Cool Solutions

GroupWise Dependency on eDirectory

Dean Lythgoe

By:

February 6, 2008 5:03 pm

Reads: 9688

Comments:53

Score:0

There continues to be a lot of questions around GroupWise’s support for things like NetWare, eDirectory and ConsoleOne. I would like to clarify what is happening with all of these technologies, how they will be supported in Bonsai and what to expect in future releases.

GroupWise and NetWare. Many GroupWise customers continue to run their POA, MTA, GWIA and WebAccess on NetWare. Bonsai will continue to support the NetWare server platform for these agents. However, more and more of our customers are understanding and following the overall Novell strategy to move to Linux. Open Enterprise Server 2 (OES) shipped last fall and is one of the best server platforms available in the market today. Robust, secure, scalable – all the usual buzzwords :) We will continue to encourage our customers to move to Linux through the OES and SLES offerings. Linux is the future and it is increasingly important that the GroupWise community and customers embrace this platform by making plans to move off of NetWare and on to OES. Future versions of GroupWise will discontinue support for NetWare versions that are in the ‘end of life’ phase of the product life cycle. Bonsai will support NetWare 6.5.x. We have as one of our reference platforms, NetWare 6.5 with the latest support pack.

GroupWise and eDirectory. GroupWise continues to have a dependency on eDirectory. Bonsai will continue to require and leverage this robust directory service. However, our road map does include allowing customers to substitute other directories in addition to eDirectory. We envision a version of GroupWise that will allow customers to have a very tight experience if they choose to run GroupWise with eDirectory. However, if the customer chooses, we plan to provide a LDAP connector that will essentially allow any LDAP-enabled directory to be the underlying directory. Better with eDirectory, but available with other directories will be our goal.

GroupWise and ConsoleOne. Bonsai will still have a dependency on ConsoleOne and ConsoleOne will be the administration tool for the Bonsai product. Looking forward – this is a real debate! One that has been discussed in the comments of the ‘What’s New in Bonsai’ blog a few months ago. Check it out if you want to see some great back and forth and some very valid insights, concerns and suggestions. The only sure thing that will happen with our administration story is that we will be moving away from ConsoleOne. ConsoleOne will be entering an ‘end of life’ phase as a product and GroupWise must move to another strategy. iManager has been a consideration, but not a final decision. However, we have been actively working on a platform for administration and there are some definite objectives. We plan to provide a SOAP enabled administration interface. It may also have Java and C++ bindings. We are leaning towards a rich web interface for administration. Current plans have this targeted for the Monterrey release – (the release after Bonsai).

I hope this discussion provides some insight into where engineering is at and what we are planning. Looking forward to your comments and suggestions on each of these topics.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

53 Comments

  1. By:Paul

    Dean,

    Great insight on the GW path and I’m sure others will concur that you should follow what the product managers/developers did with ZENworks. They, as you know, successfully ported to a Web management UI and went down the same rout of disconnecting it from the directory (as you mentioned). As a customer of both products I would venture to guess that there is some collaboration between product groups and potentially sharing the same vision/technology??

    Your thoughts?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  2. By:Flyingguy

    Hey Dean, fabulous post.

    We can all tell that you guys listened to us and actually cared about what we said.

    You know what, SCREW the whole directory concept. What is the point of using an inferior Directory at all, it will just take functionality away, not add to it. Just make GroupWise self contained and get it over with, it is the best collaboration tool out there, contrary to what the Teaming kiddies think.

    I don’t care what platform it runs on as long the following is true:

    1. I can look at the *current* agent screens anytime I want to see them, they provide INSTANT real time information that can often turn troubleshooting into a 5 minute process instead of a 5 hour process, using some web 2.0 mashup of 8 different technologies like tomcat/apache/Java and SOAP JUST to see that I have a hung send thread is just dumb.

    2. Stability, Stability, Stability! A mal-formed message MUST NOT crash the GWIA, this has to stop, it simply must.

    3. None of the agents can be combined, EVER. They were designed as independent programs for a reason.

    4. Access to the Message store for manipulation of the data MUST be provided at a low level and CLEAN interface. It must be *completely* documented. No more calls like CreateMsg2() or Createmessage3(). CreateMsg() should be one call and the API gets to figure out which version, patch level, whatever is on the server.

    5. Since there is no way that I have found yet to make a linux box reset a socket connection, ANY agent that runs a thread that connects to a socket port *MUST* be able to kill that thread without brining down the house. TCPCON allows me to reset a socket that will often free the thread when it will otherwise not let go and makes a server re-boot a requirement, this too must also simply stop.

    If you are going to force us to use some god awful mashup of Tomcat / Apache / Javascript / Java / Soap and god alone knows whatever other technology on roller skates or rails as the case may be, then make it isolated from the rest of the crud and make it ROCK solid. I have said it before and I will keep repeating it until someone in Utah FINALLY gets the point, Tomcat/ Apache / Java and all that other cruft are fragile. They break with the least provocation and troubleshooting those things is a complete and total nightmare. Just ask ANYONE who has ever been presented with “ApplicationMainHallway() returned a null pointer or some other completely USELESS error message that was nested 10 levels deep in some java API call and tried to fix it.

    I know I sound harsh and ungrateful, but you know what you guys NEED harsh because you still don’t get it. I keep hearing Linux is the panacea. Well its not, and the sooner you get that foremost in your collective consciousness the sooner you will start seeing that NetWare has TONS going for it where Linux just flat out lacks. Linux is going to be the platform of the future yes, but its not NOW the platform of the future unless it really steps up, gains some functionality, and does something beside have a pretty GUI. If I wanted a broken platform with a pretty GUI I would just use Windows.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  3. By:dstjames

    I dont mind bonsai being dependant on C1 but I think if you are going to make C1 a requirement then C1 needs to run natively on vista. Its nice that Monterrey will hopefully remove the dependancy on C1 but I assume thats a long way off and more and more people are going to be moving to vista.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  4. By:Eric

    Regarding Consoleone:
    What is the end-of-general support date going to be for Bonsai? Then, what is the end-of-mainstream-support date going to be for Windows XP? Hmmm, Houston, methinks we have a problem.. Why? Bonsai presumably will be supported beyond the Windows XP end-of-mainstream-support date). So, we need to be able to run Consoleone on Windows Vista.

    Beyond that, as long as ConsoleOne is needed, it needs to be maintained. Meaning, no hesitation from Novell regarding long-standing ConsoleOne bugs that still need to be fixed. Seriously, how can you end-of-life a product that is required to admin another product that is still under general support? That’s just crazy!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  5. By:M. Duran

    Wow, what a great discussion in “What’s new in Bonsai”

    Never knew so many people were sharing my thoughts about NWadmin it’s the fastest management tool around.
    I also dislike iManager and ConsoleOne. iManager because you have to take so many steps. To do the same things in ConsoleOne you need 1 or 2 clicks. Why not create a webbased ConsoleOne, with rightclicks, drag and drops and all things ConsoleOne and NWadmin had. With the same look and feel of ConsoleOne or NWadmin. Except the speed of C1 of course ;-)

    Love the idea of C++ bindings.

    Some things for monterrey maybe bonsai sp1

    I hear a lot of people complain about the addressbook. They say: It’s too difficult to create a list/group with external addresses.
    I also see more and more people using webaccess instead of the installed client (including myself) Maybe it’s an idea to extend the usability of Webaccess. More Ajax…

    Keep up the good work.

    By the way: Moving to OES2 with Groupwise next week.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  6. By:Roger

    Moving quickly on from the ConsoleOne v iManager subject can you please at least look at not creating yet another closed single application console – of which Novell seems to be generating a lot nowadays.

    You have stated that you plan/hope to create a published admin interface (via SOAP) which will be a major improved from the current private DLLs used under ConsoleOne. This API should mean that whatever GUI environment you choose there should be no reason to keep the admin tool closed source and I could list out a number of very good reasons why having the admin tool open source would be a good idea. These would include some chance of third party bug fixing, third party extending and good example code for the use of the API.

    As for the console framework have you considered writing your GUI as JRS168 portlets? If you were to focussed on writing portlets for the liferay environment they would also be available to users of the T&C environment (which is JSR168/liferay based). It maybe that you end up with just a single panel portlet which handles all the GW admin, but at least it can be intergrated into the portal server.

    Roger

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  7. By:Tim Baum

    As for the admin interface, I do think you need some basic integration with imanager. that way when you create a new user you have the option to at least also create the mailbox. That way “role based” administration for helpdesk can be a reality. Now, for viewing things like POA, MTA and GWIA config, sure…just give me a button that launches the web gui in a new page.

    Now I can’t let Flyingguy just bash linux as not being ready. Since GW was supported on SLES 10 thats all we have been doing and have found it to be far more stable, faster and robust than on NW. I have never and I mean never unloaded an agent on a linux box and have it hang the whole server. This was a daily occurance for NW. Now granted the gwia tends to stop more often but the gwha takes care of that very well. So from a service provider i would say that linux is the platform NOW. In fact, most of my customers no longer even deploy cluster services because it just doesn’t “hang”, “freeze” or abend like NW.

    just my .02

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  8. By:Flyingguy

    GW will never be open sourced if Novell has any sense at all. The private DLL’s used by C1 are simply for display/edit purposes.

    The problem with publishing something like that are the rules that go along with being able to edit the administrative and configuration data contained in the GW system. You have to look at this from a data integrity POV. If Novell were to simply publish the interface for ADMINISTERING the GW system there is no way they could ensure that all the data rules were followed, ie: You cant change element X to value Y if element Z is value A. The rules for that are complex and cannot be broken, or you break the whole GW system. From a support and operational POV this would be insanely stupid.

    What they CAN and SHOULD do is to publish API’s that provide the ability of the current Object API and Administrative API and document them *completely* using well known interfaces such as C, C++ and Java for all supported platforms, each one must be identical as well, so that anything built can move seamlessly from pltform to platform. There are so many cross compiling tools these days, from QT from Trolitech, FPC & the Lazarus Project, KDE-Developer and the list goes on and on.

    My personal opinion about SOAP is that is immensely bloated and puts you in a position of having to push around Kilobytes of description text to change very little data. XML is an answer to the question that nobody asked. Its adoption was spurred by laziness. Everyone says, ohhh its great their and there are some many great open source parsers for it. Hogwash, almost to a package XML parsers are fragile slow memory hogs for doing anything but the simplest of parsing. When you start pushing around LARGE data sets, XML simply falls apart because you have to maintain a constant contextual based stack while parsing out millions of bits of cruft just to finally get to the data. XML is fit to *describe* a data set, but as to the actual transport of data, it just plain sucks. It is a bastardized markup language that has no place in big time data transport.

    This example proves it. Since this blog software will bark if you put greater or lessthan signs in it I have replaced those with the pipe symbol.

    |UniqueID|
    |type|
    |string|
    |type|
    |utf8|
    |/type|
    |maxlength|
    |type|
    |integer|
    |value|
    |50|
    |/value|
    |/type|
    |/maxlength|
    |value|
    |fredsmith|
    |/value|
    |/type|
    |/UniqueID|

    So there it is, 143 bytes of data passed to communicate 10 bytes of data, and not only that this entire wrapper MUST be sent for every data element you intend to move! For just something as simple as a unique ID you have at minimum over 10X of overhead! It does not take long to see that as the dataset gets larger that the bloat becomes exponential.

    XML is the sorriest excuse for a protocol that I have seen in my almost 30 years of software engineering, and I have seen some sorry ones in my time, even the EDI spec is better then XML.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  9. By:Flyingguy

    Because to create equivalent functionality in AJAX requires far to much overhead and is far to browser dependent. Imagine if you will a browser change that breaks it, then what? It is technically feasible and very desirable to write a very small x-platform equivalent to NWAdmn32 to accomplish all of this, but the powers that be at Novell are all so utterly and quite inexplicably firmly Anti-Binary it is beyond belief. I don’t see YAST or YAST2 being implemented in a browser, why? Because to do so ensures that your configuration and control of your system is completely dependent on having a functioning Apache/Tomcat/JVM stack, and of course those NEVER ever break, now do they.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  10. By:Kevin Davis

    I have to agree with FlyingGuy when it comes to GW’s dependency on the directory. The ZEN folks quickly and correctly saw that eDir was keeping them out of the fortune 500 companies and REMOVED THE DEPENDENCY. Brilliant. GW should follow suite and it is somewhat concerning to me that plans aren’t more solid to do just that. The market (at least in education) seems to be beginning to favor swifter, lighter-on-their-feet, yet highly capable collaboration solutions (i.e. Zimbra and Scalix). Among other things, these products offer the advantage of being free from a dependency on either Active Directory or eDirectory. Let’s declare the UNI-directory model dead, bow our heads in silence for a few moments, and move on.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  11. By:Ken McLeod

    Thank God I’m not alone. :-)

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  12. Personnaly, the whole thing with ConsoleOne/iManager and/or eDirectory is when promoting new install of Groupwise. For long term Novell shop, who already have Netware, eDir or any Novell products, it’s easy to sell Groupwise Installation.. When you enter a market where you have MS shops, or any small biz, it’s complicated to sell servers to run all the things to run groupwise (novell client on the workstation, + C1) then you need edir, sync that with their directory, then install agents to run 1 dom, 1po, 1gwia, 1webaccces, and while we are here, then setup a secondary domain for gwia…
    ouf… lots of thing to setup a small biz email setup…
    personnaly, I think Novell should have done with GW8 what they’ve done with ZCM10.
    With ZCM10, i can make a reallife demo to a customer, with their existing environnement in 20 minutes.

    Marc

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  13. By:Flyingguy

    Hey Tim,

    You have to define more robust, stable, etc. I have NW 6.5 / GW 6.5 systems that mark uptime in years. What I alluded to was most the GWIA and send threads. You are trying to shut it down, and it just sits there and you soon discover there is 1 send thread running. Just spinning out there in space. This is not a fault of NetWare, its a GWIA fault. Light up TCPCON find its socket, hit reset, the thread unrolls because the socket went away and it shuts down in an orderly fashion.

    The problem is you cannot do that with Linux, You can probably Kill() the process cleaner but you cannot reset the socket, but killing the process has its own problems as it simply dumps it from memory which can have side effects ( files left open, truncated, who know what else ) that could be harmful.

    NW was designed so that each running NLM has a display space, and it is trivial to see each NLM’s screen showing what it is doing, in detail, in real time. Unless you use the ALT-F? to do that in Linux and create a new session for each agent I simply dont see how you can accomplish that in Linux. Now I have yet to run GW on a Linux box, so perhaps you can enlighten me as to how to accomplish that?

    I use Linux to run Oracle, I use it to host web pages connected to MySQL, I use it for a lot of things, and almost all of these things aer what I term “Headless”, as in you really have no idea what is going on at any given moment. Oracle has its web interface, and it is slow and clunky, like pretty much any web interface, MySQL doesn’t even have that and neither does Apache. If something IS going wrong, you don’t really know it until its to late.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  14. If GW were to implement something similar to ZCM, the perhaps the idea of specifying that a mailbox must be created could be eliminated from the iManager process altogether. The GW interface could allow you to implement business rules regarding mailboxes and one business rule could specify what should be done if a new user is created.

    For example:
    If a new user is created in container X, then add user to group Y and create a mailbox for the user in post office Z.

    A simple rule system like this in GroupWise would automate things massively, simplify administration in the long term and eliminate a lot of simple administration human error.

    Can you imagine being able to implement rules like this:
    1) If a user is moved from container X to container Y, move the user’s mailbox from post office X to post office Y. Initiate the move on the first Saturday after the user object has moved. Notify the service desk of the change.
    2) If a user has not used its mailbox in 365 days, move the mailbox to the ‘archive’ post office. Notify the service desk of the change.
    3) If a user mailbox has been in the ‘archive’ post office for 30 days, archive the mailbox and remove it from the GroupWise system. Notify the service desk of the change.

    I think it would be fantastic to be able to do things like this within GroupWise, without having to use IDM.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  15. I must agree – I really think that GroupWise would benefit from being independant of a DS, but being able to use any LDAP DS for authentication, groups and the structure for inheritence. It would be good if the GroupWise UI could implement it’s own form of dynamic groups too.

    The management UI, in my opinion, should be focused on only managing GroupWise and should be focused on GroupWise tasks. The idea of a GroupWise administrator having to know and understand eDirectory really irks me. Any messaging system has enough complexity to learn, understand and troubleshoot – I really don’t see why a GroupWise administrator should also have to learn these complexities for eDirectory just to keep the GroupWise system running.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  16. Some mechanism for getting instant feedback would be useful, however I certainly would not like to see a return to the same paradigm as a NetWare server for everything.

    I’d prefer to see that perhaps there’s a specific tool that can be run, much like ndstrace, on demand to see the specific activity for the agent. The tool should be loaded when the administrator is seeking the instant feedback and unloaded once the administrator is done. This would keep things efficient, provide the instant feedback that’s sometimes required and not require unloading/reloading of agents.

    An alternative would be to provide some kind of command-line tool, or perhaps an SNMP interface, which provides all the information typically needed for troubleshooting and determining health. The SNMP side of things may have already been done, in which case perhaps someone should do an AppNote on how to implement and use it to replace what was typically looked for in a console screen!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  17. It would be rather nice to see listserv functionality in GroupWise. This was always part of Netmail and in my experience was one of the key reasons people started using Netmail alongside GroupWise. To add this functionality into GroupWise would open up a world of possibilities for cross-organisation co-ordination, marketing and other forms of communications.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  18. By:Eric

    In the immediate meantime, why not give free entitlement to Identity Manager for Groupwise customers that want to manage everything from AD or another directory? I just don’t understand what the hesitation from Novell would be, especially if the future direction is to untie Groupwise from eDir.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  19. By:Kevin Davis

    Exactly. Too many dependencies.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  20. By:Paul

    It’s time for GroupWise to grow up and leave WordPerfect behind! Redesign, streamline…think ZCM…think about how your customers have to deal with staff wanting Outlook and how much defense plays into that. The client UI needs to be as similar to Outlook but the functionality, features and security need to be sustained!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  21. Fully agree with this. In a simple cutomer environment I jsut want to create a new user and a mailbox should be created automaticly. Especially now with OE2 where iManager has become the default mgmt console. I customer has to start C1 just to create a mailbox.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  22. By:Mike

    AMEN TO THIS!!! We rely heavily on listservs for our organization. We’ve gone from using iMail, to atmail, and looking to switch to GNU Mailman by this summer. It kills me that GroupWise doesn’t have this functionality built-in, and makes creating user accounts much more tedious than what it needs to be. Yes, I know I could use distribution lists, but almost all of our listservs have external customers on them as well.

    There has to be an easy way to add this capability to distribution lists… just like a simple text box that I can dump any email address I want into (one per line), save, and voila! And make the distribution lists addressable from the outside so anyone can send to the distribution list (while providing proper access controls, of course). How many sacrificed interns will this cost me, Dean?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  23. By:Ian

    Bill, when is Novell going to wise up and hire you on? ;)

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  24. By:K. Davis

    I find myself facing two harsh realities: 1) NSS on Linux is slow, and 2) Novell is slow to fully support Vista (for example, the lack of multi-profile support in ZCM). Consequently, I may be forced to migrate my file servers to Windows just so that I can CONTINUE to provide A) a reasonably fast file server, and B) support for more than one user on a workstation. If that happens, eDir will be phased out. ZCM will still have a chance, provided they can get up to speed on Vista, but GroupWise is going to become a big heavy dinosaur overnight. I suspect I’m not the only one in this boat. We won’t be migrating to Exchange, but Zimbra doesn’t look that bad – especially since it runs on Linux.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  25. By:Roger

    My comments about opening the source code up was in regards to future management tools, not the current tools, if there is a fully published API for admin work then all the management tools are just a wrapper to the API and it would be nice for them to be open.

    As for XLM – “XML is the sorriest excuse for a protocol” I have to agree to some extent, but its a fact of life (much like death, taxes and Microsoft) all of its blot just keeps all the comms and hardware venders happy as they get to sell bigger and better systems. One thing you are missing with your example is a DTD or Schema which reduces the bloat as the defining of what a field is not pasted all the time.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  26. By:Flyingguy

    I often wonder why NSS is slow on Linux. I think it is because fundamentally no one at Novell sees any value is NSS despite the fact that there is no file system in the Linux world that even comes close to the capabilities of NSS. Everyone sees it as “yesterdays tech” when in point of fact it supports a permissions model that Linux cannot come close to.

    What they need to do is port NSS as a **native** file system for Linux instead of it running as a service. Ext Riser and the rest support only the basic Root/Owner/Others security model. Linux is a great application server, but its a lousy file server. If they get NSS to the place it needs to be on a Linux kernel, trust me the Linux world would come in drives because it is a **superior* file system.

    And right after that they need to port NCP as a *core* protocol for Linux in general distribution and if Linus doesn’t like it we should FORK, immediately if not sooner.

    A comment about the whole “More then one user on a workstation…” deal. In the corporate world that is just the most ludicrous thing I have ever heard about. There should never be more then two accounts on a windows box, 1 is the administrator account, then second is THE user account. The user account is the same, from machine to machine to machine. Any person can sit down at any machine and get the Corporate Desktop which has the applications they need to do WORK, not play games or “Hey look at the slide show from my vacation” that are being linked into my machine from Shutterfly via some activeX control”.

    This reduces overhead and IT support costs. I have a pretty hard and fast rule. If it takes more then 15 minutes to try and solve a problem with a workstation, I pull out the image CD, pop it in the drive, reboot the POS and the HD gets re-imaged. The machine is fixed and the employee can get back to work. Same thing for hardware failures, grab the hot spare box, plop down, hook up the monitor and keyboard and mouse and the employee can get back to work.

    I have always found a way to lock down a windows box so that the user has no control over the machine whatsoever and still make it able to run even the most *stupidly* written applications produced by companies that write software that is ALL MS ALL the time, even when they swear up and down that they need at least “Power User” access at the local machine level.

    Flat out its time for IT to take back control of the IT infrastructure and sell this to the people who make the top decisions, its easy to do, you simply explain it to them it terms they can understand, *$$$$$$*. When you tell them you can cut the IT budget by half simply by getting rid of all the garbage that comes with windows, ESPECIALLY Vista, they will very quickly start seeing things your way,

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  27. By:K. Davis

    If NSS on Linux isn’t superior to NTFS on Windows then even the die hard Novell shops are going to start choosing Windows over Linux. When that happens Novell’s directory strategy is going to backfire because AD will be required for the “bread and butter” operations of networking. So much hinges on having the best file server and I’m not sure the execs at Novell realize this. Folks, if NSS fails eDir is in jeopardy. If eDir is in jeopardy every product that has a dependency upon it is also in jeopardy.

    As for your argument that there should never be more than one user (account) on a workstation – that may work in your environment but I really don’t want to share my bookmarks with 600 or so other individuals. Separate and distinct user profiles are a MUST – and in some cases roaming profiles are a MUST. Burying your head in the sand and saying, “I don’t want to support that (built-in) functionality” – when everyone knows it is built in – probably isn’t going to do much for your career. The end users would argue that the ability to customize their desktop helps them to work more efficiently and that when you add up the efficiency gains across the entire organization you offset the IT savings from running a single user profile. And they would be right.

    I do know of a department at our University that took such a draconian approach to end user support. Instead of responding to what their customers wanted they dictated how their systems would be used. Last year the College of Architecture dealt with it by firing and replacing fully half of their IT support staff.

    This doesn’t mean that IT doesn’t have control of the IT infrastructure. It means IT has to architect and support the kind of infrastructure that helps employees be successful in their mission. If IT is viewed as an obstacle then measures will be brought to bear to remove that obstacle. Likewise, if Novell becomes an obstacle, then IT should look for ways to remove the obstacle. I’m hoping they don’t, because I like Novell. But I’ve also got to live in the real world.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  28. By:Juan Mendoza

    Hey Flyingguy,

    I have never used NSS, but Linux (at least ext3 and xfs) has had ACL support for more than the “Root/Owner/Others security model” since the 2.4 kernel (ages ago). You can read a little bit more about it for example here: http://www.vanemery.com/Linux/ACL/linux-acl.html.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  29. By:Flyingguy

    A quick glance tells me it is inferior.

    In NSS as well as old fashioned TurboFat ( Old school NetWare volumes ) you have the following attributes available to you (the acronym is wrmfaces, pronounced Worm Faces )

    Write, Read, Modify, File Scan, Access control, Create, Erase, Supervisor, Rename Inhibit, Erase Inhibit

    You can assign any combination of these rights to a user or a group or any other object for that matter.

    So at any level in the Directory Tree, Sally User could have all rights, then say 4 levels deep you could cut off any right as required, while preserving all other rights with an IRM ( Inherited Rights Mask ) later renamed ERM ( Effective Rights Mask ).

    That is what you call granular file system rights control. In a very clever way a user can have no explicit rights whatsoever to the first say, 5 levels of directories down a tree and then be given Read and Filescan at say level 6 and then they could see everything below that level and could be stopped with an ERM at say level 8.

    NSS comes native with DOD level encryption, DOD Level data scrubbing on delete, file salvaging ( yes simply select salvage and there are all the deleted files and let me tell you one has saved so many peoples bacon so many times I cannot even begin to say ) sub-allocation, compression, complete journaling and the list goes on and on.

    NSS is deserving of the attention it richly deserves, it is an insanely great file system with more controls then any file system available to Linux as of this writing. This needs to be ported as a native file system for Linux, its that simple. I doubt it ever will however and its all about politics. It is completely Open Source now!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  30. By:Flyingguy

    A. Collages are not businesses.

    B. I just had a 300 person accounting firm do just what I said. Their IT support costs went down by 63% and let me tell you the partners are happy as they can be. No more idiots loading Yahoo Messenger, MySpace messenger, their favorite malware/spyware spreading MP3 player. You want private bookmarks, put in your home directory since that is what its for, it is a simple change in Firefox or Opera. I wouldn’t know about IE since none of my clients use the POS. The bottom line is that that the “Its MY computer” mentality drives IT costs through the roof. For rank & file employees computers are tools to accomplish their *WORK* , not play toys.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  31. By:Flyingguy

    Even if you use a DTD you STILL have to enclose every value in identifier pairs, ie:

    |UniqueID|
    |fred|
    |/uniqueID|

    So now its only 22 bytes to send 4 bytes of information, so yeah I guess 5x overhead is better then 10x overhead.

    I guess that:

    UniqueID~FName~Lname…CR/LF
    fred~Fred~Smith…CR/LF
    sally~Sally~Jones…CR/LF
    tom~Tom~Pink…CR/LF
    ginger~Ginger~Rogers…CR/LF
    tomm~Tom~Mixx…CR/LF
    EOF

    Is just to simple or perhaps even Select * from users is to simple.

    Good grief, leave it to some flipping Phd candidate to really screw things up. You could even extend it for the first record to contain data types and limits and then here comes the data, but noooooooo!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  32. By:Roger

    For the few XML schema’s I’ve done I go one step further and throw out the rather daft idea that XML is human readable – does anyone read 1Mbyte XML’s files? so your example becomes

    |A1|
    |fred|
    |/A1|

    This makes the file only readable by a computer and involves more programing work as I have to map A1=UniqueID within the code otherwise that becomes unreadable, but its no worse than past data encoding standards. The advantage is that the example is now 10 bytes so the overhead is 2.5X.

    I started to do this as I came across the idea via AT&T who developed a very good XML compressor that did this type of substution and there seemed little point having to compress something if it could just be coded correctly in the first place.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  33. As NSS is open souce yet for quite some time, it would indeed make sense to try to get this into the mainstream kernel. That way it would get hopefully a lot more attention and more importantly more developpers attention. PM talked there was in all that time it is open sourced already (just) ONE 3th party that contributed code, this could become much more.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  34. By:K. Davis

    FlyingGuy wrote:

    A. Collages are not businesses.

    B. I just had a 300 person accounting firm do just what I said. Their IT support costs went down by 63% and let me tell you the partners are happy as they can be. No more idiots loading Yahoo Messenger, MySpace messenger, their favorite malware/spyware spreading MP3 player. You want private bookmarks, put in your home directory since that is what its for, it is a simple change in Firefox or Opera. I wouldn’t know about IE since none of my clients use the POS. The bottom line is that that the “Its MY computer” mentality drives IT costs through the roof. For rank & file employees computers are tools to accomplish their *WORK* , not play toys.

    — end quote —

    A. Colleges and universities are certainly businesses – but they are not all private enterprises (some are). When it comes to computer use I don’t see any magical difference between a private or a public enterprise except in the area of the applications they use.

    B. The issues you describe could all be solved simply by denying users the ability to install software on their workstations. I don’t see a case here for a single user and a single profile.

    C. A bit more on topic, though, File and Print are still the “bread and butter” of Local Area Networking. If NSS can’t cut it on Linux and there is no acceptable NSS alternative (which there isn’t) then I’ll be forced to migrate file services to Windows. If my file servers are running Windows, eDirectory not only becomes unnecessary, it becomes an encumbrance. This is the same reason I don’t bother with Active Directory today. So I’m in agreement with you on this point. NSS should be fully ported to Linux. Yesterday, if not sooner.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  35. By:Eric

    NSS isn’t very viable anymore given it’s archaic storage limitations. 2TB device size max… Need to span (yech!) devices in order to achive 8TB volume size max… And yes, performance is still a big problem on 32-bit SLES. For whatever reason, it’s about on par with Netware if you run 64-bit SLES. Probably something to do with the old kernel memory limits in 32-bit Linux. Also, Dynamic Storage isn’t supported on all clients, so that’s not the answer to the NSS storage limitations.

    Why isn’t SMB/CIFS an acceptable alternative? Have you looked into SMB 2.0 which is present with Vista/Server 2008? For salvage, we find the updated “Previous Versions” functionality of Vista/Server 2008 to be quite acceptable. I guess the question is: when will official/supported (not experimental) SMB 2.0 functionality be available with Novell’s Samba?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  36. By:Flyingguy

    Yeah GW could be made into a list server, I suppose but that is really not its purpose now is it? The one thing I would like to be able to do with Distribution Groups ( pertty much the same thing as a list server list, is to be able to designate it as open or closed, if it is set to closed, then you designate a subset ( or even only 1 member ) is allowed to send to it.

    Really, to try and shoehorn in the Functionality of Subscribe, Unsubscribe, Digest Only is not the purpose of GW, at least in my opinion.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  37. By:Flyingguy

    My guess is that NSS has never been seriously looked at being made a native file system for Linux.

    Do you even know what you are talking about ( “Need to span (yech!) devices in order to achieve 8TB volume size max…”), can you show me any single device this is 8TB in size? I don’t care who’s file system you are using, there are no single devices that size so thats a red herring. There are 32 bit numbers and there are 64 bit numbers and those are real limiters. After that you have to starting playing around with sectors, clusters, heads, platters and all sorts of other voodoo to achieve numbers that 32 bit can deal with.

    And by the way, those limits were imposed by physical devices. So if some actual work was put into the code, I am pretty sure those limits would go away. I would love to give the code a look, but I cannot seem to find it or forge.novell.com and many google searches and forge.novell.com have yet to turn up the CVS or even SVSN holding the source, so if anyone know where to find it I would be happy to start giving it a look.

    – quote —

    Have you looked into SMB 2.0 which is present with Vista/Server 2008? For salvage, we find the updated “Previous Versions” functionality of Vista/Server 2008 to be quite acceptable.

    – end quote —

    We I don’t know what “we” you are referring to, but if you think Vista / Windows 2008 is so cool, then what are you doing here? Why are you even participating in this discussion? Are you just some shill for Balmer & Co.? Go rip out anything in your organization that isn’t branded “Microsoft”, sign the big contract and don’t look back.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  38. By:Kevin Salisbury

    Dean,

    Great blog entry.

    A) I’m fine with Linux being required for the next major GroupWise version. We might even be ready to migrate to OES 2 here with Bonsai this year.

    B) Don’t waste too much precious enhancement coding time pulling out eDirectory. I’d rather eDirectory be kept integrated, but perhaps add on a eDir/LDAP DirXML style enhancement for those customers that need it. From our perspective, for the next version of GroupWise we’d really like to see continued strong fat client and web client improvements (including better “big brother” administrator capabilities and UI enhancements for end users), the Nokia based GMS is good – but it needs tighter GroupWise integration on Palm and Windows smartphone clients, improve the teaming & conferencing integration, and keep plugging away on the database backup issues.

    c) ConsoleOne, NWAdmin, whatever – it all needs to go. We are not thrilled with iManager, but it is getting better. If I were you, I would take a strong look at what Zenworks has done with their new management console for version 10. I’d love to integrate the two (GroupWise & Zenworks) – it would be nice to be able to add a GroupWise Management Pack to Novell ZENworks Orchestrator. You could also either give away NZO and the GroupWise Management Pack with the next version of GroupWise or provide a separate management package for GroupWise (based on the NZO framework). I really like the idea of integrating the two into the same management suite for management purposes (and help desk efficiency), but I understand why some customers would not like this (like if they didn’t own Zenworks).

    http://www.novell.com/products/zenworks/orchestrator/

    Thanks for communicating with us! See you at Brainshare 2008!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  39. By:Flyingguy

    Let me make sure I understand what you are saying here…

    You don’t like the idea of being able to select the console of a given bit of running software with a single key-combo?

    Again, I want to be clear, you would *rather* have to remember some program, type it into a console prompt, and have it load up, run take over the console and then be able to check something?

    Or is it that you would propose making it a requirement to use a GUI on a *server* ( I mean X is pretty stable, but it does blow up and takes LARGE amounts of resources ) so you cold run 4 or 5 different terminal sessions just so you can see the interplay between the agents?

    Yes by all means, lets start from scratch, write either a CUI or a GUI or both ala YAST, program that will then have to use a socket interface, to then query an SNMP interface, to get you the information that is already built to the screen interface?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  40. By:Flyingguy

    As long as they keep pushing JAVA as the dev environment, that more then likely will not happen. Sing & AWT just dont have the correct widget set. QT from Trolitech, well Nokia now, does, even the Lazarus project is very close. The widget set that is put by Eclipse is close, but the problem is it has to be ported to every new platform because its not supported by standard JVM’s. To quote someone from /. , “they realized the problem, came up with a solution, but did it in the most ass way possible.”

    Any by the by, GW’s only remaining vestige of PerfectOffice ( not word perfect ) are the directory names and a few strings that haven’t been cleaned up.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  41. By:Eric

    If I said 8TB _RAID_ device, does that make more sense? As for the NSS code, I believe a past Cool Blogs comment mentioned that it ships with the binaries (?), but it doesn’t seem possible to search Cool Blogs comments (ugh!).

    SMB 2.0: Hmm well someone thought parts of Windows were ‘cool’ and now we have Samba on Linux and Novell Samba on OES, and soon DSfW on OES :-) If we can get SMB 2.0 features for Novell Samba in OES, that would make an NSS-less system much more palpable.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  42. By:Eric

    “Source code for the OES-Linux NSS kernel modules is available in the km_nss package (OES 1) or the nss-.src.rpm package (OES 2).”

    Taken from
    http://developer.novell.com/wiki/index.php/Providing_Anti-Virus_Support_for_NSS_on_Linux

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  43. By:Flyingguy

    Hey Eric,

    Thanks for the TIP.

    It would seem to me, although I could be wrong, if Novell was serious about really making NSS shine, they might even put it up as a forge.novell.com project to get people interested.

    But thats just me.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  44. By:Flyingguy

    Lets see here…

    Partition Size Limitations – Laura E. Hunter [MVP]
    21-Feb-07 03:25:59

    The 2003 operating system can create partitions beyond the 2TB limitation by
    using dynamic disks; this allows you to create NTFS partitions up to 256TB
    in size. Two things to keep in mind, however:

    [1] Your hardware manufacturer may still have a limitation here that can’t
    be addressed by dynamic disks, and

    [2] Depending on your particular configuration, sizing a DAS partition
    larger than 2TB can create -horrible- performance latency. You might want to
    look into NAS or SAN solutions to determine if those would make a better fit
    for your needs.

    HTH


    ———————–
    Laura E. Hunter
    Microsoft MVP – Windows Server Networking
    Author: _Active Directory Consultant’s Field Guide_
    (http://tinyurl.com/7f8ll)
    Author: _Active Directory Cookbook, Second Edition_
    (http://tinyurl.com/z7svl)

    Ohh yeah, so read this to!

    http://support.microsoft.com/kb/329707

    Here are some more facts for you to ponder…..

    Description Limit

    Maximum size of a basic volume – 2 TB

    Maximum size of a dynamic volume

    2 TB for simple and mirrored (RAID-1) volumes. Up to 64 TB for spanned and striped (RAID-0) volumes. (2 TB per disk with a maximum of 32 disks per volume.) Up to 62 TB for RAID-5 volumes. (2 TB per disk with a maximum of 32 disks per volume and 2 TB used for parity.)

    Maximum size of an NTFS volume

    2^32 clusters minus 1 cluster Using a 64-kilobyte (KB) cluster (the maximum NTFS cluster size), the maximum size of an NTFS volume is 256 TB minus 64 KB. Using a 4-KB cluster (the default NTFS cluster size), the maximum size of an NTFS volume is 16 TB minus 4 KB.

    Maximum file size on an NTFS volume – 16 TB (2^44 bytes) minus 64 KB

    So all MS is doing is playing games with disk geometry and spanning ( Yech you said?? ) 2TB volumes.

    and yes, the NSS spec allows for a single 8TB volume and if all the volumes are NSS, then it can have as many 8TB volumes as you would like. I think if port NSS to 64 bit, you can pretty much leave those limitations behind, although I could be wrong. I am going to have to get my hands on the code and starting looking through it.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  45. By:Ron van Herk

    Interesting discussion, but it looks like we are quite far from the original topic, “GroupWise Dependency on eDirectory”.

    I’ve let the discussion go for some time as I think we have seen some valuable comments, but as mentioned this is a post about GroupWise and not about NSS. I will be more restrictive in further ongoing off-topic discussion.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  46. By:Dean Lythgoe

    We are seriously considering and watching what ZENWorks did and this is absolutely a contender. I appreciate the feedback and your votes – this is helpful.

    There are lots of advantages of the overlap with the Directory – especially eDirectory. This will become painfully clear as soon as we remove the dependency -but there are also disadvantages. Having too enough management tools and consolidation are always tradeoffs. We hear from both camps regularly.

    Thanks for the discussion…

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  47. By:Dean Lythgoe

    This is a difficult one! C1 ‘should’ run on all platforms, but the validation of that on Vista simply has not been a priority. Vista having an adoption rate of a snail. I know I am going to get beat up by someone that says that is all they have :) In order for this to completely work, we need support from the C1 team and they define their platform support. C1 is a technology that is slowly going away and so newer platforms are not going to be supported – including probably Vista.

    Like I said – we have a train wreck brewing and we are trying to lay the right tracks for a longer term solution. I know there are going to be some routes that terminate in dead ends. Difficult to please everyone.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  48. By:Dean Lythgoe

    See Comment above…

    Support will continue to be provided until a replacement is firmly in place. Then it will terminate quickly.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  49. By:Dean Lythgoe

    Great ideas! I did not realize there was such interest in listserver capability. This has not been on our radar for a long time. Appreciate the feedback and interest!!

    Distribution lists is a hot topic and one we intend to address. We have lots of features and ideas around dynamic dist lists, access controlled dist lists, etc. Not in Bonsai, but areas we know we want to go. I will plug Omni-TS (one of our Partners)- they have some really great technology that they have developed to handle some of this stuff – check it out!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  50. By:Dean Lythgoe

    We have talked about several areas of the product that might move into the Open Source community. We also see some advantages to this. Where to draw the line and what pieces are always a hot topic – but Admin is one of the areas that we have seriously discussed.

    Portlets are also a topic of discussion, but this seems to be one that brings in a lot of different opinions and directions. We will keep this on the table, but this is an area of technology that is changing quickly and may not be a good long term strategy. Debatable – I know :)

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  51. By:Dean Lythgoe

    Very useful comment! – Thanks for the specific examples and your ideas on how a tool could make you more productive. We obviously need to do a better job of integrating with many of our own products – like IDM. Thanks!!!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  52. By:Dean Lythgoe

    Kevin,

    I appreciate your feedback! This has been a very good blog with lots of comments and valuable insight. I thank all of the contributors for adding to the discussion and helping us with the design thought process. I always find it extremely valuable to speak with people on the front lines and dealing with real issues. They help shape perspective and sharpen focus. This has been a very effective tool for Product Management and engineering to gain insight and be part of a discussion. It always amazes me how much discussion about other Novell products happen in the context of GroupWise. It seems to be the central nervous system of most organizations – that is a powerful spot and one we need to protect and enhance.

    See you at BrainShare!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  53. By:K. Davis

    I’ve already made my opinion on points A and B known so I won’t rehash those. As for point C…the ZENworks approach that all of us seem to be enamored with was to remove dependencies. This includes dependencies on iManager. Getting away from ConsoleOne only to introduce another dependency or psuedo-dependency on ZEN or iManager is trading one handicap for another. Yes, yes, it’s all fine if you run all the integrated products. But it looks like something’s broken if you don’t.

    GroupWise has an opportunity to position itself as a truly attractive (even preferable) alternative to Exchange which is looking more and more like that fat kid in grade school that everyone used to pick on. Even the die-hard Exchange admins here are dreading the next upgrade. But that’s not going to happen if you’ve got to get over the Novell client, ConsoleOne, eDir, Saturn in the correct orbit hurdles first.

    I’m starting to repeat myself so I’ll call it quits for now. Thanks for the opportunity to provide the input, guys!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS