NDS and Z.E.N.works: Solving Real-World Problems
Articles and Tips:
01 Nov 1998
Editor's Note: Does your company need Novell Directory Services (NDS)? Or is your company using NDS to its full potential? Over the next year, the Novell Certified Professional section will focus on NDS, explaining how you can use NDS today to better manage your company's network. The Novell Certified Professional section will feature NDS-enabled products (such as Novell's Z.E.N.works), how-to articles, and tips and tricks.
As a network administrator, you spend countless hours upgrading workstation operating systems, installing network client software, installing and managing network applications, and troubleshooting users' workstation problems. These tasks are very repetitive and often require you to visit each workstation on the network, stretching already overextended network management resources and budgets.
Novell's Zero Effort Networks (Z.E.N.works) can reduce the amount of time and effort required to support workstations on your company's network. Z.E.N.works extends NDS to include information that is usually stored on Windows NT, Windows 98, or Windows 95 workstations. For example, Z.E.N.works stores desktop preferences, application configurations, printer configurations, and other workstation- or user-specific information in NDS.
With NDS and Z.E.N.works, you no longer have to visit each workstation on the network to set up a new network application or printer. You can simply make the change once in NDS and immediately distribute the application or printer configuration to multiple workstations on the network. You can even change one line in a configuration file on hundreds or even thousands of workstations with just one operation.
In addition, Z.E.N.works provides secure remote-control software: You can take control of a workstation and troubleshoot problems without leaving your own workstation.
The October 1998 issue of NetWare Connection described the main features Z.E.N.works provides. (See "NDS and Z.E.N.works: Creating Transparent, Easily Managed Networks," pp. 24-33. You can download this article from http://www.nwconnection.com/oct.98/zen08.) The following article presents several fictitious case studies that illustrate how Z.E.N.works can minimize the burden of managing any network. Although these case studies are fictitious, they represent real network management problems and the solutions that Z.E.N.works provides.
CASE STUDY ONE
Mountain Insurance is a regional insurance agency with ten offices located in Utah, Colorado, Arizona, and New Mexico. Each office employs insurance agents and a variety of office and network support personnel.
In addition, Mountain Insurance employs four insurance adjusters for the entire region. Each adjuster must travel frequently to handle claims throughout the region.
Network Profile
Mountain Insurance has a WAN that connects the corporate office, which is located in Denver, Colorado, and nine branch offices. Each branch office is connected to the corporate office via a 56 kbit/s line.
Mountain Insurance has standardized on NetWare 5 and NDS. Each branch office has one NetWare 5 server and a combination of Windows NT and Windows 95 workstations.
Mountain Insurance uses a distributed network management model. The company has a small centralized IS department at the corporate office, and each branch office has a network administrator who handles the network management issues for that particular office.
Issues
At the beginning of the 1998 fiscal year, Mountain Insurance instructed its IS department to cut the costs of supporting the network. To reduce the time and costs associated with performing tasks such as creating and deleting users, managing login scripts, and setting up access rights, the IS department upgraded every server to NetWare 5 and NDS. The IS department then reduced costs by addressing the following issues:
Users frequently access the network from different workstations. To make these users more productive and to reduce training costs and technical support issues, the IS department wanted to ensure that each user saw the same desktop, regardless of which workstation he or she used to log in to the network.
The insurance adjusters travel from office to office on a regular basis. Each adjuster needs access to different network resources and, therefore, requires a personalized desktop. To minimize support calls from the insurance adjusters, the IS department needed to ensure that each adjuster's personalized desktop was available no matter which workstation the adjuster used to log in to the network.
Mountain Insurance promotes telecommuting when practical. To reduce technical support costs, the IS department needed a fast and easy way to configure laptops with the appropriate remote access information.
Each branch office recently hired a telemarketing staff. Because the telemarketers have little computer knowledge, upper management wanted to restrict the telemarketers' access to the network and limit the functionality of their workstations. These telemarketers should be able to access only the telemarketing application--regardless of which workstation they use to log in to the network. To eliminate support calls and, therefore, reduce costs, the IS department needed to isolate the telemarketers from the complexities of both the network and their workstation.
THE Z.E.N.WORKS SOLUTION
The IS department was able to address all of its technical support issues with the Z.E.N.works Starter Pack, which is included with NetWare 5. The following sections explain how the IS department used Z.E.N.works to solve these issues:
Consistent Desktop
To ensure that each user saw the appropriate desktop regardless of the user's login location, the IS department used the Z.E.N.works Application Launcher and Z.E.N.works policies. After carefully analyzing the company's users, the IS department decided that these users could be divided into the following groups:
Insurance adjusters
Insurance agents
Office support personnel
As mentioned earlier, each insurance adjuster has unique computer requirements, which are explained in the next section. However, the insurance agents use only Windows 95 workstations and require access to the same applications, printers, and other network resources. Likewise, the office support personnel use similar network resources. As a result, the IS department decided that each group could use a common desktop based on job function.
To provide a common desktop for each group, the IS department used the Application Launcher to define Application objects that represent the network applications each group uses. Next, the IS department associated the applications the insurance agents use with the existing Agents Group object and then associated the applications the office support personnel use with the Office Group object. Now when users log in the network, the Application Launcher dynamically delivers the appropriate applications to the users' desktops.
The IS department then created two Windows 95 User Package objects:
The 95User_Agents object for the insurance agents
The 95User_Office object for the office support personnel
The IS department enabled the following policies in each Windows 95 User Package object. (For a list of policy package objects and their related policies, see "Policy Package Objects." For more information about Z.E.N.works policies, see "NDS and Z.E.N.works: Creating Transparent, Easily Managed Networks,"NetWare Connection, Oct. 1998.)
95 Desktop Preferences. This policy allows you to define customized desktops for particular groups. You can define the following Control Panel options: Accessibility, Display (such as background, screen savers, and appearance), Keyboard, Mouse, and Sound.
Workstation Import Policy. This policy allows you to gather information about the Windows workstations on the network. You can then use this information to create a Workstation object to represent each workstation, as explained below. The Workstation Import policy allows you to define the location in the NDS tree where the Workstation objects should be created and how these objects should be named.
After creating the two Windows 95 User Package objects, the IS department associated the 95User_Agents object with the Agents Group object and the 95User_Office object with the Office Group object. Now when users log in to the network, they receive the desktop associated with their group--regardless of which workstation they use to log in to the network.
To complete the importing of workstation information, the IS department used the Application Launcher to distribute WSREG32.EXE, the Windows 95 and Windows NT workstation registration program. (The Application object for WSREG32.EXE is created in the NDS tree automatically when you install Z.E.N.works.) The IS department distributed WSREG32.EXE by associating its Application object with the Organization object. Now when users log in to the network, the application is distributed to their workstations automatically.
When WSREG32.EXE is run, the workstation sends the registration time, network address, last server, and last user information to NDS. The workstation names are then displayed in a Registered Workstations list for the Group or container object in which the Workstation objects will reside. Each time a workstation is logged in to the network, this information is resynchronized with NDS.
After all of the workstations were registered, the IS department used the the NetWare Administrator (NWADMIN) utility to import the workstation information and to create the Workstation objects. To simplify the management of these Workstation objects, the IS department created a 95 Workstation Group object for each office.
Next, the IS department created a Windows 95 Workstation Package object for each office and enabled the following policies in each object:
95 Computer Printer. This policy allows you to configure workstations to use a local printer. The workstation uses this printer regardless of the User Package object with which a user is associated.The 95 Computer Printer policy also simplifies the process of adding a new printer to the network. You can simply add the new printer to a 95 Computer Printer policy and immediately distribute the printer configuration and print driver to multiple workstations. You no longer need to visit each workstation to manually set up the printer configuration and install the driver.
Novell Client Configuration. This policy allows you to associate Novell client parameters (such as Preferred Server, Preferred Tree, and Protocol Preferences) with specific workstations. Then when a users logs in from a workstation, NDS downloads the proper client configuration for that workstation.You can also use the Novell Client Configuration policy to quickly and easily change Novell client parameters on multiple workstations. You simply make the change in this policy, and the change is instantly deployed to the workstations associated with the policy.
After creating a Windows 95 Workstation Package object for each office, the IS department associated each object with the Workstation Group object for the appropriate office.
Accommodating the Insurance Adjusters
Each Mountain Insurance office has a Windows NT workstation for visiting insurance adjusters. As mentioned earlier, each adjuster needs a personalized desktop, and this desktop must be available no matter which workstation the adjuster uses to log in to the network.
To provide this personalized desktop, the IS department created a Windows NT User Package object and enabled the NT Desktop Preferences policy for this object. In this policy, the IS department selected the Roaming Profile tab and enabled roaming profiles. The IS department then specified that the profile would be stored in the insurance adjusters' home directory. Finally, the IS department associated the Windows NT User Package object with the existing Adjusters Group object.
The next time an insurance adjuster logs in to the network, the Application Launcher will store the profile in the adjuster's home directory. The insurance adjusters will receive their personal profile, regardless of which Windows NT workstation they use to log in to the network.
Although roaming profiles provided personalized desktops, the adjusters need to use local printers at each branch office. As a result, the IS department created Windows NT Workstation Package objects for the Windows NT workstations at each office. For each Windows NT Workstation Package object, the IS department enabled the NT Computer Printer policy and entered the printer and print driver configuration for each office.
As before, the IS department imported information about the Windows NT workstations into the NDS tree: The IS department ran WSREG32.EXE to register each workstation and then used the NWADMIN utility to import the workstation information into NDS.
The IS department then created an NT Workstation Group object for each office and associated the appropriate Windows NT Workstation Package object with each NT Workstation Group object. Now the Windows NT workstations are configured with the proper printer information. (The workstation uses a local printer regardless of the User Package object with which a user is associated.)
Configuring Laptops
The next issue the IS department needed to address was finding a fast and easy way to configure laptops with the appropriate remote access information. Since Mountain Insurance has only Windows 95 laptops, the IS department simply used the Windows 95 Workstation Package objects already created for each office. The IS department enabled the RAS Configuration policy for these objects and configured the appropriate dial-up networking information.
Once again, the IS department used WSREG32.EXE to register each laptop, imported information about the laptops into NDS, and created Laptop Workstation Group objects to represent the laptops at each office. The IS department then associated the Windows 95 Workstation Package object for each office with the appropriate Laptop Workstation Group. The next time a user logged in to the network from a laptop, the laptop was configured with the appropriate dial-up networking parameters.
Restricting Telemarketers' Access
To restrict telemarketers' access to the network, the IS department created a Windows 95 User Package object called 95User_TM. In this package, the IS department enabled the 95 User System Policies and restricted the following desktop attributes:
Control Panel. The IS department restricted telemarketers' access to display configurations, Network Control Panel, Password Control Panel, Printer Settings, and System Control Panel.
Desktop. The IS department defined a standard color scheme and wallpaper for the telemarketers' desktops.
Shell. The IS department enforced several Windows 95 shell restrictions, including removing the Run command from the Start menu, removing folders from the Settings option on the Start menu, hiding drives in My Computer, hiding Network Neighborhood, and hiding all desktop items.
System. The IS department also enforced system restrictions such as disabling registry editing tools and the DOS prompt.
Windows 95 Shell. The IS department used custom folders to specify the folders the telemarketers can use and the directory path to these folders.
Finally, the IS department associated the 95User_TM object with the Telemarket Group object. No matter which workstation telemarketers use to log in to the network, their access to the workstation and the network is restricted as defined in the 95User_TM object.
CASE STUDY TWO
Chan, Hawkins, Marin&O'Brien is a law firm that specializes in business law. The firm employs 125 people, including the senior partners, associate lawyers, paralegals, and secretaries. The law firm occupies four stories of a small office building.
Network Profile
Chan, Hawkins, Marin&O'Brien has standardized on NetWare 5 and Windows 95. The firm's network includes two NetWare 5 servers. In addition, each employee has a Windows 95 workstation, and there are five workstations in the firm's law library. The entire network is managed by one network administrator, Steve.
Issues
Although NetWare 5 and NDS have reduced the time it takes to manage user accounts, login scripts, and access rights, Steve is still busy. He is constantly running from floor to floor to set up printers, install applications, and solve users' workstation problems. His telephone is always ringing with support requests. Although Steve works more than 70 hours each week, he still cannot get everything done.
The senior partners denied Steve's request for an assistant, so he must find a way to manage workstations more efficiently. Steve must address the following issues:
Many lawyers at the firm have a small amount of computer knowledge, which unfortunately gets them into trouble. These lawyers are constantly deleting files, deleting shortcuts, and doing other things that prevent applications from launching properly. Steve spends a significant amount of time reinstalling applications, recreating shortcuts, and fixing Windows registry problems.
Whenever Steve installs a new application or upgrades an application, he must visit every workstation on the network to complete the task. Installing or upgrading an application on every workstation sometimes takes Steve weeks to complete.
Steve spends a significant amount of time troubleshooting and fixing workstation problems. In addition, when Steve receives a support request, he has difficulty getting the necessary workstation information to effectively troubleshoot the problem. Users complain that Steve takes too long to respond to support requests. Steve needs to find a way to respond to requests in a more timely manner and minimize the time he spends visiting each workstation.
THE Z.E.N.WORKS SOLUTION
Steve used the complete Z.E.N.works product to address these issues, as the following sections explain:
Preventing Application Corruption
Steve used the Application Launcher to solve the problem of users corrupting their applications. First, Steve created an Application object for each network application. Using NDS inheritance, Steve then associated each Application object with the users who need to access the application.
For example, if all users required access to an application such as Microsoft Word, Steve associated the Word Application object with the Organization object. Because the association flows down the NDS tree, all User objects in all containers beneath the Organization object are associated with the Word Application object. If a certain division or workgroup used an application, Steve associated the Application object with the appropriate Organizational Unit (OU) object or User object.
Now when a user logs in to the network, the Application Launcher delivers the icons for the applications the user needs. These icons appear in the Application Launcher window, and the user cannot delete or modify the applications.
The Application Launcher also solves the problem of users accidently deleting files needed to launch an application. Applications delivered by the Application Launcher are "self-healing." If a user tries to run an application from the Application Launcher window and the Application Launcher detects that necessary files are missing or corrupted, it automatically downloads the files from the network. If necessary, the Application Launcher also downloads registry settings or other configuration information.
Installing and Upgrading Applications
Steve also used the Application Launcher to simplify installing and upgrading applications. When installing or upgrading an application, Steve creates an Application object and configures this object to launch the application's installation routine. Steve can configure the Application object in one of the following ways:
When users click the application icon, the application is installed, and the icon disappears from the users' desktop.
When users click the icon for the first time, the application is installed. After the application is installed, users click the icon to run the application.
Steve can also set up the application to automatically run when the user logs in or to prompt the user for a response (such as run now or run later) before running. The Application Launcher also allows Steve to define minimum system requirements that allow workstations to be filtered based on operating system type or version and hardware configuration.
If Steve needs to create an Application object to support a complex application installation, he can use the snAPPshot utility to record information about the changes an application's setup program makes to the workstation's configuration. This information is stored in a special template file that Steve then uses to create Application objects. The snAPPshot utility also keeps track of the files that the application's setup program installs on the workstation, copies these files, and stores them to be used in other installations.
To distribute the application icons for installing or upgrading applications, Steve associates the Application objects with User, Group, or container objects. The application icons then dynamically appear on the appropriate users' desktops.
Steve also uses Application objects to grant users the rights necessary to access applications. Any user associated with an Application object is automatically granted the rights Steven has defined in the Application object.
Troubleshooting
To reduce the time Steve spends visiting workstations to troubleshoot and fix problems, he implemented the desktop maintenance feature of Z.E.N.works. This feature allows users to report their workstation problems to Steve, and he can use the Z.E.N.works remote-control software to diagnose and fix these problems.
Steve decided that the easiest way for him to receive support requests was via e-mail. To help users report problems, Steve created a Windows 95 User Package object and enabled the Help Desk policy. Within this policy, Steve configured the Help Requester application to provide only his e-mail address and to allow users to send trouble tickets.
Since the law firm uses GroupWise 5, Steve identified the trouble ticket delivery mode as GroupWise 5. Steve also configured several trouble ticket subject lines so users can simply choose a subject line that describes the problem they are having. These subject lines not only make it easy for users to report their problem but also help Steve organize support requests.
The Help Requester Application object was created automatically when Steve installed Z.E.N.works. Steve simply associated this object with the Organization object in the law firm's NDS tree. The Help Requester application was then automatically distributed to all users.
Next, Steve created a Windows 95 Workstation Package object and enabled the Remote Control and Workstation Inventory policies. Steve then registered and imported the workstations as described in the previous case study.
Steve then associated the Windows 95 Workstation Package object with the Organization object. That association then flowed to all of the Workstation objects in the NDS tree.
CASE STUDY THREE
Origin is a large publisher of health and wellness books. Headquartered in Atlanta, Origin has branch offices in Chicago, Cleveland, Kansas City, Colorado Springs, Salt Lake City, and San Francisco. Origin has 1,200 employees, including writers, editors, graphic artists, production specialists, and office support personnel.
Network Profile
Origin has a large WAN, which connects all of the offices via T1 links. This WAN includes both NetWare 4 and NetWare 5 servers. In addition, the company has 1,200 workstations and 500 laptops that are running Windows NT, Windows 95, or Windows 3.1.
The IS department at Origin's headquarters manages the NDS tree. Each office has a small network support staff.
Issues
Because Origin has grown rapidly in the past five years, network resources have been deployed in a haphazard manner, making network management and access difficult. The IS department has been asked to simplify network access for all users, including mobile users. To meet this objective, the IS department must address the following issues:
Application access for employees is critical. Employees must be able to access their applications from any workstation.
If an application server goes down, the production of Origin's books is interrupted. The IS department must provide fault tolerance for network applications.
Because network resources have been added haphazardly, application load balancing is a serious problem. Some application servers are being used to their maximum capacity while other application servers are hardly being used. If an application reaches its maximum license count on a particular server, users are denied access to that application.
Users who travel complain that access to applications is slow. The IS department has determined that mobile users are accessing applications from their default application server. Performance is slow because the application is being run over a WAN link.
THE Z.E.N.WORKS SOLUTION
The IS department used the Application Launcher component of Z.E.N.works to solve these issues. Because the Application Launcher is included in the Z.E.N.works Starter Pack that ships with NetWare 5, Origin did not need to purchase additional software.
Accessing Applications
To ensure that users could always access the applications they need, the IS department created an Application object for each network application. The IS department then associated each Application object with the appropriate container objects or Group objects.
When users log in to the network, the Application Launcher delivers icons for the applications the users need to the desktop. Users can access these applications regardless of the workstation they use to log in to the network.
Fault Tolerance and Load Balancing
Providing load balancing and fault tolerance for applications was easy since the IS department had already installed critical applications on multiple servers. These applications were installed with identical configurations on each server.
When the IS department created Application objects, they enabled load balancing and fault tolerance for the critical applications. From the Application Details page in the NWADMIN utility, the IS department selected the Fault Tolerance page and then selected the Enable Load Balancing check box. Next, the IS department specified a list of alternate Application objects whose configurations pointed to servers on which the application is identically installed.
The IS department also selected the Enable Fault Tolerance check box on the Fault Tolerance page and created a list of alternate Application objects to provide fault tolerance. If the primary Application object failed to run for any reason, the Application Launcher would choose one of the Application objects in the load balancing list at random. If none of those applications were available, the Application Launcher would search the Application objects in the order specified in the Fault Tolerance list.
Keeping Mobile Users Happy
To help traveling users access applications, the IS department set up an Application Site List when they created an Application object. This list ensures that users who travel from office to office access applications from the server that is geographically closest to the users' workstation.
Because the IS department designed the NDS tree based on geographic location (for example, OU=CHICAGO.O=ORIGIN and OU=ATLANTA.O=ORIGIN), setting up the Application Site List was easy. First, the IS department created identical Application objects in each geographic OU in the NDS tree. For example, the IS department created a WordPerfect Application object in the Atlanta OU and an identical WordPerfect Application object in the Chicago OU. The IS department created this object for every office that had installed WordPerfect.
The IS department then used the Application Site List page for each Application object to link the application to the identical applications installed at other offices. Now when a user accesses applications through the Application Launcher at any office, the user always accesses applications locally, rather than over the WAN link.
CONCLUSION
As these case studies illustrate, Z.E.N.works can save you time and money, regardless of the size of your company's network. However, these case studies have barely scratched the surface. Because Z.E.N.works has so many features, presenting every possible solution in one article is almost impossible.
If you want more information about Z.E.N.works solutions, visit Novell's Z.E.N.works Cool Solutions web site at http://www.novell.com/coolsolutions/zenworks. You can also download the Z.E.N.works Starter Pack from Novell's web site at http://www.novell.com/download. The Z.E.N.works Starter Pack is included with the new Novell client software for Windows NT and Windows 95.
Sandy Stevens is a freelance writer. She is coauthor ofNovell's Guide to Integrating IntranetWare and NT from Novell Press.
NetWare Connection,November 1998, pp. 20-31
Policy Package Objects
Policy Package Object
|
Policies
|
Container |
Search Policy |
Windows 3.1x User Package Object |
Help Desk Policy Remote Control Policy Workstation Import Policy |
Windows 3.1x Workstation Package Object |
3.1x Computer System Policy Remote Control Policy |
Windows 95 User Package Object |
95 Desktop Preferences 95 User System Policies Help Desk Policy Remote Control Policy Workstation Import Policy |
Windows 95 Workstation Package Object |
95 Computer Printer 95 Computer System Policies RAS Configuration Novell Client Configuration Remote Control Policy Restrict Login Policy Workstation Inventory |
Windows NT User Package Object |
Dynamic Local User Policy Help Desk Policy NT Desktop Preferences NT User Printer NT User System Policies Remote Control Policy Workstation Import Policy |
Windows NT Workstation Package Object |
Novell Client Configuration NT Computer Printer NT Computer System Remote Control Policy Restrict Login Workstation Inventory |
NetWare Connection,November 1998, pp. 24
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.