An Overview of NetWare 5 NFS Services
Articles and Tips: article
Product Line Manager
Novell, Inc.
01 May 1999
Find out what improvements and new features are in the NFS Services recently made available for the NetWare 5 platform.
Introduction
NetWare 5 NFS Services is software that fully and seamlessly integrates NetWare and UNIX networks. It provides transparent, bidirectional file and print services, enabling both NetWare and UNIX clients to use familiar commands and interfaces to access files and printers. No additional hardware or software is required on either the NetWare or UNIX client workstations. NetWare 5 NFS Services enables sharing of file storage resources between UNIX systems and NetWare servers. It also includes a File Transfer Protocol (FTP) server and gateway that allows FTP clients to transfer files from IBM hosts.
NetWare 5 NFS Services protects all data on NetWare servers using full NetWare security that is transparent to UNIX clients, and UNIX clients can continue using all the capabilities of their native operating system. By fully integrating Novell Directory Services (NDS) with the Network Information Service (NIS), NetWare 5 NFS Services provides centralized NetWare and UNIX user-account administration. It also provides a single point of NFS software administration, allowing UNIX system administrators to manage NetWare servers from a remote location, using the X Window System or Telnet.
This AppNote provides an overview of the improvements and features added to NFS Services in this new release. The presentation is geared to existing users who are using the previous NetWare NFS 2.3 product. This AppNote focuses on the file sharing aspects of NetWare 5 NFS Services. A follow-up AppNote will focus on file permissions in NFS Services.
New Services in NetWare 5 NFS Services
NetWare 5 NFS Services provides several new services over the previous NFS 2.3 product. These include:
Integrated installation
HTML documentation
New file access modes
NSS integration with NFS Server
FTP Server integration with Catalog Services
WebNFS Server
These new features and enhancements are explained in detail throughout this AppNote.
The following table gives a quick overview of these and other services offered by NetWare 5 NFS Services.
|
Service
|
Description
|
|
NFS SERVER |
Allows a user to export a NetWare volume/directory to be mounted by any UNIX host |
|
NFS Gateway |
Allows a user to mount any UNIX exported volume on a NetWare server as a NetWare volume |
|
UNIX to NetWare Printing |
Allows a UNIX client to send a print job to a NetWare print queue |
|
NetWare to UNIX Printing |
Allows a NetWare client to send a print job to a UNIX PrintSpooler |
|
FTP Server |
Allows a NetWare server to act as an FTP Server and service any FTP clients |
|
NIS Server |
Allows you to manage UNIX users and groups through NIS |
|
WebNFS Server |
Allows you to mount a file system over the Internet for access by any WebNFS client |
|
XCONSOLE Server |
Allows you to monitor and manage a NetWare server from a UNIX console |
|
PCNFSD Server |
Provides user and password authentications to UNIX clients |
Integrated Installation
NetWare 5 NFS Services is completely integrated with the common installation framework provided in NetWare 5. The NFS services can be installed either together or separately. For example, if you want to install just the FTP Server, you can install only FTP Server. You don't have to install the complete NFS product as was the case with the previous NFS 2.3 version.
Another change is that DNS configuration is no longer available within the NetWare 5 NFS Services product. DNS services are installed and configured using the Novell DNS/DHCP Services included with NetWare 5. Only NIS server configuration is available in NetWare 5 NFS Services.
HTML Documentation
NetWare 5 NFS Services comes with HTML documentation on the product CD-ROM. In previous NFS versions (NFS 2.3 or earlier), you had to install the complete product in order to install the documentation. NetWare 5 NFS Services documentation can be installed and viewed from the CD without installing the actual product.
New File Access Modes
NetWare 5 NFS Services provides file sharing between the NetWare and UNIX worlds. Whereas NetWare uses trustee rights and attributes, UNIX uses permissions. NetWare 5 NFS Services provides several elegant ways to map these permissions into NetWare trustee rights and attributes to maintain excellent file and directory access security. These are called file access modes.
NetWare 5 NFS Services provides five access modes for NFS Server and four modes to optimize access between NetWare and UNIX. The access modes are summarized in the following table.
|
Mode Name
|
Characteristics
|
Who should use it?
|
|
NetWare Mode |
NetWare is in control and provides overall control of NetWare trustee rights and attributes. |
Users who want greater control on the NetWare side rather than NFS side. |
|
NFS Mode |
NFS is in control. No mapping is performed between the UNIX and NetWare file systems. |
Users who would use NFS Clients to access this exported directory/volume. |
|
NetWare-NFS Mode |
NetWare trustee rights are created whenever UNIX permissions are changed. |
Users who want the NFS permissions to override the NetWare trustee rights, but not have any affect on the attributes. |
|
NFS-NetWare Mode |
NetWare trustee rights plus attributes are created whenever permissions are changed |
Users who want NFS permissions to override both NetWare trustee rights and attributes. |
|
Independent Mode |
Similar to NFS mode, but it also maps the NetWare file owner and group to the corresponding UNIX uid and gid. |
Users who want NFS mode but desire additional control by creating NetWare trustee rights independent of their UNIX permissions. |
NFS 2.3 or earlier had all the file access modes listed above except Independent Mode. The Independent Mode is new in NetWare 5 NFS Services. As the name suggests, this mode offers access control between NetWare and UNIX without any interdependency between the two. No access mapping is required, and no mapping is done between UNIX file permissions and NetWare trustee rights or file attributes. The only mapping done is for ownership of the file. The DOS file owner becomes the UNIX file owner, and vice versa.
In Independent Mode, users will see a performance enhancement since the translation of permissions into trustees and attributes is not done and NFS SERVER has fewer operations to perform. In addition, performance is improved by simplifying the File-Attributes mapping and by avoiding Trustee-creations and Trustee Rights propagation.
How Independent Mode Works. Independent Mode is basically an enhanced version of NFS Mode. Users may use Independent Mode to replace NFS mode. Here's a brief explanation of how it works.
If the file or directory is created from the UNIX side:
The file's permissions are set according to the UNIX user's umask setting.
The NetWare side FileOwner is mapped to the UNIX user.
If the file or directory is created from the NetWare side:
The NetWare side FileOwner is set as the file creator.
The UNIX UID is mapped to the NetWare FileOwnerID.
The UNIX GID is mapped to the NetWare FileOwner's primary group.
File/directory permissions are set according to default umask "022", which means:
The file's permissions will be rw-r--r--
The directory's permissions will berwxr-xr-x
NSS Integration with NFS Server
NetWare 5 is equipped with the new Novell Storage System (NSS), a powerful, high-performance storage and access system that addresses the ever-growing demand for storing larger objects and a larger number of them. NSS provides built-in support for the DOS, LONG, MAC, and NFS name spaces. Another key advantage of NSS is that it provides fast access to data and instantaneous volume mounts, mounting and repairing volumes in seconds, regardless of their size. This is achieved by the use of 64-bit interfaces everywhere in the storage engine, and through the advanced journaling algorithms used by NSS. These algorithms allow single file sizes of several hundred terabytes and a virtually unlimited number of directory entries. Best of all, these improvements are achieved without sacrificing system performance.
NetWare 5 NFS Services allows you to take advantage of this high- performance file system. As shown in Figure 1, an NSS volume can be exported just like normal NetWare volumes are by NFS Server. Likewise, an NFS client can mount the NSS file system. The NFS.NAM interface is no longer required for NSS volumes, as NFS name space support is built in to NSS.
Figure 1: The integration of NetWare 5 NFS Services with NSS allows NSS volumes to be exported and mounted by NFS clients.
FTP Server Integration with Catalog Services
One difficulty users have had in the past was having to specify a complete context name when logging in to an FTP Server, as this increased the chance for typing errors. The previous FTP Server required the entered user, along with all possible canonical names for that particular user. This was cumbersome and difficult for users to remember the complete name with full NDS context.
NetWare 5 NFS Services eliminates this difficulty through its integration of FTP Server with NDS catalog services. A catalog is an NDS object that holds a snapshot of NDS data specified by the user. In other words, it provides a method to store Directory data in a non-partitioned format, indexed for rapid access. Through catalog services, information about NDS objects can be stored in a catalog database, enabling administrators to access Directory information without having to walk the NDS tree.
Catalog services also enable the development of applications which need rapid access to Directory data in a centralized repository. These applications might include contextless login, GroupWise address books, and so on. Developers might also find it advantageous to leverage the speed of catalog services when using SQL search capabilities.
With NetWare 5 NFS Services, the following occurs when a user initiates a login to the FTP Server and specifies a user name:
Contextless Login locates the corresponding username and context in the catalog and inserts the context into the login's context field.
If the username exists for multiple contexts in the tree, only the first context will be tried.
The flow chart in Figure 2 shows the complete process of an FTP session.
Figure 2: Flow chart of the FTP login process with catalog services.
WebNFS Server
NetWare 5 NFS Services allows users to export a NetWare volume to be mounted and accessed by any WebNFS Client. (Currently, only the Hot Java browser provides a WebNFS client. Future versions of Netscape Communicator and Microsoft Internet Explorer may contain the WebNFS client.) WebNFS itself is supported by major Internet vendors including Novell, Netscape, Apple, and IBM, as well as many NFS server vendors.
It is important to understand what WebNFS is and what its benefits are. For years, Novell has understood the need to provide good UNIX connectivity to its customers. This is why the original NFS products were created. That need is just as strong now as before. WebNFS provides a type of UNIX connectivity that is needed today. It is backwards-compatible with existing deployments, and Novell believes WebNFS represents the next generation of NFS services as we move forward on the UNIX connectivity front.
In a nutshell, WebNFS advances the Internet from being an informational kiosk to being a fully integrated extension of the desktop. Its key benefits are that it:
Eliminates the need for complicated file manipulation procedures such as downloads and uploads via FTP
Provides high-speed, scalable access to information stored on remote computers
Delivers the simplicity of local files and the power of the Internet to Web-enabled applications and Java computing
Builds on 12 years of NFS evolution to deliver information access across the expanse of the Internet—even remotely through firewalls
In addition to the above, WebNFS offers the following features.
Firewall Support. WebNFS is TCP-based instead of UDP-based, which is a good thing since UDP is subject to replay attacks. WebNFS also uses the notion of a public file handle for initial mounting. These key features allow WebNFS to safely and easily go through firewalls.
Java/Web Accessibility. WebNFS is fully accessible via Java applets and Web browsers. It comes with Java class libraries that include things like file and URL classes. It also includes support for the NFS name space URL (see RFC 2224 "NFS URL Scheme" available at http://www.ietf.cnri.reston.va.us/rfc/rfc2224.txt).
Proven Simplicity and Elegance. WebNFS represents an evolution over the basic NFS protocols, and is specifically targeted to improve on a well- regarded system. There are around 20 wire-level interfaces for WebNFS, compared to the countless thousands for NetWare. All versions of NFS are stateless, which means it is easy to put together extremely thin clients whenever necessary.
For all these reasons and more, implementing WebNFS is relatively straightforward.
Conclusion
NetWare 5 NFS Services provides full, bidirectional resource sharing for users in both the NetWare and UNIX environments. It enables companies with mixed NetWare and UNIX networks to get the most from their network computing investment.
For additional detailed information, see the NetWare 5 NFS Services administrator's guide that is provided with the product. Updates on known issues can be found by visiting http://support.novell.comand searching for TID #2946784.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.