Novell BranchManager for NT: Reaching Out to Branch Offices
Articles and Tips: article
01 Nov 1999
It is a fact: Over the past few years, Windows NT server installations have proliferated. According to industry analysts, however, the new Windows NT server installations have not replaced existing NetWare servers. Instead, industry analysts' research show that companies are installing these Windows NT servers as branch office and departmental servers. ("Server Operating Environments: 1998 Worldwide Markets and Trends." You can view the abstract of this article by visiting http://www.idc.com and searching for document 16107.) Many companies have adopted NetWare and Novell Directory Services (NDS) as the network solution at their company headquarters and have chosen Windows NT Server as an application server at the branch or departmental level. Companies are typically using Windows NT servers to run personal productivity and off-the-shelf applications.
If you are responsible for managing Windows NT servers in such an environment, you are probably no stranger to airports, late nights, and stress. To make it easier to manage those Windows NT servers, Novell recently released Novell BranchManager for NT.
SAME PRODUCTS, LOWER PRICE
Novell BranchManager for NT is a combination of several existing products that make remote Windows NT servers easier to access, easier to manage, and more fault tolerant. Novell BranchManager for NT integrates remote Windows NT servers into your company's existing NDS network. You can then manage these servers from a central location just as you manage the rest of the NDS network. As a result, you save countless management hours and expenses.
Novell BranchManager for NT includes the following products:
NDS for NT 2.01
BorderManager Authentication Services 3.0
ManageWise Agent for Windows NT Server 2.6
Novell BranchManager for NT is available for approximately 60 percent less than you would pay for these products separately. The retail price for Novell BranchManager for NT is U.S. $995 for a server license and five client licenses. You can add clients for U.S. $49 each.
TAKING THE PAIN OUT OF WINDOWS NT MANAGEMENT
If you are familiar with even one of the products included with Novell BranchManager for NT, you can predict how the entire solution can make managing remote Windows NT servers easier. If you are not familiar with the Novell BranchManager for NT products, the following sections provide a brief overview:
NDS for NT 2.01
NDS for NT 2.01 integrates Windows NT domains with NDS. You can then manage all aspects of the Windows NT domains through NDS. For example, you can manage all Windows NT users and groups through Novell's NetWare Administrator (NWADMIN) utility. The NWADMIN utility gives you a global view and centralized management of the entire network--including multiple domains.
If you prefer, you can still use Microsoft's User Manager utility to create users, and NDS for NT 2.01 will redirect the changes to NDS. Unlike the NWADMIN utility, however, the User Manager utility does not provide a global view of multiple domains: You must view and manage domains individually.
NDS for NT 2.01 also lets you manage Windows NT file shares through NDS--again saving you the time and expense of managing these file shares through Windows NT utilities. Using the NWADMIN utility, you can set up and manage users' access to the file systems on both NetWare and Windows NT servers.
If your company has a TCP/IP network, you can easily add NDS for NT 2.01, which now supports pure IP.
NDS for NT 2.01 also makes it easier for users to access a mixed network. After you install NDS for NT 2.01 on your company's Windows NT servers, each user has one global identity for the entire network. Each user enters only one username and password to access both the NetWare and Windows NT platforms.
Of course, this single global identity also saves management time and costs. Since users must remember only one username and password for both platforms, you will spend less time changing forgotten passwords. In addition, you have to create and manage only one user account for each user. Without NDS for NT 2.01, you must create and manage two user accounts for each user who must access both platforms.
NDS for NT 2.01 also enables you to store NDS replicas on the Windows NT servers installed at branch offices. Storing replicas on these Windows NT servers improves performance and provides fault tolerance. Because NDS can service requests through the replicas stored on local Windows NT servers, NDS does not have to send these requests across your company's WAN link. If the WAN link is down, users can still access NDS data on the local replica.
The Windows NT servers are also more fault tolerant because NT user and group information is stored in NDS. If anything happens to a Windows NT server, this user and group information is still accessible via NDS. As a result, you can still perform management tasks, and users can still access the rest of network.
In addition to managing Windows NT servers at branch offices, you must manage all of the workstations at branch offices. ZENworks 1.1 extends NDS to include information that is normally stored on a Windows NT, 98, 95, or 3.x workstation. For example, ZENworks 1.1 stores information such as the look and feel of the desktop (such as backgrounds, screen savers, and shortcuts), applications, and printers in NDS.
ZENworks 1.1 and NDS save you time because they eliminate the need to manually configure each workstation from which a user may need to access the network. When a user logs in to the network, ZENworks 1.1 automatically delivers everything that user needs (such as applications and printer configurations) to do his or her job. You no longer have to travel to a branch office to install new software, to update existing software, or to change workstation configuration information. You can make these changes in NDS, and the changes are automatically deployed to workstations across the network.
With ZENworks 1.1 and NDS, you can also correct workstation problems at branch offices. If you need to troubleshoot a workstation that is located at a branch office, you can view specific user and workstation information and remotely control the workstation--all without leaving your desk.
Z.E.N.works 1.1 includes three main components:
ZENworks Application Launcher. The ZENworks Application Launcher works with NDS to allow you to centrally manage, upgrade, and distribute applications across your company's network. Using the Application Launcher, you can dynamically update users' desktops when new applications become available, you can modify registry or INI settings, and you can provide application fault tolerance and load balancing.
Desktop Management. ZENworks 1.1 allows you to store workstation dependencies (such as desktop preferences, printer configurations, Novell client parameters, and Remote Access Server configurations) as policies in NDS. As a result, you don't have to visit each workstation to change configuration parameters. Instead, you can change the appropriate policy once in the NWADMIN utility, and NDS will deploy the configuration to the User objects, Workstation objects, or container objects you specify.
Desktop Maintenance. ZENworks 1.1 includes a help desk component that is tightly integrated with NDS. This help desk component enables users to communicate problems to the IS help desk. In addition, ZENworks 1.1 includes remote control software that allows you to remotely diagnose and repair workstations. With ZENworks 1.1, you no longer need onsite support technicians at branch offices. Users simply report problems through the ZENworks 1.1 help desk component, and you can use the ZENworks 1.1 remote control software to diagnose and repair most problems.
BorderManager Authentication Services 3.0
BorderManager Authentication Services 3.0 provides a secure way for remote dial-in users to access your company's NDS network. BorderManager Authentication Services 3.0 connects remote dial-in users to any network access server that is running the Remote Authentication Dial-In Users Service (RADIUS) protocol. After remote users are connected to your company's NDS network, they can access all the network resources to which they have rights.
Remote dial-in users can authenticate to the network through Point-to-Point Protocol (PPP), Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), UNIX login, and other authentication protocols that implement a username and password. Using Rivest, Shamir, Adleman Algorithm (RSA) and Message Digest 5 Algorithm (MD5) encryption methods, BorderManager Authentication Services 3.0 and RADIUS provide secure transport of authentication, authorization, and configuration information.
For added security of remote access to your company's NDS network, BorderManager Authentication Services 3.0 also supports NDS authentication through smart card token devices (such as ActivCard). These devices require users to provide personal identification information as well as device-specific authentication information.
BorderManager Authentication Services 3.0 also includes other features that ensure the security of remote access. For example, you can configure the RADIUS server to use an automatic callback feature. The RADIUS server will then instruct the network access server that provides dial-in access to "hang up" on a user and call that user back at a specified number. Automatic call back ensures that only authorized users can dial in to your company's network.
In addition, BorderManager Authentication Services 3.0 lets you limit the number of concurrent dial-in connections that a remote user can have at one time. In addition, BorderManager Authentication Services 3.0 records all authentication attempts in an audit log. You can use the audit log to determine if unauthorized persons are attempting to access your company's network and to diagnose remote connection problems. BorderManager Authentication Services 3.0 also maintains accounting logs which enable you to create reports for statistical analysis and interdepartmental billing.
Because BorderManager Authentication Services 3.0 is integrated with NDS, you can use the NWADMIN utility to manage remote access to your company's network. By creating a Dial Access System object in the NWADMIN utility, you can manage all RADIUS servers on your company's network from a central location. If an Internet service provider (ISP) provides remote access to your company's network, you can use BorderManager Authentication Services 3.0 to control dial-in user authentication through NDS while the ISP manages dial-in access. (For more information about BorderManager Authentication Services 3.0, see "Novell's BorderManager Authentication Services: Arm Your Network for Remote Users,"NetWare Connection, Dec. 1998, pp. 21-30. You can download this article from http://www.nwconnection.com/past.)
ManageWise Agent for Windows NT Server 2.6
The ManageWise Agent for Windows NT Server 2.6 allows you to manage Windows NT servers from a central location using the same Simple Network Management Protocol (SNMP) based-management console that you use to manage the rest of the network. The ManageWise Agent for Windows NT Server 2.6 provides the following capabilities:
Automatic discovery and monitoring of Windows NT 4.x servers
Storage of trend information such as CPU utilization and free disk space over time
Windows NT server threshold alarms for all parameters that can be tracked
Windows NT system events reported as SNMP traps
The information provided by ManageWise Agent for Windows NT Server 2.6 helps you monitor, tune, and troubleshoot Windows NT servers. In addition, this agent enables you to control these Windows NT servers from a remote location.
INSTALLING THE PRODUCTS
To simplify the installation of Novell BranchManager for NT, Novell has included all of the products on one CD and has created an integrated installation menu, which allows you to choose the product you want to install. (See Figure 1.)
Figure 1: You install all of the products included in Novell BranchManager for NT from the main menu on the CD.
Before you install the products included with Novell BranchManager for NT, you should ensure that the network meets the following minimum requirements:
The network must include at least one Windows NT 4.0 server that is running the NT File System (NTFS). This server must also be running Windows NT Service Pack 1, 3, or 4.
The network must include at least one NetWare 4.11 or above server. This server must be running NetWare 4 Support Pack 6 or above and NDS 5.99a or above. (To download support packs for NetWare servers, visit Novell's Support Connection web site at http://www.support.novell.com/misc/patlst.htm#nw.)
For full IP support, the network must include a NetWare 5 server, and this server must be running NetWare 5 Support Pack 2 or above.
A master replica must be stored on a NetWare server.
Before you begin installing the products you want to use, you should also check the minimum requirements for each product. (These requirements are listed in the sections that follow.) In addition, you must install NDS for NT 2.01 before you install any other product included on the Novell BranchManager for NT CD.
INSTALLING NDS FOR NT 2.01
Before installing NDS for NT 2.01, you should make sure the network meets the following minimum requirements:
You must install NDS for NT 2.01 on a Windows NT 4.0 server running Windows NT Service Pack 1, 3, or above.
The Windows NT server must be running the NTFS file system.
If the Windows NT server will host an NDS replica, the server should have a minimum of 32 MB of RAM. (Novell recommends 64 MB of RAM.)
NDS for NT 2.01 requires 90 MB of available disk space on the Windows NT server. If the server will host an NDS replica, you will need 150 MB per 1,000 users in the replica.
To install NDS for NT 2.01, you must have administrative rights to the Windows NT server and the NDS tree.
If the network includes NetWare 4.11 servers, these servers must be running NetWare 4 Support Pack 4 or above and NDS 5.99a or above.
If the network includes NetWare 5 servers, these servers must be running NetWare 5 Support Pack 1 or above.
If you use Microsoft Exchange, you must install Exchange Service Pack 1.0 or above to run Mailbox Manager for Exchange.
NDS for NT 2.01 should be installed on the Primary Domain Controller (PDC) and, ideally, on each of the Backup Domain Controllers (BDCs). You should install NDS for NT 2.01 on the PDC first and then on the BDCs.
Installing NDS for NT 2.01 is simple. The installation has only three main steps:
Install NDS for NT 2.01 on the Windows NT server.
Run the Domain Object wizard.
Install the NDS for NT 2.01 management utilities.
Installing NDS for NT 2.01 Software
To install NDS for NT 2.01 on a Windows NT server, you log in to the server as Administrator or a user with administrative privileges. Then you insert the Novell BranchManager for NT CD into the CD-ROM drive of the Windows NT server, and choose NDS for NT from the menu.
You then follow the prompts to complete the installation. If you need more information, see theQuick Start Guide for NDS for NT, which is included on the CD.
After the NDS for NT 2.01 files are copied to the server, a dialog box appears, indicating that the server must be rebooted in order for the changes to take effect. After the server is rebooted, the Domain Object Wizard (SAMMIG.EXE) is automatically launched.
Running the Domain Object Wizard
After you reboot the Windows NT server, you log in to this server as Administrator and then log in to NDS as ADMIN or another user with Write access to the [Root] of the NDS tree. (You must have this right because NDS for NT 2.01 extends the NDS schema to support NDS for NT 2.01 objects.) After you log in, the Domain Object wizard launches automatically.
You use the Domain Object wizard to complete the following tasks:
Move the objects in the Windows NT domain to NDS
Reconfigure the Windows NT server to change the domain name
Install an NDS replica on the Windows NT server (optional)
Remove an NDS replica from a Windows NT server or remove NDS for NT 2.01 from the server
To run the Domain Object wizard, choose Next from the the NDS for NT 2.01 introduction screen. You can then follow the prompts to complete the migration of the Windows NT users and groups to NDS. If you need more information, refer to the online help provided with the Domain Object wizard.
Installing the Administration Utilities
To complete the NDS for NT 2.01 installation, you must install the following administration utilities:
Domain Object Wizard. You can use this utility to add or remove NDS replicas from a Windows NT server. You can also use this utility if you want to remove NDS for NT 2.01 from a Windows NT server.
NDS Manager. You can use this utility to manage NDS partitions and replicas from a Windows NT server.
NetWare Administrator for Windows NT. You can use this utility to manage the NDS tree, including Windows NT domains that have been moved to NDS.
Novell Login. You can use this program to log in to the NDS tree and Windows NT servers with one username and password (if passwords are synchronized).
Novell Send Messages. You can use this utility to send messages to other users who are logged in to the NDS tree.
To install these utilities, choose Admin Utilities from the NDS for NT 2.01 Installation menu on the Novell BranchManager for NT CD, and follow the prompts.
INSTALLING ZENWORKS 1.1
Before you install ZENworks 1.1, you must ensure that the Windows NT server has at least 40 MB of available memory and 175 MB of free disk space. You will also need log in to NDS as ADMIN or another user with Write access to the [Root] of the NDS tree because you must extend the schema to support ZENworks 1.1.
Installing ZENworks 1.1 on a Windows NT server is a straightforward process. To begin the installation, simply insert the Novell BranchManager for NT CD into the CD-ROM drive of the Windows NT server, choose ZENworks from the main menu, and follow the prompts. If you need more information, the ZENworks 1.1 documentation is included on the Novell BranchManager for NT CD.
INSTALLING BORDERMANAGER AUTHENTICATION SERVICES 3.0
Before you install BorderManager Authentication Services 3.0, you need to ensure that the network access server meets the following requirements:
TCP/IP is configured and functioning.
The server is RADIUS compliant.
The server is RADIUS authentication enabled.
The RADIUS server address is set to the Windows NT server on which BorderManager Authentication Services 3.0 will be installed.
The RADIUS shared secret is established and known.
SNMP service is installed.
The RADIUS server must meet the following requirements:
The server is running NetWare 4.11 or above or Windows NT 4.0.
The server has 1 MB of free disk space.
The server has 1 MB of RAM.
TCP/IP is configured and functioning.
NetWare 4 servers are running NetWare 4 Support Pack 5 or above.
NetWare 5 servers are running NetWare 5 Support Pack 2 or above.
Novell client software is installed on Windows NT servers.
BorderManager Authentication Services 3.0 also requires an administrative workstation that is running Windows NT, 98, or 95 with the appropriate Novell client software. The workstation must also have 2 MB of free disk space.
After you have verified that the network meets these requirements, you can begin to install BorderManager Authentication Services 3.0. The installation program copies the RADIUS server files and the NWADMIN snap-in modules for BorderManager Authentication Services 3.0 to the Windows NT server. With these snap-in modules, you can use the NWADMIN utility to manage remote access to your company's network. The installation program also extends the schema of the NDS tree to include the new Dial Access System object classes and attributes.
Like the ZENworks 1.1 installation, the installation of BorderManager Authentication Services 3.0 is straightforward. To begin the installation, simply insert the Novell BranchManager for NT CD into the CD-ROM drive of the Windows NT server, choose B.M.A.S. from the main menu, and follow the prompts. If you need more information, the documentation for BorderManager Authentication Services 3.0 is included on the Novell BranchManager for NT CD.
INSTALLING MANAGEWISE AGENT FOR WINDOWS NT SERVER 2.6
To install ManageWise Agent for Windows NT Server 2.6, you must have Administrator or equivalent rights to the Windows NT server on which you want to install the agent. You must also have Administrator rights to the ManageWise console workstation if this workstation is running Windows NT.
The Windows NT server must meet the following requirements:
The IPX protocol must be loaded.
The SNMP service must be loaded. The SNMP setting on the Windows NT server must be the same as the SNMP setting on the ManageWise console. If you change the SNMP setting on the ManageWise console, you must change the setting on all the Windows NT servers you manage through ManageWise.
When you install ManageWise Agent for Windows NT Server 2.6, the installation program will confirm that the ManageWise 2.6 console is installed on your network. To support the ManageWise Agent, the ManageWise console must be running the Microsoft network software, including the Microsoft client. In addition, the ManageWise console should be configured with the following:
File and print sharing (with File sharing selected)
Novell NetWare client as primary network logon
Microsoft TCP/IP protocol loaded and bound
To install ManageWise Agent for Windows NT Server 2.6, select the ManageWise option from the main menu of the Novell BranchManager for NT CD, and follow the prompts to install the product. Unfortunately, the ManageWise Agent for Windows NT Server 2.6 documentation is not included on the Novell BranchManager for NT CD. If you need more information, download the documentation from http://www.novell.com/documentation/mw26.html.
ManageWise Agent for Windows NT Server 2.6 is an extension of Microsoft's SNMP service. After the installation is completed, you should reinstall any Windows NT Service Packs that are running on the Windows NT server.
If your company has an enterprise network with NetWare 4 or NetWare 5 servers installed at company headquarters and Windows NT servers installed at branches and departments, you should take a close look at Novell BranchManager for NT. You are already enjoying the benefits of a single point of network access and management at company headquarters; Novell BranchManager for NT extends these benefits to remote Windows NT servers.
Sandy Stevens is a freelance writer based in San Diego, California. She is coauthor ofNovell's Guide to Integrating NetWare 5 and NT,Novell's Guide to NetWare Printing, andNovell's Guide to BorderManager.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.