Using NDS Manager for Partition and Replica Administration
Articles and Tips: article
Senior Analyst
TechVoice, Inc.
BARBARA R. HUME
Consultant
TechVoice, Inc.
01 Jun 1998
If you've been wanting an easier tool for maintaining Novell Directory Services, NDS Manager is worth a look. It is tailored to the key tasks of partition, replica, and schema management.
- Introduction
- NDS Manager Overview
- Managing Partitions and Replicas with NDS Manager
- Future Enhancements
- Conclusion
Introduction
Administrators today request not just more powerful networks, but simpler networks as well. Novell Directory Services (NDS) offers significant savings in total network administration. In order to make NDS itself simpler to administer, Novell now offers a tool called NDS Manager tailored to the key tasks of partition, replica, and schema management. NDS Manager is both a standalone GUI tool as well as a NetWare Administrator (NWADMIN) snap-in. As a snap-in, NDS Manager with NWAdmin offers a single point of control for NDS services.
This AppNote:
Provides an overview of NDS Manager
Discusses the benefits of using NDS Manager
Describes basic NDS analysis and partition and replica management using the tool
NDS Manager ships with NetWare 4.11 and is also available for download for upgrading earlier versions of the operating system. For more information, visit Novell's Web site at:
NDS Manager Overview
NDS partition management is deceptively simple. Creating a partition, a replica, or a subordinate reference is not daunting. They are, in fact, quite easy to perform. However, as the number of these objects increases, the management tasks for the administrator do not increase arithmetically, they increase geometrically.
This is similar to hardware management. For example, keeping an inventory of workstation configurations isn't hard for a half-dozen workstations. Increase the number to two dozen, and the task becomes overwhelming.
In the same way, a simple tree isn't hard to manage with one, two, or three servers. Partitions, replicas, and replica rings for this number of servers can be tracked using a server-based tool such as Partition Manager (PartMan). Increase the number of servers to a dozen or add a WAN connection to the mix, and then administration becomes difficult with PartMan. This older procedure also presented several other problems:
Configuration and status information were displayed using two different server-based tools. This forced administrators to load and run these both tools to verify information about NDS.
While these server-based tools could be run via RCONSOLE on local workstations, sites that restricted asynchronous access to the server for security reasons couldn't do this.
Troubleshooting NDS often requires an understanding of the location and status of partitions, replicas, and replica rings. Since the older utilities didn't present this information in a single form, an administrator had to manually create a detailed matrix of the NDS configuration for troubleshooting.
PartMan and other server-based tools displayed their information in a text format (see Figure 1). This made visualizing the NDS tree structure and replica rings difficult.
If PartMan or another utility indicated a problem, implementing repairs or changes to rectify the problem often had to be performed using NWAdmin, which was available only at a workstation.
NDS Manager solves these problems, eliminating time-consuming effort and reducing the cost of managing and troubleshooting NetWare and NDS.
Note: Sometimes the spelling of NDS Manager appears as NDSManager (one word) even within Novell documents. When searching the Novell Web site, it is useful to try both variants to see all references to the utility.
Figure 1: Partition Manager displayed replica ring information in a text format.
Report Title: DSD List Replica Rings
Report Version: 0.8
Base DN: \
Identity: \[Public]
Start Date: Jul 31, 1997 5:58:49 pm MDT
Retrieved Partition Roots Form: NDS
Search Context: \TEST
Type: Readable
Depth: Subtree
Retrieved replica ring from: Ring
Partition Name: \TEST
Server Name: \TEST\O=yahoo\OU=sw\CN=TEST-PSE-410
Server's Address: 01017FD9
Entry:
Status Warni Entry ID Repl Entry
Type Name
0 010000B4 RW \TEST
Partition Creation Time:
Status Warni Epoch Epoch
Repli
0 1 1
Replica:
Status Warni Repl Repl Replica Replica Server Address
Numb Type State Root ID Name
0 R 1 M On 010000B6
\TEST\O=novell\CN=TEST_DSE_411 335CBFB3
0 R 4 RW On 010000B4
\TEST\O=yahoo\OU=sw\CN=TEST-PSE-410 01017FD9
Partition Name: \TEST
Server Name: \TEST\O=novell\CN=TEST_DSE_411
Server's Address: 335CBFB3
Entry:
Status Warni Entry ID Repl Entry
Type Name
0 010000B6 M \TEST
Partition Creation Time:
Status Warni Epoch Epoch
Repli
0 1 1
Replica:
Status Warni Repl Repl Replica Replica Server Address
Numb Type State Root ID Name
0 R 1 M On 010000B6
\TEST\O=novell\CN=TEST_DSE_411 335CBFB3
0 R 4 RW On 010000B4
\TEST\O=yahoo\OU=sw\CN=TEST-PSE-410 01017FD9
Replicas found: 2
Partitions found: 1
Servers contacted with Partitions and Replicas: 2
Count Error Numbers Message
Count Warning Message
4 R Fewer than the minimum readable replicas found.
End Date: Jul 31, 1997 5:58:50 pm MDT
********************
In summary, NDS Manager offers the following improvements over Partition Manager:
|
Partition Manager |
NDS Manager |
|
Text-based interface |
Graphical user interface |
|
Search by lists |
Graphical view of NDS tree to simplify navigation |
|
No online help |
Online help and context-sensitive help |
|
Server-based |
Workstation-based |
|
Cryptic error messages |
Explanations in English of all error codes |
|
Operator errors easy to make with single action |
Commit dialogs to prevent errors |
Benefits of Using NDS Manager
NDS Manager is a GUI utility which runs as a standalone application or as an NWAdmin snap-in on a Windows 95 or Windows NT workstation. This utility replaces Partition Manager, a C-Worthy text-based utility for managing partitions that was included in versions of NetWare 4.x before 4.11. (PartMan continues to install as part of the OS, but no further enhancements will be offered for it.) Although NDS Manager installs in the PUBLIC directory, it requires Admin-equivalent rights to perform most of its operations.
The benefits of using NDS Manager are outlined below.
Simplified Partition Management. NDS Manager simplifies the process of navigating through the NDS tree and understanding the relationships among various parts of the Directory structure. A graphical view of the tree and partitions (see Figure 2) is much more intuitive for most administrators. In contrast, the older PartMan utility offered only lists. In drilling down through a list, a user would select an item then PartMan would display yet another list. Searching the NDS tree structure was therefore more difficult than it is under NDS Manager with its graphical display.
Figure 2: The main graphical view of the tree in NDS Manager.
Compare this display with the text-based report from Partition Manager shown in Figure 1.
As an additional help to the administrator, Novell also created another view, called a flat view, of the tree. The flat view shows a bare-bones list of the partitions and the servers they contain. This view provides a quick picture of the NDS tree structure, as shown in Figure 3.
Figure 3: Example of a flat view of the NDS tree.
Single Point of Administration. NDS Manager provides a single utility for monitoring and repairing the NDS directory. In the past, these tasks were separated into multiple server-based or workstation-based utilities.
Provides for Administrator-Only Access. By offering two versions of NDS Manager, Novell provides administrators with a way to control access to its functions. As an NWAdmin snap-in, NDS Manager can be made available to a wide range of users. As a standalone utility, it can be restricted to just those administrators requiring NDS management capability. This offers significant flexibility over either one or the other alone.
Fail-Safe Protection. One user request answered in NDS Manager was a way to prevent far-reaching changes from occurring as a result of a single action on the part of the administrator. In particular, this would include changes to the NDS tree. NDS Manager includes many intermediate dialog boxes to ensure that users verify a process and understand its consequences before committing to it.
Extensive Online Help. The developers of NDS Manager listened carefully to the requests of many administrators to provide more than simply a reflexive online help system. As a result, they have included many pages of explanatory material along with the usual explanations of buttons, menus, and functions. NDS synchronization error messages, for example, feature both causes and remedies as well as the name and number for the error (see Figure 4).
Figure 4: Sample error message screen in NDS Manager.
Significant user input was received on the need to provide just this type of troubleshooting information on error messages. Currently, NDS Manager is the only utility offering this extensive discussion for these messages.
Schema Manager
NDS Manager also includes a snap-in of its own called Schema Manager. Schema Manager allows administrators to view their tree's NDS Schema. (The schema is the definition of objects used by NDS: users, servers, printers, volumes, and so on.)
Schema Manager allows administrators to add or delete classes, or modify attributes of existing classes. (Note that you cannot delete classes from the base schema which ship with NetWare.) For example, you would use Schema Manager if you wanted to add the attribute "Certification" to the object class "User". You could then store the text information "CNE", "CNA" or other certification status in that field. At that point, you could do a search to display all users in the organization that have CNE status.
In addition, Schema Manager also allows comparisons between schemas in two different trees to highlight enhancements or deletions. (We'll cover more about Schema Manager in a future AppNote.)
Note: Schema Manager does not work with specific instances of objects. Rather, it deals with the general class of object selected. For example, if there is a user on the network called "Ataru", Schema Manager would not change that instance of the User class object. The tool can, however, change the general User class object.
Managing Partitions and Replicas with NDS Manager
NDS Manager offers administrators several important partitioning and replication functions. These functions include:
Partition Operations
Create new partitions
Merge partitions
Move partitions
Replica Operations
Add replicas
Remove replicas
Change replica types
Repair replica errors
For example, adding a replica requires just a few steps in a single dialog (see Figure 5).
Figure 5: The Add Replica dialog box.
Once you select the destination server and the type of replica you want, you are done.
If you want information on an existing replica, you can simply highlight it and double-click on it (see Figure 6). The replica's information dialog includes all relevant parameters: server location, type, state, and time of last successful synchronization.
Figure 6: Displaying replica information.
Don't Confuse Replicas and Replication
NDS uses replicas for fault tolerance and authentication. They are a vital part of the advantage of using NDS. Don't confuse these replicas with Novell Replication Services, which are entirely different.
Replicas are read-only copies of the NDS database. They contain information about objects in the NDS tree. A NetWare system can support an arbitrary number of replicas, limited by practical considerations.
Novell Replication Services (NRS) involves data: application documents, HTML files, software updates, and so on (see An Introduction to Novell Replication Services in the June 1997 issue of Novell AppNotes, p. 19). NRS is an automated process of moving information from one server to another to be nearer to the user. This process is most important for users on networks with WAN links where the delay in transferring information across the WAN link would be costly.
Unfortunately, both NDS and NRS uses the term replica. The replica in NRS is a copy of a file or document that is made on a server closer to a user, the original being called a master. Hence a server having some copied files from NRS is called a replica server.
This replica server could also contain one or more NDS replicas, and be a replica server that way as well.
Many of the functions in NDS Manager are also available in various places in NWAdmin. The advantage of NDS Manager is that it brings them together into one place. One key exception is the function for deleting a failed server object, which is only available from NDS Manager.
Note: The NDS Manager Server Deletion process is not the one you would follow if a server has crashed and therefore must be taken down temporarily. In that case, you would go to the server itself and uninstall it from NDS rather than use NDS Manager.
If a server has died and won't be coming back, deleting the server becomes a repair-type operation that NDS Manager can handle. NDS Manager checks to make sure the server is down; it won't delete a server from the tree that's still up and running. If the server is truly down, use NDS Manager to delete the server's object from the tree.
Matrices and Mastering NDS
Knowing where replicas are in an NDS tree is as essential as knowing that partitions are made in the tree. Documentation of how a tree was created is important, but often incomplete. Not only do administrators forget to include items they add in, but NetWare itself automatically generates some things of its own:
NDS Replicas. NetWare creates NDS replicas on its own whenever it finds a partition with only one replica. This occurs when there is only one server in that partition. When additional servers are added to that partition, NetWare automatically adds a replica to the second and third servers brought online in that partition. This creates an adequate replica ring for fault-tolerance.
Subordinate References. NetWare creates subordinate references to tell a master replica where its replica children are.
Bindery-generated Replicas. NetWare creates a new read/write replica on a NetWare 2 or 3.x bindery-based server when that server is upgraded to NetWare 4.x.
Because all three of these are automatically generated, it is possible to overload a single NetWare 4.x server with more than the recommended fifteen (15) replicas per server. It is also possible to have more than the ten replicas per partition for the same reason. This means that despite good design efforts prior to bringing up the NDS tree, there can still be problems later on. (Remember, each subordinate reference, although it does not contain any object data, does participate in replica synchronization. That means network traffic from each one. For example, a six-server tree can have 18 subordinate references.)
By displaying the replica rings in the NDS Manager main screen, (using the flat view as well as the hierarchical view), an administrator can quickly see when those limits are exceeded or about to be. The key reason to maintain the limits is to keep NDS performance up. This becomes most critical whenever there's a WAN link (or more than one WAN link) involved in the tree.
Operations NDS Manager Cannot Perform
NDS Manager does not handle merging trees or renaming one. You still must perform these tasks at the server using DSMERGE. Once you have performed a merge or a rename, however, when you bring up NDS Manager, it can find the tree under the new name.
NDS Manager also can't split a tree (nor can any current utility). Sites requiring the promotion of an Organizational Unit to Organization must do so manually using NWAdmin.
NDS Manager doesn't manage or affect data stored on the servers; it simply sets up and maintains the logical partitions and divisions in NDS. (See the sidebar "Don't Confuse Replicas and Replication".)
Finally, NDS Manager itself (including Schema Manager) doesn't work with instances of NDS objects; it's designed, rather, for partitioning, replicating, and setup tasks. NWAdmin does, however, deal with those instances.
Synchronization Errors
When you create a partition, it is like you're breaking a branch off the tree. Information about the objects in that part of the tree now is included into this partition. A replica of that partition is another spot where physically the data about that partition and its objects is stored.
In essence, the objects in this partition are stored physically on those servers holding the partition and its replicas. The list of servers holding a partition, its replicas, and its subordinate references is called a replica ring.
Replica rings are important in troubleshooting NDS. By visualizing a ring, administrators can eliminate extraneous details and focus in on just the points where trouble is occurring. For example, sometimes an inconsistency occurs between what Server A thinks it's storing about NDS objects and what Server B thinks it's storing about those same objects. You can use NDS Manager to look at their replica rings to make sure that what one has, the other has. Figure 7 shows an example of how to check a replica ring in your tree. For example, if the two servers aren't communicating because of a connection failure or one of them gets a corrupted database, the objects don't match up and you get a synchronization error. You can look at your replica ring in NDS Manager and find it. If there's a synchronization error, NDS Manager indicates it with a yellow flag.
Figure 7: Checking replica rings in the NDS tree.
You can use NDS Manager to force an update when replicas are out of sync. Or you can use it to have a replica request a copy from the master replica.
Repairing Errors
NDS Manager can perform various DSREPAIR-type operations on NDS. These include:
Repairing corrupted server IDs
Repairing replicas
Promoting a new master replica
Removing inconsistencies in the NDS database
Removing (not deleting) a server from the tree
You can also run DSREPAIR using RCONSOLE from NDS Manager if you prefer. Note that this works only on servers supporting asynchronous connections (which may be turned off for security reasons as mentioned earlier).
Note: It is important to check a partition's replica synchronization status prior to using NDS Manager on any partition. Many errors occur with NDS when administrators perform operations before NDS finishes synchronization. Use NDS Manager's Check Synchronization function or run DSREPAIR on the server to view and verify the OK status of a partition's replicas before continuing any partition or replica operation with NDS Manager.
Exploring Partitions and Servers
If you highlight a partition in NDS Manager and right-click on it, you pull up a dialog with options to:
Send/Receive Updates
Display info on the partition
Verify IDs
Repair the volume objects, local database, or network addresses
This is similar to running the Partition Continuity sub-utility in NDS Manager for that partition.
However, if you highlight a server in the NDS Manager main screen and then right-click it, you'll see a dialog for:
Viewing server info (including software version numbers)
Repairing replicas (on that server)
Assigning a new master (from one of the replicas on that server)
Replica Continuity
NDS Manager's Partition Continuity screen offers functions to handle a single partition and its replicas (see Figure 8).
The key tools here are:
Synchronize Immediately (to both send and receive updates)
Receive or Send Updates (one-way updating to or from the Master replica)
Repair Replica, Network addresses, or local database (for a highlighted replica repairing the local database is the same as running DSREPAIR on that server)
Assign new master (use this when you want to elevate a replica to Master status when the previous master is unavailable)
Display any synchronization errors
Most of these have one-button access from the bar. In addition, the partition and replica information dialogs are also accessible here by double-clicking on them.
Figure 8: The Partition Continuity screen in NDS Manager.
Future Enhancements
NetWare 5.0 will offer NDS Manager both as an NWAdmin snap-in and as a standalone utility. As with NetWare 4.11, NetWare 5.0 will install NDS Manager when the server software is loaded. Using NDS Manager will be the same as there are no changes to the interface for the initial release of NetWare 5.0. However, there are two key improvements in the NetWare 5.0 version of the utility (v1.25) compared to earlier versions:
The new version uses 32-bit code for faster performance, whereas the earlier versions used 16-bit code.
The Schema Manager snap-in comes as part of the software rather than as a download add-on as with v1.24 and earlier.
The useful troubleshooting help files also will serve as an enhancement for future utilities. Novell created the error message help files to be accessible from other utilities. A simple change in each of those utilities will make these comprehensive help files available in the new versions. This will leverage the value of the files for other users on the system.
Conclusion
In future AppNotes, we will look at the NDS Manager snap-in called Schema Manager and how it simplifies object management in your tree. We will also cover using NDS Manager to proactively manage your system. This will include examining replica rings and analyzing NDS matrices. Finally, we will review common problem scenarios and how to spot them using NDS Manager.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.