File Access in Novell Open Enterprise Server 2 SP2

File Access in Novell Open
®

Enterprise Server 2 SP2/SP3

Haripriya S
Distinguished Engineer
sharipriya@novell.com

Praveen G
Product Manager
gpraveen@novell.com

Girish KS
Software Consultant
ksgirish@novell.com

2 © Novell, Inc. All rights reserved.

Agenda

• Objectives

• File Access: the present and the future

• File Access Protocols: NCP , AFP, CIFS, Samba, FTP
™

• Making them all work together

• Troubleshooting

• Question and Answer


Objectives

• To provide a view into the various file access methods
available with Novell Open Enterprise Server 2 SP2
®

and SP3

• To provide information on the various file access
protocols – AFP, CIFS, NCP , FTP, Samba – and their
™

capabilities

• To look at ways to deploy and troubleshoot the various
protocols for high availability, multi-protocol access,
auditing, high performance


File Access Protocols
The Present and the Future

High Level Features

• AFP
– Novell Open Enterprise Server 2 SP2
®

Cross protocol file locking support between NCP , AFP
™

and CIFS
> Auditing Support
– OES 2 SP3
> Enhanced Auditing
> Improved reliability
– Future release
> Support for spotlight on MAC
> Kerberos support
> DST support


High Level Features

• CIFS
®

> Cross protocol file locking support between NCP , AFP and CIFS
™

> DFS support
> Auditing support
– OES 2 SP3
> NTLM v2 support
> DST support
> Domain passthrough authentication
> CIFS context search to be LDAP enabled
> Enhanced Auditing support
– Future release
> Kerberos support
> CIFS – DSFW support

High Level Features

• NCP ™

®

> Cross protocol file locking support between NCP, AFP, and CIFS
> Trustee change synchronization with eDirectory - Deletion and rename of
™

trustees
> Auditing support for NCP file events
> Salvage support for non-LUM users
– OES 2 SP3
> NCP volumes read only support functionality
> Add the ability to disable logins per volume and automated “clear connection”
– Future release
> Improved performance


High Level Features

• Pure-FTP
®

> Remote Server Navigation support

– OES 2 SP3
> Support FTP Share on a locally mounted Novell Storage Services volume
™

> Support for multiple instances of Pure-FTP instances running either on
different or a same node within a cluster

– Future release
> FTP common home dir option


When to Use Which Protocol?

• Scenario 1
– Novell Storage Services file system, Rich trustee model and rights inheritance → YES
™

– Resource Forks → YES
– NCP client → YES
™

– Significant number of MACs and Windows clients → YES
– Directory → eDirectory ™

• Novell AFP, Novell CIFS, Novell NCP
®

• Scenario 2
– NSS file system
– Resource Forks, Rich trustee model and rights inheritance → NO
– Novell client → NO
– Directory → DSfW
• Samba

When to Use Which Protocol?
• Scenario 3
– Novell Storage Services file system
™

– Rich trustee model and rights inheritance → NO
– Resource Forks → YES
®

– Directory → eDirectory ™

• Novell AFP, Samba
• Scenario 4
– NSS file system, Rich trustee model and rights inheritance → YES
– Resource Forks - YES
– Directory → DSfW
• Novell AFP, Samba – authentication/authorization, Novell CIFS - file access

File Access Protocols
Architecture, Capabilities

Novell Open Enterprise Server 2
®

File Systems
Types and Access Protocols
• Multiple choices for File Systems
– Novell Storage Services ™

– Posix File-Systems: Ext3, Reiser, XFS
• Multiple choices for File Access Protocols
– NCP - Novell NCP
™

– CIFS/SMB – Novell CIFS, Samba
– AFP – Novell AFP
– HTTP – NetStorage, Apache
– FTP – PureFTP with Novell changes
– NFS – Linux NFS

Novell NCP Server ®
™

• Novell NCP Server for Linux enables support for
– Login scripts,
– Mapping drives, and...
– Other services commonly associated with Novell Client™

• Services included with NCP (NetWare Core Protocol)
®

– File access and locking
– Tracking of resource allocation
– Event notification
– Connection and communication management
– Legacy print services and queue management, and...
– Network management


Novell NCP Server (cont.)
®
™

• NCP Server can run in front of POSIX Filesystems
– EXT3, Reiser
– Virtual File System (VFS) layer
– Lossy mapping from Novell rights to POSIX attributes
• NCP Server can run in front of Novell Storage
Services filesystems ™

– Complete mapping for Novell rights and trustees
• Moving users from NetWare to Linux ®

– With Open Enterprise Server 2, you no longer need to
Linux enable the user just to run a Linux server


NCP Server Architecture
™

CLI tools NRM NCP
Server
IPC
iManager
Plugin eDirectory
IPC
NW Rights
CIM + Cache

POSIX
_admin trustee
file

libmanagus

NSS posix


Novell CIFS ®

• Novell CIFS was developed in Novell Open Enterprise
Server 2 SP1
– To address the scale issues in Samba
– To provide the complete NetWare trustee model
®

– Avoid LUM enabling
• Novell CIFS capabilities in SP2/SP3
– Complete support for cross-protocol locking
– Increased performance
– Better reliability in clustered environments
– Support for auditing
– Support for NTLMv2 authentication (SP3)
– Support for Dynamic Storage Technology (SP3)


Novell CIFS Architecture®

CLI tools CIFS
Server

IPC ncp-rpc NCP
Server

iManager
Plugin IPC ldap
NW Rights dclient (ncp) eDirectory
+ Cache

CIM
trustee
file

_admin POSIX

libmanagus CASA
NSS store


Novell CIFS ®

Linux Implementation

• Install and Configuration
– YaST install
– Configuration using iManager, command-line tools
• Design details
– Stand-alone server communicating with eDirectory and NCP server
™ ™

– Requires NCP Server on the same box, but no local eDirectory replica required
™

– Uses standard POSIX interfaces, supports Novell Storage Services filesystem
– Uses trustee.xml file managed by the NCP server
• User access for CIFS
– Any eDirectory user with universal password enabled
– User contexts to be configured for the CIFS server
– LUM-enabling of eDirectory users is not required
• Unsupported
– Interoperability with Domain Services for Windows on the same server

Novell AFP ®

• Novell AFP
– To support Mac clients

• Novell AFP capabilities in SP2/SP3
– Cross-protocol locking

– Better scalability and reliability

– Audit support


Apple Filing Protocol (Novell AFP) ®

Architecture

AFP
Server
iManager
Plugin ncp-rpc NCP
Server
nmas-ldap
xplat (ncp)
conf
eDirectory
file

CIM
Provider
zAPI

CASA
NSS store


Apple Filing Protocol (Novell AFP) ®

Linux Implementation
• Install and Configuration
– YaST install
– Configuration using iManager, CIM providers for configuration and management
• Design details
– Stand-alone server communicating with eDirectory for authentication and
™

authorization
– Novell Storage Services file-system, resource forks fully supported, uses zAPI
™

• User access for AFP
– Any eDirectory user with universal password enabled
– User contexts to be configured for the AFP server
– LUM-enabling of eDirectory users is not required
• Cross-protocol locking (CPL)
– Byte-range locks and Share modes
• CPL supported across AFP, NCP and Samba ™


Combined Protocols Architecture

Samba

NCP-RPC
Rights, trustee
changes, DST NCP
events Server

Samba
DB Novell eDirectory
CIFS

CIFS ncp Samba

AFP
Service posix
zAPI

NSS

Deploying Multiple Methods for
File Access
• Data integrity
– Cross-protocol locking: AFP, CIFS, NCP , Samba
™

• Commonly supported capabilities:
– DST: Supported across CIFS, NCP, Samba in SP3, AFP?
– Auditing: Supported in Novell Open Enterprise Server 2 SP2 across
®

NCP, AFP, CIFS
– DFS: Supported only by NCP, CIFS
– LUM-less operation: NCP, AFP, CIFS, but not Samba
• Performance and scalability
– TBD (NCP/Samba comparable, CIFS around 30% slower in SP2)
– Scale: NCP: 20,000 connections, CIFS ~ 5,000 connections tested in
field, AFP: 500 connections


Cross Protocol File Locking

/var/lib/samba/locking.tdb
AFP Server

Lock
DB

CIFS Server

NCP Server


Cross Protocol File Locking
Configuration

• Enable CPFL
– ncpcon set CROSS_PROTOCOL_LOCKS=1

• Disable CPFL
– ncpcon set CROSS_PROTOCOL_LOCKS=0

• CPFL is enabled by default
– To ensure data integrity is always maintained

– If only one of the protocols is used, CPFL can be disabled
> Performance improved with CPFL disabled


High Availability
NCS Clustering

Clustering

• Why clustering?
– Increased availability of services and data

– Service and storage consolidation

– Lower cost of operation

– Software and Hardware maintenance and upgrades


Configuring CIFS in a Cluster
A Case Study


Configuring CIFS in a Cluster

• Load script
novcifs --add --vserver=virtualserverFDN –ip-
addr=virtualserverip
• Unload script
novcifs --remove --vserver=virtualserverFDN --ip-
addr=virtualserverip
• CIFS attributes for the virtual server
nfapCIFSServerName
nfapCIFSAttach
nfapCIFSComment
nfapCIFSShares


Using a Preexisting Cluster Pool
for CIFS
• Select CIFS under advertising protocols

• Offline the pool server

• Download cifsPool.py script from http:

• Run the following command

python cifsPool.py Resource_DN CIFS_Server_Name
ldaps://ldapserver:636 Admin_DN Admin_password


Troubleshooting
CIFS in a Cluster
• If the CIFS server proxy user is in a different context,
the cluster administrator should give access to the cifs
cluster attributes on virtual server object.

o=root

ou=users context, o=root ou = servers context,o=root

Assign
rights here

cn=proxy user,ou=users Virtual server
context,o=root object

Troubleshooting
CIFS in a Cluster
• Restart CIFS service whenever eDirectory service is
™

restarted

• You have to offline and online resource whenever cifs
service is restarted on the node that currently serves
cluster resource

– CIFS service will bind to the cluster resource IP


Clustering - AFP

• Volumes in a cluster
– When a client connects to the server ip, both local and cluster
enabled shared volumes are exported

– When a client connects to the cluster ip, then only cluster
enabled shared volumes associated with the IP are exported

• Volume representation
– Machine name and volume name (e.g. server.afp_vol)

• Volume name management in a cluster
– Edit /etc/opt/novell/afptcpd/afpvols.conf on each cluster node.
Syntax, Servername.VolumeName VolumeName

Support for
Distributed File Services

DFS Support for CIFS

• CIFS on Novell Open Enterprise Server 2 SP2
®

supports DFS junction that points to
– Root of Novell Storage Services volume
™

– Subdirectories in NSS volume

• Trustee rights are set both on the junction and the
target of the junction


Configuring DFS Support for CIFS


DFS Support for AFP

• AFP service on Novell Open Enterprise Server does
®

not support DFS junctions


Support for
Dynamic Storage Technology

Benefits of Dynamic Storage
Technology
• Transparent file access to end users

• Policy based migration

• Faster and smaller backups of important data

• Efficient use of expensive devices

• Migrating files from an existing secondary volume

• Access to the secondary storage area without the
performance penalties seen in HSM solutions


Components
• NCP Engine ™

• CIFS Service

• Policy Engine
– Global

– Volume


Configuration
• Novell Remote Manager
®

– http://server_IP_address:8008 or
other_configured_port_number

• Command line utility ncpcon


NRM


Global Configuration
Manage NCP Services > Manage Server > Server Parameter Information



• Cross protocol file locking should be enabled when
DST volume is exported as CIFS and NCP share
™


Authentication and Access Control

CIFS Authentication

• Default configuration on Windows workstations
– Up to Windows XP – NTLMv1

– Windows Vista and Windows 7 – NTLMv2

• Configuration
– CIFS iManager

– Command line utility - novcifs


CIFS Authentication
Configuration


Auditing

• File events auditing supported across
– NCP , AFP, CIFS
™

• Vigil interface
– Kernel modules for capturing file events
– Per-protocol kernel modules for mapping file events to protocol
events and users (for ncp, cifs)
– vigil_dump: A sample tool to display audit messages
– Can work with multiple auditing tools and reporting applications
• Sentinel
– The client solution offered by Novell which is integrated with vigil
®

– Separate product


Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.

File Access in Novell Open Enterprise Server 2 SP2

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (18)

Destaque

Destaque (9)

Semelhante a File Access in Novell Open Enterprise Server 2 SP2

Semelhante a File Access in Novell Open Enterprise Server 2 SP2 (20)

Mais de Novell

Mais de Novell (20)

File Access in Novell Open Enterprise Server 2 SP2