFS, a NetWare server appears as a Windows server. It even appears when a user clicks the Network Neighborhood or My Network Places icon on their desktop.

Does a NetWare server improve by looking like a Windows server? No, but it will make your life easier in some situations.

Novell NetWare started supporting Apple* Macintosh clients back in the late 1980s, so current Macintosh support shouldn't surprise anyone. The years have given NetWare engineers time to move from mere AFP support in earlier years to a full embrace of Apple file services over TCP/IP rather than the old AppleTalk file protocol. Since Apple themselves are phasing out AppleTalk in favor of TCP/IP, Novell storage systems will follow the same path.

AFP 3.0, the latest file services protocol from Apple, relies on TCP/IP while providing better reliability and performance. Following Apple's lead, NetWare 6 uses TCP/IP to support AFP 3.0 as well.

The proprietary AppleTalk communications protocol runs over LocalTalk* (rarer by the day, luckily), TokenTalk* (almost completely gone) and EtherTalk* (Ethernet with an Apple label). Industry standards such as DNS (Domain Name Service) and SLP (Service Locator Protocol)
are also supported.

Apple loses no battles in the smugness war. If you want to communicate with an AppleShare* server, you must translate your protocols into the AFP language.

Luckily, that's exactly what NFAP for AFP does—it turns a NetWare 6 (or NetWare 5.1 server with the optional NFAP) into an emulation of an AppleShare server. This means no changes to the Macintosh client whatsoever.

Requirements:

MacOS version 8.1 or later (including OS X) on the client (new Macintosh systems can connect right out of the box)
TCP/IP enabled on the Macintosh
Access to the Chooser or Network Browser
Security from Apple's native authentication protocols, NMAS, and NDS eDirectory

Apple Filing Protocol's roots remain in the early AppleTalk days of peer-to-peer, everyone shares everyone's hard disk days. Not secure, not fast. With NFAP for AFP, you gain security through NDS eDirectory, and you gain at least 30 percent faster file service (thanks to TCP/IP) through NetWare emulating an AppleShare server than earlier AFP/NetWare software. Two good reasons to once again use NetWare as your central AppleShare server.

Developed by Sun, NFS became a standard by wide use and later through IEEE committee recommendation. Layered above TCP/IP, NFS clients connect to file systems offered by NFS servers, gaining file read and write access regardless of operating system on either end.

NFS clients use the RPC (Remote Procedure Call) method of communication between computers. After connecting client to server, NFS makes the remote file system appear to be local to the client. Most UNIX and Linux systems are both NFS clients and servers.

A complete NFS implementation includes:

NFS Server
NFS client (most systems run both server and client software)
NFS protocol

Version 2 was the first public release of NFS, and Version 3 now ships as the default. NFAP for NFS supports both, as many companies still have a mixture of systems and versions.

NFS, the first common distributed file system, blurs the distinction of local/remote files. When an NFS client mounts a remote NFS server, the files appear local, fitting into the local system's directory tree structure. The NFS protocol (RPC) sends instructions to manipulate those remote files and receive either successful results or an error code.

All NFS security and authentication information gets transferred with each file operation request. Why? Because hard-linking a bunch of file systems together guarantees constant file service trouble when file allocation tables and file journaling get garbled because of network link problems. Remote mounts are "soft" mounts so as not to cause the remote system any distress when the local system drops out or has file system problems on their end.

Because of the hands-off nature of NFS, NetWare 6 fits beautifully into the mix. Need more Solaris drive space, but don't want to pay the high, name-brand prices? Through NFAP for NFS, link to a NetWare 6 server using lower-cost PC server disks. You not only save money, you improve manageability (NDS eDirectory) and performance (NSS 3.0) at the same time.

There are many values to a centralized network server, and the one detailed in this White Paper has been easy access for all types of clients. While "easy access" may appear to be a no-brainer, only an idiot would allow access without authentication and file security, making NDS eDirectory a critical part of this solution. NetWare 6 includes many ways to help make you a smarter, more effective network manager, and Novell Native File Access Packs are excellent examples of better networking through NetWare.

Every system requires a certain amount of management effort. With NFAP, Novell shifts the work that used to be required on the client side (special client software) back to the server. The strong infrastructure of NetWare authentication and security tools, primarily NDS eDirectory and Novell Modular Authentication Services, makes this possible.

Clients will never know you have gone to a little extra work to support them. All they know, and all they should know, is that many NetWare services appear as available resources the minute they first turn on their computer. NetWare extends an open invitation to every client while eliminating the need for special client software. Every network client is now a Novell client.

If you want to add some NAS info:

While most NAS devices remain rather limited and require extra management overhead, one new entrant into the market provides excellent performance and includes full NDS support: the Novell NetDevice™ NAS. A software-only product, Novell NetDevice NAS turns a server-capable computer into an NDS controlled NAS solution. Novell tools, such as ZENworks® for Servers, provide outstanding and proven management utilities. Powered by NSS, the Novell NetDevice NAS can handle up to 8TB of storage capacity. When extra storage space needs outpace the need for more servers, leverage your NetWare experience with the Novell NetDevice NAS.

© 2001 Novell, Inc. All rights reserved. Novell, NetWare, NDS and ZENworks are registered trademarks, and eDirectory, IPX, NCP, NetDevice, NetWare Core Protocol, NMAS, Novell Cluster Services and Novell Storage Services are trademarks of Novell, Inc. in the United States and other countries.

*All other third-party trademarks are the property of their respective owners.