Bow WOW: The Novell Innerweb: Using Internal Technologies, Novell Eats Its Own Dog Food
Articles and Tips: article
01 Mar 2004
A story making the rounds at Novell these days is one of those that leaves you asking, fact or fiction? The story goes like this: A nameless Novell employee is traveling for an unknown reason someplace in Europe. He discovers he's lost his passport and other identity papers, which were inside the briefcase he left on a train en route to somewhere. Nameless Novell guy goes to the local embassy, where he manages to seat himself at an Internet-ready computer (operating system unknown) and launches the browser (specific type also unknown). From the home page, nameless Novell guy types in the URL to the Novell corporate intranet: innerweb.
When the browser returns the log in screen at https://innerweb.novell.com, nameless Novell guy enters his credentials to the Novell employee eDirectory tree. Seconds later, he's essentially transported to his home office. Nameless Novell guy now has access to literally everything he can see and use from the comfort of his own desk. He opens a file stored on the c:/ drive of his office desktop and allegedly prints out all of the papers he's lost. (According to the story, he scanned and saved these papers before the trip.) As the story ends, nameless Novell guy casually resumes travel, freshly-printed papers in tow.
Now, given the story's scant details, you have to wonder whether it really happened, don't you? I mean is nameless Novell guy a real person who saved his trip by having the foresight to scan and the presence of mind to print his identity papers? Or is the whole story a modern-day business legend? Who knows and, more important, who cares? The truth is that any one of Novell's 6,000 employees could have experienced this little mishap and, more to the point, could have resolved it in precisely the manner described (with the exception, perhaps, of traipsing around Europe with only copies of identity papers).
With access to any Internet-ready computer, regardless of its operating system, and by launching virtually any browser, all Novell employees can log in to innerweb, no VPN required. The result of that single login is impressive and boils down to this: whether they're at work, at home, in meetings or in an embassy thousands of miles from home, Novell employees have what they need to do their jobs. (For real-life stories from named Novell employees, see The Truth About Innerweb.)
You've probably heard or read about the Novell vision of a world without information boundaries. "But sometimes it's hard for people to envision." Not anymore- not with innerweb. Five thousand people around the globe depend on this every day," says Monney.
This fact did not escape the notice of Novell Sales Account Executive Mark Jolley. Jolley makes it a practice to walk into potential customers' offices and ask if he can have a seat-the customer's seat. The message Jolley sends by doing so is as blatant as his approach is brazen: innerweb "is not smoke and mirrors," as Jolley puts it. On the contrary, it's a fully-functional portal that Novell engineers built using Novell technologies to solve Novell's real business problems. (For more information, see Innerweb Technologies At a Glance.)
The Gist of this Innerweb Jazz
Novell employees log into innerweb from a mix of desktop and laptop platforms, including the usual versions of Microsoft Windows as well as Ximian and KDE desktops and, of course, Macintosh. The innerweb doesn't care what operating system employees are running, nor does it really care which browser they're using. The innerweb's only stipulation is that employees use a browser that complies with the World Wide Web Consortium's (W3C's) Document Object Model (DOM). If that sounds restrictive, don't be fooled: Most of the browsers you've heard of are DOM-compliant, including Microsoft Internet Explorer, Netscape, Mozilla, Konquerer, Firebird and iCab.
Gaining access to innerweb is something like clearing the security stalls at the entrance to Novell corporate headquarters, pictured on innerweb's login screen: with proof of their right to pass through these portals, one electronic the other physical, Novell employees gain access to everything at Novell in which they're interested-and to which they're authorized, of course.
When I say everything, I mean everything-right down to the cafeteria menu. And when I say that employees see only the resources they're interested in, I mean that they see only the resources that are uniquely suited for them based on their role and location within Novell. What this means is that some of innerweb's resources-such as Novell eGuide 2.1 (hereafter eGuide), Novell iPrint (hereafter iPrint), Novell newsbriefs, industry news, and the daily cover story-will look the same to all Novell employees, assuming, I should add, that they choose to display them.
Other resources-such as the cafeteria menu, Phoenix (a Web-based sales tool), and Manager Self-Service-are available to only a few employees who are located in the same office, work in the same department, or share the same title, for example. Still other resources-such as Novell GroupWise 6.5 (hereafter GroupWise) calendar and e-mail, Employee Self-Service, the timecard application Upbeat , and Novell iFolder 2.1 (hereafter iFolder)-are available to all Novell employees, but the information displayed in each of these resources is unique to each employee. In other words and as Novell CIO Debra Anderson sums up best, innerweb "is all about giving the right people access to the right information."
To the inexperienced and techno-moronic (which doesn't describe you, of course), this goal might sound simple enough to achieve, but you know better. As a network administrator, you know firsthand that delivering the right information and applications to the right people is not a task to be taken lightly. Indeed, innerweb is the product of years worth of "planning and discussing requirements, audience analysis and ...development work," says Jarid Love, a Novell Web developer.
The innerweb's beginnings go back to the mid '90s, when it offered only static information, such as policies, procedures and product documentation. Parallel to the infant innerweb's development was Novell IS&T's pet project, iLogin.net. iLogin was a Web-based portal that offered employees access to IT-hosted services, including eGuide and GroupWise. On the sidelines, various departments set up their own boxes to host custom solutions.
Having dashes of information here, there and everywhere was a bit messy (but probably not unlike the situation at your company): employees maintained several passwords to log into and out of several systems multiple times daily-just to do their jobs.
Logging On and Gaining Access: The iChain of Events
To solve this problem, Novell engineers simply "brought both content and services under one umbrella," says Novell Web Production Services Manager Dan Cutler. Hence, today's version of innerweb is the product of the now-united iLogin (with its myriad dynamic services), those smatterings of department-specific Web sites and the original static innerweb.
To access this new version of innerweb, Novell employees need enter their credentials only once. innerweb's single sign-on venture is made possible by a security set-up built on Novell iChain 2.2 (hereafter iChain), Novell eDirectory 8.7.1 (hereafter eDirectory) and Novell Nsure Identity Manager 2.0 (hereafter Identity Manager).
As you can see in Figure 1, at the outermost region of this security infrastructure is a pair of Layer 4 (L4) Foundry Networks' ServerIron XL switches sandwiched between two Cisco router firewalls. (See Figure 1.) These L4 switches direct requests from employees' browsers to the least-busy of the two iChain servers that face Novell employees. (For more information, see The iChain Gang.)
Innerweb is an employee portal built on industry-standard Novell technologies. With an Internet connection and using virtually any Web browser, Novell employees can log in to innerweb, where they can access everything they need to be productive.
This cluster of iChain servers (and another that faces Novell customers) fronts three Intel-based servers running SUSE LINUX Enterprise Server 8.2.3. (For more information, see The Chameleon Connection.) Atop SUSE LINUX Enterprise Server, the servers run the Apache Foundation's Apache 2.0.48 Web server and Apache Jakarta Tomcat 4.1.28 Web application server. Equipped with dual 3.0 GHz processors and 5 GB RAM, these three servers actually host all of the major Novell Web sites: novell.com, developer.novell. com, support.novell.com and innerweb.
The innerweb servers also run Novell Nterprise Linux Services 1.0, which features several of innerweb's core technologies, including eGuide, iFolder and iPrint. (For more information about Nterprise Linux Services 1.0, visit www.novell.com/products/linux or read It's Time: Novell Nterprise Linux Services 1.0, Novell Connection, January/February 2004.)
In addition to nearly 85 Novell commercial and custom-built applications, innerweb servers run approximately 35 third-party applications. Now, you don't need to be bored with a complete list, but why don't I rattle off just a few. From innerweb's a-z index and elsewhere on innerweb, Novell employees can select from third-party applications such as US Asset Management, NOVA Budget Management, Remedy Defect Tracking, Expense Management (XMS), Facilities Work Request, Hyperion Group Management, Product Portfolio, Qualification Catalog, Travel Profile, and Web Requisitions Oracle Financials.
Not all innerweb applications are stored on the three Intel-based servers. Proprietary and legacy applications-including applications from Oracle, Siebel and PeopleSoft-run on backend servers. Many of these applications maintain their own data stores and require separate authentication credentials. To extend single sign-on access to as many of these applications as possible, Novell engineers use Identity Manager (formerly known as DirXML).
Identity Manager enables the exchange of user identity information between eDirectory and backend data stores. The result, in this case, is that Novell engineers can store user identity information from these backend systems in eDirectory. Identity Manager drivers ensure that this information is automatically and immediately updated when changes occur in the backend systems. Hence, iChain servers need check only eDirectory to authorize access to even backend systems. (For more information, visit www.novell.com/products/nsureidentitymanager or read Locking Down Identity and Password Management with the New DirXML, Novell Connection, Nov/Dec 2003.)
What employees can see and do on innerweb depends on their unique identity, which is quantified by things like their title, department, office location and personal preferences.
Who's Who? Innerweb Shows What it Knows
Using eDirectory and Novell exteNd Director 4.1 Standard Edition, Novell engineers designed innerweb to display only those resources that are relevant to a particular employee. What employees can see and do on innerweb depends on their unique identity, which is quantified by things like their title, department, office location and personal preferences. All of these details are defined in a handful of auxiliary eDirectory User object attributes that Novell engineers created expressly for this purpose.
Hence, when Jolley logs in to innerweb, what he can see and do is similar to but different than what his co-worker Novell senior systems engineer Stewart Christensen can do. For one thing, as a salesperson, Jolley predictably opts for the bold red color scheme characteristic of Novell. Christensen, in contrast, prefers the softer blue-tones of the "Snow" color scheme. (See Figure 2.)
What employees can see and do on innerweb depends on their identity, which is quantified by title, department, location and personal preferences, such as color scheme preferences.
To set color preferences, employees simply click on one of several color options (including "seasonal") displayed in the gadget labeled "personalize" on the home page. From this same page, employees also can choose whether or not they want GroupWise inbox and calendar to display on their home page.
The innerweb also is smart enough to display information pertinent to an employee's location. For example, the morning after Novell acquired SUSE LINUX, its employees logged into innerweb from SUSE LINUX headquarters in Germany using a username and temporary password they received via e-mail. Once authenticated, the SUSE LINUX employees were greeted by a pop-up "Welcome to Novell" message that included tips on some of innerweb's basic tools and references. The same message and tips were included in a gadget on the home page that Novell engineers removed weeks later.
Likewise, when employees who work at the Novell Provo campus log in to innerweb, they can see the menu at the Hard Disk Cafe, Provo's cafeteria. Employees who work at Novell in Waltham, Massachusetts offices, on the other hand, don't see-because they don't care-that the Provo workers can choose today between Pineapple Beef Roulade or Chicken Tortellini. Instead, they see what's being dished up at 404 Cafe, their own cafeteria.
But the level of personalization that innerweb allows is more sophisticated than color schemes, messaging and menus. In addition to personalization based on employees' personal preferences and office location, innerweb personalizes displays based on employees' roles within Novell.
For example, as a sales representative, Jolley can access Contract Management and Opportunity Management services that help him do his job. Contract Management enables sales personnel to look up information on Novell customers and licensing contracts. To the sales representatives that can access it, Opportunity Management offers a tool for creating, tracking and managing sales opportunities.
Because these services are not relevant to Christensen, he doesn't see them. However, as a manager in the Novell operations department, Christensen can access Manager Self-Service, to which Jolley doesn't have rights. Aggregating information from several different systems, Manager Self-Service offers Christensen a single location from which he can find pretty much anything he needs to know about members of his team, including each team member's time-off balances, cell phone expenses, and completed internal and external training ventures.
Collaboration-The Spot So Hot It's Cool
Collaboration on innerweb is facilitated by eGuide, arguably employees' favorite hot spot. Novell Program Manager Kim Groneman uses eGuide as many as four times daily and Jolley as many as six. Cutler uses eGuide more than any other application on the innerweb and understandably counts it as innerweb's "coolest" feature. (For more information about eGuide, visit www.novell.com/products/eguide.)
eGuide enables users to search any LDAP-compliant directory and is capable of searching several directories at once. For example, when Novell acquired Ximian and SUSE LINUX, Novell engineers had an immediate answer to employees' question, "How do we find these people-and how do they find us?" The engineers enabled eGuide to simultaneously search the Novell eDirectory tree and the white pages applications for these newly-acquired organizations.
eGuide enables employees to search for other employees based on one of several search criteria (ten, to be exact), including business phone, cell/mobile phone, cost center, mail stop, first name and last name (the default setting). Employees qualify their searches by specifying that the entry they're looking for Contains, Does not contain, Starts with, Does not start with, or Equals (among other options) the letters they actually type to start their search.
Hence, if Groneman wants to find Novell Product Manager Gregory Webb, he can search by Last Name, select Starts with, and type in only "We" before clicking the Search button. When he does and before he can say "Gregory Webb," eGuide returns all of the names of Novell employees with last names that start with those two letters. (See Figure 3.)
Innerweb's most popular tool, Novell eGuide enables Novell employees to search for contact and organizational information about other employees, including their photo, title, instant messaging ID, phone, cell, department and manager. By clicking the Organizational Chart tab, employees also can view where the searched-for employee sits on the company ladder.
When employees find the other employees they're looking for, the searchers get a lot more than a simple phone number. In fact, eGuide can return any information you can store about a user in eDirectory. In this case, eGuide returns the employee's picture (assuming the employee allows it), title, instant messaging ID, workforce ID, mail stop, phone, cell, department, manager, assistants and location.
Employees also can click the Organizational Chart tab, where they get the picture (literally) of where this searched-for-andfound employee sits in relation to other Novell employees. If Groneman needs to e-mail everyone on Webb's team, he clicks the "E-mail this team" button, and eGuide opens a message addressed to each team member. Novell employees obviously use GroupWise. However, even if each member of a team used a different e-mail program, eGuide still would enable this one-click communication.
In fact, eGuide goes beyond facilitating communications via e-mail. From eGuide, which runs on all major platforms (including Linux, Solaris, NetWare, Windows and AIX), employees can launch whatever communications tool suits the occasion, be it e-mail, instant messaging or video conferencing.
From within eGuide, employees can change some of their own information, such as their cell phone number. Other information can be changed only by an employee with rights and access to the authoritative data source. For example, the authoritative data source for employees' workforce ID numbers is PeopleSoft. Only someone in Human Resources with rights to PeopleSoft can enter an employee's workforce ID number, after which Identity Manager updates eDirectory.
Incidentally, you can download eGuide free of charge from http://download.novell.com/pages/PublicSearch.jsp.
Personal Files and Corporate Printers-Wherever, Whenever
Remember nameless Novell guy? His ability to open the files on the c:\ drive of his home office computer from an embassy thousands of miles away was due to innerweb's use of iFolder.
iFolder is a backup and storage tool that ships with Nterprise Linux Services 1.0, NetWare 6.5 and Novell Small Business Suite 6. (For more information about iFolder, visit www.novell.com/products/ifolder. You also can read Tip the Scales, Novell Connection, May 2002.)
To make their files available from anywhere, employees need only save them in the iFolder on their desktops or laptops, after which they can access those files from anywhere they have an Internet connection and a standard browser. (See Figure 6.) iFolder secures the data by encrypting it as it crosses the Internet and by storing it encrypted on the iFolder servers (in this case, accessed through the innerweb servers), where copies of the data are stored.
To make their files available from anywhere, employees need only save them in the iFolder on their desktops or laptops, after which they can access those files from anywhere they have an Internet connection and a standard browser.
What this means to Novell employees is that their data is always current, always safe and always available from wherever they are- even if they leave their printed files on a train en route to somewhere. To Novell and the Novell network administrators, it means that valuable data is centrally stored and therefore easier to manage and back up.
When they need to print their data, employees frequently find iPrint handy. Available in Nterprise Linux Services 1.0 and NetWare 6.5, iPrint is the Novell implementation of Internet Printing Protocol (IPP), an Internet standard that defines operations and attributes for application-level printing over the Internet. (For more information, visit www.novell.com/products/iprint. You also can read iPrint: Access a Printer from Anywhere, Novell Connection, August 2001.)
iPrint enables employees to find and print to any printer in any one of the Novell offices without having to leave their desks. For example, Christensen, who works in Provo, was working last year on a BrainShare presentation with a co-worker, who works in Sydney. Christensen wanted to show his co-worker the latest changes to their presentation in hard-copy format. He didn't have to fax it to do so. Using iPrint via innerweb, he opened a map of the Sydney office and clicked on the floor where his co-worker hangs out. (See Figure 4.) From this map, Christensen was able to locate, select and print to the color printer nearest his co-worker.
Novell iPrint, another core innerweb technology, enables employees to find and print to any printer in any of the Novell offices worldwide (including the Sydney office, shown here) without having to leave their desks.
Taking Care of Their Own Business
iPrint is only one example of innerweb making available as many tools as possible that share the goal of helping employees help themselves.
Perhaps the most useful of these self-help tools is the password self-administration tool, which has spared the Novell helpdesk quite a few calls. In fact, prior to the availability of this tool, 30 percent of the 100 daily helpdesk calls were password related; now, the helpdesk receives fewer than five such calls per day. (See Figure 8.)
Perhaps the most useful of these self-help tools is the password self-administration tool, which has decreased password-related helpdesk calls by 83 percent.
An Identity Manager feature, the password self-administration tools enables employees to reset their own password, PIN and secret question, all three of which they choose themselves. To change any one of these, employees must know two of the three secrets. For example, employees can reset their passwords when they enter their PIN and correctly answer their secret question.
Personal Personnel Info
From the Employee Self-Service tool, employees can manage their own personal personnel information. (See Figure 7.) Among other things, employees can update their addresses, make notes on personal objectives, and see which computers are assigned to them; they can see the internal training sessions that they've taken and that they're qualified to take; they can manage expense reports and review payroll information; and they can access time card information, track vacation days and schedule time off, requests which are automatically routed to their managers for approval.
From the Employee Self-Service tool, employees can manage their own personal personnel information, such as address, objectives, inventory, expense reports, payroll, vacation, etc.
The Employee Self-Service tool (like Manager Self-Service) is a custom-built JSP that gathers and displays information from backend systems, namely PeopleSoft and Oracle Financials. To gather this information, the JSP does a standard SQL query into the databases behind these applications. Because of the exceptionally confidential nature of the information it displays, Employee Self-Service is one of very few areas on innerweb where employees are prompted to re-enter their credentials.
The Information Self-Service tool enables employees to view and create reports. To date, there are more than 300 reports available, but no single employee has access to them all. Which reports they see depends on their identity. For example, salespeople can view current forecasts for their areas. IS&T managers can view helpdesk statistics in real time. (See Figure 5.) Financial personnel can generate purchasing reports and keep tabs on outstanding accounts. If they are unable to find the information they need, employees can generate their own reports using an innovative series of report-creation wizards.
To date, there are more than 300 reports available...Which reports they see depends on their identity. IS&T managers can view helpdesk statistics in real time.
The point of Information Self-Service is to provide employees with access to the information they need to make smart decisions. Take the cell-phone usage report, for instance. In addition to displaying statistics on cell-phone usage and expenses, this report displays employees' current plan and other available plans. Armed with this information, employees can make informed decisions about whether they're on the most cost-effective cell-phone plan.
Told You It Could Happen
If you're interested in setting up a portal for your company that's similar to innerweb, take a look at Virtual Office. Available in NetWare 6.5 and Novell Nterprise Linux Services 1.0, Virtual Office is a ready-to-go portal that comes with several preconfigured gadgets. Out of the box, Virtual Office features many of innerweb's core assets, including eGuide, iFolder, iPrint, password management, company news and Web mail. (For more information, see Free to Move, Novell Connection, Jan/Feb 2004.)
Don't get me wrong: Virtual Office is not innerweb in a box. Complex, company-specific and enterprise-wide solutions like innerweb don't come in a box. Such solutions are the product of engineers' blood, sweat and tears. Virtual Office, on the other hand, requires no such thing. After installation and setup, Virtual Office is immediately usable. If you look closely, you might see in Virtual Office a glimmering of the much more complex portal that you could build, if you invested the pound of flesh required to do so.
Novell engineers have invested their pounds of flesh in innerweb-and the results are in. (For more information, see Sense and Cents-ibility.) Every day, Novell employees log in to innerweb as part of their everyday routines. Some days, some employees use innerweb for not-so-routine purposes, like nameless Novell guy, the hero of this article's introduction.
Do you want to know the truth about that introduction? So do I. Alas, I don't know whether that story is fact or fiction, but I do know of a similar story that I've confirmed as fact. The story goes like this: When Novell employees Liz Tanner and Christa Hoyal headed to Vietnam for a two-week humanitarian service trip, Novell Editor-In-Chief Eric Schetselaar had the presence of mind that they apparently did not. Like nameless Novell guy, Schetselaar scanned all of Tanner's and Hoyal's travel documents- including their itineraries, tickets, passports, visas and drivers' licenses-and stored them in their iFolders.
Suppose Tanner or Hoyal had lost their documents while traipsing about Vietnam, Thailand, Cambodia or Hong Kong. If they had, the exploring duo could have simply printed out their documents from an Internet kiosk at a hotel, airport or local embassy. In this case, however, "They luckily didn't have to print their papers," Schetselaar admits.
Never mind the lack of drama. This story is true. More important, this story and the story about nameless Novell guy, underscore the same point: with innerweb, employees can access the tools they need from wherever they are using whatever platform and browser they happen to have handy.
The Truth About Innerweb
Suppose a writer explains that she's researching microwaves and asks, "Can you think of a time when your microwave proved particularly useful?' What's your response? Your immediate response is probably silence, the outer manifestation of an inner struggle to recall a story that goes beyond the mundane. You want to give this writer something witty, something quotable. Finally, you admit that you just use your microwave to heat up leftovers.
Like microwaves, the products of good technology serve their self-invented purposes so well that a need is born for the services they provide. Before you know it, no one can imagine life without these products. In fact, when technology is good-really good-few users have anything earth-shattering to say about it because techno-tools that faultlessly serve their purpose are easily taken for granted. Such seems to be the case with innerweb.
Ask Novell employees when innerweb proved particularly handy, and they panic just a little and sometimes apologize. "Sorry," says Novell Web Production Services Manager Dan Cutler. "My experience with [innerweb] is fairly common. I use it daily, but I can't recall a time when I thought I'd die without it. Now if you took it away," he trails off, implying that work without innerweb is no longer an option.
Cutler's comment is not unique among the Novell employees we spoke with, and his and the others' comments are unwitting testaments to innerweb's strength: it's built on good technology. innerweb flawlessly fills the need it has created and, as a consequence, has slipped without notice into Novell employees' daily routines.
For Novell Customer Response Center Manager Jason Hardin, innerweb is inextricable from his daily routine. Hardin leaves innerweb running and checks it about 20 times daily, he says. Hardin uses eGuide about five times a day and also finds all of the self-service tools useful, including Information Self-Service, Employee Self-Service and Manager Self-Service.
While Novell Product Support Forums' Program Manager Kim Groneman doesn't access innerweb as frequently as Hardin, he does access it consistently, "on average, three to four times daily." Groneman frequently uses eGuide and also regularly references Novell Product Portfolio, where he can find product information and locate product managers. Groneman also periodically accesses Employee Self-Service to retrieve paycheck information and submit expense reports.
Novell Connection Editor-In-Chief Eric Schetselaar first panics in response to our question about his use of innerweb, then apologizes for not using it much, and finally proceeds to list what he does use it for: to check his GroupWise e-mail and calendar from home, to file his expense reports, and, okay, to check the daily menu at the Hard Disk Cafe, Provo's cafeteria.
For Novell Sales Account Executive Mark Jolley, innerweb is more than a menu guide: innerweb is a perpetual, live demonstration of "myriad Novell technologies." Jolley makes a habit of logging into innerweb from potential customers' machines and explaining that he wants to demonstrate how Novell runs its business using its own industry-standard technologies. Within seconds, his demonstration opens the door to discussions about collaboration, resource management, authentication and secure single sign-on, common "pain points for executives," Jolley points out.
With innerweb as his sales tool, Jolley has little to say: "the technology speaks for itself."
Innerweb Technologies at a Glance
End-to-end visual tools
Novell iChain 2.2
Novell eDirectory 8.7.1
Novell Nsure Identity Manager 2.0
Innerweb Web Servers
SUSE Linux 8.2.3
Ximian Red Carpet Enterprise 2
Novell exteNd Director 4.1 Standard Edition
Novell Nterprise Linux Services 1.0
Novell eGuide 2.1
Novell iFolder 2.1
Novell ZENworks OnDemand Services 2
The iChain Gang
A cluster of two Novell iChain 2.1 servers faces Novell employees and fronts innerweb. Among other functions, these two iChain servers protect innerweb's Web servers by rendering them essentially invisible: all outbound traffic appears to originate from the iChain servers, on which most of innerweb's information and applications are stored.
The iChain servers also accelerate employees' access to information and applications by caching Web site content. When requests come in for content that's already been requested, iChain serves it up straight from cache. This caching system not only delivers the goods to employees at the speed they demand but also conserves network bandwidth.
To provide authentication and authorization services, iChain works with Novell eDirectory 8.7.1. When employees enter the innerweb URL, iChain returns a secure login screen using Secure Sockets Layer (SSL). Employees then enter their eDirectory username and password, which iChain validates against eDirectory using the Lightweight Directory Access Protocol (LDAP). If the employee is authenticated, iChain sends a session cookie to the employee's browser, which stores the cookie in memory. This session cookie contains a key that iChain uses to maintain the authenticated session.
When authenticated employees attempt to access specific innerweb resources, iChain consults eDirectory to determine whether this employee is authorized to do so. iChain enforces access control based on employees' Group object memberships, container associations and any combination of User object attributes.
The Chameleon Connection
In December 2002, Novell IS&T mapped out a bold plan to migrate the major Novell Web sites-namely novell.com, developer.novell.com, support.novell.com and innerweb.novell.com-from an aging, proprietary Web server environment to a new, open source environment. At the time, the Web sites were hosted on three proprietary servers equipped with four 450 Mhz processors and 4 GB RAM.
As you might expect, the plan was not without concerns. Like many organizations, Novell IS&T was loathe to give up the security of a maintenance plan, which assured them that if something went wrong, they could simply pick up the phone and call for support.
Despite these concerns, Novell IS&T persevered along the roadmap of their own making, and one year later, they'd done it: Novell IS&T migrated the three proprietary servers to three Intelbased servers equipped with dual 3 Ghz processors and 5 GB RAM each. The new servers run SUSE LINUX 8.2.3 and Novell Nterprise Linux Services 1.0, which includes The Apache Foundation's Apache 2.0.48 Web server and Apache Jakarta Tomcat 4.1.28 Web application server.
The migration went smoothly: Novell IS&T personnel replaced the servers one machine at a time, running the load on two servers during transitions. Novell employees and customers continued to access the Novell Web sites without interruption throughout the migration process, the associated time and cost savings of which are impressive.
Migrating to Linux (rather than refreshing the former proprietary environment) enabled Novell to host its Web sites on inexpensive Intel-based hardware. According to Novell Web Production Services Manager Dan Cutler, the former servers cost US$48,000 each (as of two years ago). In addition, Novell IS&T purchased host adapter cards for each server and used a compact Storage Area Network (SAN) solution for disk storage, bringing the total cost for these servers to approximately US$200,000. In contrast, the new servers cost US$12,000 each, for a grand total of approximately US$36,000.
The migration saves money in other arenas as well. For example, in addition to avoiding software licensing fees by running open source software, Novell saves $20,000 yearly because it no longer pays for a maintenance plan. Novell IS&T personnel found that their concerns regarding the lack of such a plan were unfounded: "We find plenty of information through self-help tools on the web," says Cutler.
In a January 8, 2004 internal announcement on the subject of the Linux migration, director of Novell IS&T Infrastructure Services Department Don Morrison reports that the Novell and Linux products work well: "The performance screams," Morrison says, "and after one week, the environment already requires less care and feeding than our previous implementation."
The problems with the previous environment stemmed primarily from its age. IS&T personnel restarted each Web server's services about every other day, experienced memory leaks and, "were messing with production hardware quite a bit just to keep things running," Cutler says. The new environment stands in sharp contrast. At the time this article was written, the servers already had been running without interruption for one month.
What Novell has experienced thus far with open source software has been positive indeed. When prompted to discuss them, Cutler shares several of his theories regarding why Linux improves reliability and stability. "I don't know how to boil it down into sound bites," Cutler says, but "development in the open source world [is based on] real-life cases," and, as a result, produces "something that runs better in more shops."
Sense and Cents-ibility: The Innerweb Payoff
Novell has saved time and money through innerweb, which offers the following benefits:
Consolidates all of the previously isolated Novell intranets, thereby reducing the time and increasing the convenience by which 6,000 Novell employees can access the information they need to be productive
Enables employees to securely access a personalized employee portal from anywhere, 24x7 using a single ID and password
Enables employees to access pertinent static content as well as applications at greater speed
Improves quality of employee information by providing single location for updating and maintaining relevant data
Empowers business users to publish and edit Web site content without the aid of HTML and portal skill set previously required, eliminating the need for IT personnel to do so and the associated bottleneck
Significantly reduces helpdesk load through password self-administration tool
Doubles as a sales tool
Enables Novell sales force to showcase Novell technologies as a solution to common pain points
Reduces IS&T Support Center workload and costs:
Requires IS&T personnel to support only a single intranet site
Migration to open source environment reduces hardware and software costs, enabling IS&T to run the major Novell Web sites, including innerweb, on Intel-based hardware rather than refreshing an aging, proprietary environment
Former proprietary hardware cost approximately $200,000; three new Intel-based servers cost approximately $36,000
No longer pay software licensing fees for Web server and Web application servers
No longer carry $20,000 maintenance plan
Linux migration improves system's reliability and stability, reducing workload
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.