Novell Open Enterprise Server Architecture

  • 2,626 views
Uploaded on

With proven services trusted by organizations all over the world, Novell Open Enterprise Server continues to bring you the innovative capabilities your environment demands. Attend this session to …

With proven services trusted by organizations all over the world, Novell Open Enterprise Server continues to bring you the innovative capabilities your environment demands. Attend this session to learn more about the architecture that underpins this product and its enterprise-class services. You'll walk away having a greater understanding of Novell Open Enterprise Server on Linux—and how you can leverage it for maximum efficiency and cost savings.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,626
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
179
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Novell Open Enterprise ® Server Architecture Haripriya Srinivasaraghavan Jason Taylor Distinguished Engineer Senior Product Manager sharipriya@novell.com jhtaylor@novell.com
  • 2. Novell Open Enterprise Server ® • Open Enterprise Server 2 Linux – the migration path for NetWare ® • Get the unique capabilities of NetWare, with the proven application support, and ecosystem of SUSE Linux ® Open Enterprise Server 2 NetWare Migrate SUSE Linux Enterprise Server The long-standing leader of NetWare services on top of an secure networking services award-winning open-source server for delivering business-level applications 2 © Novell, Inc. All rights reserved.
  • 3. Agenda • Product Overview • Product Architecture • Bundled Products - Highlights • Common Frameworks • Question and Answer 3 © Novell, Inc. All rights reserved.
  • 4. Product Overview
  • 5. Open Enterprise Server 2 Product Summary • Product Goal – To be what NetWare is to you and a lot more ® > Provide the proven features and capabilities of NetWare to run your enterprise » NCP, AFP, CIFS, Salvage, Remote FTP, SLP, and a lot more > Provide additional powerful capabilities for your changing enterprise » Domain Services for Windows, Dynamic Storage Technology, new and improved iFolder, iPrint, a whole lot of applications and vendor support that is part of the Linux ecosystem • Product Life-stage – OES2 with its support packs (SP1, SP2, SP3) > Heavy focus on closing the gaps with NetWare, and addressing any stability, performance, usability issues > Targeted focus on migrations from NetWare to OES2 5 © Novell, Inc. All rights reserved.
  • 6. Open Enterprise Server 2 The Making of OES2 Identity and openSUSE SLE Workgroup Solutions Closed Source SLED SLES OES2 Open Source 6 © Novell, Inc. All rights reserved.
  • 7. Open Enterprise Server 2 Software Platforms and Hardware Architecture • Open Enterprise Server NetWare ® – 32-bit – Virtualized OES • Open Enterprise Server 2 Linux – SLES 10 - 32 bit (i386) - Intel 32 bit – SLES 10 - 64 bit (x86_64) - AMD64/EM64T • For x86_64 – Kernel is 64 bit, Supports 32 bit applications – /usr/lib and /usr/lib64 – Some of OES2 x86_64 still 32 bit applications > Kernel modules and other dependencies are 64-bit > 64 bit eDirectory since OES2 SP1 ™ 7 © Novell, Inc. All rights reserved.
  • 8. Open Enterprise Server 2 Install Scenarios • Concurrent Install – Install Open Enterprise Server 2 with SUSE Linux ® Enterprise Server 10 SP2 • Post Install – Install Open Enterprise Server 2 after SUSE Linux Enterprise Server 10 SP2 • CD/DVDs • Network install – Mini boot CD – install=[http|nfs]://<server>/<install path> • AutoYaST – Install one server, create an AutoYaST file 8 © Novell, Inc. All rights reserved.
  • 9. Open Enterprise Server 2 Upgrade Scenarios • Down Server Upgrade – Upgrade from the media by rebooting the server • Channel Upgrade – Upgrade through the OES2 channel – New in SP2 9 © Novell, Inc. All rights reserved.
  • 10. Integrated YaST Install Experience 10 © Novell, Inc. All rights reserved.
  • 11. Open Enterprise Server 2 The Novell Virtualization Story ® • Novell Virtual Machines are based on Xen technology – Open-source project, maintained by XenSource, with major industry players – Linux Virtual Machine Server (VMS) dom0 – Virtual Machine (VM) domU – After the Host environment (Dom0) is installed, the Guest OES 2 server can be installed • Open Enterprise Server 2 Linux Guest – Para-virtualized in SLES 10 SP1 i386 or x86_64 Guest environments – All Open Enterprise Server 2 services are supported in either Guest environment • Open Enterprise Server NetWare Guest ® – Para-virtualized 32-bit Guest on i386 SLES 10 SP2 Host – Para-virtualized 32-bit Guest on x86_64 SLES 10 SP2 Host > In this mode NetWare will be fully functional as a 32bit VM • Open Enterprise Server 2 SP1 – over SLES 10 SP2 11 © Novell, Inc. All rights reserved.
  • 12. Novell Virtual Machine Architecture ® 12 © Novell, Inc. All rights reserved.
  • 13. Registration: Novell Customer Center ® • During or after install you can register Open Enterprise Server 2 • Novell Customer Center – http://www.novell.com/customercenter/ – Online service to manage your products, subscriptions and services – Obtain critical Linux patches, updates, and support – Helps to ensure licensing compliance – Helps to reduce systems management costs 13 © Novell, Inc. All rights reserved.
  • 14. Partner Product Certification • SUSE Linux Enterprise Server provides a certification ® program for partners – http://www.novell.com/partnerguide/ • SUSE Linux Enterprise Server is a true enterprise Linux server – Protection from open source breakage – Releases are supported for 7 years • Products certified on SUSE Linux Enterprise Server also supported on Open Enterprise Server • Backup and anti-virus products supported on Open Enterprise Server 2 – http://www.novell.com/products/openenterpriseserver/partners/ 14 © Novell, Inc. All rights reserved.
  • 15. OES Architecture
  • 16. Bundled Products and Services Open Enterprise Server 2 SP1 – New/Modified • Directory and Identity Services – Novell eDirectory 64 bit ® ™ – Novell Domain Services for Windows – Linux User Management (LUM) • File Server – Novell Storage Services (NSS) – NCP Server (with Novell eDirectory) ™ – Novell AFP – Novell CIFS – Open Enterprise Server 2 configured Samba – Open Enterprise Server 2 configured FTP • 16 © Novell, Inc. All rights reserved.
  • 17. Bundled Products and Services Open Enterprise Server 2 (cont.) • File Services – Dynamic Storage Technology – Distributed File Services – Novell Archive and Version Server ® • Novell Cluster Services (NCS) ™ • Novell Backup / Storage Management Services (SMS) • Novell iFolder 3.9 ® • Novell iPrint • Novell NetStorage • Novell QuickFinder ™ 17 © Novell, Inc. All rights reserved.
  • 18. Bundled Products and Services Open Enterprise Server 2 (cont.) • Networking – Novell DHCP ® – Novell DNS • Management/Configuration/Monitoring – Novell iManager – Novell Remote Manager (NRM) – OpenWBEM and CIM plugins • CASA 18 © Novell, Inc. All rights reserved.
  • 19. Base Packages From SUSE Linux Enterprise Server 10 SP3 (TBD) ® • Kernel 2.6.16 (plus) • GCC 4.1.2 (plus) • Xen 3.2.0 (plus) • Tomcat5 5.0.30 (plus) • Apache2 2.2.3 (plus) • Samba 3.0.28 (plus) • Novell LDAP Extension Libraries 1.0 – 3.4.1 (plus) ® • OpenLDAP2 2.3.32 (plus) • OpenSSL 0.9.8a (plus) • OpenWBEM 3.2.0 (plus) • MIT Kerberos5 1.4.3 (plus) 19 © Novell, Inc. All rights reserved.
  • 20. OES 2 SP1 - Component Groups Single Server - Linux Productivity Services Migration Directory and Identity Services iPrint Migration CASA eDirectory LDAP XTier Tools + DSFW Apache Quickfinder Java NCP LUM File Access Protocols File Access Protocols mono iFolder 3.7 CIFS Tomcat iManager Plugins AFP Management Management J2SE NS NRM (httpstk) Versioning FTP Samba OpenWBEM DST DFS DHCP DNS NCS Reiser3 NSS EXT3 SMS Network Services High Availability File Systems and Storage Services 20 © Novell, Inc. All rights reserved.
  • 21. OES 2 SP1 - Component Groups Single Server - Linux iPrint Migration CASA eDirectory LDAP XTier Tools + DSFW Apache Quickfinder Java NCP LUM mono iFolder 3.7 CIFS Tomcat iManager Plugins AFP NS Versioning FTP Samba DST DFS Reiser3 NSS EXT3 SMS File Systems and Storage Services 21 © Novell, Inc. All rights reserved.
  • 22. OES 2 SP1 - Component Groups Single Server - Linux NCP File Access Protocols File Access Protocols CIFS AFP NS Versioning FTP Samba DST DFS Reiser3 NSS EXT3 SMS File Systems and Storage Services 22 © Novell, Inc. All rights reserved.
  • 23. OES 2 SP1 - Component Groups Single Server - Linux Directory and Identity Services CASA eDirectory LDAP + DSFW LUM NCP File Access Protocols File Access Protocols CIFS AFP NS Versioning FTP Samba DST DFS Reiser3 NSS EXT3 SMS File Systems and Storage Services 23 © Novell, Inc. All rights reserved.
  • 24. OES 2 SP1 - Component Groups Single Server - Linux Directory and Identity Services CASA eDirectory LDAP + DSFW LUM NCP File Access Protocols File Access Protocols CIFS AFP NS Versioning FTP Samba DST DFS NCS Reiser3 NSS EXT3 SMS High Availability File Systems and Storage Services 24 © Novell, Inc. All rights reserved.
  • 25. OES 2 SP1 - Component Groups Single Server - Linux Directory and Identity Services CASA eDirectory LDAP + DSFW LUM NCP File Access Protocols File Access Protocols CIFS AFP NS Versioning FTP Samba DST DFS DHCP DNS NCS Reiser3 NSS EXT3 SMS Network Services High Availability File Systems and Storage Services 25 © Novell, Inc. All rights reserved.
  • 26. OES 2 SP1 - Component Groups Single Server - Linux Directory and Identity Services CASA eDirectory LDAP + DSFW Apache LUM NCP File Access Protocols File Access Protocols CIFS Tomcat iManager Plugins AFP Management Management J2SE NS NRM (httpstk) Versioning FTP Samba OpenWBEM DST DFS DHCP DNS NCS Reiser3 NSS EXT3 SMS Network Services High Availability File Systems and Storage Services 26 © Novell, Inc. All rights reserved.
  • 27. OES 2 SP1 - Component Groups Single Server - Linux Productivity Services Directory and Identity Services iPrint CASA eDirectory LDAP XTier + DSFW Apache Quickfinder NCP LUM File Access Protocols File Access Protocols mono iFolder 3.7 CIFS Tomcat iManager Plugins AFP Management Management J2SE NS NRM (httpstk) Versioning FTP Samba OpenWBEM DST DFS DHCP DNS NCS Reiser3 NSS EXT3 SMS Network Services High Availability File Systems and Storage Services 27 © Novell, Inc. All rights reserved.
  • 28. OES 2 SP1 - Component Groups Single Server - Linux Productivity Services Migration Directory and Identity Services iPrint Migration CASA eDirectory LDAP XTier Tools + DSFW Apache Quickfinder Java NCP LUM File Access Protocols File Access Protocols mono iFolder 3.7 CIFS Tomcat iManager Plugins AFP Management Management J2SE NS NRM (httpstk) Versioning FTP Samba OpenWBEM DST DFS DHCP DNS NCS Reiser3 NSS EXT3 SMS Network Services High Availability File Systems and Storage Services 28 © Novell, Inc. All rights reserved.
  • 29. OES2 SP1 Component Architecture Single Server - Linux LDAPS (636) NCP (NDAP, File) (524) LDAP (389) http (1008), https (1010) iPrint Migration CASA eDirectory LDAP Xtier Tools + DSFW IPP (631) Quickfinder Apache NCP (524) Java LUM NCP http (80) mono iFolder 3.7 CIFS CIFS (137, 138, AFP 139) https (443) Tomcat iManager Plugins AFP ( 548) NS WebDav ( 80) J2SE FTP (21) http (1008) FTP https (1010) NRM (httpstk) Versioning CIFS CIMXML (5988) Samba (137, 138, CIMXMLS (5989) OpenWBEM DST DFS 139) DHCP DNS NCS Reiser3 NSS EXT3 SMS DHCP (67) DNS (53) GIPC (224) 29 © Novell, Inc. All rights reserved.
  • 30. Bundled Components
  • 31. Open Enterprise Server 2 File Systems Types and Access Protocols • Multiple choices for File Systems – Novell Storage Services ™ – Posix File-Systems: Ext3, Reiser, XFS • Multiple choices for File Access Protocols – NCP - Novell NCP ™ – CIFS/SMB – Novell CIFS, Samba® – AFP – Novell AFP – HTTP – NetStorage, Apache – FTP – PureFTP with Novell changes – NFS – Linux NFS 31 © Novell, Inc. All rights reserved.
  • 32. Novell Storage Services ™ • Novell Storage Services file system provides unique and powerful file system capabilities – Visibility and Trustee access controls with rich file attributes – Multiple simultaneous namespace support and Unicode – User and Directory quotas – Event file lists, and a file salvage subsystem • Especially suited for managing file services for thousands of users in an organization • Novell Storage Services volumes are cross-compatible between kernels – You can mount a non-encrypted Novell Storage Services data volume on either the Linux or NetWare kernel and move it between them ® – In a clustered SAN, volumes can fail over between kernels • Salvage does not need user LUM enabling anymore 32 © Novell, Inc. All rights reserved.
  • 33. Apple Filing Protocol (Novell AFP) ® • Apple Filing Protocol support on OES 2 Linux SP1 – Mac clients can access files from the OES 2 server – Closing the gap with NetWare ® • Feature Overview – Support for AFP 3.1, OSX 10.3, OSX 10.4 – Authentication: Universal Password, DH1 – Support for NSS volumes, NCS Clustering – Support for NetWare trustee and rights model – Support for Mac Resource Forks – Cross-Protocol Locking with NCP , Samba ™ – Simplified management using iManager – Migration from NetWare – Multi-processor support (not available on NetWare AFP) 33 © Novell, Inc. All rights reserved.
  • 34. Apple Filing Protocol (Novell AFP) ® Architecture AFP Server iManager Plugin ncp-rpc NCP Server nmas-ldap xplat (ncp) conf eDirectory file CIM Provider zAPI CASA NSS store 34 © Novell, Inc. All rights reserved.
  • 35. Apple Filing Protocol (Novell AFP) ® Linux Implementation • Install and Configuration – YaST install – Configuration using iManager, CIM providers for configuration and management • Design details – Stand-alone server communicating with eDirectory for authentication and ™ authorization – NSS file-system, resource forks fully supported, uses zAPI • User access for AFP – Any eDirectory user with universal password enabled – User contexts to be configured for the AFP server – LUM-enabling of eDirectory users is not required • Cross-protocol locking (CPL) – Byte-range locks and Share modes • CPL supported across AFP, NCP and Samba ™ 35 © Novell, Inc. All rights reserved.
  • 36. Novell CIFS ® • Novell CIFS support on OES 2 SP3 Linux – Support for SMB V1 and Browser protocol – Authentication: Universal password, NTLMv1 – Support for NSS volumes and NetWare trustee and rights model ® – Cross-protocol locking support – Management using iManager and CLI, Migration from NetWare – Multi-processor support (not available on NetWare CIFS) – LUM-enabling of users not required – Auditing support • New in SP3 – DST support, NTLMv2 support 36 © Novell, Inc. All rights reserved.
  • 37. Novell CIFS ® Architecture CLI tools CIFS Server IPC ncp- NCP rpc Server iManager Plugin IPC nmas- ldap NW Rights xplat eDirectory (ncp) + Cache CIM trustee file _admin POSIX libmanagus CASA NSS store 37 © Novell, Inc. All rights reserved.
  • 38. Novell CIFS ® Linux Implementation • Install and Configuration – YaST install – Configuration using iManager, command-line tools • Design details – Stand-alone server communicating with eDirectory and NCP server ™ ™ – Requires NCP Server on the same box, but no local eDirectory replica required – Uses standard POSIX interfaces, supports NSS file-system – Uses trustee.xml file managed by the NCP server • User access for CIFS – Any eDirectory user with universal password enabled – User contexts to be configured for the CIFS server – LUM-enabling of eDirectory users is not required • Unsupported – Interoperability with Domain Services for Windows on the same server 38 © Novell, Inc. All rights reserved.
  • 39. Novell NCP Server ® ™ • Novell NCP Server for Linux enables support for – Login scripts, – Mapping drives, and... – Other services commonly associated with Novell Client ™ • Services included with NCP (NetWare Core Protocol) ® – File access and locking – Tracking of resource allocation – Event notification – Connection and communication management – Legacy print services and queue management, and... – Network management 39 © Novell, Inc. All rights reserved.
  • 40. Novell NCP Server (cont.) ® ™ • NCP Server can run in front of POSIX file systems – EXT3, Reiser – Virtual File System (VFS) layer – Lossy mapping from Novell rights to POSIX attributes • NCP Server can run in front of Novell Storage Services file systems ™ – Complete mapping for Novell rights and trustees • Moving users from NetWare to Linux ® – With Open Enterprise Server 2, you no longer need to Linux enable the user just to run a Linux server 40 © Novell, Inc. All rights reserved.
  • 41. Domain Services for Windows • An OES pattern – Emulates an Active Directory domain controller – Works with Samba, iPrint, and applications doing AD authentication – Supports interoperability in a mixed eDirectory /AD environment ™ • Use cases – For AD application support (authentication only applications) – Client-less access (no NCP on wire) – Management using iManager or MMC • Comprises of – OSS: NTP, Samba, DNS, glibc, MIT Kerberos, DCE-RPC – Closed source: Novell eDirectory, LUM ® 41 © Novell, Inc. All rights reserved.
  • 42. Co-existence – A Typical Use Case • Cross-domain and cross-forest trusts with AD Cross Forest Trust User Add/Modify Mforest.abc.com Root iManager Organization Domain DSfW ADPH eDirectory 8.7.3 Master SPx Domain Organization Unit eDirectory Replica Ring User Add/Modify User Add/Modify DSfW eDirectory 8.8 SP1 MMC User Add/Modify ConsoleOne 42 © Novell, Inc. All rights reserved.
  • 43. Domain Services for Windows • New features – New and improved DSfW install and provisioning > Reduced DSfW install failures > Improved install troubleshooting – sysvol replication support – Partner support > Support for Citrix Server interoperability > Support for VMWare – Connected partition restriction on domains removed 43 © Novell, Inc. All rights reserved.
  • 44. Dynamic Storage Technology (cont.) • Reducing the cost of storage with shadow volumes – Overlay 2 subdirectory trees to create 1 virtual volume – Transparent to clients – Define policies to manage file distribution between trees • Benefits – Partition files based on “need to backup” – Can have different backup policies for each tree > Smaller, faster backups for most important data – Can use different storage for each tree > Less expensive storage for less important data – Like HSM but without the pain 44 © Novell, Inc. All rights reserved.
  • 45. Dynamic Storage Technology Important Data Less Important Data PRIMARY TREE: SHADOW TREE: Subdirectory – 1 Subdirectory – 1 file – 1 file – 3 file – 2 CLIENTS SEE: Subdirectory – 2 Subdirectory – 2 file – 5 file – 4 Subdirectory – 1 file – 6 file – 1 file – 2 file – 3 Subdirectory – 2 file – 4 file – 5 file – 6 45 © Novell, Inc. All rights reserved.
  • 46. Novell Linux User Management (LUM) ® • Linux User Management (LUM) enables eDirectory ™ users to function as local POSIX users on Linux servers • This functionality lets administrators use eDirectory to centrally manage remote users for access to one or more Open Enterprise Server Linux servers • Delivered as a set of modules – Pluggable Authentication Modules (PAM) “pam_nam” – Name Services Switch “nss_nam” – Caching Daemon “namcd” 46 © Novell, Inc. All rights reserved.
  • 47. Novell Linux User Management (cont.) ® getFDN() PAM Enabled getGUID() Apps pam_*.so LDAP pam_*.so (bind) pam_*.so pam_*.so pam_nam.so pam_*.so LDAP Open PAM Closed Source /etc/nam.conf Closed Source /etc/pam.d/*.conf Source LDAP <app>.conf socket (proxy) namcd socket cache Closed Closed Source Closed Source eDir Source libnss_nam.so pam_*.so NSS pam_*.so /etc/nsswith.conf schema 47 © Novell, Inc. All rights reserved.
  • 48. Novell eDirectory 8.8 SP5 (TBD) ® ™ • Native 64 bit eDirectory – The NCP Server also runs as 64 bit service • LDAP Auditing • Enhanced Authentication Protocol Support • Enhanced Directory Monitoring in LDAP layer 48 © Novell, Inc. All rights reserved.
  • 49. Novell iFolder 3.9 ® • File access from anytime anywhere – A simple and secure storage and synchronization solution > Backup, Encrypt, Access and Manage files • iFolder 3.7 – Centralized Server Administration using Web Console – Enhanced conflict management – Response file support for large deployments – LDAP group support for access control – Secure communication – Server-side Migration: 2.x to 3.7 – Mac Client Support – AD Support 49 © Novell, Inc. All rights reserved.
  • 50. Other components • NCP Server – Can host any POSIX file-system with lossy mapping of rights – Can also host NSS file-system with complete support for Novell ® rights model – LUM-enabling not required – New 64-bit NCP Server on Linux • iPrint – Added support for iPrint accounting API on Linux • DNS/DHCP – Closed-source DNS, open-source DHCP – New Java Console on Windows 50 © Novell, Inc. All rights reserved.
  • 51. Common Frameworks
  • 52. Open Enterprise Server 2 SP1 Common Frameworks • Migration – Migration Tools, SCMT • Installation – YaST • Configuration – iManager – Backend database: files or eDirectory ™ • Management – NRM, iManager – CIM, CIM providers > OpenWBEM • Auditing – LAF 52 © Novell, Inc. All rights reserved.
  • 53. Upgrade/Migration Matrix • Supported Upgrade Sources – NetWare 5.1 SP8 ® – NetWare 6.5 SP6 – Open Enterprise Server 1 SP2 Linux – SUSE Linux Enterprise Server 10 SP1 ® • Supported Migration Sources – NetWare 5.1 SP8 – NetWare 6.5 SP6 – Open Enterprise Server 1 SP2 Linux – Windows NT4 or Windows 2003 53 © Novell, Inc. All rights reserved.
  • 54. Open Enterprise Server 2 SP1 Migration Framework • Migration Tool – An integrated GUI with plugins for each service requiring migration – Backend CLI tools that can be used as well • Theory of operation – Migration GUI Framework – Java-based > Consolidated GUI – service UIs plug-in into this framework > Uniform capabilities: Scheduling, check-pointing, notifications, parameters > Skins on top of existing CLI commands where required – Command-line tools for file-system migration 54 © Novell, Inc. All rights reserved.
  • 55. Open Enterprise Server 2 SP1 Migration Scenarios, Platforms and Services • Migration Scenarios – Upgrade, Migration, Consolidation (not supported) – Migration > Same Tree, Server ID Transfer • Supported Source Platforms – OES 1.0 SP2, NetWare 6.5 SP6, NetWare 5.1 SP8 ® • Service Support – eDirectory , Archive Version Services, DNS, DHCP, iPrint, iFolder, AFP, ™ Novell CIFS, FTP, NTP ® – File System > Supports NSS and traditional FS on NetWare as sources > Supports only NSS on OES 1.0 > Supports migrations from NTFS 55 © Novell, Inc. All rights reserved.
  • 56. Learn More at BrainShare ... ® • Attend any of the following related sessions: – IO101: Open Enterprise Server 2 Introduction, Overview and Futures – IO104: Introduction to the Novell Open Workgroup Suite ® – IO111: Migration Tools on OES 2 – TUT106: Domain Services for Windows – TUT211: Enhanced Protocol Support in OES 2 SP1 – AFP and CIFS – TUT109: DNS-DHCP on OES 2 – TUT208: Dynamic Storage Technology • Stop by the OES tables E8-E19 in the technology lab 56 © Novell, Inc. All rights reserved.
  • 57. Question and Answer
  • 58. Backup Slides
  • 59. Novell Open Enterprise Server ® • Novell Open Enterprise Server is a suite of services – File, Print and Storage Services – High Availability Services – Management Services – Productivity and Networking Services – Identity and Security Management • Open, easy-to-deploy platform www.novell.com/oes 59 © Novell, Inc. All rights reserved.
  • 60. Background and History
  • 61. A Brief History • Novell has ported NetWare services to other ® ® platforms – Windows, Unix, Linux • Novell Nterprise Linux Services ™ – First full suite of services similar to NetWare – Supported on SUSE Linux Enterprise Server and RedHat ® • Open Enterprise Server 1.0 – Only supported on SUSE Linux Enterprise Server 9 (SLES) – Full mixed source distribution • Open Enterprise Server 2 – An add-on product hosted on SUSE Linux Enterprise Server 10 SP1 (SLES10 SP1) 61 – Update to OES2 slated for release in 4Q 2008 © Novell, Inc. All rights reserved.
  • 62. Open Enterprise Server 2 Auditing/LAF • SUSE Linux Enterprise Server 10 introduces a ® new auditing subsystem • LAF (Lightweight Audit Framework) – Kernel interfaces for kernel modules – User space interfaces for users space applications • Many still write to syslog • Sentinel and other auditing products will have LAF connectors • Audit log all system and security issues: – Authentication – Authorization – Configuration changes 62 © Novell, Inc. All rights reserved.
  • 63. Rights Models • Posix compliant file systems – Linux Attributes > (u)ser, (g)roup, (o)ther > (r)ead, (w)rite, e(x)ecute > Example: 770 (user = rwx, group = rwx, other = ---) > Example: 644 (user = rw-, group = r--, other = r--) – Linux Access Control Lists (ACLs) > More robust than attributes > user1 = rwx, user2 = r--, user 3 = r-x • Non-Posix compliant file systems – Other rights models: Novell ACLs; MS rights ® 63 © Novell, Inc. All rights reserved.
  • 64. Java (IBM, Sun, 32 bit and 64bit) • Java 1.5 – SUSE Linux Enterprise Server 10 shipped with JVM 1.4.x ® – SUSE Linux Enterprise Server 10 SP1 will include JVM 1.5 • Vendors – SUSE Linux Enterprise Server 10 ships both IBM and Sun JVMs • Open Enterprise Server 1.0 defaulted to the Sun JVM • Open Enterprise Server 2 will default to the IBM 1.5 JVM • On x86_64 – Use the 32bt JVM (supports 32bit JNI) java-1_5_0-ibm-32bit – Careful with /usr/lib/jvm/java and /usr/lib64/jvm/java 64 • © Novell, Inc. All rights reserved.
  • 65. Open Enterprise Server 2 SP1 Security Focus • Architecture Reviews – Secure communications – Protecting credentials • Basic secure coding guidelines – Buffer overflow protection – Not running as root and reduced privileges – Separation of authentication from service • Vulnerability Testing – System wide “nessus” testing 65 © Novell, Inc. All rights reserved.
  • 66. CASA • CASA (Common Authentication Service Adapter) – Credential store for single sign on, Authentication Services – Client Store: Safely store shared secrets and credentials – Server Store: Safely store daemon secrets for booting with authentication – Authentication: Simplified API for “kerberizing” applications • Open Enterprise Server bundles CASA – Fully open sourced • Programming support and Bindings (C, C#, Java) – Client: Authentication Token Client API, Secret Store API – Server: Authentication Token Verification Module API, Secret Store API 66 © Novell, Inc. All rights reserved.
  • 67. Novell ® Archive and Version Services • Periodically captures and stores versions of your network files • Uses an archive database • Uses a schedule that you determine • Users can search for a previous version of a file and quickly restore it • Archive and Version Services on Linux was introduced in OES2 67 © Novell, Inc. All rights reserved.
  • 68. OpenWBEM and CIMOM (cont) Other Management • Command Line Consoles • Open Standard • Scriptable Management Managed Servers Servers plugin OES provider OES Linux Linux iMgr plugin CIM Client CIMOM provider CIMXML provider plugin HTML browser plugin OES provider OES NetWare NetWare iMgr plugin CIMOM provider CIM Client plugin provider 68 © Novell, Inc. All rights reserved.
  • 69. Open Enterprise Server Architecture • First level bullet (24pt) – Second level bullet (20pt) > Third level bullet (16pt) » Fourth level bullet (14pt) 69 © Novell, Inc. All rights reserved.
  • 70. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.