Bright Minds, Big democity: Providing Product Demonstrations Over the Internet
Articles and Tips: article
01 Jul 2000
In the world of brick-and-mortar business, you are always on the move. As a network administrator, you travel from one workstation to the next, upgrading software, assessing hardware damage, recovering files, and dealing with file-sharing problems and application-learning curves. The demands users place on your time never seem to stop, but at least you're the one with the answers.
Imagine what it's like for the hapless, frustrated user on the other end of a help-desk call. Mobile users especially have a difficult time since these users frequently battle a host of networking problems after business hours or on weekends.
For example, a user who is working on a presentation the night before a sales meeting may encounter any number of problems: A downed server may delay a vital e-mail message from the corporate office, or the message may arrive on the user's laptop with corrupted files attached. The application or application version needed to read important files may not be loaded on the user's laptop, or the user may not be familiar enough with the application to understand the information the files contain. Then again, the user may accidentally delete the e-mail message and the attached files. Whichever scenario plays out, the user ends up unprepared for the sales meeting and may even blame you for the problem.
IN A PERFECT WORLD
Now imagine you manage the network for a company where corrupted or deleted files, software incompatibilities, and learning curves no longer stymie productivity and where e-mail isn't mission-critical. Imagine that the Internet is the primary information vehicle and that a simple web browser connects mobile users to company sales figures and to the latest slide presentations for new products.
Salespeople enter orders into a web page--an easy-to-use interface--instead of into an application that these users must be trained to use. And if users do need some training, you can set up interactive, online materials to enable self-training.
Finally, imagine that you answer the few help calls you receive as well as manage and service network applications from the comfort of your own office chair. This network environment may sound like a dream, but Novell has proof that the dream can be realized. The proof is the web site Novell created known as democity. (See Figure 1.) This article gives you a tour of democity's technology and explains the challenges faced by the democity developers--the same challenges you will probably encounter if you build a similar web site or use the technology to redesign your company's internal network.
Figure 1: democity is an interactive, online facility that runs web- and Windows-based demonstrations of Novell and partner products.
This article also explains the solutions democity developers used that ultimately resulted in the successful launch of democity. In particular, the article covers the following democity features:
Redundant architecture
Oracle8 database
Firewall services
NDS eDirectory and ZENworks for Desktops 2
Thin-client servers
WHAT IS DEMOCITY?
democity (http://www.democity.novell.com) was created to increase product and services awareness among Novell's field and channel partners. democity provides quick facts, self-running and interactive demonstrations, and links to Novell Consulting and Novell Education services, as well as to shopnovell, Novell's online shopping cart. Since going live on November 16, 1999, democity has also found a niche as a company-wide training tool and as a platform for proof-of-concept demonstrations.
In addition, Novell's customers now have access to democity. You can visit democity to view these same demonstrations.
The immense popularity of democity and the encouraging feedback from field and channel partners have been a more than pleasant surprise. According to Carl Seaver, director of Technical Marketing at Novell, "We never expected to receive almost three million hits on democity in under six months, and from over 60 different countries as well. We've put together a site that is truly useful, and our target audience apparently couldn't be happier."
Prior to democity, Novell did not have a way to ensure that salespeople would have immediate access to the latest product information. To solve this problem, Novell decided to place product demonstrations online and to make these demonstrations accessible to all employees via a standard web browser. In this way, Novell could keep the information current.
Unfortunately, for Novell's mobile salespeople, downloading product demonstrations over a slow modem connection required significant time. In addition, to run a particular demonstration, the salespeople needed the corresponding application installed on their workstation.
To make product demonstrations easier to run, Novell deployed thin-client servers on democity. In thin-client computing, applications and data are stored and fully processed on a server, which transports only screen updates to clients. In turn, clients send only keystrokes and mouse clicks to the server. (See Figure 2.)
Figure 2: democity's product demonstrations require little network bandwidth to run because thin-client computing fully processes applications and data on a server.
Because the application runs wholly on the server, the application does not need to be installed on the workstation. In addition, because such a small amount of code is exchanged, bandwidth ceases to be an issue, whether users are at a home or branch office or dialing in from a hotel or airport terminal.
In fact, democity uses the Independent Computing Architecture (ICA) protocol to facilitate client-server communications. ICA is optimized for connection speeds as low as 14.4 kbps. (ICA and thin clients are discussed in detail later in this article.)
REDUNDANCY, REDUNDANCY, REDUNDANCY
Of course, it doesn't matter what state-of-the-art technology you use to build a web site if that web site becomes unavailable to users. Therefore, to keep democity live, the democity developers equipped it with a redundancy feature. One of the first things you will notice about the democity architecture is that there are two systems (System A and System B) and that these systems are exact hardware copies of each other. (See Figure 3.)
Figure 3: democity's architecture includes a live area and a staging area (System A and System B) and a common shared area.
In the most general terms, there are two democitys: the online version you see when you log in to democity (System A) and the staging area where Novell builds and tests new demonstrations (System B). (See Figure 4.) Each area includes a web server running NetWare 5.1, three additional NetWare 5.1 servers, a Windows NT 4.0 server, and an Ultra 5s Sun server running Solaris. The NetWare and Windows NT servers are all Compaq ProLiant 1850R rack-mount servers. (The Solaris server is not shown in Figures 3 and 4.)
Figure 4: democity's live and staging areas (System A and System B, respectively) are exact hardware copies of each other.
A Novell Directory Services (NDS) tree stores the components of the live and staging areas as objects. This tree, referred to as the democity tree throughout this article, is separate from democity's NetWare Cluster NDS tree. The NetWare Cluster NDS tree stores as objects the components of democity's NetWare Cluster, which runs clustering demonstrations and is independent of the rest of the democity network. NetWare Cluster Services is a server-clustering system that ensures high availability of network resources by transferring the resources on a failed server to another server in the cluster. (See the NetWare Cluster in Figure 3. The NetWare Cluster NDS tree is discussed in detail later in this article. For more information about NetWare Cluster Services, see "Uptime in Real Time With NetWare Cluster Services for NetWare 5," NetWare Connection, Sept. 1999, pp. 6-18. You can download this article from http://www.nwconnection.com/past.)
The web server on democity's live area facilitates communications between your web browser and democity's Oracle8 database. The three additional NetWare servers on both the live and the staging areas store all Windows-based demonstrations that run on democity's thin-client server farm. (See the common shared area in Figure 3.) The NetWare servers also store the ZENworks for Desktops policies that control what you view when you access a demonstration. The Windows NT server and the Solaris server are just extra servers running on democity to show how NDS eDirectory can help you manage heterogeneous network environments.
The democity developers build and test product demonstrations on the system that is not live (System B). If the product demonstration runs smoothly, the developers use PowerQuest Drive Image 2.0x to create exact hard-disk images of the five servers in that system. The developers then store these images on two 65-GB Compaq ProLiant 3000 rack-mount backup servers. (For more information about PowerQuest Drive Image software, visit http://www.powerquest.com/driveimage/didetail.html.)
Finally, the democity developers switch the live ports on the democity BayStack 450 switch--which is part of the common area shared by both the live area and the staging area--to make this system live and to take the previously live system offline. The developers then restore the images taken of the new live system (System B) on the new testing area (System A).
This setup guarantees that your access to democity is unlikely to be interrupted by a faulty demonstration. If a demonstration on the live system somehow breaks, the democity developers can switch the live system with the current staging area and immediately restore democity.
CONSULTING THE ORACLE
In addition to creating the right architecture, the democity developers had to decide what democity would look like and how to achieve that look. The look and feel of democity are actually maintained by using a number of HTML templates that provide a framework into which dynamic content is inserted.
For example, when you visit the democity home page, you select the name of a particular Novell or partner product about which you want more information. Selecting a product name takes you to another page that is devoted specifically to that product. An HTML template provides the framework for this product page and all other product pages. (See Figure 5.)
Figure 5: A number of HTML templates provide a framework into which democity's dynamic content is inserted.
Oracle8 for NetWare (release 8.0.4) runs on democity as part of the common shared area. (See Figure 3.) The democity developers placed Oracle8 on democity to allow the use of dynamic HTML content rather than static HTML content. If the content on democity were static, any change made to a particular page would have to be made to all other pages affected by this change individually--a process that would be incredibly time consuming. Oracle8 allows changes to be made automatically to all applicable democity pages.
For example, each of the<javatags<in the template for a democity product page corresponds to a field name in a particular table in the Oracle8 database. (See Figure 5.) These fields contain the data that is used to fill in the HTML templates online.
Each time you select a product name, you make a request to a servlet, a program that runs inside democity's web server and facilitates communications between you and the Oracle8 database. The request you make is accompanied by two parameters that specify which democity HTML template to use and in which product you are interested. Based on this information, the servlet replaces each instance of<javatag<with the appropriate content from the database tables. (See Figure 6.)
Figure 6: Oracle8 stores in tables the content that is used to fill in democity's HTML templates with the product-specific information you request by way of point-and-click.
Therefore, if democity programmers change the data in a particular field of the Oracle8 database, the new data will be drawn from the database every time the servlet extracts that data from the field and replaces the corresponding<javatag<in the HTML template. No matter which democity page you request, if a<javatag<on that page is associated with a field name in which data has been changed, the servlet will use the new data to replace the<javatag<. Regardless of the number of democity web pages affected, programmers only have to make the change once to the Oracle8 database.
The democity developers also built redundancy into the Oracle8 database. Backup Exec by VERITAS runs on the same NetWare server as Oracle8 and backs up the content of this database. (For more information about Backup Exec, visit http://www.veritas.com/us/products.)
FIREWALL, FIREWALL, LET ME COME IN
Of course, redundancy is not democity's only line of defense. For example, democity actually resides on a private network behind a NetWare server that runs Novell BorderManager Firewall Services 3.5. (See Figure 3.)
The BorderManager firewall accelerates web-server traffic to democity and gathers statistics (such as the numbers of users at any given time and the most trafficked web page) via HTML logging. The BorderManager firewall's primary responsibility, however, is to provide firewall services: Like any other network, democity must be protected from intruder attacks.
To protect democity, a port filter on the BorderManager firewall examines all incoming and outgoing traffic. The port filter prevents any traffic that does not meet the democity security criteria from passing through the firewall. In this way, the BorderManager firewall protects democity from unauthorized access while allowing authorized users to request Windows-based demonstrations, which are then executed through the firewall.
The BorderManager firewall also masks democity's private IP addresses: Using Network Address Translation (NAT), the BorderManager firewall assigns the private IP addresses a single public IP address. As a result, democity's internal network addresses are hidden from the outside world, providing stronger security.
DETOUR, NEXT EXIT
After you pass through the democity firewall, you can access the web page for a particular Novell or partner product by selecting the name of that product from several lists on democity's home page. From the web page of the product you select, you can access web-based demonstrations for that product, using the same simple point-and-click procedure. The democity web server redirects your web-browser session to the appropriate URL for the demonstration you want to view.
Selecting a partner product demonstration redirects your browser to the partner's web site and the demonstration you requested. Selecting a web-based demonstration of a Novell product such as the ZENworks "Flash Demo with Audio" opens another browser window from which the requested demonstration runs automatically.
Whether accessing Novell or partner web-based demonstrations, the process is straightforward. Running Windows-based demonstrations on democity, however, requires stronger security, as the next section explains.
YOU CAN'T SEE THE NETWORK FOR THE TREES
Unlike web-based demonstrations, Windows-based demonstrations are stored on the democity network. Although the BorderManager firewall effectively prevents unauthorized access to democity, like all firewalls, it does not provide the granular security necessary to control an authorized user's level of access to the democity network. In other words, without a stronger security measure in place, after a user passes through the BorderManager firewall, everything on the democity network becomes available to that user.
NDS eDirectory provides the granular security necessary to protect democity, and ZENworks for Desktops 2 provides an easy way to manage that security. democity's Windows-based demonstrations and corresponding security policies are configured using ZENworks for Desktops 2 and are then stored in either the democity or the NetWare Cluster NDS tree. (Only clustering demonstrations are stored in the NetWare Cluster NDS tree.)
Once through the firewall, you must authenticate to NDS eDirectory and be granted access to the appropriate NDS tree to access a particular demonstration. By applying the security policies configured via ZENworks for Desktops 2, NDS eDirectory controls every aspect of your desktop environment, granting you only enough access to democity's NDS trees to run Windows-based product demonstrations. As a result, you can run the demonstrations and walk through the trees without damaging democity itself. (For more information about using NDS eDirectory and ZENworks for Desktops 2 to secure and manage your company's thin-client and legacy network, see the article entitled "Thin Is In With NDS eDirectory and ZENworks for Desktops 2.")
How do you authenticate to NDS eDirectory? Your browser is redirected to a login screen. When you select a product demonstration that is Windows-based, your browser is redirected to a login screen.
The democity username and password you must enter appear at the top of the login screen. When you enter this information, you are granted access to the part of democity to which that particular user has rights. (The democity network administrator grants these rights through NDS eDirectory and ZENworks for Desktops 2.) A Novell Application Launcher (NAL) folder then appears on your desktop, displaying all of the Windows-based demonstrations available from that folder.
THE SKINNY ON THIN-CLIENT SERVERS
The Windows-based applications on democity run on thin-client servers. Specifically, most demonstrations run on democity's Citrix thin-client server farm. Demonstrations of NetWare Cluster Services 1.01 for NetWare 5 run on the NetWare Cluster's independent Citrix server.
The democity NetWare cluster itself is comprised of six IBM Netfinity 5000 rack-mount servers and a Netfinity fibre channel Redundant Array of Independent Drives (RAID) unit. The RAID unit combines all six hard drives into a single unit and allows the same data to be simultaneously saved on each of the drives. (See Figure 3. For more information about IBM Netfinity, visit http://www.pc.ibm.com/us/netfinity.)
The Citrix thin-client server farm is another part of democity's common shared area. (See Figure 3.) The six servers in the server farm are Compaq 1850R rack-mount servers, one of which is a primary domain controller (PDC) that directs clients requesting applications or data to the server on the server farm that is the least busy.
The first multiuser version of Windows NT, Windows NT Server 4.0, Terminal Server Edition (TSE) runs on the Citrix servers. Jointly developed by Microsoft Corp. and Citrix Systems Inc, TSE is currently the only server operating system available for thin-client computing. (For more information about TSE, visit http://www.microsoft.com/ntserver/terminalserver/?RLD=62.)
Citrix MetaFrame 1.6 also runs on democity, on top of TSE. MetaFrame is server-based computing software that extends the TSE solution by providing additional client and server functionality. For example, MetaFrame enables servers to be grouped, managed, and load balanced as a server farm.
Because the Windows-based product demonstrations on democity are configured for load balancing, the PDC routes these demonstrations to the most lightly loaded server for execution. Load balancing also ensures a level of fault tolerance by enabling users to access applications and data residing on a failed server from another server in the server farm.
In addition, running MetaFrame enables democity to use the ICA protocol, de facto standard for server-based computing, to facilitate client-server communications, instead of TSE's Remote Display Protocol (RDP). As its name suggests, ICA is platform independent and can, therefore, support the non-Windows clients that Windows-centric RDP cannot. ICA in MetaFrame adapts to various operating systems, such as UNIX, Macintosh, Java, and DOS. ICA delivers Windows, UNIX, and Java sessions to virtually any client device over industry-standard network protocols and network connections.
Regardless of the type of OS running on your workstation, democity can deliver Windows-based Novell product demonstrations to you by way of an ICA Client session running inside your browser window. However, you will need to install the ICA plug-in that you are prompted to download the first time you try to establish an ICA-client session on democity.
An ICA-client session is simply the set of communications transactions--keystrokes, mouse clicks, and screen updates--that take place between your workstation and one of democity's Citrix servers while you are accessing a particular product demonstration on that server. (For more information about MetaFrame and ICA, visit http://www.citrix.com/products/metaframe and http://www.citrix.com/products/ica.asp , respectively.)
As mentioned earlier, you must also authenticate to NDS eDirectory to access either the democity tree or the NetWare Cluster NDS tree that together store all of democity's Windows-based demonstrations. democity then delivers a ZENworks NAL folder that contains all of the demonstrations stored in the tree you have accessed.
When you try to run a demonstration, NAL checks to see if the demonstration is already present on a thin-client server. If the demonstration is not currently installed, the demonstration and all applicable registry settings will be served down to the thin-client server. Once installed, the demonstration runs on the server.
WHY SHOULD YOU CARE?
Just as Novell deployed thin-client servers on democity to provide a high level of performance to employees accessing applications online, you may want to offer the same benefits to your company's employees. You may also want to deploy thin-client servers to make the "perfect world" scenario presented at the beginning of this article a reality.
For example, if you deploy thin-client servers, you probably won't get calls from anxious users who don't have the appropriate software or software version installed to open work files. Thin-client servers remove the need to deploy different versions of client software (such as Macintosh and Windows versions of Word) across your company's heterogeneous network.
Instead, you can run one application version on the server, and all users will be able to read any file to which they have rights. Users will even be able to access 32-bit applications from 286 and 386 DOS and Windows 3.x workstations. You simply install the appropriate ICA client software for the operating system platform running on each client.
Thin-client servers also benefit employees who don't know how to use a particular application, such as an in-house ordering application. You can deploy applications over the Internet for self-training, or you can eliminate the application entirely and allow employees to use the familiar interface of an online form.
In general, if you install thin-client servers on your company's network, you will probably find that you receive fewer support calls to resolve application conflicts on users' workstations. If problems arise on the applications running wholly on a thin-client server, you can service these applications from a central location.
Adding Citrix client software to existing PCs will enable users to access r esources on thin-client servers and will provide all of the benefits outlined above. For added benefits, however, you can deploy actual thin-client hardware. (For more information about thin-client hardware and managing a mixed network environment with NDS eDirectory and ZENworks for Desktops 2, see "Thin Is In With NDS eDirectory and ZENworks for Desktops 2.")
CONCLUSION
By following Novell's example and combining thin-client computing with the proven capabilities of products such as BorderManager Firewall Services 3.5, ZENworks for Desktops 2, and NDS eDirectory, you could secure your company's network and provide mobile users with instant access to everything they need. In addition, users at home and branch offices could calmly plug away, no longer worried about meeting deadlines as they struggle with workstation crises.
And you? Well, for once in what may amount to a frustration-fraught career, you could actually manage to get everything done that you intended to.
Amber Boehm works for Niche Associates, which is located in Sandy, Utah.
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.