Managing NetWare 3 NetWare 4
Articles and Tips:
Blair W. Thomas
01 Jun 1998
If you are managing a network that includes both NetWare 3 servers and NetWare 4 servers, you may be managing each environment separately. Obviously, managing users and network resources in both environments is redundant, increasing management costs. You may even need to hire more network support personnel to manage both environments.
This article explains how to add a NetWare 3 server to a Novell Directory Services (NDS) tree and how to manage all network resources through NDS. By integrating your company's NetWare 3 servers with the NDS tree, you can reduce management costs and manage network resources more efficiently.
INTEGRATING NETWARE 3 WITH NDS
You can use either Novell's NETSYNC utility (which is included with intraNetWare and NetWare 4.11) or NetVision's Synchronicity for NetWare 3 to integrate a NetWare 3 server with the NDS tree. You can then use NDS's hierarchical structure to organize users and network resources, and you can manage user and group accounts through NDS.
THE NETSYNC UTILITY
With the NETSYNC utility, you can attach up to 12 NetWare 3 servers to one NetWare 4 server in what is known as acluster. To run the NETSYNC utility, you must load the NETSYNC4 NetWare Loadable Module (NLM) on the NetWare 4 server. You must then load the NETSYNC3 NLM on each NetWare 3 server.
After you have loaded the NETSYNC4 NLM, the NetWare 4 server can emulate a bindery. The NETSYNC utility then copies all of the user and group accounts from the bindery on each NetWare 3 server into the bindery context on the NetWare 4 server, creating a User or Group object for each account.
The NETSYNC utility also downloads every object in the bindery context on the NetWare 4 server to the bindery on each NetWare 3 server, thus creating a common, synchronized bindery. In essence, the NETSYNC utility creates a "super bindery," which contains the user and group accounts from all of the NetWare 3 servers in the cluster.
Although the NETSYNC utility synchronizes the bindery with the NDS tree, this utility has the following limitations:
The NETSYNC utility supports only 12 NetWare 3 servers connected to one NetWare 4 server.
The NETSYNC utility synchronizes the bindery on each NetWare 3 server only with the NetWare 4 server running this utility. If this NetWare 4 server is down, the NETSYNC utility cannot synchronize the bindery with the NDS tree.
The NETSYNC utility does not resynchronize the bindery with the NDS tree when the NetWare 4 server is rebooted. As a result, any changes made to the NDS tree while the NetWare 4 server was down are not made to the bindery.
The NETSYNC utility synchronizes the bindery only with the replica stored on the NetWare 4 server running this utility (rather than with the entire NDS tree).
If the NetWare 4 server is synchronizing the bindery on multiple NetWare 3 servers, the NETSYNC utility sends each NetWare 3 server the user and group accounts for all of the NetWare 3 servers (up to 12 servers, as mentioned earlier). As a result, the performance of these servers is degraded.
SYNCHRONICITY FOR NETWARE 3
Synchronicity for NetWare 3, on the other hand, is not burdened with the limitations of the NETSYNC utility. Synchronicity for NetWare 3 provides a single point of administration and can scale to any number of NetWare 3 servers.
Synchronicity for NetWare 3 includes three components:
The Global Event Service NLM, which runs on the NetWare 4 servers
A synchronization agent, which runs on one NetWare 4 server and can communicate with up to 12 NetWare 3 servers
A snap-in module for Novell's NetWare Administrator (NWADMIN) utility that supports bindery attributes
Global Event Service NLM
With Synchronicity for NetWare 3, you load an NLM only on the NetWare 4 server. No additional software is required on the NetWare 3 server. (See Figure 1.)
Figure 1: Each of the components for Synchronicity for NetWare 3 work together to provide integration between NetWare 3 and NetWare 4 servers.
You must load the Global Event Service NLM on at least one NetWare 4 server containing a master partition or a read-write partition that will be synchronized with the bindery on each NetWare 3 server. If this NLM is not loaded, Synchronicity for NetWare 3 cannot synchronize the necessary information.
You can load the Global Event Service NLM on any number of NetWare 4 servers. If you load this NLM on multiple servers, you can load balance between servers and minimize network traffic. We recommend that you load the NLM on the NetWare 4 servers that are located near the NetWare 3 servers. This NLM requires little overhead because it monitors all NDS events but generates event notifications only when a change is made to the NDS tree.
Synchronization Agent
The synchronization agent supports bidirectional synchronization from the bindery to the NDS tree, and vice versa. When a change is made to the NDS tree, the Global Event Service NLM transmits an event notification to the synchronization agent, which automatically triggers the synchronization process.
When a change is made to the bindery, however, the synchronization process does not automatically occur. Instead, you must manually start this process, or you can schedule the process to occur at a specific time. (We recommend that you modify user and group accounts through NDS, rather than through the bindery. In this way, the changes will be automatically synchronized.)
The synchronization process is event driven: The bindery and the NDS tree communicate only when an NDS event occurs, thus minimizing network traffic. For each NDS event, only the relevant changes are synchronized, which further minimizes network traffic.
In addition to synchronizing changes, the synchronization agent can synchronize users' NetWare 3 passwords with their NDS passwords, and vice versa. You can synchronize these passwords when you install Synchronicity for NetWare 3, or each user can synchronize his or her own password later using the NetVision Change Password utility. (Users can access this utility from a NetWare 4 server running Synchronicity for NetWare.)
Because NetWare 3 passwords are encrypted, the synchronization agent cannot retrieve these passwords directly from the bindery. However, when the user and group accounts from a NetWare 3 server are integrated with the NDS tree, NetWare 3 passwords are also imported into NDS. As a result, you can then change these passwords through NDS.
Snap-in Module
The snap-in module for the NWADMIN utility allows you to manage your company's NetWare 3 servers from a central location, just as you manage NetWare 4 servers. You manage a NetWare 3 server through the corresponding NetWare 3 Server object, which the snap-in module creates in the NDS tree when you integrate the server with the NDS tree.
You do not need to integrate every NetWare 3 server with the NDS tree. For example, if your company had a large network, you could integrate the NetWare 3 servers in a particular department only with the department's Organizational Unit (OU) object in the NDS tree. You could then grant a departmental administrator rights to manage that department's NetWare 3 servers and OU object.
When you integrate a NetWare 3 server with the NDS tree, you can also integrate existing user and group accounts. As a result, you do not have to create a corresponding User or Group object for each user or group account. Instead, you simply double-click any NetWare 3 Server object to view or modify all of the user and group accounts stored on that server. (See Figure 2.)
Figure 2: Using the NWADMIN utility, you can double-click a NetWare 3 Server object to view or modify the user and group accounts stored in the bindery.
In addition, you can "map" NDS usernames to NetWare 3 usernames using the one-by-one approach, which allows you to map a particular NDS username to the corresponding NetWare 3 username. If each NDS username is different than the corresponding NetWare 3 username, the one-by-one approach is required. To map an NDS username to a NetWare 3 username or to find out if an NDS username is mapped to a NetWare 3 username, you use the NWADMIN utility.
You also use the NWADMIN utility, to determine which NDS objects are being synchronized with bindery objects. You can then define rules that determine how name conflicts will be resolved during the integration process.
Although the snap-in module for the NWADMIN utility allows you to manage the synchronization process between the bindery and the NDS tree, this utility does not actually participate in the synchronization process. Rather, you use the NWADMIN utility to make changes to the NDS tree, and the synchronization agent automatically synchronizes these changes with the bindery. For example, if you modified a User or Group object that is associated with a NetWare 3 server, the synchronization process occurs, synchronizing this change with the appropriate NetWare 3 server.
Security Features
Because Synchronicity for NetWare 3 uses NDS's security features, you can prevent unauthorized NDS access. Any network administrator who wants to manage user and group accounts through NDS must log in to the NDS tree. In addition, the bindery and the NDS tree communicate using the same security that NetWare 4 uses.
Synchronicity for NetWare 3 even provides its own security features. For example, Synchronicity for NetWare 3 includes a security definition list that you can use to further define which users and network resources can be integrated with NDS, thus restricting the amount of information that must be synchronized.
CONCLUSION
If you need to quickly upgrade to NetWare 4, you may want to simply use one of the many upgrade tools that are available. If you can upgrade to NetWare 4 more slowly, however, you should use the NETSYNC utility or Synchronicity for NetWare 3.
Because the NETSYNC utility is not designed to be a full-featured integration solution, we recommend using Synchronicity for NetWare 3. Synchronicity for NetWare 3 keeps both environments synchronized while providing you with a single point of administration.
Synchronicity for NetWare 3 has the following minimum system requirements:
intraNetWare, NetWare 4.11, or NetWare 4.1
NetWare 3.12 or NetWare 3.11
5 MB of free hard drive space on the SYS volume
A Windows NT or Windows 95 workstation that is running the NWADMIN utility
For more information about Synchronicity for NetWare 3 or to download an evaluation copy, visit NetVision's World-Wide Web site (http://www.netvisn.com). You can also call 1-801-764-0400.
Jeffrey F. Hughes and Blair W. Thomas are senior consultants at Novell. They have written several books about NetWare and NDS. For more information about NDS design and implementation, visit their web site (http://www.directorydesign.com).
NetWare Connection,June 1998, pp.30-32
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.