Upgrading and Repairing Networks (5th Edition)

Besides the new name , the eDirectory comes with a few features not found in Novell Directory Services (NDS). Some of these are listed here:

  • Transport Layer Security (TLS) ” This is an enhancement of the Secure Sockets Layer protocol and is used to set up a secure connection across the network. Support for SSL is also included, and both TLS and SSL are implementations based on the OpenSSL version.

  • iMonitor Version 2 ” This feature enables you to monitor eDirectory functions using a Web browser.

  • The Simple Network Management Protocol (SNMP) ” You can now monitor eDirectory events using the standard SNMP protocol.

  • Extensible Match ” A method of searching a directory database, defined in RFC 2251, "Lightweight Directory Access Protocol (v3)."

  • Backup and Restore ” A new tool, Backup eMTool, enables hot backups. Cold backups can also be performed. Unlike the older TSA backup utility, which can back up an entire NDS tree, the Backup eMTool is used to back up partitions on a single server.

TLS/SSL

These protocols are placed between the Application layer and the TCP/IP layer in the protocol stack. Applications (such as HTTP) are sent through TCP/IP sessions encrypted using TLS or SSL. These two protocols use a public/private (asymmetric encryption) key technique to set up an initial connection, and then create a single key (symmetric encryption) that is used for the data transfers that follow.

TLS/SSL can use many types of symmetric encryption, which is negotiated during the setup phase. SSL can also be found in your typical browser/Web server environment, where it is used to create secure connections for exchanging sensitive data, such as credit-card numbers .

iMonitor

This utility complements, and can work with, the NetWare Remote Manager used for NetWare 5.x networks. You can use a browser from a remote location in your network to examine statistical and diagnostic information about eDirectory replicas, partitions, and servers. iMonitor can replace traditional tools used to gather information about directory services, such as DSBrowse, DSTrace, and DSDiag. Additionally, some of the features of DSRepair can be found in iMonitor.

Note

To use the iMonitor utility, you must have an account that grants you the rights to view specific information. Depending on your account, some of the features that iMonitor offers may not be available to you.

Some of the information you can view using iMonitor include the following:

  • The health of the eDirectory on a server, replica, or partition. The Agent Synchronization Summary shows the information about synchronization between the current server and other replicas and partitions, such as errors and the time since the last synchronization. You can also set up filters so that only specific information fields are displayed.

  • The Agent Information Page enables you to see data about connections made by the server. You can see addresses that can be used to access the server and timing information, among other data.

  • The Known Servers List shows the names of servers that are known by the server you are monitoring, including which servers are part of a replica ring. You can also see which servers are up and running, and those that are offline. The time at which the current server last communicated with another server is displayed; the state of a server is set to unknown if the current server has never communicated with a remote server.

  • The Partitions page shows data about replicas on the current server that you are monitoring. This information includes information about both replicas and partitions, showing the last time data was written to the replica as well as information about the synchronization status for partitions and replicas on the server.

  • The Agent Activity page displays information about network traffic and can be used to identify system bottlenecks, and gives some information about background processes, among other items.

  • The Error Index page displays errors on eDirectory servers. This includes errors specific to the eDirectory as well as other errors, with links to Novell documentation about the errors when available.

iMonitor can perform other functions in addition to those covered in the preceding list. For example, you can run several reports that come with iMonitor or create customized reports . You can use the Schema page to examine class and attribute definitions in the schema. You can also search for specific objects based on the schema definitions.

The Simple Network Management Protocol (SNMP)

For many years SNMP has been an industry standard used to monitor network devices. Items that are monitored are stored in a Management Information Base, usually referred to as an MIB. As new hardware is developed, it is necessary to create a new MIB that contains information about what can be monitored .

You can learn more about SNMP in Chapter 53, "Network Testing and Analysis Tools."

The MIB for the eDirectory contains four types of managed objects. The Cache Database Statistics Table is used to monitor statistical information about entries cached on each eDirectory server. The Config Database Statistics Table collects similar information about entries on the server, not cached entries. The Protocol Statistics Table is used to monitor access and operations for the eDirectory server, as well as errors.

The eDirectory MIB contains 119 traps, which are beyond the scope of this chapter. You can find a description of each trap in the eDirectory documentation.

Extensible Match

This version of the eDirectory supports partial functionality of an extensible match. Basically, an extensible match is the capability of using a filter to search an LDAP directory by using matching rules and the values that are to be searched for, including which attributes are to be searched. At this time eDirectory (version 8.7) supports only matching for the Distinguished Name (DN) of an object.

Note

RFC 2251, "Lightweight Directory Access Protocol (v3)," contains a full description of the functionality provided by using an extensible match.

Because this version of the eDirectory does not support user -specified matching rules, only an exact match is performed.

Backup and Restore

Previous versions of NDS used TSA for making backups of the directory database. You can still use this utility with the eDirectory. However, a new tool has been created that you might find more beneficial if your network is accessed around the clock: the eDirectory Backup eMTool. Backup eMTool is a component of the eMBox set of tools, so you will need to install the eMBox service on the server that you want to back up using Backup eMTool. There are several differences between TSA and Backup eMTool. The older TSA is used to back up an entire directory tree. Backup eMTool is used to back up that portion of the directory stored on a server. Thus, if you have only a small LAN that uses a single server to hold the entire directory tree, using TSA might be a good solution for the time being. Yet, as the directory continues to be enhanced, you may find that changing to the new backup tool is a good idea at this time.

This new backup utility can be used on all operating-system platforms that can host the eDirectory, and it has several new features:

  • You can easily restore the backup to an individual server.

  • The backup process is capable of backing up the eDirectory as it scales to larger capacities over time. The only bottleneck is the speed of the connection between the server hosting the directory database and the backup device.

  • When used with the DSMASTER (disaster recovery) servers, you can quickly restore the directory tree.

  • You can back up files other than just the directory database files, such as security files and other files you specify.

  • You can remotely administer the backup process using a browser, or create a batch file to automatically perform the backup process.

  • You can create a "hot" backup that creates a backup of the entire database, without having to take the database offline. Or you can perform a cold backup.

Note

The eDirectory Backup eMTool can be used to create a backup of a partition of the database and files stored on a server. It cannot be used to back up or restore portions of the database partition. Additionally, you can create a backup of the databases and associated files only onto a disk. You must then use another backup utility to put the backup to tape.

If you choose to use a batch file to perform the backup, don't forget to check the log file produced to make sure that the backup was successful. Before using the new backup utility, you should upgrade all servers holding replicas to at least version 8.5 of the eDirectory, or later if possible.

For remote backups, install the eMBox client on the server. You can also use iManager with this backup utility, but a cold backup, among other features, is not supported using iManager.

Note

For those unfamiliar with NetWare 6.x, eMBox is a Java client that enables command-line interaction with Backup eMTool, as well as other NetWare utilities. When you install the eDirectory, the eMBox client is automatically installed. You can copy the file ( eMBoxClient.jar ) to other servers if you want to use those servers to perform the backup remotely. eMBox requires Sun's Java Virtual Machine, version 1.3.1.

Although Backup eMTool is faster than TSA, TSA can write backups directly to tape. Because Backup eMTool simply creates a backup on the file system of the server, you could lose the data should the server encounter an unrecoverable hardware problem, such as a disk failure. Because of this, you should always schedule a backup to tape immediately following the backup created by Backup eMTool. The main benefits you get from using Backup eMTool are that you can back up just a partition, and not the entire tree, and you can perform a hot backup. The tape backup can be scheduled to run on a server that has additional hardware capacity so that the tape backup does not degrade the server's main goal of providing directory services for users on the network.

Related

Категории