NDS iMonitor: An NDS Health Monitoring and Diagnostic Tool
Articles and Tips: article
Duane Buss
Steve McLain
Novell, Inc.
01 Mar 2003
This month, AppNotes is fortunate to have the creators of NDS iMonitor provide first hand information into the workings of NDS iMonitor. Tom Doman, Duane Buss, and Steve McLain have already made a name for themselves at BrainShare by presenting informative classes about eDirectory and the NDS engine that makes eDirectory tick. This will be the first of a two- or three-month stint in Directory Primer.
Introduction
Novell Directory Services (NDS) or eDirectory is the basis for an ever growing number of corporate businesses and variety of e-business applications. It is the cornerstone of Novell's Net Services Software architecture.
Historically, monitoring, diagnosing, and troubleshooting an NDS environment has been a difficult proposition, even with direct access to all NDS servers. Trying to monitor or troubleshoot from home or while away from the office has been even tougher. Keeping the sophisticated collection of tools running that is necessary to pull off this feat is no easy task either, especially when rolling additional operating systems into the mix.
This series of articles examines Novell's solution for web-browser-based, cross-platform NDS monitoring and diagnosis--the NDS iMonitor utility. This article describes features and functionality available in iMonitor, release version 2.0, which is the latest release. However, we may occasionally relate back to earlier versions of NDS iMonitor.
Here is the breakdown of version of eDirectory and the corresponding version of NDS iMonitor that ships with it:
eDirectory 8.5 installs iMonitor 1.0
eDirectory 8.6 installs iMonitor 1.5 (stand-alone install for eDirectory 8.5 users to upgrade iMonitor to 1.5)
eDirectory 8.7 installs iMonitor 2.0
iMonitor 1.0 runs with eDirectory 8.5 only
iMonitor 1.5 runs with eDirectory 8.5 and 8.6
iMonitor 2.0 runs with eDirectory 8.7 only
Monitoring and diagnosing NDS requires you to look in-depth at the NDS environment on a partition, replica, or server basis. You also need to examine what tasks are taking place, when they are taking place, what their results are producing, and how long they are taking.
When you need to examine your NDS environment in detail, you need a tool that is powerful and effective and yet is easy to use. NDS iMonitor enables you to find potential problem areas before your customers do. This helps you to troubleshoot problems in a quick and effective way than ever before. In summary, NDS iMonitor provides easy, efficient, anytime/anyplace monitoring and diagnostic capability for all servers in your NDS tree.
This article will examine features that allow you to determine the health of an NDS environment, whether you're in the next room or on the other side of the world. NDS iMonitor is available on every platform where NDS eDirectory currently ships or will ship in the future. With the release of eDirectory v8.5, those platforms include NetWare 5, NT\Win2K, Solaris, Linux, and AIX.
iMonitor's goal is to provide a web-based alternative for many of Novell's traditional server-based NDS tools, such as DSBrowse, DSTrace, DSDiag, and the diagnostic features provided by DSRepair. Because of this goal, iMonitor's features are primarily server focused. That is, they focus on the health of individual NDS Agents (running instances of the directory service) rather than the entire NDS tree.
This does not mean, however, that tree-wide health aids have been ignored in iMonitor. There are several tree-wide health tools as well. In fact, a look at the architecture of NDS iMonitor reveals a foundation for future server-focused and tree-wide monitoring, health, and diagnostic enhancements. The intended users of iMonitor are NDS Administrators, Architects, Troubleshooters, Developers, and Instructors.
Architecture
NDS iMonitor provides a web interface to the NDS world. From a browser on your desktop, you can point to a server where iMonitor is running. iMonitor, in turn, acts as a proxy and makes NDS requests based on the URL and then emits HTML responses back to your browser.
The iMonitor executable module is composed of three different parts or layers. The first layer is a built-in, lightweight, specialized web server. This means that iMonitor speaks HTTP natively and, therefore, does not need an additional third-party web server in order to run iMonitor. If, however, iMonitor is running on a server where a web server is installed, iMonitor will peacefully coexist with it.
The middle layer is where the NDS information gathering logic is modularized. This layer uses traditional NDS protocols to gather information from the NDS environment. In technical terms, this means iMonitor sends NCP requests over TCP, UDP, or IPX. Because iMonitor uses these traditional NDS protocols, you can monitor most previous versions of NDS using just one iMonitor. However, as will be described later, iMonitor is architected to offer more advantages the more places it is installed.
The third layer is a highly specialized HTML emitter. This layer dynamically formats into HTML the information gathered by the middle layer and returns that information to the requesting web browser.
Requirements for Running iMonitor
The following lists the versions of eDirectory with associated versions of NDS iMonitor:
iMonitor 1.0 runs with eDirectory 8.5 only.
iMonitor 1.5 runs with eDirectory 8.5 and 8.6.
iMonitor 2.0 runs with eDirectory 8.7 only.
Novell believes that basic monitoring and diagnostic tools should be just another part of the directory solution. Therefore, Novell only requires this minimum version of eDirectory to be licensed. NDS iMonitor also requires that NDS eDirectory be installed on the server where iMonitor is installed because it is dependent on the load environment which eDirectory provides.
iMonitor supports any HTML 3-compliant browser or later, which nowadays should be just about every browser on the market. For Netscape users, this means version 4.06 or higher and for Internet Explorer users, this means version 4 or higher. In general, it is usually a good idea to use the latest version of your favorite browser.
iMonitor provides SSL (Secure Socket Layer) support where it is configured and is available for any authenticated connection. SSL support is available on NetWare v5.1, NetWare 6, Windows NT/2000, Solaris, and Linux. As mentioned earlier, NDS iMonitor can gather information from most versions of NDS; namely, any NetWare v4.11 or higher version of NDS and any version of NDS for Solaris, NT/Win2K, Linux, AIX, as well as any future platform where NDS is available.
NetWare Remote Manager Integration
On NetWare v5 and later, Novell's NetWare Remote Manager (formerly known as NetWare Management Portal) has been created to provide web-based monitoring, diagnosis, and troubleshooting information for NetWare servers. Special care has been to taken to integrate NDS iMonitor with NetWare Remote Manager for the NetWare platform and is integrated in two important ways.
First, NetWare Remote Manager's own lightweight web server (HTTPSTK.NLM) provides the first layer of the iMonitor architecture on the NetWare platform. Second, NDS iMonitor registers with NetWare Remote Manager (PORTAL.NLM) so that links to NDS iMonitor and other NDS specific information are available through the NetWare Remote Manager interface.
These links can be found under the "Manage eDirectory" section in the Remote Manager interface. Links to NDS agent health information can also be found in the "Diagnose Server" section under Health Monitor under NDS eDirectory related categories. As will be detailed later, NetWare Remote Manager also registers with NDS, which allows iMonitor and Remote Manager to cross-reference each for an even more seamless movement between these tools.
Configuration
Although iMonitor's default behavior will be sufficient in most environments, iMonitor's architecture comes with a configuration file to allow maximum flexibility and control. There are two groups of parameters which you can set in iMonitor's configuration file. The first group applies to how the iMonitor executable itself runs. These parameters will be covered in the "Getting Started" section below. The second group applies to specific features or pages. Many of the more important configurable parameters are covered below, along with the specific page or feature to which they pertain.
The configuration file itself is simply a text file containing configuration parameter tags along with their desired values. For the currently shipping platforms, the configuration file is located in the same directory as the iMonitor executable (usually the same location as the NDS eDirectory executables) and is named as follows:
NetWare, NT\Win2K: ndsimon.ini
Solaris, Linux, AIX: ndsimon.conf
Other configuration files that are installed with iMonitor control what images are displayed and where static HTML documents are located. They are also *.ini files on NetWare and NT\Win2K and *.conf files on Solaris, Linux, and AIX.
The configuration file that ships with iMonitor contains samples of how some of the parameters can be modified. You will notice they are all preceded by a # (pound or hash) character. This means they are "commented out" so they are not used when iMonitor parses the configuration file.
To enable any of these parameters or to add any that you may learn through this article, simply omit the # character from the beginning of the line. For the shipping configuration file, iMonitor uses all internally- bound default values for these parameters.
Getting Started
On most platforms, iMonitor will be set up to automatically load when NDS eDirectory loads, or iMonitor can easily be set to do so. As a general rule, you should make sure that iMonitor is automatically loaded on every server where it is installed.
The overhead associated with it entails only the amount of memory required to load the executable image. Thereafter, iMonitor only demands system resources while it is carrying out the requested action(s) from a web browser that is accessing it. Bottom line: it doesn't hurt to automatically load iMonitor and you'll be glad it's already loaded when you need it.
Except on NetWare, when the iMonitor executable loads, it will attempt to listen on the traditional HTTP port 80. If that port is in use, it will back off to port 8008 and, if that port is in use, iMonitor will back off again, increasing the desired port by 2 (8010, 8012, etc.) until it reaches port 8078.
Where SSL is configured and available, it attempts a similar bind pattern. First, SSL uses port 81 and then 8009, 8011, 8013, and so on. It is this behavior that allows iMonitor to peacefully coexist with a web server that is running on the same server.
However, on some platforms, iMonitor may load before the installed web server does or you may desire that iMonitor bind to a port of your choice. This is where the iMonitor configuration file comes into play. Both the regular and the SSL ports can be configured using the "HttpPort" and the "HttpsPort" parameters respectively. Commented out examples exist in the shipping configuration file.
By default, iMonitor will bind to all NIC addresses on the server where it loads. However, there is also an Address parameter that allows you to specify a list of addresses, in comma-delimited format, to which you would like iMonitor to bind.
NetWare uses similar port selection rules but they are controlled by the NetWare Remote Manager HTTP stack (HTTPSTK.NLM) and they work as specified in the NetWare Remote Manager documentation.
Anatomy of an iMonitor URL
Once iMonitor is running on at least one server in your NDS environment, you can access it through your favorite web browser. Simply point the browser at the desired server, adding an "/nds" (the "root" page for NDS iMonitor) to the end of the URL and you're off and running.
As you will soon see, NDS iMonitor provides you with links to help you navigate back and forth between its different features or feature sets. These links contain pre-formatted URLs that tell iMonitor what is desired. However, there is nothing sacred about the URLs that iMonitor automatically creates. You can manually enter or modify any URL to meet your purposes.
Each iMonitor URL is composed of three parts: the address specifier, the base URL, and the query. The query portion is frequently optional. If you have Domain Name Services (DNS) set up in your environment, the URL can take the following form: http://myserver.mycompany.com/nds
If not, you must enter the IP address of the desired server in the address specifier, such as http://151.155.124.37/nds. If iMonitor is not bound on port 80, you must specify the desired port in the URL, such as http://myserver.mycompany.com:8008/nds. All of these examples use "/nds" as the base URL and contain no query. The base URL for each iMonitor feature is listed in the feature overview below.
The query portion of an URL will always begin with a question mark (?) symbol and may contain one or more parameters that are each separated by an ampersand (&) symbol. The query portion of an URL uses the following format:
...?[parm1]=[value1]&[parm2]=[value2]& ... &[parmN]=[valueN]
As you use iMonitor's features, you will become familiar with how the URLs are formatted and how you can take advantage of them by modifying them manually. For more information on query format and usage, see "Anatomy of an iMonitor Query" in next month's column.
Anatomy of an iMonitor Page
For easier navigation, filtering, and processing, each iMonitor page has been divided into at least three sections, each of which is an HTML frame. They are the Navigator frame, the Assistant frame, and the Data frame. Where applicable, a fourth frame will appear and is called the Replica frame.
Navigator Frame:
The Navigator frame is located across the width of the top of every iMonitor page. As its name implies, this frame provides icons, which are links to the most common or the most important features/functionality that is available in iMonitor.
However, the Navigator frame provides much more than that. It also contains the identity that you are currently using to view NDS information, as well as the NDS agent (or if you prefer, server) from which you are reading data. You also see the time and date that the data was fetched, as well as the name of the feature or page being viewed.
For clarity, the navigator icons are divided into two groups. The left grouping has non feature-related items such as login/logout, help, and home icons. The right grouping has feature-related icons that will be detailed in a future column.
Assistant Frame: The Assistant frame is located on the left side of every iMonitor page. As its name implies, this frame assists you in navigating, obtaining, filtering and interpreting information shown in the Data frame. To avoid the clutter of too many icons in the Navigator frame, the assistant frame also contains additional navigational links to other useful or applicable iMonitor pages that you may wish to visit.
Data Frame: The Data frame, as you may have guessed, is where the real meat is. It is located on the right side of every iMonitor page and contains a summary and/or detailed information that is based on the URL submitted. If your browser does not support frames, this is the only page you will see.
As you use iMonitor, you will notice many navigational or hyperlinked items in the Data frame. These help you track down the information you need, as well as help you to walk around more quickly to different NDS agents in your tree once you see how they work.
Replica Frame: On some iMonitor pages, you will see a fourth frame called the Replica frame. This frame appears below the Assistant frame to the left of the Data frame. As you might have guessed, these iMonitor pages appear where another replica of the requested data exists or when another replica has a different view of the information that is being presented in the Data frame.
This frame will allow you to determine which replica you are currently viewing and it provides links so you can obtain the same information from another replica (another server's point of view).
What You See is What You Can Get
What you see in an iMonitor page or in the Assistant and the Data frames depends on three factors: the version of iMonitor you are accessing, the NDS identity you are using to access NDS information, and the version of the NDS agent you are accessing.
NDS iMonitor Version: New features are added to iMonitor with each new release. Obviously, the newer the version, the more features you will see. To determine the version of iMonitor you are using, visit the "About iMonitor" page by clicking on the NDS iMonitor logo in the upper left corner of the Navigator frame. If the iMonitor logo is not hot-linked, you are using iMonitor version 1.0.
NDS Identity: By default and for security reasons, the latest versions of iMonitor 1.5 and all versions of iMonitor 2.0 require you to establish a non-public identity. In other words, when you access iMonitor, the same dialog window that prompts you for a user name and password also pops up automatically when you push the login icon in the Navigator. This can be altered through the configuration file described earlier.
Early versions of iMonitor 1.5 and all versions of iMonitor 1.0 allow you to see whatever level the rights and access that the [Public] trustee can see. When you use the Login icon in the Navigator Frame to establish a non-public identity (such as administrator), you can perform such things as Trace, Repair, or view things that [Public] could not.
NDS Agent Version: The version of the NDS agent you are gathering data from will affect what you see in iMonitor. In the world of software, each new release brings new features, bug fixes, and perhaps even enhancements that can expose data that has always been present but has never had an external method provided to display it. So, although NDS iMonitor can monitor and diagnose older versions of NDS (because the protocols used to do so are the same), older versions may have less information available. In fact, iMonitor's creation has sparked the exposition of several important features and data in NDS eDirectory 8.5 and later that iMonitor can present for enhanced directory monitoring and diagnostics.
Getting Help
While using iMonitor, you may need help with a specific feature or perhaps how to react to data you have obtained. iMonitor provides several aids for this.
First, most every page in iMonitor has context sensitive help available. That is, clicking the help icon in the Navigator frame will provide you with help information based on where in the page you have selected.
Also, the "Novell" icon in the navigator frame is not just branding information. It is a clickable link to Novell's Support web sites where TIDs, white papers, and other troubleshooting information on NDS is available. As will be detailed later, there is also an NDS Error Code Index and associated documentation built into iMonitor. These pages also provide a link to Novell's documentation Web site so that the most up-to-date documentation is available to you.
Conclusion
This month we are being treated by a three-plex of NDS Architects, who know NDS iMonitor inside and out. Next month we'll continue with this investigation of NDS iMonitor from the view of those who envisioned and created it.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.