Domain Services for Windows: Best Practices for Windows Interoperability Biswajeet Mahapatra Product Manager [email_addres...
What is Domain Services for Windows (DSfW)? Prerequisites for Successful Implementation Deployment Scenarios Demonstration...
What is Domain Services for Windows?
What is Domain Services for Windows? Domain Services for Windows (DSfW) is a suite of technologies Provides AD style authe...
DSfW: What Does It Achieve? eDirectory ™  Tree Active Directory Forest DSfW DSfW Cross Forest Trust Resource Access eDirec...
Benefits of DSfW Access Novell ®  Open Enterprise Server (OES) file system without a Novell Client ™  on the workstation S...
Prerequisites for Successful Implementation
Understand What You Are Trying To Achieve with DSfW <ul><li>Client-less authentication and access to Novell ®  resources?
Access to AD applications? </li><ul><li>Check if  Windows based application is going to work with DSfW </li><ul><li>Can it...
Does it need an  AD forest with Trust established (SharePoint) </li></ul></ul></ul>
Examine your existing eDirectory ™  structure:   eDirectory designs with a hierarchical structure of Organization objects ...
Planning Considerations  <ul><li>DSfW into an existing tree </li><ul><li>eDirectory ™  versions need to be up to date.
At least one existing eDirectory 8.8 Server should be in the tree with the rest at 8.73.10 or later.
Put at least one Open Enterprise Server 2 Linux Server in place to begin with with any NetWare ®  6.5 Servers on SP8
Time synchronization is key. Kerberos is also time sensitive </li></ul></ul>
Deployment Options
New Domain Non-Name Mapped Configuration <ul><li>Characteristics: </li><ul><li>eDirectory ™  tree is new
The AD Forest  is created at the Tree Root as a hierarchy of DC objects.
The DC objects are actual eDirectory objects
User administrator is created in cn=administrator,cn=users,dc=example,dc=com </li></ul></ul>server 1 server 2 server 3 ser...
New Domain Non-Name Mapped Configuration Why would this be used? <ul><ul><li>Single Server Tree
New Tree just for DSfW. No other Novell ®  application considerations
The eDirectory ™  Tree Administrator is also the DSfW  Administrator. No eDirectory user called admin is created
A domain is automatically mapped to the eDirectory container e.g. domain acme.com is mapped to container dc=acme,dc=com </...
Into Existing eDirectory ™  Trees Name-Mapped Configuration Characteristics <ul><ul><li>An existing eDirectory Tree's part...
Into Existing eDirectory ™  Trees Name-Mapped Configuration Why would this be used ? <ul><ul><li>To add DSfW to an existin...
To allow the use of Novell Workstations without the  Novell  Client ™
To preserve use of existing Novell based applications such as GroupWise ®  and the Novell Client
Microsoft Applications access can be established through an AD style trust </li></ul></ul>
Demonstration of Deployment
Upcoming SlideShare
Loading in...5
×

Cl310

659

Published on

Novell Brainshare 2010 Amsterdam

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
659
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cl310

  1. 1. Domain Services for Windows: Best Practices for Windows Interoperability Biswajeet Mahapatra Product Manager [email_address] David Shepherd Senior Technical Specialist [email_address]
  2. 2. What is Domain Services for Windows (DSfW)? Prerequisites for Successful Implementation Deployment Scenarios Demonstration DSfW in OES2 SP2 and beyond Third Party Applications Support Agenda
  3. 3. What is Domain Services for Windows?
  4. 4. What is Domain Services for Windows? Domain Services for Windows (DSfW) is a suite of technologies Provides AD style authentication to users, applications eDirectory ™ users can access AD resources and applications with a cross forest trust in place Access to Open Enterprise Server services like file and print services hosted on Novell Storage Services ™ or POSIX file systems is unchanged
  5. 5. DSfW: What Does It Achieve? eDirectory ™ Tree Active Directory Forest DSfW DSfW Cross Forest Trust Resource Access eDirectory User Windows User AD Style Authentication MMC Add/Modify User iManager Clientless Access Applications
  6. 6. Benefits of DSfW Access Novell ® Open Enterprise Server (OES) file system without a Novell Client ™ on the workstation Single Identity and single login to access resources from Linux, AD and other services Standardized administration tool in a heterogeneous environment Applications needing AD style Authentication can be seamlessly used with OES deployments Integration of Windows desktops into a Linux environment Leverage existing eDirectory ™ tree to create a AD forest without rip-and-replace.
  7. 7. Prerequisites for Successful Implementation
  8. 8. Understand What You Are Trying To Achieve with DSfW <ul><li>Client-less authentication and access to Novell ® resources?
  9. 9. Access to AD applications? </li><ul><li>Check if Windows based application is going to work with DSfW </li><ul><li>Can it be in a DSfW Forest? (NetApp, Citrix)
  10. 10. Does it need an AD forest with Trust established (SharePoint) </li></ul></ul></ul>
  11. 11. Examine your existing eDirectory ™ structure: eDirectory designs with a hierarchical structure of Organization objects is more suited for DSfW than a flat structure Domain Name: The first DSfW servers DNS Suffix needs to match the AD Domain Name and suffix. For example if your AD domain name is dc=novell,dc=com then the DNS Suffix needs to be novell.com Schema checks: Check your schema in accordance with Novell ® TID 7003431 Partitioning and replication: Check the general tree health and how the existing partitions map to DSfW Planning Considerations
  12. 12. Planning Considerations <ul><li>DSfW into an existing tree </li><ul><li>eDirectory ™ versions need to be up to date.
  13. 13. At least one existing eDirectory 8.8 Server should be in the tree with the rest at 8.73.10 or later.
  14. 14. Put at least one Open Enterprise Server 2 Linux Server in place to begin with with any NetWare ® 6.5 Servers on SP8
  15. 15. Time synchronization is key. Kerberos is also time sensitive </li></ul></ul>
  16. 16. Deployment Options
  17. 17. New Domain Non-Name Mapped Configuration <ul><li>Characteristics: </li><ul><li>eDirectory ™ tree is new
  18. 18. The AD Forest is created at the Tree Root as a hierarchy of DC objects.
  19. 19. The DC objects are actual eDirectory objects
  20. 20. User administrator is created in cn=administrator,cn=users,dc=example,dc=com </li></ul></ul>server 1 server 2 server 3 server 4 server 5 dc=example, dc=com Domain Controllers
  21. 21. New Domain Non-Name Mapped Configuration Why would this be used? <ul><ul><li>Single Server Tree
  22. 22. New Tree just for DSfW. No other Novell ® application considerations
  23. 23. The eDirectory ™ Tree Administrator is also the DSfW Administrator. No eDirectory user called admin is created
  24. 24. A domain is automatically mapped to the eDirectory container e.g. domain acme.com is mapped to container dc=acme,dc=com </li></ul></ul>
  25. 25. Into Existing eDirectory ™ Trees Name-Mapped Configuration Characteristics <ul><ul><li>An existing eDirectory Tree's partitioned container is used to map the DSfW domain </li></ul></ul><ul><ul><li>The eDirectory Tree Administrator is different from the First Domain Administrator </li></ul></ul><ul><ul><li>The domain mapping to eDirectory Tree is managed by the eDirectory Tree Administrator </li></ul></ul>
  26. 26. Into Existing eDirectory ™ Trees Name-Mapped Configuration Why would this be used ? <ul><ul><li>To add DSfW to an existing eDirectory environment
  27. 27. To allow the use of Novell Workstations without the Novell Client ™
  28. 28. To preserve use of existing Novell based applications such as GroupWise ® and the Novell Client
  29. 29. Microsoft Applications access can be established through an AD style trust </li></ul></ul>
  30. 30. Demonstration of Deployment
  31. 31. Deployment of DSfW into An Existing eDirectory ™ Tree Existing NetWare ® 6.5 SP8 Tree – Novell ® -Tree Open Enterprise Server 2 SP2 Server has already been part configured and joined to the tree The DSfW provisioning wizard needs to run Once deployed examine how access can be given to Microsoft Clients to data volumes hosted on the NetWare Server
  32. 32. DSfW in Open Enterprise Server 2 SP2 and Beyond
  33. 33. DSfW in Open Enterprise Server 2 SP2 <ul><li>Enhanced install with a new provisioning wizard
  34. 34. SYSVOL information replicated to Additional Domain Controllers
  35. 35. Existing password policies are honored
  36. 36. Support channel and media upgrade from OES2SP1 </li></ul>
  37. 37. DSfW Provisioning Wizard Allows autoYaST to configure a basic Open Enterprise Server 2 SP2 system. A Java-based wizard is then used Gives more control and management over the DSfW install process than OES2 SP1 Gives the opportunity for remedial action if an installation stage fails. Each stage can be executed multiple times until successful Is only run when the base OS is installed and operational Can be scripted if required
  38. 38. DSfW Provisioning Wizard
  39. 39. SYSVOL Replication SYSVOL stores information about Group Policies SYSVOL information replicated to Additional Domain Controllers thus ensuring load balancing and fault tolerance Uses rsync to accomplish the synchronization Similar functionality to native Windows 2003 Domain Controller
  40. 40. Password Policies Extended YaST configuration to retain the existing password policy association on the domain users For each new group policy, a corresponding password policy is created in cn=Password Policies, cn=systems, dc=<do main> gpo2nmas can handle multiple group polices gposync.sh will build a list of group policies and run gpo2nmas for each of them crontab will run gposync.sh once every 30 minutes
  41. 41. Upgrade Channel and media upgrade supported. Upgrade Sequence: PDC first, ADCs later. Multiple PDC SRV records from DNS will be removed sshd, rsync configuration files are changed Mixed version environment is supported
  42. 42. DSfW in OES2 SP3 Removing Partition Boundary Limitation DNS configuration on ADC Deployment limiters addressed <ul><ul><li>Master Replica not mandatory on the Domain Controller
  43. 43. Disconnected child domains in a eDirectory ™ tree
  44. 44. Domain name need not be the eDirectory container name </li></ul></ul>Windows 2008 member server support
  45. 45. Third Party Application Support
  46. 46. Citrix <ul><li>Supported configuration for Citrix XENDesktop and DSfW: http://support.citrix.com/article/CTX123281 </li><ul><li>XenDesktop 3 and 4 are supported when used in an environment with Novell ® Domain Services for Windows (DSfW) in Open Enterprise Server 2 Support Pack 1 and higher as follows:
  47. 47. The XenDesktop farm must be configured to use registry-based controller discovery, as documented in KB article CTX118976 - How to Configure XenDesktop to Function Properly Without an Organizational Unit in Active Directory, and all Desktop Delivery Controllers and virtual desktops must be a member of the same “Domain Services for Windows” domain. There is no requirement for Novell Client ™ software to be installed either on the Desktop Delivery Controllers or the virtual desktops </li></ul></ul>
  48. 48. NetApp DSfW Domain USERS COMPUTERS
  49. 50. <ul><li>Unpublished Work of Novell, Inc. All Rights Reserved.
  50. 51. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
  51. 52. General Disclaimer
  52. 53. This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×