1.4 What’s New or Changed in OES 2018 SP2

1.4.1 Branding Changes

Novell is now part of Micro Focus. Products across the portfolio are now being rebranded to reflect Micro Focus or a more appropriate name. This corporate change impacts the name of products and components, user interfaces, logos, and so on. The product and documentation update to reflect these changes is being done in a phased manner.

As a result of this corporate change, the product name is now Micro Focus Open Enterprise Server. The new user interfaces, colors, and logos in OES 2018 and later gives a fresh look and feel to the product.

1.4.2 Install and Upgrade

OES Patterns

  • Beginning with OES 2018 SP2, the OES pattern names are changed as per the branding guidelines. All the pattern names that were beginning with Novell earlier now begins with OES.

  • iPrint for OES is now called as iPrint Advanced. Beginning with OES 2018 SP2, iPrint Advanced is available as a pattern in the OES installation pattern list. It is no longer an add-on product on OES. However, iPrint Advanced continues to have its own license.

    If you have installed iPrint for OES on an OES 2018 SP1 server, ensure to apply Update 8 OES 2018 SP1 iPrint for OES - Mandatory patch before upgrading to the OES 2018 SP2 server.

NICI AES 256-Bit SDI Tree Key Support

Beginning with OES 2018 SP2, NICI AES 256-bit SDI tree key is supported. You must have all the servers in your tree on OES 2018 SP2 before creating an AES 256-bit key. For information on enabling AES 256-bit tree key, see Creating an AES 256-Bit Tree Key in the NICI Administration Guide.

NMAS uses the NICI SDI key to securely store passwords and Challenge-Response configuration (questions and answers). To re-encrypt the passwords for multiple users in large deployments, use Universal Password Diagnostic Utility (diagpwd) tool. This tool is installed by default on selecting the eDirectory pattern with OES 2018 SP2 server.

For more information, see Universal Password Diagnostic Utility.

NOTE:

  • As AES 256-bit key support was introduced with edirectory 9.0, OES 2015 SP1 or earlier that is based on eDirectory 8.8 or earlier does not support AES 256-bit keys. If AES 256-bit key is configured in a tree having OES 2015 SP1 or earlier servers, the following known issues may occur:

    • CIFS and AFP login failure when the users partition replica is on OES 2015 SP1 or earlier platform.

    • DSfW service failure.

    • NCP and LDAP login failure if NDS password is not set or synchronized based on the password policy settings.

    This is also applicable if there are any NetWare servers in the tree, as NetWare does not support AES 256-bit key. All the NetWare servers in the tree should be decommissioned before introducing AES 256-bit key in the tree.

  • OES 2018 and OES 2018 SP1 that is based on eDirectory 9.1.x can support AES 256-bit key. However, the support is not certified on these OES platforms by Micro Focus. Also, DSfW on these platforms does not support AES 256-bit key.

1.4.3 Storage Services (NSS)

Support for Thin Provisioning

The traditional storage provisioning (thick provisioning) is a type of storage allocation in which the blocks of data on a disk is allocated in advance. With thick provisioning, the large pools of storage capacity are allocated to individual services but remain unused. In thin provisioning, the blocks of data are allocated on-demand; that is, the storage is provisioned but not consumed until the data is written. When you delete the data on thin-provisioned storage, the free space is released to the storage system. This type of storage allocation helps to optimize the utilization of the available storage.

Beginning with OES 2018 SP2, OES supports thin provisioning on a storage device, which allows you to discard (or trim) blocks that are not in use by the pool. The fstrim command allows you to trim the unused blocks in the NSS pool. fstrim is supported only on thin-provisioned SCSI devices with VMware ESXi on a linear target. For more information, see NSS Management Utility (NSSMU) Quick Reference in the OES 2018 SP2: NSS File System Administration Guide for Linux.

Also, added a new option Blk_discard_on_delete on in the nlvm.conf file to discard the blocks on a thin-provisioned storage disk when you delete a pool on that disk. For more information, see Configuring Settings for the NLVM Library in the OES 2018 SP2: NLVM Reference.

Support for AES-256 Encryption

A new media format named AES has been introduced beginning with OES 2018 SP2 to support the AES-256 encryption algorithm while creating NSS encrypted volumes. For more information on AES media and AES-256 encryption, see AES Media and Managing Encrypted NSS Volumes in the OES 2018 SP2: NSS File System Administration Guide for Linux.

NSS Utilities Enhancements

The following NSS utilities are enhanced to be made aware of the DST volumes.

  • rights

  • attrib

  • nssquota

  • nsschown

For more information, see man page of the corresponding utility.

1.4.4 Common Internet File System (CIFS)

Leasing Support

Leasing is an enhancement to legacy Oplocks, which facilitates better file caching by the clients and thus improves the overall performance. It provides better performance compared to Oplocks by increasing the amount of caching and by reducing the number of cache break. For more information, see Locks Management for CIFS in the OES 2018 SP2: OES CIFS for Linux Administration Guide.

Cache Improvement

CIFS cache is improved to reduce the operations in the client request processing, thereby improving the performance.

Zerocopy Support

zerocopy lets the server to send the file data to the client from the Linux Kernel Ring 0 environment (kernel-space), rather than copying it to Ring 3 (user-space) and then back to Ring 0 (kernel-space). This provides a slight performance improvement for any use case that involves reading the contents of the file.

novcifs Command Changes

  • NTLMSSP Disablement: You can disable the NTLMSSP authentication to avoid false login attempts in an AD only environment. For more information, see the command --disable-ntlmssp=yes|no in the novcifs man page.

  • Leasing: You can enable or disable the file leasing for SMB 2.1 or later connections for better file caching by the clients. For more information, see the command --leasing=yes|no in the novcifs man page.

    The commands -Flop FILE-PATH, -Flov VOLUME-NAME and -Flon CONNECTION-NUMBER are introduced to include Oplock or Lease level of open files.

  • --map-adsessions-to-edir=yes|no|fallback Enables, disables, or provides a fallback mechanism to mapping of AD sessions to eDirectory for file operations. By default, this option is disabled. For more information, see the command --map-adsessions-to-edir=yes|no in the novcifs man page.

  • --zerocopy=yes|no Enables or disables zerocopy support for efficient transfer of the file content to the client. For more information, see the command –-zerocopy=yes|no in the novcifs man page.

  • Bash Auto Completion: The novcifs commands support BASH auto-completion.

1.4.5 Cloud Integrated Storage (CIS)

CIS Client (New)

On Mac OS X, when you use List view, Column view, or Gallery view options in Finder to preview the files that are uploaded to the cloud, the files get downloaded from the cloud. This unwanted download of files fills up your local storage. To avoid this, Open Enterprise Server CIFS provides a feature that can be enabled by using the novcifs utility. Enabling this feature with the CIS client on Mac OS X allows you to preview the files uploaded to the cloud. The following new tools are created:

  • CIS Client for Windows: Displays the cloud overlay icon on the files uploaded to the cloud and also allows you to access the files uploaded to the cloud.

  • CIS Client for Mac: It allows you to access the files uploaded to the cloud.

For more information, see Working with CIS Client in the OES 2018 SP2: CIS Administration Guide.

CIS Management UI Enhancements

The following options are added in the CIS management console:

  • Top Cold Data Users: Displays the five users with the top cold data on the Insights page. For more information, see Section 5.1.1, Insights in the OES 2018 SP2: CIS Administration Guide.

  • Schedule File Scan: Allows you to schedule a scan on a specific time. You can choose the following scan type in the Agents setting page:

    • Full Scan: Performs the complete scan on OES volumes.

    • Differential Scan: Performs the differential scan from the previous full scan on the OES volumes. This scans all of the data that has changed since the last scan. This scan takes less time to perform than the full scan as it calculates the difference between the earlier scan.

    For more information, see Section 5.1.7, Agents in the OES 2018 SP2: CIS Administration Guide.

  • Dry Run: Added the following policy run type options to estimate the total migrate or recall data before the actual run:

    • Free Space Calculation: Calculates the amount of data that will be migrated to the cloud. Before performing the migration, ensure that enough space is available on the cloud.

    • Recall Space Estimation: Calculates the amount of data that will be recalled from to the cloud to your Primary volume. Before performing the recall, ensure that enough space is available on your Primary volume.

    For more information, see Section 5.1.4, Tiers in the OES 2018 SP2: CIS Administration Guide.

1.4.6 Domain Services for Windows (DSfW)

Schema Update

DSfW on OES 2018 SP2 supports schema level and domain functional level equivalent to AD in Windows Server 2016. With updated schema level, the applications that integrates with the later releases of AD can work better in DSfW environment.

1.4.7 DSfW Integration with NSS AD in Same eDirectory Tree

Beginning with OES 2018 SP2, NSS AD servers can integrate with the DSfW domain in the same eDirectory tree where DSfW server acts as an authentication backend. The integration is certified in a single domain and trusted domain scenarios.

1.4.8 iPrint Advanced (Earlier iPrint for OES)

Remote Renderer

iPrint ships with a Remote Renderer. For enhanced desktop-quality printing, you should use Remote Renderer. It can be downloaded from the iPrint console and installed on a Windows 64-bit computer. The Remote Renderer communicates with the iPrint Advanced server for document conversion.

1.4.9 NetWare Core Protocol (NCP)

NCP Encryption and Multi Factor Authentication

Beginning with OES 2018 SP2, NCP server supports encryption and Multi Factor Authentication (MFA) capabilities. This increases the security of data transmitted across networks between the NCP server and clients. For more information on the NCP options to enable encryption and MFA, see Managing NCP Security Configurations in the OES 2018 SP2: NCP Server for Linux Administration Guide.

You must use the latest Client for Open Enterprise Server 2 SP5 to use this feature. For information on the Client side changes, see What’s New in Client for Open Enterprise Server 2 SP5 in the Client for Open Enterprise Server Release Notes.

1.4.10 Novell Identity Translator (NIT)

nitconfig Command Changes

  • Reload NIT: Reload of NIT service using the command systemctl reload novell-nit.service replaces the restart of NIT service that was required after using the following commands:

    • ad-domain-local-groups-enabled

    • ad-ldap-timeout

    • ad-use-efficient-sev-fetch

1.4.11 NSS Auditing Client Logger (VLOG)

Common Event Format (CEF)

Beginning with OES 2018 SP2, VLOG supports output in Common Event Format. For more information, see Common Event Format (CEF) in theOES 2018 SP2: NSS Auditing Client Logger (VLOG) Utility Reference.

1.4.12 OES Cluster Services (NCS)

Cluster Command Line Enhancements

  • The following options are added to the cluster command line. For more information on each of the options, see the cluster man page:

    • cluster resources <-i|-v|-c|-p|-u|-a>

    • cluster resource <resource>

    • cluster preferred_nodes <resource>

    • cluster unassigned_nodes <resource>

    • cluster script <load-script|unload-script|monitor-script|all> <resource>

    • cluster resource-protocol <resource>

    • cluster resource-policy <resource>

  • Beginning with OES 2018 SP2, the cluster commands supports BASH auto completion.

1.4.13 OES File Access Rights Management (NFARM)

NFARM for Windows

Beginning with OES 2018 SP2, NFARM for Windows allows the eDirectory administrators or users with sufficient rights to manage the following:

  • Trustee rights, inherited rights filter, and view effective rights. You can also view trustees with rights from the selected path and sub directories or parent directories.

  • Owners, NSS attributes, and directory quota

  • User quota

  • All paths that a user is a trustee of

Also, added an option in the Trustee Rights tab to list both eDirectory and Active Directory trustees in the trustee list. This allows the mapped eDirectory or AD administrators or users to manage the trustees and their explicit rights of both eDirectory and AD users.

NFARM for Mac

Before OES 2018 SP2, NFARM for Mac supported only salvage and purge operation on both eDirectory and Active Directory users. Beginning with OES 2018 SP2, NFARM for Mac allows the AD administrators or users with sufficient rights to manage the following:

  • Trustee rights, inherited rights filter, and view effective rights. You can also view trustees with rights from the selected path and sub directories or parent directories.

  • Owners, NSS attributes, and directory quota

  • User quota

  • All paths that a user is a trustee of

For more information, see NFARM (OES File Access Rights Management) in the OES 2018 SP2: NSS AD Administration Guide.

1.4.14 OES Remote Manager (NRM)

TLS Support

Beginning with OES 2018 SP2, NRM supports communication over TLS v1.2 when the cipher level in the /etc/opt/novell/httpstkd.conf file is set to all or high.

1.4.15 OES User Rights Map (NURM)

Added the following options or commands in NURM:

  • To notify the users whether the user maps created are old, and suggest a refresh on that user map.

  • To view the modified user maps based on the scheduled refresh time. Also, you can hover the cursor over the user map name to view the users added or removed from that user map.

  • map-users utility (Enhanced): Commands are added to enable and set the time for scheduled refresh of usermaps.

For more information, see NURM (OES User Rights Map) in the OES 2018 SP2: NSS AD Administration Guide.

1.4.16 FTP (Pure-FTPd)

TLS Support

Beginning with OES 2018 SP2, pure-ftpd supports communication over TLSv1.2.

The versions below TLSv1.2 are not supported.

1.4.17 Supported Versions of Bundled Products

OES 2018 SP2 supports the following upgraded products bundled with OES:

  • NetIQ eDirectory 9.2.1

  • Micro Focus iManager 3.2.1

1.4.18 Unchanged Components in OES 2018 SP2

Besides bug fixes, there are no other changes to the following components for OES 2018 SP2:

  • Apple Filing Protocol (AFP)

  • Business Continuity Clustering (BCC)

  • Distributed File Services (DFS)

  • DNS/DHCP

  • Dynamic Storage Technology (DST)

  • Linux User Management (LUM)

  • Migration Tool

  • NetStorage

  • OES FTP

  • Storage Management Services (SMS)

1.4.19 Next Release Updates

Service Proxy Deprecation

Service Proxy is being deprecated on a new server in favor of common-proxy and will not be supported in the future releases. If any service is configured with service-specific proxy users in the earlier versions of OES, then an upgrade to the OES 2018 SP1 or later server moves the service to use a common proxy user.

ShadowFS Deprecation

ShadowFS uses FUSE to create a local mount point for merged view of each DST shadow volume pair. The ShadowFS support is being deprecated and will not be supported in future releases. If you are using or taking advantage of ShadowFS, then request you to email us at oes@microfocus.com