Architecting a Full-Service Intranet with Novell's IntranetWare
Articles and Tips: article
Corporate Integration Manager
Systems Engineering Division
01 Dec 1996
Describes how to build a full-service intranet to meet various communication and administrative needs within an organization
- Introduction
- What Good Is an Intranet?
- Defining the Intranet Environment
- Solutions for Typical Intranet Needs
- Future Product Enhancements
- Conclusion
Introduction
Riding on the coat-tails of the Internet phenomenon, the so-called "intranet" is garnering a lot of attention in corporations these days. Yet there is a lot of confusion about what, exactly, an intranet is and what it can do for the average organization looking to improve internal communication processes.
The purpose of this AppNote is to clarify understanding of the intranet environment by defining key components that are collectively required to have a fully-functional intranet. By taking advantage of the latest technologies available in the LAN and Internet arenas, organizations can enhance the communication among employees, regardless of the computing platform they are using. Best of all, you don't have to throw out the intricate network infrastructure it's taken you years to build. The goals and architecture of an intranet blend nicely with the LAN or WAN you already have.
This AppNote is divided into three main sections:
The first section defines the intranet environment and associated components.
The second section describes typical intranet needs facing organizations today and discusses possible solutions.
The third section highlights upcoming intranet solutions from Novell.
For additional information on Novell's NetWare Web Server and related products, see the following AppNotes:
Sep 96 "Exploring the NetWare Web Server, Part 3: A Complete Innerweb Solution" Mar 96 "Exploring the NetWare Web Server: Part 2" Feb 96 "Exploring the NetWare Web Server: Part 1"
What Good Is an Intranet?
In surveys asking why organizations want to implement an intranet, the most common reason given is "improved communications." Managers are looking to intranets to enable faster, more reliable and cost-effective exchange of data within an organization. Intranets can also open up new ways of exchanging information, utilizing technologies such as voice mail, video, and distributed applications.
To better understand the value of an intranet, consider the time and money spent on the daily communication activities within a typical multi-site organization:
Locating needed information and documents
Sending documents (via interoffice mail or by fax) to remote sites
Scheduling conference rooms and staff for meetings
Receiving and responding to voice mail
Maintaining equipment designed to handle large amounts of photocopying and paper publishing
If all documents were published electronically in standard formats that are viewable by everyone in the organization, the costs of searching, replicating, and distributing information would be significantly reduced. Furthermore, with groupware (enabled with audio, video, telephony, and e-mail), long-distance discussions could be carried on in real time with immediate feedback. These are precisely the sorts of advantages an intranet can provide.
As an example, I routinely receive internal Novell sales materials sent by regular mail. The contents usually include glossy sales brochures, videotapes, and sometimes even audio cassettes relating to a particular software package. While this information is useful, it is expensive to produce in mass quantities and ship to all Novell sales personnel. Moreover, I have to read through several documents to find out such things as where to download the software and who to contact for beta requests.
If this information were made available on the corporate intranet, I could more easily access it on demand, without having to wait for a package to be mailed to me. Imagine this possible future scenario: I receive an e-mail message from Novell Marketing indicating that the beta version of a hot new product is now available. I fire up my browser, go to the indicated web site, and click on a button to download the product. Since I'm on the intranet, the web server recognizes who I am, completes an application for the beta version of the product, and then downloads the software for me automatically. For a printed copy of the sales brochure for this product, another click of the mouse automatically sends a print job to a color printer with glossy paper installed. If I don't know where the printer is located, I can click on a button to retrieve a floor plan that is stored along with the printer object in Novell Directory Services (NDS). A few minutes later, I'm on my way to see an interested customer with a professional-looking brochure and beta software in hand.
With the features and capabilities Novell has bundled into IntranetWare, scenarios such as this are not far from reality. All it takes is a little technical know-how and a lot of imagination, and your intranet can soon be doing everything but cook breakfast!
Defining the Intranet Environment
You have no doubt run across many definitions of this new term "intranet." Before I offer another one, let me first describe the foundation of an intranet: the local or wide area network you have right now.
Local area networks (LANs) have been around for many years. Their main purpose is to provide an environment for sharing data between similar and dissimilar devices: PCs to PC servers, PCs to mainframes, Unix workstations to Unix hosts, and so on. The key word for LANs is "sharing."
As LANs were interconnected to form larger wide area networks (WANs), these "local" area networks became world-wide information highways for data sharing within an organization. "Enterprise LANs" soon became entrenched in the computing world, enabling at least basic communication among different computing systems. However, it wasn't long before users realized the need to go beyond basic communication and natively interact with all systems, even those outside of the enterprise LAN, regardless of the technological differences between systems. Using an IBM 3270 terminal emulator on a PC or Macintosh to link to a mainframe application simply didn't provide a high enough level of interaction anymore.
The Internet is now being heralded as as the global superhighway that will link disparate computing systems together. The pieces of the Internet that everyone is most excited about are HTML (HyperText Markup Language) and Sun Microsystems' Java. These cross-platform computing languages allow data to be formatted and exchanged in a common manner, regardless of the desktop platform used to access the data. In addition, Java provides distributed services and interaction with dissimilar systems.
The mechanisms by which data exchange occurs on the Internet are the web browser (on the client), a network protocol (such as TCP/IP), and an HTTP (HyperText Transfer Protocol) server capable of serving documents and Java applets. With the rise of the Internet, it has become clear that incorporating these same technologies into the enterprise LAN could help organizations build an interactive network.
You May Already Have an Intranet
The most popular protocols on today's LANs are the NetWare Core Protocols (NCP) using IPX/SPX or TCP/IP as the transport protocol. Some sixty million users currently use NCP to store and retrieve files, print documents, and access databases. In addition, many Novell customers have invested heavily in adding remote/mobile access, mainframe connectivity, and applications such as GroupWise to their networks (see Figure 1).
Figure 1: Many current Novell network environments include the components shown here.
With a working Novell LAN or WAN in place, you already have most of what's needed for an intranet: an efficient infrastructure for accessing data. At a minimum, an intranet is simply a LAN in which web browsers can be used to access documents. All you need to do is add is HTTP (web services) to your server, install web browsers on your clients, throw in FTP (File Transfer Protocol) as a connection protocol, and voilà! You have an intranet. Of course, one of the main goals of an intranet is the ability to natively access data. For better functionality, documents should be converted to HTML and graphics to GIF or JPEG formats (see Figure 2).
|
Intranet = Your existing LAN/WAN + Internet Standards |
Figure 2: With the addition of web services and browsers, HTTP, and HTML documents, your current Novell network becomes an intranet.
Novell's IntranetWare provides an excellent foundation upon which to build an intranet. In addition to the NetWare 4.11 operating system, IntranetWare includes additional software components that provide both Internet and intranet capabilities:
NetWare Web Server
Novell Internet Access Server
Novell IPX/IP Gateway
File Transfer Protocol (FTP) and Unix Print Services
Netscape Navigator browser
Developer tools
To really take advantage of the intranet paradigm, you'll probably want to have programmers write Java applets, and develop mainframe and Unix CGI (Common Gateway Interface) applications that interface to web servers. Fortunately, you don't have to implement all of this at once. A systematic, well-planned adoption of Internet solutions is the best approach. In other words, you need to keep what you've got today and apply new technologies where they make sense.
|
"Imagination is more powerful than knowledge." -Albert Einstein |
Each organization must customize its environment to publish HTML documents and serve Java applets. This is where most of the time will be spent: designing and creating content for this new networking paradigm. A well-executed intranet plan will provide increased functionality that was never before possible. When developing an intranet strategy, take time to carefully analyze which new solutions and technologies will best fit into your existing environment. Keep in mind that you probably have most of what's necessary. Until you can modify or phase out some of your systems to support the intranet, you still have to keep the organization running.
But an Intranet Can Be So Much More
Intranets can and should be much more than a collection of company-owned web servers and web browsers. By leveraging existing LANs, communication lines, and applications, your intranet can be the supply line to all information, including data from sources on the Internet. Rather than becoming obsolete, the operating systems you use today are evolving to accommodate new Internet-based networking paradigms. With nearly all computing organizations pledging support for standard Internet protocols, document formats, and application interaction mechanisms, the long-promised era of interoperability doesn't seem so far away anymore.
According to some definitions, in an intranet all data is retrieved from HTTP servers with the browser as the only application. It is doubtful whether such a scenario is possible until the current web standards are dramatically enhanced. Today, web browsers can retrieve files, play animations and video clips (slowly), and access databases--but they can't do much more than that. As browser functionality and HTML format capabilities improve over time, HTML documents will be able to combine sophisticated images, Java applets, and real-time audio, as well as up-to-the-minute data from NDS and remote servers (see Figure 3).
Figure 3: A compound HTML document combines a number of different data types.
|
"Once the HTTP server sends the requested page, it disconnects. This means the server does not retain any information from the browser. Users must be reidentified by the web server each time they move to a new page of information. What's lacking is known as persistence or the cohesive, start-to-finish tracking of a user's activities."-InfoWorld, July 22, 1996, p. 58 |
Another roadblock is that there is currently no "persistence" in the Internet world. Clients disconnect from servers after each request is fulfilled, and servers forget which client they just talked to and what data they just sent. Also, cross-server logins aren't possible with traditional web servers. Users must enter separate usernames and passwords for each server they access. Such concepts seem almost primitive in the NetWare world, where user connections remain established until a logout occurs, and where authentication requests are handled transparently in the background.
The upcoming Lightweight Directory Access Protocol (LDAP) promises to provide cross-platform authentication for a variety of services. However, service vendors are not implementing LDAP in a standard way. Novell is developing an NDS-LDAP gateway that will allow a single login to HTTP and other LDAP services wherever they are, even on the Internet. (I'll discuss this in more detail later in the AppNote.)
Playing by a Different Set of Rules
While some Internet functions apply to the intranet as well, the "rules" which govern the intranet are much different. Since your organization controls your intranet, you can dictate different standards for such things as client browsers, plug-ins, and protocols. The following table summarizes the key differences between the Internet and an intranet.
|
Internet
|
Intranet
|
|
|
Controlled by |
No single entity |
The organization |
|
Supported browsers |
All, even text-only |
Those defined by the organization |
|
Supported protocols |
TCP/IP, HTTP, FTP, more |
Those, plus whatever else is used on yourLAN (IPX/SPX) |
|
Document formats |
HTML (text)GIF and JPEG (images) |
Those, plus any others that can be viewedwithin a browser (such as the Envoy plug-in) |
|
Security |
UUEncode, SSL, S-HTTP, others |
Those, plus NDS authentication |
|
Ease of administration |
Difficult |
Easier with Directory Services |
It is clear that, as we approach the next century, our existing LAN/WAN environment will need to adapt to provide the type of cross-platform, interactive data exchange that will be expected by persons of all ages and from all parts of the world who have found electronic "religion" on the Internet. As we'll see in the next section, this adaptation may not be as painful as you might expect.
Solutions for Typical Intranet Needs
This section presents various administrative and communication needs of organizations looking to implement an intranet, along with a discussion of how IntranetWare and other Novell products can provide a solution for these needs. Keep in mind that a full-service intranet implementation requires not only web services, but file, print, security, management, messaging, and collaboration services as well.
|
N E E D E D : |
A single, secure method for managing access to intranet data and web services. |
|
S O L U T I O N : |
Use Novell Directory Services and the C2 security features in IntranetWare to manage access to the intranet. |
One of the most difficult aspects of setting up an intranet and providing web services is keeping track of where data is, how it is accessed, and who can access it. In an ideal world, all systems (file, print, database, application, and so on) would cooperate with each other, making cross-authentication and data retrieval happen seamlessly and without complex configurations. However, in reality systems don't easily talk to each other, and finding information can be a real headache for the average user.
In the traditional Internet environment, ease of management was not much of a concern. HTML and HTTP were designed simply to retrieve data in an open environment with limited access control mechanisms. More robust security was eventually added to HTTP, almost as an afterthought, to protect data sent across the network.
The task of managing rights to data, however, is still difficult and archaic in this environment. As a case in point, Unix server administrators must maintain user lists and rights tables as text files which are specific to a server, not for an entire network. Figure 4 shows an example of such a file, which must be manually edited on a server-by-server basis.
Figure 4: A sample Unix HTTP access file.
# User file USERS.TXT, case-sensitive eric:flyer chris:cigar craig:radiator # User file USERS.WWW after passwords are UUEncoded eric:6oJBDHqZkYFrXu7r4ZXiCg== chris:idqALKKBPp73J1bMsH4jVQ== # Web directory access file # (required for each protected parent directory) <Directory DOCS<< Options Indexes Includes IndexOptions FancyIndexing IconsAreLinks ScanHTMLTitles AllowOverride All <Limit GET<< order allow,deny allow from all </Limit<< </Directory<< <Directory DOCS/NWWEB<< Options Indexes Includes IndexOptions FancyIndexing IconsAreLinks ScanHTMLTitles AllowOverride All <Limit GET<< order allow,deny allow user chris </Limit<< </Directory<< # Directory access file for any directory # (this file must be in each directory to protect) # (access is by each user specified, or "all") AuthType Basic AuthName Web AuthUserFile USERS.WWW <Limit GET<< require user craig require user eric </Limit<
Novell Directory Services (NDS) can help alleviate the problems associated with accessing data and services on an intranet. Unlike HTML and HTTP, NDS and the NetWare Core Protocols were designed specifically to control access to network-wide services and data. As a key component of IntranetWare, NDS provides a central point for managing intranet resources (users, NetWare servers, web servers, gateways, applications, and so on). The NetWare Web Server uses NDS to determine users' access privileges. No separate user lists need to be maintained, as they do for Unix-based web servers. Since NDS is network-wide, the web administrator can control access to many web servers by allowing only valid NDS users to access the web server. If a new user is created or an existing one is deleted within the NDS tree, no changes are necessary on any web servers. Whenever a user tries to access a web server, a real-time NDS lookup is performed to determine whether the user is valid.
In NDS, objects representing servers, users, and other network entities are placed into containers within a hierarchical tree structure. Rights management is based on the idea that most objects in the same container will need access to the same resources (with exceptions occuring infrequently). As a result, nearly all network resources are accessible immediately upon creation, without the need for extensive "personalization" of access rights. With Novell's NetWare Administrator (NWAdmin) utility, assigning rights to new services is accomplished easily via an intuitive graphical interface. For example, suppose you have an NDS container named Pilots. In this container are several web servers, a printer, and some users. The NDS rights are set up so that all objects in the container can access the web servers and printer. Whenever a new user is created in the Pilots department, that user inherits the access rights established for the container (see Figure 5).
Figure 5: In NDS, a new user created in a container inherits the access rights for that container.
Figure 6: Accessing data using HTTP authentication vs. NDS authentication.
C2 Security Features in IntranetWare. You may be wondering why security is such a big deal for intranets, since they are designed for in-house use only. To answer that, consider the following statistics. According to the National Computer Security Association (NCSA), at least three of every four security problems are internal. And a survey conducted by Ernst & Young LLP/Information Week found that, within the last two years, over half (54 percent) of the survey's 1,320 participants experienced losses due to inadequate information security and disaster recovery planning. Of those losses, 32 percent were caused by malicious acts within the company.
IntranetWare builds on the solid security foundation provided by NetWare and NDS by incorporating C2 security across all network components. To meet U.S. Government criteria, a C2 evaluated server must require all clients to use packet signing (to prevent packet forgery), reject bad packets, require that all passwords are encrypted, and have its console secured. All of these features can be enabled in IntranetWare. (For more information on enabling C2 security, see the NetNote entitled "Putting Trust in Your Server with the secure.ncf File" in Novell Application Notes, September 1996, p. 75.)
IntranetWare also provides extensive auditing capabilities, where every network transaction (such as a print job being printed) is recorded, along with which user performed the transaction. By contast, tracking transactions over multiple servers in Unix can be quite difficult. Standard HTTP servers record only IP addresses and local users for each document requested. Usernames listed in the log files are specific to that server; thus user "julie" on server A could be a different person than user "julie" on server B.
|
N E E D E D : |
A way to incorporate existing data stored on NetWare servers into web browsers. |
|
S O L U T I O N : |
Use web page links for authenticated access to data onIntranetWare servers. |
IntranetWare includes Netscape Navigator, the most popular browser on the Internet. Netscape Navigator supports JavaScript and Java applets, as well as a host of security mechanisms to send and request private information. A number of browser plug-ins are available to allow other types of intranet content besides just HTML, GIF, or JPEG. For instance, Tumbleweed Software has a plug-in which allows Envoy documents to be displayed without conversion. Tumbleweed Software Redwood City, CA 415-369-6790 www.tumbleweed.com
With IntranetWare, it's easy to incorporate data from NetWare servers into web browsers. True, there are significant differences in how data is requested and retrieved. But users don't have to worry about that; it all takes place automatically in the background. In an HTTP-only environment, users must explicitly log in to each server to access protected data. With IntranetWare, NDS handles the necessary authentication in the background; no user intervention is required. When an HTML document contains references to data on a NetWare server, NDS determines whether the user has rights to that data. If so, NDS establishes a link with the NetWare server on which the data resides.
To access NetWare data from within a browser, the FILE protocol is specified instead of HTTP in the HTML reference. As illustrated in Figure 7, there are two ways to do this. One way is to include a direct reference to the file's location, specifying the complete path as follows:
FILE:////Server1/volume1/MyDocs/MyFile.doc
The drawback to this method is that, when the location of the file changes, any references to that location must be updated, including those in HTML documents and scripts. It may also mean updating bookmark lists kept by each browser--an enormous chore if there are thousands of clients on the intranet. To avoid this problem, you can use the second method: specify data in NDS by using a Directory Map object. By doing so, you only have to change the reference in the Directory Map. Once that is done, HTML documents, scripts, and bookmarks will continue to point to the proper location for the file.
Figure 7: Accessing data from IntranetWare and HTTP servers using NDS authentication.
Solution," Novell Application Notes, September 1996, p. 3.) By using NDS authentication on your intranet, you can define exactly who you want to access certain sets of data and what they can do with it. NDS also provides selective administration of object and property rights via the graphical NWAdmin utility (see Figure 8).
Figure 8: The NWAdmin utility allows great flexibility in assigning trustees of an object.
|
N E E D E D : |
An easy way to dynamically list all of our web sites and have each department handle their own web administration. |
|
S O L U T I O N : |
Use NDS as the central store for all web server references. |
Another major hassle of web service administration is defining which users can maintain web content. The obvious answer is to assign web administrators in each department to maintain that department's web server(s). However, in large companies, that can add up to a lot of web servers, and your central IS staff may not have enough manpower to keep track of them all.
By using NDS to define web servers, as well as web administrators and their rights, you can simplify the entire process of maintaining web server content and generating lists of available web servers on your intranet. Using NDS as the store for all web references, both internal and external, means these references are location independent; they can be accessed by any NetWare Web Server. If a NetWare Web Server is connected to the Internet, even outside users can use the NDS references. No other intranet/Internet system can provide this level of service.
Web administrators are responsible for keeping the NDS information about their web servers up to date. They are also responsible for maintaining the Domain Name Service (DNS) address, home page, content description, and up/down status for their web servers.
One recommendation is to create an NDS group called "Web Administrators" for each department. This object should have selected rights to Directory Map objects in the tree (those shown in Figure 9 above) and full rights to selected directories on the NetWare Web Server(s). Then to assign someone the role of web administrator, you simply make them a member of that group, as shown in Figure 9.
|
Tip: You can quickly turn a "normal" user into a web administrator using a simple drag-and-drop operation in NWAdmin. Just click on the User object, hold the mousebutton down, and drag the User icon on top of the Web Administrators group icon.When you release the mouse button, the user will be made a member of the group. |
Figure 9: To assign users as web administrators, simply make them a member of an NDS group.
Figure 10: With all web server information stored in NDS, it is easy to produce a list such a this one.
|
N E E D E D : |
A fast, reliable set of web services. |
|
S O L U T I O N : |
Use the NetWare Web Server and FTP Services. |
Millions of users trust their local area networks to NetWare because it provides the fastest and most reliable file and print services of any network operating system today. It is also an efficient and reliable platform for other network services, including database and web services. (For more details on NetWare's superiority as an application server, refer to the AppNote entitled "NetWare on One CPU Outperforms Windows NT Server on Four CPUs" in Novell Application Notes, June 1996, p. 5). In addition to the latest version of the NetWare operating system (v4.11), IntranetWare also provides the following key web services used to access and process data.
HTTP. The HyperText Transfer Protocol is used for web document requests and retrievals. It is through HTTP that most documents, Java applets, and web security are handled. The NetWare Web Server's HTTP component is the fastest on the market. (For both independent and in-house benchmark test results, visit Novell's web site at http://www.novell.com.)
FTP. File Transfer Protocol is a basic way to transfer groups of files or entire directories across a network. It is a two-way protocol, permitting files to be both sent and received, unlike HTTP which can only download files from the server to the client. Clients can request specific files using FTP from within the Netscape Navigator browser, or groups of files and directories by using an FTP application, such as Rapid Filer from Novell's LAN WorkPlace product. IntranetWare's FTP Services use the security of NDS for user and directory access.
Perl. Practical Extraction and Report Language is a common scripting language commonly used in the Internet world. Its strength lies in its ability to create short, yet complex commands to parse and manipulate data. As long as the Perl scripts have no Unix-specific commands, they can be easily ported from Unix to NetWare with little or no modification.
CGI. The Common Gateway Interface is an application-to-application method of data exchange. CGI applications are primarily processes that communicate to a local or remote HTTP server. Among other uses, CGI is used on the Internet to process data and forms, and to create dynamic web pages. The NetWare Web Server supports CGI using Perl, NetBasic, and remote CGI services (R-CGI). R-CGI allows a NetWare Web Server to request or retrieve data from a remote Unix CGI application (such as a database process). The Novell-defined Local-CGI (L-CGI) specification means that the NetWare Web Server can request or retrieve data from NetWare Loadable Modules (NLMs) running on the same server. Examples of L-CGI applications are NDS browsing (NDSOBJ.NLM), search engines (Wonloo), scripting languages (Perl and NetBasic), and e-mail gateways (GroupWise WebAccess).
|
N E E D E D : |
A way to make Directory Services data available to browsers. |
|
S O L U T I O N : |
Use the NetWare Web Server and NetBasic to extract real-time data from NDS. |
NDS isn't a closed system. Currently, all data stored in NDS is accessible through published APIs and languages such as C, Java, and NetBasic. In the future, NDS will run on various flavors of Unix, IBM systems, and Windows NT, which will make its data more universally available. (I'll explain more about this later in the AppNote.)
NetWare Web Server. All NDS information (including server information, user phone numbers, and anything else stored in the database) is readily available to NetWare Web Servers on the intranet. Using the NetWare Web Server, users can browse NDS to search for information. And since NDS is a real-time database, its contents are up-to-date shortly after changes are made. It's a great way to keep things like employee directories current.
Since NDS is extensible, data types such as web pages and photographs can be stored as attributes of any object. As an example, the user home page shown in Figure 11 was taken directly from NDS.
Figure 11: An example of using NDS to store user home pages and photographs.
Accessibility: the documents are available from any NetWare Web Server. There is no such global availability of documents in traditional web environments.
NetBasic. NDS data is also accessible more formally by using NetBasic scripts. NetBasic is a powerful scripting language with a syntax similar to that of Visual Basic. IntranetWare includes the DeveloperNet2000 NMX engine and the NetBasic interpreter, both licensed from HiTecSoft, Inc.
HiTecSoft, Inc. Scottsdale, AZ 602-970-1025 www.hitecsoft.com
NMX provides a standard way for NLMs and NetBasic components to register and execute within IntranetWare. As an L-CGI component to the NetWare Web Server, the NMX engine can process NetBasic scripts requested from web browsers to generate dynamic web pages. NMX modules needed by the script can be loaded and unloaded dynamically. NetBasic is an interpreted language; you can use it to provide extra functionality on the server without having to write NLMs. You can even write entire applications for NetWare servers, such as your own version of old DOS-based utilities like FCONSOLE. Sample NetBasic scripts are installed with IntranetWare, and more are available from the Novell and HiTechSoft web sites. An Integrated Development Environment and NetBasic Compiler (for faster script execution) are also available from HiTecSoft.
|
N E E D E D : |
A way for browsers to retrieve data from back-end databases to the NetWare Web Server. |
|
S O L U T I O N : |
Use NetBasic links to Oracle and Btrieve, and Remote CGI links to Unix servers. |
NetBasic can link to both Oracle and Btrieve databases -- even databases on remote systems. In fact, the scripting language can access both types of databases within the same request. Unix databases are linked using Remote CGI functions. Figure 12 shows a sample screen from an address book application written in NetBasic. The NetBasic script runs on the Web Server, and the results are sent to the client's browser.
Figure 12: A screen from an address book application that pulls data from an Oracle database.
|
N E E D E D : |
Remote administration of NetWare servers and NDS from the Internet. |
|
S O L U T I O N : |
Use NetBasic scripts to administer and maintain the intranet infrastructure. |
Since NetBasic can modify data on a server or in NDS, you can write scripts to perform remote network administration tasks from your web browser (see Figure 13). NetBasic gives full access to NDS and server administration. Of course, you must login to NDS as a valid user (via the browser and a NetBasic script) to perform the administration operations.
Figure 13: Using NetBasic, the browser can become the interface for remote administration.
|
N E E D E D : |
A way to link remote offices to the main office, and to establish a link to the Internet. |
|
S O L U T I O N : |
Install the Novell Internet Access Server. |
Organizations spread over geographically separate locations need an effective way to communicate between sites. IntranetWare comes with the Novell Internet Access Server, a collection of components including the NetWare MultiProtocol Router (MPR) software with WAN Extensions, and the IPX/IP Gateway (discussed later in this AppNote). These components can be used to link remote locations to the corporate intranet, and to provide a link to the Internet (see Figure 14).
Figure 14: The Novell Internet Access Server provides links to the Internet and to remote locations.
Restricting Access. To restrict access to and from these remote sites and across the Internet connection, you can apply any combination of the following "firewalls":
The MPR provides packet filters which restrict data from entering or leaving the router. These filters look at the IPX or TCP/IP network address or domain name.
The IPX/IP Gateway restricts which users can access the gateway, and what times the gateway is available. (More about this gateway later.)
HTTP users may be restricted from using specific NetWare Web Servers, or from accessing specific directories on a web server.
Figure 15 illustrates the use of rules on the Internet Access Server to restrict access to various targets.
Figure 15: The Novell Internet Access Server can also serve as an Internet firewall.
|
N E E D E D : |
A way for users to publish their own web content. |
|
S O L U T I O N : |
The NetWare Web Server lets users publish from their own home directories. |
With major online services such as America Online and CompuServe promoting the concept of personal home pages, more and more home users are getting into the creation of HTML documents and GIF images. It's just a matter of time before users will want to publish their own web pages in the corporate environment. IS departments must find ways to support users in their quest for an electronic presence, yet with minimal intervention and cost.
|
"What the web does is provide a platform, a virtual performance space, that is open to all comers. That is something new under the sun, and what's astonishing is how eagerly the general computing public is flocking to this performance space, both as audience and as creators." -Macworld, June 1996, p. 23 |
The NetWare Web Server allows users to publish their own content without any direct intervention from the network administrator. Using NDS and the NetWare Web Server, each user may create content in his or her own home directory (under the control of the network administrator, of course). Because NDS is global, users can easily publish web data and the link to their home directory can be found on any NetWare Web Server. You can establish user disk space restrictions to control the quantity of information users publish. User home pages can be located by several methods:
Get the user home page from NDS.
Enter the user's distinguished name as a URL; for example:
http://www.server.com/~george.jungle
Use a script written in Perl or NetBasic to search for the user.
Figure 16 shows an example of a Perl script being used to display a list of all user home pages.
Figure 16: A Perl script can pull users home page information from NDS.
|
N E E D E D : |
A way to access web services on the intranet and the Internet, but without having to upgrade all clients to TCP/IP. |
|
S O L U T I O N : |
Use the Novell IPX/IP Gateway for access and control of HTTP and FTP services. |
The Internet uses TCP/IP as its network protocol, but most of Novell's installed base of 60 million users are using IPX/SPX. IntranetWare includes an IPX/IP Gateway so NetWare users can access both Internet and intranet services, without first having to upgrade each client with a TCP/IP protocol stack. Since TCP/IP is more difficult to manage than IPX/SPX, many network administrators are reluctant to make the switch. By implementing the Novell IPX/IP Gateway, IPX clients can immediately access both internal and external web services (see Figure 17).
Figure 17: The IPX/IP Gateway allows IPX clients to share IP addresses on the Gateway server.
Figure 18: The IPX/IP Gateway allows access to be controlled by application and/or by time of day.
IPX/IP Gateway," Novell Application Notes, September 1996, p. 3.
|
N E E D E D : |
A way to fully manage our intranet, including servers, users, and communication devices. |
|
S O L U T I O N : |
Install ManageWise on your intranet. |
Novell's ManageWise provides end-to-end management of all your network resources. With ManageWise, you can:
Monitor LAN segments from a central point, including remotely capturing packets for analysis.
Manage all types of devices, even non-NetWare devices through ManageWise's support for standard management protocols such as SNMP and RMON. Also, Unix management systems can manage NetWare servers by compiling the NetWare MIB (Management Information Base).
Monitor and control workstations including PCs (running DOS or any flavor of MS Windows) and Macintosh computers. Any DOS/Windows workstation can be remotely controlled by the administrator.
Receive alerts when problems arise on the network. With the extensive alert capabilities in ManageWise, over 400 events are monitored on the server alone. When an event occurs, an alarm is sent to the system console. Depending on the severity of the alarm, an action is performed. For instance, if a server is running low on memory, an alarm is sent to the console and to a pocket pager to notify the administrator of the situation.
There is a lot more to ManageWise than we can cover here. Visit Novell's Web site at http://www.novell.comfor more details.
|
N E E D E D : |
Effective groupware functions over the intranet and the Internet. |
|
S O L U T I O N : |
Use GroupWise 5 and WebAccess. |
One of the main uses of both the Internet and an intranet is electronic mail communication. But whereas Internet e-mail usually consists of simple message transfers with optional attachments, intranets need much more. The concept behind groupware revolves around the word "group" itself; it involves collaboration and working with others. Groupware tries to solve the age-old problem of letting the right hand know what the left hand is doing. In other words, it aims to keep everyone informed about everything they're supposed to know about.
Novell's GroupWise is a groupware solution built around the intranet, with links to the Internet as well. Using NDS as the key to users, groups, and services, GroupWise tracks all types of data, including messages and threads, tasks, schedules, and even documents. GroupWise post offices are synchronized and managed through NDS.
GroupWise public forums provide an effective way to communicate with other users on a key topic. Messages are tracked throughout the entire system, so you can see who has opened, not opened, or deleted your messages. You can also retract messages that you didn't really mean to send--a feature that has saved much embarassment (and even some careers) in situations such as a personal memo being accidentally sent out to the entire organization.
For remote communications, GroupWise is smart enough to know whether your laptop computer is connected to the LAN or needs to dial in using a modem. If your GroupWise post office has a connection to the Internet, messages can be read from within a web browser after you supply a correct username and password (see Figure 19).
Figure 19: The WebAccess feature in GroupWise allows you to read your e-mail from within a web browser.
Future Product Enhancements
In subsequent releases of IntranetWare, Novell will add new features and enhancements to make the products even more useful in the intranet/ Internet environment. This section describes some of these enhancements, most of which are planned for the next release of IntranetWare.
NDS on Other Operating System Platforms
The new "full-service intranet" is going to be directory based, and NDS will act as the bridge for internal and public networks. Novell is working to make NDS available on other platforms, including Sun, IBM, and Hewlett-Packard versions of Unix. NDS will also be native on Windows NT Server. There are several anticipated benefits of this effort to make NDS truly pervasive on the majority of application servers on the market:
Management of the global directory will be the same on all supported platforms.
Since NDS will be an open and free standard, third-party developers can use NDS as the enterprise directory service. Applications on a variety of platforms will be able to use NDS as a scalable, robust, extensible directory service. A certification suite is being developed to ensure that the necessary APIs are implemented the same across platforms.
Telephone companies and Internet Service Providers (ISPs) who want to connect diverse networks from around the world will be able to do so with NDS. Once NDS is fully LDAP compliant (see below), linking to NetWare or other NDS servers will be as easy as connecting to your ISP.
NDS Support for LDAP on the Internet
The Lightweight Directory Access Protocol (LDAP) is an emerging directory access standard for the Internet. It is essentially a "lighter" version of the X.500 Directory Access Protocol, which was originally created for UNIX environments. LDAP was developed for the DOS, Windows, Macintosh and Unix platforms and runs over TCP/IP.
In April 1996, Novell announced that NDS will fully support LDAP. For organizations using NDS, LDAP support enables LDAP-compliant browsers and applications to find and use resources contained in Novell directories using Internet connections. In addition, LDAP support gives developers greater flexibility in creating applications that leverage NDS by enabling them to write to the LDAP standard for directory access as well as to Novell's directory APIs. Through any LDAP-aware browser, such as Netscape Navigator, Internet users will be able to access, browse and query NDS for names, e-mail addresses and other information.
Enhanced Web Services
Here is a quick list of new features in the NetWare Web Server v3.0:
The NetWare Web Server 3.0 is twice as fast as version 2.51.
A search/index engine will allow users to find all files, not just HTML documents, in a flash.
Virtual directories will allow web pages to be served from any NetWare server.
Multihoming will allow a single web server to host multiple domain names.
A Secure Sockets Layer encrypts transactions between browser and server.
NetBasic Oracle provides native Oracle connectivity to local or remote databases.
Novell's Evolving Transport Technology
Novell is adapting its transport technology from its original IPX/SPX base to meet the changing needs of the computer market. The NetWare/IP technology in the current release of IntranetWare provides a way to operate IPX services within an IP environment. Soon, core NetWare services--those usually accessed through the NetWare Core Protocols (NCPs)--will use the TCP/IP transport for NDS, DHCP, and the proposed Service Location Protocol (SLP). NetWare Naming and discovery functions are currently implemented in the Service Advertising Protocol (SAP).
To provide developers with an improved interface to those transport services, Novell is implementing the WinSock 2 interface on the IntranetWare platform. This allows developers to access IPX, IP v4, or IP v6 transports through a single interface. Novell is also working on Asynchronous Transfer Mode (ATM) LAN Emulation Client technology. This will allow NetWare clients to fully utilize such ATM features as packet prioritization.
NetWare and Java
The NetWare Java Virtual Machine is a distributed network application development environment. This will be the foundation for future client/network computing.
Sun Microsystems' Java introduces a new way to build applications and distribute logic in a cross-platform, processor independent way. Applications once existed only on a central host. When LANs became populated by clients with fast CPUs, many applications moved to the client. Java provides a way to harness all that power with distributed applications that apply logic and information sharing across a network.
The acceptance of Java as a powerful object-oriented programming language has been propelled by the Internet and embedded system devices. Originally developed for software development of consumer electronic devices, Java provides the attributes of being small, fast, efficient, and portable. These attributes make Java the ideal language for distributing "executable" programs (logic) over the network.
What is Java? According to "The Java Language: An Overview" (a Sun white paper located at http://java.sun.com on the web), Java is "a simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multi-threaded, and dynamic language." Perhaps an example will help clarify this definition.
Suppose you work for an automobile radiator manufacturer that needs a convenient way to collect information about the costs of raw materials, inventory on-hand, and orders received. The goal of this project is to be able to adjust the manufacturing schedule based on those factors. Obtaining the data requires the following:
A communication link to a metals broker to provide you with the price of copper and other raw materials.
A method of retrieving raw material pricing.
A link to your inventory control system to obtain products in stock.
A link to your order and customer system to determine how whatproducts should be produced.
Since we live in an imperfect world where not all systems and platforms speak to one another, this project may be cost-prohibitive to implement. Besides, the metals broker might not be too eager for you to establish a communications and data link to their system. In the coming year, as more and more systems are able to utilize Java, implementing such a solution becomes more feasible. A Java application written on your system can communicate with a Java application on another, via the Internet or on the corporate intranet. Combining Java with well-established communication links will create an open channel for client/ network computing architectures.
Novell Distributed Print Services (NDPS)
Users' printing needs are getting more sophisticated. Currently, the user sends a print job to a network print queue, from which a print server processes the job and sends it to the printer. Since the print server is an intermediate device, it is sometimes difficult to determine printing problems. More feedback is needed for better printing functionality.
Novell has joined with Hewlett-Packard, the leader in office network printing hardware, and Xerox, the leader in enterprise printing systems, to create Novell Distributed Print Services (NDPS). Other printing manufacturers are expected to support this next-generation printing architecture as well. NDPS is the first fully-distributed print service for networks. As a client-server, application-layer print service for NetWare environments, NDPS simplifies the administration of network printing by linking print queues, printer objects, and print servers into one manageable NDS object, which communicates to the Printer Agent found on a NetWare Server or in the printing device itself (see Figure 20).
Figure 20: Novell Distributed Print Services will allow several types of printer configurations.
A New Internet Printing Standard
For companies using the Internet, printing documents across expanded networks presents some challenges. Novell has announced an initiative to create a new technology standard for printing across the Internet. This new standard is aimed at making it easier for users to send and manage print jobs to remote printers attached to the Internet, Twelve printer industry leaders have announced support for this initiative: Adobe, Canon, Hewlett-Packard, IBM, Intel, Lexmark, QMS, Ricoh, Sharp, Tektronix, Toshiba, and Xerox.
Novell Replication Services
Novell Replication Services (NRS), due in the next release of IntranetWare, will use NDS to manage distributed data across a network. Even if servers are located far from one another, NRS can distribute shared documents, applications, or even web data automatically and without user intervention. NRS will be managed through the familiar NWAdmin graphical interface (see Figure 21).
Figure 21: Novell Replication Services will ease the task of distributing data across a network.
Broadcast Services
Code-named "KnowledgeCast," Novell's new broadcast service is similar to the PointCast product for the Internet, only KnowledgeCast is designed for intranets. Instead of broadcasting all information to all users, KnowledgeCast uses NDS to determine who should receive messages. For example, if a finance server is going down for maintenance, a broadcast message could be sent to all users in the finance department -- as defined by NDS. That message would display on a scrolling "ticker" display at the bottom of the screen (see Figure 22).
Figure 22 KnowledgeCast will provide customized broadcasting of network messages to selected users.
Conclusion
From reading this AppNote, you can see that there's a lot involved in the intranet paradigm. But don't worry--a full-service intranet doesn't have to be built overnight. It's taken years to expand the LAN to the enterprise level, and the intranet builds on all that the LAN has to offer. Chances are you already have most of what's necessary to turn your LAN into an intranet. By taking advantage of the building blocks IntranetWare provides, including a directory service such as NDS, fast web servers, and decentralized administration, the intranet can finally begin to fulfill the LAN's potential: that of making data easily accessible to any authorized user with a computer.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.