Deployment Aids Sysprep used to help deploy Server

  • Slides: 66
Download presentation
Deployment Aids • Sysprep used to help deploy Server and Advanced Server. – Sysprepares

Deployment Aids • Sysprep used to help deploy Server and Advanced Server. – Sysprepares a Pro or Server installation for duplication to identical hardware. • Run sysprep, cut an image, copy image • Deletes security identifiers, user and system specific data • Regenerates on reboot

Deployment • Remote OS Installation – Server hosted equivalent CD • Remote Installation Service

Deployment • Remote OS Installation – Server hosted equivalent CD • Remote Installation Service – Requires DNS, DHCP, Active Dir. – Installed on a shareable volume – Can’t be on the server’s system drive • Formatted as NTFS

Command Interface • Start / Run / Command – Example • Netstat /?

Command Interface • Start / Run / Command – Example • Netstat /?

Naming Conventions • Distinguished Name DN – Defines the domain and the related containers

Naming Conventions • Distinguished Name DN – Defines the domain and the related containers in which the object resides. • Relative Distinguished Name RDN – An attribute of an object • Globally Unique Identifier – Avoids duplication, ensures uniqueness, a 128 bit number assigned to an object on creation and stored with it.

Naming Conventions • User Principal Name UPN – Combines the user account name with

Naming Conventions • User Principal Name UPN – Combines the user account name with the domain name where the account exists • Domain Component • Organizational Unit • Common Name DC OU CN

Microsoft & Directory Services • MS does not support an extension of LDAP, called

Microsoft & Directory Services • MS does not support an extension of LDAP, called LDAP Duplication Update Protocol. – Violation of directory rules can lead to cascading errors in directory – Uses synchronization to populate and update directories

Microsoft & Directory Services • Microsoft left out major portions of the X. 500

Microsoft & Directory Services • Microsoft left out major portions of the X. 500 protocol in the AD. – B/C Dependent on OSI networking layer and lack of public interest. – Elements include: • Dir. Access Prot, Dir. Systems Prot. , Dir Info Shadowing Prot. , Dir Operational Binding Management Prot.

What is a directory service? • A directory is like a database, but tends

What is a directory service? • A directory is like a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. • Directory updates are typically simple all-or-nothing changes, if they are allowed at all. • Directories are tuned to give quick-response to highvolume lookup or search operations.

LDAP • Lightweight Directory Access Protocol. • A directory service protocol that runs over

LDAP • Lightweight Directory Access Protocol. • A directory service protocol that runs over TCP/IP. • The details of LDAP are defined in RFC 1777 "The Lightweight Directory Access Protocol. "

LDAP • The LDAP directory service model is based on entries. • An entry

LDAP • The LDAP directory service model is based on entries. • An entry is a collection of attributes that has a name, called a distinguished name (DN). • Each of the entry's attributes has a type and one or more values.

LDAP • Types are typically mnemonic strings, like "cn" for common name, or "mail"

LDAP • Types are typically mnemonic strings, like "cn" for common name, or "mail" for email address. – mail attribute might contain the value "bdobs@psu. edu – jpeg. Photo attribute would contain a photograph in jpeg format

How is the information arranged? • Directory entries are arranged in a hierarchical tree-like

How is the information arranged? • Directory entries are arranged in a hierarchical tree-like structure that reflects political, geographic and/or organizational boundaries. • Entries representing countries appear at the top of the tree. • Below them are entries representing states or national organizations. • Below them might be entries representing people, organizational units, printers, documents,

LDAP Tree C=GB C=US O=PSU CN=Rick Evans CN=Richard Evans mail=revans@psu. edu

LDAP Tree C=GB C=US O=PSU CN=Rick Evans CN=Richard Evans mail=revans@psu. edu

How is the information referenced? • Entry is referenced by its distinguished name, constructed

How is the information referenced? • Entry is referenced by its distinguished name, constructed by taking the name of the entry itself (called the relative distinguished name, or RDN) and concatenating the names of its ancestor entries. – For example, the entry for Rick Evans in the example above has an RDN of "cn=Rick Evans" and a DN of "cn=Rick Evans, o=PSU, c=US". The full DN format is described in RFC 1779, "A String Representation of Distinguished Names. "

Resources • http: //www. oblix. com/pointofentry/ldap/index. html

Resources • http: //www. oblix. com/pointofentry/ldap/index. html

Trusts • Two-way transitive trust – Automatically achieved between domains in the same tree

Trusts • Two-way transitive trust – Automatically achieved between domains in the same tree or can be established between domains on separate trees. • Explicit one-way trust – Created between specific domains in two different forests and provide one-way restricted permissions.

Domain Trees & Child Domains • When should a child be created? – Is

Domain Trees & Child Domains • When should a child be created? – Is decentralized administration desired – Do you need tight/localized administration – Do business activities dictate separate domains – Do account policies need to differ

Domain Trees & Child Domains • When should a forest be created? – Are

Domain Trees & Child Domains • When should a forest be created? – Are the business activities extremely different? – Are there reasons for maintaining separate identities • Unique trade names – Do joint venture or partner relationships exist that require tighter control over network resources. • Enforcing direct administrative and security restrictions

User accounts • Unique identifier – SID – security identifier – User and group

User accounts • Unique identifier – SID – security identifier – User and group SID’s form the security token – Unique, must be regenerated if account is deleted. – Mapped to the Access control list • DACL – discretionary access control list is a security descriptor, who has permission to use.

Profiles • Local User – maintained on each system in the users profile directory.

Profiles • Local User – maintained on each system in the users profile directory. • Roaming – allows users to move from system to system, located in shared directory of server. • Mandatory – restricted by sysadmin to permit consistent desktops. – Ntuser. dat to Ntuser. man

Contents Profile Directory • • • Cookies Desktop Favorites My documents Start Menu

Contents Profile Directory • • • Cookies Desktop Favorites My documents Start Menu

All users profile • • Application Data Local Settings Net. Hood – domains &

All users profile • • Application Data Local Settings Net. Hood – domains & files accessed Print. Hood Recent Send To Templates for Office Apps.

Novell Net. Ware • • 1983 – Net. Ware/86 file & print sharing Net.

Novell Net. Ware • • 1983 – Net. Ware/86 file & print sharing Net. Ware 286 – multitasking Net. Ware 386 – larger networks Net. Ware 4. 11 - Intra. Netware Net. Ware 4. 2 – Net. Ware for small Business Net. Ware 3. 2 mid size networks/older cpus 1998 Netware 5. 0 – larger networks 2003 Netware 6. 5 - Internet

Net. Ware • IP protocol – Backward compatible to IPX • Java enabled •

Net. Ware • IP protocol – Backward compatible to IPX • Java enabled • NSS – Novell Storage System – Volumes & Mounts

File Server Capacity Capability Netware 5 Netware 4 Concurrent Open files 1019 100, 000

File Server Capacity Capability Netware 5 Netware 4 Concurrent Open files 1019 100, 000 Directory Entries per volume 1019 16 million Volumes per sever Unlimited 64 Segments per volume Unlimited 8 Max Disk Cap 8 TB 4 TB Max File Size 8 TB 4 GB

Net. Ware • Net. Ware Loadable Modules NLM’s – Add hardware without rebooting –

Net. Ware • Net. Ware Loadable Modules NLM’s – Add hardware without rebooting – Remove without stopping server – Increase volume size while S is running • Multiprocessor kernel MPK • Supports symmetrical multiprocessing H/W (SMP) • Multithreading • Up to 32 processors - Questionable release date

Net. Ware • Net. Ware Directory Services – Organizes users, groups, devices into a

Net. Ware • Net. Ware Directory Services – Organizes users, groups, devices into a tree like structure • NDS Tree – Single user login – Scalable, up to unlimited sizing • 1999 test had a billion users

Net. Ware • Novell's core-services are wrapped around NDS e. Directory, a robust, cross-platform

Net. Ware • Novell's core-services are wrapped around NDS e. Directory, a robust, cross-platform directory service. • NDS e. Directory ships with Net. Ware 5. 1 and is available in versions that run natively on Linux, Solaris, and Windows 2000 and NT - no Net. Ware required.

Net. Ware • NDS - Net. Ware's central feature. All the services that ship

Net. Ware • NDS - Net. Ware's central feature. All the services that ship in the Net. Ware 5. 1 box, all those available from Novell separately and even most third-party additions plug into the directory to become part of a fabric of integrated services. • This integration gives administrators a replicated, fail-safe, single point of administration. • Users, get one place to search for enterprise wide resources and one point of authentication to gain access to those resources.

Net. Ware • Fault tolerance (3 Levels) – SFT 1 single server, when a

Net. Ware • Fault tolerance (3 Levels) – SFT 1 single server, when a sector goes bad, the bad sector to a good one. Hot fix. • Redundant volume data structures – SFTII level two, has all the features of one and uses disk mirroring and duplexing • Duplexing has a controller for each drive

Mirror Duplex

Mirror Duplex

Net. Ware • Fault tolerance (Cont) – SFTIII Level three consists of SFT II

Net. Ware • Fault tolerance (Cont) – SFTIII Level three consists of SFT II plus server mirroring, or redundant servers. – Two servers connected using a high speed Mirrored Server Link (MSL) – Nonstop operation using an entirely redundant server.

Net. Ware • Security – Public key infrastructure PKIS • Enables public key &

Net. Ware • Security – Public key infrastructure PKIS • Enables public key & cryptography and digital certificates. Local certificate authority & SSL – Novell International Cryptographic Infrastructure – Enable cryptography services for confidentiality, integrity, and authentication – Secure Authentication Services SAS – Auditing

Net. Ware 5. 1's security • built on an RSA dual-key-encrypted security store •

Net. Ware 5. 1's security • built on an RSA dual-key-encrypted security store • authentication methods-- passwords, tokens, biometrics, smartcards and X. 509 certificates • Cryptography services in the form of Novell's International Cryptographic Infrastructure (NICI) ship with and plug into Net. Ware's modular security services and provide DES/RC 2/RC 4 data encryption of 56 -bit to unlimited strength.

Net. Ware 5. 1's security • Net. Ware 5. 1 automatically creates a directory-based

Net. Ware 5. 1's security • Net. Ware 5. 1 automatically creates a directory-based CA and generates a server certificate, which it uses for the Web-accessible Net. Ware Management Portal (NMP) and the Enterprise Web Server.

Net. Ware 5. 1's security • SSL-enabled and secure out of the box with

Net. Ware 5. 1's security • SSL-enabled and secure out of the box with Net. Ware 5. 1 • Net. Ware supports minimum password lengths, intruder detection lockout and unique passwords – does not have a built-in method for identifying weak passwords or forcing users to use punctuation marks or other special characters in their passwords.

Net. Ware • DNS & DHCP • LDAP • Web Server – Netscape Fast.

Net. Ware • DNS & DHCP • LDAP • Web Server – Netscape Fast. Track Server • FTP & Unix printing services • NIS, telnet, XConsole

Net. Ware • Client support – Windows – UNIX – OS/2 – Mac. OS

Net. Ware • Client support – Windows – UNIX – OS/2 – Mac. OS – DOS

Net. Ware • ZENWorks – Zero Effort Networks

Net. Ware • ZENWorks – Zero Effort Networks

Net. Ware • Net. Ware NFS services – Two parts NFS gateway & NFS

Net. Ware • Net. Ware NFS services – Two parts NFS gateway & NFS server • Gateway permits clients to access a Unix file system as a Net. Ware volume – NFS server exports Net. Ware volumes to Unix and other NFS clients • Access is granted using traditional Unix Mount commands – Line printer/Line printer Daemon LPR/LPD – Built on Sun’s NFS services 2. 0

Net. Ware • NDS for Non-Net. Ware Platforms – NDS for NT • NWAdmin

Net. Ware • NDS for Non-Net. Ware Platforms – NDS for NT • NWAdmin Snap-in – NDS for Unixware – NDS for Solaris – Others

Net. Ware • NDS Directory Tree – Graphical display of the network – Consists

Net. Ware • NDS Directory Tree – Graphical display of the network – Consists of objects that are resources – Displays relationships – Objects have properties and values • Property defines a function • Value are the data for the property

Net. Ware • NDS tree Objects – Container (4) • • Root Country Organizational

Net. Ware • NDS tree Objects – Container (4) • • Root Country Organizational Unit – Leaf objects • User, printer, file server (16)

Net. Ware • File System – File Server – Volumes – Directories – Files

Net. Ware • File System – File Server – Volumes – Directories – Files • Rights Supervisor, R, W, Create, Erase, Modify, File Scan, Access Control

Net. Ware • Web-based management tool- NMP – create and delete NDS users and

Net. Ware • Web-based management tool- NMP – create and delete NDS users and groups, manage the Enterprise Web Server, the Net. Ware Web Search Server and the Net. Ware News Server. – access volume management, trustee assignments, server management, NDS management, remoteserver access to other Net. Ware 5. 1 server portals and limited access to the file systems on Net. Ware 5 and 4. x servers in the same tree.

Net. Ware – The NMP provides hardware information, console screens and server-health monitors. –

Net. Ware – The NMP provides hardware information, console screens and server-health monitors. – mount and dismount volumes, set volume attributes and server parameters, restart servers, manage connections, broadcast messages to connected users, view statistics and graphical representations of server performance, debug problems, and execute console commands.

Costs • Windows 2000 Advanced Server, $3, 999 with 25 client access licenses •

Costs • Windows 2000 Advanced Server, $3, 999 with 25 client access licenses • Net. Ware 5. 1, $3, 155 for 25 -connections • Solaris 8, free, Sun Microsystems

Net. Ware 6 Features • There a broad range of features. • Many features

Net. Ware 6 Features • There a broad range of features. • Many features are not available in other NOSs.

Storage Management • Server storage is divided into logical volumes. • A volume may

Storage Management • Server storage is divided into logical volumes. • A volume may be one or more hard drives, CD-ROMs, DVDs, or SANs. • A storage volume can contain eight terabytes.

Storage Management

Storage Management

Storage Management • Net. Ware supports storage virtualization. • Storage pools can be from

Storage Management • Net. Ware supports storage virtualization. • Storage pools can be from 1 to 254 volumes. • Storage pools can exceed the physical storage currently available.

Deployment • No additional client software is required to connect to a Net. Ware

Deployment • No additional client software is required to connect to a Net. Ware server. • Net. Ware automatically recognizes and supports protocols from different client operating systems. • Net. Ware 6 can be installed incrementally to existing networks.

i. Print • Any LAN printer can be accessible through the Internet. • i.

i. Print • Any LAN printer can be accessible through the Internet. • i. Print can create a facility floor plan that shows the physical location of printers. • Users click on the printer icon to select the printer to use. • Printer drivers are automatically downloaded and installed.

i. Print

i. Print

i. Folder • Provides remote users a simple means of accessing files on a

i. Folder • Provides remote users a simple means of accessing files on a Net. Ware server. • Files and directories are accessed by special software or a Web browser. • Transmitted files are encrypted. • i. Folder provides synchronization.

e. Directory • • e. Directory is Novell Net. Ware’s directory service. It can

e. Directory • • e. Directory is Novell Net. Ware’s directory service. It can manage users running different NOSs. It can create dynamic groups. Persistent search can take action whenever change occurs.

User Accounts • • Performed at Console. One Name Surname Password

User Accounts • • Performed at Console. One Name Surname Password