Novell NetWare
Once the network operating system of choice for all but a few networks, NetWare's popularity has declined somewhat. However, NetWare is still widely used in many large organizations. The latest version of NetWare, version 6, has garnered a number of awards and continues to prove that Novell can produce a world-leading network operating system.
NOTE
NetWare Versions The information this chapter provides on Novell NetWare is intended to apply to NetWare 5 and 6. If you find yourself working on an older version of NetWare, you might find that some of the commands and utilities are different from those discussed here.
One of the features that really put NetWare on the networking map was Novell Directory Services (NDS). Like Microsoft's Active Directory, NDS (which has been around since 1994) is a directory services system that allows network objects to be stored in a database. This database can then be divided up and distributed among different servers on the network. These processes are known as partitioning (the dividing up) and replication (the distribution among servers on the network). Although introduced as NDS with NetWare 4.x, Novell has now renamed the product eDirectory and has made it platform independent.
EXAM TIP
NDS Although a detailed understanding of NDS is not required for the Network+ exam, working with a NetWare server will most certainly require a thorough knowledge of NDS.
NOTE
NDS Versions NDS was originally created for NetWare, but versions are now available for other platforms, including Linux, Windows NT/2000, and various versions of Unix.
Like the other network operating systems, NetWare is a full-featured operating system that offers all the functions required by an organization, including file and print services, DNS and DHCP servers, and FTP and Web servers. NetWare also supports a wide range of third-party hardware and software.
NetWare System Requirements
In terms of hardware, NetWare system requirements are quite modest, and even moderately powered servers can provide adequate levels of performance to a relatively large numbers of users. Table 9.4 shows the basic NetWare 6 Server requirements.
| Hardware | Minimum Requirement |
|---|---|
| Processor | Pentium II or better |
| RAM | 256MB |
| Hard disk space | Approximately 2GB |
NetWare File Systems
Unlike Windows NT/2000, which uses share points to make disk resources available to users, NetWare has a more versatile approach, in which all areas of the disk are available to all users who have permissions. There is no concept of share points, although it is possible for a user to connect to a specific folder on the server if necessary.
Instead, users can map a drive to an area of a disk called a volume. Only the areas of the volume to which the user has been assigned permissions are available to that user.
NOTE
NSS In some versions of NetWare, Novell has offered a service called Novell Storage Services (NSS). NSS allows for larger volume sizes and improves the performance of file serving.
Novell offers compatibility with client operating systems by using special software drivers known as name spaces to make drives available to clients. Different name space drivers are available, depending on which clients are being used. Most commonly, the driver that mimics the file properties of Windows clients, which is called “long,” is used.
Part of NetWare's reputation as a very high-performance file server is related to the way it handles file caching. When a volume is initialized, the file allocation table is copied into memory, as are parts of another table, called the directory entry table. When a file is requested, the tables are searched for the location of the file, and the file is read from the disk. The holding of tables in memory makes this process very fast, and the caching of files in memory helps to increase the speed of the process. In fact, any memory that is available on a NetWare server after the server modules and workspace are loaded is assigned to the caching of files.
NetWare Performance-Monitoring Tools
Similar to the Windows server platforms, NetWare includes utilities that enable you to gauge the performance of the server system. The main tool is NetWare Monitor (see Figure 9.9), which provides an exhaustive range of information. The following are some of the most commonly used performance indicators in NetWare Monitor:
Processor Utilization— This indicates how busy the processor is at any given time. If the counter is consistently high, the processor is unable to keep up with the load.
Total Cache Buffers— This is the amount of memory available for file caching. You should ensure that this counter does not run too low (below 40%). Insufficient RAM for caching degrades server performance considerably.
Dirty Cache Buffers— A dirty cache buffer is an area of memory that holds data waiting to be written to disk. Excessively high numbers of cache buffers can indicate that the disk channel is unable to keep up with disk demands.
Long Term Cache Hits— A cache hit is recorded when a piece of data is found in memory rather than on the disk. If the amount of RAM in the server is sufficient, the Long Term Cache Hits setting should be high (97% to 99%). If the figures start to consistently drop below 95%, memory usage on the server should be examined.
Figure 9.9. The Monitor screen from a NetWare 6 server.
NetWare User Administration
One of the differences between working with Windows servers and working with NetWare servers is that with NetWare much of the configuration of the server is actually performed from a workstation, not from the server itself, although Novell is moving toward a more server-centric model in this respect. Performing administrative tasks from the workstation is a good practice because fewer server resources are used for administration and more are available for carrying out user requests.
Two basic tools are used for administering NetWare: NetWare Administrator and ConsoleOne. Both utilities are Windows based, but ConsoleOne is a Java-based application, whereas NetWare Administrator is a standard 32-bit Windows application. NetWare Administrator and ConsoleOne can be used to manage practically all network objects, including users, groups, printing, and the server file system. Another Windows tool, NDS Manager, can be used to manage the structure of the NDS. Also, a range of browser-based management tools can be used on the NetWare server console and on a version of ConsoleOne. Figure 9.10 shows an example of a screen from the NetWare Administrator utility, and Figure 9.11 shows an example of the workstation version of ConsoleOne.
NetWare Server Configuration
On a NetWare server, network and user administration is typically performed from a workstation; however, disk management and other hardware configurations are normally performed directly on the server. NetWare uses several different utilities for hardware configurations, but the most common is the nwconfig utility, which is used for administering disk partitions, volumes, and RAID configurations. Utilities are also available for networking configuration (inetcfg) and for working with the NDS structure (dsrepair).
NOTE
NetWare Administration In NetWare 6, some of the disk-management tasks have been moved from the nwconfig utility to ConsoleOne.
Although they are not configuration tools per se, there are a number of other useful NetWare server console commands. Some of the most useful of these are listed in Table 9.5.
Viewing and Changing a NetWare Network Configuration
From a NetWare server, the primary tool for configuring network settings is the Internetworking Configuration utility (inetcfg). Figure 9.12 shows a sample screen from the inetcfg utility, which is similar to many of the NetWare server utilities that use a menu-based format.
Figure 9.12. A sample screen from the inetcfg utility.
Table 9.6 summarizes the NetWare tools used for network configuration.
NetWare Authentication
As with all the other network operating systems discussed in this chapter, NetWare authentication is performed by using a username and password combination. As well as supplying this information, users also need to tell client software which NDS tree to authenticate to and the location of the user object in the NDS tree.
After a user has been validated, an assortment of restrictions is veri fied, including allowed logon times and station restrictions, which prevent users from logging on from certain workstations. Information about the user account and what the user can and can't access is stored in the NDS. For this reason, a copy of the NDS must be available in order for the user to be able to log on. Also, each time a user attempts to access a resource, her authentication status is checked in the NDS to make sure she is who she says she is and that she is allowed to access the resource.
NetWare File and Print Services
As mentioned earlier in this chapter, NetWare has long been regarded as the king of file and print services, and indeed, for many years, it was the operating system of choice for this purpose. Although that might no longer be the case, many people in the IT industry still see NetWare as primarily a file and print server platform.
NOTE
NDS—It Wasn't Always Like That Any discussion of Novell NetWare now invariably involves NDS, or eDirectory. The functionality provided by the directory services system is so ingrained in NetWare that without it the system is little more than a collection of software programs. It wasn't always like this, though. In versions of NetWare up to and including 3.x, NetWare used a system called the Bindery to store user, group, and printing information. The Bindery was actually a group of three files that were stored on each server and were not shared between servers in the same way as directory services databases are shared. If a user needed access to more than one server, the user's account needed to be created on each server. Although numerous strategies and products eased the administrative burden that this created, Novell realized that a more dynamic approach was needed, hence the introduction of NDS.
Of all the network operating systems discussed in this chapter, NetWare has by far the most comprehensive (and complex) file system security structure. In addition to allowing an administrator to assign a comprehensive set of rights to users and groups, NetWare provides file permission inheritance systems, as well as the ability to block the inherited rights if needed. All this adds up to a sophisticated file system security method that can take some getting used to.
In addition to file permission rights, files can also be assigned a range of attributes. These attributes work the same as file attributes in DOS and Windows, except that the Windows file permissions are limited to attributes such as read-only and hidden, whereas the NetWare file attributes include such possibilities as rename inhibit and copy inhibit.
Printing with NetWare can be implemented in a variety of ways. Traditionally, printers were defined on the server, and print queues were associated with those printers. In NetWare 6, a feature called Novell Distributed Print Services allows a more dynamic printing environment to be created, with increased functionality. NetWare 6 also includes a new feature called iPrint, which allows users to see graphical maps of the network and point and click to access network devices.
To access a printer on NetWare, clients capture the output that would normally be directed to a local printer port and send it to the network printer. In early versions of NetWare, this was a process performed by using a command-line utility, called capture. Today, the process has been hidden behind the graphical interface of the client software and is largely unnoticed.
NetWare Application Support
Although application support will always be a topic of much debate, the reality is that third-party application support for NetWare is not nearly at the same level as it is for the Windows server platforms. In terms of third-party application support, NetWare would even have a hard time competing against Linux. However, many applications are available for NetWare, and you are likely to have a choice of applications for any given purpose.
EXAM TIP
NLMs On a NetWare server, console utilities and drivers are implemented through pieces of software called NetWare Loadable Modules (NLMs). Most NLMs can be loaded and unloaded as needed.
Even though third-party support might be lacking, the applications included with the NetWare package leave little to be desired. Included in NetWare are a DHCP server, a DNS server, a Web server application (and two of them in NetWare 6), and a range of other services. Pretty much any application that is needed in a modern networking environment is available in the network operating system.
NetWare Security
Like the other network operating systems, NetWare has many security features to help secure the server and the network. The key areas of NetWare security include the following:
Resource access— Resource access in NetWare is controlled, as is everything else related to security, through directory services. For a user to gain access to a network resource—whether it be a file, directory, printer, server, or gateway—the appropriate permissions must be applied through the directory. Permissions can be granted to the user, to a group to which the user belongs, or to an NDS container object in which the user resides. Rights to objects can be inherited or gained from other user IDs through a process called security equivalence.
User authentication— As with the other network operating systems, accessing a NetWare server and network resources requires a username and password combination. To log on to a NetWare server, the context of the user must also be specified and, in some instances, the name of the NDS tree must also be provided. Context is a term used to refer to the user IDs location in the NDS tree. Without the correct context, the security subsystem is unable to identify the correct user ID and does not grant access to the server. Because the context can be quite complex and because the tree name is generally not used except at the point of login, it's common practice to configure users' workstations to default to a certain tree and context, so that users do not need for them to supply that information. This way, a user needs to provide only a username and password.
File and directory security— NetWare provides a very comprehensive file and directory permissions system, which allows rights to be assigned to users, groups, and other NDS objects. Rights are inheritable, which means that rights assigned at one directory level flow down through the directory structure until they reach the end of the directory tree, unless they are countered by an inherited rights mask or by an explicit trustee assignment. Much the same process is used to manage and assign rights within the NDS directory tree, although the actual set of rights that can be assigned is different.
EXAM TIP
Accessing a NetWare Server To gain access to a NetWare server, four pieces of information are normally required: a username, a password, a directory context, and the name of the tree to which the user wants to log in. In addition, you can specify a server name, although this is not required.
EXAM TIP
Headless Operation As an extra security precaution, NetWare supports headless operation, which means that the NetWare server can run without a keyboard, mouse, and monitor. It is safe to plug these devices back in while the system is running if you want to gain access.
Like the Windows console, the NetWare console can and should be locked for security purposes. You can lock the NetWare console by using a utility called scrsaver, which you run from the server command line.
With the proliferation of Microsoft Windows server platforms, you might not actually get to work with a NetWare server. But if you do, you'll find that there is good reason why NetWare was king of the network operating system hill for so long.