Novell Network Management Netware 6 Instructor Guide Volume 2

Novell Network ®
Management
Novell Education w w w. n o v e l l . c o m
COURSE 3004
I N S T R U C TO R G U I D E
Vo l u m e 2
100-004813-001
Version 1
Proprietary Statement Novell, Inc. Trademarks
Copyright © 2002 Novell, Inc. All rights reserved. AppNotes, ConsoleOne, GroupWise, NDS, NDPS, NetWare, the N-Design, and
Novell are registered trademarks of Novell, Inc. in the United States and other
No part of this publication may be reproduced, photocopied, stored on a retrieval countries.
system, or transmitted without the express prior consent of the publisher. This
manual, and any portion thereof, may not be copied without the express written BorderManager, eDirectory, IPX, IPX/SPX, NCP, NetWare Core Protocol, the
permission of Novell, Inc. NetWare Logotype (teeth logo), NetWare Peripheral Architecture, NLM, Novell
Certificate Server, Novell Client, Novell Distributed Print Services, SPX,
Novell, Inc. Transaction Tracking System, TTS, and ZENworks are trademarks of Novell,
1800 South Novell Place Inc.
Provo, UT 84606-2399
Certified Novell Engineer is a service mark and CNE is a registered service mark
of Novell, Inc. in the United States and other countries.
Disclaimer
Other Trademarks
Novell, Inc. makes no representations or warranties with respect to the contents
Apple, AppleShare, and AppleTalk are registered trademarks of Apple
or use of this manual, and specifically disclaims any express or implied
Computer, Inc.
warranties of merchantability or fitness for any particular purpose.
BindView is a registered trademark of BindView Development Corporation.
Further, Novell, Inc. reserves the right to revise this publication and to make
changes in its content at any time, without obligation to notify any person or Drive Image is a trademark of PowerQuest.
entity of such revisions or changes.
Linux is a registered trademark of Linus Torvalds.
Further, Novell, Inc. makes no representations or warranties with respect to any
Macintosh is a registered trademark of Apple Computer, Inc.
NetWare software, and specifically disclaims any express or implied warranties
of merchantability or fitness for any particular purpose. NetDirector is a registered trademark of UB Networks.
Further, Novell, Inc. reserves the right to make changes to any and all parts of Netscape Navigator is a registered trademark of Netscape Communications
NetWare software at any time, without obligation to notify any person or entity Corporation.
of such changes.
OpenView is a registered trademark of Hewlett-Packard Company.
This Novell Training Manual is published solely to instruct students in the use of
Pentium is a registered trademark of Intel Corporation.
Novell networking software. Although third-party application software packages
are used in Novell training courses, this is for demonstration purposes only and PS/2 is a registered trademark and WebSphere is a trademark of International
shall not constitute an endorsement of any of these software applications. Business Machines Corporation.
Further, Novell, Inc. does not represent itself as having any particular expertise Solaris is a registered trademark of Sun Microsystems, Inc.
in these application software packages and any use by students of the same shall
Tru64 is a trademark of Digital Equipment Corporation.
be done at the students’ own risk.
UNIX is a registered trademark in the United States and other countries, licensed
exclusively through X/Open Company, Ltd.
Software Piracy Windows and Windows NT are registered trademarks of Microsoft Corporation.
Throughout the world, unauthorized duplication of software is subject to both
criminal and civil penalties.
If you know of illegal copying of software, contact your local Software
Antipiracy Hotline.
For the Hotline number for your area, access Novell’s World Wide Web page at
http://www.novell.com and look for the piracy page under “Programs.”
Or, contact Novell’s anti-piracy headquarters in the U.S. at 800-PIRATES (747-
2837) or 801-861-7101.
Trademarks
Novell, Inc. has attempted to supply trademark information about company
names, products, and services mentioned in this manual. The following list of
trademarks was derived from various sources.
Novell Network Management / Instructor Guide Contents
Contents
Course Setup
Set Up the Classroom . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setup-1
Setup Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setup-2
Setup Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setup-4
Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setup-4
Introduction
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-1
Prerequisite Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-1
Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Relationship to Other Courses in the Curriculum . . . . . . . Intro-2
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-4
Departments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6
Company Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-7
Executive Staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-7
Exercise Intro-1 Use ConsoleOne to
Manage Objects in the Tree . . . . . . . . . . . . . . . . . . . . . . . . . Intro-8
TOC-iii This document should only be used by a Novell-certified instructor. Version 1

Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
MODULE 1 Identify Troubleshooting Skills and Resources

for Network Management
SECTION 1 Use a Systematic Troubleshooting Process
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Objective 1 Describe the 6-Step Network Troubleshooting Model . . . . . . 1-2
Step One: Try a Quick Fix . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Step Two: Gather Basic Information . . . . . . . . . . . . . . . . . . . . 1-4
Step Three: Develop a Plan to Isolate the Problem . . . . . . . . . 1-5
Step Four: Execute the Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Step Five: Ensure User Satisfaction . . . . . . . . . . . . . . . . . . . . . 1-7
Step Six: Document the Solution . . . . . . . . . . . . . . . . . . . . . . . 1-7
Objective 2 Prepare for Network Problem Recurrence . . . . . . . . . . . . . . . . 1-8
Objective 3 Document Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
The Components of the Network . . . . . . . . . . . . . . . . . . . . . . . 1-9
The History of the Network . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Resources Used with the Network . . . . . . . . . . . . . . . . . . . . . 1-13
Exercise 1-1 Identify the Basic Principles of Network
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Exercise Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
TOC-iv This document should only be used by a Novell-certified instructor. Version 1

SECTION 2 Use Documentation and Research Tools for Support
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Objective 1 Identify Support Information on the Novell Web Site. . . . . . . 2-2
Identify Online Novell Support Information and Services . . . 2-3
Objective 2 Use Novell Support Links to Troubleshoot Problems . . . . . . . 2-6
Exercise 2-1 Use Novell Support Links . . . . . . . . . . . . . . . . . . . 2-7
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
MODULE 2 Optimize and Manage the Network
SECTION 3 Understand and Manage Client Access on a NetWare 6

Network
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Objective 1 Use the Novell Client to Manage and Troubleshoot User
Connectivity Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
How to Access the Novell Client Software and Options . . . . . 3-4
Common Novell Client Options Used to
Manage and Troubleshoot Connectivity . . . . . . . . . . . . . . . . . 3-5
Objective 2 Identify Client Access Guidelines and
Components for NetWare Networks . . . . . . . . . . . . . . . . . . . 3-17
Guidelines for Providing Client Access . . . . . . . . . . . . . . . . . 3-17
Components of Client Access . . . . . . . . . . . . . . . . . . . . . . . . 3-18
TOC-v This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Update Novell Client Software. . . . . . . . . . . . . . . . . . . . . . . . 3-29

Task 1: Create a Directory on the Server . . . . . . . . . . . . . . . . 3-31
Task 2: Copy Novell Client Files to the Directory . . . . . . . . 3-32
Task 3: (Optional) Modify the ACU Configuration File . . . . 3-32
Task 4: (Optional) Update the Platform-Specific
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35
Task 5: Modify the Container Login Script . . . . . . . . . . . . . . 3-35
Exercise 3-1 Use ACU.EXE to Perform a Network
Upgrade of the Novell Client for Windows NT/2000/XP . . . . 3-38
Exercise 3-2 Install the NetWare Support Pack . . . . . . . . . . . . 3-45
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46
SECTION 4 Build a TCP/IP Network Using NetWare 6
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Objective 1 Identify NetWare 6 TCP/IP Components. . . . . . . . . . . . . . . . . 4-2
Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . 4-3
Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . 4-3
Domain Name System (DNS) . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Dynamic DNS (DDNS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Service Location Protocol (SLP) . . . . . . . . . . . . . . . . . . . . . . . 4-5
TCP/IP Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Objective 2 Identify How DHCP Services Work . . . . . . . . . . . . . . . . . . . . 4-6
Client Addressing on a TCP/IP Network . . . . . . . . . . . . . . . . . 4-6
What DHCP Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
How DHCP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
How NetWare 6 Implements DHCP . . . . . . . . . . . . . . . . . . . 4-10
Objective 3 Configure DHCP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
DHCP Configuration Essentials . . . . . . . . . . . . . . . . . . . . . . 4-13
DHCP Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Exercise 4-1 Configure NetWare 6 to use DHCP Services . . . 4-16
TOC-vi This document should only be used by a Novell-certified instructor. Version 1

Objective 4 Create a Private Network Using NAT . . . . . . . . . . . . . . . . . . 4-22

What NAT Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Public and Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
How NAT Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
NAT Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Exercise 4-2 Creating a Private Network with NAT . . . . . . . . 4-35
Objective 5 Identify How DNS Services Work . . . . . . . . . . . . . . . . . . . . . 4-40
What DNS Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
How DNS Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
How NetWare 6 Implements DNS . . . . . . . . . . . . . . . . . . . . 4-47
Objective 6 Configure DNS Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
Exercise 4-3 Configure DNS Services on Your
NetWare Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
Objective 7 Configure Dynamic DNS Services . . . . . . . . . . . . . . . . . . . . . 4-63
The Purpose of DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
How Novell DNS/DHCP Services Implement DDNS . . . . . 4-64
Two DDNS Configuration Options . . . . . . . . . . . . . . . . . . . . 4-65
Exercise 4-4 Configure Dynamic DNS. . . . . . . . . . . . . . . . . . . 4-65
Objective 8 Configure SLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
What SLP Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
SLP Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73
How SLP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
Configure SLP on NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . 4-76
Exercise 4-5 Configure SLP on NetWare 6 . . . . . . . . . . . . . . . 4-83
Objective 9 (Self Study) Migrate from IPX to IP . . . . . . . . . . . . . . . . . . . 4-86
How the CMD Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87
How to Configure the CMD on Servers and Clients . . . . . . . 4-90
How to Configure the CMD to Provide Migration
Agent and Backbone Support . . . . . . . . . . . . . . . . . . . . . . . . 4-95
IPX-to-IP Migration Strategies . . . . . . . . . . . . . . . . . . . . . . 4-103
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
TOC-vii This document should only be used by a Novell-certified instructor. Version 1

SECTION 5 Manage and Optimize NetWare 6 Servers
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Objective 1 Identify NetWare 6 Server Management Utilities . . . . . . . . . . 5-2
Objective 2 Use NetWare Remote Manager . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Remote Manager System Requirements . . . . . . . . . . . . . . . . . 5-3
How to Access Remote Manager . . . . . . . . . . . . . . . . . . . . . . . 5-4
The Basic Functions Available in Remote Manager . . . . . . . . 5-5
Exercise 5-1 Explore Remote Manager
Administration Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Objective 3 Identify Adjustable NetWare 6 Resources . . . . . . . . . . . . . . . 5-12
How NetWare 6 Self-Tunes . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
NetWare 6 Adjustable Resources . . . . . . . . . . . . . . . . . . . . . 5-14
Objective 4 Manage and Optimize LAN Communications . . . . . . . . . . . . 5-16
Packet Receive Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Service Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18
Exercise 5-2 Manage and Optimize LAN
Communication Using Remote Manager . . . . . . . . . . . . . . . . . 5-19
Objective 5 Manage and Optimize the Disk and
Traditional File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Volume Block Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Volume Block Suballocation . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24
Exercise 5-3 Manage and Optimize Disk and
File Systems Using Remote Manager. . . . . . . . . . . . . . . . . . . . 5-25
TOC-viii This document should only be used by a Novell-certified instructor. Version 1

Objective 6 Manage and Optimize the Memory Subsystem . . . . . . . . . . . 5-27

How NetWare 6 Allocates Memory . . . . . . . . . . . . . . . . . . . 5-27
Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31
Exercise 5-4 Managing Virtual Memory . . . . . . . . . . . . . . . . . 5-36
Protected Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39
Exercise 5-5 Managing Protected Address Spaces. . . . . . . . . . 5-44
Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-46
Exercise 5-6 Tune File Cache . . . . . . . . . . . . . . . . . . . . . . . . . . 5-51
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-53
MODULE 3 Manage Security
SECTION 6 Implement External Security Measures
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Internal Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
External Security Measures Using a Firewall . . . . . . . . . . . . . 6-3
Objective 1 Describe Public Key Cryptography . . . . . . . . . . . . . . . . . . . . . 6-9
The Components of Public Key Cryptography . . . . . . . . . . . . 6-9
How to Acquire Certificates . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Objective 2 Identify How Public Key Cryptography Works. . . . . . . . . . . 6-18
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Encryption and Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Exercise 6-1 Test Your Understanding. . . . . . . . . . . . . . . . . . . 6-22
TOC-ix This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Use Novell Certificate Server to Implement Public Key

Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
What Novell Certificate Server Does . . . . . . . . . . . . . . . . . . 6-25
How Certificate Server Works . . . . . . . . . . . . . . . . . . . . . . . . 6-26
How to Set Up Novell Certificate Server . . . . . . . . . . . . . . . 6-37
Exercise 6-2 Acquiring a Trusted Root Certificate. . . . . . . . . . 6-44
How to Issue, Import, and Export Certificates
with Novell Certificate Server . . . . . . . . . . . . . . . . . . . . . . . . 6-48
Exercise 6-3 Using Novell Certificates to Secure Email . . . . . 6-54
Objective 4 (Self Study) Defend the Network Against Hacking
and Denial of Service (DoS) Attacks . . . . . . . . . . . . . . . . . . 6-60
Identify NetWare Hacking Vulnerabilities . . . . . . . . . . . . . . 6-60
Describe the Methods to Prevent Hacking . . . . . . . . . . . . . . . 6-62
Defend Against Denial of Services (DoS) . . . . . . . . . . . . . . . 6-65
Describe the Methods to Prevent DoS Attacks . . . . . . . . . . . 6-69
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-76
MODULE 4 Maintain and Manage eDirectory
SECTION 7 Optimize eDirectory Performance
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Objective 1 Define eDirectory Replication and Synchronization . . . . . . . . 7-1
Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Why You Should Partition and Replicate Your Tree . . . . . . . 7-7
Replica Ring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Synchronizing eDirectory Changes . . . . . . . . . . . . . . . . . . . . . 7-9
Understand Partition and Replication Rules . . . . . . . . . . . . . 7-12
Exercise 7-1 Describe eDirectory Partitions and Replicas . . . . 7-16
TOC-x This document should only be used by a Novell-certified instructor. Version 1

Objective 2 Identify Basic eDirectory Administrative Procedures . . . . . . 7-20

Partition and Replicate eDirectory . . . . . . . . . . . . . . . . . . . . . 7-20
Exercise 7-2 Review Partition and Replica
Design Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-38
Back Up eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-39
Manage Volume SYS Disk Space . . . . . . . . . . . . . . . . . . . . . 7-39
Prepare a Server for Downtime . . . . . . . . . . . . . . . . . . . . . . . 7-40
Identify eDirectory Database Inconsistencies . . . . . . . . . . . . 7-41
Objective 3 Design and Implement a Time Synchronization Strategy . . . 7-44
Why Time Is Synchronized on the Network . . . . . . . . . . . . . 7-44
How to Create a Time Synchronization Strategy . . . . . . . . . 7-45
How to Design a Time Synchronization Strategy . . . . . . . . . 7-52
Exercise 7-4 Review Time Synchronization Guidelines . . . . . 7-58
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-60
SECTION 8 Use iMonitor to Manage and Maintain eDirectory
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Objective 1 Identify What iMonitor Is and How to Use It . . . . . . . . . . . . . 8-2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
How to Access iMonitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Navigation Frame Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Assistant Frame Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
How to Customize the iMonitor Configuration . . . . . . . . . . . 8-10
Objective 2 Use iMonitor to Diagnose and Repair
eDirectory Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Agent Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Agent Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Agent Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
Trace Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
TOC-xi This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Repair eDirectory Using iMonitor . . . . . . . . . . . . . . . . . . . . . 8-26

Repair Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27
Advanced Repair Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28
Schedule Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
Exercise 8-1 Perform a Health Check Using iMonitor. . . . . . . 8-30
Objective 4 Maintain and Optimize eDirectory Using Cache Options . . . 8-33
What Block and Entry Caches Are in eDirectory 8.6 . . . . . . 8-34
How to Distribute Memory between Block a
nd Entry Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
How to Use the Default Cache Settings . . . . . . . . . . . . . . . . . 8-36
How to Configure Cache Limits Using iMonitor . . . . . . . . . 8-38
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40
SECTION 9 Manage eDirectory Upgrades, Resource Redirections,

and Schema Extensions
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Objective 1 Prepare for Upgrading to eDirectory 8.6 . . . . . . . . . . . . . . . . . 9-1
Apply the Latest Support Packs . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Update the eDirectory Schema . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Install or Upgrade Novell Certificate Server . . . . . . . . . . . . . . 9-2
Perform an eDirectory Health Check . . . . . . . . . . . . . . . . . . . . 9-5
Exercise 9-1 Verify that eDirectory is Functioning
Properly after an Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9
TOC-xii This document should only be used by a Novell-certified instructor. Version 1

Objective 2 Use the eDirectory Import/Export Wizard to

Manage LDIF Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
LDAP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
About LDIF Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
About ICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15
How to Use eDirectory Import/Export Wizard . . . . . . . . . . . 9-16
How to Use the LDAP Bulk
Update/Replication Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Exercise 9-2 Use the Import/Export Wizard to
Import an LDIF File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23
Objective 3 Redirect Resources in the Tree . . . . . . . . . . . . . . . . . . . . . . . . 9-26
When to Move an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27
When to Create an Alias Object . . . . . . . . . . . . . . . . . . . . . . . 9-28
Exercise 9-3 Redirect Resources in the Tree . . . . . . . . . . . . . . 9-29
Objective 4 Extend the eDirectory Schema . . . . . . . . . . . . . . . . . . . . . . . . 9-30
What the Schema Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-30
What the Schema Manager Is . . . . . . . . . . . . . . . . . . . . . . . . 9-31
How to View the Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32
How to Extend the Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32
Exercise 9-4 Use Schema Manager to
Extend the eDirectory Schema . . . . . . . . . . . . . . . . . . . . . . . . . 9-36
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-38
TOC-xiii This document should only be used by a Novell-certified instructor. Version 1

MODULE 5 Implement Novell Licensing Services
SECTION 10 Identify the Fundamentals of Novell Licensing Services
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Objective 1 Identify How Server and User Licensing Works . . . . . . . . . . 10-2
Server and User Licensing Models . . . . . . . . . . . . . . . . . . . . 10-2
UAL Coexisting with SCL . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
How the Licensing Models Differ . . . . . . . . . . . . . . . . . . . . . 10-8
License Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Objective 2 Identify Key NLS Components . . . . . . . . . . . . . . . . . . . . . . 10-10
License Service Provider (LSP) . . . . . . . . . . . . . . . . . . . . . . 10-10
NLS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
eDirectory Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12
License Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Activation Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18
Unlicensed Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Objective 3 Manage License Certificates in the eDirectory Tree . . . . . . 10-19
The License Container Object . . . . . . . . . . . . . . . . . . . . . . . 10-20
The License Certificate Object . . . . . . . . . . . . . . . . . . . . . . 10-22
Objective 4 Install NLS Certificates and View NetWare Usage . . . . . . . 10-23
Guidelines for Installing License Certificates . . . . . . . . . . . 10-24
License Certificates and Envelopes . . . . . . . . . . . . . . . . . . . 10-25
How to Install License Certificates . . . . . . . . . . . . . . . . . . . 10-25
How to Use the NetWare Usage Tool . . . . . . . . . . . . . . . . . 10-27
Exercise 10-1 Install a User License and
View Network Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33
TOC-xiv This document should only be used by a Novell-certified instructor. Version 1

MODULE 6 Set Up and Manage Network Storage
SECTION 11 Set Up and Configure File Storage and Access

Options in NetWare 6
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Objective 1 Set Up and Configure NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Convert a Traditional Volume to an NSS Volume . . . . . . . . 11-2
Configure User Space Restrictions . . . . . . . . . . . . . . . . . . . . 11-6
Configure Directory Space Restrictions . . . . . . . . . . . . . . . . 11-8
Set Cache Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8
Set Up File Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10
Enable Transaction Tracking System (TTS)
on Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
Exercise 11-1 Test Set Up and Configuration for
Digital Airlines Web Files on an NSS Volume . . . . . . . . . . . 11-11
Objective 2 Monitor, Manage, and Rebuild NSS Storage Space . . . . . . 11-23
View the Status of NSS Volumes . . . . . . . . . . . . . . . . . . . . 11-23
Mount or Dismount NSS Logical Volumes . . . . . . . . . . . . . 11-25
Activate or Deactivate NSS Pools and Logical Volumes . . 11-25
Delete NSS Pools and Logical Volumes . . . . . . . . . . . . . . . 11-27
Restore or Purge Deleted NSS Logical Volumes . . . . . . . . 11-27
Increase the Size of an NSS Pool . . . . . . . . . . . . . . . . . . . . . 11-30
Verify and Rebuild NSS Pools . . . . . . . . . . . . . . . . . . . . . . 11-31
Exercise 11-2 Test NSS Management Tasks
on the WEBMEDIA Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
TOC-xv This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Set Up User Access to the Server File System . . . . . . . . . . 11-40

Perform iFolder Management Tasks . . . . . . . . . . . . . . . . . . 11-40
Exercise 11-3 Manage an iFolder User Account . . . . . . . . . . 11-48
Install and Configure NFAP . . . . . . . . . . . . . . . . . . . . . . . . 11-52
Exercise 11-4 Install and Configure NFAP . . . . . . . . . . . . . . 11-63
Install and Configure NetStorage . . . . . . . . . . . . . . . . . . . . . 11-68
Exercise 11-5 Install and Configure NetStorage . . . . . . . . . . 11-75
Install and Configure NetDrive . . . . . . . . . . . . . . . . . . . . . . 11-79
Exercise 11-6 Install and Configure NetDrive . . . . . . . . . . . . 11-87
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-89
SECTION 12 Perform Backup and Restore Tasks with NetWare 6

Backup Utilities
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Objective 1 Set Up SMS for SBCON and NWBACK32 . . . . . . . . . . . . . 12-2
The Components of SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Data Sets and SMS Services . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
How to Set Up and Start SBCON and NWBACK32 . . . . . . 12-9
SMS Log and Error Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17
Exercise 12-1 Set Up SMS to Use SBCON and
NWBACK32. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-19
Objective 2 Back Up Data with SBCON and NWBACK32 . . . . . . . . . . 12-25
How to Back Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26
How to Verify Backed Up Data . . . . . . . . . . . . . . . . . . . . . . 12-31
Guidelines for Backing Up Data with SMS Services . . . . . 12-33
Exercise 12-2 Back Up Directory, Volume, and
eDirectory Data for Your Digital Airlines Office. . . . . . . . . . 12-39
TOC-xvi This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Restore Data with SBCON and NWBACK32 . . . . . . . . . . . 12-48

Restoring Data with SMS Services . . . . . . . . . . . . . . . . . . . 12-48
How to Restore Backed Up Data Using SBCON . . . . . . . . 12-50
How to Restore Backed Up Data Using NWBACK32 . . . . 12-53
Exercise 12-3 Restore Workstation Files and
an eDirectory Container Using SBCON . . . . . . . . . . . . . . . . . 12-54
Objective 4 Identify eDirectory Recovery Procedures . . . . . . . . . . . . . . 12-59
General Recovery Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-59
Loss of a Volume Other Than SYS . . . . . . . . . . . . . . . . . . . 12-60
Loss of Volume SYS or an Entire Server . . . . . . . . . . . . . . 12-60
Loss of the Entire eDirectory Tree . . . . . . . . . . . . . . . . . . . . 12-62
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-63
MODULE 7 Implement Internet Services
SECTION 13 Manage Novell Web Services
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Objective 1 Identify the Purpose of Novell Web Services . . . . . . . . . . . . 13-2
The Purpose of Each Novell Web Services Component . . . . 13-2
How Novell Web Service Components Support
Novell Net Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
Objective 2 Install, Configure, and Manage Enterprise Web Server . . . . 13-5
How to Install Enterprise Web Server . . . . . . . . . . . . . . . . . . 13-6
The Role of Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7
How to Access Web Manager . . . . . . . . . . . . . . . . . . . . . . . . 13-8
How to Configure Enterprise Web Server with
Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-10
Exercise 13-1 Install and Configure Enterprise
Web Server to Access the Digital Airlines Web Site . . . . . . . 13-14
TOC-xvii This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Install and Configure NetWare FTP Server . . . . . . . . . . . . . 13-22

How to Install FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 13-22
How to Configure and Use FTP Server . . . . . . . . . . . . . . . . 13-23
Exercise 13-2 Install and Configure FTP Server to
Access Your Web Site Files . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-39
MODULE 8 Upgrade NetWare Servers to NetWare 6
SECTION 14 Plan for a NetWare 6 Upgrade or Migration
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Objective 1 Review NetWare 6 Operating System Requirements . . . . . . 14-2
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Required eDirectory Rights . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3
Objective 2 Upgrade Network and Server Hardware . . . . . . . . . . . . . . . . 14-4
Objective 3 Prepare the Network for the Migration or Upgrade . . . . . . . . 14-5
Back Up eDirectory and the File System . . . . . . . . . . . . . . . . 14-5
Prepare the Network for NetWare 6 with Deployment
Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
Objective 4 Create an Upgrade or Migration Plan . . . . . . . . . . . . . . . . . . . 14-9
Determine a Server Strategy . . . . . . . . . . . . . . . . . . . . . . . . . 14-9
Determine an eDirectory Strategy . . . . . . . . . . . . . . . . . . . . 14-12
Create a Flow of Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17
Assign Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . 14-17
Exercise 14-1 Creating a NetWare 6 Upgrade Plan . . . . . . . . 14-18
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
Exercise Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
TOC-xviii This document should only be used by a Novell-certified instructor. Version 1

SECTION 15 Upgrade or Migrate to NetWare 6
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Objective 1 Perform an In-Place Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Objective 2 Perform a Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6
Prepare the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Prepare the Source Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8
Prepare the Destination Server . . . . . . . . . . . . . . . . . . . . . . . . 15-9
Run the Migration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11
Copy Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16
Edit Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21
Begin the eDirectory Migration . . . . . . . . . . . . . . . . . . . . . . 15-24
Finish eDirectory Migration . . . . . . . . . . . . . . . . . . . . . . . . 15-30
Objective 3 Perform Post-Migration or Post-Upgrade Tasks . . . . . . . . . 15-32
Run the Backlinker Process . . . . . . . . . . . . . . . . . . . . . . . . . 15-32
Upgrade Existing NSS Volumes . . . . . . . . . . . . . . . . . . . . . 15-33
Perform Other Post-Installation Tasks . . . . . . . . . . . . . . . . . 15-34
Exercise 15-1 Upgrade to NetWare 6 . . . . . . . . . . . . . . . . . . . 15-35
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-44
SECTION 16 Add a NetWare 6 Server to the Tree
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
Objective 1 Prepare Your Existing Network . . . . . . . . . . . . . . . . . . . . . . . 16-2
Objective 2 Prepare Your Server for NetWare 6 . . . . . . . . . . . . . . . . . . . . 16-3
Install and Upgrade Computer and Network Hardware . . . . 16-3
Access the Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4
TOC-xix This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Install NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5

Accept the License Agreement . . . . . . . . . . . . . . . . . . . . . . . 16-6
Select the Installation Type . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8
Specify Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10
Select Regional Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-11
Select the Mouse Type and Video Mode . . . . . . . . . . . . . . . 16-12
Select a Platform Support Module and Storage Adapter . . . 16-13
Select a Storage Device and Network Board . . . . . . . . . . . . 16-16
Create a NetWare Partition and Volume SYS . . . . . . . . . . . 16-18
Name the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-21
Install the NetWare Server File System . . . . . . . . . . . . . . . . 16-21
Install Network Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . 16-24
Set Up DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-25
Set the Server Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . 16-25
Set Up eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-26
License the NetWare Server . . . . . . . . . . . . . . . . . . . . . . . . 16-27
Install Network Products . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-27
Install Novell Certificate Server . . . . . . . . . . . . . . . . . . . . . 16-28
Customize the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 16-29
Complete the Server Installation . . . . . . . . . . . . . . . . . . . . . 16-29
Exercise 16-1 Install and Configure NetWare 6 . . . . . . . . . . . 16-29
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-34
TOC-xx This document should only be used by a Novell-certified instructor. Version 1

MODULE 4
Maintain and Manage eDirectory
Section 7 Optimize eDirectory Performance
Section 8 Use iMonitor to Manage and Maintain eDirectory
Section 9 Manage eDirectory Upgrades, Resource Redirections, and

Schema Extensions
Novell Network Management / Instructor Guide Optimize eDirectory Performance
SECTION 7 Optimize eDirectory Performance
Duration: 1 hour In this section you learn how to optimize eDirectory performance
using partitions and replicas. You also learn how eDirectory
manages changes to objects within the tree.
Objectives
1. Define eDirectory Replication and Synchronization
2. Identify Basic eDirectory Administrative Procedures
3. Design and Implement a Time Synchronization Strategy
Objective 1 Define eDirectory Replication and

Synchronization
eDirectory health depends on the basic concepts of replication and
synchronization.
Replication is the process of logically dividing the eDirectory

database and distributing that information to other servers. This
division enables users on those servers faster access to the
information they most readily use.
Synchronization is the process of updating the replicated

information as changes are made to eDirectory.
In NetWare 6, servers are queried to find out if they are

synchronized. If a server is out of synchronization, an update is
sent. If the server is synchronized, there is no need to send the
update.
7-1 This document should only be used by a Novell-certified instructor. Version 1

To understand replication and synchronization, you must understand

the following concepts regarding the eDirectory database:
■ Partitioning
■ Replication
■ Why You Should Partition and Replicate Your Tree
■ Replica Ring
■ Synchronizing eDirectory Changes
■ Understand Partition and Replication Rules
Partitioning
Tell students that in previous Partitioning is the process of dividing the eDirectory database. You
versions of the Directory, the can divide the eDirectory database into logical units that can be
standard for partitions was no distributed among multiple servers.
more than 3500 objects.
A large eDirectory tree can contain information on millions of
objects. If you were to have a single server at a remote site, you
wouldn’t want users to cross a WAN link just to print to an NDPS
printer across the hall.
Also, if your eDirectory information is stored on one server, and

that server is inaccessible, your eDirectory objects would be
inaccessible as well.
Distributing these partitions over multiple servers prevents a single

server from being overloaded with eDirectory object requests.
Partitions only contain eDirectory information. They do not include

information on the file system, directories, or files.

The following illustrates a partitioned tree.
Figure 7-1 (slide) O=Novell

Root
Partition Root
Parent
OU=Engineering OU=Marketing
Child
OU=Dev OU=Test OU=Utils OU=TX
The name of the partition root object is also the name of the
partition.
The 6 partitions in this diagram have the following names: Novell,

Engineering, Dev, Test, Marketing, and Utils. The top or root
partition of the tree can be called either Novell or Root.
When a partition is subordinate to another in the eDirectory tree, it

is referred to as a child partition. The partition above it is referred to
as the parent partition.
In this example, point out that Therefore, engineering.novell is a parent partition and
Novell is a parent partition and that dev.engineering.novell and test.engineering.novell are child
Engineering is a child. partitions.
Although the figure shows the eDirectory tree divided into 6

partitions, users browsing the tree see it as a single entity.

Use the following to determine boundaries and the use of root

objects:
■ Partitioning occurs around container objects.
■ An eDirectory object can exist in only one partition.
■ A partition can include more than one container but cannot
overlap another partition.
For example, if Marketing and TX are in one partition, you
could not create a partition containing Marketing and Utils
because Marketing overlaps a boundary.
■ All subordinate objects in a container are in the same partition
as the container unless they start another partition.
■ Each partition must have one partition root object. You cannot
have 2 containers on the same top-most level in the same
partition.
Replication
A single instance of a partition is called a replica. When you create

a partition the first replica is called the master replica. A partition
can have only one master replica.
A server can contain many replicas, but the server can contain only
one replica of each partition.
Distributing replicas on multiple servers is called replication.
Replicating eDirectory partitions over multiple servers provides

fault tolerance and accessibility. For example, if a server goes down,
a user can log in to eDirectory and use the unaffected resources.
Each replica stores the following information:

■ The replica server name
■ The replica server type

■ The server’s network address

■ A list of pointers that identifies all replicas of that partition
(used for updating information throughout the partition)
When you update eDirectory information, that information is

replicated throughout your network.
Following are replica types and their capabilities for information

update and distribution:
■ Master Replica. The master replica is the only replica from
which partition operations such as creating, modifying, or
deleting a replica can be done.
A master replica is also used to perform object-related changes.
As a result, the master replica must be available on the network
for eDirectory to perform such operations.
The master replica should be on the server where users accessing

the replica information is in the highest demand.
■ Read/Write Replica. A read/write replica is a complete copy
of a partition. A read/write replica can be used to perform
object related changes such as creating, modifying, and deleting
objects.
Read/write replicas pass all partition-related changes such as
splitting a partition, moving a partition, or merging partitions, to
the master replica.
Unlike master replicas, you can create multiple read/write
replicas of a partition. These replicas can then be stored on
servers to add fault tolerance.
If you need to bring down a server containing the master replica
for longer than a day, you can promote a read/write replica to be
a master.
The original master replica becomes a read/write replica when
the server is brought back up.

■ Read-Only Replica. A read-only replica is a complete copy of

a partition. Any change request to this replica is forwarded to
the master or read/write replicas.
Again, like a read/write replica, you can have multiple
read-only replicas of a partition. This type of replica is usually
created to increase the fault tolerance of eDirectory by
providing redundancy.
A read-only replica can increase traffic and doesn’t have to be
used.
■ Subordinate Reference Replica. A subordinate reference
replica is a system-generated replica that contains the partition
root object and pointers to the parent replica.
❑ Subordinate reference replicas show up on any server
where the parent partition is stored. They link the parent
partition to child partitions. Subordinate reference replicas
only link one level down.
❑ Subordinate reference replicas do not exist if a replica
representing a child partition exists on the server. If the
child partition is a read/write replica, no subordinate
reference is created.
❑ When servers contain replicas of child partitions, they do
not require a replica of the parent partition to reside on the
server.
■ Filtered Replica. A filtered replica consists of a subset of
information from an entire partition.
It includes only the filtered set of objects (such as user objects)
or object classes (such as containers) and a filtered set of
attributes and values for those objects.
For example, you can create a set of filtered replicas on a single
server that contain only user objects from various partitions in
the eDirectory tree.
You can then include only a subset of the user objects’ data,
such as Given Name, Surname, and Telephone Number.

Filtered replicas allow an administrator to create the following:

❑ Sparse Replica. Contains only the object classes you
specify.
❑ Fractional Replica. Contains only the object attributes you
specify.
Filtered replicas allow more replicas to be stored on a single
server. Because filtered replicas only contain a subset of a
partition, they enable fast response when the data stored in
eDirectory is procured by applications.
ConsoleOne includes a utility, the Filtered Replica
Configuration wizard, to help you to set up a server’s
replication filter and partition scope.
A partition scope is the set of partitions you want replicated on
a server.
Why You Should Partition and Replicate Your Tree
Partitioning and replicating your tree provides the following:

■ Fault Tolerance. The primary goal of partitioning and
replication is to eliminate the single point of failure for a
network’s data and resources.
■ Access to eDirectory Information. Partitioning and replicating
improves network response time and reduces network traffic
because you can place data and resources near the users that
need them.
■ Scalability. eDirectory provides several scalability benefits:
❑ It provides access to a tree or partition as if the tree was on
one server, even though components are on more than one.
❑ It lets you divide eDirectory into partitions that you can
maintain and manage independently.
❑ It allows your network to grow to a large size without
having all information on one server.

■ Name Resolution or Tree Walking. eDirectory uses name

resolution (or tree walking) to locate the server containing the
requested information.
■ Network Synchronization Performance. Ideally, you should
divide the network into manageable partitions so
synchronization can occur in 30 to 60 minutes.
■ Network Manageability. eDirectory lets you manage all
partitions from a central location, simplifying network
management.
Replica Ring
A replica ring (or replica list) contains a list of servers that hold a
copy or replica of a partition.
For example, in the following the servers holding a replica of

Partition 1 are servers A, B, and C.
Figure 7-2 (slide)
Partition 1 Partition 1 Partition 1

(Master) (Copy) (Copy)
Master Read/Write Read/Write
Server A Server B Server C
Changes made to objects within a partition are sent to all other

replicas of that partition using the replica ring of the partition root
object.

You can view a replica ring for each partition in ConsoleOne and
iMonitor. The replica ring includes
■ A list of each server containing the replica
■ The type of replica
■ The replica’s current state
All replicas, including subordinate references, contain a copy of the

replica ring.
Synchronizing eDirectory Changes
Synchronizing changes is how eDirectory maintains data integrity,

ensuring that information is identical across all partitions.
The eDirectory database requires time to be replicated and

synchronized when major network changes occur.
The amount of time required for a change to replicate and

synchronize depends on the type of change, the size of the partition,
and the number of servers the partition is replicated on.
Each partition root object holds a replica attribute, which lists the
servers in the replica ring. When changes are made to objects within
a partition, they are sent to other replicas of that partition using the
replica ring.
When changes are made to an object, only the changes are sent to
other replicas, not the entire object. For example, if a user changes a
phone number, only the new phone number is sent.
During synchronization, replicas exchange updates. If a replica does

not have changes to share with other replicas, changes can pass
through from one replica to another.

The following shows an example of the synchronization process:
Figure 7-3 (slide)

Replica Ring

1
2 Server A 3 Server B 4 Server C
The process is as follows:

1. Changes are made to the master replica.
2. Server A (the master replica) passes the phone number change to
Server B (read-only replica).
3. Server B doesn’t have changes, so it passes server A’s change to
server C (a read/write replica). If server B has changes, it passes
its own changes, along with server A’s changes, to server C.
4. Server C passes its changes back to server A.
x Changes are passed through all types of replicas, except subordinate and
filtered replicas, which share their changes but do not pass changes.
eDirectory synchronizes using loose consistency. When changes

occur, not all replicas of a partition contain the same information at
every instance.

Contents of replicas vary slightly at any given time. However,

eDirectory guarantees that these replicas will eventually converge to
a consistent state after the changes are distributed to all replicas.
The schema defines object synchronization, depending on the type

of object.
Depending on the attribute object, synchronization might be

initialized within 10 seconds, after 5 minutes, or when another
object initiates synchronization. When synchronization is initiated,
all changes are synchronized.
The amount of time required for a change to be replicated and

synchronized depends on the type of change, the size of the
partition, and the number of servers the partition is replicated on.
eDirectory changes fall into one of the following categories:

■ Simple Changes. A change that affects only a single user
object takes relatively little time to be replicated and
synchronized.
For example, when you change a user’s phone number, the
change is sent only to the servers containing a replica that
includes this user object.
Creating a partition takes very little time. When you create a
partition, the eDirectory tree uses partition attributes to draw the
new partition boundary.
The information contained in the new partition is already on the
servers because the eDirectory objects are replicated across the
network before the partition is created.
■ Complex Changes. Complex changes involve eDirectory
forcing the servers to replicate some portion of the eDirectory
database (which would typically involve more than a single
property or object).

Complex changes take more time. For example, to join 2

partitions that exist on 2 different servers, eDirectory performs
the following tasks:
1. Determines where all replicas of each partition exist.
2. Enables servers to replicate the data of both partitions to the
servers.
3. Completes the join and the servers have the composite
information of both partitions.
Each server that has a piece of the original partitions receives a
replica of each partition before the join is performed.
Therefore, the more complex the change, the more time it takes
for servers to replicate the changes.
Understand Partition and Replication Rules
When you install or remove servers, default partitioning and

replicating rules apply.
The following default partitioning and replicating rules apply when

a single partition exists:
■ When eDirectory is installed, the tree root is created on the first
server. In this example, tree root is named Partition 1:
Figure 7-4 (slide)

Replica Ring
No Replica
Server A Server B Server C Server D Server E

Server A in this figure represents the first installed server. The

master replica of Partition 1 is placed on this server. The first
server does not receive special rights or considerations even
though it holds a master replica.
■ When you install an additional server into an existing
eDirectory tree, the server is placed in the existing partition.
For example, when servers B and C are installed, eDirectory
places a read/write replica of Partition 1 on those servers.
■ For fault tolerance, eDirectory prefers to have a master replica
and 2 additional full-copy replicas distributed on the network.
For example, when a server is installed eDirectory determines if
enough replicas have been created. If the network doesn’t have
a master replica and 2 full-copy replicas, eDirectory places a
read/write replica on the new server.
■ eDirectory places replicas on a server based on the fault
tolerance rule, and not server installation.
For example, suppose a partition has a master replica on server
A and read/write replicas on servers B and C, as shown in the
following:
Figure 7-5 (slide) Partition 1 Partition 1 Partition 1 Partition 1

(Master) (Copy) (Copy) (Copy)
Replica
Removed
Master Read/Write Read/Write No Replica Read/Write
Server A Server B Server C Server D Server E
When server D is installed, 3 replicas exist and therefore no

additional replicas are required.

If the network administrator removes server C from the network

and then adds another server, server E, eDirectory determines
that there aren’t enough replicas and places a read/write replica
on server E for fault tolerance.
The rules for default partitioning and replicating when more
than one partition exists is similar to a single partition with the
additional use of subordinate references.
■ If eDirectory needs to place a replica for fault tolerance on a
server, and that server contains a replica of a parent partition,
then a subordinate reference replica is used.
The following is an example of an eDirectory tree with multiple
partitions.
Figure 7-6 (slide) JKL-TREE

1
Master (M)
Read-Write (R/W)
O=JKL
Subordinate
Reference (SR)
OU=Administrative
2 2
OU=Services OU=Accounting OU=Travel OU=Purchasing OU=Production
S2 S1 S4 S5 S3
3 5 6 4
Services JKL-TREE JKL-TREE JKL-TREE Production
Services Services Production
Production Production Services

Here’s an explanation:
1. JKL-Tree was created during the first server installation, S1. This
installation also creates the tree root partition called JKL-Tree.
2. Two additional partitions were created: the Services partition,
and the Production partition. The master replicas for these
partitions reside on server S1.
3. Server S2 is installed in the Services partition. eDirectory creates
a read/write replica of the Services partition and places it on this
server. This is the second replica of the Services partition.
4. Server S3 is installed in the Production partition. eDirectory
creates a read/write replica of the Production partition and places
it on this server. This is the second replica of the Production
partition.
5. Server S4 is installed in the JKL-Tree partition. eDirectory
creates a read/write replica of the JKL-Tree partition and places
it on this server. This is the second replica for the JKL-Tree
partition.
eDirectory also creates 2 subordinate references of the Services
and Production partitions and places them on server S4.
6. Server S5 is installed in the JKL-Tree partition. eDirectory
creates a read/write replica of the JKL-Tree partition and places
it on this server. This is the third replica for the JKL-Tree
partition.
eDirectory also creates 2 subordinate references of the Services
and Production partitions and places them on server S5.
If server S6 was installed into the JKL-Tree partition,
eDirectory would not create replicas. However, if S6 was
installed in either the Services or Production partition,
eDirectory would create a read/write replica.

Exercise 7-1 Describe eDirectory Partitions and Replicas
a 15 minutes Answer the following:

1. ______________________________ are the logical divisions of
eDirectory that enable the network administrator to divide the
database among multiple servers.
2. Identify the benefits of partitioning eDirectory.
3. Identify the type of replicas that can be used to perform partition

management:
a. Sparse replica
b. Fraction replica
c. Read/Write replica
d. Master replica
4. Depending on the type and extent of changes required in
eDirectory, changes can be divided into which types? (Choose2.)
a. Complex
b. Normal
c. Simple
d. Global
5. Identify the benefit of creating a filtered replica:

6. Identify the incorrectly drawn partition boundaries in the

following figure. Why are they incorrect? Redraw valid partition
boundaries.
Figure 7-7 (slide) ACME Tree
ACME
ENGR ACCT MKTG HR
R&D PROD ADMIN PYRL TRVL

7. List the name of each partition in the following:
Figure 7-8 (slide) AAA Corp Tree
AAA Corp
ACCT HR MKTG PROD
PYRL TRVL INBOUND OUTBOUND R&D ENGR
8. List each partition in the previous figure that is

a. A child but not a parent:

b. A child and a parent:
9. In the previous figure, where would the network administrator

place subordinate references?
10. Can you restore a complete partition from a subordinate

reference? Why?
11. What is the difference between a master replica and a read/write

replica?
12. How many replicas of each partition should you have?
(End of Exercise)

Objective 2 Identify Basic eDirectory Administrative

Procedures
In the following subsections you learn administrative procedures
you can use to help prevent eDirectory database inconsistencies.
eDirectory inconsistencies include dropped links to objects,

unknown objects, and general unavailability of a particular replica.
You need to be able to do the following:

■ Partition and Replicate eDirectory
■ Back Up eDirectory
■ Manage Volume SYS Disk Space
■ Prepare a Server for Downtime
■ Identify eDirectory Database Inconsistencies
Partition and Replicate eDirectory
To successfully partition and replicate eDirectory, you must do

following:
■ Consider Synchronization Factors Affecting Partitions and
Replicas
■ Determine Partition Boundaries
■ Determine Replica Placement
■ Learn to Use a Replica Table
■ Learn to Use Partition and Replica Operations

Consider Synchronization Factors Affecting Partitions and

Replicas
Under normal circumstances, your server should synchronize

replicas in 30 - 60 minutes. This means that changes on a server in a
replica ring are synchronized with data on other servers in the ring.
Many factors contribute to the time needed, including resources,

requirements, and needs. Usually a company has to balance the
factors affecting synchronization length with the time you’re willing
to wait for synchronization.
The following identifies factors affecting synchronization:
Table 7-1 Factors Comments
Number of objects in each The more objects in a partition, the longer

partition synchronization takes.
Number of replicas on the The more replicas on a server, the longer

server synchronization takes.
Size of each replica ring The more servers on a replica ring, the longer
synchronization takes.
Location of replicas in The more routers and number of WAN links

the replica ring between replicas, the longer synchronization
takes, particularly for remote sites.
Speed of the WAN links The slower the speed of WAN links, the
connecting the remote longer the synchronization and access times.
replicas
CPU speed of the replica The slower the CPU speed, the longer
server synchronization takes.
Cache size for the The smaller the cache size for the database,
database the longer synchronization takes.

Table 7-1 (continued) Factors Comments
Rate of change for objects The more frequent the changes to objects,
in each partition the longer synchronization takes.
Relationship requirements The more relationships that exist between

between objects objects, the longer synchronization takes.
Determine Partition Boundaries
To determine partition boundaries, consider the following:

■ Partitions Around Physical Layout
■ Partitions for Upper Layers of the Tree
■ Partitions for Lower Layers of the Tree
■ Partition Size and Number
Partitions Around Physical Layout
You can create partitions by designing for the network’s physical

layout. For example, if a company has 3 locations, you can create a
partition for each location. This allows local access to the network.

The following shows a partition boundary drawn around Loc1. If

you create a partition by area, you can replicate locally as well.
Figure 7-9 (slide)
Loc 1 Loc 2
R&D PROD ENGR MKTG HR
Partitions for Upper Layers of the Tree
When you design the partitions for the upper layers of the
eDirectory tree, keep the following in mind:
■ Design your eDirectory tree in a pyramid shape, with fewer
container objects in the upper layers and more container and
leaf objects in the lower layers.
To achieve a pyramid design, always create the partitions
relatively close to the leaf objects (particularly the users).
■ Design your partition structure with fewer partitions at the top
of the tree and more partitions as you move toward the bottom.

Such a design creates fewer subordinate references than a

structure that has more partitions at the top than at the bottom.
■ If your organization is contained in a single site, create your
upper-layer partitions to reflect the structure of your
organization.
■ Design upper-layer partitions around container boundaries that
represent locations or organizational structures.
Partitions for Lower Layers of the Tree
When designing partitions for the lower layers of the tree, keep the
following in mind:
■ Use organizational divisions, departments, and workgroups, and
their associated resources, to define lower-layer partitions.
■ Whenever possible, make sure all objects in each partition are
at a single location. This ensures that updates to eDirectory can
occur on local servers.
■ Lower layers are more likely to have frequent changes so, if
possible, partition lower layers locally.
Partition Size and Number
Partition size can significantly affect the synchronization and

responsiveness of the system. As you plan partitions, regulate the
size and number to address the following:
■ Rights. Consider managing rights when determining partition
size and number:
❑ It is easier to give rights to and administer individual
objects for a small organization in a flat structure.
Initially, it is time-consuming to give rights. However, it
makes synchronization easy because you only need to
worry about synchronizing one container in one partition.

❑ The opposite is true for a large organization: it is much

easier to give rights to and administer groups.
Depending on the size of the organization, you might have
several containers and several partitions to manage and
synchronize.
■ Synchronization Performance. Consider managing
synchronization performance when determining partition size
and number:
❑ Make your partitions small enough to meet your
organization’s synchronization requirements.
❑ If partitions are too large, create additional partitions.
❑ If objects aren’t grouped in containers, divide them into
separate containers so you can create other partitions in
response to growth.
When growth occurs and synchronization becomes
cumbersome, you can easily create partitions around
existing containers.
For example, suppose a large company has personnel
information and medical information in 1 container.
Because the company expects to grow, place the information in
2 containers to allow for partitioning in the future:
Figure 7-10 (slide)

One Container Two Containers
Partition Partition

■ Physical Limitations. Consider hardware and other limitations

when determining partition size and number.
If you have a large network, you need faster servers with a lot
of disk space and RAM. eDirectory 8.6 has changed partition
design guidelines in the following ways for pure eDirectory 8.6
trees:
❑ Trees can store an unlimited number of objects (load-tested
in a lab setting up to 1 billion objects).
❑ Partitions can contain up to 500,000 objects in most
situations (load tested in a lab with 10 million objects).
❑ Parent partitions can have as many as 150 child partitions
(load tested in a lab setting up to 150 child partitions).
❑ Although eDirectory 8.6 has increased the scalability of the
directory, you need to consider limitations, such as the
speed of WAN links, hardware restrictions, and network
management tools.
Communication speeds, data input/output speeds, disk size, and the

amount of RAM also limit the size and scalability of your directory.
Before implementing a lot of objects, make sure all tools you need
to run, manage, and repair the network can handle that number.
Determine Replica Placement
You must have enough replicas of a partition to facilitate fast access

to eDirectory and fault tolerance.
At the same time, too many replicas of a partition can cause

excessive eDirectory synchronization traffic on the network and
increase the risk of database inconsistencies.
Therefore, when deciding the number of replicas to maintain, you

must balance the requirements for redundancy against the need for
providing fast access.

Novell recommends that you have 3 replicas of every partition in a

tree (not including Subordinate Reference replicas).
In addition to deciding on the number of replicas to be created, you

should place these replicas strategically across your network.
Your replica placement strategy should allow the network to

efficiently
■ Meet Workgroup Needs
■ Create Fault Tolerance
■ Regulate the Number of Replicas
■ Replicate the Root Partition
■ Set Up Name Resolution
■ Replicate for Administration

Meet Workgroup Needs
To meet workgroup needs, follow these design guidelines:

■ Place replicas of each partition on servers that are physically
close to the workgroup that uses the information in that
partition.
■ Consider network topology when placing replicas on the
network. Specifically, consider the following:
❑ Where to place the replica
❑ How many objects are in the replica
❑ How static the data is in the replica
❑ How users access objects
The advantages of placing replicas strategically are
increased performance, fault tolerance, and query
responsiveness.
■ Place a read/write or master replica containing the user’s
context on a server physically near them. This allows faster
login authentication and access to network resources by
minimizing network traffic.
■ If users on one side of a WAN link often access a partition
stored on a server on the other side of the link, place a
read/write or master replica on a server located on the same side
of the WAN link as the group of users.
This means a replica is stored on servers on both sides of the
link, allowing local access.
■ Place replicas in the locations that have the highest
concentration of users, groups, and services.

Create Fault Tolerance
To create fault tolerance, consider these design guidelines as you

place replicas:
■ Plan for 3 or more strategically placed replicas of each
partition. Depending on network topology or performance, you
might need more.
■ Do not depend on a subordinate reference for fault tolerance. A
subordinate reference is a pointer and does not contain objects
other than the partition root object. It contains no leaf objects.
■ If your network encompasses multiple locations, store at least 1
replica off-site. You might need to set up more locations
because of an organization’s disaster recovery plan.
After the loss of a server or location, use master, read/write, or
read/only partition replicas to recover and rebuild the network.
■ If the location has only one server, back up eDirectory regularly
(use backup software that backs up eDirectory information).
Consider purchasing another server for fault-tolerance
replication.
Regulate the Number of Replicas
To regulate the number of replicas, follow these design guidelines:

■ Balance fault tolerance needs with network performance needs
as you plan the number and placement of replicas.
eDirectory 8.6 allows for up to 50 replicas per partition, but the
amount of network traffic increases as the number of replicas
increases.
■ Limit the number of replicas on a server to 250 replicas.

Replicate the Root Partition
The partition that includes the tree root is the most important
partition of the eDirectory tree, so you must make sure you replicate
the tree root partition.
If the only replica of this partition becomes corrupted, users might

experience impaired network functionality until the root partition is
repaired or the eDirectory tree is rebuilt. Also, you cannot make tree
design changes involving the root.
Set Up Name Resolution
When partitioning to allow for name resolution, follow these design

guidelines:
■ If an application needs to access multiple replicas, place
replicas on the same server to make it easier for the application
or users (if they have to browse to a location) to find what they
need.
■ Place replicas of frequently accessed information on local
servers to increase the speed at which names are resolved.
Replicate for Administration
Partition changes, such as creating or merging partitions, affect the

eDirectory database much more than simple, object related changes.
Use caution when performing partition management procedures.

Consider doing the following:
■ Limit who can manage partitions. One method of regulating
partition actions is to limit who can perform these actions.
If you want container administrators to manage partitions, grant
the Supervisor right of the partition root object to only those
container administrators you want to manage partitions.

For example, if you grant a container administrator Create,

Delete, Rename, and Browse object rights, you allow the
container administrator to manage a container, but not the
partition.
■ Create or merge partitions from only one workstation at a time.
This helps you regulate partition actions.To accommodate users
and make management of replicas easier, follow these design
guidelines:
■ Place master or read/write replicas on servers near the network
administrator.
■ When a change is made to a replica, only the updated
information is sent across the network. However, when the
network administrator creates a replica, the entire replica is
copied.
Each object takes up roughly 5 KB of space (some newer
objects, such as ZENworks and DNS/DHCP objects, can take
up more).
Therefore, if you have a large replica to copy (more than 500
objects), copy the replica during a low-traffic period.
x Wan Traffic Manager is a policy-based service that lets you control

eDirectory traffic in a wide-area network. You can control
communications based on time, traffic type, destination, and other
configurable settings.
■ Making changes to a few objects does not create much

synchronization traffic.
However, making changes to many objects at once or making
changes to partition boundaries (particularly joining partitions)
can slow a network considerably.
Reserve these high-cost activities for times when network use is
low.

Learn to Use a Replica Table
You can use a replica table to plan replica placement and map where
eDirectory will place subordinate replicas. It will also help you
remember where your replicas are located. The table helps you see
the partition view and server at the same time.
The best way to determine where to place replicas on the tree is to

go through the following process:
■ Determine Guidelines and Requirements for Replica Placement
■ Determine the Replica Placement for Each Partition
■ Create a Replica Table
The following subsections explain the process using the JKL-Tree

example.
Determine Guidelines and Requirements for Replica Placement
For every company, the design guidelines you use and the
requirements are different. Review all the design guidelines in this
course to determine the design guidelines and requirements for your
company.
In this example, Paul is the network administrator at JKL Inc. The

network has 5 servers and 3 partitions. Paul chose the following
guidelines and requirements to determine replica placement:
■ Each partition must be replicated 3 times (1 master and 2
read/writes).
■ The number of subordinate reference replicas must be limited.
■ The placement of the replicas must be load balanced.
■ Because an application needs access to all replicas, at least 1
server must have a full copy of each replica.
After determining these guidelines and requirements, Paul
decided where to place the replicas for each partition.

Determine the Replica Placement for Each Partition
For the JKL tree, Paul mapped the location of each replica and the
replica type on each server, as seen in the following:
Figure 7-11 (slide) JKL-TREE
Master (M)
Read-Write (R/W)
O=JKL
Subordinate
Reference (SR)
OU=Administrative
OU=Services OU=Accounting OU=Travel OU=Purchasing OU=Production
S2 S1 S4 S5 S3
Services JKL-TREE JKL-TREE JKL-TREE Production
Services Services Production
Production Production Services
■ Each partition has a full copy residing on at least 3 servers.

For example, the JKL-Tree partition has the following replicas:
❑ Server S1 holds a master replica of the JKL-Tree partition.
❑ Server S4 holds a read/write replica of the JKL-Tree
partition.
❑ Server S5 holds a read/write replica of the JKL-Tree
partition.
■ Notice where the subordinate references (SR) are placed. Any
server that contains a replica of the JKL tree partition must also
hold a replica of each child partition (Production and Services).

■ To eliminate 2 subordinate references, Paul could place

read/write replicas on the S4 and S5 servers.
■ Paul load balanced as much as possible. He chose not to place a
replica of JKL tree on S2 and S3 because he wanted to
eliminate the 2 subordinate references.
■ S1 holds a replica for each partition. This is the server the
applications access.
Create a Replica Table
After you decide where each replica will reside, create a replica
table. You put all replica information in the replica table. Do this:
1. Fill in the server and partition names.
2. Place a master replica of each partition.
3. Place read/write replicas to facilitate user access and fault
tolerance.
4. Note where subordinate references are automatically created.
The following shows a replica table for JKL:
Table 7-2 Servers Partitions Services Production
S1 Master Master Master
S2 Read/Write
S3 Read/Write
S4 Read/Write Subordinate Subordinate

Reference Reference
S5 Read/Write Subordinate Subordinate

Reference Reference

Learn to Use Partition and Replica Operations
Over time, you might find the need to change the way you have
partitioned eDirectory. To make changes, you must be familiar with
the following:
■ Create a Partition
■ Merge Partitions
■ Replicate a Partition
■ Move a Partition
■ Delete a Replica
Create a Partition
Creating a partition is the same as splitting a partition. The newly

created partition becomes a child of the existing partition, as shown
in the following.
Figure 7-12 (slide)

Before After
After you create a partition, a master and 2 read/write replicas of

that partition are placed on the same servers holding replicas of the
parent partition.

Merge Partitions
When you merge partitions, the partitions must have a child/parent

relationship. Use the merge operation in the following
circumstances:
■ Merging partitions
■ Deleting partitions (when you want to keep the objects or
remove them)
■ Deleting all replicas or the master replica of the server
(Merging a partition with its parent is the only way to delete the
partition’s master replica.)
The following shows the affects of merging partitions:
Figure 7-13 (slide)

Before After
Replicate a Partition
When you install eDirectory, a partition and 3 replicas of that

partition are installed on the first 3 servers.
You can manually add replicas of a partition using ConsoleOne.

Move a Partition
Moving a partition lets you move a subtree in your tree.
Figure 7-14 (slide)

Before After
You can move a partition root object only if it has no child

partitions. When you move a partition, follow the eDirectory
containment rules.
For example, you cannot move an organizational unit under the root
of a tree because rules for the root allow locality, country, or
organization containers, not organizational unit containers.
When you move a partition, eDirectory changes all references to the

partition root object. Although the object’s common name remains
unchanged, the distinguished name of the container (and of all its
subordinates) changes.
When you move a partition, you could choose the option to create
an Alias object for the container you’re moving. Doing so allows
users to continue to log in to the network and find objects in their
original directory location.
The alias object that is created has the same common name as the
moved container and references the new distinguished name of the
moved container.

If you move a partition and don’t create an alias object in place of

the moved partition, users who are unaware of the partition’s new
location might not be find that partition’s objects in the tree.
This might also cause workstations to fail at login if the workstation

NAME CONTEXT parameter is set to the original location of the
container of the tree.
Because the context of the object changes when you move it, users
whose name context references the moved object need to update
their NAME CONTEXT parameter so that it references the object’s
new name.
To automatically update users’ NAME CONTEXT after moving a

container object, use the NCUPDATE utility.
Make sure your tree is synchronizing correctly before you move a

partition. If you have synchronization errors in the partition you
want to move or in the destination partition, fix the synchronization
errors before you move a partition.
Delete a Replica
When you delete a replica, you remove the replica of a partition

from a server. Delete a replica in the following circumstances:
■ Before removing a server from a tree. It is a good idea to delete
the replicas of a partition to reduce the chance of having
problems.
■ When you want to reduce the synchronization traffic on the
network. In most cases you don’t want more than 6 replicas.
■ When you want to remove the master replica. You can remove
the master replica in the following ways:
❑ Make another read/write or read/only replica on the replica
ring the master replica. This changes the original master
replica into a read/write replica, which you can then delete.
❑ Merge the partition with its parent.

Exercise 7-2 Review Partition and Replica Design Guidelines
a 5 minutes Answer the following questions:

1. Does each container need its own partition? Why?
2. Too many subordinate references are contributing to high traffic

across WAN links. How can you reduce the number of
subordinate references?
3. If you install 20 servers in a partition of a new eDirectory tree,

how many replicas are created by default?
4. Should every server have a replica? Why?
(End of Exercise)

Back Up eDirectory
Back up eDirectory according to the backup strategy you have

chosen. Keep the backup as a protection for restoring the tree. In
addition, back up eDirectory before creating or merging a partition.
b For more on Backing up eDirectory, see “Perform Backup and Restore Tasks
with NetWare 6 Backup Utilities.”
x Restore a Directory backup only when all other options for restoring the
information, such as resolving synchronization errors or recreating the
replica from a valid replica, have failed.
Manage Volume SYS Disk Space
Volume SYS stores NetWare files that are critical for network
operations. In addition, SYS stores eDirectory files in a hidden
directory. Therefore, make sure SYS never runs out of disk space.
To avoid running out of disk space on SYS, follow these guidelines:

■ Set minimum space requirements so you receive a warning if
SYS is almost out of space. By default, this warning is set to
occur when the volume has 256 blocks left.
■ For queue-based printing, store print queues on a volume other
than SYS.
■ For NDPS printers, set the spooling volume to a volume other
than SYS.
■ Store user files or other files on a volume other than SYS.
■ Do not add replicas to servers that have low disk space.
■ Turn on the Purge Immediately attribute for directories to
immediately remove deleted files.

Prepare a Server for Downtime
At times, you might have to bring down a server to perform

maintenance tasks on the server.
The eDirectory database continues to function when servers that

store replicas are unavailable. eDirectory on the unavailable server
automatically synchronizes itself when it becomes available again.
However, if you must bring down a server for more than a few days,
consider taking following actions:
Table 7-3 Event Action
To bring down a server that Use ConsoleOne to move the

contains the only replica of a replica to another server first.
partition
To bring down a server or a WAN Back up eDirectory; then use

link permanently NWCONFIG to remove eDirectory
from the server before bringing
down a server or WAN link.
To bring down a server or a WAN Back up eDirectory; then use

link temporarily to replace the NWCONFIG to remove eDirectory
hard disk that contains volume from the server before bringing
SYS down a server or WAN link.
To bring down a server or a WAN Remove replicas from the server

link temporarily if any of the before bringing down the server or
following are required: disconnecting WAN links.
■ Partition operations (Bindery emulation services are
lost when replicas are removed.)
■ Large numbers of changes,
additions, or deletions of
replicas
■ Relocation of the server to
another site

Basic administration procedures includes identifying and resolving

eDirectory problems.
Identify eDirectory Database Inconsistencies
eDirectory inconsistencies can cause a number of problems. Many

inconsistencies are a result of replicas not synchronizing.
Information then becomes dissimilar or corrupted.
If ignored, eDirectory errors can cause disruption of eDirectory

operations.
eDirectory database inconsistencies are exemplified in the following

forms:
■ Client Symptoms
■ Unknown Object Types
■ eDirectory Error Messages
Client Symptoms
The following client problems might indicate that replicas are not
synchronized:
■ The client prompts for a password when none exists for a user
account.
■ The client login takes significantly more time than usual.
■ Modifications made to eDirectory seem to disappear.
■ Previously assigned eDirectory rights seem to disappear.
■ Client performance is inconsistent; errors cannot always be
duplicated.

Unknown Object Types
The presence of unknown objects in the eDirectory tree can indicate

a problem with synchronization. The icon for unknown objects
appears as a yellow question mark (?).
Objects usually become unknown when they are missing mandatory

attributes that are defined by eDirectory schema.
This type of problem is quite common in mixed replica rings that

consist of eDirectory 8.6 and older NDS versions. (When multiple
servers hold replicas of the same partition, those servers are
considered a replica ring.)
b For more on eDirectory 8.6 and NDS compatibility, see

support.novell.com/cgi-bin/search/searchtid.cgi? /10066591.htm.
eDirectory Error Messages
A Novell error code is a hexadecimal or decimal number that is

usually displayed within an error message for an application.
When an error code is displayed, it indicates that a software or

hardware error has occurred that does not allow NetWare to
continue processing.
Many error codes display only a few digits of the hexadecimal error
code. Usually a number code is truncated to 2 digits, so it is not the
actual decimal equivalent of the hexadecimal code.
b For more on Novell error codes, see the online documentation, NetWare
Novell Error Codes at www.novell.com/documentation/lg/nwec/index.html.
In addition to these error indicators, you can use iMonitor to check

for additional problems.

Exercise 7-3 Test Your Understanding

1. What is the recommended minimum number of replicas for every
partition you have?
2. Identify 4 factors when planning replica placement:
❑
3. What precautions should you take when performing partition

management procedures?
4. Can a partitioned eDirectory database continue to function if

servers containing replicas of that partition are unavailable?
5. What action should you take if you are going to take a server
down that contains only a replica of a partition?
(End of Exercise)

Objective 3 Design and Implement a Time

Synchronization Strategy
In this objective, you learn the following:
■ Why Time Is Synchronized on the Network
■ How to Create a Time Synchronization Strategy
■ How to Design a Time Synchronization Strategy
Why Time Is Synchronized on the Network
Time synchronization is a service that maintains consistent server

time across the network. Server time is used by
■ eDirectory, to help properly sort changes to the eDirectory
database
■ File systems, to apply time stamps to file and directory
operations
■ Messaging applications, to indicate when a message is received,
etc.
■ Network applications, to indicate when a file was created,
modified, archived, or deleted
Because changes can occur in different replicas, eDirectory must

track and distributes these changes in a logical order.
If the same object is modified in 2 replicas of the partition or is

modified twice in the same replica, the order in which the
modifications were made must be preserved to ensure database
integrity.
Each eDirectory action is therefore given a time stamp. A time

stamp is a value that the system attaches to a network request. The
server reads the time stamps and processes requests in the correct
order.

Time stamps use Universal Time Coordinated (UTC), a time system

that adjusts for the local time zone of the server. UTC corrects the
local server time to get the equivalent of Greenwich Mean Time
(GMT).
For instance, Provo, Utah, time is 7 hours behind GMT. Therefore,

if the time in Provo is 11:00 and there is no daylight saving time,
UTC time is 18:00.
To establish time synchronization, a network must have time servers

of some kind. Time servers provide a consistent source for the time
stamps that eDirectory uses to identify and order eDirectory events.
How to Create a Time Synchronization Strategy
Network Time Protocol (NTP) is an open IP standard (described in

RFC 1305) that provides time stamps for time synchronization by
using external UTC time sources through the Internet.
x In many environments, NTP is also known as Simple Network Time Protocol

(SNTP).
NTP assumes that the time it gets from an Internet time source is the
correct time. It changes its own time according to the time it
receives.
NTP uses the term stratum to indicate the accuracy of a time source.
The stratum ranges from 1 to 16: 1 is the time source itself, 2 is the
first server referencing that time source, 3 is the server referencing
stratum 2, etc.
An NTP server at stratum “n+1” is one that accepts time from an

NTP server at stratum “n.” Thus a server at a lower stratum is
accepted as a server that is more accurate than one at a higher
stratum.

Internet time sources are typically public domain NTP time sources
that are at stratum 1 or 2.
NTP is very strict in considering a time source. If a time source is

more than 1000 seconds (17 minutes) away from the local clock,
NTP rejects the time source and labels it as insane.
Because of its refusal to accept insane time sources, an NTP time

source is usually very reliable.
As a result of its reliable time sources, NTP has gained wide

acceptance. However, vendors must implement it on their own
platforms. NTP implementations are available for NetWare,
Windows NT/2000, Macintosh, Linux, UNIX, and others.
b For more on NTP, see http://www.eecis.udel.edu/~ntp/database

/html_ntp-4.0.72c/index.htm.
NetWare and TIMESYNC.NLM
All NetWare 4.x or later servers are time servers of some kind. To
provide useful time stamps, time servers must have time
synchronization established on them.
Time synchronization is established using TIMESYNC.NLM.

TIMESYNC loads when the server is installed, and manages the
UTC of the server.
TIMESYNC is an adaptation of NTP. It uses the same algorithms as

NTP to account for network delay when obtaining time from a time
source.
You use TIMESYNC to configure time server types and methods.

The following describes the 4 types of time servers.
Table 7-4 Gets Time Gives

Server Description From Time To
Reference ■ Participates with Hardware Primary

primary time servers, clock or and
but does not adjust its external secondary
internal clock.
source time
■ Provides a central servers
point of time control for and clients
entire network.
■ A higher-priority time
source than a primary
time server, it is
considered more
reliable.
■ For fault tolerance, at
least two primary time
servers for each
reference is
recommended.
■ Adjusts time: No
Single ■ Default configuration Hardware Secondary

Reference for the first server in clock or time
the tree. external servers
■ Does not poll any source and clients
other server for time.
■ Same as reference,
but always claims to
be synchronized.
■ Cannot coexist with
primary or other
reference time
servers.
■ Adjusts time: No.

Table 7-4 (continued) Gets Time Gives

Server Description From Time To
Primary ■ Polls reference and Network Secondary

other primary time time time
sources. determined servers
■ Votes to determine by time and clients
network time by provider and its own
calculating weighted group hardware
average of time of
clock
each server in its
group and changes its
time to half the
difference between its
time and the group
time.
■ Sets synchronization
status based on its
deviation from
calculated network
time, without regard to
status of other time
sources polled.
■ Adjusts time: 50%
correction per polling
interval
Secondary ■ Is the default Single Secondary

configuration for the reference, time
second or subsequent reference, servers
servers in a tree.
primary, or and
■ Attempts to remain secondary workstation
synchronized with only s sets its
one time source.
own
■ Does not participate in hardware
voting.
clock
■ Adjusts time 100%
correction per polling
interval

These time server types work together to form a time

synchronization hierarchy.
Clients receive their time from any time servers, secondary time
servers receive their time from primary time servers, and primary
time servers receive their time from reference time servers.
Reference time servers receive their time from the most accurate
source possible, an NTP time source or hardware clock.
x When NTP is configured with TIMESYNC on an IP server, NTP becomes

the time source for both IP and IPX servers. In this case, IPX servers must be
set to secondary servers.
The first NetWare server that is installed is configured (by default)

as a single reference time provider. As other NetWare servers are
added to the network, they are assigned as secondary time servers
by default.
You can configure TIMESYNC to meet your network environment

needs. To do this, perform the following:
1. At the server console, enter MONITOR.
2. Select Server Parameters > Time.
The following shows the Time Parameters window.
Figure 7-15

The Time Parameters window allows you to configure several

fields; however, most are set during server installation.
Entries in the following fields vary, depending on your
environment:
❑ TIMESYNC Configuration File. Use to specify the
configuration file path.
❑ TIMESYNC Configured Sources. Set to On if you want the
server to listen to time servers configured in the
TIMESYNC Time Sources field, instead of listening to
advertising time servers.
When using an NTP time source, this field must be set to
On.
❑ TIMESYNC Directory Mode. Use to control the use of
SAP and SLP packets in conjunction with the Directory
tree structure:
❑ To find a time server, regardless of which one it is or
which tree it is on, set Directory Tree mode to Off and
TIMESYNC Service Advertising to On.
❑ To make servers find any time servers in their own
eDirectory tree, set Directory Tree mode to On.
❑ TIMESYNC Polling Interval. Use to control the time
interval in which TIMESYNC verifies time
synchronization.
❑ TIMESYNC Restart Flag. Use to restart TIMESYNC.
❑ TIMESYNC Service Advertising. Set to On for time source
advertising to be done using SAP (IPX network) or SLP (IP
network).
Service advertising generates some network traffic, but it
also allows quick network installation with little
preparation.
In addition, service advertising allows automatic
reconfiguration when servers are added to the network.

❑ TIMESYNC Time Sources. Use to configure the time

servers to contact. If you configure NTP time servers, you
must place a :123 after the IP address (or server name):
Figure 7-16
123 is the default UDP port that NTP uses to provide time
synchronization.
If you aren’t using NTP time sources, you can configure
other servers as time sources in a configured list. When
using a configured list, enter DNS names or IP addresses of
several time servers, separated by commas:
Figure 7-17
A configured list lets you identify time servers and the

order in which they are contacted by a server.
The server gets its time from the first time source on the
list. If the source is unavailable, the server uses the second
source on the list, and so on.
You can have a configured list and turn service advertising
on at the same time. In this case, the server gets time from
the servers on its list as long as at least one of them is
available.
If none are available, the server uses SLP (SAP on an IPX
network).
Using configured lists and service advertising as your
communication method adds extra traffic, but provides fault
tolerance in case the configured list method fails.
❑ TIMESYNC Type. Use to identify the type of time server
you are configuring.

How to Design a Time Synchronization Strategy
To plan a time synchronization strategy, determine which servers

are to be time servers and what role those time servers must play.
There are 3 basic implementations:

■ Single Reference Server
■ Time Provider Group
■ Multiple Time Provider Groups
Single Reference Server
If your network has fewer than 30 servers and only 1 site, use the
single reference time synchronization implementation, as seen in the
following:
Figure 7-18 (slide)

Single Reference
Secondary
The single reference implementation is easier to set up and maintain

than a custom configuration, but customized time synchronization
can make a large network much more efficient.
Benefits
■ It is simple and efficient, and it requires no planning.

■ It does not require a configuration file.

Because single reference configuration relies on SAP or SLP to

advertise the time source, no configuration information needs to
be provided to any of the time servers.
■ It does not require you to reconfigure time synchronization
when servers are added to the network.
■ It requires no administration.
Considerations
■ The time server must be contacted by all network servers.

■ A misconfigured server can disrupt the network, especially if
you overcompensate for the error by repeatedly changing the
server’s time.
■ Some secondary servers might synchronize to an
unsynchronized server rather than to the authorized single
reference time server.
■ One time source means a single point of failure. However, if a
single reference time server goes down, you can set up a
secondary time server as the single reference time server using
a SET parameter.
■ The single reference method might not be ideal for
implementations with many sites connected by WAN links. The
SAP or SLP process might involve more network traffic than is
acceptable.

Time Provider Group
A time provider group is a group of time provider servers. Create a

hierarchical structure based on physical server location as shown in
the following, and use time sources to provide local access
throughout the network.
Figure 7-19 (slide)

Reference
Primary
Secondary
Before setting up time provider groups, you must know the network
layout. This helps you know where to place time providers.
To use time provider groups, do the following:

■ Determine which servers are time sources.
■ Decide the time source each server will refer to.
When you implement a time provider group, do the following:

■ Have secondary time servers synchronize to time
sources—primary or reference time servers.
■ Keep the number of sources small to reduce network traffic.
These sources should be high-visibility servers.
■ Use no more than 7 primary servers to 1 reference time server.
Each server has a configuration file (TIMESYNC.CFG) that
lists the authorized time sources for the server and other
parameters.

You can use the configuration on multiple servers. Often, the

only change required is the order of the time sources.
■ Locate time providers on redundant network routes; then the
time can be communicated even if one route fails.
Before you decide to use time provider groups, consider the

following:
Benefits
■ Allows complete control of the time synchronization hierarchy

■ Allows optimization of network traffic and distribution of time
sources around the network
■ Provides alternate time sources in case of network failures
Considerations
■ Customization requires careful planning, especially on a large

network.
■ Adding time sources usually requires updating configuration
files on several servers.
■ If you use a time provider group, at least one server must be a
reference server and 2 servers must be primary servers. (These
servers poll all other providers in their group to vote on the
correct time.)
■ When primary and reference time servers are on a network,
make sure they can contact each other for polling and voting.
■ If you use more than one reference time server, synchronize
each reference server with the same external time source, such
as a radio clock, an atomic clock, or Internet time.

■ The reference time server should be placed in a central location.

■ Spread the other servers in your time provider group around the
network to control the flow of traffic generated when the
secondary time servers request the time from their time source.
Multiple Time Provider Groups
If you have networks with many servers at multiple locations,

consider creating a time provider group at each location. The benefit
of such a configuration is reduced time synchronization traffic
across WAN links.
The following shows an example of multiple time provider groups.
Figure 7-20 (slide)

NYC
Reference
LAX ATL
Primary
External
Primary
Time Source
DAL
Secondary
United States
Time Provider Group
LON
Reference
PAR FRA
Configured Primary Primary
Lists
GEN
Secondary
Europe Time
Provider Group

A time provider group should include a reference server and a small

number of primary servers; other time servers will be secondary
servers.
x Using a reference server with primary servers allows for faster time
stabilization.
Primary servers provide local time sources if the reference server

goes down.
When implementing multiple time provider groups, consider the

following:
■ Place each primary server close to the secondary servers that
use it, and make sure the primary server has a reliable link to
the local reference server.
If your WAN infrastructure forces you to have more than 7
primary servers in a time provider group, implement additional
time provider groups as necessary.
However, make sure each reference time server is synchronized
with the same external time source. Designate all other servers
as secondary servers.
■ To keep time accurate, have secondary servers synchronize
with time provider groups. If secondary servers get time from
other secondary servers, the chance of a time lag between
secondary servers increases.
■ Limit the number of time providers. The amount of traffic
involved in time synchronization is very small. Guaranteeing
that the WAN links required are available on a timely basis is
more important.
■ If possible, create local time providers. This eliminates servers
having to go across a WAN to receive their time.

For example, if a company has 12 servers in London and 23

servers in Frankfurt, the company might have 1 reference server
at each location using a dial-up time service.
Thus, the reference time servers would synchronize to a
common clock without generating synchronization traffic across
the WAN.
A few primary servers could then be used in London and a
similar number in Frankfurt. Each primary server would use the
local reference server as its time source.
■ You need 2 - 7 primary servers for every reference server. All
other servers would be secondary servers. Each secondary
server would list the local primary server as the time source in
TIMESYNC.CFG.
Exercise 7-4 Review Time Synchronization Guidelines
a 5 minutes Answer the following questions:

1. You have 2 sites, connected by a WAN link, with 10 servers
each. How many reference servers do you need? Which type
would the other servers be?

2. How many primary servers should you use for every reference
server?
3. What is the difference between secondary time servers and

primary time servers?
4. Can you use both configured lists and SLP at the same time as the
communication method? Why?
(End of Exercise)

Summary
The following is a summary of the objectives in this section.
Objectives Summary
1. Define ■ Replication is the process of logically dividing the

eDirectory eDirectory database and distributing that
Replication and information to other servers.
Synchronization
This division enables users on those servers
faster access to the information they most readily
use.
■ Synchronization is the process of updating the
replicated information as changes are made to
eDirectory.
2. Identify Basic You need to be able to do the following:

eDirectory
Administrative ■ Partition and Replicate eDirectory
Procedures ■ Back Up eDirectory
■ Manage Volume SYS Disk Space
■ Prepare a Server for Downtime
■ Identify eDirectory Database Inconsistencies
3. Design and Time stamps are used by the following:

Implement a
Time ■ eDirectory, to help properly sort changes to the
Synchronization eDirectory database
Strategy ■ File systems, to apply time stamps to file and
directory operations
■ Messaging applications, to indicate when a
message is received, etc.
■ Network applications, to indicate when a file was
created, modified, archived, or deleted
■ NTP provides a time stamp for synchronization.

Exercise Answers
The following are answers to section exercises.
Exercise 7-1. Describe eDirectory Partitions and Replicas
1. ______________________________ are the logical divisions

of eDirectory that enable the network administrator to divide
the database among multiple servers.
Partitions
2. Identify the benefits of partitioning eDirectory.

Partitioning enables you to distribute the eDirectory database
among multiple servers, and provides more reliable access to
resources.
3. Identify the type of replicas that can be used to perform

partition management:
c. Read/Write replica
d. Master replica
4. Depending on the type and extent of changes required in

eDirectory, changes can be divided into which types?
(Choose2.)
a. Complex
c. Simple
5. Identify the benefit of creating a filtered replica:

Filtered replicas allow more replicas to be stored on a single
server. Because filtered replicas only contain a subset of a
partition, they enable fast response when the data stored in
eDirectory is procured by applications.

6. Identify the incorrectly drawn partition boundaries in the

following figure. Why are they incorrect? Redraw valid
partition boundaries.
The figure has 2 incorrect partition boundaries:
❑ The ADMIN container cannot be part of the ACME Tree
partition because the ADMIN container is under the HR
container.
❑ The R&D and PROD containers cannot make a separate
partition by themselves because they must have a partition
root object within the partition.
The following shows valid partition boundaries.
ACME
ENGR ACCT MKTG HR

Use the following to answer questions 7 - 9.
ACME
ENGR ACCT MKTG HR
7. List the name of each partition in the following:

AAA Corp Tree, ACCT, HR, MKTG, PROD, R&D, and ENGR
8. List each partition in the previous figure that is

a. A child but not a parent:
ACCT, HR, MKTG, R&D, ENGR
b. A child and a parent:
PROD
9. In the previous figure, where would the network administrator

place subordinate references?
The network administrator can’t place subordinate references.
eDirectory places them. Subordinate references are placed
based on the partition boundaries chosen by the designer.

10. Can you restore a complete partition from a subordinate

reference? Why?
No. It contains no objects other than the partition root object.
11. What is the difference between a master replica and a read/write

replica?
The information in the master and read/write replicas is
identical. The differences is that the master replica handles
partition operations.
12. How many replicas of each partition should you have?

For fault tolerance, keep at least 3 replicas. The maximum
suggested is 50, but this depends on the performance of your
network.
Exercise 7-2. Review Partition and Replica Design Guidelines
1. Does each container need its own partition? Why?

It depends on your organization’s needs: time needed to
synchronize, partition size, expected growth, replicas you need
to synchronize, etc.
2. Too many subordinate references are contributing to high traffic

across WAN links. How can you reduce the number of
subordinate references?
Put a replica of the partition on local servers at each site
connected by WAN links.
3. If you install 20 servers in a partition of a new eDirectory tree,

how many replicas are created by default?
Three

4. Should every server have a replica? Why?

It depends. You do not need a replica for every server unless
you only have 3 servers per partition.
Exercise 7-3. Test Your Understanding
1. What is the recommended minimum number of replicas for

every partition you have?
Three
2. Identify 4 factors when planning replica placement:

❑ Meet Workgroup Needs
❑ Create Fault Tolerance
❑ Regulate the Number of Replicas
❑ Replicate the Root Partition
❑ Set Up Name Resolution
❑ Replicate for Administration
3. What precautions should you take when performing partition

management procedures?
❑ Limit who can manage partitions.
❑ Manage partitions from one workstation.
❑ Place master or read/write replicas on servers near the
network administrator.
❑ If you have a large replica to copy, copy the replica during
a low-traffic period.
❑ Making changes to a few objects does not create much
synchronization traffic.
4. Can a partitioned eDirectory database continue to function if

servers containing replicas of that partition are unavailable?
Yes

5. What action should you take if you are going to take a server
down that contains only a replica of a partition?
Use ConsoleOne to move the replica to another server first.
Exercise 7-4. Review Time Synchronization Guidelines
The following are possible answers to the exercise:
1. You have 2 sites, connected by a WAN link, with 10 servers

each. How many reference servers do you need? Which type
would the other servers be?
One or 2.
In the case of 1 reference server, one side of the WAN link
would consist of a primary time server with the others polling it
for its time.
The other side of the WAN link would consist of one reference
time server being polled by a primary time server. That primary
time server would provide time for the other 8 servers.
In the case of 2 reference servers, each side of the WAN link
would consist of a reference server that serves as the time
source for the other 9 servers.
Each reference server would then poll the same NTP time
source for time.
2. How many primary servers should you use for every reference
server?
For every reference server, you should have at least 2 primary
servers.

3. What is the difference between secondary time servers and

primary time servers?
Secondary time server:
❑ Is the default configuration for the second or subsequent
servers in a tree
❑ Attempts to remain synchronized with only one time source
❑ Does not participate in voting
Primary time server:
❑ Polls reference and other primary time sources
❑ Votes to determine correct network time by calculating
weighted average of time of each server in its group and
changes its time to half the difference between its time and
the group time
❑ Sets synchronization status based on its deviation from
calculated network time, without regard to status of other
time sources polled
4. Can you use both configured lists and SLP at the same time as
the communication method? Why?
Yes. If a particular server cannot contact a configured time
source, it then uses SLP to find an available time provider.

Novell Network Management / Instructor Guide Use iMonitor to Manage and Maintain eDirectory
SECTION 8 Use iMonitor to Manage and

Maintain eDirectory
Duration: 3 hours In this section you learn the fundamentals of managing and
maintaining eDirectory.
Objectives
1. Identify What iMonitor Is and How to Use It
2. Use iMonitor to Diagnose and Repair eDirectory Problems
3. Repair eDirectory Using iMonitor
4. Maintain and Optimize eDirectory Using Cache Options
Introduction
eDirectory is the hub around which your entire network runs. The
successful running of eDirectory is critical for a network to
function. As a result, it is important to manage eDirectory
efficiently.

Objective 1 Identify What iMonitor Is and How to Use It

iMonitor works as an interface tool that links you to information on
various aspects of eDirectory. iMonitor is a browser-based utility
that lets you monitor your eDirectory server from any location
including across the Internet.
As a result, iMonitor provides cross-platform monitoring and

diagnostic capability to all servers in your eDirectory tree.
iMonitor provides a web-based alternative or replacement for many

of Novell’s server-based utilities. When you load iMonitor, you
specify the server address where you are gathering information and
preforming tasks.
iMonitor’s features are primarily focused on the health of individual

eDirectory agents (running instances of the Directory service) rather
than the entire eDirectory tree.
To use iMonitor, you need to know the following:

■ System Requirements
■ How to Access iMonitor
■ Navigation Frame Tools
■ Assistant Frame Tools
■ How to Customize the iMonitor Configuration

System Requirements
To run iMonitor, you must meet the following requirements:
Table 8-1 Software Requirement
Browser One of the following:

■ Internet Explorer 4 or later
■ Netscape 4.06 or later
■ NetWare browser (available from the server
console)
Platform The following network platforms are supported:

■ NetWare 5 Support Pack 5 or later
■ Windows NT/2000
■ Linux
■ Solaris
■ Tru64TM UNIX
eDirectory Version 8.5 or later

Note: Version 8.5 is required to run iMonitor but
you can monitor all versions of eDirectory for
NetWare 4.11 or later, Windows NT/2000, and
Solaris/Linux/UNIX. NetWare 6 and Support
Pack 1 are based eDirectory version 8.6.
How to Access iMonitor
To access iMonitor, do the following:

1. Make sure the iMonitor module (NDSIMON.NLM) is running
on your eDirectory server.
When using NetWare, NDSIMON.NLM is placed in
AUTOEXEC.NCF.

2. Launch a supported browser and in the Address field (Location

field in Netscape) enter http://your server’s IP
address:8008/nds-summary.
After your Public identity is established, you are redirected to
port 8009.
Because iMonitor is rights-based, it verifies that each user at
least has the default rights provided by the public object.
There is a link to iMonitor from the Remote Manager
navigation frame. This link defaults to the Agent Summary
screen:
Figure 8-1
Navigation
Frame
Main
Content
Frame
Assistant Frame
Point out the navigation frame, the Depending on your eDirectory access rights, iMonitor provides
main content frame, and the
assistant frame in the figure. ■ Navigation Frame Tools
■ Assistant Frame Tools

Navigation Frame Tools
The Navigation frame is at the top of every iMonitor page. This

frame provides icons that link to common or important features
available in iMonitor.
The Navigation frame also contains the identity you are using to
view eDirectory and server information.
For clarity, navigation icons are divided into 2 groups: the left group
has nonfeature-related items such as login/logout, help, and home
icons; the right group has feature-related buttons.
The Navigator frame buttons are as follows:

■ Help. Use to link to a basic online help page regarding
data displayed in the data frame.
■ Login/logout. Use to log into or out of an iMonitor
session. Unless all browser windows are closed, your iMonitor
session remains open, and you do not need to log in again.
■ Home NetWare Manager. Use to link to the Remote
Manager utility.
■ Agent Summary. Use to view the health of your
eDirectory servers, including synchronization information,
agent process status, and the total servers known to your
database.
The term agent refers to the DS agent, which is a running
instance of the Directory on a particular server.
Agent Configuration. Use to control and configure the DS
agent to monitor the following.
The Agent Configuration page varies depending on the version
of eDirectory you are configuring.

Following is a list of the Agent Configuration options:

❑ Agent Information. Use to view DS agent-specific
information, such as server name, IP address, time
synchronization, etc.
❑ Partitions. Use to view a list of existing partitions.
❑ Replica filters. Use to see what filtered replicas are
configured for the specified DS agent.
❑ Agent Triggers. Use to initiate background processes listed
in the main content window.
❑ Background Process Settings. Use to temporarily change
the intervals at which listed background processes run.
❑ Agent Synchronization. Use to disable inbound and
outbound synchronization for the specified DS agent.
❑ Schema Synchronization. Use to disable inbound and
outbound schema synchronization.
❑ Database Cache. Use to configure and monitor the cache
segments being used by the database subsystem of
eDirectory.
❑ Login Settings. Use to disable the queueing of login
updates or customize the time required between updates.
■ Trace Configuration. Use to configure Directory trace
settings. This allows you to use DSTRACE.
DSTRACE is an eDirectory debug utility that monitors
eDirectory replicas as they communicate with each other on the
network.
This utility was written as a debug utility for developers. As a
result, some messages might cause concern if not interpreted
correctly.

■ Repair. Use to view problems and back up or clean up

your Directory information base (DIB). The eDirectory
database is sometimes called a DIB.
To access information on this page, you must be the equivalent
of Administrator of the server or a console operator.
DS Repair can only be initiated within iMonitor on a server
where iMonitor is running. If you need to access DS Repair
information on another server, switch to iMonitor on that server.
■ DirXML Summary. Use to view information regarding
the DirXML drivers running in your tree.
b For more about DirXML, see Course 992: Directory and Database
Integration using DirXML.
■ Reports. Use to configure and run tree and server reports.

You can also configure and run your own customized reports.
These reports are useful when preparing to run relatively major
eDirectory operations. These reports provide information
regarding each server and compile the information into one
report.
■ Search. Use to search the tree for objects, classes, and
attributes.
■ Support Connection. Use to link to the Novell Support
Connection web page, which provides current server patch kits,
updates, and product support.

Assistant Frame Tools
The Assistant frame is at the left side of the page. This frame lists
additional navigational aids that help you navigate data in the Main
Content frame. The Assistant frame provides the following links:
■ Agent Synchronization. Use to view the number and types of
replicas you have and the length of time since they were
synchronized.
You can also view the number of errors for each replica type. If
there is only one replica or partition to view, the heading is
“Partition Synchronization Status.”
x If the Agent Synchronization Summary doesn't appear, there are no

replicas you can view based on your identity.
■ Known Servers. Use to view the list of servers known to the

database of the source server, to filter the list to show all servers
known to the database, or to show all servers in the replica ring.
■ Schema. Use to view a list of attribute and class definitions.
■ Agent Configuration. Use to view the same page that the Agent
Configuration button in the navigation frame takes you to.
■ Trace Configuration. Use to view the same page that the Trace
Configuration button in the Navigation Frame takes you to.
■ Agent Health. Use to view a general summary of server health.
■ Agent Process Status. Use to view background process status
errors and more information about errors that have occurred.
Statuses that are reported include the following:
❑ Schema synchronization. This process synchronizes
modifications made to schema data among all replicas in
the tree. Synchronization is necessary to maintain the
consistency of the schema information throughout the tree.

❑ Obituary processing. This process is based upon eDirectory

ID numbers rather than object names, and ensures that
name collisions do not occur during certain operations.
Obituaries are attributes applied to an object. There are
approximately 11 obituary types. For example, there is an
obituary for move, one for rename, and one for delete.
❑ External reference/DRL. This process ensures that each
external reference is accurate. For example, in SMS,
pointers point to an eDirectory object not found locally on
the server.
External references are place holders in eDirectory that
contain information about entries the server does not hold.
For example, when a user browses the eDirectory tree and
requests information about an entry that is not stored
locally, eDirectory creates an external reference to the
entry.
❑ Limber. This process ensures that all server information
(such as IP address, server name, and external references)
is correct.
❑ Repair. This process removes a corrupted database and
regenerates it based on the contents of the replication
database on its master or replica server.
■ Agent Activity. Use to determine traffic patterns and potential
system bottlenecks, and to view requests being handled by
eDirectory.
In addition, you can see which request is attempting to obtain
DIB locks to write to the database, and how many of those
requests are waiting to obtain a DIB lock.
■ Error Index. Use to view information about errors found on
servers. Each error is linked to a description that contains an
explanation, possible cause, and troubleshooting actions.

How to Customize the iMonitor Configuration
iMonitor's default behavior is sufficient in most environments, but a

configuration file is provided to give you flexibility and control.
The iMonitor configuration file is NDSIMON.INI and is in

SYS:\SYSTEM. This is a text file with parameter tags and
pre-configured values.
In NDSIMON.INI, 2 groups of parameters can be set: those that

apply to how the iMonitor executable runs; and those that apply to
specific features or pages.
All parameters in NDSIMON.INI are commented out. As a result,

iMonitor uses all internally bound default values for the parameters
unless otherwise configured in NDSIMON.INI. Figure 8-2 shows
the default NDSIMON.INI file.
Figure 8-2
To enable and customize a parameter, change the appropriate line

and omit the # character from the beginning of the line.

For example, iMonitor does not require the user to establish a public
identity. By using a browser to access an instance of iMonitor, you
can see whatever public is configured to see in your eDirectory
environment.
To restrict access to iMonitor, edit the LockMask setting in

NDSIMON.INI to require an Authenticated User (setting 1) or
Supervisor (setting 2). (Remember: remove # to enable the setting.)
Objective 2 Use iMonitor to Diagnose and Repair

eDirectory Problems
iMonitor is an invaluable tool for you to monitor and maintain the
health of eDirectory.
There are a number of server-based tools that you can run

independently to gather information regarding the health of
eDirectory, but iMonitor enables you to gather that same
information from one location.
You use the following iMonitor links to identify problems with your
system:
■ Agent Health
■ Agent Configuration
■ Agent Synchronization
■ Trace Configuration

Agent Health
Use this link to view health information about the specified DS

agent and the partitions and replica rings it participates in.
To access agent health information, select the Agent Health link.

The following dialog appears:
Figure 8-3
From the initial Agent Health dialog, you can obtain information
regarding the following:
■ Health Check: Agent
■ Health Check: Partition
■ Health Check: Ring

Health Check: Agent
To obtain additional information regarding the agent, select the

Agent link. The following appears:
Figure 8-4
Here’s an explanation of the screen:

■ One Successful Time Sync. If the agent has never successfully
synchronized, no data appears. Otherwise, the result is always
displayed as green, indicating success.
When problems are suspect, the Results button displays yellow
indicating a potential problem. A red button indicates a severe
problem might exist.
■ Time Delta Tolerance. You can view the difference in time
between iMonitor and the remote server in seconds.
A negative integer in the Current column indicates that
iMonitor's time is ahead of the server's time; a positive integer
indicates that iMonitor's time is slower than the server.
❑ If the time difference is less than 5 seconds; no warning is
displayed.

❑ If the time difference is 5 - 10 seconds off; a caution is

displayed.
❑ If the time is off by more than 10 seconds; a warning is
displayed.
■ DS Loaded. Reports whether the directory is loaded.
■ DS Open. Reports the state of the directory:
❑ Initial: The agent is attempting to open the database and
initialize itself.
❑ Open: The agent has the database open and is accepting
requests.
❑ Closed: The agent has the database closed and no requests
can be accepted.
❑ DB_Corrupted: The agent attempted to open the database
but failed. The database might need to be repaired.
❑ Could_Not_Open: The agent could not or was requested
not to open the database on the loading of the directory.
❑ Rehashing: The agent is recalculating indexes for
improved performance. This is a temporary state and is not
used in NDS 8.x.
To return to the Agent Health screen, select Back from your

browser.

Health Check: Partition
To check the status of your partitions select the

Partition/Replication link. The following dialog appears:
Figure 8-5
The Partition/Replication link provides detailed object information

for each partition being stored on the server.
From the Health Check: Partition section, you can select Replica
Synchronization to display the replica status for each replica in the
ring.
The description option provides general information, such as replica

counts, for the ring.
The results field is a summary and status of the ring and replica
checks. For fault tolerance, you should replicate partitions to 3
servers.
When you have fewer than 3 replicas, the results button displays
yellow, indicating that there might be a potential problem with the
partition or replication.
For example, if the max send delta is greater than 4 hours, or if there
are fewer than 3 readable replicas, a warning is displayed under
Results.

Health Check: Ring
The following information is available when viewing Health Check:

Ring.
■ Replica Number. Reports whether the replica number is
unique and valid.
■ Master Replica. Reports whether there is only one master
replica.
■ Readable Replica Count. Reports whether the number of
readable replicas falls within an acceptable range. You should
have at least 3 readable replicas to ensure data integrity.
■ Sub-Reference Count. This number is informational only. The
only way to change this count is in the tree design and
placement of parent replicas.
■ Total Replica Count. This is the sum of all replicas.
■ Replica. Provides more information about all replicas in the
ring. If a replica is not On, a partitioning operation might be in
process. A warning is displayed if the operation state hasn't
changed within 4 hours.
x The state of the replica is server-based. This means that the state of a
server’s replica can be different on different servers.
Replica States
A key piece of information is the replica state. An eDirectory replica

can be in different states depending on the partition or replication
operations it is undergoing.
The different partition operations stem from adding or removing a

replica, creating a partition, or merging an existing partition back
with its parent.

The transition state of replicas falls into these categories:
Table 8-2 State Description
On This state occurs when the replica is not undergoing

any partition or replication operations.
New Replica This is the state a replica is put into when it begins
the operation of adding itself to the replica list.
The server receiving the new replica establishes
communication with the server holding the master
replica. The new replica is assigned a replica
timestamp and is set to a state of New Replica.
Dying Replica When you remove a replica, the replica being deleted
is designated as Dying.
Locked Certain partition operations need replicas to be

locked so that only one change on that partition
occurs at a time (such as in Move State 0). In this
case, the replica state is changed to Locked.
Change This state means that the replica is being changed to

Replica Type a different type of replica.
For example, if you change a master replica to a
read/write replica, the master replica is designated
with the Change Replica Type state.
Split This state occurs when the replica is in the midst of a

partition split operation (the creation of a child
partition).
Join This is the state when 2 partitions are combined

(joined) into one.
Move This means that the replica is in the midst of a

partition move operation.
Begin Add This state occurs while subordinate reference

replicas are being added to a server, but before it
starts to receive the read/write replica.

Agent Configuration
Another area where problems can be identified in iMonitor is the

agent configuration link.
From the Agent Configuration page you can control and configure
the DS agent.
The functionality available on the Agent Configuration page

depends on the rights of the current identity and the version of
eDirectory you are looking at.
The following shows the Agent Configuration dialog:
Figure 8-6

The initial dialog displays the connection information for your

server. Key components to check include the following:
■ NDS Build Number. This number represents the version of
DS.NLM for eDirectory. Each update of eDirectory fixes
problems and can contain new features and capabilities.
If the version on the server is outdated, download the latest
software patch from http://support.novell.com.
■ Time Synchronized. Always check time synchronization to
make sure that object and property updates have been
synchronized in the correct order.
From the Assistance Frame, the following links are available:

■ Partitions. Use to view the replicas on the server you are
communicating with.
■ Replication Filters. Use to view the replication filters
configured.
■ Agent Triggers. Use to initiate certain background processes.
■ Background Process Settings. Use to modify the interval at
which certain background processes run.
■ Agent Synchronization. Use to disable or enable inbound or
outbound synchronization. You can specify in hours the amount
of time you want synchronization disabled.
■ Database Cache. Use to configure the amount of database
cache used by the DS database engine.
■ Login Settings. Use to disable the queuing of login updates.
You can also increase or decrease the amount of time between
updates if updates are enabled.

Agent Synchronization
This link identifies the synchronization status of your partitions. You

can filter the information by selecting from the options listed in the
Assistant frame on the left side of the page.
The following shows the Agent Synchronization dialog:
Figure 8-7
Using the information in the Partition Synchronization Status

portion on the screen, you can identify the partition, number of
errors, last successful synchronization, and maximum ring delta.
The following identifies the information available with Agent

Synchronization:
■ Partition. Lists the partition type and links to object
information for the partition.
■ Errors. Lists the number of replicas with errors since the last
synchronization.
■ Last Successful Sync. Lists the amount of time since all
replicas of an individual partition were successfully able to
synchronize from this server.

■ Maximum Ring Delta. Lists the amount of data that might not
be successfully synchronized to all replicas in the ring.
For example, if a user changes their login script within the past
30 minutes, and the maximum ring delta has a 45-minute
allocation, the user's log in might not be successfully
synchronized.
They might receive their previous login script if they log in
before the allocation timeframe.
If Unknown is listed, the transitive synchronized vector is
inconsistent.
The maximum ring delta cannot be calculated because of a
problem, such as replica/partition operations in progress.
■ Replica's Perishable Data Delta. Lists the amount of data on
the partition that has not been replicated yet and which would
be lost if the server went down immediately.
Trace Configuration
Define TRACE as how eDirectory This is a server-centric feature; in other words, this feature is only
gets synchronized in real time. available on the local server where iMonitor is running. If you need
to access this feature on another server, you must switch to the
iMonitor running on that server.
You must be the equivalent of Administrator of the server or a

console operator on the server where you are trying to access DS
Trace.
For this reason, you must first enter your username and password so
your credentials can be verified before you can access information
on this page.

The following displays the Trace Configuration dialog:
Figure 8-8
Trace Configuration includes the following:

■ DS Trace Options
■ Trace Line Prefixes
■ Trace History
■ Perform a Trace
■ Trace Triggers
DS Trace Options
DS Trace options apply to the events on the local DS agent where

the trace is initiated. These options show errors, potential problems,
and other information about eDirectory on your local server.
Turning on DS Trace options can increase CPU use and might

reduce your system’s performance; therefore, Trace Configuration
should be used for diagnostic purposes.

Trace Line Prefixes
Trace Line prefixes are displayed The trace line prefixes let you choose which pieces of data are
when you preform a trace. Tell added to the beginning of any trace line. All trace line prefixes are
students you will point out the selected by default.
prefixes in a few minutes.
Prefixes include
■ Time Stamp. Shows the time of day the trace line was
generated.
■ Thread ID. Shows which eDirectory agent thread generated the
trace line.
■ Option Tag. Shows the tag string that identifies the trace
option that generated the event on each line output by trace.
Trace History
Trace history displays a list of trace runs. A trace run is any

sequence where you start and stop a trace. Each trace run log is
identified by the period of time during which the trace data was
being gathered.
Selecting the trace detail icon opens the trace data generated for the
specified item.
The trace data pages are linked so that any distinguished name is
linked to the object's Browse page, error codes are linked to error
information pages, addresses are linked to the Agent Information
page, and schema names are linked to the Schema page.
The information you see depends on the trace options you select.
When the trace feature is enabled, you see a trace file in the History
table listed as Current. Selecting the current trace file detail icon
takes you to the current trace data being generated (called the Live
Trace page).

■ Submit. Lets you submit changes to trace options and trace line
prefixes. If DS Trace is off, click Submit to turn it on. If DS
Trace is on, click Submit to submit changes to the current trace.
■ Trace On/Off. Let you turn Trace on or off. The button
changes based on the current DS Trace state.
Clicking the button turns DS Trace off and vice versa. When DS
Trace is off, clicking the Trace On button is equivalent to
selecting Submit.
Perform a Trace
To perform a trace, complete the following:

1. Select some DS Trace Options.
For a detailed list of DS Trace Options and descriptions, select
Help from the Navigation bar.
2. Select Trace On.
3. (Optional) To alter your trace options while the trace is being
performed, select the options and select Submit.
4. From Trace History, view the Current trace process by selecting
the details icon.
A screen similar to the following appears:
Figure 8-9

The Live Trace dialog displays the processes you’ve requested.
Point out the time stamp, the You can select any link to provide details regarding the selected
thread ID, and the option tag at the item.
beginning of each line of
information in the trace. In the previous figure, an error was generated. By selecting that
link, the Errors Index appears, enabling you to identify possible
Remind students that these are causes and solutions for the error.
the Trace Line Prefixes discussed
From this dialog, you can also update the contents displayed on
earlier.
your screen by configuring the refresh options.
5. Close the Live trace dialog by selecting Trace Configuration.
6. From the Assistant Frame, select the Trace Triggers link.
The following dialog appears:
Figure 8-10
Trace Triggers
This shows the Trace flags that must be set to display the specified
DS agent information in DS Trace.
These triggers might write large quantities of information to DS

Trace. Generally, you should enable these triggers only when
instructed by Novell Technical Support.

Objective 3 Repair eDirectory Using iMonitor

When problems are found with eDirectory, iMonitor Repair allows
you to view problems, back up, or clean your DIB sets.
To use Repair, you need to know the following:

■ Repair Parameters
■ Advanced Repair Options
■ Schedule Report
You must be the equivalent of Administrator of the server or a

console operator on the server where you are trying to access the
DS Repair page.
For this reason, you must first log in so your credentials can be
verified to access information on this page.
From the iMonitor Navigation Frame, select the Repair (wrench)

icon. A screen similar to the following appears:
Figure 8-11

The options on this page are determined by the selections you make
prior to accessing this page.
For example, if you browse a Partition object and select Repair, the
Replica Repair option is shown.
If you browse a nonpartition object before clicking Repair, Single

Object Repair is presented as an option instead.
Repair Parameters
Use the Repair parameters to fix problems, check for problems, or

create a backup of your database. Options:
■ Repair Replica. (Conditional) Use to repair a replica. This
option is available when a replica is selected.
■ Repair single object. (Conditional) Use to resolve all
inconsistencies in the object. This option is available when an
object is selected.
■ Repair Local DIB. Use to correct or repair inconsistencies in
the eDirectory database, to check partition and replica
information, and to make changes when necessary.
■ Run in Unattended Mode. Use to automatically perform repair
operations on the eDirectory database.
■ Create DIB Archive. Use to create a copy of the eDirectory
database for troubleshooting.
■ Disable Reference Checking. Use to turn off the check for
external reference objects on the server to locate a replica
containing that object.
When you run Repair available files are listed under Download on
the Assistant frame.
In addition, a log file called DSREPAIR.HTM is created. Selecting

the link to this file opens it in the browser.

Additional files can also be available from this area.
Also available on the Assistant frame is the option to Delete Old

DIB Set. Use this option when you want to delete a DIB set that is
no longer needed.
Select the red X to delete an old DIB set.
This option is available only if there are archived DIBs.
x This action is irreversible. When you select this option, the old DIB set is
purged from the file system.
Advanced Repair Options
To obtain additional repair options, select Advanced Options.
A screen similar to the following appears:
Figure 8-12

Here’s an explanation of the advanced Repair options:
Obituaries are defined on the next ■ Report Move Obits. Use to remove the Obituary attribute from
page. objects in the database.
Obituaries are attributes applied to an object. There are
approximately 11 obituary types. For example, there is an
obituary for move, one for rename, and one for delete.
The Obituary attribute remains on the object until the process is
replicated.
■ Repair Network Address. Use to repair the servers network
address in replica rings and server objects in the database.
■ Repair Volume Object. Use to check all mounted volumes on
the server for valid volume objects and trustees on the volumes.
■ Repair Volume Object and Do Trustee Check. Use to check
all mounted volumes on the server for valid volume objects and
trustees on the volumes.
■ Support Options. Use when troubleshooting with Novell
Technical Support.
Schedule Report
Use to schedule a repair at specified intervals. Novell does not

recommend scheduling regular repairs unless your organization has
a policy requiring them. The schedule report option is available
when you select Advanced Options.
x When you run REPAIR from a server, it affects only parts of the database
stored on the server. To fix the entire database, you must run the utility on
each server that contains the replicas of the partitions that are affected.

Exercise 8-1 Perform a Health Check Using iMonitor
a 15 minutes As the system administrator for Digital Airlines, you want to

perform preventative measures to ensure that eDirectory is properly
maintained and functioning.
In this exercise, you complete the following:

■ Part I: Verify the eDirectory Build Number and Time
Synchronization
■ Part II: Verify Inbound and Outbound Synchronization
■ Part III: Verify Replica Synchronization and Current State
■ Part IV: Run an Unattended Repair on the Local Database
Part I: Verify the eDirectory Build Number and Time

Synchronization
To verify the build number for eDirectory and determine if time is

synchronized, complete the following:
1. From your workstation, launch the browser.
2. In the Address field, enter http://your server’s IP
address:8008/nds-summary.
Entering “nds-summary” eliminates a number of navigational
steps.
3. Authenticate to the eDirectory tree by entering the login name as
admin.slc.digitialair and the password as novell in the Login
dialog.
4. In the left frame, select the Agent Configuration option and
record the following:
❑ Server name and context:
❑ Server TCP/IP Address:
❑ NDS Build Number:

❑ Current Time:
❑ Time Synchronized:
x Remain in iMonitor for the duration of this exercise.
Part II: Verify Inbound and Outbound Synchronization
To ensure eDirectory information, complete the following:

1. Select Trace Configuration.
2. Select Help and record the options for verifying inbound and
outbound synchronization.
3. Select the Back button to close Help.

4. Verify that the Trace Line Prefixes are selected.
This helps you identify the information provided when
performing a trace.
5. Select the Trace On button to begin the Trace.
6. Write the time you began the trace to help identify the Live Trace
file in Trace History.
7. Open the Live Trace file by selecting the View icon next to the
creation time on the file.

8. What do you look for in the Trace file to confirm

synchronization?
Part III: Verify Replica Synchronization and Current State
Answer the following:

1. What iMonitor links can you access to verify Replica
information? (List 2.)
❑
2. What does the Yellow button indicate in the Agent Health

Partitions dialog?
3. Why does this button appear yellow on your classroom server?
4. What is the difference between a New Replica State and the On

Replica State?

Part IV: Run an Unattended Repair on the Local Database
Complete the following to run repair on the eDirectory database on

your server.
1. From iMonitor, select Repair (wrench).
2. Select Repair Local DIB.
3. Select Advanced Options.
4. Select Repair Volume Objects and Do Trustee Check.
5. Select Start Repair.
The Repair in Process dialog displays. When the repair is
complete, the Repair dialog appears.
6. From the left pane, open the DSREPAIR.HTM log file to view
the results. (You might need to refresh the screen to see this
option.)
(End of Exercise)
Objective 4 Maintain and Optimize eDirectory Using

Cache Options
After eDirectory is installed, you need to regularly maintain and
optimize your network.
The most significant component that affects eDirectory performance

is the cache. To configure the cache properly, you need to know the
following:
■ What Block and Entry Caches Are in eDirectory 8.6
■ How to Distribute Memory between Block and Entry Caches
■ How to Use the Default Cache Settings
■ How to Configure Cache Limits Using iMonitor

What Block and Entry Caches Are in eDirectory 8.6
Caching stores eDirectory information from the hard disk to

memory providing faster subsequent access.
A block cache in eDirectory stores only physical blocks from the

hard disk without any ordering or organization of the information
contained in the block.
An entry cache, a new feature in eDirectory 8.6, caches the logical

Directory entries and structure of the eDirectory database.
By caching the logical structure of containers and objects,

eDirectory can use this cache to quickly find and retrieve entries in
memory from the block cache.
In other words, the entry cache provides a map to the data in the
block cache. Although there is some redundancy between the
caches, each cache type boosts performance for different operations.
x In earlier versions of eDirectory (such as NDS), you could specify a block

cache limit to regulate the amount of memory that eDirectory used for the
cache. The default was 8 MB RAM for block cache.
With eDirectory 8.6, you can specify a block cache limit and an entry cache
limit.
The following are advantages of block and entry cache:

■ Block cache is most useful for update operations. Entry cache is
most useful for operations that browse the eDirectory tree by
reading through entries, such as name resolution, which is the
process eDirectory uses to find an object's location in the tree.
■ Both block and entry caches are useful in improving query
performance. Block cache speeds up index searching. Entry
cache speeds up the retrieval of entries referenced from an
index.

■ Earlier versions of eDirectory created multiple versions of

blocks and entries in its cache for transaction integrity
purposes. eDirectory did not remove these blocks and entries
from cache when they were no longer needed.
In eDirectory 8.6, a background process periodically browses
the cache and cleans out older versions. This helps minimize
cache memory consumption. The default browsing interval is
15 seconds.
How to Distribute Memory between Block and Entry

Caches
The total available memory for caching is shared between caches.

The default is an equal division.
Therefore, to maintain the amount of block cache available in

earlier versions of eDirectory, you need to double the total cache
size for eDirectory 8.6.
For example, if you use cache to boost LDIF-import performance,

you can either double the total cache size or change the default
cache settings.
x LDIF is a widely used file format that describes directory information or

modification operations that can be performed on a Directory.
The more blocks and entries that can be cached, the better the
overall performance. The ideal is to cache the entire database in
both the entry and block caches, although this might not be possible
for extremely large trees.
Generally, try to get a 1:1 ratio of block cache to eDirectory

database size. For entry cache, try to get a 1:2 or 1:4 ratio. For the
best performance, do not go lower than these ratios.

How to Use the Default Cache Settings
eDirectory 8.6 provides 2 default cache settings for controlling

cache memory consumption:
■ Dynamically Adjusting Limit
■ Fixed Memory Limit
You can use either setting, but you cannot use both at the same time
because they are mutually exclusive. The last method used always
replaces the prior setting.
The default memory requirements for eDirectory 8.6 are as follows:

■ If the server you are installing into the tree does not have a
replica, the default fixed memory limit is 16 MB: 8 MB for
block cache and 8 MB for entry cache.
■ If the server contains a replica, the default memory is a
dynamically adjusting limit of 51% of available server memory,
with a minimum threshold of 8 MB per cache and a maximum
threshold of keeping 24 MB server memory available for other
processes.
Dynamically Adjusting Limit
The dynamically adjusting limit causes eDirectory to periodically

adjust its memory consumption in response to the variations in the
memory consumption by other processes.
You specify the limit as a percentage of available physical memory.

Using this percentage, eDirectory recalculates a new memory limit
at fixed intervals. The new memory limit is the percentage of
physical memory available at the time.
Along with the percentage, you can set a maximum and minimum
threshold. The threshold is the number of bytes that eDirectory will
adjust to.

It can be set as either the number of bytes to use or the number of

bytes to leave available. The minimum threshold default is 16 MB
(8 MB for entry cache; 8 MB for block cache). The maximum
threshold default is 4 GB.
If the minimum and maximum threshold limits are not compatible,

the minimum threshold limit is followed.
With the dynamically adjusting limit, you also specify the interval
length. The default is 15 seconds.
The shorter the interval, the more the memory consumption is based
on current conditions. However, shorter intervals are not necessarily
better because the recalculation requires more CPU overhead.
Fixed Memory Limit
The fixed memory limit is the method that earlier versions of

eDirectory use to regulate memory consumption. You set a fixed
memory limit in one of the following ways:
■ Fixed number of bytes. This is a set number of bytes assigned
to the memory limit.
■ Percentage of physical memory. This is the percentage of
physical memory at which the interval becomes a fixed number
of bytes.
■ Percentage of available physical memory. This is the
percentage of available physical memory at which the interval
becomes a fixed number of bytes.

How to Configure Cache Limits Using iMonitor
You can view and modify the eDirectory cache using iMonitor.
The changes made in iMonitor are dynamic and take effect

immediately.
To configure the cache settings using iMonitor, do the following:

1. In the ConsoleOne window, browse to the server object you want
to change or monitor the cache settings for.
2. Right-click the server object and select Launch iMonitor.
3. Authenticate as the admin of the server object.
4. Select the Agent Configuration link on the left frame of the
screen.
5. Under the Settings subsection, select the Database Cache link.
Notice that you can set a hard limit and you can adjust the
percentages for block cache. You can also adjust the cache
adjust intervals and the cache cleanup intervals.

Exercise 8-2 Test Your Understanding

1. A ____________ cache stores only physical blocks from the hard
disk without maintaining the ordering or organization of the
information stored in the block.
2. The ___________cache caches the logical structure of the
eDirectory database.
3. Identify the default cache settings available in eDirectory for
controlling cache memory consumption. (Choose 2.)
a. Dynamically Adjusting Limit
b. Statically Adjusting Limit
c. Fixed Memory Limit
d. Varying Memory Limit
(End of Exercise)

Summary
Objective Summary
1. Identify What iMonitor Is ■ iMonitor is a browser-based utility that lets

and How to Use It you monitor eDirectory servers.
■ iMonitor primarily focuses on the health of
eDirectory agents.
2. Use iMonitor to ■ Agent Health views information about the

Diagnose and Repair specified DS agent and the partitions and
eDirectory Problems replica rings it participates in.
■ Agent Configuration enables you to
control and configure the DS agent.
■ Agent Synchronization identifies the
synchronization status of your partitions.
■ Trace Configuration enables you to track
server processes.
3. Repair eDirectory Using ■ The eDirectory database is sometimes

iMonitor called a DIB (Directory Information Base)
set.
■ When problems are found, you can use
the iMonitor Repair option to view
problems, back up, or clean your DIB
sets.
4. Maintain and Optimize You can configure cache options to

eDirectory Using Cache optimize eDirectory.
Options

Exercise Answers
The following are answers to section exercises.
Exercise 8-1. Perform a Health Check Using iMonitor
Part I: Verify the eDirectory Build Number and Time

Synchronization
4. In the left frame, select the Agent Configuration option and

record the following:
❑ Server name and context: DAx.slc.digitalair
❑ Server TCP/IP Address: Answers depend on classroom
configuration. If the default configuration is used, the IP
address is 192.168.x.1
❑ NDS Build Number. At the time the course shipped, the
build number is 1031017.
❑ Current Time. Answers vary.
❑ Time Synchronized True.
Part II: Verify Inbound and Outbound Synchronization
2. Select Help and record the options for verifying inbound and
outbound synchronization.
❑ DS Agent
❑ Inbound Synchronization
❑ Outbound Synchronization
8. What do you look for in the Trace file to confirm

synchronization?
Synchronization = Yes

Part III: Verify Replica Synchronization and Current State
1. What iMonitor links can you access to verify Replica

information? (List 2)
❑ Agent Health
❑ Agent Synchronization
2. What does the Yellow button indicate an the Agent Health

Partitions dialog.
It indicates that a problem is suspect.
3. Why does this button appear yellow on your classroom server?

The partition isn’t replicated to 3 servers.
4. What is the difference between a New Replica State and the On

Replica State?
This is the state a replica is put into when it begins the
operation of adding itself to the replica list.
Exercise 8-2. Test Your Understanding
1. A ____________ cache stores only physical blocks from the hard

disk without maintaining the ordering or organization of the
information stored in the block.
a. block
2. The ___________cache caches the logical structure of the
eDirectory database.
a. entry
3. Identify the default cache settings available in eDirectory for
controlling cache memory consumption. (Choose 2.)
a) Dynamically Adjusting Limit
c) Fixed Memory Limit

Novell Network Management / Instructor Guide Manage eDirectory Upgrades, Resource Redirections, and Schema Extensions
SECTION 9 Manage eDirectory Upgrades,

Resource Redirections, and Schema
Extensions
Duration: 2 hours In this section you learn to perform eDirectory upgrade tasks, to do
object management tasks, and to handle schema extensions.
Objectives
1. Prepare for Upgrading to eDirectory 8.6
2. Use the eDirectory Import/Export Wizard to Manage LDIF Files
3. Redirect Resources in the Tree
4. Extend the eDirectory Schema
Objective 1 Prepare for Upgrading to eDirectory 8.6

With NetWare 6, eDirectory 8.6 is installed by default. If you are
installing NetWare 6 into an existing network that is running an
older version of eDirectory, you must complete the following to
prepare the network for an eDirectory upgrade:
■ Apply the Latest Support Packs
■ Update the eDirectory Schema
■ Install or Upgrade Novell Certificate Server
■ Perform an eDirectory Health Check

Apply the Latest Support Packs
Prior to integrating eDirectory 8.6 into your network, you should

install the latest NetWare Support Packs on existing NetWare
servers. Updates are available at http://support.novell.com.
Update the eDirectory Schema
Prior to installing eDirectory 8.6 in your network, you must update

your network’s eDirectory schema using NetWare Deployment
Manager, found at the root of the NetWare 6 installation CD.
This program guides you through the steps to make sure the version
of eDirectory on your servers is updated to the latest revision level.
You only complete this procedure once.
b For more about using Deployment Manager, see Section 14.
Install or Upgrade Novell Certificate Server
Novell Certificate Server is either installed or upgraded when you

upgrade to eDirectory 8.6.
Novell Certificate Server is a PKI service that is integrated with

NetWare. The NetWare installation uses Novell Certificate Server to
create an organizational CA object and to issue certificates for
applications that use SSL services.
Products that rely on Novell Certificate Server for security include

eDirectory, LDAP Services, web servers, and NetWare Remote
Manager.

Before upgrading to eDirectory 8.6 you need to understand

■ How Novell Certificate Server Gets Installed
■ How Novell Certificate Server Gets Upgraded
How Novell Certificate Server Gets Installed
If there is no organizational CA in your tree Certificate Server is

installed by default when eDirectory is upgraded or installed.
When you upgrade to eDirectory 8.6, the eDirectory installation

creates an organizational CA on the first server you upgrade because
eDirectory cannot function without it.
The first server installed in the tree creates and stores the Security
container object and organizational CA object for the entire tree.
Both objects are created, and must remain, at the top of the tree.
Only one organizational CA object can exist in an eDirectory tree.
When subsequent eDirectory servers are installed on the network,

the installation finds and references the eDirectory server that holds
the organizational CA object.
After the organizational CA object is created, it should not be

moved to another server. Deleting and re-creating an organizational
CA object invalidates any certificates associated with the
organizational CA.
b For a method to move the CA to another server, see TID 10060118 and TID
10056795.
x Make sure the first eDirectory server is the server you intend to permanently
host the organizational CA object and that the server is reliable and
accessible.

How Novell Certificate Server Gets Upgraded
If there is an organizational CA in your tree make sure the server

that is hosting the organizational CA is running Novell Certificate
Server 2.0 or later before upgrading to eDirectory 8.6.
Certificate Server 1.x is not If your organizational CA is running Certificate Server 1.x, you
compatible with Certificate Server must upgrade eDirectory on the server hosting the organizational
2.0 or later. CA before upgrading eDirectory on any other servers in your tree.
To check the version of Certificate Server that is running on your

organizational CA server, do the following:
1. Identify the server that is acting as the organizational CA:
a. Using ConsoleOne, browse to your tree’s Security
container.
b. Double-click the Organizational CA.
c. Select the Other tab.
The server acting as the CA shows in the Host Server field.
2. On the server acting as the CA, check the version of Novell
Certificate Server:
a. From the server console, enter NWCONFIG.
b. Select Product Options.
c. Select View/Configure/Remove Installed Products.
d. Look for the PKIS entry (PKIS is the NLM that loads Novell
Certificate Server).
If PKIS is not version 2.0 or later, you must upgrade the CA server
first before installing or upgrading NetWare 6 or eDirectory 8.6 on
any other servers in your tree.
Upgrading to NetWare 6 or eDirectory 8.6 upgrades the CA server

to the latest version of Certificate Server.
If PKIS is 2.0 or later, it doesn’t matter which server you upgrade

first. Just be sure you upgrade the CA server at some point.

Perform an eDirectory Health Check
After installing eDirectory 8.6, perform a health check on each

server. Regular health checks keep your Directory running and
make upgrades and troubleshooting easier.
A frequent mistake made by those who implement eDirectory 8.6 is

that they don’t perform a health check to verify that eDirectory is
operating properly.
b This subsection is a brief review of performing an eDirectory health check.

For details, see Course 991, Advanced NDS Tools and Diagnostics.
To perform a health check, you need to know the following:

■ Health Check Items
■ Health Check Procedure
Health Check Items
A complete health check includes checking the following:

■ eDirectory Revision. If your version (or revision level) of
eDirectory is outdated, download the latest software patch from
http://support.novell.com.
■ Time Synchronization. Time stamps are assigned to each
eDirectory object and property. They ensure the correct order
for object and property updates.
Using time stamps, eDirectory determines which replicas need
to be synchronized. For synchronization to happen properly, all
eDirectory servers must maintain accurate time.
■ Partition Continuity. Partition continuity ensures that all
replicas for a partition can be updated with directory changes.

■ Background Processes. eDirectory changes are replicated in

background processes.
■ NDS SET Parameters.
Health Check Procedure
When performing this procedure, note the following:

■ Perform the last step after business hours and only when errors
occur during the previous steps.
■ For very large trees and for a large number of partitions, you
must still perform all steps for every server.
For an abbreviated version, perform all steps on the server
holding the master replica for each partition, starting with the
master replica server for the Tree partition and working down
the tree.
To perform the health check procedure, do the following:

1. In DSREPAIR, select Time Synchronization to view time
synchronization and check the version of DS.NLM.
For every version of NetWare, the version of DS.NLM should
be the same. Selecting Time Synchronization displays the
version for each server known to the server you are using.
2. Display server-to-server synchronization from the server
console:
a. Enter SET DSTRACE=ON.
This activates the trace screen for eDirectory transactions.
b. Enter SET DSTRACE=+S.
This lets you view the synchronization of objects.
c. Enter SET DSTRACE=*H.
This initiates synchronization between servers.

d. View the Directory Services trace by pressing Ctrl + Esc and

selecting Directory Services from the Current Screens list.
If there are no errors, a line displays All Processed=Yes.
This message appears for each partition on this server.
A server must have a replica to display eDirectory trace
information (except for the schema). The schema still
replicates to all servers in the tree.
For several replicas, set the trace to SYS:SYSTEM
/DSTRACE.DBG to see information (SET TTF=ON).
3. Use DSREPAIR to perform the following:
a. View replica synchronization by selecting Report
Synchronization Status.
A server must have a replica for this operation to display
replica synchronization status.
b. Check external references by selecting Advanced Options
Menu > Check External References.
This shows external references, obituaries, and the states of
all servers in the backlink list for the obituaries.
An example of an obituary is an object that is deleted from
the tree and is waiting for all servers holding a copy of the
object to be notified before it can be purged.
c. Check the replica state by selecting Advanced Options
Menu > Replica and Partition Operations.
Verify that the replica state is On.
d. Check the replica ring by selecting Advanced Options
Menu > Replica and Partition Operations > Partition >
View Replica Ring.
Verify that the servers holding replicas of that partition are
On and correct.
To find replica ring mismatches, perform this part on
servers holding master replicas of each partition and on one
server that holds a read/write replica of each partition.

4. Check the schema by doing the following from the server

console:
a. Enter
SET DSTRACE=ON (activates the trace screen for
eDirectory transactions)
SET DSTRACE=+SCHEMA (displays schema
information)
SET DSTRACE=*SS (initiates schema synchronization)
b. View the Directory Services trace screen by pressing Ctrl +
Esc and selecting Directory Services from the Current
Screens list.
c. Check for the following message: All Processed = YES.
A server must have a replica to display any Directory
Services trace information.
5. (Conditional) If you find errors in your database during the
previous steps, repair the local database.
x You might want to perform this task after hours. It locks the database.
a. In DSREPAIR, select Advanced Options Menu > Repair

Local DS Database.
b. On the Check Local References and Rebuild Operational
Schema lines, enter Yes. (You can leave all other options on
this page marked No.)
c. Press F10 to begin the repair.
Repairing the local database locks eDirectory. DSREPAIR
displays a message stating that authentication cannot occur
with this server when the eDirectory database is locked.
d. Select Yes to proceed with the repair.
e. When the repair is complete, exit DSREPAIR.

6. Now that you’ve completed the health check, enter the following
commands to turn off DSTRACE:
SET DSTRACE=nodebug (erases DSTRACE SET
commands)
SET DSTRACE=+min (sets DSTRACE to minimum settings)
SET DSTRACE=off (turns off the DSTRACE screen)
If left running, DSTRACE uses server resources that can slow
the processing of critical procedures.
Exercise 9-1 Verify that eDirectory is Functioning Properly after an

Upgrade
a 20 minutes You have recently updated eDirectory on your server while

performing a NetWare 5 to NetWare 6 server upgrade.
You must now perform health check tasks to assure that eDirectory
is functioning properly after the upgrade.
Do the following:
1. Display server-to-server synchronization:
a. At your server console, enter the following:
SET DSTRACE=ON
SET DSTRACE=+S
SET DSTRACE=*H
b. Press Ctrl + Esc and select Directory Services from the
Current Screens list.
If there are errors, try entering the SET DSTRACE=+S and
SET DSTRACE=*H commands again (to issue the
heartbeats one more time).
c. Check for the following message:
All Processed = YES

2. Check the schema:

a. At the server console, enter the following:
SET DSTRACE=+SCHEMA
SET DSTRACE=*SS
b. Press Ctrl + Esc and select Directory Services from the
Current Screens list.
All Processed = YES
3. Check the version of DS.NLM and time synchronization:
a. At the server console prompt, enter DSREPAIR.
b. Select Time Synchronization.
c. Verify that the DS.NLM version is 10110.20 or later.
d. Verify that time is synchronized.
e. Press Esc.
4. Report replica synchronization:
a. In DSREPAIR, select Report Synchronization Status.
Reinforce that there isn’t much to b. Verify that the replica on this server is synchronized.
see in a single server tree, but they
c. Press Esc.
use these steps in trees with
multiple servers. 5. Check external references:
a. In DSREPAIR, select Advanced Options Menu.
b. Select Check External References.
Students who want to know how to Note the number of external references checked. You
solve problems with external should have a low number. A very high number of external
references should be referred to a references can indicate a problem and can impact server
more advanced class. performance.
c. Press Esc.

6. Check the replica state:

a. In the DSREPAIR Advanced Options menu select Replica
and Partition Operations.
b. Verify that the replica state is On; then press Esc.
7. Check the replica ring:
a. In DSREPAIR Advanced Options, select Replica and
Partition Operations > partition > View Replica Ring.
b. Verify that the server holding the replica of this partition is
correct and the state is On.
In an environment with more partitions, you perform this
step for each partition.
c. Press Esc until you are at the Available Options menu.
8. Repair the local database:
a. In the DSREPAIR Advanced Options menu, select Repair
Local DS Database.
b. On the Check Local References and Rebuild Operational
Schema lines, make sure Yes is displayed.
Leave all other options on the page at their default settings.
c. Press F10 and select Yes; then when prompted that the repair
is complete, press Enter.
d. In the View the current log file window, select No.
You might want to continue selecting Repair Local DS
Database until no errors are displayed.
e. Press Esc 3 times; then Exit DSREPAIR.
9. At the server console, turn DSTRACE off by entering the
following:
Set DSTRACE=nodebug
Set DSTRACE=+min
Set DSTRACE=off
(End of Exercise)

Objective 2 Use the eDirectory Import/Export Wizard to

Manage LDIF Files
eDirectory 8.6 includes several new utilities that let you enhance the
functionality of the directory. One of these utilities is the eDirectory
Import/Export wizard.
The wizard uses the Novell Import/Conversion Export (ICE) engine

installed with ConsoleOne to help you manage LDAP Data
Interchange Format (LDIF) files.
Before you use the wizard, you need to understand the following:
■ LDAP Basics
■ About LDIF Files
■ About ICE
■ How to Use eDirectory Import/Export Wizard
■ How to Use the LDAP Bulk Update/Replication Protocol
LDAP Basics
LDAP is an Internet communications protocol that lets client

applications access Directory information. It is based on X.500
Directory Access Protocol (DAP) but is less complex and can be
used with any Directory service that supports X.500.
LDAP Services for eDirectory is a server application that lets LDAP

clients access information stored in eDirectory. This service is
provided by NLDAP.NLM.
You can give different clients different levels of Directory access,

and you can access the Directory over a secure connection.

These mechanisms let you make some types of Directory

information available to the public, other types available to your
organization, and other types available only to specific individuals.
Remember the following about LDAP:

■ As naming separators, LDAP uses commas (,) instead of
periods.
■ LDAP names must be typeful fully distinguished names.
b The remainder of this subsection assumes that you are familiar with LDAP.
If not, see http://www.intranetjournal.com/foundation/ldap.shtml.
About LDIF Files
LDIF is a standard that defines an ASCII text file format used to

exchange data between LDAP-compliant directories.
LDAP-compliant directories use LDIF files to describe a Directory

and Directory entries in text format.
LDIF files are commonly used to initially build a Directory database

or to add large numbers of entries to a Directory at the same time.
LDIF files can also be used to make changes to existing Directory
entries.
LDIF files consist of one or more entries separated by a blank line.

Each LDIF entry consists of an optional entry ID, a required
distinguished name, one or more object classes, and multiple
attribute definitions.
The basic syntax of an LDIF file is as follows:

dn: distinguished name
changetype: type of change
objectClass: object class
attribute type:attribute value

Only the DN and at least one object class definition are required.
Attributes required by object classes you define for the entry must
also be defined. Other attributes and object classes are optional.
You can specify object classes and attributes in any order. The
following describes the LDIF fields shown in the previous
definition:
Table 9-1 Parameter Value
dn Specifies the distinguished name for the entry.
changetype Specifies valid changetype values that include add,

modify, moddn, and delete.
objectClass Specifies an object class to use with this entry. Each

object class defines the types of attributes allowed
or required for the entry.
attribute type Specifies an attribute to define for the entry.
attribute value Specifies a value to be assigned to the attribute

type.
The following sample LDIF file accomplishes 2 tasks: first, it

creates an organization object named Users; second, it creates a user
named amousis in the Users container:
dn: o=Users
changetype: add
o: Users
objectClass: organization
objectClass: ndsLoginProperties
objectClass: ndsContainerLoginProperties
objectClass: top
ACL: 2#entry#o=Users#loginScript
ACL: 2#entry#o=Users#printJobConfiguration

dn: cn=amousis,o=Users
changetype: add
uid: amousis
otherGUID:: bsaWkLmDlk+Sdcy8z17PpA==
givenName: Alex
fullName: c
Language: ENGLISH
title: Career Planning Administrator
sn: Mousis
ou: Users
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: ndsLoginProperties
objectClass: top
l: Hong Kong
cn: amousis
ACL: 2#subtree#cn=amousis,o=Users#[All Attributes
Rights]
ACL: 6#entry#cn=amousis,o=Users#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=amousis,o=Users#printJobConfiguration
ACL: 2#entry#[Root]#networkAddress
About ICE
ICE is an import/export engine that manages a collection of

handlers that read or write data in a variety of formats. Source
handlers read data; destination handlers write data. A single
executable module can be both a source and a destination handler.
ICE replaces BULKLOAD and UIMPORT, included with previous

versions of eDirectory.
ICE receives data from a source handler, processes the data, and
then passes the data to a destination handler.
For example, to import LDIF data into an LDAP Directory, ICE

uses an LDIF source handler to read an LDIF file and an LDAP
destination handler to send the data to the LDAP Directory server.

You can access ICE in either of the following ways:

■ Use the eDirectory Import/Export wizard
■ Use the command-line interface
The command-line interface gives you more options for combining

source and destination handlers (see http://www.novell.com
/documentation/lg/ndsedir86/index.html).
How to Use eDirectory Import/Export Wizard
The Import/Export Wizard is a ConsoleOne snap-in you use to

■ Import Data from LIDF Files to an LDAP Directory
■ Export Data from an LDAP Directory to an LDIF File
■ Perform Data Migration between LDAP Servers
Import Data from LIDF Files to an LDAP Directory
Complete the following:

1. In ConsoleOne, select Wizards > NDS Import/Export.
2. Select Import LDIF File > Next.
The following appears:
Figure 9-1

3. Enter the name of the LDIF file containing the data you want to
import; then select Next.
Figure 9-2
4. Select the LDAP- compliant server where the data will be

imported to.
Figure 9-3

5. Configure the import parameters using the following guidelines:
Table 9-2 Parameter Guidelines
Server DNS name or IP Enter the DNS name or IP address of

address the destination LDAP server.
Port Enter the integer port number of the

destination LDAP server.
By default, this is 389 for clear-text or
636 for secure transmissions.
DER file containing (Optional) Enter the name of the DER

server key used for SSL file containing a server key used for
communication SSL authentication.
Login method Select Authenticated Login or

Anonymous for the entry specified in
the User DN field.
User DN If using Authenticated Login, enter the

distinguished name of the entry that
should be used when binding to the
server.
Password If using Authenticated Login, enter the

password for the entry specified in the
User DN field.

6. Select Next > Finish to begin the LDIF import.

Figure 9-4
Export Data from an LDAP Directory to an LDIF File

2. Select Export LDIF File > Next.
3. Specify the LDAP server holding the entries you want to export
(enter a DNS name or IP address).
4. Configure the export parameters (which are the same as the
import parameters; see Table 9-2).
5. Select Next.

6. Specify the search criteria for the entries you want to export:
Table 9-3 Criteria Description
Base DN Enter the base distinguished name for the

search request. If this field is left empty, the
base DN defaults to ““ (empty string).
Scope Specifies the scope of the search request.
Filter Enter an RFC 1558 compliant search filter. The

default is objectclass=*. For more information,
see http://www.ietf.org/rfc/rfc1558.txt.
Attributes Specify the attributes you want exported for

each search entry.
7. Select Next.
8. Enter the name of the LDIF file that will store the export
information; then select Next.
9. Select Finish to begin the LDIF export.
Perform Data Migration between LDAP Servers

2. Select Migrate Data between LDAP Servers > Next.
3. Select the LDAP server holding the entries you want to migrate.
4. Configure data migration parameters (which are the same as
import parameters; see Table 9-2).
5. Select Next.
6. Specify the search criteria for the entries you want to migrate (see
Table 9-3).

7. Select Next.
8. Select the LDAP server where the data will be migrated.
9. Select Next > Finish.
How to Use the LDAP Bulk Update/Replication Protocol
Because LDAP Bulk Update/Replication Protocol (LBURP) is

relatively new, eDirectory servers prior to version 8.5 and most
non-eDirectory LDAP servers do not support it.
If you are using the eDirectory Import/Export Wizard to import an

LDIF file to one of these servers, you must disable the LBURP
option for the LDIF import to work.
Before you use (LBURP), keep the following in mind:

■ ICE can use LBURP to send asynchronous requests to an
LDAP server. This guarantees that the requests are processed in
the order specified by the protocol and not in an arbitrary order.
■ LBURP lets ICE send several update operations in a single
request and receive a response for all update operations in a
single response. This adds to the network efficiency of the
protocol.
■ LBURP lets ICE present data to the server as fast as the
network connection allows.
■ If the network connection is fast enough, it lets the server stay
busy processing update operations 100% of the time because it
never has to wait for ICE to give it more work to do.
■ The LBURP processor in eDirectory also commits update
operations to the database in groups to gain further efficiency in
processing update operations.

■ LBURP can greatly improve the efficiency of your LDIF

imports.
■ LBURP is enabled by default, but you can disable it during an
LDIF import.
To enable or disable LBURP during an LDIF import, do the

following:
1. In ConsoleOne, select Wizards > NDS Import/Export >
Import LDIF File > Next.
2. Enter the name of the LDIF file containing the data you want to
import; then select Next.
3. Select the LDAP server where the data will be imported; select
Advanced; then select Use LBURP.
Figure 9-5
4. Follow the wizard instructions to complete the remainder of the

LDIF import wizard.

Exercise 9-2 Use the Import/Export Wizard to Import an LDIF File
a 20 minutes Digital Airlines has recently acquired a small airline whose

headquarters were at Portland International Airport (PDX). As
network administrator you must add personnel from that office to
your eDirectory tree.
To save time you export an LDIF file, that contains all their users,
from their non-eDirectory network directory. Now you must import
that LDIF file into your tree.
Do the following:
1. Start ConsoleOne and, if necessary, authenticate as Admin.
This is not the exact export 2. Export the SLC container:
mentioned in the scenario.
a. In ConsoleOne, browse to and select DigitalAir.
Classroom constraints make it b. Select Wizards > NDS Import/Export.
difficult to follow the scenario c. In the Select Task screen, select Export LDIF File > Next.
exactly.
d. In the Select Source LDAP Server screen, select New.
These steps give students the e. In the Description field, enter SLCExport.
opportunity to perform an LDIF
export as if they were following the f. In the Server DNS Name/IP Address field, enter 192.168.x.1.
scenario. g. In the Port field, enter 636.
h. In the DER File field, browse to and select
DAx:\SYS\PUBLIC\ROOTCERT.DER.
i. In the User DN field, enter
cn=admin,ou=SLC,o=DigitalAir.
Make sure you use commas (,) instead of periods to
separate contexts. (The comma is an LDIF syntax rule.)
j. Select OK.
k. In the Select Source LDAP Server screen, select
SLCExport.
l. In the Password field, enter novell.
m. Select Next.

n. In the Base DN field, enter ou=SLC,o=Digitalair.

o. Select Sub Tree.
p. Select Next.
q. In the Select Destination LDIF File field, enter
C:\SLC.LDIF.
r. Select Next.
s. In the Summary screen, select Finish.
You see text similar to the following:
Source Handler: ICE LDAP handler for Novell
eDirectory 8.6.0 version: 10110.05
Destination Handler: ICE LDIF handler for
Novell eDirectory 8.6.0 version: 10110.05
ICE log file: ice.log
Start time: Tuesday, October 9, 2001 9:53:54am
Operation in progress ...
Total entries processed: 122
Total number of errors: 0
End time: Tuesday, July 9, 2002 9:53:55 am
Total Time: 0:00:01.107
Time per entry: 00:00.046
3. From your student CD, import PDX.LDIF:
a. In ConsoleOne, browse to and select DigitalAir.
b. Select Wizards > NDS Import/Export.
c. In the Select Task screen, select Import LDIF File > Next.
d. In the Select Source LDIF File screen, browse to and select
PDX.LDIF from your student CD.
e. Select Advanced.
f. Deselect Exit on error > OK.
g. Select Next.
h. In the Select Destination LDAP Server screen, select New.
i. In the Description field, enter PDXImport.
j. In the Server DNS Name/IP Address field, enter 192.168.x.1.

k. In the Port field, enter 636.

l. In the DER File field, browse to and select
DAx:\SYS\PUBLIC\ROOTCERT.DER.
m. In the User DN field, enter
cn=admin,ou=SLC,o=DigitalAir.
Make sure you use commas (,) instead of periods to
separate contexts. (The comma is an LDIF syntax rule.)
n. Select OK.
o. In the Select Destination LDAP Server screen, select
PDXImport.
p. In the Password field, enter novell.
q. Select Advanced.
r. Deselect Use LBURP.
s. Select Allow forward references.
When working with LDIF, an operation to add one entry
might come before an operation to add its parents.
If so, an error is generated because the entry’s parent does
not exist when the LDAP server attempts to add the entry.
To solve this problem, enable the use of forward references.
Then, when an entry is created before its parent, a forward
reference is created, which allows the entry to be created.
If a later operation creates the parent, the forward reference
is changed to a normal entry.
t. Select OK.
u. Select Next.
v. In the Summary screen, select Finish.

You see text similar to the following:

Source Handler: ICE LDIF handler for Novell
eDirectory 8.6.0 version: 10110.05
Destination Handler: ICE LDAP handler for
Novell eDirectory 8.6.0 version: 10110.05
ICE log file: ice.log
Start time: Tuesday, October 9, 2001 9:53:54am
Operation in progress ...
Total entries processed: 9
Total number of errors: 0
End time: Tuesday, July 9, 2002 9:53:55 am
Total Time: 0:00:01.107
Time per entry: 00:00.046
w. Select Close.
4. Refresh your tree view by selecting View > Refresh.
Your tree should now have a PDX container with 8 users in it.
(End of Exercise)
Objective 3 Redirect Resources in the Tree

Managing eDirectory objects involves creating, modifying, and
manipulating objects. Some specific tasks you face are to create user
accounts and administer user rights.
You use ConsoleOne to perform object tasks.
Demonstrate the ConsoleOne In the left pane of ConsoleOne you see the NDS container, which
interface during this discussion. holds the eDirectory trees you are logged in to. You can cause
additional eDirectory trees to appear in the NDS container by
logging into other trees.
When you are in an eDirectory tree or context and its objects are
listed in the right pane, you can use the techniques described in this
section to locate the specific objects you want to manage.

In this objective you learn

■ When to Move an Object
■ When to Create an Alias Object
When to Move an Object
You move objects in eDirectory to reflect changes to your

organization’s structure. Your eDirectory tree structure usually has
some geographical and some functional elements to its design.
So when an employee, printer, server, or other resource is moved or

changes function within the company, you must move the
corresponding object in the tree to reflect that change.
The most common objects you move are users and printers because
employees and printers are the most commonly moved resources.
Students who have questions You are less likely to move things like servers or other objects that
about moving servers should be have a more critical functional or geographical relationship to their
referred to a more advanced place in the tree. They can be moved but, due to the number of
course. dependencies, the process for moving them is more complicated.
Demonstrate moving an object. Following are the general steps for moving an object:
1. In the ConsoleOne right pane, select the objects you want to
move.
Demonstrate both the shift-click Shift-click or Ctrl-click the objects to select more than one.
and Ctrl-click features.
2. Right-click your selection; then select Move.
3. Next to the Destination field, select the browse button; then
select the container to move the objects to; then select OK.

4. (Conditional) If you want to create an Alias in the old location for

each object being moved, select Create an Alias for All Objects
Being Moved.
This allows any operations that are dependent on the old
location to continue uninterrupted until you can update those
operations to reflect the new location.
5. Select OK.
When to Create an Alias Object
The main purpose for creating an alias object is to make things

convenient for your users. This concept is illustrated in the
following scenarios:
■ When a Resource is Moved. If you move a printer or a volume
to another context in the tree, it will break configurations and
mappings that a user has on his or her workstation.
To prevent this problem, you can create an alias object during
the moving process. This alias object acts as a place holder so
that printer configurations and drive mappings are still valid.
■ To Place a Resource Closer to the User. A very common
aliased resource that you can place closer to users is a server
volume. Server volumes are created by default in the same
context as the server that hosts the volume.
However, your users that need access to that volume might not
be in the same context. A convenient way to give them access is
to place an alias of the volume in the same context as the users.
Doing this gives you easier control over rights assignments
because you don’t have to make explicit assignments. You can
give file system rights to the container the users are in and let
them inherit rights to the volume through the alias.

Exercise 9-3 Redirect Resources in the Tree
a 15 minutes You must give users in the PDX container access to volume USER
on your server. You choose to create an alias object to accomplish
this. Do the following:
1. Create an alias in PDX to volume DAx_USER:
a. Right-click PDX; then select New > Alias.
b. As the name the alias, enter USER_VOLUME.
c. To fill in the Object field, browse to and select
DAx_USER.SLC.DIGITALAIR.
d. Select Define Additional Properties; then select OK and
note that PDX.DIGITALAIR is a trustee of
USER_VOLUME.
This gives users in this container the same rights by
inheritance.
e. Close the Properties window by selecting Cancel.
2. Add PDX as a file system trustee to the USER_VOLUME alias:
a. Right-click USER_VOLUME; then select Properties.
b. Select Trustees > Add Trustee.
c. Change the “Look in” context to DIGITALAIR.
d. Select PDX > OK.
3. Give users in PDX the Write and Create rights to the
USER_VOLUME alias:
a. Under Access rights, select Write and Create; then select
OK.
b. From the PDX container, right-click USER_VOLUME;
then select Properties.
c. Select Effective Rights and note that PDX.DIGITALAIR
has Read, Write, Create, and File Scan rights to
USER_VOLUME.

d. Select the Browse button and change the “Look in” context
to PDX.
e. Select LMcCarter > OK and note that LMcCarter has the
same rights as PDX.
(End of Exercise)
Objective 4 Extend the eDirectory Schema

In this objective, you learn the following:
■ What the Schema Is
■ What the Schema Manager Is
■ How to View the Schema
■ How to Extend the Schema
What the Schema Is
The eDirectory schema defines the classes of objects that the tree
can contain, such as users, groups, and printers.
The schema also specifies the attributes (properties) that comprise

each object type, including those that are required when creating the
object and those that are optional.
You can view the schema to evaluate how well the schema meets
your organization's informational needs, and then extend the
eDirectory schema to meet your organization’s needs.
The larger and more complex your organization, the more likely it is
that you need to customize the schema, but even small organizations
might have unique tracking needs.

For example, if your company has started to use temporary

employees you can extend the schema to create a temporary
employees class.
You then use the new class to create temporary employee user
objects.
What the Schema Manager Is
Emphasize that Schema Manager Schema Manager lets those with the Supervisor right to a tree
is not a tool for everyday use. customize the schema of that tree. Schema Manager is available
from the Tools menu in ConsoleOne.
You can use Schema Manager to

■ View a list of all classes and attributes in the schema
■ Extend the schema by adding a class or an attribute to the
existing schema
■ Create a class by naming it and specifying applicable attributes,
flags, and containers that can be added to, and parent classes it
can inherit attributes from
■ Create an attribute by naming it and specifying its syntax and
flags
■ Add an attribute to an existing class
■ Delete a class or an attribute that is not in use or that has
become obsolete
■ Identify and resolve potential problems

How to View the Schema
Viewing the schema can help you determine if you need to extend
the base schema.
Do the following:
1. In ConsoleOne, select any object in the eDirectory tree whose
schema you want to view.
2. Select Tools > Schema Manager.
A list of available classes and properties appears. Double-click
a class or property to see information about it.
How to Extend the Schema
You can extend the schema of a tree by using ConsoleOne to create

a class or attribute. You need the Supervisor right to the entire tree
to perform the following schema tasks:
■ Create a Class
■ Delete a Class
■ Create an Attribute
■ Add an Optional Attribute to a Class
■ Delete an Attribute
■ Create an Auxiliary Class

Create a Class
You can add a class to your existing schema as your organizational

needs change. The Create a Class Wizard in ConsoleOne helps you
accomplish this task:
1. In ConsoleOne, select any object in the eDirectory tree whose
schema you want to extend.
3. Select Classes > Create.
4. Follow the instructions in the wizard to define the object class.
If you need to define custom properties to add to the object
class, cancel the wizard and define the custom properties first.
Delete a Class
You can delete unused classes that aren't part of the base schema of
your eDirectory tree. ConsoleOne only prevents you from deleting
classes that are being used in locally replicated partitions.
You might also want to consider deleting a class from the schema in
the following instances:
■ After merging trees and resolving class differences
■ Any time a class has become obsolete
To delete a class, do the following:

1. In ConsoleOne, select any object in the eDirectory tree that
belongs to a class that you want to delete.
3. Select Classes > the class you want to delete > Delete > Yes.

Create an Attribute
You can create your own custom types of properties and add them
as optional attributes to existing object classes. However, you can’t
add mandatory attributes to existing classes.
The Create an Attribute wizard in ConsoleOne helps you

accomplish this task:
1. From the ConsoleOne menu, select Tools > Schema Manager.
2. Select Attributes > Create.
3. Follow the instructions in the wizard to define the new property.
Add an Optional Attribute to a Class
An example of an optional attribute One way you can extend the eDirectory schema is by adding
of a User object class is a pager optional attributes to existing classes. (Mandatory attributes can
number attribute. only be defined while creating a class.) This might be necessary if
■ Your organization's information needs change
■ You are preparing to merge trees
Do the following:
2. Select Classes > the class you want to modify > Add.
3. In the list on the left, double-click the properties you want to add.
If you add a property by mistake, double-click it in the list on
the right to remove it.
4. Select OK.
Objects you create of this class will have the attributes you added.
To set values for an object for the added attributes, use the Other
property page of the object.

Delete an Attribute
You can delete unused attributes that aren't part of the base schema
of your eDirectory tree. You might also want to delete an attribute
from the schema in the following instances:
■ After merging trees and resolving attribute differences
■ Any time an attribute has become obsolete
To delete an attribute,
2. Select Attributes > the attribute to delete > Delete > Yes.
Create an Auxiliary Class
An auxiliary class is a set of properties (attributes) that is added to

particular eDirectory object instances rather than to an entire class
of objects.
For example, an email application could extend the schema of your

eDirectory tree to include an E-Mail Properties auxiliary class and
then extend individual objects with those properties as needed.
An example of an auxiliary class With Schema Manager, you can define your own auxiliary classes.
you can define is “users who have You can then extend individual objects with the properties defined
pagers.” in your auxiliary classes.
This lets you group a type of user Do the following:
to be easily identifiable in the tree.
2. Select Classes > Create.
3. Follow the instructions in the wizard to define the auxiliary class.
Make sure to select Auxiliary Class when setting the class flags. If
you need to define custom properties to add to the auxiliary class,
cancel the wizard and define the custom properties first.

Exercise 9-4 Use Schema Manager to Extend the eDirectory Schema
a 15 minutes Digital Airlines has started to issue guns to its pilots. You choose to
extend the eDirectory schema to create an auxiliary class to keep
track of the serial numbers of the guns issued to each pilot.
The ConsoleOne snap-ins must be 1. In ConsoleOne, select DigitalAir-Tree-x.

installed (see Setup instructions)
to complete this exercise 2. Select Tools > Schema Manager.
successfully. 3. Select Create.
4. When the Create Class wizard appears, select Next.
5. In the Class Name field, enter GUN.
6. Leave the other fields blank and select Next.
7. Determine Class Flag:
a. Select Auxiliary Class.
b. Select Next.
8. From the Available Classes field, select Anything; then select
Next.
9. Define a mandatory attribute for the GUN auxiliary class:
a. From the Available Options field, select Serial Number.
b. Move the Serial Number attribute to the Add these attributes
field by selecting the top arrow.
c. Select Next.
10. In the Optional Attributes window, select Next.
11. In the Naming Attributes window, select Next.
12. Review the summary of your new auxiliary class.
13. Select Finish.
14. Select Close.

15. Assign the GUN auxiliary class to a user object belonging to a

DIGITALAIRLINES pilot:
a. Right-click JTRACY.FLIGHTOPS.LGA.DIGITALAIR.
b. Select Extensions of this object.
c. Select Add extension.
d. Select GUN > OK.
e. In the Generic Editing window, select OK.
f. Enter a name for the gun and serial number.
g. Select OK > Close.
16. Verify that the data you entered was added to JTRACY:
a. Right-click JTRACY > Properties.
b. Select Other.
c. To see the GUN auxiliary class, expand Object Class.
d. To see the serial number, expand Serial Number.
e. Select Cancel.
17. Close ConsoleOne.
(End of Exercise)

Summary
Objective Summary
1. Prepare for You must complete the following to prepare the

Upgrading to network for an eDirectory upgrade:
eDirectory
8.6 ■ Apply the Latest Support Packs
■ Update the eDirectory Schema
■ Install or Upgrade Novell Certificate Server
■ Perform an eDirectory Health Check
2. Use the You use the eDirectory Import/Export wizard to help

eDirectory you manage LDAP Data Interchange Format (LDIF)
Import/Export
files.
Wizard to
Manage LDIF ■ LDAP. LDAP is an Internet communication protocol
Files that lets client applications access Directory
information
■ LDIF files. LDIF files are used to build a Directory
database or to add large numbers of entries to a
Directory. LDIF files can also be used to make
changes to Directory entries.
3. Redirect Managing eDirectory objects involves creating,

Resources in modifying, and manipulating objects.
the Tree
■ When to Move an Object. You move objects in
eDirectory to reflect changes to your organization’s
structure.
■ When to Create an Alias Object. You create an alias
object to make things convenient for users.
■ When a Resource is Moved. You create an
alias object when you move a printer or a server
to avoid breaking configurations and mappings
that a user has on his or her workstation.
■ To Place a Resource Closer to the User. You
create an alias object for volumes because it is
a convenient way to give users access to a
volume not in their context.

(continued) Objective Summary
4. Extend the ■ How to View the Schema. You can use Schema
eDirectory Manager to view the schema to evaluate how well
Schema the schema meets your organization's informational
needs and to determine if you need to extend the
base schema.
■ How to Extend the Schema. You can use Schema
Manager to extend the schema of a tree by
performing the following schema tasks:
■ Create a Class
■ Delete a Class
■ Create an Attribute
■ Add an Optional Attribute to a Class
■ Delete an Attribute
■ Create an Auxiliary Class


MODULE 5
Implement Novell Licensing Services
Section 10 Identify the Fundamentals of Novell Licensing Services

Novell Network Management / Instructor Guide Identify the Fundamentals of Novell Licensing Services
SECTION 10 Identify the Fundamentals of Novell

Licensing Services
Duration: 1 hour In this section you learn the fundamentals of Novell Licensing
Services (NLS) for NetWare 6, including how to install and manage
license certificates.
Objectives
1. Identify How Server and User Licensing Works
2. Identify Key NLS Components
3. Manage License Certificates in the eDirectory Tree
4. Install NLS Certificates and View NetWare Usage
Introduction
Novell’s licensing technology allows you to manage license units
required to comply with the licensing requirements of Novell.
You use iManager to install license certificates when you add

NetWare servers and users to the eDirectory tree. Other features of
iManager allow you to delete and move license units for NetWare
and other NLS-enabled products.
x You are bound by the licensing terms and conditions of your agreement with
Novell to manually determine if usage is exceeding the licensing agreement.

Objective 1 Identify How Server and User Licensing

Works
To identify how server and user licensing works in NetWare 6, you
must understand the following:
■ Server and User Licensing Models
■ UAL Coexisting with SCL
■ How the Licensing Models Differ
■ License Types
Server and User Licensing Models
In addition to a server license, NetWare 6 requires a user license for

each user who accesses the network and uses services provided by
NetWare 6 servers.
Server and user licenses are separate files. They can be installed
anywhere in the eDirectory tree.
However, Novell recommends that licenses be installed in a

container either higher in the tree than the objects that use the
license units, or in the same container as those objects.
To manage the licenses required in a NetWare environment, you

must understand the following:
■ The Server Connection License (SCL) Model. Prior to the
release of NetWare 6, Novell used a server connection license
(SCL) model to regulate licensed usage of NetWare and its
services.
In the SCL model, users were granted access to network
services on a server basis. This meant that a single user might
use several connection licenses if the user concurrently
connected to multiple servers.

The network administrator had to estimate the number of

connections a user might need to perform his or her job to
determine the number of connection licenses needed.
The number of nonuser objects requiring connections also had
to be accounted for in the license unit count.
Novell required the purchase of SCLs to be installed on each
server. These licenses could be purchased in bundles, such as a
100-license bundle that allowed 100 server connections on a
single server.
Only 100 server connections at a time could be made for the
organization to be in compliance with its licensing agreement.
Even printers and other nonuser requestors of services, such as
a drive mapping or a ZENworks workstation, used a connection
license.
This model limited an organization’s ability to provide services
on a server to its users because a single user could monopolize
several connection licenses through multiple drive mappings
and print requests.
With the release of NetWare 6, Novell has implemented a user
access licensing (UAL) model. In the UAL model, user objects
are assigned a license unit that allows a user unlimited access to
NetWare 6 servers and their services.
In the UAL model, server licenses are still required for NetWare
6 servers.
During the installation of a NetWare 6 server, you install a
server license. Each server in the tree must have a unique server
license.
For additional server licenses, you can download them from
www1.novell.com/eld/LRequest.jsp?ENCRYPTION=NW6.
Licenses downloaded from this site are considered demo server
licenses and are provided at no cost. This allows you to get a
server installed and running for your organization.

To purchase and download licenses that are not demo licenses,

you must establish a license agreement with Novell or an
authorized reseller.
The type of server license you install determines the type of
user licenses you must use for your NetWare 6 users.
For example, if you installed a NetWare 6 Demo server license,
NLS looks for NetWare 6 demo user licenses to be used. If a
NetWare 6 demo user license isn’t found, users aren’t allowed
access.
This is important to understand when removing, reassigning, or
adding licenses to NetWare 6 servers.
For example, if you install NetWare 6 demo licenses (both
server and user) and later purchase licenses (both server and
user) from a reseller or Novell, you need to delete the demo
license for both the server and user.
Problems will occur if a Demo server license and purchased
user licenses are concurrently installed, or if a purchased server
license and Demo user licenses are concurrently installed. The
types of server and user licenses must match.
The server license should be installed in the same container as
the server and assigned to a server.
■ The UAL Model. The UAL model is the licensing model
launched with NetWare 6. UAL allows user access to all
network services on NetWare 6 servers that they have rights to.
In the UAL model, each user is assigned a user license as they
initially log in to a NetWare 6 server. The user can then connect
to any other NetWare 6 server in a single eDirectory tree
without requiring another license.
After the first assignment of a user license to a user object, that
license is reserved for that user as long as the user continues to
authenticate to the network.

If the user doesn’t log in again for 90 days or more, the license
is released and made available to the next user who needs a
license assignment.
x User licenses can be released from the originally assigned user through
iManager. This is helpful when license units have been assigned to users
who log in infrequently and you want to release the license for use by
others who require more regular network access.
With UAL, you purchase licenses for the total number of user
objects who will log in to the network.
Server licenses are still required for NetWare 6 servers, but they
don’t correspond to connections made and services requested
by users and nonuser objects.
User licenses aren’t assigned to servers. User licenses should be
installed in or above the container containing the user objects
that will use the licenses.
You must have enough user licenses for each user who will log
in to a NetWare 6 server. This is very different from previous
licensing models used by Novell for NetWare.
For example, in NetWare 4 and NetWare 5 implementations,
you could have 200 users who work in 2 shifts each day, with
100 users working one shift and the remaining 100 users
working the other shift.
On a network made up of NetWare 4 and NetWare 5 servers,
you would need enough server connection licenses to cover
each shift’s connection needs.
So, if every user on each shift logs in, at least 100 server
connection licenses are needed for each shift.
Additional server connection licenses for each shift would be
needed if printers were being used on the network, or if users
established multiple drive mappings.

Potentially, each shift of 100 users could require another 100 or

more (SCLs) to address the shift’s connection needs.
However, in a NetWare 6 implementation, you would need 200
user licenses to assign to all 200 users working both shifts.
Most companies will find their overall license needs reduced
with the NetWare 6 UAL model. This is due to the assignment
of one license unit to one user, regardless of the number of
connections and services the user uses.
x Organizations that employ workers in shifts or have classes with

students who need to use a user license to connect to NetWare 6 servers
might qualify for a set of licenses called Academic licenses.
These licenses are not assigned to a specific user for 90 days, as is

customary for Novell’s NetWare 6 user licenses. Instead, the licenses are
freed for other users within a cycle specified by the Academic license
agreement.
An organization must meet specific requirements to qualify for these

licenses. For information on obtaining Academic user licenses, contact
a Novell reseller.
UAL Coexisting with SCL
UAL can coexist on a network that is using SCL. Depending on the

resources being accessed, a user might use a UAL unit and an SCL
unit simultaneously.

For example, suppose a company has 6 NetWare servers, as shown

in the following figure. Of the 6 servers, 1 is a NetWare 4.x server, 2
are NetWare 5.x servers, and 3 are NetWare 6 servers.
Figure 10-1 (slide)

THarvey
SCL SCL SCL UAL
NetWare 4.x NetWare 5.x NetWare 5.x NetWare 6 NetWare 6 NetWare 6
When THarvey logs in to a NetWare 6 server on the network, he

uses one UAL unit, which allows connections to any number of
NetWare 6 servers THarvey needs to access.
For each NetWare 4.x or 5.x server THarvey logs in to, a NetWare
SCL unit is used.
To assess the license needs for a network consisting of NetWare 4.x,

NetWare 5.x and NetWare 6 servers, you must understand the extent
of each user’s need for services provided by the network servers.
For example, if THarvey has a drive mapping to each of the

non-NetWare 6 servers, and also logs in to each of those servers
every day, THarvey uses 2 SCL units every day on the 3
non-NetWare 6 servers, and he uses 1 UAL unit every day to access
the 3 NetWare 6 servers.

As the network administrator, you benefit by upgrading NetWare 4.x

and 5.x servers to NetWare 6 servers because you need the same
number of license units as there are users in the eDirectory tree.
You don’t have to take into account the multiple types of

connections that might be using an SCL unit.
How the Licensing Models Differ
The following shows the differences between the SCL model and
the UAL model:
Table 10-1 Feature UAL Model SCL Model
License packaging Server and user Server and user

licenses are available licenses are available
together or in the same license
separately. envelope or
separately.
Search for license Search starts at the Search starts at the

user’s context and server’s context and
goes up the tree. goes up the tree.
Context of licenses Install license Install license

certificates high in the certificates high in the
tree to accommodate tree relative to
all users who need a servers’ contexts.
NetWare 6 user
license.
Point out that a UAL unit is not License released No. Yes.
released when a user logs out. when user logs out
Connection-oriented No. Yes, until the current

objects (like Printer Support Pack is
and ZENworks installed.
objects) use a user or
connection license

License Types
The UAL model allows for the following 2 license types:

■ License Agreement Licenses. Large companies that require
many user licenses sign a license agreement with Novell. The
agreement stipulates the number of license units that can be
used before more licenses must be purchased.
Novell’s licensing agreements provide pricing breaks according
to the size of an organization.
Types of licensing agreements:
❑ Master License Agreement (MLA). Designed for large,
worldwide organizations, the MLA offers a direct
partnership with Novell that allows customers to take
advantage of Novell support services.
License purchases are set up between the organization and
Novell to establish pricing, support services, and auditing
responsibility terms.
❑ Corporate License Agreement (CLA). The CLA is
designed for medium to large organizations and is available
only through CLA resellers.
License purchases are set up between the organization and
the CLA reseller to establish pricing, support services, and
auditing responsibility terms.
❑ Volume License Agreement (VLA). The VLA offers small
to medium organizations to purchase licenses through any
Novell reseller without a signed contract.
■ Retail Licenses. Companies that purchase a copy of NetWare
through the Novell distribution channel, ShopNovell, receive a
licensing diskette in the box with the product. NetWare
purchased through this channel is called a Red Box product.
If you need more licenses for your Red Box NetWare product,
you can purchase additional licenses from Novell.

Objective 2 Identify Key NLS Components

The Novell licensing services on your NetWare 6 servers are
provided by NLSLSP.NLM. This NLM runs as long as your
NetWare 6 server is up and running.
As you install and manage licenses in your eDirectory tree, you

must understand the following licensing terms that relate to NLS:
■ License Service Provider (LSP)
■ NLS Clients
■ eDirectory Components
■ License Unit
■ Activation Key
■ Envelope
■ Policy
■ Notification
■ Unlicensed Access
License Service Provider (LSP)
Define license service provider. A license service provider (LSP) is licensing software that you
install and run on NetWare servers. This software is contained in the
NLSLSP.NLM program running on a NetWare 4.11 or later server.
An LSP provides the actual licensing service. It handles requests

from NLS clients and maintains the license certificates, which are
stored within eDirectory.

When you install NetWare and licensing certificates, NLS

■ Installs the LSP software on the server
■ Creates a license service provider object
(NLS_LSP_servername) in the eDirectory tree
You can also use NetWare Deployment Manager to accomplish

these 2 tasks after a NetWare 6 server installation. You use NetWare
Deployment Manager to install licenses that replace expired licenses
on an active NetWare 6 server.
You must have an LSP running on a server with a writable replica of

each partition. This requirement applies to partitions that contain or
will contain license certificate objects.
If a partition does not or will not contain a license certificate, that

partition does not require a server running an LSP.
The replica can be a master or read/write replica. You can run LSPs
on other servers without replicas as long as they can communicate
with the LSP that has a writable replica.
The server with the writable replica can make changes to eDirectory
on the other server's behalf.
NLS Clients
Define NLS client. An NLS client is software that requests licensing services from
LSPs. An NLS client runs on either a workstation or a server or on
both the workstation and the server.
Other than the client software, no additional files need to be

installed on workstations.
Applications, that are written to use NLS such as BorderManager

and ZENworks for Desktops, load client libraries that communicate
with NLS components running on a NetWare server.

NLS clients support 32-bit Windows and NLM platforms. Clients

for the Windows and NLM platforms communicate with the LSP as
follows:
■ Windows NLS Client. If a 32-bit Windows NLS client has an
existing connection to a NetWare server running an LSP, the
client communicates directly with the LSP.
If the client does not have a connection to a server running an
LSP, the client searches from the server’s context upward in the
eDirectory tree for an LSP.
■ NLM NLS Client. An NLM client does not search. It only
examines the current connection.
eDirectory Components
The eDirectory components of NLS are as follows:

■ NLS_LSP_servername Object
■ License Certificate Object
■ License Container Object
■ The Stop Policy
NLS_LSP_servername Object
Define the NLS_LSP_servername NLS_LSP_servername is an object in eDirectory.

object.
This object’s existence in the tree indicates that NLS is configured
to run on a server and that the server is an LSP.
Both the NetWare server installation software and NetWare

Deployment Manager install the LSP software on the server and
create a corresponding LSP object (NLS_LSP_servername) in the
eDirectory tree.

LSP objects are created in the same context as the server running
the LSP software (NLSLSP.NLM).
The LSP object stores the following configuration information

about an LSP running on the server:
■ A transaction database name
■ Information about how to search for a license certificate
(whether to search to the partition root or to the root of the tree)
■ Notifications concerning unlicensed access and service
problems, and other associated data
License Certificate Object
Define the license certificate The license certificate object is an object in eDirectory that
object. represents a license certificate. The icon for a license certificate
object looks like a single sheet of paper.
License certificates correspond to the printed license statement

typically included in the packaging for software products.
When you view the object in iManager, the object typically displays
the serial number or certificate name.
License certificates are installed from files. Typical filename

extensions are
■ NLF (for NetWare, BorderManager, and other Novell products)
■ CLS (for NetWare for Small Business)
■ KEY (activation keys)

Certificates can be secure or unsecure:

■ A license certificate is a digital license that is secured by an
activation key. License certificates usually come from a
software vendor who provides the key to the license.
For additional security, NetWare license certificates are digitally
signed. They cannot be modified.
■ A metered certificate does not have an activation key; it is an
unsecure license certificate.
ZENworks functions as the NLS client and requests license
units on behalf of applications. Metered certificates are usually
created by network administrators and allow the use of
purchased software distributed on the network to be monitored.
b For more on metered certificates see the online documentation for

ZENworks for Desktops 3.2.
NLS creates a license certificate object when you install license

certificates for NLS-enabled applications or when you create
metered certificates.
When you install or create a license certificate, you choose the

context for this object.
License certificates contain policies that include the terms and

conditions of use for a license certificate.

License Container Object
Define license container object. The license container object is a container object in eDirectory that
contains one or more license certificate objects. License container
object names include the publisher, product, and version of the
product.
For example, in NetWare 6, the license product container created

during NetWare 6 installation looks like this in iManager:
Figure 10-2
The Stop Policy
Define stop. Stop is a policy in a license certificate object. The terms and
conditions of your license agreement determine which policy is in
place for the licensed product.
The following are 3 types of stop policies:
Define hard stop policy. ■ A hard stop policy informs users that they are out of
compliance with the terms and conditions of the license
agreement.
A hard stop prevents users from accessing a license unit. The
hard stop could result from all available license units already
being used.
Define soft stop policy. ■ A soft stop policy informs users that they are out of compliance
but allows them to continue using license units under certain
conditions.
Define no stop policy. ■ A no stop policy ignores situations in which no license units are
available. NLS keeps track of the overage by logging the
noncompliance, but does not inform or warn the user.

License Unit
Define license unit. A license unit is a component of a license certificate.
When you purchase a product, you purchase one or more license

units for it. For example, a 100-additive user license for NetWare
contains 100 license units, allowing 100 users to access NetWare
services.
A license unit or a license certificate is not the license itself.

Licenses are specified in your license agreement.
Activation Key
Define activation key. The activation key is a sequence of numbers and letters. It allows
you to complete the installation of a license certificate for a product
you purchased.
All license certificates require an activation key. This is usually

included in a KEY file along with the certificate.
This combination enables the activation key to be installed during

installation. However, if the installation cannot locate an activation
key, a prompt allows you to enter it.
Envelope
Define envelope. An envelope is an NLF file that contains one or more license
certificates. This is a convenient way of packaging multiple license
certificates to be distributed as a single file.
Because multiple license certificates can exist in an envelope,

envelopes allow you to install several license certificates at the same
time.

Envelopes can contain an embedded activation key for license

certificates. A sample envelope file is 4234171D.NLF.
Policy
Define policy. A policy is an electronic representation of a term or condition in

your license agreement. Policies are contained in license
certificates.
For example, a certificate for a company could include the following

policies:
■ Each license unit is usable.
■ Each license unit allows nodal reuse. (A user can use it multiple
times from different workstations.)
■ The certificate does not require an LSP assignment.
■ Duplicate certificates can be installed (an important point for
MLA accounts).
■ The certificate is an evaluation license certificate.
■ The certificate has a soft stop. (The policy allows users to use
the service even though a license unit is not available.
However, a network administrator receives notification that the
company is out of compliance.)
■ The certificate uses an activation key.
■ The certificate is digitally signed.
A policy is tied to a license certificate and a policy manager, not to

the licensing service. A policy can be modified by changing (or
replacing) a license certificate.

Notification
Define notification. A notification is a message that informs you about the licensing
service or a problem concerning your compliance with the terms
and conditions of the licensing agreement.
There are 2 types of notifications:

■ System Alert Notifications. System Alert notifications inform
a designated person about one of the following:
❑ An eDirectory communication error related to the licensing
service
❑ An eDirectory schema error related to the licensing service
❑ A transaction logging error
■ Out of Compliance Notifications. Out of Compliance
notifications inform a designated person that your company is
out of compliance with the terms and conditions of your
licensing agreement.
By default, the designated person to receive notification is whoever

installs the license certificate. You can modify (change, delete, and
add) objects that receive notifications. Multiple users or groups can
receive notifications.
Notifications are sent through the NetWare Broadcast utility, and

optionally Simple Network Management Protocol (SNMP). SNMP
is a protocol not limited to TCP/IP networks that governs
■ Network management
■ Monitoring of network devices and their functions

Unlicensed Access
Define unlicensed access. Unlicensed access is an allowance beyond the number of license
units purchased.
WIth NetWare 6, Novell offers up to 2 grace logins that allow

unlicensed server access on the server license certificates. This
ensures the administrator of having access to a server when all user
licenses have been assigned.
This lets you continue using the product to manage NetWare 6

servers while you purchase and install more user license certificates.
Unlicensed access does not grant licenses. The terms and conditions
of your license agreement specify how the product is to be used.
Objective 3 Manage License Certificates in the

eDirectory Tree
The licensing objects in the eDirectory tree let you manage the
certificates for servers and users. These objects are created when
you install licenses.
The NLS version included with NetWare 6 provides the iManager

utility that allows you to
■ Assign license certificates to eDirectory server objects
■ Monitor license certificate allocation
b For a full description of the features available in the NetWare 6 NLS

management utilities, see the Novell Licensing Services Administration
Guide online at http://support.novell.com/documentation.

As with other services provided by NetWare 6, you manage NLS

through objects in eDirectory and commands that run at startup.
eDirectory objects you use to monitor license certificate usage are
■ The License Container Object
■ The License Certificate Object
The License Container Object
License container objects are created when a license certificate is

installed. These container objects always hold license certificate
objects.
To view information about a license product container,

1. In iManager, select License Management > Manage License
Properties.
2. Navigate to and select a license container; then click OK.
3. Select a tab corresponding to the information you want to view
There are 2 property tabs for the license product container object:
■ General. The license product container object’s General tab
includes information related to
❑ The product, such as the publisher name, product name,
and product version number
❑ The installed licenses, including the number of licenses
installed, in use, and available
Use the General tab of license product container objects to
determine the licensed application version when you are
investigating licensing issues. It is very important to have the
same version of NLS running on network servers.
When you troubleshoot licensing issues, look at the properties
of each NetWare 6 license container object on your network to
determine the version of NLS running on the server.

■ Units in Use. The Units in Use tab can be very helpful when
tracking denials for license certificates.
In environments where users are limited to a single connection,
the information on this tab can help you identify who has
established a connection and used a certificate.
Usage information for each user connected to the network can
be viewed in the Units in Use window.
When users connect to the network from various workstations
and use a license, this property page helps you identify how
many connections a user has established.
In the following figure you see a single connection has been
established, using a single NetWare license.
Figure 10-3

The License Certificate Object
When you install a license certificate or create a metered certificate,

a license certificate object is added to eDirectory.
NLS also adds a license product container object, if one doesn't

exist, and places the license certificate object in that container.
When licenses are installed during NetWare 6 installation, server

license certificates are created in the Novell+NetWare 6 Server+600
container in the same context as the server.
In the NetWare 6 UAL model, license certificates for each user in

your organization must also be installed.
Using iManager, you can view information about license certificates

and their usage.
To view information about a license certificate, do the following:

1. In iManager, select License Management > Manage License
Properties.
2. Navigate to and select a license file; then select OK.
3. Select a tab corresponding to the information you want to view.
There are 3 property tabs for a license certificate object

■ General. The values shown on the license certificate object’s
General tab summarize the configuration of the certificate.
■ Server Assignments. Use the Server Assignments tab to
determine which license certificate has been assigned to the
server. Assigning servers to license certificates is required when
licenses are purchased through
❑ Retailers
❑ A Volume License Agreement (VLA)
❑ A Corporate License Agreement (CLA)

License certificates cannot be used in a VLA or most CLA

environments until a server assignment is made.
This assignment is automatic when licenses are installed during
a NetWare installation or by using NWCONFIG.NLM.
Server assignments to license certificates are not required when
MLA licenses are purchased.
In organizations where MLA licensing is used, assigning a
server to a license certificate prevents all but the assigned server
from using licenses from the certificate.
Because this situation is not the desired outcome for MLA
licensing, customers with MLA unlimited license certificates
should leave the Server Assignment field blank.
■ Units in Use. Information included in this tab is identical to the
Units in Use information for a license product container object.
b You can solve many NLS problems by accessing the Licensing FAQ web
page at http://www.novell.com/documentation/lg/nw6p/index.html.
Objective 4 Install NLS Certificates and View NetWare

Usage
When installing NLS certificates and viewing NetWare usage, you
should know the following:
■ Guidelines for Installing License Certificates
■ License Certificates and Envelopes
■ How to Install License Certificates
■ How to Use the NetWare Usage Tool

Guidelines for Installing License Certificates
Use the following when installing your license certificates in the

eDirectory tree:
■ Place user license certificates in or above the users’ eDirectory
context.
When adding license certificates to the eDirectory tree, you
should know where you want to install the license certificate in
the tree.
This context determines who can use the license units
associated with that license certificate.
■ Place server licenses in the server’s eDirectory context.
■ Smaller companies can place license certificates at the top-most
organization container. Companies with more complex
eDirectory trees should place license certificates lower in the
tree, closer to the organizational unit that contains the user
objects.
■ If you want users in different contexts to use the same license
certificate, the certificate must be placed in a common container
above the users’ contexts.
For example, suppose a company has 10 users split across 3
organizational units: Accounting, Research, and Purchasing.
For the 10 users to access the licenses, place the licenses high
enough in the tree for NLS to find them, typically in a container
common to all organizational units or distributed through the
organizational units.
■ Except for licenses provided to large companies with License
Agreement contracts with Novell, a license cannot be installed
in more than one container.
■ If you have a remote site and a WAN link, place a license
certificate in the remote site’s context, assuming the remote site
has a local replica containing its context.

License Certificates and Envelopes
You can install license units contained within a single license

certificate or an envelope.
■ Single License Certificates.
When a single license certificate is installed, and no instance of
other license certificates have been previously installed, NLS
adds a license container object to the tree and a license
certificate object to that container object.
You select the context or location in the eDirectory tree for that
license container object.
You install license certificates by accessing envelope (NLF)
files.
If you purchase and install additional license certificates, they
are also added to the eDirectory tree as objects in the
appropriate license container object.
■ Envelopes.
Envelopes let you install more than one license certificate at a
time into license container objects.
For example, if you purchase a 100-user license of NetWare,
you can use an envelope to simultaneously install all 100
license certificates.
How to Install License Certificates
To install a license certificate, do the following:

1. In iManager, select License Management > Install License.
2. Navigate to and select a license file.
The file might be on a disk or a CD.
An example of the path and filename for a license certificate is
A:\LICENSE\43D211.NLS.

An example of the path and filename for an envelope is

A:\LICENSE\.43D23E.NLF.
The file, usually linked to an activation file (key), retrieves the
password if one is available.
3. Select the licenses to install.
Each license includes the user licenses and a server license.
Each server must have a server license associated with it.
If the licenses are to be installed in different contexts, install the
licenses one at a time.
If you choose to install a server license and one is already
assigned to the server, the server license installation will fail.
4. In the Location field, browse to or enter the context where you
want the licenses installed.
5. In the Server Assignment field, browse to or enter the fully
distinguished name of the server object you want the license
assigned to.
If you are installing a server base license, the Server
Assignment field displays.
6. Enter an Activation Key.
This field displays only if you are required to provide an
activation key to unlock a license. You can either enter the key
as text or select an activation key file to be read from a disk.
The results of installing the licenses appears.
7. To install another license or to reinstall a license that failed,
select Continue; otherwise, select Done.

How to Use the NetWare Usage Tool
You need to know how to determine NetWare usage so you know if

you are in compliance with your licensing agreement. NetWare 6
ships with a NetWare usage tool so you can determine license
compliance.
The NetWare usage tool generates a statistic or a report of the

number of users that logged in to the network over a specified
period of time. If you are managing license agreement contracts,
this tool is helpful in preparing for audits.
Because managing network use is a network administrator’s

priority, the NetWare usage tool lets you see a statistic of all
licenses used and generates a report of users’ last network access.
Each server gathers information regarding authentications and saves

the information in a database. A server is then assigned to be the
collection server and the authentication information is passed to this
server.
The collection server gathers this information and displays it when

the usage tool is accessed. You can specify the collection server.
The NetWare Usage Tool uses NWUSAGE.NLM and

NLSLRUP.NLM to gather the usage information. Other NLM
programs that support these modules include CONNAUD.NLM,
NLSMETER.NLM, and NLSADAPT.NLM.
NLSLRUP.NLM gathers information in its database only for

NetWare 6 servers running in the same tree. Information is not
available from NetWare 5 or NetWare 4 servers.
To access NetWare usage information, do the following:

1. Log in to NetWare Remote Manager.
2. Under NetWare Usage, select Usage Information.
3. Follow the on-screen steps.

Set Configuration Options
The Configuration page lets you determine how the NetWare usage
tool is used on your network. To set configuration options, do the
following:
1. Log in to NetWare Remote Manager.
2. Under NetWare Usage, select Configuration.
3. Modify the settings.
4. Select Update Configuration.
For more about these settings, select the NetWare Usage page
help.
These parameters can also be set at the server console. Use the
command NLSLRUP HELP to display the commands for
setting the configuration options at the server console.
Advanced options can also be configured that further define how

NetWare usage is communicated on your network. To access these
options, log in to NetWare Remote Manager. Under NetWare
Usage, select Advanced Options.
For more about these advanced settings, select the NetWare Usage
page help.
Advanced parameters can also be set at the server console. Use the
command NLSLRUP HELP to display the commands for setting the
configuration options at the server console.

Exercise 10-1 Install a User License and View Network Usage
a 20 minutes The new Digital Airlines employees you prepared workstations for
will start in a few days and will need access to the DAx server.
Windows Excel must be installed You need to install a license certificate to add enough user licenses
for Part IV of this exercise so for all current and new employees to access the DAx server.
students can view NetWare Usage
information. In this exercise you do the following:
■ Part I: Install License Certificates
■ Part II: Set Configuration Options
■ Part III: Set Advanced Options
■ Part IV: Access NetWare Usage Information
Part I: Install License Certificates
Install a license certificate by doing the following:

1. On your workstation, launch iManager.
2. Log in as admin with a password of novell to your SLC container.
3. In the left frame, select License Management.
4. Select Install a License.
5. Insert your student CD into your workstation’s CD drive.
6. Next to the Load License File field, select Browse.
7. On your student CD, browse to the
Section 10 > 3004_1 server_5user folder.
8. Select the NLF file for your server.
9. Select Open.
10. Select Next.
11. Mark Select Certificates.

This selects your user license.

12. Select Next.
13. In the Location field, enter SLC.DIGITALAIR.
14. Browse to and select your DAx server.
15. Select Install.
16. Verify your license was successfully installed; then select Done.
17. Close the iManager window.
Part II: Set Configuration Options
Set configuration options by doing the following:

1. Launch Remote Manager.
2. Log in as admin of the SLC container with the password novell.
3. In the left frame, scroll down to the NetWare Usage section.
4. Under NetWare Usage, select Configuration.
5. In the right pane under “No server is the collector server,” mark
Make DAx the collection server.
6. Under “The collector gathers usage information,” select Every
Time Interval; then, in the Days field, enter 7 and in the Hours
field, enter 8.
7. Under “Servers enroll with the collector,” mark Every Time
Interval; then, in the Days field, enter 7 and in the Hours field,
enter 8.
8. Select Update Configuration.
Part III: Set Advanced Options
Set advanced options by doing the following:

1. In the left frame under NetWare Usage, select Advanced

Options.
2. Select Collect Now and wait a few minutes for the data
collection process to complete.
This lets you collect data in addition to the days and hours
specified in Part II.
Part IV: Access NetWare Usage Information
Access NetWare usage information by doing the following:

1. In the left frame under NetWare Usage, select Usage
Information.
2. In the “First select which information you would like” field,
select Show the user usage summary report.
3. Select Go.
Notice that this gives you the number of servers and users you
are collecting information on.
4. Select Usage Information.
Point out that this requires Excel to 5. In the “First select which information you would like” field,
be installed on the workstation to select Download user details to build your own report.
view the collected information.
6. Select Go.
7. In the File Download dialog, save the file to disk by selecting
OK.
8. Browse to the desktop; then click Save to save the
NWUSAGE_DETAILS file to your desktop.
9. In the Download Complete window, select Open.
10. In the Open With window, choose WordPad or Notepad; then
open the NWUSAGE._DETAILS.CSV file.
11. View your NetWare usage information by user.

12. Return to the Remote Manager browser window.

Point out that this requires Excel to 13. In the “First select which information you would like” field,
be installed on the workstation to select Download all details to build your own report.
view the collected information.
14. Select Go.
15. In the File Download dialog, rename the NWUSAGE file to

NWUSAGE_DETAILS.CSV.
16. Browse to the desktop; then click Save to save the
NWUSAGE_DETAILS file to your desktop; then select Open.
17. In the Open With window, choose WordPad or Notepad; then
select the NWUSAGE_DETAILS.CSV file and select Open.
18. View your detailed NetWare usage information by user and
services used.
(End of Exercise)

Summary
Objective Summary
1. Identify How NetWare 6 requires a server license for each

Server and User NetWare 6 server, and user licenses for each
Licensing Works
user who accesses the services provided by
NetWare 6 servers.
Prior to NetWare 6, NetWare users used a
license on each server they logged in to. This is
known as the Server Connection License (SCL)
model.
In NetWare 6, the User Access License (UAL)
model grants users access to all network
services they have rights to.
This means a user obtains only one license
regardless of the number of NetWare 6 servers
he or she logs in to.
UAL can coexist on a network that is using SCL.
A user might use a UAL unit and an SCL unit
simultaneously.
The primary differences between the SCL
model and the UAL model include the following:
■ How licenses are packaged for purchase
■ How licenses are searched for in the
eDirectory tree
■ If a license is released when a user logs off
■ If a license is used by a connection-oriented
object, such as a printer
In the UAL model, license types include license
agreement licenses (MLA, VLA, CLA), and retail
licenses.

Objective Summary
2. Identify Key NLS You must understand how the following help you
Components maintain licensing and license units on your
network:
■ License Service Provider (LSP)
■ NLS Clients
■ eDirectory Components
■ NLS_LSP_servername object
■ License Certificate object
■ License Container object
■ The Stop policy
■ License Unit
■ Activation Key
■ Envelope
■ Policy
■ Notification
■ Unlicensed Access
3. Manage License NetWare 6 and NLS provide you with options to

Certificates in the customize the assignment of license certificates
eDirectory Tree
to servers on your NetWare network.
The NLS version included with NetWare 6
provides the iManager utility that lets you
■ Assign license certificates to eDirectory server
objects
■ Monitor license certificate allocation
You manage NLS through objects in the
eDirectory tree and commands that run at
startup.
The eDirectory objects that let you monitor
license certificate usage are
■ The License Container Object
■ The License Certificate Object

Objective Summary
4. Install NLS When installing NLS certificates and viewing

Certificates and NetWare usage, you should know the following:
View NetWare
Usage ■ Guidelines for Installing License Certificates
■ License Certificates and Envelopes
■ How to Install License Certificates
■ How to Use the NetWare Usage Tool


MODULE 6
Set Up and Manage Network Storage
Section 11 Set Up and Configure File Storage and Access Options in

NetWare 6
Section 12 Perform Backup and Restore Tasks with NetWare 6 Backup

Utilities
Novell Network Management / Instructor Guide Set Up and Configure File Storage and Access Options in NetWare 6
SECTION 11 Set Up and Configure File Storage

and Access Options in NetWare 6
Duration: 4 hours In this section, you learn to set up and configure Novell Storage
Services (NSS) and implement several server file system access
components.
Objectives
1. Set Up and Configure NSS
2. Monitor, Manage, and Rebuild NSS Storage Space
3. Set Up User Access to the Server File System
Introduction
If you do not have time in class to After installing NetWare 6 and NSS on your server, you might need
complete the iFolder, NFAP, to perform additional setup and configuration tasks such as
NetDrive, and NetStorage configuring user space restrictions and resetting the cache.
exercises (11-3 through 11-6),
consider giving students the You also need to know how to monitor and manage NSS storage
choice of completing one or more space and provide remote access to NSS volumes for your users.
of the exercises.
In this section, you perform basic NSS setup, configuration, and
Exercises 11-3 through 11-6 are management tasks, and implement iFolder, Novell Native File
designed to be completed Access Pack (NFAP), NetDrive, and NetStorage for remote access.
independent of each other.

Objective 1 Set Up and Configure NSS

Consider assessing what students After initially creating NSS storage pools and logical volumes on
know about creating NSS pools your NetWare server, you might need to perform additional setup
and volumes. and configuration tasks such as the following:
If necessary, demonstrate creating ■ Convert a Traditional Volume to an NSS Volume
a pool and volume. ■ Configure User Space Restrictions
■ Configure Directory Space Restrictions
■ Set Cache Buffers
■ Set Up File Snapshot
■ Enable Transaction Tracking System (TTS) on Logical
Volumes
Convert a Traditional Volume to an NSS Volume
You can convert a traditional volume to an NSS logical volume

using the VCU conversion utility. VCU can convert volumes with
long names.
VCU copies the data from the traditional volume to an NSS logical
volume in an existing NSS storage pool. The new logical volume
keeps the original volume name with _NEW added unless you
rename the volume before converting.
Because the traditional volume remains after the conversion, make

sure you have enough additional space for the new logical volume.
For example, if you want to convert a 2 GB traditional volume to a

logical volume, you need to have at least 2 GB of additional
available space.

Remind students that after you To convert a traditional volume to an NSS logical volume, you need
convert a traditional volume to a to know the following:
logical volume in NetWare 6, you
cannot access the logical volume ■ VCU Command Syntax
under prior versions of NetWare. ■ How to Convert a Traditional Volume With VCU
x VCU affects server performance. As a result, perform volume conversions

only when server demands are low (such as after working hours).
VCU Command Syntax
The syntax for VCU is as follows:
VCU /p /l /i /d /r traditional_volume nss_pool [ds_container

[ds_volName]]
Parameters:
■ /p: Do not print directory file names.
■ /l: Do not write errors to log file (Dst_Vol:ERROR.OUT).
■ /i: Keep file COMPRESS_FILE_IMMEDIATELY_BIT.
■ /d: Delete the original volume if the copy process is successful.
(If you delete the traditional volume, the new volume retains the
name of that volume.)
x Do not be alarmed if this process returns an error. The traditional

volume has a hidden system file that will not be copied. As a result, this
process will return an error.
■ /r: Remove xxx_new NSS volume and restore xxx traditional

volume (use to keep the original volume name for the new
logical volume name).

■ ds_container: Designate the original volume of the eDirectory

container.
■ ds_volumeName: If specified, VCU uses this name to rename
or delete the original volume’s eDirectory object. Otherwise,
VCU uses servername_originalVolName as the default
eDirectory name.
How to Convert a Traditional Volume With VCU
Do the following:
1. Make sure you have an NSS pool to store the converted volume.
You can create a pool specifically for the converted volume, or
add the converted volume to an existing pool.
2. From the NetWare 6 server console prompt, enter VCU
traditional_volume nss_pool.
For example, to convert a traditional volume named APPS to an
NSS logical volume in a pool named POOLONE, from the
server console prompt enter the following:
VCU APPS POOLONE

After the conversion is complete, a status screen similar to the

following appears:
Figure 11-1
The traditional volume keeps the original volume name, and

_NEW is added to the original volume name for the new NSS
volume.
3. Do one of the following:
❑ If you want to keep the original volume name for the
traditional volume, enter N.
❑ If you want to keep the original volume name for the new
NSS volume, enter Y.
The traditional volume is renamed with _OLD added to the
original volume name; the new NSS volume is renamed
with the original volume name and is associated with the
existing volume object in eDirectory.
4. Restart the server by entering RESTART SERVER.
5. Make sure the volume converted properly by accessing and
viewing the directories and files on the volume.
6. Delete the traditional volume.

Configure User Space Restrictions
You can set up user space restrictions to regulate the amount of

space a user has to store data on an NSS volume.
To set up user space restrictions for a user, do the following:

1. Start ConsoleOne.
2. Authenticate as the admin user.
3. Browse to the volume where you want to establish space
restrictions.
4. Right-click the volume and select Properties.
5. Select Attributes > NSS Attributes.
Figure 11-2
6. Select User Space Restrictions.

7. Select the Users with Space Restrictions tab.

A list of users with space restrictions appears.
8. Add a user to the list by doing the following:
a. Select Add.
b. Browse to and select the user you want; then select OK.
Figure 11-3
c. Enter the space restriction (in increments of 4KB); then

select OK.
The user is added to the list:
Figure 11-4
You can return to this list to view updated statistics on

space usage for the restricted user.
9. When you finish adding users, close the properties dialog by
selecting OK.

Configure Directory Space Restrictions
You can set up directory space restriction to limit the amount of

space for storing data in a directory. Restrictions applied to a parent
directory are applied to all subdirectories.
To set up directory space restrictions, do the following:

2. Authenticate as the admin user.
3. Browse to the directory you want to establish restrictions for.
4. Right-click the directory; then select Properties.
5. Select Facts.
Figure 11-5
6. Select Restrict Size and enter the size limit (increments of 4 KB).
7. Close the properties dialog by selecting OK.
Set Cache Buffers
A cache buffer is a 4 KB block of server RAM that temporarily

stores data. When you install NSS, it uses 60% of the cache buffers
by default and keeps those cache buffers available for its use.
Evaluate this setting on each server.

If most volumes on a server are NSS volumes, consider keeping the

full 60% of NSS allocated cache buffers. Doing so optimizes server
performance and leaves sufficient cache buffers available for
non-NSS tasks.
If several volumes on a server are traditional, consider reducing the

size of the cache buffer allocation for NSS.
The following are options for changing the cache buffers:

■ You can set a maximum of 1,048,576 cache buffers.
■ You can set the buffers in percentages rather than integers.
This means that if you want to allocate 60% of available cache
buffers (the full amount allocated to NSS by default), you set
NSS to consume 100% of NSS allocated cache buffers.
You can change the NSS cache buffer allocation by using Monitor
(Server Parameters > Novell Storage Services) or by using the
following commands from the server console:
NSS /MinBufferCacheSize=value between 256 and 1048576

NSS /CacheBalance=value between 1 and 99
Cache buffers can also be configured using the following SET

commands:
SET NSS MINIMUM CACHE BUFFERS = value between 256

and 1048576
SET NSS CACHE BALANCE PERCENT = value between 1 and

99
This sets the minimum number of cache buffers allocated for NSS
file system access. The range is 256 - 1,048,576.

Set Up File Snapshot
The File Snapshot feature lets your backup utility (such as SBCON
or Backup Exec for NetWare) keep an original copy of all data files.
The File Snapshot feature captures the most recent closed copy of
the file. This means that if you lose data between backup cycles, you
still have a solid copy of the previously saved file on the backup
tape.
If you select File Snapshot on an NSS volume, the backup utility

copies all the meta-data (owner, date/time, modifier, etc.). During
write requests, only the data that is being written to is copied.
NSS recognizes how to return the appropriate data when read

requests come in for the real file or the snapshot file.
To enable the File Snapshot feature for an NSS volume, from the
server console prompt enter the following NSS command:
NSS /FileCopyOnWrite=<volName>
To enable the File Snapshot feature for all NSS volumes, enter the
following:
NSS /FileCopyOnWrite=all
To disable the File Snapshot feature, enter the following:
NSS /NoFileCopyOnWrite
After you set up File Snapshot on NSS volumes, you must

deactivate the NSS volumes and reactivate and mount the volumes
to make sure there are no open files without a snapshot.

Enable Transaction Tracking System (TTS) on Logical

Volumes
Transaction Tracking SystemTM (TTSTM) protects database

applications by backing out transactions that are incomplete due to a
system failure.
TTS is available on either all traditional or all NSS logical volumes

on the same server.
If your server stores both traditional and logical volumes, TTS is set
(by default) to work only on traditional volumes. If you want to use
it on logical volumes instead, do the following:
1. Add DISABLE TTS to the AUTOEXEC.NCF file; then restart
your server.
2. From the server console prompt, enable TTS on each logical
volume you want it on by entering the following:
NSS/TRANSACTION=volume_name.
Exercise 11-1 Test Set Up and Configuration for Digital Airlines Web Files
on an NSS Volume
a 20 minutes As part of Digital Airlines’ transition from using NetWare 5 to

NetWare 6, you need to convert several volumes from traditional to
NSS volumes.
You also need to restrict the space used by several directories and
users on those volumes.
One of the traditional volumes you need to convert is a WEBFILES

volume that contains company web site and FTP server files. This
volume also needs space restrictions configured for the FTP files.

Before performing these configuration tasks in the production

environment, you decide to test the WEBFILES configuration by
doing the following:
■ Part I: Create a Traditional Volume for the Digital Airlines
Web Files
■ Part II: Convert the WEBFILES Traditional Volume to an NSS
Volume
■ Part III: Configure and Test Directory and User Space
Restrictions
Part I: Create a Traditional Volume for the Digital Airlines Web

Files
To test converting the traditional WEBFILES volume, you start by

creating the traditional volume on your NetWare 6 lab server.
Do the following:
1. From your workstation, make sure you are logged in as admin to
DAx; then start ConsoleOne.
2. In the SLC.DIGITALAIR container, right-click the DAx
object; then select Properties.
3. Select Media > Traditional Volumes; then select New.
If you don’t see the Media tab in the properties dialog, try
starting ConsoleOne from SYS:PUBLIC\MGMT
\CONSOLEONE\1.2\BIN on your NetWare server.
4. For the volume name, enter WEBFILES; then select Next.
A list of available space appears.
5. Select the unpartitioned storage space; then in the Used field
enter 200.
This sets the size of the volume to 200 MB.
6. Continue by selecting Next.

7. Select Finish; then create the volume by selecting Yes.
x If an error dialog appears, close the dialog by selecting Close.
8. Close the properties dialog by selecting Cancel.

9. Refresh the ConsoleOne window by pressing F5.
A DAx_WEBFILES volume object appears in the
SLC.DIGITALAIR container.
10. Copy the web site files from the student CD to the WEBFILES
volume:
a. From your workstation, insert the student CD.
b. Double-click My Computer > student CD > Exercises >
Section 11.
c. Select the DAWEB folder; then select Edit > Copy.
d. From the Address drop-down list (top of the window), select
My Network Places; then double-click NOVELL
CONNECTIONS > DAx > WEBFILES.
e. Select Edit > Paste.
f. When the copying is complete, close the WEBFILES
window.
g. From your workstation, remove the student CD.

Part II: Convert the WEBFILES Traditional Volume to an NSS

Volume
With the WEBFILES traditional volume created, you can test

converting a traditional volume to an NSS volume.
Do the following:
1. Create a WEBMEDIA NSS pool:
a. From ConsoleOne, right-click the DAx object; then select
Properties.
b. Select Media > NSS Pools; then select New.
c. For the pool name, enter WEBMEDIA; then select Next.
d. Select the unpartitioned disk space; then in the Used field,
enter 500.
e. Continue by selecting Next.
The Attribute Information dialog appears.
f. Make sure Activate on Creation is selected; then select
Finish.
g. Create the pool by selecting Yes.
The WEBMEDIA pool appears in the Pools on Server list.
h. Close the properties dialog by selecting Cancel.
2. From your NetWare 6 server console prompt, convert the
WEBFILES traditional volume by entering the following:
VCU WEBFILES WEBMEDIA
A Volume Copy Upgrade screen appears.
When the conversion is complete, you are prompted to rename
the volume.
WEBFILES is still the traditional volume; WEBFILES_NEW is
the converted NSS volume.
Because VCU doesn’t create eDirectory objects, a
DAx_WEBFILES_NEW object doesn’t exist in SLC.

3. To associate the new NSS volume with the existing eDirectory

DAx_ WEBFILES volume object, enter Y.
VCU renames the traditional volume from WEBFILES to
WEBFILES_OLD; it renames the new NSS volume from
WEBFILES_NEW to WEBFILES.
4. Exit VCU by pressing Enter.
5. From your workstation, close ConsoleOne.
6. From the server console prompt, restart the server by entering
RESTART SERVER.
7. When the server finishes restarting, verify that the WEBFILES
volume converted properly by doing the following:
a. From the server console prompt, enter VOLUMES.
Both WEBFILES and WEBFILES_OLD are listed.
b. From your workstation, start ConsoleOne.
c. Check the SLC container for a DAx_WEBFILES_OLD
volume object.
The object does not exist because VCU did not create new
eDirectory objects.
d. In the SLC container, right-click the DAx object; then select
Properties.
e. Select Media > NSS Pools.
f. From the Pools on Server list, select WEBMEDIA; then
select Show Volume.
A list of NSS logical volumes appears with WEBFILES
highlighted. This is the converted and renamed NSS
volume.
g. Select Media > Traditional Volumes.
WEBFILES_OLD is listed as a traditional volume.
h. Close the properties dialog by selecting Cancel.

i. From your workstation desktop, double-click MY

NETWORK PLACES > NOVELL CONNECTIONS >
DAx.
Both WEBFILES and WEBFILES_OLD appear.
j. Double-click WEBFILES > DAWEB.
k. Repeat steps i and j, opening WEBFILES_OLD >
DAWEB.
l. Compare the contents of DAWEB on WEBFILES and
WEBFILES_OLD.
The contents are the same.
m. When you finish, close the DAWEB windows.
8. Delete the WEBFILES_OLD traditional volume:
a. From ConsoleOne, right-click the DAx object; then select
Properties.
b. Select Media > Traditional Volumes; then select
WEBFILES_OLD.
c. Delete the WEBFILES_OLD traditional volume by
selecting Delete.
d. Find the partition for the volume by selecting Media >
Partitions; then select the Traditional partition that does
not list associated volumes.
Associated volumes are listed at the bottom of the dialog.
e. Remove the partition by selecting Delete.
f. Close the properties dialog by selecting Cancel.

Part III: Configure and Test Directory and User Space

Restrictions
The files on the WEBFILES_NEW volume include company

pictures and flight information for public access stored in an
FTPFILES directory.
A Marketing Specialist (Jeff McMurdie) has access to this volume

for updating the marketing portion of the web site and FTP files.
To effectively manage the WEBFILES_NEW volume, you decide to

limit the directory size for the FTP files, and restrict the amount of
space the Marketing Specialist can use on the volume for updating
his files.
Do the following:
1. Make sure the NSS attributes for restricting size are selected:
a. From ConsoleOne on the workstation, right-click the
DAx_WEBFILES volume object; then select Properties.
b. Select Attributes > NSS Attributes.
c. Make sure Directory Quotas and User Space Restrictions
are selected.
Without these options selected, you cannot use the space
restriction features of NSS.
d. Do one of the following:
❑ If you made changes to the properties, close the
properties dialog by selecting OK.
❑ If you did not make changes, close the properties
dialog by selecting Cancel.
2. Restrict the size of the FTPFILES directory to 10 MB:
a. From ConsoleOne on the workstation, double-click the
DAx_WEBFILES volume object.
b. Double-click the DAWEB folder; then right-click the
FTPFILES directory and select Properties.

c. Select Facts.
d. Select Restrict Size: then in the Limit field enter 10000 (for
10 MB).
e. Select OK.
3. Restrict the amount of storage space for Jeff McMurdie (the
Marketing Specialist) to 5 MB on the WEBFILES volume:
a. From ConsoleOne, right-click the DAx_WEBFILES
volume object; then select Properties.
b. Select Users with Space Restrictions; then select Add.
c. Browse to and display the objects in the
MARKETING.SLC.DIGITALAIR container.
d. Select JMCMURDIE; then select OK.
A User Space Restriction dialog appears.
e. In the Limits field, enter 5200 (for approximately 5 MB);
then select OK.
JMCMURDIE appears in the User Restrictions list with a
limit of a little over 5 MB.
f. Close the properties dialog by selecting OK.
4. Give Jeff McMurdie access rights to the WEBFILES volume:
a. From ConsoleOne on your workstation, right-click
DAx_WEBFILES; then select Properties.
b. Select Trustees; then select Add Trustee.
c. Browse to the MARKETING.SLC.DIGITALAIR
container and select JMCMURDIE; then select OK.
d. From the Access Rights list, make sure that Read, Write,
Create, and File Scan are selected; then select OK.
5. Map a drive to the FTPFILES directory for admin:
a. From your workstation desktop, right-click the red N in the
system tray; then select Novell Map Network Drive.
b. Select an unassigned drive letter to map; then select Browse.

c. Select DAx > WEBFILES > DAWEB > FTPFILES; then

select OK.
d. Select Check to make folder appear as the top most level
and Map Search Drive; then select Map.
e. Close the FTPFILES window.
6. Test the space restriction for the FTPFILES directory:
a. From your workstation, insert the student CD.
b. Double-click My Computer > student CD > Exercises >
Section 11.
c. Right-click the DAWEB folder; then select Copy.
the drive you mapped to FTPFILES.
e. Right-click the FTPFILES window; then select New >
Folder.
f. For the folder name, enter TEST FILES; then open the
folder.
g. Select Edit > Paste.
Files begin copying from the student CD.
After a few moments, an error message appears indicating
that there is not enough free disk space or that Windows
was unable to save all the data files.
h. Close the error message by selecting OK.
i. From ConsoleOne, right-click the FTPFILES folder; then
select Properties.
j. Select Facts and enter 15000 for the size restriction.
This increases the directory limit to 15 MB.
k. Close the properties dialog by selecting OK.
l. From the TEST FILES window, right-click the DAWEB
folder and select Delete.
A message appears indicating that DAWEB is a read-only
folder.

m. Delete the folder by selecting Yes; then select Yes to All.

n. Copy the DAWEB folder again by selecting Edit > Paste.
With the added space, the copying is successful.
o. Select the DAWEB folder; right-click and select Delete.
p. Delete the folder by selecting Yes; then select Yes to All.
q. Close the TEST FILES window.
7. From your workstation, log in as JMCMURDIE:
system tray; then select NetWare Login.
The Novell Client dialog appears.
b. Select Advanced.
c. Enter the following:
❑ Username: JMCMURDIE
❑ Password: novell
❑ Tree: DIGITALAIR-TREE-x
❑ Context: MARKETING.SLC.DIGITALAIR
❑ Server: DAx
d. Select OK; then confirm the login by selecting Yes.
8. Map a drive to the FTPFILES directory for JMCMURDIE:
system tray; then select Novell Map Network Drive.
b. Select an unassigned drive letter to map; then select Browse.
c. Select DAx > WEBFILES > DAWEB > FTPFILES; then
select OK.
e. Close the FTPFILES window.

9. Test the user space restriction for Jeff McMurdie:

a. From your workstation desktop, double-click My
Computer > student CD > Exercises > Section 11; then
select DEMO.MPEG.
b. Select View > Details.
Notice that the size of the DEMO.MPEG file is over 9 MB.
c. Right-click the DEMO.MPEG file; then select Copy.
The file begins copying from the student CD.
Immediately an error message appears indicating that there
is not enough free disk space or that Windows was unable
to save all the data in the file.
Because DATA.EXE is larger than the 5 MB restriction for
Jeff McMurdie, the file cannot be copied to the FTPFILES
directory on the WEBFILES volume.
f. Close the error message by selecting OK.
10. Log in as admin and increase the space restriction to 10 MB for
JMCMURDIE:
system tray; then select NetWare Login.
The Novell Client dialog appears.
b. Log in as admin with a password of novell.
c. From ConsoleOne, right-click the DAx_WEBFILES
volume object; then select Properties.
d. Select Users with Space Restrictions and select
JMCMURDIE; then select Modify.
e. In the Limit field, enter 10400; then select OK.
JMCMURDIE’s limit has increased to a little over 10 MB.
f. Close the properties dialog by selecting OK.

11. Log in as JMCMURDIE and try copying the DEMO.MPEG file

again to FTPFILES:
a. From the Novell client, log in as JMCMURDIE with a
password of novell.
b. From your workstation desktop, double-click My
Computer > student CD > Exercises > Section 11.
c. Select the DEMO.MPEG file; then right-click and select
Copy.
The DEMO.MPEG file is copied successfully to the
FTPFILES folder.
f. Close the FTPFILES window.
(End of Exercise)

Objective 2 Monitor, Manage, and Rebuild NSS

Storage Space
After you set up and configure NSS, there are other tasks you can
perform to monitor, manage, and rebuild NSS storage space. These
include the following:
■ View the Status of NSS Volumes
■ Mount or Dismount NSS Logical Volumes
■ Activate or Deactivate NSS Pools and Logical Volumes
■ Delete NSS Pools and Logical Volumes
■ Restore or Purge Deleted NSS Logical Volumes
■ Increase the Size of an NSS Pool
■ Verify and Rebuild NSS Pools
View the Status of NSS Volumes
You can view and monitor the status of an NSS volume from one of
the following dialogs:
■ Server object properties dialog. This dialog provides
information such as the volume state (active/deactive,
mounted/dismounted), available storage space, and creation
date.
The information in this dialog helps you identify volumes when
performing management tasks such as activating and
deactivating a volume.
■ Volume object properties dialog. This dialog provides volume
statistics (such as disk usage, directory entries, delete file
count), NSS quota usage, and NSS statistics.
The information in this dialog helps you closely monitor the
usage and status of the NSS volume.

To view the information from the server object properties dialog, do

the following:
2. Authenticate to the server object by logging in as admin user.
3. Right-click the server object and select Properties.
4. View the NSS volumes on the server by selecting Media > NSS
Logical Volumes.
The left panel lists the NSS volumes on the server.
5. View the volume information by selecting the volume.
6. When you finish, select Close.
To view the information from the volume object properties dialog,

do the following:
2. Authenticate to the volume object by logging in as admin user.
3. Right-click the volume object and select Properties.
4. Select Statistics; then select Statistics, NSS Quota Usage, or
NSS Statistics.
For details on these statistics, select Help.

Mount or Dismount NSS Logical Volumes
To make an NSS logical volume available after its creation, you

mount it. You dismount an NSS logical volume when it is no longer
needed, when it needs to be secured, or when it requires a repair.
Do the following:
4. Select Media > NSS Logical Volumes.
5. Select the NSS volume you want to mount or dismount.
6. Select one of the following:
❑ Mount
❑ Dismount
The button label changes to Dismount when you mount the
NSS volume; it changes to Mount when you dismount the NSS
volume.
Activate or Deactivate NSS Pools and Logical Volumes
You activate an NSS volume to make it accessible to users. You

deactivate an NSS volume to make sure that there are no open files
when you perform maintenance activities.
Opening files during maintenance activities can result in corrupted

data.

To activate or deactivate an NSS logical volume, do the following:

❑ Media > NSS Pools
❑ Media > NSS Logical Volumes
5. Select the NSS pool or NSS logical volume to be activated or
deactivated.
❑ Activate
❑ Deactivate
A message appears indicating that all open files will be closed.
7. Continue by selecting Yes.
The button label changes to Deactivate when you activate the
pool or volume; it changes to Activate when you deactivate the
pool or volume.
When you deactivate a pool, all volumes in the pool are deactivated
and dismounted. When you activate the pool, you must activate and
mount each volume individually.
When you deactivate a volume, the volume is also dismounted. You

must activate and mount the volume to make it available again.

Delete NSS Pools and Logical Volumes
You can delete an NSS pool or an NSS logical volume to free

existing space in a partition to assign to another NSS storage pool or
traditional volume.
If you delete an NSS pool, you cannot restore the logical volumes in
that pool. However, if you delete an NSS logical volume from an
NSS pool, you can restore it within a specified time (see “Restore or
Purge Deleted NSS Logical Volumes” on 11-27).
To delete an NSS pool or logical volume, do the following:

2. Authenticate to the server object by logging in as the admin user.
4. Select Media > NSS Pools or Media > NSS Logical Volumes.
5. Select a pool or volume and select Delete.
Restore or Purge Deleted NSS Logical Volumes
If you delete an NSS logical volume, it is removed from the NSS

pool. However, for a specified amount of time, called the Purge
Delay time, you can review and even restore the contents of a
deleted NSS volume.
You must restore an NSS volume before the Purge Delay time
elapses; otherwise, the NSS volume is removed from the system and
you can no longer restore it.

To manage restoring and purging deleted logical volumes, you need

to know the following:
■ How to Configure the Purge Delay Time
■ How to Restore or Manually Purge Deleted Logical Volumes
How to Configure the Purge Delay Time
The default setting for the Purge Delay time is 4 days. After this
time expires, NSS purges any deleted logical volumes.
You can change the Purge Delay time from the server console
prompt by entering the following:
NSS /LOGICALVOLUMEPURGEDELAY=delaytimeinseconds
To make the configuration change permanent, add this command

line to the server’s AUTOEXEC.NCF file. This sets the Purge Delay
time when you restart the server.
How to Restore or Manually Purge Deleted Logical Volumes
To restore or manually purge deleted logical volumes, do the

following:
4. Select Media > NSS Pools.
5. Select the pool from which you deleted the volume; then select
Deleted Volumes.

Figure 11-6
6. Select an NSS logical volume from the list; then select one of the
following:
❑ Purge. Use to immediately purge the volumes.
❑ Prevent Purge/Allow Purge. Use to stop or allow the
volume from being purged.
❑ Salvage. Use to restore the volume.
❑ Refresh. Use to refresh and update the list of deleted
volumes.
7. (Conditional) If you select Salvage, do the following:
a. Enter a new volume name or keep the original volume name;
then select Finish.
b. Close the Deleted Logical Volumes dialog by selecting
Close.
c. Verify that the volume has been restored by selecting Media
> NSS Logical Volumes.
The volume appears as active and mounted in the list of
NSS logical volumes.
8. When you finish, close the Deleted Logical Volumes dialog by
selecting Close.
9. Close the properties dialog by selecting Close.

Increase the Size of an NSS Pool
You can increase the size of an NSS pool by adding storage objects
(such as unpartitioned space) to the pool.
To increase NSS pool size, do the following:

5. Select the NSS pool you want to increase the size of; then select
Increase Size.
A list of available storage objects appears.
6. Obtain the space from a listed storage object by selecting the
storage object.
x You can lose data if you span an NSS storage pool across multiple
devices and a device or a partition goes bad.
7. Enter the amount of space you want to include from the storage
object in the Used column.
8. Add the storage space by selecting Finish.
If you select unpartitioned storage space, a message indicates
that the space will be partitioned with hotfix space and a mirror
object.
9. (Conditional) Create the partition and add the storage space to
the pool by selecting Yes.
10. Verify that the new space has been added by selecting the NSS
pool; then select Show Segments.
A Segment Information dialog appears that lists the added
storage space (segment).

11. When you finish viewing the segment information, select Close.
Verify and Rebuild NSS Pools
If you cannot activate an NSS pool, you can use the VERIFY and
REBUILD utilities to solve the problem.
You can also use VERIFY any time you want to check the health of
a pool or volume (such as after restoring a volume).
To understand how to use VERIFY and REBUILD, you need to

know the following:
■ How VERIFY and REBUILD Work
■ How to Use the VERIFY Utility
■ How to Use the REBUILD Utility
x You use VREPAIR to fix traditional volumes. For instructions on using

VREPAIR, see Utilities Reference at
http://www.novell.com/documentation/lg/nw6p/index.html.
How VERIFY and REBUILD Work
NSS keeps a journal of all file system transactions. After your file
system crashes, NSS scans the journal to ensure that all transactions
are either completed or undone.
This means that volumes do not require any repair when you mount
them again after the crash. Instead you use repair utilities called
VERIFY and REBUILD on the storage pools that contain the
logical volumes:

■ VERIFY checks the file system integrity of an NSS storage

pool by searching for inconsistent data blocks or other errors. It
indicates if there are problems with the file system, but does not
make changes to the state of the NSS pool and volumes.
VERIFY dismounts logical volumes in an NSS pool before
performing an assessment. Dismounting makes sure that no task
is happening on the volumes during the assessment.
After the assessment, it generates a report on the state of the
pool that you can use when running REBUILD.
VERIFY copies errors and transactions into a file named
POOL_NAME.VLF at the root of SYS. Every time you verify
an NSS pool, the previous VLF file is overwritten.
■ REBUILD verifies and uses the existing leaves of an object
tree to rebuild all other trees in the system.
When an NSS pool does not activate and you cannot mount the
logical volumes, you use REBUILD.
To make sure that REBUILD works properly, deactivate the
pool you are rebuilding so users cannot access the volumes in
the pool.
x When you deactivate a storage pool, all volumes in the pool deactivate
and dismount.
REBUILD copies errors and transactions into a file named

POOL_NAME.RLF at the root of SYS. Every time you rebuild
an NSS pool, the previous error file is overwritten.
After running REBUILD, run the VERIFY utility. If errors
appear, run REBUILD again until no errors appear.
Restoring from a backup is preferable to using REBUILD. Use
REBUILD as a last resort to recover the file system. If you use
it to recover from data corruption, you can lose data.

How to Use the VERIFY Utility
To use VERIFY, do the following:

1. At the server console prompt, enter NSS
/POOLVERIFY=poolname.
Figure 11-7
2. When prompted that NSS logical volumes will be dismounted,

select Yes.

When verification is complete, the following report appears:
Figure 11-8
3. If there are errors in the report, run the REBUILD utility;

otherwise, make sure the NSS pool is activated by entering the
following at the server console prompt:
NSS /POOLACTIVE=poolname
4. Activate and mount each volume by entering the following at the
server console prompt:
NSS /ACTIVATE=volumename
MOUNT volumename

How to Use the REBUILD Utility
To use REBUILD, do the following:

1. At the server console enter NSS /POOLREBUILD=poolName.
Figure 11-9
2. When prompted that the logical volumes in the NSS pool will be
dismounted, select Yes.
This verifies and accounts for all blocks in the system. If the
NSS logical volumes have errors, the errors are listed on the
screen.
3. After the errors are fixed, enter the following at the server
console prompt to activate the pool:
NSS /POOLACTIVE=pool_Name
4. Activate and mount each volume by entering the following at the
server console prompt:
NSS /ACTIVATE=volumename
MOUNT volumename

Exercise 11-2 Test NSS Management Tasks on the WEBMEDIA Pool
a 15 minutes After converting traditional volumes to NSS volumes on your

NetWare 6 server, you decide to reorganize some of the volumes to
make data access more efficient.
This reorganization requires that you perform tasks such as deleting

volumes, restoring volumes, verifying the file integrity of volumes,
and increasing the size of some pools to accommodate new
volumes.
Before performing these tasks in the production environment, you

decide to test the procedures by doing the following:
■ Part I: Delete and Restore the WEBFILES Volume
■ Part II: Verify the File System Integrity of the WEBMEDIA
Pool
■ Part III: Increase the Size of the WEBMEDIA Pool
Part I: Delete and Restore the WEBFILES Volume
Do the following:
1. From your NetWare 6 server console prompt, enter VOLUMES.
The WEBFILES volume is listed as mounted.
2. From your workstation make sure you are logged in as admin to
DAx; then start ConsoleOne.
3. From ConsoleOne, browse to and right-click the DAx object and
select Properties.
4. Select Media > NSS Logical Volumes.
5. Select WEBFILES; then select Delete.
The WEBFILES volume is deleted and removed from the list of
NSS logical volumes.

6. From your NetWare 6 server console prompt, enter VOLUMES.

The WEBFILES volume is no longer listed.
7. From the Console properties dialog for DAx, select Media >
NSS Pools.
8. From the NSS pools list, select WEBMEDIA.
Notice that there are no logical volumes listed for the pool.
9. Select Deleted Volumes.
A dialog with a list of deleted volumes appears.
The WEBFILES volume is selected. Notice the scheduled purge
time and that the volume is salvageable.
10. Restore the volume by selecting Salvage.
A Rename Logical Volume dialog appears.

11. Keep the WEBFILES name and restore the volume by selecting
Finish.
When the volume is restored, the Deleted Logical Volumes
dialog is redisplayed without the WEBFILES volume listed.
12. Close the dialog by selecting Close.
13. Verify that the volume has been restored by selecting Media >
NSS Logical Volumes.
The WEBFILES volume appears as active and mounted in the
list of NSS logical volumes.
15. From the server console prompt, enter VOLUMES.
The WEBFILES volume is mounted and available on your

NetWare 6 server.

Part II: Verify the File System Integrity of the WEBMEDIA Pool
After restoring the WEBFILES volume, you decide to check the

integrity of the pool, volume, and files.
Do the following:
1. At the server console prompt, enter the following:
NSS /POOLVERIFY=WEBMEDIA.
A message appears indicating the NSS volumes on the pool will
be dismounted.
2. Dismount and verify the WEBFILES volume by selecting Yes.
After a few moments, a verification report appears.
3. View information for the pool, volume, and files by pressing the
spacebar.
4. View any errors or warnings by pressing F1.
No errors or warnings are listed for the pool, volume, and files.
5. When you finish viewing the report, exit by pressing Esc.
You might need to press Esc more than once.
6. At the server console prompt, activate and mount the
WEBFILES volume by entering the following:
NSS /ACTIVATE=WEBFILES
MOUNT WEBFILES
The WEBFILES volume is mounted successfully.

Part III: Increase the Size of the WEBMEDIA Pool
Do the following:
1. From ConsoleOne on the workstation, browse to and right-click
the DAx object; then select Properties.
3. Select the WEBMEDIA pool.
The current total space for the pool is approximately 500 MB.
4. Select Increase Size.
A list of available storage objects appears.
5. Select an unpartitioned space storage object with at least 500
MB of free space.
6. Increase the pool size to 1 GB by entering 500 in the Used
column.
7. Add the storage space by selecting Finish; then select Yes.
Notice that the total storage space for the pool has increased to
1 GB.
8. Verify that the new space has been added by selecting
WEBMEDIA; then select Show Segments.
A Segment Information dialog appears that lists 2 segments
associated with the pool. Segment 1 is the latest segment added.
9. View segment information (specifically the size) by selecting 1.
10. When you finish viewing segment information, select Close.
(End of Exercise)

Objective 3 Set Up User Access to the Server File

System
NetWare 6 offers a variety of technologies that you can use to
provide access to NetWare resources and files for your employees,
customers, and partners.
In this objective you learn about these technologies by doing the

following:
■ Perform iFolder Management Tasks
■ Install and Configure NFAP
■ Install and Configure NetStorage
■ Install and Configure NetDrive
Perform iFolder Management Tasks
iFolder provides automatic, secure, and transparent synchronization

of files between Windows clients and the central iFolder server.
After iFolder is installed, you can manage and optimize your

iFolder server. To do this, you need to understand the following:
■ How to Manage iFolder Accounts
■ Common iFolder Administrative Tasks
■ How to Optimize Your iFolder Server
b For information on installing iFolder, see the Foundations of Novell

Networking course or
http://www.novell.com/documentation/lg/ifolder/index.html.

How to Manage iFolder Accounts
After iFolder is running, you can access the following to manage the
iFolder accounts:
■ The Default iFolder Web Site
■ The Server Management Console
The Default iFolder Web Site
The iFolder web site home page contains the iFolder Client Quick
Start Guide and other important information about iFolder, as
shown in the following:
Figure 11-10
You can also download the iFolder client and access iFolder files
using a browser. You can modify this page to meet your company's
needs.
To access the default iFolder home page, from a web browser on

your workstation enter the IP address or the DNS name of your
iFolder server.

For example, if the IP address of your iFolder server is

192.168.1.88, your would access the iFolder home page from your
workstation web browser by entering http://192.168.1.88.
The Server Management Console
The Server Management Console lets you manage your users’

iFolder accounts. From this site, you perform administrative tasks
and manage the activity between the server and the iFolder clients.
You can access the Server Management Console by opening a web

browser and entering https:// iFolder_server_ipaddress/
iFolderServer/Admin.
x The “iFolderServer/Admin” part of the URL is case sensitive.
To access the iFolder user account information, you must log in to

the Server Management Console with your administrative user
name and password.
After you log in, the following appears:
Figure 11-11

From the Server Management Console, you can perform the

following tasks:
■ View general server information
■ View LDAP settings
■ View user account information
As an administrator, you can remove a user account, change a
user’s disk storage quota on the iFolder server, and set specific
policies for individual users.
■ View iFolder client connections
■ Configure client policies
You can determine what policies will be applied to iFolder
clients. For example, you can enforce policies for the client to
remember passwords and pass phrases so users cannot change
them.
You can also hide iFolder client options. For example, if you
enforce and hide the option to request encryption of iFolder
data, the data is encrypted and the user is unaware of the
transaction.
Items that are hidden do not appear in the iFolder client dialogs.
■ Configure server policies
You can regulate server behavior, such as how much disk space
is allotted to each iFolder client or how much time passes
before a session times out.

Common iFolder Administrative Tasks
The following are common administrative tasks you can perform

with the Server Management Console:
■ Remove an iFolder Account
■ Restore a User’s Folder
■ Reset a Pass Phrase
Remove an iFolder Account
Do the following:
1. From the Server Management Console, select User Accounts.
2. Select the user ID you want to remove; then select Remove.
Restore a User’s Folder
If a user wants to recover data from a deleted or corrupt file, restore

the folder that contains the file from backup media to a secondary
iFolder server for the user to access from the iFolder client.
Do the following:
1. At the Server Management Console, select User Accounts.
2. Roll your mouse pointer over the user’s ID and look at the ID that
appears in the bottom of your browser.
The ID identifies the user folder.
3. Restore this folder from the backup media to a secondary iFolder
server that the user can attach to and restore the files.

Reset a Pass Phrase
The only way to reset the pass phrase for a user in the standard
version of iFolder is to remove the user account and have the user
resynchronize data from the local iFolder directory on the
workstation.
The files stored on the local workstation are not encrypted. When
the iFolder client downloads an encrypted file from the iFolder
server, the file is decrypted by the iFolder client and then saved in
the local iFolder directory.
If the user has data in the local iFolder directory that is

synchronized with the iFolder server, restoring the data from the
local iFolder directory will not be a problem.
However, if the encrypted data on the iFolder server has not yet
been synchronized with the local directory, when you delete the user
account, any unsynchronized data is lost.
To change a pass phrase for a user, contact the user and remain in
contact during the process. Do the following:
1. Prepare for the pass phrase change by doing the following:
❑ Ask the user to log out of iFolder.
❑ Verify that the user has a relatively fast connection.
❑ Verify that all of the user’s current data is in his or her local
iFolder directory.
2. Access the Server Management Console at the workstation by
entering the following:
https://iFolder_server_ipaddress/iFolderServer/Admin
x The URL is case-sensitive.
3. Log in to the iFolder server.

4. Make sure the user has logged out of iFolder by selecting

Current Sessions.
There should be no current session listed for the user’s account.
5. Select User Accounts and note the Quota value.
If disk quota is over 200 MB, you must manually re-enter this
information in the Server Management Console after the pass
phrase has been reset.
6. Select the user to be removed by selecting the user ID.
7. Scroll to the bottom of the list and select Remove User.
This removes the user from the list.
8. Confirm the removal of the user account by selecting Yes.
The account and any data associated with the account is
removed from the iFolder server.
9. Ask the user to log in again using the iFolder client.
When the user logs in, he or she is prompted for a new pass
phrase.
After the user has entered a new pass phrase and logged in, the
iFolder client creates a user account with the default Quota of
200 MB.
If the user was allocated more than 200 MB and has more than
200 MB of data to synchronize, an error message about disk
space appears.
10. (Conditional) Instruct the user to select OK.
11. Verify that the user account was created by selecting User
Accounts.

12. (Conditional) If the user needs more than 200 MB of space,

a. Select the user ID.
b. In the Disk Quota field, enter the amount of disk storage.
c. Select Change.
When the user re-logs in to iFolder, the error won’t appear.
13. Log out of the Server Management Console by selecting
Login/Logout; then select Logout.
How to Optimize Your iFolder Server
To optimize your iFolder server, do one or more of the following:

■ Add more RAM to your server.
■ Increase threads (for Apache web servers running on NetWare).
You can increase the number of threads by opening the
HTTPD.CONF file that iFolder uses and increase the number
listed for the ThreadsPerChild parameter.
For optimal performance, use one thread per client. However,
iFolder has been tested up to 25 clients per thread.
■ Change the amount of disk space allocated to iFolder users.
(However, allocating large amounts of disk space to users can
decrease the iFolder server's performance.)
■ Change the Default Sync Delay parameters to improve server
performance if you have thousands of users.
The following are the current default parameters:
❑ 5-second delay after file activity
❑ 20-second delay after server polling interval
To improve performance, make the following changes:
❑ 30-second delay after file activity
❑ 1-minute delay after server polling interval

Exercise 11-3 Manage an iFolder User Account
a 15 minutes You have received a request from the SLC office administrative
assistant (Anita Valdez) to increase her storage space on the iFolder
server and to reset her pass phrase (she’s forgotten it).
As a result of this request and many others like it, you also decide to
decrease administration of pass phrases by setting the Remember
pass phrase option to be selected by default in the iFolder client.
Do the following:
1. Verify the current storage space allocated to AVALDEZ by
logging into the account:
a. From your workstation desktop system tray, right-click the
iFolder icon and select Login.
b. Enter the following:
❑ User ID: AVALDEZ
❑ Server: your iFolder server IP address or DNS name
Use the following IP addresses and DNS names:
Table 11-1 Your Server IP Address DNS Name
DA2 192.168.2.2 ifolder2.digitalairlines.com
c. Select Login.
d. For the pass phrase, enter novell; then select OK.

e. Right-click the iFolder icon in the system tray and select

Account Information; then select the Account
Information tab.
The total space on the server for the account is 200 MB.
f. Log out of the account by right-clicking the iFolder icon and
selecting Logout.
2. Log in to the iFolder Server Management Console:
a. From your workstation, start Internet Explorer.
b. Access the Server Management Console by entering one of
the following:
https://iFolder server IP address/iFolderServer/Admin
https://iFolder server DNS name/iFolderServer/Admin
x The URLs are case sensitive.
c. Log in as the iFolder server administrator by entering the

following:
❑ User: admin
The General Information page appears.
3. Increase Anita’s storage space to 400 MB:
a. Select User Accounts; then select avaldez/home.
b. In the Disk Quota field, enter 400; then select Change.
4. Verify the storage space increase by logging into iFolder as
AVALDEZ:
a. Right-click the iFolder icon in the system tray and select
Login.
b. For the password, enter novell; then select Login.
The Get Pass Phrase dialog appears. Notice that the
Remember pass phrase option is not selected by default.

Later in the exercise, you change the option to be selected

by default. This increases the chance that users will leave
the option selected and will not have to enter the pass
phrase each time they log in.
c. For the pass phrase, enter novell; then select OK.
d. Right-click the iFolder icon in the system tray and select
Account Information; then select the Account
Information tab.
The total space on the server for the account is increased to
400 MB.
e. Log out of the account by right-clicking the iFolder icon and
selecting Logout.
5. From the Server Management Console window, make sure the
iFolder server recognizes AVALDEZ as logged out of his
iFolder account by selecting Current Sessions.
There are no users listed.
6. Configure iFolder clients to have the Remember pass phrase
option selected by default:
a. From the Server Management Console, select Client
Policies.
b. For Save Pass Phrase, select On.
c. Scroll to the bottom of the page and select Update Policy.
7. Reset AVALDEZ’s pass phrase by deleting her iFolder account
and logging into the account:
a. From the Server Management Console, select User
Accounts > avaldez/home.
b. Scroll to the bottom of the page and select Remove User.
A Confirm Remove prompt appears.
c. Remove the account by selecting Yes.
The account and any data associated with the account are
removed from the iFolder server.

d. Right-click the iFolder icon in the system tray and select

Login.
e. For the password, enter novell; then select Login.
A New Internet Folder Setup dialog appears.
f. Continue by selecting OK.
The Get Pass Phrase dialog appears.
Notice that the Remember pass phrase option is selected.
g. For the pass phrase, enter ifolder twice; then select OK.
You are logged in to the account.
h. From the workstation system tray, right-click the iFolder
icon and select Account Information.
The files on the workstation in the iFolder directory are
synchronized with the iFolder server account.
i. Select Account Information.
Notice that the total space on the server for the account has
been reset to 200 MB.
j. Right-click the iFolder icon; then select Logout.
8. Reset the total space for AVALDEZ on the iFolder server to 400
MB:
a. From the Server Management Console, select User
Accounts > avaldez/home.
b. In the Disk Quota field, enter 400; then select Change.
9. Log in to the account to verify that the pass phrase is remembered
and that the total space on the server is reset to 400 MB:
a. Right-click the iFolder icon in the system tray and select
Login.
b. For the password, enter novell; then select Login.
Because the Remember pass phrase option was selected the
last time you logged in as AVALDEZ, you do not need to
enter the pass phrase when logging in this time.

c. From the workstation system tray, right-click the iFolder

icon and select Account Information.
d. Select the Account Information tab.
Notice that the total space on the iFolder server for the
account has been reset to 400 MB.
e. Right-click the iFolder icon; then select Logout.
10. From the Server Management Console, select Login/Logout >
Logout; then close the window.
(End of Exercise)
Install and Configure NFAP
You can use NFAP to eliminate the need to rely on Novell client
software to access NetWare server resources and files from a
Windows, Macintosh, and Linux/UNIX platform.
To use NFAP you need to understand the following:

■ Why Use NFAP
■ How NFAP Works
■ Features of Novell’s NFAP CIFS Implementation
■ How to Install NFAP for Windows
■ How to Configure NFAP for Windows
Why Use NFAP
In previous versions of NetWare, you accessed storage on a

NetWare server from a Windows, Macintosh, or Linux/UNIX
workstation by using the Novell client.

With NetWare 6 and NFAP, you can use the native client of the your
workstation operating system. Access to NetWare resources is
administered through user objects in eDirectory.
For example, if you are using a Windows 2000 Professional

workstation, you can access files using the Microsoft Client for
Microsoft Networks. You do not need to install Novell’s client
software to access the NetWare server.
All setup and configuration for NFAP is done on the NetWare

server. After you install NFAP and configure a user, the user can log
in to the NetWare server without the NetWare client.
How NFAP Works
Each operating system uses a specific protocol that allows it to

connect to a network. The way NFAP works depends on the
operating system you use.
For example, Windows uses Common Internet File System (CIFS)

to connect to files on the network. CIFS allows users with different
platforms and computers to share files without having to install new
software.
NFAP uses protocols such as CIFS to make the NetWare server look
like a Windows server, a Macintosh server, or a Linux/UNIX server.

The following shows the operating systems supported by NFAP and

the protocols used:
Figure 11-12 (slide) Windows Macintosh Web browser

UNIX
NW Client
NetWare
File protocols/open standards
NCP CIFS NFS AFP HTTP/WebDAV
Because NFAP handles each operating system differently, it is

important to understand how NFAP works with the operating
system and how to set up NFAP for the operating system.
b In this objective, you learn how to install and configure NFAP for Windows.
For information on setting up NFAP with the Macintosh, UNIX and Linux
operating systems, see “Novell Native Access File Protocols” at
http://www.novell.com/documentation/lg/nw6p/index.html.
Features of Novell’s NFAP CIFS Implementation
CIFS is a standard, native file-sharing protocol supported on several

platforms. With CIFS, users can open and share files on the Internet
without installing software and without changing how they work.

The Novell NFAP implementation of CIFS offers the following:

■ Requires no Novell client software.
The Microsoft client is required. Windows NT and 2000 install
the Microsoft client by default, but Windows 95 and 98 do not.
■ Takes advantage of NetWare 6 fundamentals such as the
following:
❑ Mature protocol stacks
❑ High performance file systems (traditional and NSS)
❑ Novell Modular Authentication Service (NMAS)
❑ File access managed by eDirectory
■ Allows users to be managed through eDirectory.
■ Allows NetWare servers to appear as Windows servers.
■ Ensures security using Microsoft’s native authentication
protocols, NMAS, and eDirectory.
■ Supports offline files and folders.
■ Is cluster-enabled.
How to Install NFAP for Windows
To install NFAP for Windows, you need to know the following:

■ Hardware and Software Requirements
■ How to Install NFAP for Windows
Hardware and Software Requirements
NFAP must be installed on a NetWare server and at least one

administrator workstation running Novell client software. Make
sure network components meet the following requirements:

■ NetWare server requirements. The server must have the

following configuration to run NFAP:
❑ NetWare 6.
❑ NMAS 2 or later.
During NFAP installation, NMAS 2.0 is installed, or earlier
versions of NMAS are upgraded to NMAS 2.0.
NMAS Starter Pack 1.0 is upgraded to NMAS Starter Pack
2.0. NMAS Enterprise Edition 1.0 is upgraded to NMAS
Enterprise Edition 2.0.
❑ If BorderManager Enterprise Edition 3.5 or later is running
in the same tree as the NetWare server, you must create the
Login Policy object (LPO).
■ Administrator workstation requirements. To install, set up,
and administer NFAP, make sure at least one administrator
workstation meets the following requirements:
❑ One of the following:
❑ Windows 95/98 running Novell Client for Windows
95/98 3.21.0 or later. Download the client software
from http://www.novell.com/download/.
❑ Windows NT/2000 running Novell Client for Windows
NT/2000 4.80 or later. Download the client software
from http://www.novell.com/download/.
❑ Novell International Cryptographic Infrastructure (NICI)
for Windows Strong Encryption 1.5.7 or later.
Install the NICI software from the Novell Client CD or
from the following:
support.novell.com/servlet/filedownload/pub/nw51sp3.exe.
NICI is required to use ConsoleOne.
■ User workstation requirements. To access NetWare servers
running NFAP, Windows workstations must be connected to
the network and must be running Windows 95/98/Me,
Windows NT 4.0, Windows 2000, or Windows XP.

In addition, Windows workstations must be running Client for

Microsoft Networks, which is a standard Windows NT and
2000 component you install by selecting Control Panel >
Network > Add > Client > Microsoft.
How to Install NFAP for Windows
To install NFAP, do the following:

1. Start the NetWare 6 installation wizard:
a. From your NetWare 6 server, insert the NetWare 6 CD.
b. From the server console prompt, mount the CD by entering
CDROM.
c. From the NetWare 6 server, press Ctrl+Esc and select X
Server -- Graphical Console.
d. Select Novell > Install.
e. From the Installed Products screen, select Add.
f. From the Source Path dialog, select the browse button.
g. Select NetWare6; then select OK.
h. Start the installation wizard by selecting OK.
2. From the Components dialog, select Clear All; then select
Novell Native File Access Pack.
4. Log in to the server by entering the admin name, password, and
context; then select OK.
5. From the LDAP Configuration dialog, continue by selecting
Next.
6. From the Components dialog, deselect Native File Access for
Macintosh and Native File Access for UNIX.

8. Configure Native File Access for Windows:

a. From the Server Properties dialog, enter the CIFS server
name and server comment that will appear in Network
Neighborhood.
The CIFS server name must be 11 or fewer characters and
must be different from the NetWare server name. The
server comment is optional.
b. Continue by selecting Next.
c. From the Authentication dialog, do one of the following:
❑ If users will authenticate using eDirectory, select
Local.
❑ If users will authenticate using a domain, select
Domain and enter the workgroup name and WINS
address.
Windows Internet Naming Service (WINS), a component
of Microsoft Windows NT and 2000 servers, manages the
association of workstation names and locations with IP
addresses without the user or an administrator having to be
involved in each configuration change.
Local authentication requires a simple password to log in to
a NetWare server; a simple password is not required for
domain authentication.
When NFAP is configured for domain authentication, you
cannot change the simple password or the NetWare
password using the Windows native Change Password
feature.
To change the password, use the Windows domain
management utilities.
d. Continue by selecting Next.
e. From the IP Addresses dialog, do one of the following:
❑ Enter the specific IP addresses that you want attached
to the CIFS file protocol.

❑ Attach to all IP addresses by selecting Enable CIFS

on all Addresses (recommended).
f. Continue by selecting Next.
g. From the Share Point Setup dialog, do one of the following:
❑ Select Share all Mounted Volumes.
❑ Specify additional NetWare volumes or folders that
you want to appear as share points in Network
Neighborhood.
To specify a new share point, deselect Share all Mounted
Volumes, select New, enter the path to the directory; then
enter a name and a description. The directory name must
end with a backslash (\) (such as SYS:\SYSTEM\).
h. Continue by selecting Next.
i. From the Contexts dialog, specify the eDirectory contexts
for all Windows users who need access to the server.
You can add a context by entering it in the Context field
and selecting Add.
The list of eDirectory contexts is maintained in
CIFSCTXS.CFG (and can be updated after installation).
j. Continue by selecting Next.
9. From the Summary window, make sure Native File Access for
Windows and Port Resolver are listed; then select Finish.
10. When installation is complete, select Close.
11. From the server remove the NetWare 6 CD; then from the server
console prompt restart the server by entering RESTART
SERVER.

How to Configure NFAP for Windows
After completing the installation, you must select or create user

objects and assign simple passwords before users can access the
network.
To create users and passwords in NFAP, you need to know the

following:
■ How to Create User Objects and Simple Passwords
■ How to Create Simple Passwords for Many Users
How to Create User Objects and Simple Passwords
Windows, Macintosh, and UNIX users can access network

resources using native protocols only after they have a user object
and a simple password.
NFAP incorporates the security of NetWare using passwords. The

simple password is required because it provides access to NetWare
servers for workstations not running Novell Client software.
Just like a NetWare password, the simple password is stored in

eDirectory. Users must have a simple password before they can
access network resources using native protocols.
When users access a network resource using their native methods

(such as Network Neighborhood or My Network Places), they enter
their NetWare username and simple password (which is verified by
NetWare).
The user object specifies attributes and information about which

network resources the user can access.

To create user objects and assign simple passwords,

1. From your administrator workstation, log in as a user with admin
rights and start ConsoleOne.
2. Select an existing user object, or create a user object by
right-clicking the appropriate container and selecting New >
User.
3. Assign a simple password:
a. Right-click the user object and select Properties > Login
Methods > Simple Password.
Figure 11-13
b. Enter a simple password in the fields provided.

If the simple password is different than the NetWare
password, the user must enter the simple password when
accessing the network with native protocols.
The user enters the NetWare password when logging in
with the Novell client software.
4. Repeat Steps 2 and 3 for each user that requires network access
using NFAP.
You have now created simple passwords for user objects in
NetWare.

Users can now use their native access methods (such as Network
Neighborhood or My Network Places) to access network resources.
Users enter their NetWare username and their simple password, as

shown in the following:
Figure 11-14
How to Create Simple Passwords for Many Users
You can create simple passwords for users one at a time using
ConsoleOne, but if you want to create passwords for many network
users, use NetWare Remote Manager.
To create simple passwords for many users, do the following:

1. Run NetWare Remote Manager.
2. From the left frame, select Manage eDirectory > NFAP
Security.

Figure 11-15
3. Configure one or more of the following options:

❑ NDS Context. Use to create a simple password for each
user object found in the specified context.
❑ Traverse Context Tree for User Objects. Use to search
the tree for user objects and create passwords for each one.
❑ User Supplied Password. Use to supply the simple
password for all users receiving new simple passwords.
❑ Generate Script File. Use to create a file that contains the
scripting commands necessary to create simple passwords
based on the NFAP Security preferences you selected.
Enter this filename in the Process Script File box.
❑ Process Script File. Use to enter the Process Script File
name if you want this file processed and the commands
completed to create simple passwords.
4. When you finish, process the configuration by selecting Start.

Exercise 11-4 Install and Configure NFAP
a 20 minutes As a network administrator for Digital Airlines, you have received a

request for access to NetWare volumes and directories from
Windows NT/2000 workstations that do not have the Novell client
installed.
You decide to install and configure NFAP to meet this request.
Do the following:
■ Part I: Install NFAP for Windows
■ Part II: Set Up Client Access
■ Part III: Test Native File Access for Windows
Part I: Install NFAP for Windows
To install NFAP, do the following:

CDROM.
c. Press Ctrl+Esc and select X Server -- Graphical Console.
Novell Native File Access Pack.

4. Log in to the server by entering the following:

❑ User Name: ADMIN
❑ User Password: novell
❑ User Context: SLC.DIGITALAIR
5. Continue by selecting OK.
Next.
7. From the Components dialog, deselect Native File Access for
Macintosh and Native File Access for UNIX.
9. Configure Native File Access for Windows:
a. From Server Properties, for the server name enter
DAx_CIFS.
If your clients are running both the Novell client and the
client for Microsoft networks, do not enter the NetWare
server name. The client code might get confused between
the 2 protocols.
b. In the Server Comment field, enter CIFS Server.
This comment appears through My Network Places and
Network Neighborhood.
c. Continue by selecting Next.
d. In Authentication, make sure Local is selected; then select
Next.
e. In IP Addresses, make sure Enable CIFS on all Addresses
is selected; then select Next.
f. In Share Point Setup, make sure Share all Mounted
Volumes is selected; then select Next.
g. In Contexts Setup, accept the default context by selecting
Next.

10. From the Summary window, make sure Native File Access for
Windows and Port Resolver are listed; then select Finish.
A Product Conflict message appears indicating that you have a
newer or identical version of LDAP services on your computer.
11. Continue by selecting No.
13. From the server, remove the NetWare 6 CD.
RESTART SERVER.
Part II: Set Up Client Access
After the server is restarted, do the following:

your NetWare server.
3. On volume DATA, create a USERS directory:
a. Browse to and right-click the DAx_DATA volume object;
then select New > Object.
b. Select Directory; then select OK.
c. For the directory name, enter USERS; then select OK.
4. Create a JJACKSON user object with a home directory:
a. Right-click the SLC.DigitalAir container; then select New
> User.
b. Enter the following:
❑ Name: JJACKSON
❑ Surname: JACKSON
Do not assign a simple password at this point. You assign
the simple password later.

c. Select Create Home Directory; then select the browse

button.
d. Browse to and select the USERS directory in the
DAx_DATA volume; then select OK.
e. Continue by selecting OK.
f. For the password enter novell; then select Set Password.
5. In the SLC container, right-click user JJACKSON; then select
Properties.
6. Select Login Methods > Simple Password.
7. For the simple password enter netware6; then select OK.
Part III: Test Native File Access for Windows
After installing NFAP for Windows on your NetWare server and

setting up a simple password for a user, you can access NetWare
files without using the Novell client to authenticate to NetWare:
1. Detach from DIGITALAIRTREE:
a. From your workstation, right-click the red N in the system
tray.
b. Select Netware Connections.
c. In the connections list, select DAx; then select Detach.
d. Verify that you are no longer attached to DAx or
DIGITALAIR-TREE-x by selecting Refresh.
The connections list is empty.
e. Close the NetWare Connections window by selecting Close.
2. From your workstation, double-click MY NETWORK
PLACES > ENTIRE NETWORK; then select the Entire
Contents link.

3. Double-click MICROSOFT WINDOWS NETWORK >

WORKGROUP.
Server DAx_CIFS appears as a computer in the workgroup.
4. Double-click DAx_CIFS.
You are prompted to log in.
5. Log in by entering jjackson (lowercase) as the username and
netware6 as the password; then select OK.
You might have to enter the name and password twice before
your login attempt is accepted. You should see NetWare
volumes appear as share points.
x If your password is the same for Windows as it is for CIFS access, you
are not prompted for a password and the user credentials are passed to
the NetWare CIFS server.
6. (Optional) Use the following as another way to gain access to a

CIFS server:
a. Right-click My Network Places and select Search for
computers.
b. Enter DAx_CIFS; then select Search Now.
c. Double-click DAx_CIFS when it appears.
You should see NetWare volumes appear as share points.
x If you want to test Native File Access for Windows without the Novell client
installed, remove the client by running C:\NOVELL\NETWARE
CLIENT\CLIENT32\NOVELL\ENG\WIN95\ADMIN\UNC32.
(End of Exercise)

Install and Configure NetStorage
To implement NetStorage on your network, you need to understand

the following:
■ What NetStorage Is
■ How to Install and Configure NetStorage
■ How to Start and Use NetStorage
What NetStorage Is
NetStorage is a NetWare Web Access gadget for accessing your

NetWare file storage system. A gadget represents a window or a link
to specific content from the NetWare Web Access page.
(NetWare Web Access is a Java servlet based on Novell Portal

Services technology. NetWare Web Access provides several gadgets
that allow network administrators to easily and quickly set up web
access to network resources for their users.)
NetStorage gives users secure file access from any Internet location,
with nothing to download or install on the workstation. Files and
folders on a Novell network can be accessed using either a browser
or Microsoft Web Folders.
Access is provided by using the native client of the operating

system. No special Novell client is required (such as the iFolder
client or the Novell Client) to access network files.
NetStorage includes the following features:

■ Lets users securely copy, move, rename, delete, read, and write
files between any Internet-enabled machine and a Novell
network
■ Eliminates the need to email or copy data from one machine to
another

■ Supports Internet standards such as HTTP, HTTPS, HTML,

XML, and WebDAV
■ Provides a gadget for NetWare WebAccess so users can get
access to network files and folders through the NetWare
WebAccess page
How to Install and Configure NetStorage
NetStorage is an optional component of NetWare 6. It can be

installed either during or after the initial installation of NetWare 6.
You configure NetStorage during its installation. If you need to

make any configuration changes to NetStorage, you must re-install
the product. There are no post-installation configuration options.
Generally, NetStorage does not need to be installed on more than

one server on your network. Large and enterprise-sized networks
can vary from this general rule depending on their needs.
Before you install NetStorage, you must understand the following:

■ Network and Workstation Requirements
■ How to Install NetStorage After NetWare 6 Installation
Network and Workstation Requirements
Your network and its user workstations must meet the following
requirements to support NetStorage:
■ There must be at least one NetWare 6 server in the eDirectory
tree where NetStorage will be installed.
■ Workstations must have Netscape Navigator 4.7 or later or
Internet Explorer 5.0 or later, or Microsoft Web Folders.

How to Install NetStorage After NetWare 6 Installation
If you did not install NetStorage during NetWare 6 installation, you

can install it later by completing the following steps:
CDROM.
c. From the NetWare 6 server, press Ctrl+Esc and select X
Server -- Graphical Console.
Novell NetStorage.
4. Log in to the server by entering the admin name, password, and
Next.
6. At the NetStorage Install window, specify the ip_address or
dns_name of a server in your eDirectory tree that has the master
replica or a read/write replica of eDirectory.
This is known as the primary server.
The server that NetStorage is installed on does not have to be
the primary server, but the primary server’s IP address or DNS
name is required for NetStorage to function properly.

This IP address or DNS name is used when a user attempts to

log in to NetStorage. At this point NetStorage searches the
eDirectory database on the primary server that you specify
during installation.
When NetStorage finds the user in the eDirectory database,
NetStorage authenticates the user to eDirectory.
When you enter the primary server’s IP address or DNS name
at the NetStorage Install window, you can indicate the
eDirectory context of users that will use NetStorage.
This context is indicated by inserting a colon after the primary
server’s IP address or DNS name and then entering the
eDirectory context.
For example, if your NetStorage users are all in the
DIGITALAIR container, you can enter
192.168.1.81:DIGITALAIR.
7. (Optional) If you want, specify additional eDirectory contexts or
primary servers from other eDirectory trees.
8. (Optional) Use the final field in the NetStorage Install window to
specify the IP address or DNS name and port number of the
iFolder server.
If you are demonstrating Providing this information gives NetStorage users access to
NetStorage installation, do not files and directories on the iFolder server.
restart the server.
9. After you configure NetStorage, continue by selecting Next.
10. From the Summary window, make sure Novell NetStorage and
Port Resolver are listed; then select Finish.
12. From the server, remove the NetWare 6 CD; then from the
server console prompt, restart the server by entering RESTART
SERVER.

How to Start and Use NetStorage
You start NetStorage on the server by restarting the server after

NetStorage is installed.
To use NetStorage from the client, you need the date and time on
the server and on any workstation used to access NetStorage to be
reasonably close.
After these conditions are met, do the following to access

NetStorage.
1. Use a browser or Microsoft Web Folders to access the
NetStorage URL.
The URL is http://server_ip_address/NetStorage. The URL is
case sensitive. Replace server_ip_address with the IP address
or DNS name of the server where you installed NetStorage.
x If entering server_ip_address does not work, try adding the Apache web
server port number (such as http://192.168.2.1:80/NetStorage).
The default port number for the Apache web server is 80 or 443.
2. Enter your eDirectory user name and password.

At this point NetStorage reads user login scripts, drive
mappings, and user object properties to determine the location
of home directories.

The NetStorage web page then displays the network files and
folders accessible to you in a page similar to the following:
Figure 11-16
Folders and files are displayed that you can manipulate as you do in
Windows Explorer. The same conventions are used to expand and
close directories and to open, move, delete, copy, and rename files.
Local files and folders are not accessible. Also, you cannot map
drives or change login scripts from within the NetStorage web page.
The directories and files in all contexts and eDirectory trees that you
specify during NetStorage installation are available.
This is useful if a user normally logs in to more than one eDirectory

tree and you want that user to access home directories in those trees.
The user object name must be the same in each eDirectory tree.

Exercise 11-5 Install and Configure NetStorage
a 10 minutes In addition to installing NFAP to provide access to NetWare

volumes and directories without a Novell client, you decide to test
NetStorage as an alternative solution.
Do the following:
■ Part I: Install and Configure NetStorage
■ Part II: Test Your Installation of NetStorage
Part I: Install and Configure NetStorage
To install NetStorage on DAx, you need to do the following:

CDROM.
c. Press Ctrl+Esc and select X Server -- Graphical Console.
Novell NetStorage.
4. Log in to the server by entering admin name, password, and


Next.
A NetStorage Install window appears.
Notice that the DNS name of your primary eDirectory server
points to a SLC.DIGITALAIR context for NetStorage users.
However, most of your employees are included in subcontainers
of SLC.digitalair. To give NetStorage access to all containers
(and all users) in the tree, remove the context.
6. Delete the colon and SLC.DIGITALAIR from the DNS primary
eDirectory server name.
For example, if you see the following:
DA2.DIGITALAIR.COM:SLC.DIGITALAIR
Change it to the following:
DA2.DIGITALAIR.COM
7. Make sure the iFolder server field is filled in; then select Next.
Providing the iFolder server IP address gives NetStorage users
access to files and directories on the iFolder server.
8. From the Summary window, make sure Novell NetStorage and
NetWare Port Resolver are listed as products to be installed.
9. Start the NetStorage installation by selecting Finish.
A Product Conflict message appears indicating that you have a
newer or identical version of LDAP services on your computer.
10. Continue by selecting No.
12. From the server, remove the NetWare 6 CD.
RESTART SERVER.

Part II: Test Your Installation of NetStorage
With NetStorage installed, you can test the service.
Do the following:
1. From your workstation, use ConsoleOne to create a
CSWENSON user object:
a. Start ConsoleOne.
b. Right-click the SLC.DigitalAir container; then select New
> User.
c. Enter the following:
❑ Name: CSWENSON
❑ Surname: SWENSON
d. Select Create Home Directory; then select the browse
button.
e. Browse to and select the USERS directory in the
DAx_DATA volume; then select OK.
f. Continue by selecting OK.
g. For the password enter novell; then select Set Password.
2. From your workstation, use the Novell client to log in as
CSWENSON with a novell password.
3. Map a drive to the home directory for CSWENSON in
DAx_DATA:
a. From your workstation desktop, right-click My Network
Places and select Novell Map Network Drive.
b. Select a drive letter to map; then select Browse.
c. Select the CSWENSON directory in DATA\USERS on
DAx; then select OK.

4. Add files to the CSWENSON directory by doing one or more of

the following from your workstation:
❑ Use Notepad to create and save a NETEST text file to the
directory.
❑ Using other applications, create and save files to the
directory.
❑ Copy existing files to the directory.
5. Use Novell NetStorage at the workstation:
a. Start Internet Explorer.
b. Enter the following URL to log in to NetStorage (the URL is
case sensitive):
http://DAx.digitalairlines.com/NetStorage
c. (Conditional) If a Security Alert dialog appears, continue by
selecting Yes.
An Enter Novell Password dialog appears.
d. Log in as user CSWENSON.SLC.DIGITALAIR with the
password novell.
The NetStorage home page for CSWENSON appears.
e. (Conditional) If a Folder View button appears at the bottom
of the page, select the button.
f. Explore the files and directories accessible to CSWENSON:
❑ Select the Down-arrow next to each folder or filename.
❑ Select one or more menu options.
g. Download a file to your workstation by selecting the
Down-arrow next to the file; then select Download.
6. Log out by selecting the Exit button.
7. Close the dialog.
(End of Exercise)

Install and Configure NetDrive
NetDrive lets you map a drive to any NetWare server using a

NetDrive client instead of the Novell client. This means that you can
access your files on any server and modify them as if you were
using Windows Explorer.
To understand how to implement NetDrive on your network, you

need to know the following:
■ How NetDrive Works
■ How to Install and Launch NetDrive
■ Using NetDrive
How NetDrive Works
You can connect to a NetWare server with NetDrive using the

following protocols:
■ WebDAV. Web Distributed Authoring and Versioning
(WebDAV) is a standard enhancement to HTTP, turning the
web into a document database that enables collaborative
creation, editing, and searching from remote locations.
HTTP only supports the reading of files, but WebDAV enables
documents to be written using HTTP.
Because of WebDAV's version control, web users can use a web
browser to write, edit, and save shared documents without
overwriting each others' work.
To use WebDAV with NetDrive, you must use eDirectory as
your directory service and Internet Explorer as your browser.
■ FTP. FTP is a protocol used to transfer files over a TCP/IP
network. For example, after developing HTML pages for a web
site on a local machine, the pages are typically uploaded to a
web server using FTP.

FTP includes functions to log in, list directories, and copy files.
It can also convert between the ASCII and EBCDIC character
codes.
FTP operations can be performed at a command prompt or
through an FTP utility running under a graphical interface such
as Windows. FTP transfers can also be initiated from within a
web browser by entering ftp:// followed by the URL.
FTP handles binary files directly and does not add the overhead
of encoding and decoding the data.
NetWare FTP Server provides the service for transferring files
to and from NetWare volumes. FTP Server can be used to post
or retrieve files from your NetWare file server.
■ iFolder. iFolder is a Novell product that allows you to access
files from anywhere. You install the iFolder client and log in
and your files are downloaded to your workstation.
You use the iFolder protocol with NetDrive if you are
connecting to iFolder servers in a thin-client environment.
x Thin client normally refers to a low-cost, centrally-managed computer

without CD players, diskette drives, and expansion slots.
How to Install and Launch NetDrive
To install NetDrive you must do the following:

■ Meet Operating System/Protocol Compatibility Requirements
■ Meet Application Compatibility Requirements
■ Install NetDrive

Meet Operating System/Protocol Compatibility Requirements
NetDrive requires only 2 MB of available space on your workstation

hard drive to install and run the NetDrive client.
Operating systems and protocol compatibility are also important

considerations. The following explains which desktop operating
systems are compatible with each NetDrive protocol:
Table 11-2 Protocol Operating System
iFolder Windows NT and 2000
FTP Windows 95, 98, Me, NT, and 2000
WebDAV (HTTP) Windows 95, 98, Me, NT, and 2000
WebDAV + SSL (HTTPS) Windows NT and 2000
Meet Application Compatibility Requirements
Make sure you do the following if you are running these

applications with NetDrive:
■ ZoneAlarm. If you use ZoneAlarm, set the Internet security
level to medium to allow NetDrive to access the web server.
■ F-Secure Antivirus and KasperSky Antivirus. If you use
these antivirus programs on Windows NT or 2000, disable them
while you use NetDrive; otherwise, your workstation might
hang.

Install NetDrive
To install NetDrive, do the following:

1. From your workstation, insert the NetWare 6 Client CD.
The CD autoruns and launches the Novell Client Installation
program.
2. Select Novell NetDrive Client 4.0.
3. Follow the installation instructions on the screen.
When you select Finish on the last installation screen, Windows
Explorer launches and 3 shortcuts appear in an Explorer
window: NetDrive, Help on NetDrive, and Uninstall NetDrive.
4. Double-click the NetDrive shortcut icon.
The NetDrive main window appears.

Using NetDrive
From the following NetDrive main window, you perform basic

NetDrive tasks:
Figure 11-17
These tasks include the following:

■ Add a Site
■ Map a Drive and Connect to a Server
■ Copy Files
Add a Site
To add a site to NetDrive, do the following.

1. From the NetDrive main window, select New Site.
2. Enter the name of your site and the URL for the NetWare 6 server
in the appropriate fields of the New Site dialog.

If you omit FTP or HTTP from the URL, NetDrive defaults to

FTP. You can also specify a port number in this field.
If you want to connect using WebDAV and SSL encryption, use
HTTPS in the URL.
When you complete these steps, you create a site, but you must still
map a drive and connect to a NetWare 6 server to use NetDrive.
Map a Drive and Connect to a Server
To map a drive for NetDrive, do the following:

1. From the NetDrive main window, select the Server Type
drop-down menu.
2. Select the protocol that your NetWare 6 server is using; then
select the drive letter that you want to use for your mapped drive.
❑ Select the Anonymous/Public Logon box (usually used
when the NetWare 6 server is running FTP).
❑ Deselect the Anonymous/Public Logon box and enter your
username and password.
4. (Conditional) If you are using the iFolder protocol to connect,
enter your pass phrase.
5. (Optional) Select any of the following:
❑ Save your password
❑ Connect to your mapped drives upon login
❑ Add a mapped drive to the tray connect menu
6. (Optional) Configure downloading, caching, and file locking
properties for your NetDrive site by selecting Advanced.

The following is an example of a completed drive mapping in

NetDrive, using the iFolder server type:
Figure 11-18
7. After you complete the information needed to map a drive, select

Connect.

As soon as NetDrive maps the drive, Windows Explorer

launches, with the drive letter that you just mapped appearing in
the left pane:
Figure 11-19
Copy Files
To copy files, use the DOS COPY command or cut and paste with
Explorer. To disconnect from the server, right-click the drive icon in
Explorer and select Disconnect.
x Because a connection can be interrupted in the middle of a file transfer, keep

a backup copy of files that are transferred or modified on your server.

Exercise 11-6 Install and Configure NetDrive
a 10 minutes As part of the initiative at Digital Airlines to provide

anytime/anywhere access to files stored on the NetWare 6 server,
you decide to test and implement NetDrive using the iFolder
protocol that you’ve already installed.
Do the following:
DAx.
2. Install NetDrive on your workstation:
a. From your workstation, insert the Novell Client CD.
b. From the Novell Client Installation window, select English;
then select Novell NetDrive Client 4.0.
c. From the Choose Setup Language dialog, select English;
then select OK.
d. From the Welcome window, select Next.
e. Accept the Software License Agreement by selecting Yes.
f. From the Choose Destination Location window, select Next.
g. Do one of the following:
❑ If a NetDrive Install Complete window appears, select
Yes I want to restart my computer now; then select
Finish and remove the Novell Client CD.
❑ If a NetDrive window appears, close the window and
close the Novell Client Installation window; then
remove the Novell Client CD and restart the
workstation.
3. After Windows 2000 restarts, add a site to NetDrive on your
workstation:
a. Log in to DAx as admin with a password of novell.
b. Select Start > Programs > NetDrive > NetDrive.
c. In the NetDrive window, select New Site.

d. As the name for you new site, enter MyServerFiles.

e. As the site address, enter http://your server iFolder IP
address.
f. Select Finish.
4. Map a drive to the MyServerFiles site on your workstation using
the iFolder protocol:
a. From the Server type drop-down menu, select iFolder.
b. From the Drive drop-down menu, select N:.
c. Select Connect at login/startup.
d. Deselect Anonymous/Public login.
e. Enter the following information in the appropriate fields:
❑ Username: AVALDEZ
❑ Pass phrase: ifolder
❑ If you did not complete Exercise 11-3, enter novell for
the pass phrase.
f. Select Connect.
A Windows Explorer window appears with MyServerFiles
on ‘NetDrive’ (N:) highlighted.
5. Test the NetDrive setup and configuration:
a. Copy files to and from the MyServerFiles on ‘NetDrive’
(N:).
b. From the desktop system tray, log in to iFolder by
right-clicking the iFolder icon in the system tray and
selecting Login; then enter the following:
❑ User ID: AVALDEZ
❑ Server: DAx IP address
c. Select Login.

d. From the desktop system tray, right-click the iFolder icon

and select Account Information; then select View Activity.
Notice that new files copied to MyServerFiles are
synchronized with ALVAREZ’s iFolder home directory.
Also, files created in or saved to the iFolder home directory
are synchronized with NetDrive if you disconnect and
reconnect your drive mapping.
6. Log out of iFolder by right-clicking the iFolder icon and
selecting Logout.
7. Close the MyServerFiles window.
(End of Exercise)
Summary
Objective Summary
1. Set Up and After creating NSS storage pools and logical

Configure NSS volumes on your NetWare server, you might
need to perform additional setup and
configuration tasks, such as the following:
■ Convert a traditional volume to an NSS volume
■ Configure user space restrictions
■ Configure directory space restrictions
■ Set cache buffers
■ Set up file snapshot
■ Set up file snapshot
■ Enable transaction tracking system (TTS) on
logical volumes

Objective Summary
2. Monitor, Manage, After you set up and configure NSS, you might
and Rebuild NSS need to perform the following to monitor,
Storage Space
manage, and rebuild NSS storage space:
■ View the status of NSS volumes
■ Mount or dismount NSS logical volumes
■ Activate or deactivate NSS pools and logical
volumes
■ Delete NSS pools and logical volumes
■ Restore or purge deleted NSS logical volumes
■ Verify and rebuild NSS pools
3. Set Up User In this objective, you configured and tested the

Access to the following network services that provide access
Server File System
to NetWare files and resources:
■ Perform iFolder management tasks
■ Install and configure NFAP
■ Install and configure NetStorage
■ Install and configure NetDrive

Novell Network Management / Instructor Guide Perform Backup and Restore Tasks with NetWare 6 Backup Utilities
SECTION 12 Perform Backup and Restore Tasks

with NetWare 6 Backup Utilities
Duration: 3 hours In this section, you learn to back up and restore NetWare file
systems, eDirectory, and workstation file systems using the
SMS-compliant backup utilities provided with NetWare 6.
Objectives
1. Set Up SMS for SBCON and NWBACK32
2. Back Up Data with SBCON and NWBACK32
3. Restore Data with SBCON and NWBACK32
4. Identify eDirectory Recovery Procedures
Introduction
The exercises in this section use a Novell Storage Management Services (SMS) is a collection of
tape drive emulator. software components that provides backup and restore services
independent of operating systems and hardware.
Because the emulator does not
accurately represent the length of Using an SMS-compliant backup application (such as SBCON or
time required for backing up and VERITAS Backup Exec for NetWare) with installed SMS
restoring data and cannot restore components, you can back up data from eDirectory, file systems,
data, consider using a hardware and cluster-enabled pools to backup media (such as a tape) that can
tape drive to demonstrate the
be stored on or offsite.
backup process.
If you have a hardware failure, natural catastrophe, corrupted data,
or incorrectly deleted or changed data, you can recover a previous
version of the data from the backup media.

Scenario
As network administrator for your Digital Airlines office, you have

been using a popular SMS-compliant backup and restore software
package to perform regular backups of NetWare server volumes,
workstation directories, and eDirectory.
You install the latest service pack for NetWare 6 and notice that
your backup and restore software begins having problems.
After contacting a support operator at the software company, you

are told that the company is aware of the problem and will provide a
software patch in the next few weeks on their support web site.
Because it is critical that you continue regular backups of your

servers and workstations, you decide to try using one of the backup
and restore utilities that ship with NetWare 6 (SBCON and
NWBACK32) until the software patch is available.
Objective 1 Set Up SMS for SBCON and NWBACK32

NetWare 6 provides 2 backup and restore utilities—SBCON and
NWBACK32.
Before setting up and using these utilities, you need to know the
following:
■ The Components of SMS
■ Data Sets and SMS Services
■ How to Set Up and Start SBCON and NWBACK32
■ SMS Log and Error Files

b SBCON also supports backup and restore of Novell Cluster Services

cluster-enabled pools. For more information, see “Storage Management
Services (Backup and Restore)” at http://www.novell.com/documentation/
lg/nw6p/index.html.
The Components of SMS
The following are the basic components of SMS:

■ Storage Management Engine (SME). The SME is central to
the SMS architecture. It is the backup program that
communicates with the network clients to back up and restore
information.
Novell provides the SBCON utility as a basic SME for
NetWare. SBCON has 3 modules:
❑ User interface. This component creates a job and submits
it to the eDirectory queue.
The SBCON interface runs on a NetWare 6 server and is an
NLM that provides a graphical text interface for backing up
and restoring data.
You can also use the NWBACK32 utility. NWBACK32
runs on a Windows workstation and provides a graphical
interface for backing up and restoring data.
SBCON and NWBACK32 provide the same set of features
for managing backup and restore tasks.
❑ Q Manager (QMAN). This component takes the job from
the eDirectory queue.
QMAN facilitates multiple job scheduling plus other
features. Loading QMAN automatically loads the backup
engine. The user interface can be loaded after you load
QMAN.
❑ Backup Engine. This component processes and completes
the job.

Many network administrators use third-party products such as

VERITAS Backup Exec for NetWare or ARCServe for NetWare
as the SME component of SMS.
■ Target Service Agents (TSAs). A TSA is a software module
that understands how to scan, read, and write target data.
In SMS, a target is any machine on the network that requires
backup or restore services.
Examples of targets include SQL database engines, eDirectory
databases, workstations, and NetWare servers.
The TSA packages data from the target and presents it to the
SME in a generic format. This allows one SME to interact with
many types of TSAs.
For example, a TSA for a NetWare server understands items
such as name spaces, file and directory attributes, and security
privileges for the data on that server.
The following TSAs are provided in NetWare 6:
Table 12-1 Target TSA
NetWare 6 TSA600
eDirectory TSANDS
Windows 95/98 workstation W95TSA
Windows NT/2000 workstation TSAPREFS

TSAMAIN
TSAPROXY (loaded on host
server)
GroupWise data GWTSA
■ Storage Management Data Requester (SMDR). SMDR is the

component in the SMS architecture that communicates between
the SME and the TSA.

The SMDR APIs are used by SBCON and third-party

applications to provide transparent access (locally or remotely)
to SMS services.
■ Storage device interface. This component passes information
between the SME and the storage device (such as a tape drive).
■ Device drivers: These drivers are used to control the behavior
of storage devices.
Data Sets and SMS Services
A data set is a collection of related data records on a

computer-readable medium, such as a hard disk or a tape.
When using an SME such as SBCON, you can configure data sets
to back up or restore specific data.
To understand how to specify these data sets, you need to know the
following:
■ Parent and Child Classifications
■ Subsets and Include and Exclude Options
Parent and Child Classifications
Each data set in a file system structure can be classified as a parent

or a child, and each class includes different types of data items.
A parent might be a server, eDirectory, a volume, or a directory. A

child is a file, which is the lowest level of the directory structure.
The unit below a parent is not necessarily a child; it might be

another parent, or the line might end with the parent. The unit above
a child must always be a parent.

For example, A2WIDGET.EXE in the following is a child of

PROJECT:
Figure 12-1 (slide) SYS Public Project A2ZCO

Mail A2WIDGET.EXE
System
Login Report January.prj
Febuary.prj
HOME NetUsers Karl March.prj
Appl
Proposal Tessier.Inc
Nu_Artco
Mary Training Workbook

Viewgraph
Script
Parents (all units above final) Scheduals June

July
Children (final units only) August
Items in a data set for either a parent or child should be items that
do not frequently change.
SBCON and NWBACK32 let you overwrite all existing parents or

children. Children can be overwritten only if the date on the data set
on the hard disk is more recent than the date of the data set backup.
Subsets and Include and Exclude Options
A subset is a specific portion of a data set that you want to back up

or restore. SBCON and NWBACK32 let you designate subsets of
data by using exclude and include options.
The following helps you understand how to specify data subsets

using include and exclude options:
■ Guidelines for Using Include and Exclude
■ Include and Exclude Examples

Guidelines for Using Include and Exclude
To back up most of the file system structure or eDirectory tree

structure while omitting only a small part, use the exclude options
of SBCON and NWBACK32 to omit the part you do not want to
back up. Everything you do not specifically exclude is included.
After you exclude part of the structure such as a volume, directory,

or container, you cannot include any subdirectories, files, or objects
beneath that excluded volume, directory, or container.
To back up a small part of the file system structure, use the include
options of SBCON and NWBACK32 to specify the data you want.
Everything you do not specifically include is excluded.
When you select only part of the file system structure to include
(such as a volume), all directories, subdirectories, and files under
that selection are included in the backup by default.
Include and Exclude Examples
Volume SYS in the following is selected as an include option:

Mail Widget.exe
System
Febuary.prj
Appl
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files

All other areas of the file system structure (such as volume HOME)
are excluded from the backup or restore. You can exclude some
subdirectories or files beneath your selection (such as the SYSTEM
directory) if necessary.
The same principle applies when you specify a directory with the
include option.
The following shows that all directories, subdirectories, and files

under the NETUSERS directory are included in the backup:

Mail Widget.exe
System
Febuary.prj
Appl
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
All other areas of the file system structure are excluded from the
backup.
By combining the include and exclude options, you can control

what is backed up.

For example, the following backup includes the volume HOME in a

backup with the exception of the MARY directory and the
WIDGET.EXE file:

Mail A2WIDGET.EXE
System
Febuary.prj
Appl
Nu_Artco
Mary Training Workbook

Viewgraph
Script
Parents (all units above final) Scheduals June

July
Children (final units only) August
You do this by including HOME, and then excluding MARY and

WIDGET.EXE.
How to Set Up and Start SBCON and NWBACK32
The following provides the information you need to know to set up

and start the NetWare 6 backup utilities:
■ How to Configure SMS for SBCON and NWBACK32
■ How to Start and Exit SBCON and NWBACK32
■ Guidelines for Using SBCON and NWBACK32

How to Configure SMS for SBCON and NWBACK32
You need to do the following to configure SMS for using SBCON

and NWBACK32:
■ Load the Controller and Storage Device Drivers
■ Load the TSAs
■ Load SMS on the Host Server
Load the Controller and Storage Device Drivers
Controller and storage device drivers control mechanical operations

such as read, write, forward, back, and stop for various storage
devices and media.
Make sure you have installed the controller and storage device
according to the hardware manufacturer’s instructions.
When NetWare 6 is installed, the device drivers are placed in the

STARTUP.NCF file.
You can add drivers by doing one of the following:

■ From the server console prompt, enter the following:
LOAD PATH controller_device_driver_name
LOAD PATH storage_device_driver_name
For example, to load drivers, your might enter the following:
LOAD SCSI154X.HAM PORT=24
LOAD SCSI2TP.CDM
■ Place the same LOAD commands in STARTUP.NCF; then
restart the server.

■ From NWCONFIG, select Driver Options > Configure Disk

and Storage Device Drivers; then do one of the following:
❑ Select Discover and Load Additional Drivers.
If the drivers exist, it loads the drivers.
❑ Select Additional Driver; then select a driver from the
displayed list.
If you loaded HAM drivers, of if you added an external device,

enter the following at the server console prompt:
LIST DEVICES
To register the storage device with the system, enter the following at
the server console prompt:
SCAN FOR NEW DEVICES
If you load the drivers from STARTUP.NCF or NWCONFIG, you

do not need to use the SCAN FOR NEW DEVICES command.
Load the TSAs
Follow these general instructions to load TSAs on the servers and

workstations you want to back up:
Table 12-2 To Back Up or

Restore From Enter the Command
NetWare 6 Target server TSA600
eDirectory database A NetWare 4 or later LOAD TSANDS

target server
DOS partition on Target server TSADOSP

NetWare server
Windows Host server LOAD TSAPROXY

workstations

Table 12-2 (continued) To Back Up or

Restore From Enter the Command
Windows 95 and 98 Target workstation W95TSA.EXE

This is installed with
the Novell Client.
Windows NT and Target workstation TSAPREFS.EXE,

2000 TSAMAIN.EXE
These are installed
with the Novell client.
You must perform a
custom install and
select the Novell
Target Service Agent
component.
GroupWise data Target workstation GWTSA
x Remember that a host server is the server from which you are controlling
backup and restore of information on a target server or workstation.
Follow these general guidelines when backing up or loading the

software:
■ Backing up the eDirectory database. Load TSANDS.NLM
once on the server with a replica of the largest partition.
■ Backing up the file system. Load TSA600.NLM for its server
and on every server to be backed up.
■ Backing up workstations. Load the appropriate TSA on the
workstation.
■ Loading the files when the server starts. Place the commands
in the server’s STARTUP.NCF file, and in the workstation’s
NET.CFG file, AUTOEXEC.BAT file (for DOS), or Startup
folder (for OS/2).

Load SMS on the Host Server
After loading the controller, device drivers, and TSAs, you can load
the SMS NLMs on the host server (the server from which you are
controlling backup and restore).
To load the SMS NLMs, from the server console prompt enter
SMSSTART.
NLMs such as TSA600.NLM, TSAPROXY.NLM, and SMDR.NLM

are loaded with default configuration values.
How to Start and Exit SBCON and NWBACK32
With SMS running on the host server, do the following:

■ Start and Exit SBCON
■ Start and Exit NWBACK32
Start and Exit SBCON
To start and exit SBCON, do the following:

1. From the server console prompt, enter SBCON.
The NetWare Backup/Restore dialog appears.
2. Perform backup and restore tasks.
When you finish using SBCON, exit SBCON and unload the
SMS modules to free memory on your host server or target.
3. Exit SBCON by pressing Esc until you reach the main menu;
then press Esc and select Yes.
4. Unload the SMS modules at the prompt by entering SMSSTOP.
x If a warning indicates that an NLM is being used by another NLM,

consider keeping the module loaded. Otherwise, your server can abend.

Start and Exit NWBACK32
To start and exit NWBACK32, do the following:

1. From your workstation, log in to the desired eDirectory tree.
2. (Conditional) If this is the first time you have used NWBACK32,
do the following; otherwise, go to step 3:
a. Log in to the server running the backup engine.
b. Enter your user name and password.
c. Configure eDirectory information:
❑ Tree name: Enter the name of the eDirectory tree you
will use to back up and restore data.
❑ SMDR context: Enter the SMDR context you created
during server configuration.
❑ SMDR group context: Enter the SMDR group context
you created during server configuration.
3. From SYS:PUBLIC, run NWBACK32.EXE:
a. Browse to SYS:PUBLIC.
b. Double-click NWBACK32.EXE.
A Quick Access window appears
4. Perform backup and restore tasks by selecting Backup or
Restore.
When you finish using NWBACK32, exit the program and
unload the SMS modules to free memory on your host server or
target.
5. Exit NWBACK32 by selecting File > Exit.
6. Unload the SMS modules at the prompt by entering SMSSTOP.
x If a warning indicates that an NLM is being used by another NLM,

consider keeping the module loaded. Otherwise, your server can abend.

Guidelines for Using SBCON and NWBACK32
Follow these guidelines to make backup and restore easier and to

avoid problems later.
■ Log in with Supervisor rights. You will have limited success
backing up and restoring if you log in without the Supervisor
right.
For security reasons, many SBCON options are limited to the
network administrator. This helps maintain the security of your
NetWare server and ensures data integrity.
■ Reserve disk space for temporary files. Make sure you have
disk space available (1 to 2 MB) on the target server's volume
SYS to accommodate log and error files.
SBCON creates temporary files on the target server during
backup. If you have linked UNIX files or files with extended
attributes, the temporary files might be larger than 1 MB.
■ Do not mount or dismount volumes during a backup or
restore session. The data might become corrupted or an
association might occur on the host server.
An association is a functional connection between an element
and a data object or an action object. For example, if an icon
and an action are associated, selecting the icon invokes the
action association.
■ Use the correct name space and name space formats. Use
the following name space and name space formats:
❑ Name spaces: DOS, FTAM, Macintosh, OS/2
(FTAM is an application layer protocol for file transfer and
remote manipulation found in ISO 8571.)
❑ Name space formats:
❑ Macintosh: Use volume::directory:directory:filename
❑ Others: Use volume:/directory/directory/filename

If you do not use the correct name space and name space
formats when entering paths and file names, files can't be
restored.
x FTAM is an application layer protocol for file transfer and remote

manipulation found in ISO 8571.
■ Use original case for non-DOS names. Non-DOS path names

and filenames are case sensitive. NetWare recognizes DOS
pathnames and filenames in uppercase only.
If you’re not sure of the original case, see your log file.
■ Make sure the designated medium has enough storage
space. Security can be compromised if the scheduled backup
session cannot be accommodated on the medium.
In this case, you are prompted to insert another tape. If another
tape is not inserted, the backup does not finish, the program
does not exit, and SBCON does not disconnect. This results in
compromising security.
To reduce this risk, set append to No, attend the backup so you
can insert the next tape, or use a tape loader backup device.
■ Label your storage medium. If the storage medium does not
have an electronic label, SBCON displays a message saying
that the medium cannot be identified.
You need to configure an electronic label for the medium before
backing up data.
■ Use tapes having the maximum space. If you are appending a
backup session to a media set (2 or more tapes), use the tape
having the maximum space first. This avoids the use of multiple
tapes.
■ Exit utilities before unloading drivers. If you unload a
manually loaded driver before exiting the backup utility (such
as SBCON), it can cause the host server to abend.

SMS Log and Error Files
Whenever you back up files and directories, data files are created on
the storage media (such as a tape) that can be used to restore the
data to a server or workstation.
In addition, a log and corresponding error files are created on the

host server (the server from which you are running SMS services)
for each backup and restore job.
You might want to create individual log directories for the different
types of backup or restore session targets or different organizational
units.
For example, you could create one directory for workstation

backups and another for server backups.
The following provides information about the log and error files to
help you effectively manage backup and restore jobs:
■ Location of Log and Error Files
■ Log File Contents
■ Error File Contents
■ Access Log and Error Files Through SBCON and NWBACK32
Location of Log and Error Files
The log and error files of a backup session are stored in a default
directory (such as SYS:SYSTEM\TSA\LOG). If you prefer, you can
create your own directory for the log and error files as long as it
resides on the host server.
The log and error files of a restore session are stored in the directory
(SYS:SYSTEM\TSA\RESTORE). You cannot modify the location
for the files.

Log File Contents
A log file contains the following:

■ The session date and time and the description you entered
■ The target where the data was backed up from
■ The target that was backed up and the location on the server
where the data was restored to during a restore session
■ Media set identification information
■ The area of the file system that was backed up or restored (such
as volume name or directory name)
■ The names of files that were backed up or restored
■ The numerical location of the data on the storage media
Error File Contents
An error file includes the following

■ A list of errors that occurred during a backup or restore session
■ The session date and time and the description you entered
■ The target where the data was backed up from
■ The target that was backed up and the location on the server
where the data was restored to during a restore session
■ Media set identification information
■ The area of the file system that was backed up or restored
■ The number of parents and children backed up or restored
■ The names of files that were not backed up or restored, along
with error messages or information
■ Skipped data sets (any file that is open when a session begins is
not backed up or restored, and is listed as a skipped data set)

Access Log and Error Files Through SBCON and NWBACK32
You can access the log and error files through the SBCON main
menu (Log File Administration) or from a Windows 95, 98, 2000
or Windows NT workstation using the NWBACK32 Report menu
(Session or Error).
SBCON and NWBACK32 keep a list of all log and error files. The
list includes the following information:
■ The description you enter for the session
■ The date and time you started a backup or restore session or, in
the case of a delayed session, the time the session was
scheduled
■ The name of the target the data was backed up from
Exercise 12-1 Set Up SMS to Use SBCON and NWBACK32
a 25 minutes As network administrator for your Digital Airlines office, you

perform weekly backups of data on workstations and servers.
While waiting for a software patch for your normal backup and
restore utility, you decide to test SBCON as an interim backup and
restore solution.
Do the following to set up SMS for using SBCON and

NWBACK32:
■ Part I: Prepare the Server for Backup and Restore
■ Part II: Configure the TSA Preferences on the Workstation
■ Part III: Verify the Setup by Starting and Exiting SBCON
x This exercise uses a tape drive emulator provided by Novell as a backup

device. Instead of backing up and restoring data to tape, you use a file.

Part I: Prepare the Server for Backup and Restore
Before performing backups from the NetWare 6 server with

SBCON, you need to do the following:
1. Load the TPEMU.HAM driver for the tape drive emulator:
a. From the NetWare 6 server console prompt, enter
TPEMU.HAM.
You are prompted for a backup file name.
b. Enter SYS:\BACKUP.DAT.
Both TPEMU.HAM and EMUIF.NLM are loaded.
c. From the server console prompt, enter LIST DEVICES.
❑ If you see “EMULATOR_TAPE 1” listed, skip to
step 3.
❑ If you see “Unbound Device Object” listed instead of
the tape drive emulator, continue with step 2.
2. (Conditional) Load the NWTAPE.CDM driver for the emulator:
a. From the server console prompt, start the NetWare
Configuration utility by entering NWCONFIG.
b. Select Driver Options > Configure disk and storage
device drivers.
c. From Additional Driver Actions, select Select an additional
driver.
A Select a driver list appears.
d. Scroll through the list and select NWTAPE.CDM; then
select Yes.
e. Select the C:\NWSERVER directory by pressing Enter.
f. You are prompted to select an additional driver.
g. Continue by selecting No.
h. Make sure NWTAPE.CDM is in the Selected Disk Drivers
list by pressing Tab and scrolling down through the list.

i. Exit the NetWare Configuration utility by pressing Esc 4

times; then select Yes.
j. From the server console prompt, enter LIST DEVICES.
After a few moments, a list of devices appears that includes
the EMULATOR_TAPE 1 device.
3. Start SMS and load the eDirectory TSA:
a. From the server console prompt, start SMS by entering
SMSSTART.
SMDR and several SMS modules are loaded, including
TSA600 and TSAPROXY that let you back up files on the
NetWare server (TSA600) and on the Windows workstation
(TSAPROXY).
b. From the server console prompt, load the modules for
backing up to the storage device by entering SBSC.
You are prompted for a queue name.
c. Accept the default queue name by pressing Enter.
d. (Conditional) If you are prompted for a user name and
password, enter the following:
❑ User Name: .ADMIN.SLC.DIGITALAIR
e. (Conditional) If you are prompted for a context, enter
.SLC.DIGITALAIR.
x If you receive an error that stops the loading of the modules, (such
as a QMAN.NLM error message), reset the server at the console
prompt by entering RESET SERVER; then try entering SBSC
again (step b).
f. From the server console prompt, load the TSA for eDirectory
by entering TSANDS.

4. Start the TSA service on your workstation:

a. From your workstation, select Start > Settings > Control
Panel.
b. Double-click Administrative Tools > Services.
A Services dialog appears with a list of services displayed.
c. Scroll to and right-click Novell Target Service Agent; then
select Properties.
Notice that the executable file is TSAMAIN.EXE. This is
the SMS TSA for the workstation.
d. Close the properties dialog by selecting Cancel.
Notice that the TSA is set to start each time you start
Windows.
If you are having problems connecting to a workstation,
check the status of the TSA. It might need to be started
manually.
e. (Conditional) If the TSA is not started, right-click Novell
Target Service Agent; then select Start.
The status for Novell Target Service Agent is listed as
“Started.”
f. Close all open windows.
Part II: Configure the TSA Preferences on the Workstation
Before connecting to the workstation with the TSA, you need to

configure the Windows NT/2000 TSA preferences.
Do the following:
1. From the workstation, make sure you are logged in to DAx as
admin with a novell password.
2. Find out which local area connection to configure for the TSA:
a. Select Start > Run; then enter CMD and select OK.

b. From the CMD command line window, enter IPCONFIG.

IP configuration information appears with a different IP
address for each Ethernet board.
c. Find which Ethernet local area connection is assigned to
your 192.168.x.1 server IP address.
If Local Area Connection is assigned to the IP address, you
need to configure Local Area Connection in step 4. If Local
Area Connection 2 is assigned to the IP address, you need
to configure Local Area Connection (2) in step 4.
d. Close the CMD command line window by entering EXIT.
3. Right-click My Network Places and select Properties.
4. Right-click the correct local area connection icon and select
Properties.
5. Select Novell Target Service Agent and select Properties.
A TSA Properties dialog appears, which is the
TSAPREFS.EXE file in C:\WINNT\SYSTEM32.
6. Select Preferences.
7. In the Preferred server field, enter your DAx IP address (the
192.168.x.1 address).
8. In the Protocol field, select TCP/IP.
9. Make sure the TSA registers with the host server each time the
workstation is started by selecting Auto register.
10. Select all the Events to log options (Connection, Registration,
Security, and Service).
11. In the Drives Available list, select C:\; then select Apply.
If you do not select C:\, SBCON will not give you access to the
hard drive.
12. Select Registration; then register the TSA by selecting Register.
Notice that the TSA is registered to your server using TCP/IP

on port 413 of the server.

13. Close the TSA Preferences dialog by selecting OK.
14. Close the Local Area Connections properties dialog by selecting

OK.
15. Close the Network and Dial-up Connections window.
Part III: Verify the Setup by Starting and Exiting SBCON
Test the SMS setup by doing the following:

1. From the NetWare 6 server console prompt, start SBCON by
entering SBCON.
After a few moments, the SBCON main menu appears.
x If you receive error messages or SBCON does not load, reset the server
from the console prompt by entering RESET SERVER; then start the
exercise again.
2. From the main menu, select Job Administration > Backup.

The Backup Option dialog appears.
3. Select Target Service > DAx.
A list of target services running on your server appears.
If you completed Part I correctly, you should see the following
services listed:
❑ DAx.NetWare File System. This service appears because
TSA600.NLM is loaded.
❑ DAx.Novell Directory. This service appears because
TSANDS.NLM is loaded.
❑ DAx.Workstations. This service appears because
TSAPROXY.NLM is loaded.
4. Return to the Backup Options menu by pressing Esc twice; then
press Enter.

5. Select Device/Media Name.

The tape emulator device is listed.
This indicates that you completed Part I correctly, and that SMS
recognizes the tape emulator device.
6. Return to the main menu by pressing Esc twice and selecting No;
then press Esc.
7. Exit SBCON by selecting Exit; then select Yes.
x Although you do not use NWBACK32 in the section exercises, you can
explore the utility on your own from your workstation by double-clicking the
NWBACK32.EXE file in the SYS:SYSTEM\PUBLIC directory on your
NetWare 6 server.
(End of Exercise)
Objective 2 Back Up Data with SBCON and NWBACK32

After you understand how to set up SMS backup and restore
services, you can back up file system and eDirectory data with
SBCON and NWBACK32.
To perform these tasks you need to know the following:

■ How to Back Up Data
■ How to Verify Backed Up Data
■ Guidelines for Backing Up Data with SMS Services
x This objective covers basic backup, verification, and restore tasks using
SBCON and NWBACK32. For more information, see “Storage Management
Services (Backup and Restore)” at http://www.novell.com/documentation/
lg/nw6p/index.html.

How to Back Up Data
You need to know the following:

■ How to Back Up Data from a Server Using SBCON
■ How to Back Up Data from a Workstation Using NWBACK32
How to Back Up Data from a Server Using SBCON
When you back up data on a target server or workstation from an

SMS host server, do the following:
1. From the host server console prompt, enter SBCON.
3. Display a list of servers possibly running target services by
selecting Target Service.
4. From the list, select the host server running the target service for
the target you want to back up.
The following describes the target services that can be selected
for backup from a server:
Table 12-3 If you are backing up Then select
A file system The server whose file system you

want to back up
An eDirectory database The server with TSANDS loaded
A workstation The workstation’s host server, and

then the workstation
Server-specific information The server whose information you

want to back up, and then choose
to back up the file system
If you do not see the server you want on the list, the TSA might
not be loaded on the host or the target.

If network traffic is heavy, try returning to the main menu and

start again to redisplay the list of servers.
A list of target services running on the server appears.
5. Select a target service.
6. Enter a user name for the target service.
If SBCON rejects the user name you enter for eDirectory or a
NetWare file system, you probably need to include the context
where the user object is located.
For example, instead of entering ADMIN as the username,
enter either of the following:
❑ .CN=ADMIN.O=context
❑ .ADMIN.context
You must include the context in the username at this point if the
username that exists in an eDirectory container is different from
the context set on the server running SBCON.
7. Enter a password for the target service.
SBCON will take a few moments to authenticate.
A Backup Options dialog appears.
8. Continue by pressing Enter.
9. Select What to Back Up.
A list of resources appears.
10. Press Insert, select a resource you want to back up, and then
press Esc.
Depending on the target, a resource can be an item such as a
Windows NT workstation (the hard drive), a volume (such as
SYS), or a full eDirectory backup.
11. In the Description field, enter a descriptive name for the backup
session.

This is a descriptive name that helps you identify the specific

backup session if a restore is necessary.
There are no special requirements for what to enter as the
session description. However, you might want to include the
full path of the data (for example,
SYS:HOME\REPORTS\JULY.02).
12. Select Device/Media Name and select a device.
A list of available devices appears in the Select a Device screen.

If a device contains multiple media, select the media for the
backup.
If the storage media does not have a label, SBCON displays a
message saying that the media cannot be identified.
13. Press Insert to set the label before selecting the media for a
backup job.
14. (Conditional) If you want to perform an incremental or
differential backup or use options for including and excluding
data, select Advanced Options.
The default backup type is set to Full.
15. (Conditional) Select Append Session.
This appears only if your device supports appending to previous

sessions on the media.
Accept the default YES if you want to preserve all sessions on
the media. The backup session is appended to the media at the
end of the previous session. Each appended session has separate
backup and error logs.
If you want to overwrite the data on the media, enter NO. The
media rewinds and existing data is overwritten by the next
backup.
16. Save the settings and submit the backup job by pressing Enter.
The backup job is sent to the job queue for processing.

17. View the job queue from the main menu by selecting Job
Administration > Current Job List.
❑ View the details of a job by selecting the job.
❑ View the job progress by pressing Insert.
19. When the backup job is complete, press Esc until you return to
the main menu.
20. Exit SBCON by selecting Exit; then select Yes.
21. Unload the SMS modules from the server console prompt by
entering SMSSTOP.
How to Back Up Data from a Workstation Using NWBACK32
When you back up data on a target server or workstation from a

workstation, do the following:
1. From the workstation, start NWBACK32.
2. From the Quick Access window, select Backup.
3. Select what you want to back up:
a. Double-click What to Backup.
b. Select NDS, NetWare Servers, or Workstations.
c. Open NetWare Servers; then double-click a server to back
up.
d. Enter the user name and the password to authenticate to the
server.
A list of resources to back up appears, such as volumes and
files.
e. Select the resources to be backed up.

4. Select where you want the backup data to go:

a. Double-click Where to Backup.
A context appears.
b. Do one of the following:
❑ If the context is not correct, change to the correct
context by clicking the Change to Context button on
the toolbar and logging in to the correct context; then
double-click Where to Backup > context.
❑ If the context is correct, double-click context.
c. Double-click Queues.
d. Select a queue object from the list; then continue
double-clicking items until you select a backup device.
e. Select Backup > Submit the Job.
5. View the job queue from the Quick Access window:
a. Select Job Administration.
b. Double-click the context of the queue location.
c. Double-click Queues.
The Queue list appears.
d. (Optional) To view the dynamic properties of a job, select a
job from the list, right-click, and select Dynamic
Properties.
6. When the backup job is complete, return to the Quick Access
window.
7. Exit the Quick Access window.
entering SMSSTOP.

How to Verify Backed Up Data
You can use the Verify option from SBCON or NWBACK32 to

check the data on the media to make sure it has been backed up
properly, is valid, and can be restored.
You can verify backup data in the following ways:

■ If you know what sessions are on the media and you have the
log and error files, you can select the session from the list.
■ If you do not know what sessions are on the media, and if you
are not sure the log and error files still exist, create the session
files.
Make sure you have met the prerequisites listed in “How to Set Up
and Start SBCON and NWBACK32” on 12-9, and then do one of
the following:
■ Verify From a Host Server Using SBCON
■ Verify From a Workstation Using NWBACK32
Verify From a Host Server Using SBCON
To verify from a host server, do the following:

1. From the server console prompt, enter SBCON.
2. From the main menu, select Job Administration > Verify.
The Verify Options screen appears.
3. Enter a descriptive name for the verify job.
4. Select the device and media for the job.
You can also manually enter this in the form device
name.media name.

5. In the Session to Restore field, press Enter.

A list of all backup sessions appears in the Select a Session
screen.
6. Select a session from the list.
7. Submit the job after confirming the Submit Job prompt.
8. Select Job Administration > Current Job List.
9. Select the job you have submitted.
If there were no problems with the verification or the data, the
Run Time Status screen displays the following message:
The verification process was completed normally.
Verify From a Workstation Using NWBACK32
To verify backed up data from a workstation, do the following:

1. Start NWBACK32.
2. In the Quick Access window, select Verify.
3. Double-click the context if necessary.
4. Double-click Queues.
5. Double-click the preferred queue.
6. Double-click Servers.
7. Double-click the preferred server.
8. Double-click Devices.
9. Double-click the preferred device.
10. Right-click the preferred media.
11. Select Submit the Job.
12. In the Submission of Job dialog box, select the session.
13. Select Finish.

Guidelines for Backing Up Data with SMS Services
Before you back up data using SMS services and SMS-compliant

backup software, you need to know the following:
■ Backup Types Available
■ Backing Up NetWare File Systems
■ Backing Up eDirectory
x As part of your backup plan, test backed up data regularly to verify the
reliability of your backup procedures and equipment. Whenever possible,
test restoring the backed up data on a server in a lab (instead of in the
production environment).
b For more on increasing backup performance and troubleshooting SMS

backup issues see TIDs 10023910 and 10062304.
Backup Types Available
SMEs such as SBCON and NWBACK32 provide 3 types of backup:

■ Full: Backs up the entire file system of the selected target
regardless of whether the data has changed since the last
backup.
■ Differential: Available only for the file system, differential
backs up only data that has changed since the last full or
incremental backup.
■ Incremental: Available only for the file system, incremental
backs up only data that has changed since the last full or
incremental backup (whichever was last).
All backup types contain advanced options that let you
customize your backup by including or excluding data and
specifying how to scan what you are backing up.

Backing Up NetWare File Systems
The following are guidelines for backing up NetWare file systems:

■ Trustee Assignments and File System Backups
■ Server-Specific Information on Volume SYS
Trustee Assignments and File System Backups
Trustee assignments are stored as part of the file system as an ID.

They are backed up by default when the file system is backed up
with the TSA.
If a user object is deleted and then re-created or restored, its object

ID changes. This is why the TSA uses fully distinguished names for
objects to back up the trustee rights from the file system.
If a user object is deleted and re-created with a new ID, the user's
trustee assignments in the file system can be restored.
As long as an object with the same name on the backup media exists
in the eDirectory tree structure when the file system is restored, the
TSA can interact with eDirectory to rebuild the directory entry table
(DET) to reflect new object ID numbers.
Server-Specific Information on Volume SYS
Server-specific information, such as the replica information, ID

information, name spaces loaded, and system configuration, is
stored on volume SYS.
When you back up volume SYS, this information is backed up as a

single resource that includes the following files:
■ SERVDATA.NDS, which contains server-specific eDirectory
data.
■ DSMISC.LOG, which contains a replica list and replica types
on the server at backup.

■ STARTUP.NCF, which contains a disk driver, name spaces,

and SET parameters.
■ AUTOEXEC.NCF, which contains load modules and the
NetWare operating system configuration.
■ VOL$INFO.TXT, which contains volumes on the server,
name spaces loaded, compression, and migration information.
Using SBCON or NWBACK32 you can choose to back up this

information individually.
The information is not restored unless you specifically choose to

restore it. It does not need to be restored unless you have lost
volume SYS.
Backing Up eDirectory
The best way to protect your eDirectory database is to use replicas.

However, replication is not sufficient protection for a single server
network or when all copies of the replicas are destroyed or
corrupted.
In these cases, you can restore the eDirectory tree structure by

making sure you regularly back up eDirectory with SMS.
To back up the eDirectory database, TSANDS.NLM must be loaded

on one server in the eDirectory tree structure—preferably the server
containing a replica of the largest partition.
The following is information you need to know when using SBCON

or NWBACK32 to back up eDirectory
■ Guidelines for Backing Up eDirectory
■ Object ID Numbers
■ Customized eDirectory Backups
■ Setting Rights for Backup Administrators

Guidelines for Backing Up eDirectory
The following are guidelines for backing up eDirectory using SMS:

■ eDirectory backups and volume SYS. The eDirectory
database exists as a set of files that are stored in volume SYS
and are hidden so they are not tampered with or deleted.
Because these files are hidden, they cannot be seen during
volume SYS backup and are not stored as part of the data set on
the backup media.
To back up eDirectory, you use the special eDirectory backup
features provided in an SME such as SBCON or Backup Exec.
■ Navigation of the entire tree. SMS backs up eDirectory data
that is spread out over multiple servers. To handle the necessary
links and dependencies between objects, SMS must be able to
navigate the entire eDirectory tree structure.
■ Frequency of backups. The frequency of backing up
eDirectory depends on how often changes and updates are made
to the eDirectory tree structure.
In general, you should back up the eDirectory database weekly.
For a tree that changes often, you might want to perform an
eDirectory backup every time you do a full backup of all
servers on the network.
Always back up eDirectory prior to major tree modifications.
■ Partitions and eDirectory backups. For a successful full
backup, the entire eDirectory tree structure needs to be
functioning, meaning that all partitions are synchronizing
normally.
A complete eDirectory tree backup cannot be achieved if any
replicas of any partition are offline because the partition
information for offline partitions is not backed up.
If an eDirectory tree structure becomes corrupted and you
restore the eDirectory data, all data is restored to one partition,
Root. You must repartition that portion of the tree.

x Because an SMS backup does not maintain any eDirectory partition

information, a backup should only be used as a last resort to restore
eDirectory objects.
Improper eDirectory restores from backups can cause tree corruption.
■ Schema Backup. The schema is backed up with a full

eDirectory backup. However, you can back up the schema
separately using a custom eDirectory backup.
■ Trustee assignments. Trustee assignments are backed up as
part of the file system and not included in an eDirectory
backup.
■ DSMISC.LOG file. You can use the DSMISC.LOG file that is
backed up with the file system as part of the server-specific
information.
Object ID Numbers
In NetWare, a random ID number is assigned when an object is

created. The ID numbers are stored in the directory entry table
(DET) of each file and directory and are server-centric.
NetWare uses these object ID numbers to keep track of information

such as users' trustee rights to directories and files in the file system.
When NetWare is backed up, the SME stores the objects' fully
distinguished names (not the objects' ID numbers) on the backup.
If an object in the eDirectory tree structure has the same

distinguished name as an object on the backup media, its object ID
is not overwritten during a restore.
If an object with the same name does not exist in the eDirectory tree
structure, it is assigned a new object ID when it is restored.
This occurs on every server where the object is used.

Customized eDirectory Backups
The version of TSANDS.NLM that ships with NetWare 6 allows

selective backup and restoration of an eDirectory tree structure.
However, not all third-party SMEs support this feature.
Using SBCON or NWBACK32, you can begin the backup of the

eDirectory database from any server in the eDirectory tree structure.
The backup process continues from that point down to the end of
that portion of the tree.
This allows you to back up the entire eDirectory tree structure or

subsets such as a single branch, a single container, or even a single
leaf object.
A scan option allows backup of only those objects for which the
backup user has the Supervisor right.
Setting Rights for Backup Administrators
As network administrator, you can assign backup administrators by

assigning the Supervisor right to the backup administrators for the
section of the eDirectory tree structure they are responsible to back
up.
You then create a TSANDS.CFG file that lists the fully

distinguished names of the containers where each of the backup
administrators' rights begin.
The TSANDS.CFG file should be saved in SYS:SYSTEM\TSA.
For example, suppose you have 3 organizational units that need to

be backed up (East, West, Mid).
You could create 3 user objects—BackAdmin1, BackAdmin2, and

BackAdmin3—and give them rights to the organizational unit that
they are responsible to back up.

You then create a TSANDS.CFG file similar to the following that

lists the fully distinguished name of the contexts where the backup
administrators' rights begin:
.OU=East.O=Acme
.OU=West.O=Acme
.OU=Mid.O=Acme
Backup administrators have rights to back up the eDirectory tree

structure beginning only at the context listed, and the rights
continue until the tree stops or the rights are filtered out.
Backup administrators should use a custom eDirectory backup to

back up the portions of the tree for which they have rights.
Exercise 12-2 Back Up Directory, Volume, and eDirectory Data for Your
Digital Airlines Office
a 20 minutes After setting up and starting SBCON, you are ready to test backing
up data.
If there is time, allow students to Do the following:

try using NWBACK32.
■ Part I: Create a WEBSITE Directory on the Workstation
However, this utility has several ■ Part II: Back Up the Workstation WEBSITE Directory
known bugs (especially
recognizing storage devices) that ■ Part III: Back Up Volume WEBFILES on the NetWare Server
can prevent students from
■ Part IV: Perform a Full Backup of eDirectory
configuring or submitting a backup
job.
x Make sure you complete Parts I and II of Exercise 12-2 before starting this
exercise.
Part I: Create a WEBSITE Directory on the Workstation
To provide test files on your workstation for backing up and

restoring, do the following:

1. From your workstation, insert the student CD.

2. Double-click My Computer > student CD > Exercises >
Section 12.
3. Select the WEBSITE folder; then select Edit > Copy.
4. From the Address drop-down list (top of the window), select
Local Disk (C:).
5. Select Edit > Paste.
6. When the copying is complete, close the Local Disk (C:)
window.
7. From your workstation, remove the student CD.
Part II: Back Up the Workstation WEBSITE Directory
To back up the workstation NOVELL directory from the NetWare 6

server, do the following:
1. From the NetWare 6 server console prompt, enter SBCON.
The Backup Options dialog appears.
You use this dialog to configure the backup job you want to
submit to SMS.
3. Connect to the workstation as the target service:
a. Display a list of servers possibly running target services by
selecting Target Service.
b. From the list, select DAx.
A list of target services running on your server appears.
These include the NetWare file system, Novell Directory
(eDirectory), and workstations.
c. From the list, select DAx.Workstations.
You are prompted to log in to your workstation.

To access full rights to the file system, you need to log in as

Administrator.
d. For the username, enter Administrator; for the password,
enter novell.
If you have problems logging in, try entering an uppercase
“A” in “Administrator.”
e. When you are connected to your workstation, continue by
pressing Enter.
4. Select the WEBSITE directory to back up:
a. Select What to Back Up.
An empty list of resources appears.
b. Press Insert.
A Windows NT Workstation resource list appears.
c. Select Windows NT Workstation > C: > WEBSITE.
WEBSITE is added to the resource list.
x If you cannot select the WEBSITE directory, try selecting

WINDOWS NT WORKSTATION as a backup resource.
d. Return to the Backup Options dialog by selecting Esc.

5. In the Description field, enter WS WEBSITE 1.

6. Select the tape emulator for the device and label the device media
as Test Backups:
a. Select Device/Media Name and select
EMULATOR_TAPE 1.
A list of media (the tape in the tape drive) appears with an
“unidentifiable media” label.
SBCON needs a media label for the tape before you can
back up data to it.
b. Display the media utilities by pressing Insert; then select
Change the Media Label.
c. Delete the existing data by selecting Yes.
d. For the media label, enter Test Backups and press Enter
twice; then press Esc.
7. Use Advanced Options to back up only the WEBSITE
directory:
a. Select Advanced Options; then select Subsets of What to
Back Up.
b. Select Include directories (full path); then press Insert.
c. Select LONG namespace.
d. For the data set name, enter C:WEBSITE; then press Enter.
e. Return to the Backup Options dialog by pressing Esc 3
times.
8. Submit and check the status of the backup job:
a. Submit the backup job to the queue by pressing Esc and
selecting Yes.
In a moment, you see several components loaded by SMS.
b. Display the Storage Management Console by pressing
Ctrl+Esc; then select Novell Storage Management
Console.
c. From the Select Job dialog, select Current Job List.
The WS WEBSITE 1 backup job is listed as running.

d. View the runtime status of the job by highlighting the job (do
not press Enter); then press Insert.
The runtime status screen displays the data sets being
processed, statistics on the data size, and error messages.
When the backup job is completed, an information message
appears.
e. Continue by pressing Enter.
f. Return to the main menu by pressing Esc twice.
9. View the job and error logs for WS WEBSITE 1:
a. View the job log for the WS WEBSITE 1 job by selecting
Log File Administration > View a log file: then press
Enter.
b. Select the WS WEBSITE 1 backup job.
Several items of information appear, including the session
date and time, target, and all data sets (directories and
files).
c. View the contents of the log by pressing Page Down several
times.
d. When you finish, return to the Error/Log File Administration
dialog by pressing Esc twice.
e. View the error log for the WS WEBSITE 1 job by selecting
View an error file: then press Enter.
f. Select the WS WEBSITE 1 backup job.
g. Check for errors or data sets skipped.
h. Return to the main menu by pressing Esc 3 times.

Part III: Back Up Volume WEBFILES on the NetWare Server
After testing the connection between the NetWare 6 server and the
TSA on the workstation, and verifying the backed up directory, you
decide to try backing up a volume on the NetWare 6 server.
x If you have not completed Section 11 exercises, back up volume DATA

instead of WEBFILES, because WEBFILES will not exist.
Do the following:
The Backup Options dialog appears.
2. Connect to the NetWare 6 server as the target service:
a. Display a list of servers by selecting Target Service.
c. From the list of target services, select DAx.NetWare File
System.
You are prompted to log in to your NetWare 6 server.
d. For the username, enter admin.slc.digitalair; for the
password, enter novell.
e. When you are connected to DAx, continue by pressing
Enter.
3. Select the WEBFILES volume to back up:
b. Press Insert, select WEBFILES:; then press Esc.
c. Return to the Backup Options dialog by selecting Esc.
4. In the Description field, enter SRVR WEBFILES 1

The tape drive emulator is already selected, and you want to do

a full backup (selected by default in Advanced options) on the
entire WEBFILES volume.
You are ready to submit the backup job.
selecting Yes.
After a few moments, a screen displays several components
loaded by SMS.
Console.
The SRVR WEBFILES 1 backup job is listed as running.
d. View the runtime status of the job by highlighting the job;
then press Insert.
When the backup job is complete, an information message
appears.
6. View the job and error logs for SRVR WEBFILES 1:
a. View the job log for the SRVR WEBFILES 1 job by
selecting Log File Administration > View a log file: then
press Enter.
b. Select the SRVR WEBFILES 1 backup job.
c. View the contents of the log by pressing Page Down several
times.
d. When you finish, return to the Error/Log File Administration
dialog by pressing Esc twice.
e. View the error log for the SRVR WEBFILES 1 job by
selecting View an error file: then press Enter.

f. Select the SRVR WEBFILES 1 backup job.

Notice that there are no errors or data sets skipped.
g. Return to the main menu by pressing Esc 3 times.
Part IV: Perform a Full Backup of eDirectory
One of your administrative tasks is to back up eDirectory once a

week.
To test backing up eDirectory with SBCON, do the following:

2. Connect to eDirectory as the target service:
c. From the list of target services, select DAx.Novell
Directory.
You are prompted to log in to the eDirectory tree.
d. For the username, enter .admin.slc.digitalair; for the
e. When you are connected to DAx, continue by pressing
Enter.
3. Select the full directory to back up:
b. Press Insert; then select Full Directory Backup.
c. Return to the Backup Options dialog by selecting Esc.
4. In the Description field, enter EDIR TREE 1.


selecting Yes.
In a moment, you see several components loaded by SMS.
b. Display the Console by pressing Ctrl+Esc; then select
Novell Storage Management Console.
The EDIR TREE 1 backup job is listed as running.
d. View the runtime status of the job by highlighting the job;
then press Insert.
An error message, such as one for NWSMTSReadDataSet,
might appear. When the backup job is complete, an
information message appears.
6. View the error and log files for EDIR TREE 1:
a. View the error file for the EDIR TREE 1 job by selecting Log
File Administration > View an error file: then press Enter.
b. Select the EDIR TREE 1 backup job.
Error messages indicate that your admin object has no
rights to back up the NLS license objects.
c. Return to the Error/Log File Administration dialog by
pressing Esc twice.
d. (Optional) View the log file by selecting View a log file and
pressing Enter; then select EDIR TREE 1.
e. When you finish viewing the log file, press Esc until you
return to the main menu.
7. From the main menu, select Exit; then select Yes.
8. At the server console prompt, enter SMSSTOP.
(End of Exercise)

Objective 3 Restore Data with SBCON and NWBACK32

To restore data using SBCON or NWBACK32, you need to know
the following:
■ Restoring Data with SMS Services
■ How to Restore Backed Up Data Using SBCON
■ How to Restore Backed Up Data Using NWBACK32
Restoring Data with SMS Services
A restore session restores data from a backup. If an error occurs

during the restore session, a message is appended to the error file on
the host server.
You can use SBCON or any other SMS-compliant backup and

restore software to restore lost or corrupted data you have backed up
to storage media.
To understand how to restore data with SBCON or NWBACK32,

you need to know the following:
■ How SMS Evaluates a Data Set for Restoration
■ Custom Restore Sessions
How SMS Evaluates a Data Set for Restoration
During a restore session, the backup and restore program (such as

SBCON) reads the backup storage media, and the TSA compares
the media data set to the existing hard disk data set.
The TSA evaluates each data set according to the following criteria:
■ Is this data set a subset of what is being restored?
■ Is this data set found on the hard disk?

■ Which parts of the data set are subject to restoring?

■ Is this data set a parent or a child, and is the Overwrite
parameter set to Yes or No?
■ If the parameters for a child are set to Overwrite Only if Newer,
does the backup copy have a more recent date than the existing
copy?
Custom Restore Sessions
For a custom restore session, you can specify exactly which data to
restore by using options that allow you to do the following:
■ Choose subsets of data to restore. You can choose specific
subsets of a backup session to include in or exclude from the
restore session by selecting major resources (such as volumes,
server-specific info, or containers) or minor resources (such as
directories, paths, files, or objects).
■ Open mode options. Open mode options let you customize
data for restoration. File system data can either be included or
excluded for the session. The speed of the restore depends on
the options you set.
■ Overwrite an existing parent (such as a container) or child
(such as an object). Be careful when you perform a selective
restore and choose whether to overwrite existing parents or
children, especially eDirectory objects.
Objects such as groups and users have references to other
objects in the eDirectory tree structure that will be affected by a
selective restore.
For example, suppose a part of the eDirectory tree structure gets
corrupted and several users are deleted from the tree.

There is a group that contains those users, but after the users are
gone, the group purges the membership list to remove those
users; the group, however, continues to exist in the eDirectory
tree structure.
If you perform a selective restore and choose not to overwrite
existing objects, the group membership list remains empty even
if you restore the users.
You need to either add the users manually to the group
membership list or restore the original group.
How to Restore Backed Up Data Using SBCON
To restore data to a target using SBCON, do the following:

1. From the host server console prompt, enter SBCON.
2. From the main menu, select Job Administration > Restore.
The Restore Options screen appears.
3. Display a list of targets by selecting Target Service.
The following describes the targets that can be selected for a
restore:
Table 12-4 If you are backing up Then select
A file system The server whose file system you

want to back up
An eDirectory database The server with TSANDS loaded
A workstation The workstation’s host server, and

then the workstation
Server-specific information The server whose information you

want to back up, and then choose
to back up the file system

4. From the Target Services list select a target.

If you do not see the target you want, the TSA might not be
loaded on the host or the target.
If network traffic is heavy, try returning to the main menu and
start again to redisplay the list of targets.
5. Enter the administrator username and context for the target.
If SBCON rejects the user name you entered, you probably
need to include the context where the user object is located.
For example, instead of entering ADMIN as the username,
enter either of the following:
❑ .CN=ADMIN.O=context
❑ .ADMIN.context
You must include the context in the username at this point if the
username that exists in an eDirectory container is different from
the context set on the server running SBCON.
6. (Conditional) If requested, enter a password for the target.
SBCON will take a few moments to attach to that target. Wait
for the confirmation and then press any key to continue.
7. In the Description field, enter a descriptive name for the restore
session.
The descriptive name of the job helps you identify the session.
8. Display a list of devices and media that contains backup data sets
by pressing Enter.
A list of available devices appears in the Select a Device screen.
If a device contains multiple media, select the media for the
backup.
If the storage media does not have a label, SBCON displays a
message saying that the media cannot be identified. Set the
label before selecting the media for a backup job.

9. Select the device and media you want to restore from by pressing
Enter.
10. From the Select a Session screen, select the Session to Restore.
11. Specify the path to the session log file of the session you want to
restore by pressing Enter to accept the default.
A list of sessions appears.
12. Select the session you want to restore.
If the medium on which the data resides is not loaded on the

device you choose, you are prompted to insert the correct
media.
13. (Optional) Configure parameters such as data subsets and
execution time by selecting Advanced Options; then complete
the form.
14. Begin the restore session by pressing Esc and selecting Yes.
15. View the activity log screen by pressing Alt+Esc.
If the job execution starts and is not successfully completed,

errors appear on this screen.
The activity log file ACTIVITY.LOG is in the server's
SYS:\SYSTEM\TSA\LOG directory.
16. View the run time status of a job by selecting Job
Administration > Current Job List > job name.
When the restore session finishes, the following appears:
The restore process was completed normally.
17. Return to the main menu by pressing Esc until the menu appears.
entering SMSSTOP.

How to Restore Backed Up Data Using NWBACK32
To restore data to a target using NWBACK32, do the following:

1. Start NWBACK32.
2. From the Quick Access window, select Restore.
3. Select What You Want to Restore:
a. Double-click What to Restore.
b. Select the context.
c. Double-click Queues and select a queue.
d. Double-click Servers and select a server.
e. Double-click Devices and select a device.
f. View the media list by double-clicking the device.
g. Select a medium.
4. Select the restore location:
a. Double-click Where to Restore.
b. Select eDirectory, NetWare Servers, or Workstations.
c. Select the server where you want to restore your data.
d. Authenticate to the server by entering the administrator
username and password.
e. Select OK.
5. Submit the restore job by selecting Restore > Submit the Job.
6. (Optional) Display more information about restore by selecting
Next.
7. When the restore session finishes, return to the Quick Access
window.
8. Exit NWBACK32 from the Quick Access menu by selecting
Exit.
entering SMSSTOP.

Exercise 12-3 Restore Workstation Files and an eDirectory Container

Using SBCON
a 15 minutes To complete your test of SBCON, you decide to restore some of the
data you backed up.
The tape drive emulator allows Do the following:

students to submit a file system
restore job, but returns an error ■ Part I: Prepare the Server and Workstation for Backup and
message that the media cannot be Restore
read. ■ Part II: Restore the WEBSITE Directory to the Workstation
Skip Part II if you feel students will ■ Part III: Restore the DEL Container to the eDirectory Tree
not benefit from performing the
steps without a successful restore.
Part I: Prepare the Server and Workstation for Backup and
Restore
Before performing backups from the NetWare 6 server with

SBCON, you need to do the following:
1. From the NetWare 6 server console prompt, make sure the tape
drive emulator is loaded by entering LIST DEVICES.
If the tape drive emulator is not listed, load the emulator by
entering TPEMU.
2. From the server console prompt, enter the following commands:
SMSSTART
SBSC
TSANDS
3. From the workstation desktop, select Start > Settings > Control
Panel; then double-click Administrative Tools > Services.
A Services dialog appears with a list of services displayed.
4. Make sure the Novell Target Service Agent is started; then
close all open windows.

Part II: Restore the WEBSITE Directory to the Workstation
With SMS and the TSAs loaded and running, you can restore the
WEBSITE directory to the workstation.
Do the following:
1. From the NetWare 6 server console prompt, enter SBCON.
The Restore Options dialog appears.
You use this dialog to configure the restore job you want to
submit to SMS.
3. Connect to the workstation as the target service:
c. From the list, select DAx.Workstations.
You are prompted to log in to your workstation.
To access full rights to the file system, you need to log in as
Administrator.
d. For the username, enter Administrator; for the password,
enter novell.
If you have problems logging in, try entering an uppercase
“A” in “Administrator.”
e. When you are connected to your workstation, continue by
pressing Enter.
4. In the Description field, enter RESTORE WEBSITE 1.
5. Select the tape emulator for the device and Test Backups media:
a. Select Device/Media Name and select
EMULATOR_TAPE 1.
b. Select the Test Backups media by pressing Enter.
c. Return to the Restore Options dialog by pressing Esc.

6. From the Restore Options dialog, select Session to Restore.

A Select a Session dialog appears with the back up sessions
listed.
7. Select WS WEBSITE 1.
8. View advanced restore options by selecting Advanced Options.
Notice that the restore job is set to overwrite all parent and child
data sets.
Remember that children can be overwritten only if the date on
the data set on the hard disk is more recent than the date of the
data set backup.
9. Return to the Restore Options dialog by pressing Esc.
10. Submit and check the status of the restore job:
a. Submit the restore job to the queue by pressing Esc and
selecting Yes.
loaded by SMS.
Console.
The RESTORE WEBSITE 1 backup job is listed as
running.
A status message in the Data Size window indicates that the
tape drive emulator is positioning the media.
Because the emulator doesn’t support restoring a file
system backup, this message appears until an error appears
indicating that an error occurred in reading from the media.

Part III: Restore the DEL Container to the eDirectory Tree
Instead of restoring the entire eDirectory tree, you decide to restore

one of the containers in the tree.
Do the following:
The Restore Options dialog appears.
You use this dialog to configure the restore job you want to
submit to SMS.
2. Connect to eDirectory as the target service:
c. From the list, select DAx.Novell Directory.
You are prompted to log in to the eDirectory tree.
d. For the username, enter .ADMIN.SLC.DIGITALAIR; for
the password, enter novell.
e. When you are connected to your eDirectory tree, continue
by pressing Enter.
3. In the Description field, enter RESTORE DEL 1.
4. Select Session to Restore.
5. Select EDIR TREE 1.
6. View the Advanced Restore Options by selecting Advanced
Options.
7. Select Subsets of What to Restore; then select Include sub tree
by container name.
A Selection List Options dialog appears.
8. Press Insert; then select Directory Name Space.

9. For the data set, enter the following:

OU=DEL.O=DIGITALAIR
This adds the DEL container to the restore job.
10. Return to the Restore Options dialog by pressing Esc 3 times.
11. Submit and check the status of the restore job:

a. Submit the restore job to the queue by pressing Esc and
selecting Yes.
loaded by SMS.
Console.
The RESTORE DEL 1 backup job is listed as running.
A status message in the Data Size window indicates that the
tape drive emulator running.
When the job is completed, an information message
appears.
(Because restoration of DEL happens quickly, you might
not press Insert in time to view the Data Size window. A
message appears indicating that the job is completed.)
13. From the server console prompt, enter SMSSTOP.
(End of Exercise)

Objective 4 Identify eDirectory Recovery Procedures

Although backing up eDirectory data using an SME such as
SBCON is important for restoring the data, there are additional
steps required for a full eDirectory recovery.
The following are recovery procedures for general and specific

scenarios:
■ General Recovery Steps
■ Loss of a Volume Other Than SYS
■ Loss of Volume SYS or an Entire Server
■ Loss of the Entire eDirectory Tree
The eDirectory database creates external references when necessary.

An external reference is a pointer to an eDirectory object not found
locally on the server; it is used to authenticate and reference objects
that are not local to the server.
x Whenever possible, use intact replicas of the eDirectory tree for restoring
data. If this is not possible, restore the eDirectory tree from a backup.
General Recovery Steps
The following are general steps for recovering:

1. Delete the corrupted eDirectory data.
2. Allow time for the deletion to propagate throughout the network.
The allotted time depends on the size of the data to be backed
up, the size of your network, the number of servers you have,
and the number of containers and users you have.

3. Restore the eDirectory data.

If part of the eDirectory tree structure, including partitions and
replicas, exist when the eDirectory database information is
restored, those partitions and replicas will be restored also, and
you will not need to repartition the tree.
Loss of a Volume Other Than SYS
Loss of a volume other than SYS does not affect eDirectory. The
only requirement is to restore the file system data and trustee rights.
Loss of Volume SYS or an Entire Server
A hard disk failure involving volume SYS affects the entire server
and halts all NetWare operating system activities.
Because the eDirectory files are restored on volume SYS, losing

SYS is equivalent to removing NetWare and eDirectory from the file
server. You must reinstall NetWare and eDirectory before you
restore your data.
Use one of the following procedures:

■ Loss of the Only Server in a Single-Server Network
■ Loss of One Server in a Multiple-Server Network
Loss of the Only Server in a Single-Server Network
In a single-server network, server failure brings all network

operations to a halt.
The same situation exists if the failure affects only the hard disks
containing volume SYS.

Because there are no replicas in a single-server network, you cannot

recover any eDirectory information from a replica.
Use the following general steps to restore the server:

1. Repair or replace the failed hardware.
2. Reinstall NetWare.
3. Restore eDirectory from an SMS backup.
4. Restore the file system.
Loss of One Server in a Multiple-Server Network
In a multiple-server environment, it is possible for one server to go

down and for the rest of the servers in its replica list to remain
intact.
The same situation exists if the hard disks containing volume SYS
on one server gets damaged, causing the failure of the entire server.
Use the following general steps to restore the server:

2. Restore SERVDATA.NDS (the server-specific eDirectory
information) for the failed server to another server on the
network.
3. Reinstall NetWare, including restoring the SERVDATA.NDS
file (located in SYS) to the original server.
4. Restore eDirectory.
5. Restore the file system.
6. Restore any replicas that were removed from the server.

Loss of the Entire eDirectory Tree
If all servers on a network are destroyed because of a disaster, you

must perform a complete restore of NetWare, eDirectory, and file
system data.
Use the following general steps to restore the eDirectory tree

structure:
2. Reinstall NetWare on the first server.
3. Install NetWare on remaining servers to create a skeleton of the
tree.
5. Restore the file system to all servers.
6. Re-establish partition boundaries and distribute replicas.

Summary
Objective Summary
1. Set Up SMS for Before setting up and using SBCON and

SBCON and NWBACK32, you need to know the following:
NWBACK32
■ The components of SMS:
■ Storage management engine (SME)
■ Target service agents (TSAs)
■ Storage management data requester
(SMDR)
■ Storage device interface
■ Device drivers
■ Data sets and SMS services
■ You need to do the following to set up SMS for
using SBCON and NWBACK32:
■ Load the controller and storage device
drivers
■ Load TSAs
■ Load SMS on the host server
■ SMS Log and Error Files
2. Back Up Data with After you understand how to set up SMS

SBCON and backup and restore services, you can back up
NWBACK32
file system and eDirectory data with SBCON
and NWBACK32.
To perform these tasks you need to know the
following:
■ How to back up data
■ How to verify backed up data
■ Guidelines for backing up data with SMS
services

Objective Summary
3. Restore Data with To understand how to restore data using

SBCON and SBCON or NWBACK32, you need to know the
NWBACK32
following:
■ Restoring data with SMS services
■ How to restore backed up data using SBCON
■ How to restore backed up data using
NWBACK32
4. Identify eDirectory Although backing up eDirectory data using an

Recovery SME such as SBCON is important for restoring
Procedures
the data, there are additional steps required for
a full eDirectory recovery:
■ General recovery steps:
1. Delete the corrupted eDirectory data.
2. Allow time for the deletion to propagate
throughout the network.
3. Restore the eDirectory data.
■ Loss of a volume other than SYS
■ Loss of volume SYS or an entire server
■ Loss of the entire eDirectory tree:
2. Reinstall NetWare on the first server.
3. Install NetWare on remaining servers to
create a skeleton of the tree.
5. Restore the file system to all servers.
6. Re-establish partition boundaries and
distribute replicas.

MODULE 7
Implement Internet Services
Section 13 Manage Novell Web Services

Novell Network Management / Instructor Guide Manage Novell Web Services
SECTION 13 Manage Novell Web Services
Duration: 2 hours In this section you learn how to install and manage Novell web
services, Enterprise Web Server, and FTP Server.
Objectives
1. Identify the Purpose of Novell Web Services
2. Install, Configure, and Manage Enterprise Web Server
3. Install and Configure NetWare FTP Server
Introduction
The Digital Airlines executive committee has decided to take
advantage of the Novell web services and Novell net services
included with NetWare 6 to deliver web content and services to
employees, customers, and partners.
The company CIO is working with you to implement several web

and net services components to support a web site and provide file
access over the Internet using NetWare Enterprise Web Server and
FTP Server.
Although you are familiar with and have previously used a web
server and an FTP server, you need to know more about Novell web
services and how to install and manage Enterprise Web Server and
FTP Server.

Objective 1 Identify the Purpose of Novell Web

Services
Novell web services provide key components to help you build a
one-net, e-business solution.
To identify how Novell web service components help you build a

one-net solution, you need to know the following:
■ The Purpose of Each Novell Web Services Component
■ How Novell Web Service Components Support Novell Net
Services
The Purpose of Each Novell Web Services Component
Novell web services include the following components:

■ NetWare Enterprise Web Server. NetWare Enterprise Web
Server is an HTTP server that provides web pages to the
Internet, an intranet, or extranet.
You can create a web site to enhance departmental
communication, or you can create a web site that spans your
location or company.
Using eDirectory, you can also provide access for your
customers, suppliers, consultants, or other entities outside your
company who would benefit by having access to specified areas
on your web site.
In addition, you can publish information on the Internet so
anyone can see it and contribute to it.
■ Apache Web Server for NetWare. Apache Web Server
(installed by default) is an open-source web server originally
developed by the not-for-profit Apache group.
Apache Web Server is used by more than 60% of all web
hosting companies. It’s extremely stable, and it’s free.

Apache is used by NetWare 6 web-based services, including

NetWare Remote Manager, NetWare Web Manager, and
iFolder.
■ Tomcat Servlet Engine for NetWare. Also developed by the
Apache group, Tomcat is a servlet engine used to provide web
applications. It is used by several NetWare 6 components,
including the NetWare Web Search Server.
■ NetWare FTP Server. NetWare FTP Server provides FTP
service for transferring files to and from NetWare volumes.
FTP Server can be used to post new web content to your
enterprise web server, or to post or retrieve documents from
your NetWare file server.
■ Web Distributed Authoring and Versioning (WebDAV).
WebDAV is an industry standard protocol, and is an
enhancement to HTTP.
HTTP only supports the reading of files, but WebDAV enables
documents to be written using HTTP.
WebDAV turns the web into a document database that enables
collaborative creation, editing, and searching from remote
locations.
Because of WebDAV’s version control, web users can use a web
browser to write, edit, and save shared documents without
overwriting each other’s work.
■ NetWare Web Manager. You can use NetWare Web Manager
to effectively manage all your NetWare web services and to
access other web-based management tools.
Using any version 4.x or newer web browser (such as Netscape
Navigator and Internet Explorer), you can manage your Novell
web services from any place on the Internet.

How Novell Web Service Components Support Novell

Net Services
Almost all tools, utilities, and features offered in NetWare 6 use

Novell web services. This is especially true of Novell net services
software.
The following illustrates how Novell web services components

support delivery of net services:
Figure 13-1 (slide)
Internet
Laptop PC
Firewall
iFolder iLogin iManager etc.

Net Portal
Web
Services iPrint
Search Services
Tomcat Enterprise Apache

HTTP
Servlet Web Web
Web Stack
Engine Server Server
Services
NetWare
Novell net services include products such as iFolder and Novell

iPrint that help unify diverse networks and technologies into one
network for simplifying business processes and communications.

The combination of Novell net services software with Novell web

services offers unique opportunities for business exchanges, both
within and between companies.
For example, Enterprise Web Server can be used to host your

department or company web site, but it is also the enabling
technology for the iLogin net service (an enterprise portal solution
from Novell).
As an integral part of NetWare 6, Novell web services provide a

path for other technologies and networks to come together as one
network.
Objective 2 Install, Configure, and Manage Enterprise

Web Server
Although understanding how a web server works is important, as a
network administrator you should also know how to install,
configure, and use a typical web server.
For example, you can use Enterprise Web Server to host all types of
web content, from simple HTML web sites to complex, dynamically
generated web pages and web applications.
To install, configure, and manage Enterprise Web server, you need

to know the following:
■ How to Install Enterprise Web Server
■ The Role of Web Manager
■ How to Access Web Manager
■ How to Configure Enterprise Web Server with Web Manager

How to Install Enterprise Web Server
If you did not install Enterprise Web Server during NetWare 6

installation, you can install it afterwards by completing the
following steps:
1. From the NetWare 6 server, insert the NetWare 6 CD.
2. From the server console prompt, enter CDROM.
3. From the NetWare Graphical Console, select Novell > Install >
Add.
4. From the Source Path dialog, browse to and select the
NETWARE6 CD volume; then select OK.
5. Begin copying installation files by selecting OK.
6. From the Components dialog, select Clear All.
7. From the components list, select NetWare Enterprise Web
Server; then select Next.
8. Log in as admin to your container.
9. From the Configure IP-Based Services dialog, do one of the
following:
❑ Leave Single IP Address selected and use the default port
numbers listed for Enterprise Web Server.
❑ Leave Single IP Address selected and change the default
port numbers listed for Enterprise Web Server.
❑ Select Multiple IP Addresses; then enter a unique
secondary IP address for Enterprise Web Server.
By using a unique IP address for Enterprise Web Server,
you can use the default industry standard of port 80 for
both Novell web servers (Enterprise and Apache).

11. From the LDAP Configuration dialog, select Next.
Only select the Allow Clear Text Passwords option if you want
to allow unencrypted passwords and data to be accepted by the
LDAP server.
12. Install Enterprise Web Server on DAx by selecting Finish.
13. After the Enterprise Web Server files are copied and processed,
complete the installation process by selecting Close.
14. From your NetWare 6 server, remove the NetWare 6 CD.
x When you install Enterprise Web Server, AUTOEXEC.NCF is configured to

load the web server each time you restart NetWare. To disable the
autoloading, remove NSWEB from AUTOEXEC.NCF.
You can load and unload the web server from the NetWare server console
prompt by entering NSWEB and NSWEBDN.
The Role of Web Manager
NetWare Web Manager is a browser-based management tool you

can use to do the following:
■ Configure and manage NetWare Enterprise Web Server
■ Monitor Enterprise Web Server activity
■ Set up and manage user authentication and access to
information on your server using eDirectory or local database
modes
■ Access other browser-based management tools such as
NetWare Remote Manager or NetWare Web Search Server
Although you can perform basic eDirectory object management

tasks from NetWare Web Manager, its primary purpose is to provide
you with a tool for configuring and managing web services.

How to Access Web Manager
To access NetWare Web Manager from your workstation, you must

use a 4.x or newer web browser such as Internet Explorer or
Netscape Communicator.
x If you have a firewall, you must configure it to allow the NetWare Web
Manager port number to be made available. By default, the port number
assigned is 2200.
However, you can change the port number using Admin Preferences in
NetWare Web Manager.
To access NetWare Web Manager, do the following:

1. From your NetWare 6 server console prompt make sure web
services are running by entering NSWEB.
The NSWEB command executes an NVXALLUP.NCF file that
starts all web services.
2. From your workstation, open a web browser.
You can use any browser that supports frames and JavaScript
and has access to NetWare Web Manager to configure your
servers.
3. Enter your web server’s domain name or IP address, followed
by a colon and the port number (2200 by default).
For example, if your server’s domain name is
www.mycompany.com and the IP address is 192.168.1.22, you
could enter one of the following:
❑ https://www.mycompany.com:2200
❑ https://192.168.1.22:2200

4. Enter your NetWare administrator username and password; then

click OK.
A web page appears:
Figure 13-2
This is called the NetWare Web Manager home page and is

similar to a home page you might see on the web.
The Web Manager home page links to other web pages for the
web services you have installed. It includes the following
default web service categories:
❑ Admin Preferences: This appears as a button in the top
frame of the Web Manager home page.
Admin preferences lets you configure settings that apply to
Web Manager, such as changing its default port number or
working with error and access logs.
❑ NetWare Enterprise Web Server: This link lets you
access the configuration pages for NetWare Enterprise Web
Server.
From the configuration pages, you can manage everything
from eDirectory user authentication to programs and
content management.

❑ Novell eDirectory: This link lets you perform basic

eDirectory functions such as creating, changing, or deleting
user and group objects, and setting access rights to volumes
and directories on your NetWare server.
❑ NetWare Remote Manager: NetWare Remote Manager
lets you perform basic functions on your NetWare server,
such as performance monitoring and restarting your server.
NetWare Web Manager can also include links to NetWare FTP
Server, NetWare Web Search Server, and Novell iManager, if
you have installed them on the NetWare server.
5. When you finish using the web services management tools, close
the web browser.
How to Configure Enterprise Web Server with Web

Manager
You can use Web Manager to configure and manage Enterprise Web
Server.
Although several configuration options and preferences are

available, one of the first tasks you will probably want to do is
change the directory where Enterprise Web Server looks for your
web pages.
To configure and manage Enterprise Web Server, you need to know

the following:
■ The Purpose of Enterprise Web Server Configuration Options
■ How to Change the Primary Directory for Your Web Site

The Purpose of Enterprise Web Server Configuration Options
The NetWare Web Manager home page includes a NetWare

Enterprise Web Server heading with a link to the NetWare server
where the web server is installed.
When you select the link to the NetWare server, the Enterprise Web
Server configuration page appears:
Figure 13-3
The following describes the purpose of each configuration option:

■ On/Off. Use to load (Server On) and unload (Server Off)
Enterprise Web Server on your NetWare server instead of using
the NSWEB and NSWEBDN commands at the server console
prompt.
■ View Server Settings. Use to view your server’s technical and
content settings and see if your server is running. The technical
settings come from MAGNUS.CONF; the content settings
come from OBJ.CONF.

These files are located in the server root, in the directory

HTTP-servername CONFIG.
b For more on configuring these files, see the Novell Developer Kit web
site at http://www.developer.novell.com/ndk/nscomp.htm.
■ Restore Configuration. Use to view or restore a backup copy

of your configuration files.
■ Performance Tuning. Use to configure the server’s technical
options, including the number of maximum simultaneous
requests, listen queue size, and DNS usage.
■ MIME Types. Use to configure the list of available MIME
types for the web server.
MIME types control the kinds of multimedia files your system
supports. You can also use MIME types to specify what file
extensions belong to certain server file types (for example, to
designate what files are CGI programs).
■ Network Settings. Use to change your server’s network
settings.
■ Error Responses. Use to specify a custom error response that
sends a detailed message to clients when they encounter errors
from your server.
For example, if a client repeatedly tries to connect to a part of
your server protected by access control, you might send an error
file with information on obtaining an account.
■ Restrict Access. Use to specify what files and directories you
want to allow public access to. You can also create and display
a file that alerts users their passwords have expired and that
they are using grace logins.
■ Encryption On/Off. Use to enable and disable encryption.

How to Change the Primary Directory for Your Web Site
Enterprise Web Server is set to display web pages stored in

SYS:\NOVONYX\SUITESPOT\DOCS on your NetWare server.
The DOCS directory includes a sample web site that Enterprise
Web Server displays by default.
However, as you build your own web site, you should store it on
your NetWare server in a volume besides SYS.
To configure Enterprise Web Server to display your web site by

default, do the following:
1. From your workstation desktop, open your web browser.
2. For the URL enter DAx domain:2200 or DAx IP address:2200.
3. From NetWare Enterprise Web Server select the DAx link.
An Enter Network Password dialog appears.
4. Enter your username and password; then select OK.
The NetWare Web Server page appears.
5. Change the directory where Enterprise Web Server looks for web
site documents (specifically INDEX.HTML):
a. From the left frame, select View Server Settings.
b. From the right frame, scroll down until you find Primary
Document Directory.
The current setting directs Enterprise Web Server to locate
the home page (INDEX.HTML) in the
/NOVONYX/SUITESPOT/DOCS directory.
c. Select Primary Document Directory; then enter
volume:/directory/subdirectory.
d. Select OK; then select Save and Apply.
When the changes have been applied, a dialog appears.
e. Select OK.

6. Give users access to the new web site:

a. From the left frame, select Restrict Access.
b. Scroll down to Public Directory Designations.
c. Select Insert Directory.
d. From the New Public Directory field, enter
volume:/directory/subdirectory; then select OK.
e. Scroll down to the bottom of the web page; then select Save
Changes.
You are notified that the change is successful and that you
need to restart Enterprise Web Server.
f. Restart the web server by selecting OK.
7. Close the NetWare Web Manager window.
Exercise 13-1 Install and Configure Enterprise Web Server to Access the
Digital Airlines Web Site
a 25 minutes After learning about Enterprise Web Server, you are ready to install
it on your NetWare 6 server to provide access to the Digital Airlines
web site.
You have received the web site files on a CD from your webmaster
to install on your Netware 6 server in a WEBFILES volume.
Do the following:
■ Part I: Install Enterprise Web Server
■ Part II: Test Enterprise Web Server Access
■ Part III: Install the Digital Airlines Web Site Files
■ Part IV: Configure Enterprise Web Server to Access the Digital
Airlines Web Site Home Page

Part I: Install Enterprise Web Server
To install Enterprise Web Server on DAx at your Digital Airlines

office, do the following:
1. From your NetWare 6 server, insert the NetWare 6 CD.
2. To have DAx recognize the CD, make sure the drive is mounted
by using the CDROM command.
3. Switch to the console prompt on DAx by pressing Ctrl+Esc and
selecting 1.
4. From the console prompt, enter CDROM.
5. Display the NetWare Graphical Console by pressing Ctrl+Esc
and entering the menu number for X Server -- Graphical
Console.
6. From the Graphical Console, select Novell > Install; then select
Add.
NETWARE6 volume; then select OK.
10. From the components list, select NetWare Enterprise Web
Server and NetWare Web Manager; then select Next.
11. Log in as admin with a novell password and an
SLC.DIGITALAIR user context; then select OK.

12. At the Configure IP-Based Services dialog, select Multiple IP

Addresses; then enter one of the following IP addresses and host
names as the secondary IP address and host name for Enterprise
Web Server:
Table 13-1 NetWare 6 Server Secondary IP Address Host Name
DA2 192.168.2.22 WWW2
DA3 192.168.3.23 WWW3
DA4 192.168.4.24 WWW4
DA5 192.168.5.25 WWW5
DA6 192.168.6.26 WWW6
DA7 192.168.7.27 WWW7
The host name is in the field at the right of the IP address and is
currently the server IP address.
15. From the Summary dialog, make sure NetWare Enterprise

Web Server, NetWare Web Manager, and NetWare Port
Resolver are listed.
16. Install Enterprise Web Server and NetWare Web Manager on
DAx by selecting Finish.
It takes a few moments for the Progress dialog to appear and
file copying to start. You might also see a message about
updating LDAP.
17. After Enterprise Web Server files are copied and processed,
18. From DAx, remove the NetWare 6 CD.

Part II: Test Enterprise Web Server Access
NetWare provides some sample HTML files with Enterprise Web

Server. You can test Enterprise Web Server by accessing these files.
Do the following:
1. Load Novell web services on DAx using the NSWEB command:
a. From DAx, switch to the console prompt by pressing
Ctrl+Esc and selecting 1.
b. From the server console prompt, enter NSWEB.
Several Novell web services are loaded onto DAx using the
NVXALLUP.NCF file.
x The NSWEB command is added to your AUTOEXEC.NCF file when

you install NetWare Enterprise Web Server.
However, if you do not restart your server after installing Enterprise

Web Server, you need to enter NSWEB to start Novell Web Services.
2. Display the Enterprise Web Server home page by entering the

web server’s domain name.
WWWx.DIGITALAIRLINES.COM is your web server’s
domain name and is configured for you in NetWare
DNS/DHCP services.
a. From your workstation desktop, open Internet Explorer.
b. Access the pages by entering wwwx.digitalairlines.com for
the URL.
For example, if you entered WWW2 for the host name
during NetWare Enterprise Web Server installation, you
would enter www2.digitalairlines.com for the URL.
The NetWare Enterprise Web Server home web page
appears. This web page was delivered from the web server
to your web browser through port 80 on the NetWare 6
server.

c. Navigate through the sample web pages by selecting links

such as Administration Tools and Developer Tools.
As you move your mouse pointer over the web page links
on the home page, notice the URLs at the bottom of the
Internet Explorer Window.
Each link is associated with a different HTML sample
document located in SYS:NOVONYX/SUITESPOT/DOCS
on your NetWare 6 server.
d. Close Internet Explorer.
Part III: Install the Digital Airlines Web Site Files
Now that you have installed and tested Enterprise Web Server, you
can install the Digital Airlines web site files.
If you have completed Exercises 11-1 and 11-2 in Section 11, the
Digital Airlines web site files are already installed in a WEBFILES
volume on DAx. You can skip this part of the exercise and continue
to Part IV.
1. Create an NSS pool (WEBMEDIA) and NSS logical volume
(WEBFILES) for the web site files:
a. Make sure ConsoleOne is running on your workstation and
that you are logged in as admin to DAx.
b. From the SLC container in ConsoleOne, right-click the DAx
object; then select Properties.
c. Select Media > NSS Logical Volumes; then select New.
d. For the logical volume name, enter WEBFILES; then select
Next.
e. From the list of available storage, select the unpartitioned
space; then select Allow volume quota to grow to pool size.
f. Continue by selecting Next.
g. For the pool name, enter WEBMEDIA; for the pool size,
enter 400.

h. Continue by selecting OK.

i. Create the pool and volume by selecting Finish; then select
Yes.
The pool and volume are active and the volume is mounted.
j. Close the properties dialog by selecting Cancel.
2. Copy the Digital Airlines web site files from your student CD to
the DAWEB directory:
a. From your workstation, insert your student CD.
b. From your workstation desktop, open My Computer.
c. Double-click the CD drive letter, then double-click
EXERCISES > SECTION 13.
d. Select the DAWEB directory; then select Edit > Copy.
e. From the Address drop-down list at the top of the window,
select My Network Places.
f. Double-click NOVELL CONNECTIONS > DAx >
WEBFILES.
g. Right-click the WEBFILES window; then select Paste.
h. When the copying is completed, close the WEBFILES
window.
i. From the workstation, remove the student CD.
Part IV: Configure Enterprise Web Server to Access the

Digital Airlines Web Site Home Page
Although you have installed the Digital Airlines web site files on
your NetWare 6 server, Enterprise Web Server currently displays the
sample web pages in SYS:NOVONYX/SUITESPOT/DOC.
You can change this setting and give customers and employees
access to the Digital Airlines files by using Novell Web Manager.

Do the following:
1. From your workstation desktop, open Internet Explorer.
2. For the URL enter https://DAx.digitalairlines.com:2200.
If Novell Web Manager does not display, try restarting your
NetWare 6 server; then enter the URL again.
3. (Conditional) If a security alert dialog appears, continue by
selecting Yes.
The NetWare Web Manager page appears.
4. From NetWare Enterprise Web Servers, select the DAx link.
5. For the user name, enter .admin.slc.digitalair; for the password,
enter novell.
Make sure you include a period at the left of admin.
6. Select OK.
The NetWare Web Server page for your Enterprise Web Server
appears.
7. Change the directory where Enterprise Web Server looks for web
site documents (specifically INDEX.HTML):
a. In the left frame, select View Server Settings.
b. In the right frame, scroll down until you find a Primary
Document Directory link.
The current setting directs Enterprise Web Server to locate
the home page (INDEX.HTML) in
/NOVONYX/SUITESPOT/DOCS.
c. Select Primary Document Directory; then enter
WEBFILES:/DAWEB.
d. Select OK; then select Save and Apply.
When the changes have been applied, a dialog appears.
e. Select OK.

8. Give your Digital Airlines employees access to the new web site:
a. From the left frame, select Restrict Access.
b. Scroll down to Public Directory Designations.
c. Select Insert Directory.
d. In the New Public Directory field, enter
WEBFILES:/DAWEB; then select OK.
e. Scroll to the bottom of the web page and select Save
Changes.
You are notified that the change is successful and that you
need to restart Enterprise Web Server.
f. Restart the web server by selecting OK.
9. Close the NetWare Web Manager window.
10. Test the new configuration by opening Internet Explorer and
entering wwwx.digitalairlines.com.
Instead of the Enterprise Web Server sample web site, the
Digital Airlines home page appears.
11. Test the Digital Airlines home page by selecting one or more
links (such as Who We Are).
12. When you finish, close the Digital Airlines window.
(End of Exercise)

Objective 3 Install and Configure NetWare FTP Server

NetWare FTP Server provides FTP service for transferring files to
and from NetWare volumes.
FTP Server can be used to post new web content to your Enterprise
Web Server, or to post or retrieve documents from your NetWare file
server.
To perform these tasks, you need to know the following:

■ How to Install FTP Server
■ How to Configure and Use FTP Server
How to Install FTP Server
If you did not install NetWare FTP Server during NetWare 6

installation, you can install it afterwards by completing the
following steps:
1. From the NetWare 6 server, insert the NetWare 6 CD.
2. From the server console prompt, enter CDROM.
3. From the NetWare Graphical Console, select Novell > Install.
4. Browse to and select the NETWARE6 CD volume; then select
OK.
7. From the components list, select NetWare FTP Server; then
select Next.
8. Log in as admin to your container.


Only select the Allow Clear Text Passwords option if you want
to allow unencrypted passwords and data to be accepted by the
LDAP server.
10. Install NetWare FTP Server on DAx by selecting Finish.
11. After the NetWare FTP Server files are copied and processed,
How to Configure and Use FTP Server
You can configure FTP Server with NetWare FTP Server Manager
(accessed from NetWare Web Manager).
Although several configuration options and preferences are

available, your first tasks are normally to set up and configure an
Anonymous account, to give yourself access through an additional
FTP account, and to test the configuration by starting an FTP
session from a workstation.
To do this, you need to know the following:

■ The Purpose of the FTP Server Preference Options
■ How to Configure an Anonymous FTP Server Account
■ How to Restrict FTP Access to eDirectory Containers and
Objects
■ How to Start an FTP Session from Your Workstation

The Purpose of the FTP Server Preference Options
After installing FTP Server, the NetWare Web Manager home page
adds a NetWare FTP Server heading with a link to the NetWare
server where the FTP server is installed.
When you select the link to the NetWare server, the following
Server Preferences menu appears:
Figure 13-4
From the Server Preferences menu, you can select from the
following:
■ On/Off. Use to load (Server On) and unload (Server Off)
Enterprise Web Server on your NetWare server.
You can also use the NWFTPD command at the server console
prompt to load FTP Server; you use the UNLOAD NWFTPD
command to unload FTP Server.
■ Server Settings. Use to see general FTP Server settings that let
you set configurations such as the Welcome message text file,
session parameters, and FTP Server port number.

■ Security. Use to set security preferences such as disabling

intruder detection and invalid login attempts and time
allotment.
■ User Settings. Use to configure settings such as the default
home directory for Anonymous users and restrictions for users
logging into a secure FTP site.
■ Log Settings. Use to select the type of log messages, enter the
number of log messages, and set other log file parameters.
x The configuration changes you make to FTP Server from NetWare Web
Manager Server Preferences are saved in SYS:\ETC\FTPSERV.CFG on your
NetWare server.
b For more on the settings for each configuration option, select Help in the
configuration window for online help.
How to Configure an Anonymous FTP Server Account
Most companies have documents or programs that the public needs

access to. However, setting up a user account for every individual
who needs access would be impractical.
With an FTP server, setting up individual accounts for public access

is not necessary. Like all FTP servers, NetWare FTP Server supports
an Anonymous user account. This account provides individuals with
access to files intended for public use.
To configure an Anonymous account for FTP Server, you need to

create an eDirectory Anonymous user object and configure the FTP
Server anonymous account.

Do the following:
1. Create an Anonymous user object in eDirectory:
Although you can do this with an administrative tool such as
ConsoleOne, an easier way is to use the NWFTPD command at
the server console prompt.
a. From your NetWare server, switch to the console prompt by
pressing Ctrl+Esc and selecting 1.
b. From the server console prompt, enter NWFTPD -A.
c. Enter your admin username; then enter your password.
This logs you in as network administrator to your container
where an Anonymous user object is created for accessing a
home directory on your NetWare server.
The default home directory is SYS:/PUBLIC, and the
Anonymous user object is given Read and File Scan rights
to the home directory.
❑ Accept the default SYS:/PUBLIC home directory by
pressing Enter.
❑ Enter another directory on your NetWare server for the
home directory.
The Anonymous user account is initialized.
e. Return to the server console prompt by pressing the
Spacebar.
2. Configure FTP Server to allow anonymous user login:
a. From your workstation, open a web browser.
b. For the URL, enter DAx.digitalairlines.com:2200 or DAx
IP address:2200.
c. From NetWare FTP Server, select the DAx link.
d. Enter your username and password; then select OK.
The Server Preferences menu appears.

e. Select User Settings; then scroll down to the FTP Server

Anonymous Users heading.
Figure 13-5
You set the following options for an Anonymous account:

❑ Allow anonymous access. Yes or No (default: No)
❑ Anonymous users home directory.
volume:/directory/subdirectory (default:
SYS:/PUBLIC)
❑ Require e-mail address for password. Yes or No
(default: Yes)
If you require an email address for a password, the user can
enter any email address as long as it includes at least one
character followed by an @ sign and another character.
f. Select Save.
When the changes have been applied and initialized, a
dialog appears.
Web Manager saves the changes and turns the server off
and on to make sure changes are recognized by FTP Server.
g. Select OK.

How to Restrict FTP Access to eDirectory Containers and

Objects
By default, NetWare FTP Server allows all eDirectory users

(including Anonymous) to log in and browse through their home
directory on your NetWare server.
However, there are times when you want to restrict access to certain
directories and files on the server.
FTP Server lets you configure access restrictions by entering

commands in the SYS:/ETC/FTPREST.TXT restrictions file on
your server.
You can specify access restrictions at various levels. Multiple access

rights are allowed.
The following levels of access restrictions are supported:

■ Container level. This restriction can be specified for any
eDirectory container and controls all users in that container and
its subcontainers.
■ User level. You can restrict access for a particular user.
■ Domain level. You can specify restrictions at a domain level.
This controls all host servers in that domain and its subdomains.
■ Host level. You can specify restrictions for a particular host.
You can also use the following parameters to configure access

rights:
■ DENY. Denies access to the FTP server for that client.
■ READONLY. Gives read-only access to the client.
■ NOREMOTE. Prevents remote access.
■ GUEST. Gives only Guest access to the user.
■ ALLOW. Gives the user access to the FTP server.

When modifying the FTPREST.TXT restriction file, keep in mind

the following:
■ Each line should have one entity name and corresponding
access rights.
■ Assign the rights of the entities according to the order they
appear in the restriction file. If different rights apply to the
same entity, those that appear last in the restriction file are
applied.
■ All rights specified on the same line are applied to that entity.
■ If the FTPREST.TXT file does not exist or is empty, access is
given to all users, without restrictions.
The following are examples of entries in a restrictions file:
Table 13-2 Example Description
*.digitalair ACCESS=ALLOW User1 at CORPORATE

*.corporate.digitalair ACCESS=DENY is allowed the read-only
right. Other users are
.user1.corporate.digitalair denied the right.
ACCESS=READONLY
However, all other
organizational units
(OUs) at DIGITALAIR
are allowed access.
*.corporate.digitalair ACCESS=DENY All OUs at DIGITALAIR

*.digitalair ACCESS=ALLOW are allowed access
because both rights
apply to CORPORATE
and the latest entry is
applied.

How to Start an FTP Session from Your Workstation
An FTP session creates a connection between the client and the FTP
server to transmit data. You can start an FTP session from a
workstation using one of the following methods:
■ Command-line FTP client. Enter FTP hostname or FTP IP
address, where hostname is the DNS domain name and IP
address is the IP address of the NetWare server running FTP
Server.
■ Web browser or FTP client application. Enter
ftp://hostname or ftp://IP address, where hostname is the
DNS domain name and IP address is the IP address of the
NetWare server running FTP Server.
For example, if the NetWare server IP address is 192.168.1.3,
you would enter ftp://192.168.1.3 in Internet Explorer to access
the default FTP directory.
You are prompted for a username and password. If an Anonymous

account is set up, you can enter anonymous for the username and
the designated password (your email address or no password).
For restricted FTP sites, you need to know the username and
password to access the directories and files.

Exercise 13-2 Install and Configure FTP Server to Access Your Web Site
Files
a 15 minutes After installing Enterprise Web Server and the Digital Airlines web
site files on your NetWare 6 server, you are ready to install and
configure FTP Server to do the following:
■ Allow the public to access tour information and pictures
■ Allow yourself (as network administrator) secure remote access
to your web server directories
Do the following:
■ Part I: Install FTP Server
■ Part II: Configure an Anonymous User Account
■ Part III: Configure Access to DAWEB and FTPFILES
■ Part IV: Test Account Access to FTP Server
Part I: Install FTP Server
To install FTP Server on DAx at your Digital Airlines office, do the

following:
1. From your NetWare 6 server, insert the NetWare 6 CD.
2. From the DAx console prompt, mount the CD as a NetWare
volume by entering CDROM.
3. Display the NetWare Graphical Console by pressing Ctrl+Esc
and entering the menu number for X Server -- Graphical
Console.
4. From the Graphical Console, select Novell > Install; then select
Add.
NETWARE6 CD volume; then select OK.

7. From the Components dialog select Clear All.

8. From the components list, select NetWare FTP Server; then
select Next.
9. Log in as admin with a novell password and an
SLC.DIGITALAIR user context; then select OK
11. From the Summary dialog, make sure NetWare FTP Server and
NetWare Port Resolver are listed.
12. Install FTP Server on DAx by selecting Finish.
13. After the FTP Server files are copied and processed, complete the
installation process by selecting Close.
Part II: Configure an Anonymous User Account
After installing FTP, you want to test the server to make sure it
works properly. The easiest way to do this is by creating an
anonymous user account with the default settings.
Do the following:
1. Create the anonymous user account:
a. From DAx, switch to the console prompt by pressing
Ctrl+Esc and selecting 1.
b. From the console prompt, enter NWFTPD -A.
You are asked for your user admin name.
c. Enter .admin.slc.digitalair.
Make sure you include a period at the left of admin.
You are asked for a password.
d. Enter novell.

This logs you in as network administrator to the SLC

container where an Anonymous user object is created for
accessing a home directory on your NetWare server.
The Anonymous user object is given Read and File Scan
rights to SYS:/PUBLIC on DAx.
e. Accept the default home directory by pressing Enter.
The Anonymous user account is initialized.
f. Return to the console prompt by pressing the spacebar.
2. Verify that an Anonymous user object was created in the SLC
container:
a. From your workstation desktop, start ConsoleOne.
b. Find the Anonymous user object in SLC.DIGITALAIR.
This is the user object you created using the NWFTPD -A
command.
c. Right-click Anonymous; then select Properties.
d. Select Rights to Files and Folders; then select Effective
Rights.
e. In the Effective Rights dialog, select the browse button; then
select and double-click the DAx_SYS volume object.
f. Select the PUBLIC folder; then select OK.
The Anonymous user has Read and File Scan rights to the
PUBLIC folder.
This allows the public accessing this folder through FTP
Server to view the file and directory names and download
files.
g. Close the Properties dialog by selecting Close; then select
Cancel.
3. Verify the Anonymous user account settings:
a. From your workstation, open Internet Explorer.
b. For the URL enter https://DAx.digitalairlines.com:2200.
A Security Alert dialog appears.

c. Continue by selecting Yes.

d. From NetWare FTP Server, select the DAx link.
e. For the user name, enter .admin.slc.digitalair; for the
f. Select OK.
The Server Preferences menu appears.
Notice that FTP Server is currently off (unloaded).
g. From the left frame, select User Settings; then scroll down
to FTP Server Anonymous Users.
You see the following settings:
❑ Allow anonymous access: YES
❑ Anonymous users home directory: SYS:/PUBLIC
❑ Require email address for password: YES
These settings allow a user to log into an account on FTP
Server with a user name of anonymous and a password of
any valid email address.
After logging in, the user can access all files in the
PUBLIC directory on DAx.
4. Test the Anonymous user account access using the FTP service
in Internet Explorer:
a. From the Server Preferences menu, select On/Off.
b. Load FTP Server by selecting Server On.
Wait for the message “The server is currently On” before
continuing.
c. Open another Internet Explorer window.
d. Access FTP Server by entering
FTP://WWWx.DIGITALAIRLINES.COM where x is the
number of your server (such as WWW2 for DA2).
A dialog appears requesting a user name and password to
the FTP user account.

e. Select Log in Anonymously.

Make sure the password includes an “@” character with at
least one character at the left and right (such as a@b).
f. Select Login.
The folders and files in SYS:/PUBLIC appear in the
Internet Explorer window.
g. Close the Internet Explorer window.
Because you selected Log in Anonymously, Internet
Explorer stores the user name and password to the account.
The next time you access FTP Server and do not specify a
directory, you are logged in as Anonymous and the default
home directory for the account appears.
Part III: Configure Access to DAWEB and FTPFILES
The DAWEB directory on volume DATA contains all Digital

Airlines web site files you want to access from home using FTP
Server.
The directory also contains a FTPFILES subdirectory where you

want to store the files the public accesses through the Anonymous
user account.
To restrict DAWEB directory access to your ADMIN object, but

allow public access to FTPFILES, do the following:
1. From the Server Preferences menu for FTP Server, select
On/Off; then select Server Off.
2. From the Server Preferences menu, select User Settings.
3. Under FTP Server User Settings, change the default home
directory to WEBFILES:/DAWEB.
4. Under FTP Server Anonymous Users, change the anonymous
users’ home directory to WEBFILES:/DAWEB/FTPFILES.

5. Scroll to the bottom of the page and select Save.

Web Manager saves the changes and turns FTP server on and
off for you to apply the changes.
6. Select OK.
7. Grant File Scan and Read rights to
WEBFILES:/DAWEB/FTPFILES for the anonymous user:
a. From the SLC container in ConsoleOne, double-click
DAx_WEBFILES > DAWEB.
b. Right-click FTPFILES and select Properties.
c. Select Trustees > Add Trustee.
d. Browse to and select the Anonymous user object in the SLC
container; then select OK.
e. Make sure Anonymous has Read and File Scan rights
selected; then select OK.
8. Modify the FTPREST.TXT file to limit DAWEB access to your
admin object:
a. From your NetWare 6 server, switch to X Server --
Graphical Console by selecting the appropriate option.
b. Select Novell > Utilities > Editor.
c. Select File > Open.
d. Open the FTPREST.TXT file by double-clicking ETC >
FTPREST.TXT.
The FTPREST.TXT file is opened in an Editor window.
e. Place the cursor at the bottom of the file and press Enter;
then enter the following commands:
*.DIGITALAIR ACCESS= DENY
.ADMIN.SLC.DIGITALAIR ACCESS= ALLOW
.ANONYMOUS.SLC.DIGITALAIR ACCESS=
ALLOW
Include a period before ADMIN and ANONYMOUS, and a
space after each equal sign.

These commands restrict access to volume objects in

DIGITALAIR, except Admin and Anonymous user objects.
f. Select File > Save; then select File > Exit.
9. Start FTP Server:
a. From your workstation, in the left frame of Server
Preferences, select On/Off.
b. Select Server On.
Part IV: Test Account Access to FTP Server
After configuring FTP Server to restrict DAWEB access to your

Admin object but allow public access (through Anonymous) to
FTPFILES, you can test your configuration.
Do the following:
1. From Internet Explorer, select File > New > Window.
A new Internet Explorer window is opened.
2. Access the Anonymous user account directory by entering
FTP://DAx.DIGITALAIRLINES.COM.
3. (Conditional) If you are prompted to log in, select Log in
Anonymously; then select Login.
4. Right-click a file in the folder; then select Copy to Folder.
5. Select the My Documents folder; then select OK.
6. Check the My Documents folder.
The file has been copied (downloaded) from
WEBFILES:/DAWEB/FTPFILES to the MY DOCUMENTS
folder on your workstation.
7. Try copying a file from MY DOCUMENTS to FTPFILES.
An error appears indicating that you do not have the right
(permission) to write a file to the FTPFILES directory.

8. Close the message by selecting OK.

9. From the Internet Explorer window where the contents of the
FTPFILES directory appears, select File > Login As.
10. For the user name enter .admin.slc.digitalair; for the password
enter novell.
11. Select OK.
The files in DAWEB appear in the Internet Explorer window.

12. Copy a file from MY DOCUMENTS to DAWEB.
The file is copied to your NetWare server.

13. (Optional) Continue testing your admin file rights to DAWEB by
copying files to and from the directory
14. From your workstation desktop, close any open windows.
(End of Exercise)

Summary
Objective Summary
1. Identify the To identify how Novell web service components

Purpose of Novell help you build a one net solution, you need to
Web Services
know the following:
■ The purpose of each Novell web services
component:
■ NetWare Enterprise Web Server
■ Apache Web Server for NetWare
■ Tomcat Servlet Engine for NetWare
■ NetWare FTP Server
■ WebDAV
■ NetWare Web Manager
■ How Novell web service components support
Novell net services
2. Install, Configure, To install, configure, and manage Enterprise

and Manage Web Server, you need to know the following:
Enterprise Web
Server ■ How to install Enterprise Web Server
■ The role of Web Manager:
■ Configure and manage NetWare
Enterprise Web Server
■ Monitor Enterprise Web Server activity
■ Set up and manage user authentication
and access to information on your server
using eDirectory or local database modes
■ Access other browser-based management
tools such as NetWare Remote Manager
or NetWare Web Search Server
■ How to access Web Manager
■ How to configure Enterprise Web Server with
Web Manager

Objective Summary
3. Install and FTP Server can be used to post new web

Configure content to your Enterprise Web Server, or to
NetWare FTP
post or retrieve documents from your NetWare
Server
file server.
To perform these tasks, you need to know the
following:
■ How to install FTP Server
■ How to Configure and Use FTP Server
To do this you need to know the following:
■ The purpose of the FTP server preference
options
■ How to configure an anonymous FTP
server account
■ How to restrict FTP access to eDirectory
containers and objects
■ How to start an FTP session from your
workstation

MODULE 8
Upgrade NetWare Servers to NetWare 6
Section 14 Plan for a NetWare 6 Upgrade or Migration
Section 15 Upgrade or Migrate to NetWare 6
Section 16 Add a NetWare 6 Server to the Tree

Novell Network Management / Instructor Guide Plan for a NetWare 6 Upgrade or Migration
SECTION 14 Plan for a NetWare 6 Upgrade or

Migration
Duration: 1 hour In this section, you learn to plan your NetWare 6 migration or
upgrade to mitigate failures and network outages.
Objectives
Prior to starting this section, 1. Review NetWare 6 Operating System Requirements
remove NetWare 6 and install
NetWare 5.1 on student servers 2. Upgrade Network and Server Hardware
using images created in the course 3. Prepare the Network for the Migration or Upgrade
Setup section.
4. Create an Upgrade or Migration Plan
If images are not available, install
NetWare 5.1 on student servers
using the parameters specified in
the Setup section under “Create Introduction
Images.”
Upgrading or migrating an existing NetWare network to NetWare 6
Be sure to leave DA7 blank. is a critical task that must be planned carefully in advance.
Students perform an installation on
it in Section 16. Failure to plan the upgrade or migration process could result in data
loss and network downtime; both of which incur costs for your
organization.

Objective 1 Review NetWare 6 Operating System

Requirements
To upgrade or migrate your existing NetWare network to NetWare
6, you must meet minimum requirements in the following areas:
■ Software Requirements
■ Hardware Requirements
■ Required eDirectory Rights
Software Requirements
The servers in the network to be upgraded must be running one of

the following network operating systems:
■ NetWare 5.1 with Support Pack 2 or later
■ NetWare 5 with Support Pack 6 or later
Hardware Requirements
Emphasize that these are only In addition to the software requirements, the servers in your
minimum requirements. network must meet the following minimum hardware requirements:
Table 14-1 Component Minimum Requirement
CPU One of the following:

■ Intel Pentium Pro or later (Pentium II or later
strongly recommended)
■ AMD Athelon (K7) or later
Memory 256 MB (512 MB strongly recommended)

Table 14-1 (continued) Component Minimum Requirement
Explain that NetWare 6 uses a Disk Space The following are required:
200 MB DOS partition by default. ■ 200 MB DOS partition with at least 35 MB of
free space
Explain that it is advisable to use
■ 2 GB of free space on volume SYS
a DOS partition that is 200 MB +
the size of the server’s RAM. Video SVGA-compatible display required
Point out that the VESA_RSP Network Interface One network board required
command can be issued after
Media Drives One CD drive required
installation to detect new video,
monitor, or mouse hardware. Mouse One of the following is recommended (but not
required):
■ USB
■ PS/2® (Mini-DIN)
■ Serial
Required eDirectory Rights
In addition to meeting software and hardware requirements, you

also need the following eDirectory rights to complete a migration or
upgrade to NetWare 6:
■ Supervisor right at the Root of the eDirectory tree.
■ Supervisor right to the container where the Server object
resides.
■ Read right to the Security container object for the eDirectory
tree.

Objective 2 Upgrade Network and Server Hardware

Emphasize that servers in a To ensure that your NetWare 6 implementation provides acceptable
working environment must have performance, you should upgrade the following:
more CPU speed, memory, and
hard disk space than those used in ■ Network Infrastructure. To improve overall performance,
a classroom or in a lab. consider upgrading your network hardware to support the
fastest network speeds that are financially feasible for you.
For example, if you have a 10 Mbps Ethernet implementation,
consider upgrading your network boards, wiring, hubs or
switches, and routing hardware to support 100 Mbps Ethernet.
■ Server Hardware. In addition to your network infrastructure,
you should also consider upgrading your NetWare server
hardware prior to upgrading or migrating to NetWare 6.
The complex services provided by NetWare 6 place significant
demands on your server hardware; especially your CPU, RAM,
network boards, and hard disks.
First, make sure your hardware meets the minimum
requirements listed previously. Then, consider the following
upgrades:
Table 14-2 Component Recommended Specification
Point out that 750 Mhz is a CPU ■ Multiple CPUs (2-4)

recommended minimum. Faster ■ Pentium III, Pentium III Xeon, or Pentium IV
CPUs should be used in servers processors
in a production environment. ■ 750 Mhz or faster clock speed
Memory ■ RDRAM (Rambus) or DDR memory

■ 1 GB or more memory
Storage ■ Fiber-Channel Storage Area Network (SAN)

■ RAID 5 array
Network ■ 64-bit PCI interface

Interface ■ 100 Mbps or faster interface
■ Multiple interfaces

Objective 3 Prepare the Network for the Migration or

Upgrade
Prior to planning your NetWare 6 migration or upgrade, you should
prepare your network for the migration or upgrade process.
■ Back Up eDirectory and the File System
■ Prepare the Network for NetWare 6 with Deployment Manager
Back Up eDirectory and the File System
The process of upgrading or migrating to NetWare 6 carries the risk

of data loss and network outages as system files are updated and
data is copied to new volumes.
Emphasize that failing to perform a Novell Technical Support receives support calls each week from
backup before upgrading or network administrators who experience problems while upgrading
migrating could potentially cost or migrating but who did not back up the network. Such situations
students their jobs. can destroy your network and jeopardize your job.
Emphasize that it is critical that 2 Prior to completing any NetWare 6 upgrade or migration tasks,
verified backups be made, even make 2 full backups of your entire eDirectory tree and the file
though it takes time to complete systems on each server.
the process.
After the backups are made, verify the backups. Creating verified
backups lets you quickly restore your system should errors occur
during the upgrade or migration process.

Prepare the Network for NetWare 6 with Deployment

Manager
Emphasize the importance of Before you add a NetWare 6 server to a network, you run NetWare
using Deployment Manger prior to Deployment Manager to update existing NetWare servers. It checks
upgrading or migrating to system files to ensure that NLMs and eDirectory files are updated to
NetWare 6. allow NetWare 6 to be installed.
Updating the network includes the following tasks:

■ View and Update eDirectory System Files
■ Prepare for eDirectory 8.6
■ Update the Certificate Authority (CA) Object
View and Update eDirectory System Files
You must update eDirectory before you upgrade or migrate your

first NetWare 6 server into the network. Deployment Manager
guides you through the steps to make sure you have the latest
eDirectory system files. You need do this only once.

1. From your administrative workstation, log in to your NetWare
network as a user with Supervisor rights to the eDirectory tree.
2. Insert your NetWare 6 operating system CD in the workstation
CD drive.
3. From the root of your NetWare 6 operating system CD, run
NWDEPLOY.EXE.
4. In the Deployment Manager main menu, select Network
Preparation.
5. Under Network Preparation, select View and Update
eDirectory Versions.
6. In the Update NDS window, select Browse.

7. In the NDS Tree Browser window, browse to your tree and select
the top-most container in your tree; then select OK.
8. Mark Include Subordinate Containers; then select Next.
9. Mark the servers in your network that require updating; then
select Next.
Deployment Manager detects which servers need to be updated.
The servers that appear in the Server column are the only
servers that need to have eDirectory updated.
10. Wait while files are copied.
11. When prompted that eDirectory must be reloaded for the changes
to take effect, select Next.
12. When prompted that the servers have been updated, select Exit.
Prepare for eDirectory 8.6
Because installing NetWare 6 installs eDirectory version 8.6, you

must modify your existing network schema. Modifying the network
schema requires rights to the Root of the eDirectory tree.
To do this, complete the following:

1. From the root of your NetWare 6 operating system CD, run
NWDEPLOY.EXE.
2. In the Deployment Manager main menu, select Network
Preparation.
3. In the Deployment Manager main menu, select Step 3: Prepare
for NDS eDirectory 8.6.
4. In the Update NDS window, browse to your tree and select Next.
5. When prompted, select a server that contains a Master or a
Read/Write replica of the Root partition.
6. When prompted that the tree has been prepared, select Exit.

Update the Certificate Authority (CA) Object
Make sure students understand In addition to updating Directory Services, you also might need to
that this process doesn’t have to update the Novell Certificate Server and the Certificate Authority
be done when upgrading NetWare (CA) object in your tree.
4.x or NetWare 5.1 servers.
x Updating the Certificate Authority only applies to NetWare 5.0 servers. The
NetWare 5.1 CA is automatically updated during the NetWare 6 upgrade.
To upgrade Novell Certificate Server, you need the following:

■ A user account with the Supervisor right to the root of the
eDirectory tree and to the Security container
■ The NICI client 2.0.2 or later installed on the workstation
where ConsoleOne will be run
To update the NetWare 5 CA object, complete the following:

1. Determine the server that is hosting the organizational CA.
a. Using ConsoleOne, browse to and select the organizational
CA object.
b. Select the General tab.
The server acting as the CA is listed in the Host server
field.
2. On the server hosting the CA, verify that it is running Novell
Certificate Server 2.0 or later.
a. From the server console, enter NWCONFIG.
b. Select Product Options.
c. Select View/Configure/Remove Installed Products.
d. Verify the PKIS entry: If there is no entry, or if you do not
see version 2.0.0 or later, install Novell Certificate Server 2.0
or later before continuing.
Novell Certificate Server can be downloaded from
http://www.novell.com/download.

3. Check for the existence of security-related objects and establish

the proper eDirectory rights for creating and operating the CA.
If the security container, KAP container, or the W0 object do
not exist, the installation of the first NetWare 6 server will
create them.
b For additional details, see TID 10053572. Remember that the server
hosting the CA must remain operational and accessible during the
installation of all NetWare 6 servers into the tree.
Objective 4 Create an Upgrade or Migration Plan

Help students understand that After the preparatory steps listed in the preceding objectives are
successful network administrators complete, you should create an upgrade or migration plan.
must use project management
skills when working on large-scale Having a solid plan and 2 verified backups are your key defenses
upgrade or migration projects. against upgrade or migration failures.
Designing an upgrade or migration plan is composed of the

following steps:
■ Determine a Server Strategy
■ Determine an eDirectory Strategy
■ Create a Flow of Events
■ Assign Roles and Responsibilities
Determine a Server Strategy
There are 2 general strategies you can choose from when upgrading
an existing NetWare 4 or 5 server to NetWare 6:
■ In-Place Upgrade
■ Across-the-Wire Migration

Each strategy has its benefits and its drawbacks. The strategy you
choose is based on your organizational values and needs.
In-Place Upgrade
During an in-place upgrade, you use the NetWare 6 operating

system CD to install NetWare 6 on top of the existing version of
NetWare on the server. The advantages and disadvantages of this
strategy are as follows:
Table 14-3 Benefits Disadvantages
It’s very fast. An in-place upgrade The risk of data loss is high. If
generally takes 30 to 45 minutes. errors occur, the original server is
no longer operational.
It requires less hardware. The Your existing server hardware will

only computer required is the probably have to be upgraded to
server itself. run NetWare 6.
An in-place upgrade is less

complex than an across-the-wire
migration; making it easier and
more reliable.
In-depth information about in-place upgrades is presented in the

next section.
Across-the-Wire Migration
During an across-the-wire migration, you first install a generic

NetWare 6 server.
Then you use the NetWare Migration Wizard, which runs on a

Windows PC, to migrate the eDirectory tree and the file system
from the original source server to the newly installed NetWare 6
server.

In the process, the NetWare 6 server name is replaced by the source

server’s name and the eDirectory tree is replaced by the source
server’s tree.
The advantages and disadvantages of this strategy include the

following:
Table 14-4 Benefits Disadvantages
The risk of data loss is much It is much slower than an in-place

lower than with an in-place upgrade.
upgrade. NetWare 6 must be installed first;
If a problem occurs somewhere in then data must be migrated from
the migration process, the source the source server to the NetWare
server is still operational. 6 server.
Network bandwidth limits can
cause migrations of servers
holding large amounts of data to
take 4-6 hours.
It facilitates easy hardware The migration process is more

upgrades. complex than an in-place
Instead of upgrading the source upgrade; resulting in more
server, you purchase a new, potential points of failure.
high-end server and migrate data
from the old hardware to the new
hardware.
It requires more hardware than an

in-place upgrade.
You must use the source server, a
destination server, and a
intermediary workstation.
Your choice of sever strategy, as stated earlier, is based on your

organizational values and needs.

For one company, speed might be the most important factor; making
an in-place upgrade the most advantageous choice. For another
company, data integrity might be most important; making an
across-the-wire migration the better choice.
Determine an eDirectory Strategy
Emphasize that one strategy isn’t After identifying a server strategy, the next step is to determine an
necessarily better than the other. eDirectory strategy. There are 2 general strategies you can choose
Organizational values will dictate from when designing an upgrade or migration plan:
which approach is best.
■ Top-Down Upgrade
■ Bottom-Up Upgrade
As with server strategies, each eDirectory upgrade strategy has

benefits and drawbacks. The strategy you choose is based on your
organizational priorities and values.
Top-Down Upgrade
With the top-down upgrade strategy, you first upgrade or migrate

the server that holds the master replica of the root partition of your
eDirectory tree.
When it is complete, you then upgrade or migrate servers in order,

down the tree. The process is complete when you reach the bottom
of the tree.

The top-down strategy has the following benefit and drawback:
Table 14-5 Benefit Drawback
Easy to plan and organize. Increased risk of problems. Because

you update the master replica of the root
partition of the tree first, errors
introduced during the process could
propagate throughout the tree.
To execute a top-down upgrade strategy, complete the following:

1. Complete a Directory Services health check.
2. Run a full unattended repair on your tree using
DSREPAIR.NLM.
3. Create a full backup of your eDirectory tree and verify your
backup.
4. Check your hardware vendor’s web sites for firmware updates;
download and apply any updates.
5. Plan where you will locate licenses in the new tree.
Consider placing the licenses as high in the tree as possible.
Use partitioning and replication strategies to replicate these
licenses to remote locations.
Configure your partitioning and replication strategy (covered in
later courses) so users don’t cross WAN links to check for
license availability.
6. Identify the server in your network that has the master replica of
the root partition of your tree.
7. If you haven’t done so already, create a full file system backup
of this server and verify the backup.
8. Upgrade or migrate the server using the steps presented in the
next section.

9. When the upgrade is complete, allow eDirectory to normalize for

a period of time.
This allows the schema to synchronize throughout the network.
Depending on the size of your network, this could range from a
couple of hours to several days. Use the green light indicator in
iMonitor to check the status of your tree.
10. To verify that the schema is properly synchronized, trigger a
schema sync operation with DSTRACE:
a. Enter the following commands at the server console:
SET DSTRACE=ON
SET DSTRACE=+SCHEMA
SET DSTRACE=*SS
b. Switch to the Directory Services Trace screen.
SCHEMA: All Processed = YES
11. Repeat this process for each server in the tree, working your way
from the top of the tree to the bottom.
Bottom-Up Upgrade
The bottom-up strategy was Alternatively, you can use a bottom-up strategy to plan your
successfully used to upgrade the migration or upgrade. With this strategy, you upgrade or migrate
internal Novell corporate network noncritical servers at the bottom of the eDirectory tree first.
to NetWare 6.
When complete, you then upgrade or migrate servers in order, up
the tree. The last server to be upgraded or migrated is the server
holding the master replica of the root partition.

The bottom-up strategy has the following benefits and drawbacks:
Table 14-6 Benefits Drawback
Errors encountered during the upgrade Requires more complex

or migration are less likely to be planning.
propagated to the entire tree.
Synchronization issues are isolated.
To execute a bottom-up upgrade strategy, complete the following:

1. Complete a Directory Services health check.
2. Run a full unattended repair on your tree with DSREPAIR.NLM.
3. Create a full backup of your eDirectory tree and verify your
backup.
4. Check your hardware vendor’s web sites for firmware updates;
download and apply any updates.
5. Plan where you will locate licenses in the new tree.
Consider placing the licenses as high in the tree as possible.
Then use partitioning and replication strategies to replicate
these licenses out to remote locations.
Configure your partitioning and replication strategy (explained
in Section 8 of this course) so users don’t need to cross WAN
links to check for license availability.
6. Identify the servers in your network that hold DS replicas.
7. Identify the servers in your network that hold replicas of the
lowest-level partitions of your tree.
8. Select the least critical of these servers to be the first server
upgraded or migrated.
9. If you haven’t done so already, create a full file system backup
of this server and verify the backup.

10. Upgrade or migrate the server using the steps presented in the
next section.
11. When the upgrade is complete, allow eDirectory to normalize for
a period of time to let the schema synchronize throughout the
network.
Depending on the size of your network, this could range from a
couple of hours to several days. Use the green light indicator in
iMonitor to check the status of the tree.
schema sync operation with DSTRACE.
SET DSTRACE=ON
SET DSTRACE=+SCHEMA
SET DSTRACE=*SS
b. Switch to the Directory Services Trace screen.
13. Repeat this process for each server in the tree that holds a replica,
working your way from the bottom of the tree to the top.
14. When complete, repeat this process for any servers in your tree
that don’t hold a replica.
Start with the least critical servers and progress to those that are
more important.

Create a Flow of Events
Give students examples of After you select a server strategy and an eDirectory strategy, the
upgrade or migration tasks that are next step in creating a migration or an upgrade plan is to create a
dependent upon each other and flow of events. If possible, use project planning software to
tasks that can be done complete this phase.
concurrently.
Do the following:
If project management software 1. Identify and list every task that must be completed in detail.
isn’t available, the network
administrator can list tasks on 2. Identify tasks that must be done in order.
sticky notes arrayed on a wall. 3. Identify tasks that can be done concurrently with other tasks.
They can be easily arranged and 4. Determine the following:
rearranged to create the proper ❑ Which tasks can’t be started until other tasks are completed
flow of events.
❑ Which tasks must start at the same time
❑ Which tasks must end at the same time
5. Identify the amount of time each task must take.
Assign Roles and Responsibilities
After creating a flow of events, you identify roles and

responsibilities:
Help students understand the 1. Identify roles that are required to complete the project.
concept of resource allocation.
Give examples; such as one You might need roles such as a backup specialist, an eDirectory
resource working on 2 concurrent specialist, a NetWare specialist, or a hardware specialist. Your
tasks. organization’s values and priorities help define these roles.
Assigning a single resource 2 2. Assign individuals to these roles.

concurrent 8-hour tasks can bring
the schedule in on paper, but 3. Assign roles to specific tasks.
actually takes the resource 16 Allocate your resources properly. Over-allocating resources
hours to complete. causes your project to take longer than anticipated.
Under-allocating resources lengthens your schedule.

Project management software is particularly helpful here. It

identifies where you’ve assigned a resource to complete too
many tasks or where resources are idle.
4. Arrange the tasks (either on a calendar or with project
management software) based on the following:
❑ The order they are to be completed
❑ How long they will take
❑ Who will complete them
Exercise 14-1 Creating a NetWare 6 Upgrade Plan
a 45 Minutes In this exercise you create a NetWare 6 upgrade plan for Digital
Airlines, Inc.
In this exercise, take the role of the You and your classmates work for a major technology consulting
Digital Airlines CIO. firm. Your firm has been recently hired by Digital Airlines to
upgrade their NetWare 5.1 network to NetWare 6.
You have hired the students as
consultants to upgrade your
NetWare 5.1 network to
Corporate Network Architecture
NetWare 6.
To define your upgrade plan, begin with the following information
Provide students with coaching
and feedback as they prepare their about the Digital Airlines network.
plan. ■ Digital Airlines is headquartered in Salt Lake City, USA and
has terminals in airports around the world:
❑ Salt Lake City International Airport (SLC)
❑ Delhi Indira Gandhi International Airport (DEL)
❑ New York La Guardia International Airport (LGA)
❑ Sydney Australia International Airport (SYD)
❑ Berlin Tegel International Airport (TXL)
❑ London Heathrow International Airport (LON)
■ Each airport terminal has one NetWare 5.1 server.

■ The Digital Airlines network has a single eDirectory tree:

DigitalAir-Tree.
■ Terminals are interconnected by 128 Kbps WAN links.
■ Each terminal has a range of addresses within the corporate
class A network:
Table 14-7 Terminal Address Range
SLC 10.1.0.1 - 10.1.0.254
DEL 10.2.0.1 - 10.2.0.254
LGA 10.3.0.1 - 10.3.0.254
LON 10.4.0.1 - 10.4.0.254
SYD 10.5.0.1 - 10.5.0.254
TXL 10.6.0.1 - 10.6.0.254
TYO 10.7.0.1 - 10.7.0.254
Project Requirements
The executive board of Digital Airlines, under advisement from

Digital Airlines’ CIO, has authorized an upgrade of all corporate
servers to NetWare 6.
The CIO has provided you with the following project requirements:
■ Because of timing issues, servers will be upgraded to
NetWare 6, not migrated.
■ The upgrade must be done using the bottom-up eDirectory
upgrade strategy.
■ The entire network must use a single protocol: TCP/IP.
■ There should be a single authoritative DNS server for the entire
corporation.

■ Each terminal should have its own DHCP server. This server
should provide DHCP clients with a dynamic IP address and
subnet mask. In addition, the following options should be
configured:
❑ DNS server IP address
❑ Default gateway IP address
❑ SLP directory agent IP address
■ The DHCP server should dynamically update the corporate
DNS server with workstation hostnames and IP addresses.
■ Each terminal should have an SLP directory agent running to
help clients locate services. These directory agents should be
statically configured to replicate with each other.
■ Previous management at Digital Airlines had instituted a policy
that allowed only a few individuals to have user accounts.
However, because of new NetWare 6 features such as iFolder,
current management wants every employee to have a user
account. You will be provided an LDIF file created by an HR
system to create the accounts.
■ Licenses for Digital Airlines should be placed as high in the
tree as possible. A replica of the partition that contains the
licenses should be placed on each server so local users don’t
have to use a WAN link to get a license.
■ Every server is to have a SYS and a DATA volume. No user
data or applications are allowed on SYS. Both DATA and SYS
must be NSS volumes.
■ iFolder is to be installed on every server. Each server will
provide iFolder services for only users at the terminal where the
server is physically located. Every user in the tree is to have an
iFolder account.

■ A backup solution must be implemented that creates a full

backup on Sunday night at 11:30 PM and an incremental
backup on Monday, Tuesday, Wednesday, Thursday, Friday,
and Saturday nights at 11:30 PM.
■ The server in New York City will host company intranet web
and FTP servers.
Depending on the size of the Using the preceding information, meet together as a class and
student group, some students design an upgrade plan for Digital Airlines. Be prepared to present
might need to share roles. your plan in writing to your client (your instructor) when you are
done. To complete the plan, do the following:
Point out that the tree has only a 1. Assign the following roles:
single partition. DA1 has the
❑ Project Lead
master replica, DA2 and DA3 have
read/write replicas. ❑ eDirectory Specialist
❑ NetWare Specialist
❑ Hardware Specialist
❑ Documentation Specialist
Help students identify better ways 2. Determine and write a server upgrade strategy.
to partition and replicate the tree.
3. Determine and write an eDirectory upgrade strategy.
If desired, provide students with 4. Create a flowchart of tasks and responsibilities.

sticky notes. Instruct them to
brainstorm all the tasks they will
(End of Exercise)
need to complete. Then have them
arrange the notes on the wall to
create their upgrade plan.

Summary
Objective Summary
1. Review NetWare 6 The servers on your network to be upgraded

Operating System must run one of the following:
Requirements
■ NetWare 5 with Support Pack 6 or later
The servers must also meet the following
hardware requirements:
■ CPU. One of the following CPUs is required:
■ Intel Pentium Pro or later (Pentium II or
later strongly recommended)
■ AMD Athelon (K7) or later
■ Memory. 256 MB (512 MB strongly
recommended)
■ Disk Space. The following are required:
■ 35 MB of free space on the server’s DOS
partition
■ 2 GB of free space on volume SYS
■ Video. SVGA-compatible display
■ Network Interface. One network board
■ Media Drives. One CD drive
■ Mouse. One of the following is recommended
(but not required):
■ USB
■ PS/2 (Mini-DIN)
■ Serial

Objective Summary
2. Upgrade Network To ensure that your NetWare 6 implementation

and Server renders an acceptable level of performance,
Hardware
upgrade
■ Network Infrastructure
■ Server Hardware
3. Prepare the Prior to planning your NetWare 6 migration or

Network for the upgrade, prepare your network for the migration
Migration or
or upgrade by doing the following:
Upgrade
■ Back Up eDirectory and the File System
■ Prepare the Network for NetWare 6 with
Deployment Manager
4. Create an Upgrade ■ Having a solid plan and 2 verified backups are

or Migration Plan your key defenses against upgrade or
migration failures.
■ Designing an upgrade or migration plan is
composed of the following:
■ Determine a Server Strategy
■ Determine an eDirectory Strategy
■ Create a Flow of Events
■ Assign Roles and Responsibilities
Exercise Answers
Answers vary.


Novell Network Management / Instructor Guide Upgrade or Migrate to NetWare 6
SECTION 15 Upgrade or Migrate to NetWare 6
Duration: 2 hours, 30 minutes In this section you learn the 2 methods that you can use to upgrade
an existing NetWare server to NetWare 6.
Objectives
1. Perform an In-Place Upgrade
2. Perform a Migration
3. Perform Post-Migration or Post-Upgrade Tasks
Introduction
With your migration or upgrade plan complete, you can upgrade
your network to NetWare 6.
In this section, you learn how to upgrade or migrate an existing

NetWare server to NetWare 6.
Objective 1 Perform an In-Place Upgrade

You use the NetWare 6 installation program to upgrade an existing
NetWare 4 or NetWare 5 server to NetWare 6.
The upgrade process includes the following tasks:

■ Prepare the Server
■ Perform an In-Place Upgrade

During the upgrade, the server is upgraded to NetWare 6 through

the following automated tasks:
■ Device drivers and LAN drivers for NetWare 6 are loaded.
Outdated drivers are matched with and replaced by new drivers
included with NetWare 6.
■ eDirectory is upgraded.
■ NetWare 6 information is added to the AUTOEXEC.NCF and
STARTUP.NCF files.
■ The NetWare 6 files are copied to the server.
Prepare the Server
To prepare your existing server for the NetWare 6 operating system,

do the following:
■ Back Up the NetWare Server Files
■ Prepare Application Files Prior to Upgrading
■ Verify that the DOS Partition is Large Enough for NetWare 6
Back Up the NetWare Server Files
Make at least 2 full backups of your NetWare server files, including

files on the DOS partition, and your eDirectory tree.
After the backups are complete, verify the backups. Do not attempt
an upgrade without a backup.

Prepare Application Files Prior to Upgrading
The following NetWare applications require that you prepare their

files prior to upgrading:
■ IBM WebSphereTM Application Server for NetWare. If the
server is running IBM WebSphere Application Server for
NetWare, you must migrate your existing web applications
using the migration utility included with NetWare 6.
The utility migrates WebSphere web applications to Tomcat 3.3
web applications. To migrate WebSphere applications, do the
following:
1. At the NetWare server system console, enter
XMLCONFIG -EXPORT volume_name:\websphere
\migrate.xml adminNodeName NodeName.
If you installed WebSphere in a different directory, specify
that directory.
2. Complete the upgrade to NetWare 6.
3. After the upgrade, continue migrating the applications by
following the instructions in “Migrating from WebSphere to
Tomcat” in “Getting Results with Novell Web Services” at
www.novell.com/documentation/lg/nw6p/index.html.
■ ZENworks for Server 2. If the server is running ZENworks for
Servers 2, you must install ZENworks for Servers 2 Support
Pack 1 prior to upgrading the server to NetWare 6.
You can get ZENworks for Servers 2 Support Pack 1 and
related information from Novell Technical Support.

Verify that the DOS Partition is Large Enough for NetWare 6
NetWare uses a DOS partition to start the computer and load

NetWare. Any existing NetWare startup files are replaced with
NetWare 6 files.
The DOS partition must be large enough to accommodate new

NetWare 6 files. We recommend that the DOS partition be at least
200 MB.
We strongly recommend that you make the partition large enough to

hold both the system files and a memory core dump.
If the DOS partition doesn’t have enough space, you cannot

upgrade. To resize the DOS partition, you must use a partition
management tool, such as ServerMagic by PowerQuest.
Perform an In-Place Upgrade
After accessing the NetWare 6 installation files, follow the

instructions for installing a server.
If you are upgrading a NetWare server with NSS volumes, the NSS
volumes do not appear or mount until they are updated.
b Updating NSS volumes is done after finishing the server upgrade by

following the “Updating NSS Volumes” instructions in Deployment
Manager.
Because you are doing an upgrade, you are not prompted to provide
all the information normally required for a new server installation.
An in-place upgrade process is like a typical server installation,

except the installation program uses existing information to skip
entire sections and complete the upgrade to NetWare 6.

x Be sure to select Upgrade as the type of installation.
To perform an in-place upgrade, do the following:

1. Insert the NetWare 6 operating system CD into the CD drive.
2. Reboot the server.
3. After the server reboots, in the screen that detected that a
NetWare server exists, select I to install.
If you select nothing, the process defaults to R (run).
4. Accept the server license agreement.
5. Select Continue with Existing Partition.
6. Accept the Jreport Runtime License Agreement.
7. For the type of install, select Custom.
8. For the type of server, select Upgrade.
9. Select the following:
❑ Server settings
❑ Regional settings
❑ Mouse and video
❑ Disk driver
❑ Storage device driver
❑ Network board driver
10. Configure the file system.
11. Verify your existing protocol configuration.
Notice your IP address and subnet mask fields are filled in with
their respective information.
12. Enter your DNS information.
13. Verify the eDirectory Summary.

14. Install your server license.
15. Select the components to install.
16. Allow the Novell Certificate Server 2.21 objects to install.
17. Allow LDAP to configure.
18. Allow eDirectory iManager to install.
19. Finish the upgrade.
Objective 2 Perform a Migration

As an alternative to upgrading a server, you can also migrate data
from an existing NetWare server to a NetWare 6 server.
When you migrate data the migration wizard copies the file system
and eDirectory database from an existing NetWare 4, 5, or 6 server
to a newly installed NetWare 6 server.
After the original server’s file system and eDirectory database are
migrated, it’s brought down and the NetWare 6 server reboots and
assumes the name and identity of the original server on your
network.
Before you can migrate your data, you must first install a NetWare 6
server in a temporary eDirectory tree.
A temporary tree is a tree that contains one server with a basic

installation of NetWare and no additional products (other than SMS
or any other default products).
To migrate data from NetWare 4, NetWare 5, or NetWare 6, do the

following:
■ Prepare the Workstation
■ Prepare the Source Server
■ Prepare the Destination Server

■ Run the Migration Wizard

■ Copy Volumes
■ Edit Configuration Files
■ Begin the eDirectory Migration
■ Finish eDirectory MigrationPerform Post-Migration or
Post-Upgrade Tasks
Prepare the Workstation
Make sure your workstation meets the following requirements:

■ A Windows 98 or NT 4/2000 workstation with 50 MB available
disk space:
❑ The Windows 98 workstation must be running Novell
Client for Windows 98 version 3.3 or later.
NetWare Migration Wizard does not run on Windows 95.
❑ The Windows NT 4/2000 workstation must be running
Novell Client for Windows NT version 4.8 or later.
■ If migrating from NetWare 4, configure IPX on your
workstation.
■ For better performance, run the source server, destination
server, and workstation on the same LAN segment.

Prepare the Source Server
The source server is the NetWare server that contains the files,
volumes, and eDirectory objects to be copied to the NetWare
destination server. Valid source servers can be running NetWare
4.11, 4.2, 5.0, 5.1, or 6.
Do the following:
1. Verify that you have the Supervisor right to the source server’s
file system and Directory tree.
2. Make sure the destination server can communicate with the
source server:
a. If using IPX, enter Display Servers and make sure the
source server is listed.
b. If using IP, enter Display SLP Services and make sure the
source server is listed.
3. Apply the NW6NSS1A patch to update the version of NSS.
b See TID 2961749. Despite what the abstract implies, this patch can be
applied before applying Support Pack 1.
4. Update the source server with the latest NetWare support pack.
Updates are available at support.novell.com.
5. (Conditional) If you are migrating data from NetWare 4, make
sure the source server’s volumes have long name space support
added to all volumes to be copied.
To add long name space support to a NetWare 4.11 or NetWare
4.2 volume, enter the following at the server console:
LOAD LONG
ADD NAME SPACE LONG TO volume name

6. Load DSREPAIR and run the following options:

Unattended Full Repair
Time Synchronization
Report Synchronization Status
Make sure these finish with no errors. However, in a mixed
NetWare 4.x and 5.x environment, it is possible to finish a full
unattended repair with errors due to schema mismatches.
You perform these operations to ensure that your Directory is
healthy and stable before you migrate the server.
7. Make 2 full, verified backups of the eDirectory tree and the file
system.
8. If you’re running on an Ethernet network, upgrade the network
board to 100 Mbps and set the duplexing option to half-duplex.
Prepare the Destination Server
The destination server is the new computer that receives the data
from the source server. This server must be installed into a
temporary tree.
After data is migrated from source to destination server, the

destination server reboots and the migration wizard modifies the
destination server’s AUTOEXEC.NCF file to include the source
server’s name and internal IPX number or server ID. You don’t need
to modify these manually.
Valid destination servers must be running NetWare 5.0, 5.1, or 6.

The migration wizard does not support migration to NetWare 4
destination servers.

Review the following before installing the NetWare operating

system on the destination server:
1. Verify that you have the Supervisor right to the destination
server’s file system and Directory tree.
2. Make sure you create a temporary eDirectory tree with a
temporary eDirectory tree name.
x Do not use the same name as the source server’s name or eDirectory tree
name; otherwise, the destination server cannot assume the identity of the
source server after the migration.
3. During installation of the destination server, create volumes on

the destination server that are the same size as, or larger than,
volumes on the source server.
x Volume names on the destination server must be the same as the volume
names on the source server.
Migration Wizard migrates compressed volumes. If you are

migrating compressed volumes to uncompressed volumes,
Migration Wizard decompresses the volumes during migration.
The decompression process is CPU and time intensive, so allow
enough time to complete the operation.
Make sure you have room on the uncompressed volume to
accommodate the source volumes after they are decompressed.
4. If migrating from NetWare 4, install and configure IPX.
IPX must be bound to the destination server for the migration to
work. (You can remove IPX after the migration.)
IP addresses for the source server are not migrated. Instead, you
manually change IP addresses during migration. For more
information on changing your IP addresses, see “Copy
Volumes” on 15-16.

5. Install the NetWare operating system on the destination server

using the Pre-Migration installation option.
6. Prevent time synchronization issues:
a. Configure the destination server as a secondary time source
by entering the following commands at the console prompt:
SET TIMESYNC TYPE = SECONDARY
SET CONFIGURED SOURCES = ON
SET TIMESYNC TIME SOURCES = SOURCE
SERVER NAME or IP ADDRESS
x If your time source is NetWare 4, use the server name.
b. Turn on the timesync debugger screen by entering SET

TIMESYNC DEBUG = 7.
c. Set the timesync restart flag to restart timesync by entering
SET TIMESYNC RESTART FLAG = ON.
d. Make sure the destination server is the same time or later
than the source server by entering TIME.
This prevents critical time synchronization errors during
migration.
7. If you’re running on an Ethernet network, upgrade the network
board to 100 Mbps and set the duplexing option to half-duplex.
Run the Migration Wizard
Do the following:
1. Install migration wizard from the NetWare 6 operating system
CD.
2. Run the migration wizard on the workstation by selecting Start
> Programs > Novell > Netware Migration Wizard >
NetWare Migration Wizard.

3. Read the Welcome screen; then select OK.

Figure 15-1
4. From the Novell NetWare Migration Wizard Startup window,

select Create a New Project.
Figure 15-2
5. Select NetWare 4, 5, or 6; then select OK.

6. Select View Setup Tasks.

Selecting View Setup Tasks launches your default web browser

and takes you to the Migration Wizard 6 online documentation:
Figure 15-3
7. Select Migrating Data from NetWare 4, 5, or 6 and make sure

you have completed the system and software requirements.
8. Close your browser and select Next.
Figure 15-4
9. Name the project, choose a place to save it, and then select Next.
By default, the migration wizard saves all projects to
C:\PROGRAM FILES\NOVELL\NETWARE
MIGRATION WIZARD.

Figure 15-5
10. In the Select the Source NDS Tree window, select the Directory
tree that contains your source server; then select Next.
Figure 15-6
11. In the Select the Source Server window, select your source
server from the Directory tree.
12. In the Select the Destination NDS Tree window, select the
eDirectory tree that contains your destination server.
13. In the Select the Destination Server window, select your
destination server from the destination eDirectory tree.

Figure 15-7
14. Save your project and access the Project Window by selecting
Create.
The Project Window now appears.
Figure 15-8

Copy Volumes
Selecting Copy Volumes allows you to copy volumes from the

source server to the destination server. You can copy a volume as
many times as you need to complete this step.
In the migration wizard, copy your volumes by doing the following:

1. In the Project Window, select Copy Volumes.
Before the migration wizard starts copying files, it backs up
your directory and file trustees and saves them in files located
on the source and destination servers.
After the migration is complete, the migration wizard restores
the trustees from the files it stored on the destination server.
You do not need to copy all volumes at the same time. You can
select volumes to copy now and then copy other volumes later
by reopening the project file. Remember that open files are not
migrated.
x If you copy volumes in phases, at the final volume copy make sure you
select all volumes that you previously copied; then select Cancel.
Otherwise, the migration wizard restores trustee assignments only to the
last volumes that were copied.
Figure 15-9

2. Select each volume you want to copy and select Yes; then select
Next.
x If you decide not to copy any volumes, select No for all volumes, then
select Next and continue with “Edit Configuration Files” on 15-21.
If you selected Yes for one or more volumes, continue with

Step 3.
Keep the following alternatives for copying volumes in mind:
❑ If you have big volumes or slow LAN connections, or if
you want to reconfigure your data by putting existing
directories into different folders on the destination server,
consider using a backup tape to copy your volumes.
❑ If you use a tape backup, do not restore the source server’s
standard SYS directories to the destination server if you are
upgrading your NetWare operating system to a later
version.
The standard SYS directories, like SYS:SYSTEM and
SYS:PUBLIC, were created for you during NetWare
installation.
If you decide to use tape backup, select No for all volumes
in the “Select Volumes to Copy” window, select Next, and
continue with “Edit Configuration Files” on 15-21.
❑ If you are migrating data to new hardware and keeping the
same version of NetWare, restore the source server’s
standard SYS directories to the destination server.

Figure 15-10
3. In the Copy SYS Directories window, decide if you want to copy

the source server’s SYS directories to the destination server’s
SYS:SYS.MIG directory; then select Next.
The migration wizard never overwrites the SYS directories on
the destination server.
If you migrate the source server’s SYS directories, the
migration wizard migrates them to SYS:SYS.MIG on the
destination server.
If there are files in the source server’s SYS directories that you
want to use on the destination server, after the migration is
completed, copy the files from SYS:SYS.MIG into the
appropriate SYS directory on the destination server.
Remember, any applications that have NLM programs in this
directory need to be reinstalled after the migration.

4. In the Duplicate Files window, determine how you want to

handle duplicate filenames between the source server and the
destination tree by selecting one of the following; then select
Next:
❑ Don’t copy over existing files
❑ Copy the source file if it is newer
❑ Always copy the source file
5. In the Disable Login? window, determine how you would like to
copy your volumes; then select Next.
You have the following choices:
❑ Copy volumes with users logged in
❑ Disable login
The migration wizard does not copy open files. If you disable
user login, you can be sure that no other users log in and open
files during the file copy.
6. In the Password Verification window, enter the passwords for the
source and destination trees.
Figure 15-11

7. If prompted, resolve any errors or warnings; then select Next.

Noncritical errors are identified by yellow triangles. Critical
errors are identified by red circles with a white X in the center.
8. In the Ready to Copy Files window, select Migrate to copy the
file system to the destination tree.
After you select Migrate, allow the following to happen:
❑ Back up of file trustees
❑ Migration of volume files to the destination server
When the volume migration completes, the following appears:
Figure 15-12
9. View the error and success logs; then select Done.

Figure 15-13
Edit Configuration Files
Next, you compare the source server and destination server

configuration files. You also edit the configuration files on the
destination server.
To edit the configuration files, do the following:

1. In the Project Window, select Edit Configuration Files.
The migration wizard lets you modify any NCF or CFG files on
the destination server. These files contain default LOAD
statements and parameters.
If you are editing the AUTOEXEC.NCF file, make sure the file
is closed before you migrate your eDirectory database.

Figure 15-14
2. Select the configuration file you want to edit; then select Edit
File.
Figure 15-15

3. Copy and paste the commands from the configuration file on the
source server to the corresponding configuration file on the
destination server.
If you intend to change the IP address on your destination
server to be the same as the IP address of your source server,
edit your configuration files and change the IP address in 2
places: AUTOEXEC.NCF and SYS:ETC/HOSTNAME.
a. Copy the source server’s IP address and paste it into the
destination server’s AUTOEXEC.NCF file.
x This works only if your IP LOAD and BIND statements are in

AUTOEXEC.NCF. If you use INETCFG to assign IP addresses,
change the IP addresses after the migration is complete.
b. Using EDIT.NLM at the server console of the destination

server, change the IP address in the SYS:ETC\HOSTS file.
4. When you’ve modified your file, select Save & Close.
5. Close the Compare Configurations dialog.
Figure 15-16

Begin the eDirectory Migration
After you complete the volume copy and edit configuration files,
you can migrate eDirectory from the source to the destination
server.
During this phase, the source server is brought down and the
destination server is restarted. The destination server takes on the
source server’s name and place in your network.
To begin the eDirectory migration, do the following:

1. In the Project Window, select Begin NDS Migration.
Figure 15-17
2. Back up all volumes that you are not planning to migrate and
complete the following tasks before continuing; then select Next.
❑ Make sure all volume data migrated successfully.
❑ Make sure all critical errors from the file copy are resolved.
❑ Make sure the servers in your source tree are in time sync
and that eDirectory is synchronized.
For more information, see step 2 in “Finish eDirectory
Migration” on 15-30.

3. When the Install License window appears, insert the license

diskette and browse to or enter the path to the license file; then
select Next.
If you have an MLA, you can select the MLA instead of
inserting the license diskette.
Figure 15-18
4. Update the source server’s schema by selecting Yes; then select

Next.
The migration wizard updates the source server’s schema to
include the eDirectory classes of the default applications that
are installed on the destination server.
x If you select No to update the schema, by default the second Yes option
is enabled, which causes the migration wizard to compare the source
and destination schemas.
This comparison helps you determine how to extend your schema in

preparation for the migration.

5. In the Verify Novell Directory Services Tree window, verify that

you have run DSREPAIR to verify that the eDirectory tree
containing the source server is functioning correctly; then select
Yes or No to acknowledge that your tree is healthy; then select
Next.
x The migration wizard does not check the health of the tree and will not
prevent you from continuing if your tree is unhealthy. If your tree is
unhealthy the migration might not complete successfully.
6. In the Copy NICI Configuration Files window, select Copy

NLM to begin the process of copying your NICI files.
7. When you see the message that NUWNICI.NLM was copied to
the destination server from the source server, select OK.
Figure 15-19
8. Copy the NICI files from the source server to the destination
server by following the on-screen instructions.

When the NICI configuration is complete, the following

appears:
Figure 15-20
9. Delete all user connections (except your own) to the source and
destination servers; then select Next.
10. In the Password Verification window, enter the passwords for the
source and destination trees; then select Next.

Figure 15-21
11. Resolve any critical errors or warnings on the Migrate NDS

Verification Results screen; then select Next.
12. In the Ready to Migrate NDS window, select Migrate to begin
the migration.
At the end of the migration, the source server is brought down
and the destination server reboots and takes over the name and
identity of the source server.
The migration wizard modifies the following items in the
destination server’s AUTOEXEC.NCF file:
❑ The server name changes to the name of the source server.
❑ The time zone is changed to the time zone in the source
server’s AUTOEXEC.NCF file.
❑ The server ID changes to the IPX internal net value or
server ID in the source server’s AUTOEXEC.NCF file.
❑ The default time server type is changed to the value stored
in the source server’s AUTOEXEC.NCF file.

❑ The bindery context is changed to the bindery context

stored in source server’s AUTOEXEC.NCF file.
When the migration is complete, the following appears:
Figure 15-22
13. View the Error and Success logs; then select Done.
Use the Error log to see errors that occurred during migration.
If there were errors, use the Success log to determine how far
the migration progressed.
If migration failed, restore your servers to their original
configuration.
14. Check the destination server and verify that it has restarted and
taken on the name of the source server.
15. Reboot your workstation and log in to the former destination
server.

Finish eDirectory Migration
In this phase you upgrade the schema, fix volume objects, and
restore trustees to the destination server after the server is restarted.
To finish the migration, do the following:

1. In the Project Window, select Finish NDS Migration.
The following shows the Project Window at the Finish NDS
Migration phase. Notice that all buttons but the Finish NDS
Migration button are gray.
These options are gray because the source server has been
migrated to the destination server. You cannot go back and redo
these steps.
2. Read the Continue NDS Migration window and make sure the
following has happened; then select Next:
❑ The former destination server has restarted and has the
name and identity of the source server.
❑ Licensing is installed.
❑ eDirectory is synchronized on all servers in the tree.
To check eDirectory synchronization status, enter
DSREPAIR at the server console and run the Report
Synchronization Status and Time Synchronization options.
If the destination server does not contain a Read/Write or
Master replica, check eDirectory synchronization by
running DSREPAIR on another server in the eDirectory
tree that has one of these replicas.

Figure 15-23
3. Verify that you have completed the tasks by selecting Yes or No;
then select Next.
4. In the Password Verification window, enter the password for the
source tree; then select Next.
5. Resolve any warnings or errors; then select Next.
The following appears.
Figure 15-24

6. Finish the eDirectory migration by selecting Continue.

During this stage, Migration Wizard restores the file trustees
and updates the Volume objects in the tree.
7. View the error and success logs; then select Done to close the
current project.
Objective 3 Perform Post-Migration or Post-Upgrade

Tasks
After the upgrade or migration is complete, you need to perform the
following to ensure that your new NetWare 6 network is running
properly:
■ Run the Backlinker Process
■ Upgrade Existing NSS Volumes
■ Perform Other Post-Installation Tasks
Run the Backlinker Process
When migrating or upgrading, trustee assignments might not be

fully restored to user and group objects. NSS volumes depend on
the eDirectory backlink process to create ID information on objects
before trustees can be associated with those objects.
To manually run the backlink process, enter the following at the

server console:
SET DSTRACE=ON
SET DSTRACE=+BLINK
SET DSTRACE=*B
If you switch to the Directory Services screen on the server, you can
watch the objects as they are processed.

These commands must be repeated until no more user or group

objects appear in the backlinked list on the Directory Services
screen. When complete, reboot the server.
Upgrade Existing NSS Volumes
If the original server had NSS volumes, you need to upgrade them
to be compatible with the version of NSS shipped with NetWare 6.
To do this, complete the following for each NSS volume:
1. At the command prompt enter
NSS /ZLSSVOLUMEUPGRADE=All
2. At the server console, enter
SET NLS SEARCH TYPE
3. Make sure the value for NLS SEARCH TYPE is set to 0; if not,
at the console prompt enter
SET NLS SEARCH TYPE = 0.
SET STORE NETWARE 5 CONN SCL MLA USAGE IN
NDS.
5. Make sure the value is set to OFF; if not, enter
SET STORE NETWARE 5 CONN SCL MLA USAGE IN
NDS = OFF.
6. At the server console prompt, enter
FLUSH CDBE

Perform Other Post-Installation Tasks
After a NetWare 6 migration or upgrade, you also need to perform

the following tasks:
1. Run DSREPAIR on the destination server and select
Unattended Full Repair.
2. Make sure user information was migrated or upgraded
successfully.
3. Reinstall applications that have files or NLMs associated with
the following SYS directories: SYSTEM, PUBLIC, MAIL,
ETC, and NETBASIC.
Because the source server’s identity replaces the destination server

during a migration, eDirectory objects on the destination server,
including those representing applications, are removed and replaced
by objects that exist on the source server.
However, the NLMs associated with the destination server’s

applications still exist.
Because you can’t manage applications without their eDirectory

objects, you must reinstall the applications to restore their objects to
the tree.

Exercise 15-1 Upgrade to NetWare 6
a 2 hours In this exercise you work as a group to upgrade your NetWare 5.1
network to NetWare 6 using the upgrade plan developed in the
previous section. Do the following:
■ Part I: Review Project Requirements
■ Part II: Run a Basic Health Check on Each Server
■ Part III: Prepare Your Network for eDirectory 8.6 Using
Deployment Manager
■ Part IV: Perform an In-Place Upgrade from NetWare 5.1 to
NetWare 6
■ Part V: Complete eDirectory Clean-Up Tasks
■ Part VI: Complete the Upgrade Plan
Part I: Review Project Requirements
With your classmates, complete the following:

1. Meet together and review your project plan.
2. Review the project task flow and assigned responsibilities.
3. Review the project requirements.
❑ Digital Airlines is headquartered in Salt Lake City, USA
and has 7 terminals in the following airports:.
❑ Salt Lake City International Airport (SLC)
❑ Delhi Indira Gandhi International Airport (DEL)
❑ New York La Guardia International Airport (LGA)
❑ Sydney Australia International Airport (SYD)
❑ Berlin Tegel International Airport (TXL)
❑ London Heathrow International Airport (LON)
❑ Tokyo Narita International Airport (TYO)

❑ Each airport terminal has one NetWare 5.1 server.

❑ The Digital Airlines network has a single eDirectory tree:
DigitalAir-Tree.
❑ Terminals are interconnected by 128 Kbps WAN links.
❑ Each terminal has a range of addresses within the corporate
class A network:
Table 15-1 Terminal Address Range
SLC 10.1.0.1 - 10.1.0.254
DEL 10.2.0.1 - 10.2.0.254
LGA 10.3.0.1 - 10.3.0.254
LON 10.4.0.1 - 10.4.0.254
SYD 10.5.0.1 - 10.5.0.254
TXL 10.6.0.1 - 10.6.0.254
TYO 10.7.0.1 - 10.7.0.254
You are required to upgrade all servers to NetWare 6. The CIO

has provided you with the following project requirements:
❑ Because of timing issues, servers will be upgraded to
NetWare 6, not migrated.
❑ The upgrade must be done using the bottom-up strategy.
❑ The network must use a single protocol: TCP/IP.
❑ There should be one authoritative DNS server.
❑ Each terminal should have its own DHCP server that
should provide DHCP clients with a dynamic IP address
and subnet mask, and the following options:
❑ DNS server IP address
❑ Default gateway IP address
❑ SLP directory agent IP address

❑ The DHCP server should dynamically update the corporate

DNS server with workstation hostnames and IP addresses.
❑ Each terminal should have an SLP directory agent running
to help clients locate services. These directory agents
should be statically configured to replicate with each other.
❑ Previous management at Digital Airlines had instituted a
policy that allowed only a few individuals to have user
accounts on servers.
However, because of new NetWare 6 features such as
iFolder, current management wants every employee to have
a user account. You will be provided an LDIF file.
❑ Licenses for Digital Airlines should be placed as high in the
tree as possible. A replica of the partition that contains the
licenses should be placed on each server so local users
don’t have to use the WAN link to get a license.
❑ Every server is to have SYS and DATA volumes. No user
data or applications are allowed on SYS. Both DATA and
SYS must be NSS volumes.
❑ iFolder is to be installed on every server. Each server will
provide iFolders services only for users at the terminal
where the server is physically located. Every user in the
tree is to have an iFolder account.
❑ A backup solution must be implemented that creates a full
backup on Sunday at 11:30 PM and an incremental backup
on Monday, Tuesday, Wednesday, Thursday, Friday, and
Saturday at 11:30 PM.
❑ The server in New York City will host company intranet
web and FTP servers.

Part II: Run a Basic Health Check on Each Server
Do the following:
1. At the console prompt on DA1, enter DSREPAIR.
2. Select Advanced Options Menu > Global Schema
Operations.
3. Authenticate as Admin.SLC.DigitalAir.
4. Select Post NetWare 5 Schema Update.
5. If prompted to perform this update, select Yes.
6. When the update is complete press Esc until you return to the
Available Options menu.
7. In the Available Options menu, select Unattended full repair.
If you receive errors, run an Unattended full repair again until
you receive no errors.
8. In Available Options, select Time synchronization.
If you receive errors, have your instructor assist you.
9. In Available Options, select Report synchronization status.
If you receive errors, have your instructor assist you.
10. Exit DSREPAIR.
11. At the server console prompt, enter the following commands:
SET DSTRACE=ON
SET DSTRACE=+S
SET DSTRACE=*H
12. Switch to the Directory Services screen and make sure succeeded
and All processed = YES appear.

SET DSTRACE=NODEBUG
SET DSTRACE=+SCHEMA
SET DSTRACE=*SS
SET DSTRACE=*SSD
14. Switch to the Directory Services screen and make sure All
processed = YES appears.
SET DSTRACE=NODEBUG
SET DSTRACE=OFF
16. Repeat this process on all servers in the network.
Part III: Prepare Your Network for eDirectory 8.6 Using

Deployment Manager
Do the following:
1. From your workstation, log in to DIGITALAIR-TREE as
.admin.SLC.DIGITALAIR with a password of Novell.
2. On your workstation, insert the NetWare 6 operating system
CD into the CD drive.
3. Browse to the root of the CD and run NWDEPLOY.EXE.
4. Select Open; then select OK.
5. In Deployment Manager, double-click the Network
Preparation folder.
6. Select Step 2: View and Update NDS Versions.
7. Browse to and select the DigitalAir-Tree.
8. Mark Include Subordinate Containers; then select Next.
9. When prompted that no servers were found that require an NDS
update, select OK; then select Exit.

10. Under Network Preparation, select Step 3: Prepare for NDS

eDirectory 8.6.
11. In the Update NDS window, browse to and select the
DigitalAir-Tree; then select Next.
12. Make sure DA1 through DA6 appear in the Available servers
field.
13. Select DA1; then select Next.
14. When you receive the message that the eDirectory tree is
prepared for eDirectory 8.6, select Exit.
15. On all servers, make sure you received the message
NDSEM-5.0-009: Process Completed.
16. Close Deployment Manager by selecting Cancel.
17. At the Exit window, select Yes.
Part IV: Perform an In-Place Upgrade from NetWare 5.1 to

NetWare 6
On the server designated in your upgrade plan as the first server to

be upgraded, perform an in-place upgrade by completing the
following:
1. On the designated server, insert the NetWare 6 operating system
CD into the CD drive.
2. From the server console, enter RESET SERVER.
3. After the server reboots, in the screen that detected that a
NetWare server already exists, select I to install.
If you select nothing, the process defaults to R (run).
4. Select the appropriate type of CD drive:
❑ I for IDE
❑ S for SCSI

❑ B for Both
5. In the Welcome to NetWare Server Installation screen, read and
select Accept License Agreement.
6. Select Continue with Existing Partition.
7. In the License Agreement for Jreport Runtime screen, read and
select F10 to accept the license agreement.
8. In the Welcome screen, change the type of install to Custom.
9. In the Welcome screen, make sure the type of server is set to
Upgrade; then select Continue.
10. In the Server Settings screen, select Continue.
11. In the Regional Settings screen, select Continue.
12. Configure the NetWare device drivers:

a. On the Disk Driver screen, select Continue.
b. On the Device Driver screen for your storage device, select
Continue.
c. On the Device Drivers screen for your network boards, select
Continue.
If your drivers are not detected, select them manually.
13. At the Configure File System screen, select Next.
14. At the Protocols screen, select Next.
Notice that your IP address and subnet mask fields are filled in
with their respective information.
15. In the Domain Name Service screen Host name field, enter the
name of the server.
16. In the Domain field, enter DIGITALAIRLINES.COM.
17. In the Name Server 1 field, enter the IP address of the DNS
server designated in your upgrade plan; then select Next.
18. In the Log in to NDS dialog, authenticate as
admin.SLC.DigitalAir; then select OK.

19. On the NDS Summary screen, verify the information; then select
Next.
20. On the License screen, insert your license disk (provided by your
instructor).
21. Browse to and select the server license (nlf); then select OK.
Example: A:\LICENSE\license_number.NLF.
22. In the Licenses screen, highlight the license; then select Next to
install the license.
Step 23 is written with the idea that 23. On the Components screen, select Clear All; then select Next.
students will return after the
installations are complete and 24. On the Novell Certificate Server 2.21 Objects screen, select
install the various products on the Next.
servers. 25. On the LDAP Configuration screen, select Next.
Optionally, students can specify 26. On the eDirectory iManager Install Options screen, select Next.
the products identified in their
27. On the Summary screen, select Finish.
upgrade plan in the Components
screen. Allow the files to copy.
However, the steps required to 28. When you receive the Installation Complete dialog, remove the
complete the install will be different CD and select Yes to reboot the server.
from those listed here.
Part V: Complete eDirectory Clean-Up Tasks
To complete eDirectory cleanup tasks, complete the following:

SET DSTRACE=ON
SET DSTRACE=+BLINK
SET DSTRACE=*B
This ensures that all your trustees are restored.
2. Switch to Directory Services and verify that the backlink process
has completed.

3. From your server console, enter RESET SERVER.

4. Allow the network to run for about 5 minutes to let the schema
synchronize.
schema sync operation with DSTRACE:
SET DSTRACE=ON
SET DSTRACE=+SCHEMA
SET DSTRACE=*SS
b. Switch to the Directory Services Trace screen and check for
the following message:
6. Repeat Parts IV and V on the remaining servers according to
your upgrade plan.
Part VI: Complete the Upgrade Plan
Under consultation with your client (played by your instructor),

complete the rest of your upgrade plan.
(End of Exercise)

Summary
Objective Summary
1. Perform an You use the NetWare 6 installation program to

In-Place upgrade a NetWare 4 or NetWare 5 server to
Upgrade
NetWare 6. The upgrade process includes the
following tasks:
■ Prepare the Server
■ Perform an In-Place Upgrade
2. Perform a When you migrate data from a NetWare 4, 5, or 6

Migration source server to a NetWare 6 destination server,
the migration wizard copies the file system and
eDirectory database to the new NetWare 6 server.
After the source server is migrated, it is brought
down and the destination server reboots and
assumes the name and identity of the source
server on your existing network.
Before you can migrate data, you must install a
destination NetWare 6 server in a temporary
eDirectory tree.
To migrate data from NetWare 4, NetWare 5, or
NetWare 6, do the following:
■ Prepare the Workstation
■ Prepare the Source Server
■ Prepare the Destination Server
■ Run the Migration Wizard
■ Copy Volumes
■ Edit Configuration Files
■ Begin the eDirectory Migration
■ Finish eDirectory MigrationPerform
Post-Migration or Post-Upgrade Tasks

Objective Summary
3. Perform After the upgrade or migration is complete, you

Post-Migration must perform the following tasks to ensure that
or Post-Upgrade
your NetWare 6 network is running properly:
Tasks
■ Run the Backlinker Process
■ Upgrade Existing NSS Volumes
■ Perform Other Post-Installation Tasks


Novell Network Management / Instructor Guide Add a NetWare 6 Server to the Tree
SECTION 16 Add a NetWare 6 Server to the Tree
Duration: 1 hour, 30 minutes In this section, you learn how to add a NetWare 6 server to an
existing network.
Objectives
1. Prepare Your Existing Network
2. Prepare Your Server for NetWare 6
3. Install NetWare 6
Introduction
From time to time, you might need to add NetWare 6 servers to your
network.
In this section you learn how to install a NetWare 6 server into an

existing NetWare network.
Relate situations you’ve There are many reasons for adding NetWare 6 servers to your
experienced where adding servers existing network. However there are 2 main reasons:
was necessary.
■ To add capacity. As an organization grows, it can quickly
exceed the capacity of its network. Adding servers increases the
capacity of the network, reducing the load on the existing
servers.
The addition of remote offices can also require additional
servers, because it is inadvisable to require users to cross WAN
links to access files.

■ To Provide Additional Services. Providing additional services

can also require additional servers in your network.
For example, if you are implementing NetWare 6 services such
as iPrint and iFolder, you might need to dedicate servers to
these applications (depending on the size of the organization).
Objective 1 Prepare Your Existing Network

Before you introduce a NetWare 6 server into an existing network,
run NetWare Deployment Manager to update your network.
x NetWare Deployment Manager might not run on Windows 2000 computers

with the Matrox G400 video driver. To fix the problem, install the latest video
driver from www.matrox.com.
To update the network for NetWare 6, do the following:

1. Log in from a Windows 95/98 or Windows NT/2000 workstation
as a user with the Supervisor right.
2. From the NetWare 6 operating system CD, run NetWare
Deployment Manager (NWDEPLOY.EXE).
3. View tasks by double-clicking the Network Preparation folder
and reading the Overview section.
4. Back up any server data and eDirectory data by following the
instructions in the Back Up Data section.
5. Update eDirectory as required by running the View and Update
eDirectory Version program.
6. Extend the network schema by running the Prepare for
eDirectory program.
After you complete the Network Preparation section, prepare your

designated computer to become a NetWare server.

Objective 2 Prepare Your Server for NetWare 6

To prepare your designated computer for NetWare 6, you must
■ Install and Upgrade Computer and Network Hardware
■ Access the Installation Files
Install and Upgrade Computer and Network Hardware
Be sure students understand that Because NetWare 6 is an advanced operating system, hardware that
working servers must significantly was sufficient to run earlier versions of NetWare will likely be
exceed the minimum inadequate for NetWare 6. Key areas to be aware of are the
requirements. following:
■ CPU. A Pentium Pro is the minimum CPU required. However,
we recommend that you use a multi-processor Pentium III or IV
system.
■ RAM. 256 MB is the minimum amount of RAM required. We
recommend that you upgrade to an RDRAM system and that
you use 1 GB or more of memory.
■ Storage. A 4 GB SCSI or EIDE hard disk is the minimum
storage requirement. We recommend that you upgrade to a
RAID 5 array and a Fiber-Channel Storage Area Network
(SAN).

Access the Installation Files
Teach students how to configure NetWare 6 can be installed from the server’s local CD drive or from
CONFIG.SYS and installation files on the network.
AUTOEXEC.BAT to load a CD
driver. If you don’t have a bootable CD drive, access the NetWare 6
installation files by doing the following:
Make sure they understand that 1. Create a 200 MB or larger DOS partition.
they don’t have to do this if their
server has a bootable CD. Make the partition large enough to also include the contents of
your server RAM in case you need to create a core dump.
2. Copy the DOS CD driver for your CD drive onto the DOS
partition.
DOS CD drivers are provided by the CD drive manufacturer.
3. Edit your CONFIG.SYS file to load the CD driver. For example:
DEVICE=C:\OAKCDROM.SYS /D:ROBBSCD
4. Edit your AUTOEXEC.BAT file to load the Microsoft CD
Extensions driver (MSCDEX.EXE) as shown in this example:
MSCDEX.EXE /D:ROBBSCD /L:E
Make sure the logical filename of your CD drive (specified in
the CONFIG.SYS and AUTOEXEC.BAT files) is not CDROM
or CDINST.
5. Make sure CONFIG.SYS contains the following commands:
FILES=50
BUFFERS=30
Time permitting, show students Alternatively, you can install from files located on a NetWare server.
how to load the DOS IP client on To do this, install the Novell Client for DOS and Windows 3.1x or
the server so they can log into a IP Server Connection utility software located on the Novell client
NetWare server and install CD.
NetWare 6 from there.
After accessing the files for the installation program, you can begin
the installation.

Objective 3 Install NetWare 6

Now that you have prepared your network, it’s time to install
NetWare 6. The following is an overview of the installation process:
Point out that you might have to 1. Insert the NetWare operating system CD into your CD drive and
adjust the boot order in the boot from it.
server’s CMOS setup program for
it to boot from a CD. The initial screens of the installation program display in
text-based mode. Autodetected and default settings appear on
each screen.
You can accept the detected and default settings, or you can
modify the settings to meet the needs of your network
environment.
2. Choose from the following:
❑ To continue the installation with the standard settings, use
the arrow keys to highlight Continue in the Options box;
then press Enter.
❑ To modify the settings in the installation, do the following:
a. Use the arrow keys to highlight Modify in the Options
box; then press Enter.
b. Highlight the field to be modified; then press Enter.
c. Select or enter the appropriate value.
Some screens require additional keystrokes to navigate the interface.

Information about navigation appears at the bottom of each screen.
Specific tasks for the installation include the following:

■ Accept the License Agreement
■ Select the Installation Type
■ Specify Server Settings
■ Select Regional Settings
■ Select the Mouse Type and Video Mode

■ Select a Platform Support Module and Storage Adapter

■ Select a Storage Device and Network Board
■ Create a NetWare Partition and Volume SYS
■ Name the Server
■ Install the NetWare Server File System
■ Install Network Protocols
■ Set Up DNS
■ Set the Server Time Zone
■ Set Up eDirectory
■ License the NetWare Server
■ Install Network Products
■ Install Novell Certificate Server
■ Customize the Installation
■ Complete the Server Installation
An explanation of each task follows.
Accept the License Agreement
Accepting the license agreement means that you have read and
accepted the terms and conditions contained in the license
agreement. In NetWare 6, there are 2 license agreements:
■ NetWare 6 Novell Software License Agreement
■ JReport Runtime License Agreement
Depending on how you began your installation, accept the

NetWare 6 Novell Software License Agreement by selecting Accept
License Agreement or by pressing F10.

The following shows the NetWare 6 Novell Software License

Agreement:
Figure 16-1
To accept the JReport Runtime License Agreement, press F10.
The following shows the JReport Runtime License Agreement:
Figure 16-2

Select the Installation Type
The server installation screen appears:
Figure 16-3
You can select the following types of installation:

■ Express Installation
■ Custom Installation
Express Installation
The Express Installation detects drivers and installs the NetWare

server with the following default settings and software programs:
■ 4 GB volume SYS (remaining disk space is left as free space)
■ LAN and disk drivers: autodiscovered and loaded
■ The following default products:
❑ Novell Distributed Print Services (NDPS)
❑ NetWare Administration Server
❑ Novell Advanced Audit Services
■ Country Code: 1
■ Codepage: 437
■ Video mode: VGA Plug and Play

■ Keyboard: United States

■ Mouse: Autodiscovered and loaded
Custom Installation
Use a custom installation to install NetWare on a new computer or

to upgrade a server running NetWare 4 or 5. Do the following:
1. In the Options box, select Modify.
2. On the Type of Installation line, select New Server.
The following installation types are available:
Table 16-1 Type Function
New Server Use to install a new server. Creates a NetWare

partition but doesn’t delete system partitions or
other partitions such as DOS, UNIX, or
Windows.
If you select Express Installation and New
Server, you can skip to “Name the Server” on
16-21.
Upgrade To upgrade a server from a previous version of

NetWare, select Upgrade.
Upgrading retains server data such as files,
directory structures, partitions, and volumes.
If you select Custom Installation and Upgrade,
or Express Installation and Upgrade, you skip
entire subsections in this objective, depending
on the configuration of your server.
Pre-Migration Use to create a destination server for receiving

data migrated from a source server using the
NetWare migration wizard.
3. Return to the Options box and select Continue.

Specify Server Settings
The server settings screen appears:
Figure 16-4
You can specify the following during installation:

■ Server ID Number. A unique server identification number (up
to 8 hexadecimal digits) identifies the server on the network.
The server ID number was called the internal IPX number in
previous versions of NetWare.
Although a server ID number is created automatically, you
might need to enter a specific server ID number if you are
installing in either of the following conditions:
❑ Filtered IPX environment. In this environment, IPX
routers between network segments are configured to
forward data only from specific computer addresses.
Data sent from other computer addresses is not forwarded
to other segments.
If you are accessing the installation files from a server on a
different network segment, you might not be able to
reconnect to the server to complete the installation unless
you specify an unfiltered server ID number.

❑ Numbering scheme. Some network administrators set up a

predetermined numbering scheme to identify servers in
particular locations or organizations.
For example, all servers in building A might begin with
0101, and all servers in building B might begin with 0102.
■ Load Server at Reboot. Select No if you do not want the
AUTOEXEC.BAT and CONFIG.SYS files to contain the
commands to load the server operating system when the
computer reboots.
If you select Yes (default), the old AUTOEXEC.BAT and
CONFIG.SYS files are renamed and saved with an 00x
extension.
■ Server SET Parameters. You might need to modify the SET
parameters for some device drivers, such as network boards and
storage devices, to complete installation.
■ Startup Directory. The startup directory is the directory on the
DOS partition that contains the files to launch the NetWare
server. (This field only displays during an upgrade.)
Select Regional Settings
Choose the country, code page, and keyboard mapping for your
language and computer. The following shows the regional settings:
Figure 16-5

Select the Mouse Type and Video Mode
The mouse and video installation screen appears:
Figure 16-6
In this portion of the installation, you specify the following:

■ Mouse Type. Choose a mouse type, if available on the
computer. NetWare supports USB, PS/2, and serial mouse
types. A mouse is not required, but is strongly recommended.
■ Video Mode. The NetWare installation is optimized to use
video display hardware that is VESA 2 compliant.
The video mode is not autodetected by the installation program.
You must select the settings for the computer.
After you select the mouse type and video mode, the network
operating system files are copied to your computer’s hard disk.

Select a Platform Support Module and Storage Adapter
The platform support module and storage adapter screen appears:
Figure 16-7
To select a platform support module and storage adapter, you must

■ Select a Platform Support Module (If Required)
■ Select a PCI Hot Plug Module (If Required)
■ Select and Configure a Storage Adapter

If you need to modify a driver, do the following:
Table 16-2 Add Driver Modify Driver Delete Driver
1. In the Options box, 1. In the Options box, 1. In the Options box,

select Modify. select Modify. select Modify.
2. Select the driver 2. Select the driver 2. Select the driver
and press Enter. and press Enter. and press Enter.
3. To select from a list 3. Select the driver to 3. Select the driver to
of drivers not delete and press modify and press
provided with Delete. Enter.
NetWare, press 4. Select the
Insert and specify property to modify.
the location of the
driver.
4. To install a driver
from diskette,
select the driver
and press Enter.
Select a Platform Support Module (If Required)
A platform support module (PSM) provides increased performance

for multiprocessor computers and some specific hardware
configurations from specific manufacturers.
If a PSM driver is required, it is detected. If the installation program

does not detect a PSM driver, your computer does not need one.
Select a PCI Hot Plug Module (If Required)
Computers that support PCI Hot Plug technology allow storage

adapters and network boards to be inserted and removed while the
computer is On.
If the installation program doesn’t detect a PCI Hot Plug support

module, your computer probably doesn’t support PCI Hot Plug.

Select and Configure a Storage Adapter
A storage adapter provides a link between the computer and one or

more storage devices.
The storage adapter requires a software driver called a host adapter

module (HAM) to communicate with the computer (host).
Storage devices require a separate driver called a custom device

module (CDM).
x DSK drivers, used in previous versions of NetWare, are no longer supported.

Instead, NetWare uses the enhanced capability of NetWare Peripheral
ArchitectureTM (NWPA). NWPA requires a HAM and a CDM.
Because one adapter can control more than one type of storage
device, your computer might require only a single HAM, even
though it can have more than one type of storage device—and
therefore multiple CDMs.
The installation program detects many types of storage adapters,

such as IDE and SCSI adapters.
If your storage adapter is not detected, choose the appropriate driver

from the list of available drivers provided with NetWare or add a
driver from a disk. HAMs can be obtained from the storage adapter
manufacturer.
To edit the properties of the storage adapter (if required), the storage
adapter must be installed and configured correctly.
Properties such as interrupt, port value, and slot must not conflict
with any other device in the computer. If you need specific storage
adapter properties, contact the storage adapter manufacturer.

Select a Storage Device and Network Board
The storage device and network board screen appears:
Figure 16-8
To select a storage device and network board, you must

■ Select and Configure a Storage Device
■ Select and Configure a Network Board
■ Load an NLM (If Required)

If you need to modify drivers, do the following:
Table 16-3 Add a Driver Delete a Driver Modify a Driver
1. In the Options box, 1. In the Options box, 1. In the Options box,

select Modify. select Modify. select Modify.
2. Select the driver 2. Select the driver 2. Select the driver
and press Enter. and press Enter. and press Enter.
3. To select from a list 3. Select the driver to 3. Select the driver to
of drivers not delete and press modify and press
provided with Delete. Enter.
NetWare, press 4. Select the
Insert and specify property to modify.
the location of the
driver.
4. To install a driver
from diskette,
select the driver
and press Enter.
Select and Configure a Storage Device
Storage devices such as hard disks, CD drives, and tape devices

require a software driver to communicate with the storage adapter.
The software driver for the storage device is called a CDM. Each
type of storage device requires a CDM.
The installation program detects many types of storage devices,

such as IDE drives, SCSI drives, CD drives, and tape drives.
If your storage device is not detected, choose the driver from the list
provided with NetWare 6 or add a driver from a disk. CDMs can be
obtained from the storage device manufacturer.

Select and Configure a Network Board
Network boards require a software driver to communicate with the

network.
The software driver for a network board is called a LAN driver.
The installation detects many types of network boards. If your board

is not detected, choose the driver for the board from the list
provided with NetWare 6 or add a driver from a disk.
You can obtain LAN drivers from the board manufacturer.
To edit the properties of the network board (if required), the board
must be installed and configured correctly.
Properties such as interrupt, port value, and slot must not conflict
with other devices. If you need specific properties, contact the board
manufacturer.
Load an NLM (If Required)
Some server and network configurations require you to load an

NLM before completing the installation. For example, you load
ROUTE.NLM when installing into a token ring environment.
Create a NetWare Partition and Volume SYS
To create a NetWare partition and volume SYS, you

■ Remove an Existing Volume SYS (Conditional)
■ Create a NetWare Partition and Volume SYS
x If the computer has a volume SYS from a previous installation of NetWare,

the volume and all its data are deleted.

To retain the data on volume SYS, do the following:

1. Exit and restart the installation program.
2. On the Type of Installation screen, select Upgrade.
Remove an Existing Volume SYS (Conditional)
If you remove the existing volume SYS, the following appears:
Figure 16-9
If you need to remove an existing volume SYS during a new server

installation, you can choose one of the following options:
■ Replace Volume SYS and Its NetWare Partition. This
removes the existing volume SYS, as well as the entire
NetWare partition containing volume SYS.
Any volume that is part of the NetWare partition that contains
volume SYS is also removed—even if the volume spans to
other NetWare partitions.
■ Remove All NetWare Volumes and NetWare/NSS
Partitions. This removes all NetWare volumes and all
NetWare/NSS partitions.
Either option removes only NetWare partitions. Other types of
partitions, such as DOS, UNIX, and system/utility partitions,
are not removed.

Create a NetWare Partition and Volume SYS
During the initial stages of installation, the installation program

guides you through the steps to create a single NetWare partition
containing volume SYS, as shown below:
Figure 16-10
By default, volume SYS is created as an NSS volume, which has

many advantages over a traditional volume. However, you can
change volume SYS to a traditional volume during installation by
pressing F5.
To modify the volume SYS size, do the following:

1. In the Options box, select Modify.
2. Select the appropriate storage device.
3. Select the NetWare Partition Size field.
4. Backspace over the current size.
5. Enter the new size.
The size of volume SYS changes accordingly.
6. Save the settings and continue by pressing F10.
If you plan to have additional volumes, reduce the size of the

NetWare partition and volume SYS so that space is available.

NetWare system files are now copied to volume SYS.
If you are installing from the network, you are prompted to

reconnect to the network. To continue the installation, enter the
password for the user that originally logged in.
The installation program continues in graphical display mode.
Name the Server
The NetWare server name must be unique on the eDirectory tree,

and should be different from the tree name. The name can have 2 -
47 alphanumeric characters and can contain underscores and dashes,
but not spaces or periods.
Install the NetWare Server File System
The server should now have a NetWare partition and one volume
named SYS. If you have space available for creating additional
partitions and volumes, you can create them now.
x If you have allocated all available space to volume SYS, you are not
prompted for NetWare server file system information. You can skip to “Install
Network Protocols” on 16-24.
Additional volumes can be created from any available free space on

a storage device.
Volume names can have 2 - 15 characters. Valid characters include

A - Z, 0 - 9, and characters _ ! - @ # $ % & ( ). The volume name
cannot begin with an underscore or have 2 or more consecutive
underscores.

By default, NSS volumes are installed during server installation. If

you want to install a traditional volume instead, you must change
the volume type during installation.
When installing the NetWare file system, you can

■ Create Volumes
■ Modify Volumes
■ Delete Volumes
■ Mount Volumes
Create Volumes
Volumes are created from free space. A large disk can be divided
into several volumes during installation. In addition, a volume can
be distributed over multiple disks.
x Creating a volume that spans storage devices is not recommended without

implementing redundant disks. If a volume spans disk devices and one of the
devices fails, all data on the entire volume could be lost.
To create a volume, do the following:

1. In the Configure File System screen, select Free Space.
2. Select Create.
3. In the New Volume dialog, enter the name of the volume in the
Volume Name field.
4. Select the volume type.
5. In the Space to Use field, enter the amount of space you want
used.
6. Select Apply to Volume.
7. Select OK.

Modify Volumes
The size of an existing volume can be increased but not decreased.

To decrease the size, you must delete and re-create the volume.
To increase the size of a volume, do the following:

1. In the Configure File System screen, select Free Space.
2. In the Space to Use field, enter the amount of space you want
used.
3. Select Apply to Volume; then select OK.
Delete Volumes
You can delete any volume except SYS. When a volume is deleted,
all data on the volume is lost.
To delete a volume, do the following:

1. In the Configure File System screen, select a volume to delete.
2. Select Delete.
Mount Volumes
For volumes to be accessed by NetWare, they must be mounted.

Volumes can be mounted immediately or after installation.
■ Mount Volumes Now. You should mount volumes now if you
plan to install additional products and services, such as
documentation, on volumes other than volume SYS.
■ Mount Volumes after Installation Completes. If you are
installing products and services on SYS only, you can wait to
mount volumes after the installation completes.

Install Network Protocols
NetWare 6 can process IP network packets and traditional IPX

packets. When configuring the protocols to be used by the server,
you can select one of the following options:
■ IP. If you select IP, your server will only process IP packets.
Installing IP automatically binds it to the Ethernet_II frame
type. Be sure to configure the following:
❑ Server IP Address
❑ Subnet Mask
❑ Router Address
■ IPX. If your select IPX, your server will only process IPX
packets. You can select from the 802.2 or 802.3 frame types.
It’s critical that you use the same frame type that is being used
by other network nodes; otherwise, your server won’t be able to
communicate with them.
By default, the frame type being used on the network is
autodetected. However, if a frame type is not detected and you
don’t specify a frame type, 802.2 is used by default.
■ IP/IPX. By selection IP and IPX, your server will process both
types of packets with the same network board. However, this
significantly increases traffic on your network.
■ IP with IPX Compatibility Mode. Using the Novell
Compatibility Driver, you can use a single protocol on your
network, TCP/IP, but still process IPX packets.

Set Up DNS
To configure the hostname and DNS server, enter the following:

■ Host Computer. Enter a hostname for your server. Although
you can use any hostname you want, we recommend that you
use the same name as the server name.
Be sure to add an A record to your DNS server to resolve the
hostname you configured.
■ Domain Name. Enter your organization’s DNS domain.
■ Domain Name Server. Enter the IP address of your
organization’s DNS server.
In addition to standard services, a NetWare server can be configured

to provide DNS services. You can configure a DNS server after
completing NetWare server installation.
Set the Server Time Zone
The server time and time zone are important for synchronizing
network events.
Advanced time synchronization settings are available by selecting

the Advanced button on the Time Zone screen. Configurable
settings include
■ Time server type
■ Time source
x For more on time server types, time source, and time synchronization,
see Course 575, NDS Design and Implementation.

Set Up eDirectory
To set up eDirectory, you must choose one of the following options:

■ New NDS Tree. Create a tree if you are creating a new network
or if this server requires a separate eDirectory tree.
Each eDirectory tree must have a name unique from other
eDirectory trees on the network.
You are also prompted to
❑ Create a user (default name Admin) with the Supervisor
right
❑ Identify an eDirectory context
❑ Assign a password
■ Existing NDS Tree. Installing your server into the existing
eDirectory tree incorporates the server into your network.
The server can be in any organization (O) or organizational unit
(OU) container in the tree where you have the Supervisor right.
(You can create these containers during installation.)
You must log in and provide the context, username, and
password for the user with the Supervisor right to the container.
If you’ve updated the eDirectory tree on all servers but haven’t
prepared the network for eDirectory 8.6, you are prompted to
modify the schema.
You must provide the administrator name and password for the
entire eDirectory tree.
Now that you have created an eDirectory tree or installed the server
into an existing eDirectory tree, the NetWare server object and
volume objects are installed in the container you specified.
x Record the Admin password and other relevant information.

License the NetWare Server
NetWare 6 must have a valid license. You can install the license
from the NetWare 6 license/cryptography disk or browse to a
directory that contains NetWare 6 licenses.
Although the server can be installed without a license, the

unlicensed server allows only 2 user connections. After installation,
you can use Novell iManager or NetWare Administrator to install
additional licenses.
Install Network Products
After completing the NetWare server portion of the installation, you

can install other network products.
Other networking products provide enhanced functionality, such as

network management and Internet access, to NetWare 6.
Some products can only be installed by using NetWare Deployment

Manager after server installation is complete.
Although you can choose which products to install, installing the

products that are already selected by default ensures that you
receive the features recommended for NetWare.
b For a description of additional NetWare products, see NetWare 6 online

documentation at www.novell.com/documentation.

Install Novell Certificate Server
Novell Certificate Server allows you to mint, issue, and manage

digital certificates by creating a Security container object and an
organizational CA object.
x To create the Security container object and the organizational CA object, you
must have Supervisor rights to the Root of the eDirectory tree.
If the network does not have an organizational CA object, the first

NetWare 6 server creates and physically stores the Security
container object and organizational CA object for the entire
eDirectory tree.
Both objects are created at and must remain at the Root of the
eDirectory tree.
Only one organizational CA object can exist in an eDirectory tree.

After the organizational CA object is created on a server, it cannot
be moved to another server.
Deleting and re-creating an organizational CA object invalidates any

certificates associated with the organizational CA.
Make sure the server you use to permanently host the organizational
CA object is a reliable, accessible, and continuing part of your
network.
If the organizational CA object exists on the network, the

installation program finds and references the server that holds the
organizational CA object.
The installation program accesses the Security container and creates

a Server Certificate object.
To access the Security container and create a Server Certificate

object, you must be logged in as a user with the Read right to the
existing Security container object.

Customize the Installation
You can customize the installation of products. Do the following:

1. From the Summary screen, select Customize.
2. Select the product to customize.
3. Select Properties.
4. Modify the product as required; then select OK.
Complete the Server Installation
The installation can now copy files to your computer. Depending on

which products you install, you might be prompted for additional
information.
1. From the Summary screen, select Finish to copy files to the
server.
2. Wait while the files are copied.
3. When prompted, select Yes to restart the server.
Exercise 16-1 Install and Configure NetWare 6
a 40 minutes Because of the competence your team displayed in upgrading

Digital Airlines’ Netware servers, you have been hired to add
another server to the network.
In this exercise, play the role of the A new terminal has been opened in the Tokyo Narita International
Digital Airlines CIO. Airport (TYO) and a NetWare 6 server is needed.
You have hired your students to In this exercise, your team will install and configure a NetWare 6
add a NetWare 6 server to the server and add it to the existing DigitalAirTree.
Digital Airlines network.

Do the following:
Have students complete this 1. For each server on the network, run a basic health check to ensure
exercise on DA7, which should the tree is healthy.
have been left blank when you
reconfigured the classroom at the 2. From a workstation, run Deployment Manager and make sure the
beginning of Section 14. network is ready for a new server.
Disable or remove the second 3. On DA7, insert your NetWare 6 operating system CD into the
network interface in DA7. CD drive.
4. Boot the server.
5. When prompted, select one of the following:
❑ To install from your IDE CD, press I.
❑ To install from your SCSI CD, press S.
6. In the Welcome to NetWare Installation screen, use your arrow
keys to select Accept License Agreement.
7. Select Create a New Boot Partition.
8. In the First Hard Disk screen, select Continue.
9. Verify you want to create a boot partition by using the arrow keys
to select Continue.
10. Reboot your computer by pressing any key on the keyboard.
11. When prompted, select one of the following:

❑ To install from your IDE CD, press I.
❑ To install from your SCSI CD, press S.
Allow your computer to reboot and the boot partition to format.
12. Configure basic installation parameters:
a. In the License Agreement for Jreport Runtime screen, press
F10.
b. In the Welcome screen, select a Custom installation.
c. In the Welcome screen, make sure New Server is specified.
d. Select Continue.

e. In the Server Settings screen, select Continue.

f. In the Regional Settings screen, select Continue.
g. In the mouse and video selection screen, select Continue.
Allow the files to copy.
13. Configure NetWare device drivers:
a. On the disk driver screen, make sure the correct drivers were
detected; then select Continue.
b. Allow the driver to copy and load.
c. On the device driver screen, make sure the correct drivers
were detected, then select Continue.
Allow the driver to copy and load.
14. Modify partitions:
a. In the Volume SYS and Partition Properties screen, select
Modify.
b. On the NetWare Partition Size line, press Enter.
c. Delete the existing number and enter 4000.
d. Press Enter again.
e. Leave the other fields as their default value.
f. Save your settings by pressing F10.
g. Select Continue.
Allow the files to copy and the graphical installation utility
to load.
Be sure to give students diskettes 15. Configure advanced server installation parameters:
with the needed license files.
a. In the Server Properties screen, enter DA7 in the Server
Name field; then select Next.
b. Insert your license disk.
c. In the Encryption screen, browse to your license disk using
the browse button at the right of the Location field.

d. In the “Select a region-specific cryptography module (NFK

file)” dialog, browse to and select your cryptography license
file (nfk); then select OK.
e. In the Encryption screen, select Next.
f. In the Configure File System screen, select Next.
g. In the Protocols screen, make sure your network board is
selected.
h. Mark IP.
i. In the IP Address field, enter 10.7.0.1.
j. In the Subnet Mask field, enter 255.0.0.0.
k. In the Router field, enter the IP address of the classroom’s
default gateway, provided by your instructor.
l. Select Next.
m. In the Domain Name Service screen, enter DA7 in the Host
name field.
n. In the Domain field, enter DigitalAirlines.com.
o. In the Name Server field, enter the IP address of your name
server.
p. Select Next.
q. In the Time Zone screen, select your time zone; then select
Next.
16. Configure eDirectory:
a. In the NDS Install screen, make sure Existing NDS Tree is
selected; then select Next.
b. At the right of the Tree Name field, select the browse button.
c. In the NDS Context Browser, select DigitalAir-Tree; then
select OK.
d. In the Context field, enter OU=TYO.O=DigitalAir.
e. In the NDS Install screen, select Next.
f. In the Login to NDS dialog, enter Admin.SLC.DigitalAir in
the Name field.

g. In the Password field, enter novell; then select OK.

Allow eDirectory to install.
h. In the NDS Summary screen, select Next.
17. On the License screen, insert your license disk.
18. Browse to and select the server license (nlf); then select OK.
x The installation program detects any valid license file on your license
diskette. Verify that only one NetWare 6 server license is listed in the
Licenses to be Installed field. If additional licenses are listed, remove
them.
If students encounter the “Failed to 19. Select Next.

Create LDAP NDS Objects Error
Code -659” error, have them 20. In the Components screen, select Clear All; then select Next.
switch to the console prompt and 21. In the Novell Certificate Server 2.21 Objects screen, select Next.
load DSREPAIR -A.
22. In the LDAP Configuration screen, select Next.
Have students Declare a New
23. In the eDirectory iManage Install Options screen, select Next.
Epoch and then run a Full
Unattended Repair until errors 24. In the Summary screen, select Finish and allow the files to copy.
reach 0.
25. When prompted that the installation is complete, remove the
Then have students switch back to NetWare 6 operating system CD and license disk from the
the Install screen and select Retry server; then select Yes.
to finish the installation.
26. Allow the server to reboot.
27. Allow the tree to sit for a few minutes; then run the following
processes with DSTRACE:
❑ Backlinker
❑ Schema sync
Make sure that both processes complete successfully.
(End of Exercise)

Summary
The following is a summary of the objectives in this

section.
Objective Summary
1. Prepare Your To prepare a network for NetWare 6, run

Existing Network Deployment Manager to upgrade eDirectory
program files and update the schema.
2. Prepare Your To prepare your designated computer for

Server for NetWare 6, you
NetWare 6
■ Install and Upgrade Computer and Network
Hardware. Hardware that should be updated
includes
■ CPU
■ RAM
■ Storage Space
■ Access the Installation Files. The files can be
accessed in 3 ways:
■ Booting from the NetWare 6 CD (if your
server has a bootable CD drive)
■ Loading CD drivers from DOS
■ Installing a NetWare DOS client and
accessing installation files stored on a
NetWare server

Objective Summary
3. Install NetWare 6 ■ Specific tasks for installing NetWare 6 include

■ Accept the License Agreement
■ Select the Installation Type
■ Specify Server Settings
■ Select Regional Settings
■ Select the Mouse Type and Video Mode
■ Select a Platform Support Module and
Storage Adapter
■ Select a Storage Device and Network
Board
■ Create a NetWare Partition and Volume
SYS
■ Name the Server
■ Install the NetWare Server File System
■ Install Network Protocols
■ Set Up DNS
■ Set the Server Time Zone
■ Set Up eDirectory
■ License the NetWare Server
■ Install Network Products
■ Install Novell Certificate Server
■ Customize the Installation
■ Complete the Server Installation


Novell Network Management / Instructor Guide Index
Index
A canonical 4-55
CD drive 14-22, 16-4
“A” records 4-55 Certificate Authority 6-9, 14-8
ACL 9-15 certificates 6-45, 6-47
address 4-82, 7-51, 12-23 class Intro-4, Intro-8, 4-23, 4-35, 8-8, 9-10,
administration 12-24, 12-26, 12-29, 9-14, 9-31–9-37, 11-1, 12-5, 14-19,
12-31–12-32, 12-40, 12-43–12-47, 14-21, 15-36
12-50, 12-52, 12-55, 12-57 client 3-1, 11-57, 14-21, 15-43
agent Setup-11, Setup-34, 4-85, 4-90, 4-95,
8-13 cluster 11-55, 12-1, 12-3
compatibility 1-4, 1-14, 1-18, 4-73, 4-86,
Apache Setup-25, Setup-38, 5-11, 11-47, 4-92–4-94, 4-99, 4-103, 7-42, 11-81,
11-73, 13-2–13-3, 13-6, 13-39 16-24
asynchronous 9-21 Compatibility Mode 4-86, 4-93, 4-99, 16-24
autodiscovery 4-72, 4-74 component Setup-35, 1-3, 1-8–1-9,
1-16–1-17, 3-17–3-18, 3-26–3-28,
B 3-43, 4-2, 4-7, 4-17, 4-22, 4-43, 4-73,
4-78, 4-88, 4-92, 4-110, 4-116, 5-7,
background 1-5, 3-22, 5-24, 5-29–5-30, 6-28, 6-9–6-10, 6-23–6-24, 6-39, 7-7,
8-6, 8-8, 8-19, 8-35, 9-6 8-19, 8-33, 10-10–10-12, 10-16,
10-34, 11-1, 11-55, 11-57–11-58,
backlink 9-7, 15-32, 15-42 11-64–11-65, 11-70–11-71, 11-75,
backup 12-30, 12-33, 12-45 12-1, 12-3–12-5, 12-12, 12-42,
bandwidth 1-11, 2-7, 4-86, 14-11 12-45, 12-47, 12-56, 12-58, 12-63,
13-1–13-4, 13-6, 13-15, 13-22,
binary 1-6, 6-45, 6-49–6-50, 6-57, 11-80 13-32, 13-39, 14-2, 14-4, 15-6,
bindery 3-2, 3-8, 3-21, 4-70, 7-40, 15-29 15-42, 16-33
block 5-16 compressed 3-45, 5-24, 15-10
bootable 16-4, 16-34 compression 5-15, 5-24–5-26, 5-55–5-56,
bound 4-29, 4-32, 4-63, 4-89–4-91, 4-97, 5-8, 12-35
8-10, 10-1, 15-10 concurrent 6-65, 14-17
confidential 4-31, 6-25, 6-77
C
cable Setup-26, Setup-33, 1-6, 1-9, 4-35
Index-1 This document should only be used by a Novell-certified instructor. Version 1

configuration Setup-5–Setup-6, Setup-10, 11-89–11-90, 12-5, 12-10–12-11,

Setup-13, Setup-19–Setup-21, 12-14, 12-16, 12-20, 12-22–12-23,
Setup-27–Setup-32, Setup-35, 12-40, 12-52, 12-55, 12-57,
1-4–1-5, 1-9–1-10, 1-17–1-18, 13-5–13-10, 13-12–13-14, 13-16,
3-32–3-33, 3-35, 3-38, 3-41–3-43, 13-19, 13-22–13-23, 13-25–13-26,
4-2–4-3, 4-7, 4-9–4-14, 4-17, 13-28, 13-31–13-32, 13-35,
4-24–4-26, 4-29, 4-35–4-39, 13-39–13-40, 14-8, 14-13, 14-15,
4-49–4-50, 4-57, 4-61, 4-65, 4-68, 15-5–15-7, 15-10–15-11, 15-41,
4-70, 4-77, 4-80–4-81, 4-83, 16-4, 16-15, 16-17–16-18,
4-85–4-86, 4-93–4-94, 4-96–4-97, 16-22–16-25, 16-29–16-32
4-105, 4-111–4-112, 4-115–4-116, connection 1-7, 12-23
5-3, 5-6–5-7, 5-10, 5-36–5-37, 6-30,
6-39, 6-60, 7-7, 7-47–7-48, 7-50, ConsoleOne Setup-3
7-52–7-56, 7-67, 8-5–8-6, 8-8, container 7-36, 11-3
8-10–8-11, 8-18, 8-21–8-22, 8-25, copy 7-30
8-30–8-31, 8-38, 8-40–8-41, 10-13, core dum 15-4, 16-4
10-22, 10-28, 10-30, 11-1–11-2,
11-11–11-12, 11-28, 11-53, create Setup-5, Setup-8, Setup-12–Setup-16,
11-56–11-58, 11-63, 11-65, Setup-21–Setup-24, Setup-35,
11-70–11-71, 11-76, 11-88–11-89, Setup-39, Intro-8–Intro-9, 1-12,
12-13–12-14, 12-20–12-21, 12-23, 2-6–2-7, 3-17, 3-25, 3-30–3-31,
12-34–12-35, 13-7, 13-9–13-12, 3-33, 3-35, 3-39–3-42, 4-2,
13-16, 13-21, 13-23, 13-25, 13-32, 4-11–4-13, 4-15, 4-18–4-22, 4-29,
13-37, 15-5, 15-21–15-24, 4-35, 4-48, 4-54–4-56, 4-58–4-59,
15-26–15-27, 15-29, 15-42, 16-9, 4-66–4-67, 4-89, 4-112, 4-115, 5-25,
16-33 5-33–5-34, 5-40, 5-44, 6-4, 6-6,
6-20, 6-25, 6-27, 6-29–6-32,
configure Setup-10, Setup-12, 6-37–6-42, 6-44–6-48, 6-51,
Setup-19–Setup-20, Setup-25, 6-56–6-57, 6-59, 6-61, 6-68, 6-77,
Setup-27–Setup-33, Setup-36, 7-4–7-7, 7-11, 7-15, 7-22–7-24,
Setup-38–Setup-39, Intro-6, 3-33, 7-28, 7-30, 7-33–7-34, 7-36–7-37,
4-1–4-4, 4-7, 4-9–4-13, 4-16, 7-45, 7-54, 7-57, 7-65, 8-27, 9-2,
4-18–4-19, 4-21, 4-25, 4-32, 4-34, 9-26, 9-28–9-29, 9-31–9-36, 9-38,
4-37–4-38, 4-54–4-57, 4-61, 10-12, 10-14, 10-22, 11-4,
4-63–4-65, 4-67, 4-70, 4-72, 11-12–11-15, 11-18, 11-30, 11-56,
4-76–4-83, 4-85, 4-90–4-95, 11-60–11-63, 11-66–11-67,
4-97–4-99, 4-101–4-102, 4-112, 11-77–11-78, 11-84, 12-17, 12-31,
4-115, 4-117, 5-2, 5-5, 5-11, 5-16, 12-38–12-39, 12-62, 12-64, 13-2,
5-36, 5-41–5-42, 5-53, 6-2, 6-22, 13-12, 13-18–13-19, 13-25–13-26,
6-39, 6-58, 6-70, 6-72–6-73, 6-75, 13-32, 14-9, 14-13, 14-15,
7-46, 7-49–7-51, 8-5–8-7, 14-17–14-18, 14-20–14-21, 15-10,
8-18–8-19, 8-33, 8-38, 8-40, 9-4, 15-12, 15-15, 15-32, 16-4, 16-9,
9-18–9-20, 11-1–11-2, 11-6, 11-8, 16-18, 16-20–16-23, 16-26, 16-28,
11-17, 11-23, 11-28, 11-43, 11-50, 16-30, 16-33
11-52–11-54, 11-58, 11-60,
11-63–11-65, 11-69–11-70, 11-72, cursor 4-84, 13-36
11-75, 11-79, 11-84, 11-87,

D 13-25–13-28, 13-30, 13-33–13-35,

13-37–13-38, 14-8, 14-13–14-16,
database 7-11 14-20, 15-3, 15-8–15-10, 15-14,
deactivate 6-63, 11-10, 11-25–11-26, 11-32, 15-16, 15-18, 15-26, 15-32–15-33,
11-90 15-36–15-39, 15-42–15-43, 16-9,
16-11, 16-27
debug 4-56, 8-6, 15-11
DirXML 8-7
decompression 5-24, 15-10
dismounting 11-32
delete 9-33, 9-35
DNS Setup-5–Setup-7, Setup-9,
Deployment Manager 16-2 Setup-12–Setup-17,
device 12-5 Setup-27–Setup-32, Setup-36,
DHCP Setup-9, Setup-11–Setup-14, Setup-40, 4-2, 4-4–4-5, 4-10–4-11,
Setup-33, Setup-40, 3-7, 4-2–4-21, 4-14–4-18, 4-21, 4-25, 4-39–4-72,
4-25, 4-38–4-40, 4-47–4-48, 4-80, 4-85, 4-100, 4-110, 4-112,
4-53–4-54, 4-57–4-58, 4-61, 4-114–4-115, 6-60–6-61, 7-30, 7-51,
4-63–4-65, 4-67–4-72, 4-78, 4-80, 9-18–9-19, 9-23–9-24, 11-41,
4-83, 4-85–4-86, 4-92–4-94, 4-98, 11-48–11-49, 11-71–11-73, 11-76,
4-110–4-112, 4-115, 7-30, 13-17, 13-12, 13-17, 13-30, 14-19–14-20,
14-20, 15-36–15-37 15-5, 15-36–15-37, 15-41, 16-25
diagnose 5-7, 5-10, 8-11 Domain
DIB 8-40 Name Service 15-41, 16-32
directory Setup-11–Setup-12, domain 4-49
Setup-22–Setup-24, driver 4-86, 16-4
Setup-34–Setup-36, 1-12, 2-7–2-9, DSREPAIR 16-33
3-8–3-9, 3-11, 3-13–3-14,
3-30–3-34, 3-40, 3-42, 3-45, 4-40,
4-74, 4-80, 4-83, 4-85, 4-116, 5-7, E
5-14, 5-22, 5-28, 5-47, 5-54, 7-2,
7-25, 7-36, 7-39, 7-44, 7-50, 8-2, eDirectory Intro-3, 8-34, 11-62
8-5–8-7, 8-14, 8-34–8-35, 8-40, 9-5, encrypted 6-6, 6-8, 6-16–6-22, 6-27–6-28,
9-7–9-10, 9-12–9-13, 9-15–9-16, 6-31–6-32, 6-35, 6-37, 6-40, 6-54,
9-19, 9-23, 9-38, 11-3, 11-8, 6-59, 6-63, 6-80, 11-43, 11-45
11-17–11-21, 11-23, 11-45, 11-51,
11-59, 11-66–11-67, 11-77–11-79, entry 9-4
11-89, 12-4–12-5, 12-7–12-9, 12-15, epoch 16-33
12-17–12-18, 12-20, 12-24–12-25, ETC 13-36
12-34, 12-37, 12-39–12-42, 12-44,
12-46, 12-52, 12-55, 12-57, 13-10, Exchange 4-55
13-12–13-14, 13-19–13-21, export Setup-17, Setup-36, 4-12, 4-14, 6-28,
6-33, 6-40–6-42, 6-44–6-45,
6-48–6-55, 6-57, 9-12, 9-15–9-16,
9-19–9-24, 9-38, 15-3
exporting 6-41, 6-45, 6-53

external Setup-19, 6-1–6-3, 6-11–6-12, 6-25, H

6-27–6-28, 6-30–6-31, 6-34, 6-46,
6-48, 6-72, 7-45, 7-47, 7-55, 7-57, HAM Setup-12, Setup-36, 12-10–12-11,
8-9, 8-27, 9-7, 9-10, 12-11, 12-59 12-20, 16-15
handlers 9-16
F hardware Setup-1–Setup-3, Intro-1, 1-3–1-4,
1-8–1-10, 2-4, 4-101, 5-8, 5-11,
File 5-42, 5-46, 5-57, 7-25, 7-42,
7-47–7-49, 11-55, 12-1, 12-10,
Allocation Table 5-22 12-61–12-62, 12-64, 14-2–14-4,
file 14-10–14-11, 14-13, 14-15, 14-17,
system 3-3, 3-6, 3-11–3-13, 3-19, 4-40, 14-21–14-23, 15-17, 16-3, 16-12,
4-70, 5-2, 5-15, 5-22, 5-25–5-26, 16-14, 16-34
5-33, 5-47–5-50, 5-55, 6-2, 7-2, header 3-10, 5-6
8-28, 9-28–9-29, 11-1, 11-9, health 1-8, 1-10, 1-16, 5-3, 5-6–5-8,
11-31–11-32, 11-38, 11-40, 5-10–5-11, 5-19–5-21, 7-1, 8-2, 8-5,
11-53, 12-5, 12-7–12-8, 12-12, 8-8, 8-11–8-16, 8-30, 8-32, 8-40,
12-18, 12-24–12-27,
12-33–12-34, 12-37, 8-42, 9-5–9-6, 9-9, 11-31, 14-13,
14-15, 15-26, 15-38, 16-30
12-40–12-41, 12-44,
12-49–12-50, 12-54–12-56, check 8-12–8-13, 8-15–8-16, 8-30,
12-60–12-64, 14-5, 14-10, 9-5–9-6, 9-9, 14-13, 14-15,
14-13, 14-15, 15-5–15-6, 15-38, 16-30
15-8–15-10, 15-20, 15-41, hexadecimal 7-42, 16-10
15-44, 16-21–16-23, 16-32 host
fixed memory 8-36–8-37, 8-39, 8-42 server 12-13, 12-17
flush 5-49, 5-51–5-52, 15-33 host adapter module 16-15
format 9-12, 9-38
free space 14-3
I
G iFolder Setup-9–Setup-10, Setup-21,

Setup-25–Setup-32,
generate 3-35, 6-10, 6-17–6-18, 6-27, 6-34, Setup-38–Setup-39, 2-5, 3-2, 5-4,
6-47, 6-69, 6-77, 11-63 5-11, 11-1, 11-40–11-52, 11-69,
11-72, 11-76, 11-80–11-81,
global Setup-13, 4-11–4-12, 4-14, 4-38, 4-48, 11-84–11-85, 11-87–11-90,
4-61, 4-65, 4-93, 4-112, 4-115, 7-16, 13-3–13-4, 14-20, 15-37, 16-2
15-38
group 4-10
GroupWise 6-58
GUI 4-16, 5-37

iManager Setup-10, Setup-12, 4-11–4-12, LicenseService Provider 10-10–10-11,

4-18, 4-20, 4-38, 4-57, 4-60–4-61, 10-34
4-65, 4-69, 4-85, 4-93, 4-99, 4-112, limit 11-8
4-114, 6-22, 6-26, 10-1, 10-5, 10-13,
10-15, 10-19–10-20, 10-22, 10-25, list 4-82, 11-13, 11-19, 11-21–11-22, 12-40,
10-29–10-30, 10-34, 13-10, 15-6, 12-52
15-42, 16-27 LOAD Setup-14, Setup-16, Setup-40, 1-3,
Import/Conversion Export (ICE) 9-12 4-9–4-10, 4-20, 4-34–4-35, 4-41,
4-46, 4-51, 4-83, 4-87, 4-90–4-91,
Internet 4-97, 4-102, 4-105, 4-117, 5-2, 5-8,
protocol 4-21 5-14, 5-40–5-41, 5-43–5-44, 5-46,
interval 5-30, 7-48, 7-50, 8-19, 8-35, 8-37, 5-54, 6-61, 7-25, 7-31, 7-33, 8-2,
10-30, 11-47 10-11, 10-29, 12-3, 12-10–12-13,
12-20–12-21, 12-24, 12-35, 12-54,
IP 12-63, 13-7, 13-11, 13-17, 13-24,
address 4-82, 7-51, 12-23 13-34, 15-4, 15-8–15-9, 15-21,
15-23, 16-1, 16-4, 16-11, 16-18,
16-31, 16-33
J SCMD 4-90–4-91, 4-97, 4-102, 4-105,
4-117
JReport 15-5, 15-41, 16-6–16-7, 16-30
log file 11-3
log in 6-22
K logical 4-43, 4-97, 5-31, 7-2, 7-16, 7-44,
8-34, 8-39, 8-42, 11-2–11-4, 11-11,
Key Material object 6-30 11-15, 11-24–11-29, 11-31–11-33,
KMO 6-30, 6-46 11-35–11-37, 11-89–11-90, 13-18,
Knowledgebase 2-4 16-4
login 15-19
L long name 15-8
LSP 10-10–10-13, 10-17, 10-34
LAN Setup-19–Setup-20, Intro-1, 3-27–3-28,
4-34–4-37, 4-90, 5-10–5-11, 5-14,
5-16, 5-19, 5-28, 5-42, 5-54, 15-2, M
15-7, 15-17, 16-8, 16-18
Main Menu 12-19
LBURP Setup-18, Setup-37, 9-21–9-22, 9-25
management Setup-12–Setup-15, Intro-2, 1-9,
LDAP 1-16, 3-3–3-4, 3-17, 3-22–3-23,
Bulk Update/Replication Protocol 9-21 3-25, 4-5–4-7, 4-11–4-15,
Data Interchange Format 9-12, 9-38 4-18–4-20, 4-38, 4-48, 4-54,
LDIF Setup-2, Setup-17–Setup-18, 4-57–4-61, 4-66–4-69, 4-72, 4-85,
Setup-36–Setup-37, 8-35, 9-12–9-17, 4-93, 4-110, 4-112, 4-115, 5-1–5-3,
9-19–9-26, 9-38, 14-20, 15-37 5-8–5-9, 5-11, 5-19, 5-25–5-26,
5-28, 5-30–5-31, 5-53, 6-12, 6-22,
license 6-30, 6-35, 6-63, 7-8, 7-16, 7-25,

7-29–7-30, 7-43, 9-1, 10-18–10-20, resolution 7-8

10-22, 10-25, 10-29, 11-1, 11-23, Native File Access Pack 3-2, 11-1, 11-57,
11-36, 11-40, 11-42–11-47, 11-64
11-49–11-52, 11-58, 11-90–12-1,
12-3–12-4, 12-25, 12-42, 12-45, navigation 2-10, 4-18–4-20, 4-57–4-59, 5-6,
12-47, 12-56, 12-58, 12-63, 13-3, 8-4–8-5, 8-8, 8-24, 8-26, 12-36, 16-5
13-7, 13-9–13-10, 13-39, 14-9, Navigator 6-28, 8-5, 11-70, 13-3
14-17–14-18, 14-20, 15-4, 15-37, NDS Setup-17, Setup-22, Setup-25, Setup-36,
16-27 Setup-38, 5-11, 7-42, 8-4, 8-14, 8-19,
master 4-45, 7-4–7-6, 7-10, 7-13, 7-15–7-16, 8-30, 8-34, 8-41, 9-5–9-6, 9-16,
7-19, 7-27–7-28, 7-30–7-35, 7-37, 9-19–9-20, 9-22–9-24, 9-26, 11-63,
7-64–7-65, 8-9, 8-16–8-17, 9-6–9-7, 12-29, 12-34, 12-61, 14-6–14-7,
10-9, 10-11, 11-71, 14-7, 15-14, 15-24, 15-28, 15-30, 15-33,
14-12–14-14, 14-21, 15-30 15-39–15-42, 16-25–16-26,
media 11-12, 11-14–11-16, 11-24–11-30, 16-32–16-33
11-36–11-37, 11-39, 12-1, 12-17, NDSPKI 6-30, 6-38, 6-41, 6-43, 6-46, 6-48
12-42, 13-18 NetDrive 11-87
memory 1-12–1-13, 3-17, 5-2, 5-7–5-8, Netscape 5-4, 6-28, 8-3–8-4, 11-70, 13-3,
5-10–5-11, 5-14–5-15, 5-23, 13-8
5-27–5-37, 5-39–5-42, 5-44, NetStorage Setup-27–Setup-28, 11-78
5-46–5-47, 5-49–5-50, 5-54–5-57,
8-34–8-37, 8-39, 8-42, 12-13–12-14, NetWare
14-2, 14-4, 14-22, 15-4, 16-3 NetWare 6 Setup-3, 12-2
migrate 4-86, 4-103–4-104, 4-106–4-109, NetWare browser 5-4, 8-3
4-118, 9-20, 14-2, 14-6, NetWare FTP Server 11-80, 13-3, 13-10,
14-10–14-14, 14-16, 15-1, 15-3, 13-22–13-26, 13-28, 13-32,
15-6, 15-9, 15-18, 15-20–15-21, 13-34, 13-39
15-24, 15-28, 15-44
NetWare Migration Wizard 15-11
migrating 4-86, 4-104–4-105, 4-108, 14-1,
14-4–14-6, 15-3, 15-7–15-8, 15-10, NetWare Peripheral Architecture 16-15
15-13, 15-17, 15-32 NetWare Web Manager 4-85, 13-3,
modify 9-34, 10-18 13-7–13-11, 13-14–13-16,
13-20–13-21, 13-23–13-25,
monitor 1-4, 2-6, 2-12, 3-3, 3-21, 5-2–5-3, 13-39
5-6–5-8, 5-10, 5-17–5-22, 5-30,
5-33, 5-42, 5-46, 5-48, 5-50, NetWare Web Services 13-3
5-53–5-55, 5-57, 7-49, 8-2–8-3, network Intro-2, 3-1, 4-89, 6-3, 11-57,
8-5–8-6, 8-11, 8-38, 8-40, 11-68–11-69, 14-4, 16-3
10-19–10-20, 10-34, 11-1, 11-9, board Setup-33, 14-22, 16-18
11-23, 11-90, 13-7, 13-39, 14-3
packets 16-24
NFAP 3-2, 5-4, 11-1, 11-52–11-58,
N 11-60–11-64, 11-67, 11-75, 11-90
name

NLM Setup-12, Setup-14, Setup-16, options 3-45, 6-14, 12-11, 12-20, 12-23
Setup-21, Setup-36, 1-4, 4-3–4-6,
4-9–4-10, 4-25, 4-88, 4-91, 4-93,
4-98, 4-105, 4-110–4-111, 5-2, 5-8, P
5-11, 5-14, 5-28, 5-31, 5-41, 5-44,
5-54, 6-30, 6-61–6-63, 7-46, 8-3, packets 6-64
8-19, 9-4, 9-6, 9-10, 9-12, 10-10, parameters 5-10, 5-21, 7-49, 9-19–9-20, 11-9
10-12–10-13, 10-23, 10-27, 12-3, partition 6-28, 7-5, 7-32, 9-7, 9-11
12-12–12-14, 12-20–12-21, 12-24,
12-35, 12-38, 14-13, 14-15, 15-18, pass phrase 11-48
15-23, 15-26, 16-18 password 11-60, 13-30
NMAS 6-29, 6-33, 11-55–11-56 physical 4-8, 4-13, 4-97, 5-31–5-32, 6-61,
node 1-6, 4-1–4-2, 4-4, 4-6, 4-13, 4-40, 4-43, 6-65, 7-22, 7-25, 7-54, 8-34,
4-63, 4-106–4-108, 4-111, 16-24 8-36–8-37, 8-39, 8-42
Notes 14-17, 14-21 PKI 6-7, 6-9, 6-30, 6-33, 9-2
Novell PKIS 9-4, 14-8
Novell Cluster Services 12-3 PKIS entry 9-4
Novell Distributed Print Services 3-23, platform support module 16-14
4-5, 16-8 policies 11-43
Novell International Cryptographic Infra- pool 11-3, 13-18
structure 6-27, 11-56 port Setup-17, Setup-36, 4-26–4-29, 4-113,
Novell Modular Authentication Service 5-5, 5-9, 7-51, 8-4, 9-18, 9-23–9-24,
11-55 11-59, 11-66, 11-72–11-73, 11-76,
Novell Native File Access Pack 3-2, 11-1 11-84, 12-10, 12-23, 13-6,
13-8–13-9, 13-16–13-17, 13-24,
Novell Portal Services 11-69 13-32, 16-15, 16-18
Novell Storage Services 5-47, 11-1 port number 11-73, 13-8
NSS Setup-9, Setup-27–Setup-32, 1-12–1-13, post-installation 11-70, 15-34
5-22, 5-47–5-52, 5-57, 11-1–11-6,
11-8–11-11, 11-14–11-15, 11-17, post-migration 5-4, 15-32
11-23–11-39, 11-55, 11-89–11-90, pre-migration 5-4, 15-11, 16-9
13-18, 14-20, 15-4, 15-8, printer Setup-15–Setup-16, 3-1, 3-23, 4-6,
15-32–15-33, 15-37, 16-19–16-20, 7-2, 9-27–9-28, 9-38, 10-8, 10-33
16-22
processes 5-14, 5-18, 5-54
NWPA 16-15
processor 1-10, 5-2, 5-42, 5-49, 9-21, 16-3
property Setup-25, Setup-38, 3-6, 3-11, 3-16,
O 3-39, 3-43–3-44, 4-21, 4-68, 4-74,
4-80, 4-93–4-94, 4-99, 6-2, 6-41,
object Intro-8, 4-11, 4-49, 6-30, 6-51, 7-6, 6-43, 6-45, 6-47, 6-49–6-50,
7-23, 7-25, 7-27, 10-8, 10-11–10-12, 6-55–6-57, 9-29–9-30, 9-32–9-35,
11-30, 11-56 9-37, 10-20, 10-22, 11-6–11-8,
operating system 5-29

11-12–11-19, 11-21, 11-23–11-31, rights Setup-25, Setup-38

11-36–11-37, 11-39, 11-58, 11-61, router 4-38
11-65, 11-67, 11-73, 11-84,
12-22–12-24, 12-30, 13-18–13-19,
13-33, 13-36, 16-15, 16-18, 16-29, S
16-31
protocol Setup-5–Setup-6, Setup-8–Setup-9, schema 9-2, 9-8
Setup-11, Setup-20, scope
Setup-27–Setup-32, Setup-34, 1-13, settings 4-15
3-27–3-28, 4-2–4-3, 4-5, 4-21, 4-37,
4-87, 4-97, 4-102–4-103, 4-110, 5-8, SCSI 15-40, 16-3, 16-15, 16-17, 16-30
6-60–6-61, 6-64–6-65, 6-68, 7-45, secondary Setup-9, Setup-26–Setup-33,
9-12, 9-21, 10-18, 11-53–11-55, 4-25–4-26, 4-32, 4-41, 4-46–4-47,
11-60–11-61, 11-65, 11-79, 15-41, 4-49–4-50, 4-52–4-53, 4-57–4-59,
16-24, 16-32 6-60, 7-47–7-49, 7-53–7-54,
PS/2 14-3, 14-22 7-56–7-59, 7-67, 11-44, 13-6, 13-16,
15-11
PSM 16-14
Secure Socket Layer 6-6
public
security Intro-2, Intro-8–Intro-9, 1-4, 1-14,
key infrastructure 6-7, 6-21 2-10, 4-3, 4-18, 4-22, 4-31, 4-38,
purge 3-14, 7-39, 11-27–11-29, 11-37, 11-90 4-85, 5-5, 5-9, 6-1–6-4, 6-9–6-10,
6-12–6-13, 6-25, 6-28–6-29, 6-32,
6-36–6-37, 6-40–6-41, 6-43, 6-45,
R 6-52–6-53, 6-55–6-58, 6-61–6-65,
6-69, 6-77, 9-2–9-4, 10-14, 11-55,
RAID 14-4, 16-3 11-60, 11-62–11-63, 11-78, 11-81,
RAM Setup-2 12-4, 12-15–12-16, 12-23, 13-20,
read 6-20 13-25, 13-33, 14-3, 14-8–14-9, 16-28
replica server Setup-2, Setup-5–Setup-7,
Setup-9–Setup-20,
ring 7-8–7-9, 7-21, 7-37, 7-42, 8-8, 9-7, Setup-24–Setup-34,
9-11 Setup-36–Setup-40, Intro-6,
synchronization 8-15, 8-30, 8-32, 8-42, Intro-8–Intro-9, 1-4–1-5, 1-8–1-9,
9-7, 9-10 1-12–1-14, 1-17–1-18, 2-7, 2-9,
reports 5-10 2-11, 2-13, 3-1, 3-5–3-10, 3-16,
3-18–3-19, 3-21–3-22, 3-25, 3-27,
resource Setup-15, 1-5, 4-5, 4-48–4-49, 4-52, 3-29–3-31, 3-38–3-42, 3-44–3-45,
4-54–4-56, 4-60, 4-64, 4-66, 4-3–4-4, 4-6–4-9, 4-11–4-13,
4-68–4-69, 4-115, 5-2, 5-12–5-13, 4-16–4-21, 4-25, 4-34–4-36,
5-54, 9-1, 9-27–9-28, 9-38, 11-60, 4-38–4-39, 4-42, 4-45–4-50,
12-27, 12-34, 12-41, 12-49,
14-17–14-18 4-52–4-62, 4-64–4-68, 4-71–4-73,
4-75, 4-77, 4-79, 4-81–4-86,
record 4-66, 4-68–4-69 4-88–4-95, 4-97, 4-102, 4-105,
restore 12-53 4-111–4-112, 4-114–4-117,
revision 9-2, 9-5 5-1–5-10, 5-12–5-24, 5-27–5-29,

5-31–5-37, 5-39–5-43, 5-46–5-51, session 12-18

5-53–5-57, 6-1–6-2, 6-4, 6-6–6-7, set 11-11, 12-16
6-10, 6-13, 6-18, 6-22, 6-24–6-31,
6-33–6-34, 6-36–6-40, 6-42–6-48, SET parameters 5-10, 5-21
6-50–6-52, 6-54, 6-56, 6-60–6-67, settings 4-15, 6-14, 12-22, 12-54
6-70–6-71, 6-76–6-77, 7-1–7-2, Single Reference time provider 7-49
7-4–7-10, 7-12–7-15, 7-21, SLP 3-8, 4-2, 4-5, 4-70–4-86, 4-88, 4-90,
7-27–7-29, 7-31–7-33, 7-35, 4-94, 4-99–4-100, 4-116–4-117,
7-37–7-38, 7-40, 7-43–7-59, 7-61, 7-50–7-51, 7-53, 7-59, 7-67, 14-20,
7-65–7-67, 8-2–8-9, 8-11, 8-13, 15-8, 15-36–15-37
8-15–8-17, 8-19–8-22, 8-26–8-27,
8-29–8-30, 8-32–8-33, 8-36, 8-38, SMDR 4-70, 12-4–12-5, 12-13–12-14, 12-21,
8-40–8-42, 9-2–9-12, 9-15, 12-63
9-17–9-25, 9-27–9-29, 9-38, SMS Setup-12, Setup-36, 8-9, 12-1–12-5,
10-2–10-5, 10-7–10-8, 10-10–10-13, 12-10, 12-13–12-14, 12-17, 12-19,
10-19–10-20, 10-22–10-24, 12-21–12-22, 12-24–12-26,
10-26–10-30, 10-33–10-34, 12-29–12-30, 12-33, 12-35–12-37,
11-1–11-5, 11-8–11-12, 12-40, 12-42, 12-45, 12-47–12-48,
11-14–11-15, 11-20, 11-23–11-28, 12-52–12-53, 12-55–12-58, 12-61,
11-30, 11-33–11-38, 11-40–11-53, 12-63–12-64, 15-6
11-55–11-59, 11-64–11-68, SMTP 4-55
11-70–11-73, 11-75–11-76,
11-79–11-81, 11-83–11-89, SNMP 10-18
12-2–12-5, 12-10–12-18, software Setup-1–Setup-3,
12-20–12-21, 12-23–12-27, Setup-21–Setup-22, Setup-24,
12-29–12-35, 12-37–12-38, 12-40, Setup-34–Setup-35, Setup-39,
12-44, 12-47–12-55, 12-58–12-64, 1-3–1-6, 1-8–1-10, 1-14, 1-16–1-17,
13-1–13-3, 13-5–13-28, 2-1, 2-4–2-7, 2-12–2-13, 3-1,
13-30–13-40, 14-3–14-23, 3-3–3-4, 3-17–3-20, 3-22,
15-1–15-11, 15-14, 15-16–15-21, 3-25–3-27, 3-29–3-30, 3-32,
15-23–15-26, 15-28–15-30, 3-36–3-37, 3-40, 3-44, 3-48, 4-5,
15-32–15-34, 15-36–15-44, 4-7, 4-9, 4-89, 4-92, 4-100, 4-110,
16-1–16-5, 16-8–16-11, 5-3, 6-8, 6-15–6-16, 6-27,
16-18–16-19, 16-21–16-22, 6-69–6-70, 6-76, 7-28, 7-42, 8-3,
16-24–16-34 8-19, 9-5, 10-10–10-14,
license 15-42, 16-33 11-52–11-56, 11-60–11-61, 11-87,
12-1–12-2, 12-4, 12-12, 12-19,
management Setup-12, Setup-14, 12-33, 12-48, 13-4–13-5, 14-2–14-3,
4-12–4-13, 4-18–4-19, 4-58, 14-17–14-18, 15-13, 16-4,
4-112, 5-2, 5-53, 6-30, 16-6–16-8, 16-15, 16-17–16-18
11-42–11-47, 11-49–11-52
space 7-30, 11-30, 14-3
policies 11-43
SSL Setup-17, Setup-36, 5-4–5-5, 6-6–6-7,
server-to-server 9-6, 9-9 6-13, 6-22, 6-25, 6-29, 6-36–6-37,
service 6-29, 6-60, 11-55, 11-58, 12-24, 13-5 6-47, 9-2, 9-18, 11-81, 11-84
Service Location Protocol 4-2, 4-5

start Setup-3, Setup-13–Setup-14, Setup-17, subnet Setup-7, Setup-13, Setup-33, 4-1–4-2,

Setup-25, Setup-35–Setup-36, 4-8, 4-11–4-15, 4-19–4-20, 4-36,
Setup-38, 1-3, 1-9, 1-16, 2-7, 3-34, 4-62, 4-64–4-65, 4-67, 4-85–4-86,
3-39–3-40, 4-12, 4-15, 4-20–4-21, 4-93, 4-112, 4-115, 14-20, 15-5,
4-38–4-39, 4-54–4-55, 4-59, 4-61, 15-36, 15-41, 16-24, 16-32
4-65, 4-69, 4-84, 4-115, 5-9, 6-14, subsystem 5-2, 5-15, 5-27, 5-31, 5-55, 8-6
6-37–6-38, 6-40–6-43, 6-48,
6-50–6-53, 6-56–6-57, 7-4, 8-23, Support Pack Setup-1–Setup-2,
8-33, 9-23, 10-29, 11-6, 11-8, 11-12, Setup-5–Setup-7,
11-15, 11-24–11-28, 11-30, 11-36, Setup-10–Setup-11,
11-41, 11-49, 11-57, 11-61, Setup-27–Setup-32, Setup-34, 2-6,
11-63–11-64, 11-66, 11-71, 11-73, 2-10, 2-15, 3-45, 8-3, 10-8, 14-2,
11-75–11-78, 11-87, 12-9, 14-22, 15-3, 15-8
12-13–12-14, 12-20–12-22, 12-24, synchronization 8-41
12-27, 12-29, 12-32, 12-51, SYS Setup-5–Setup-6, Setup-9, Setup-12,
12-53–12-54, 13-16–13-17, 13-30, Setup-17, Setup-21,
13-33, 13-37, 13-40, 14-16–14-17, Setup-24–Setup-25,
15-4, 15-11 Setup-27–Setup-32, Setup-36,
state 11-23 Setup-38, 2-7, 3-27, 3-31, 3-36,
storage Intro-3, 5-2, 5-10, 5-23, 5-47, 5-51, 3-39–3-43, 3-45, 4-82, 5-32,
11-1–11-2, 11-9, 11-12, 11-18, 5-34–5-38, 6-63, 7-39–7-40, 8-10,
11-23, 11-27, 11-30–11-32, 11-39, 9-7, 9-23, 9-25, 11-12, 11-32, 11-59,
11-43, 11-47–11-49, 11-52, 11-69, 12-7, 12-14–12-15, 12-17, 12-20,
11-89–12-1, 12-3–12-5, 12-25, 12-27–12-28, 12-34–12-36,
12-10–12-11, 12-16–12-18, 12-38, 12-52, 12-60–12-61, 12-64,
12-20–12-21, 12-28, 12-39, 12-42, 13-13, 13-18–13-19, 13-25–13-28,
12-45, 12-47–12-48, 12-51, 12-56, 13-33–13-35, 14-3, 14-20, 14-22,
12-58, 12-63, 13-18, 14-4, 15-5, 15-17–15-18, 15-23, 15-34, 15-37,
15-41, 16-3, 16-11, 16-13–16-17, 16-4, 16-8, 16-11, 16-18–16-21,
16-20–16-22, 16-34 16-23, 16-31
adapter 16-13, 16-15, 16-17 system Setup-12, Setup-20–Setup-24,
Setup-36, Intro-8, 1-3, 1-5–1-9, 1-17,
area network 14-4, 16-3 3-3–3-4, 3-6, 3-9–3-13, 3-17, 3-19,
device 12-5 3-22, 3-27, 3-32, 3-38–3-39,
Storage Management Engine 12-3, 12-63 3-44–3-46, 4-2, 4-4, 4-16–4-17,
4-37, 4-40, 4-42, 4-64, 4-70, 4-114,
Storage Management Services 12-1 5-2–5-4, 5-10, 5-12, 5-14–5-15,
structure 12-8 5-17, 5-22, 5-24–5-27, 5-29–5-33,
subcontainer Setup-10, Setup-25, 5-35–5-37, 5-39, 5-41–5-43,
Setup-27–Setup-32, Setup-38, 5-47–5-51, 5-55–5-57, 6-2–6-3,
Intro-6, 6-28 6-10, 6-15–6-16, 6-18, 6-22, 6-24,
subdirectory 13-27 6-44–6-47, 6-60–6-61, 6-63,
6-66–6-67, 6-69–6-72, 6-75–6-76,
7-2, 7-6, 7-24, 7-44–7-45, 8-3,
8-9–8-11, 8-22, 8-28, 8-30, 9-7,
9-28–9-29, 10-18, 11-1, 11-3, 11-9,

11-11, 11-18, 11-20–11-21, 11-27, 11-10, 11-27–11-28, 11-31–11-32,

11-31–11-32, 11-35, 11-38, 11-40, 11-37, 11-43, 11-50–11-51, 11-62,
11-48–11-54, 11-59, 11-67, 11-69, 11-73, 12-1, 12-14, 12-18–12-19,
11-81, 11-88–11-89, 12-5, 12-22–12-23, 12-32, 12-36, 12-39,
12-7–12-8, 12-11–12-12, 12-43, 12-52, 12-58–12-59, 12-64,
12-17–12-18, 12-24–12-27, 13-7, 13-25, 13-35, 14-5, 14-14,
12-33–12-35, 12-37–12-38, 14-16–14-17, 15-9–15-11, 15-16,
12-40–12-41, 12-44, 12-49–12-50, 15-24, 15-28, 15-30, 15-38, 16-1,
12-52, 12-54–12-56, 12-60–12-64, 16-4–16-5, 16-25, 16-32
13-12, 14-2, 14-5–14-7, 14-10, server 7-46–7-47, 7-49–7-51, 7-53–7-57,
14-13, 14-15, 14-20, 15-2–15-6, 7-66–7-67, 15-28, 16-25
15-8–15-11, 15-13, 15-17, 15-20,
15-34, 15-39–15-41, 15-44, TIMESYNC type 15-11
16-2–16-3, 16-5, 16-9, 16-11–16-12, traditional
16-19, 16-21–16-23, 16-30, volume 1-12, 5-22–5-23, 5-25, 5-48,
16-32–16-33 5-56, 11-3, 11-11–11-12,
11-15–11-16, 11-31, 11-36
T transaction 6-7, 6-20, 8-35, 10-13, 10-18,
11-11, 11-43, 11-89
target Transaction Tracking System 11-11, 11-89
server 3-7, 3-9, 12-11–12-12, 12-15, transmission 6-8, 6-16, 6-22–6-23, 6-25,
12-26, 12-29 6-62, 6-77
Target Service Agent Setup-11, Setup-34, tree 3-19, 6-30, 7-26
12-12, 12-22–12-23, 12-54 trustees 9-29, 13-36
TID Setup-21, 2-4, 2-9, 2-11, 2-14–2-15, TSA Setup-11, Setup-34, 3-41, 3-43, 12-4,
3-27, 9-3, 14-9, 15-8 12-12, 12-17, 12-21–12-24, 12-26,
time Setup-1–Setup-2, Setup-18, Setup-23, 12-34, 12-38, 12-44, 12-48,
Setup-37, 1-4–1-6, 1-12, 2-4–2-5, 12-51–12-52
2-7, 3-6, 3-25, 3-30–3-31, 3-48, TTS 11-11, 11-89
4-3–4-4, 4-8, 4-10, 4-14, 4-16, 4-25, tune 5-47, 5-51
4-64–4-65, 4-70, 4-72, 4-74, 4-83,
4-86, 4-95, 4-98, 4-100, type 15-11, 15-33
4-103–4-104, 4-117–4-118, 5-2, 5-9,
5-12–5-13, 5-16–5-19, 5-21–5-22,
5-32, 5-35, 5-42, 5-47–5-48, 5-50, U
5-55, 5-57, 6-35, 6-63, 6-65, 6-71,
7-7, 7-9, 7-11–7-12, 7-21, 7-24, UA 4-73, 4-75–4-76, 4-78, 4-80, 4-116
7-26, 7-30–7-31, 7-34, 7-41, UAL 10-3–10-9, 10-22, 10-33
7-44–7-60, 7-64, 7-66–7-67, 8-6, unattended 8-27, 8-30, 8-33, 14-13, 14-15,
8-8, 8-13–8-14, 8-17, 8-19–8-21, 15-9, 15-34, 15-38, 16-33
8-23, 8-25, 8-30–8-31, 8-36, 8-41,
9-5–9-6, 9-9–9-10, 9-13, 9-21, update 4-67
9-23–9-24, 9-26, 9-33, 9-35, 10-3,
10-16, 10-25–10-27, 10-30, 11-1,

upgrade Intro-3, 3-7, 3-29–3-31, 3-33, 3-36, Z

3-38, 3-41–3-45, 4-86, 4-95,
4-103–4-109, 4-117–4-118, 9-1–9-4, zone Setup-14–Setup-16, Setup-23,
9-9, 9-38, 11-14, 14-1–14-6, 4-10–4-11, 4-41, 4-43–4-60, 4-62,
14-8–14-19, 14-21, 14-23, 4-64, 4-66–4-69, 4-71, 4-115, 6-60,
15-1–15-6, 15-9, 15-11, 15-30, 7-45, 15-28, 16-25, 16-32
15-32–15-36, 15-40–15-45, 16-3,
16-9, 16-11, 16-19, 16-34
user 8-11, 16-26
Access License 10-33
account Setup-39, 3-21, 6-61, 7-41,
11-42–11-43, 11-45–11-46,
11-48, 13-25–13-26,
13-32–13-35, 13-37, 14-8,
14-20, 15-37
utilities 3-10, 3-14, 5-28, 13-36
V
version 3-44, 9-5
view 9-26, 11-21
volume 11-3, 11-31, 12-27, 13-18
SYS 16-8, 16-19
W
web
server Setup-25, Setup-38, 4-62, 6-18,
6-24, 6-26, 11-73, 11-79, 11-81,
13-1–13-3, 13-5–13-22, 13-24,
13-31, 13-39–13-40
services 1-11, 4-31, 6-13, 13-1–13-5,
13-7–13-10, 13-17, 13-39, 15-3
Web Distributed Authoring and Versioning
11-79, 13-3
Windows
95/98 3-36
write 3-36, 3-43


Novell Network Management Netware 6 Instructor Guide Volume 2

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Novell Network Management Netware 6 Instructor Guide Volume 2

Hochgeladen von

Copyright:

Verfügbare Formate

Novell Network ®

TOC-iii This document should only be used by a Novell-certified instructor. Version 1

MODULE 1 Identify Troubleshooting Skills and Resources

SECTION 1 Use a Systematic Troubleshooting Process

TOC-iv This document should only be used by a Novell-certified instructor. Version 1

SECTION 2 Use Documentation and Research Tools for Support

MODULE 2 Optimize and Manage the Network

SECTION 3 Understand and Manage Client Access on a NetWare 6

TOC-v This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Update Novell Client Software. . . . . . . . . . . . . . . . . . . . . . . . 3-29

SECTION 4 Build a TCP/IP Network Using NetWare 6

TOC-vi This document should only be used by a Novell-certified instructor. Version 1

Objective 4 Create a Private Network Using NAT . . . . . . . . . . . . . . . . . . 4-22

TOC-vii This document should only be used by a Novell-certified instructor. Version 1

SECTION 5 Manage and Optimize NetWare 6 Servers

TOC-viii This document should only be used by a Novell-certified instructor. Version 1

Objective 6 Manage and Optimize the Memory Subsystem . . . . . . . . . . . 5-27

MODULE 3 Manage Security

SECTION 6 Implement External Security Measures

TOC-ix This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Use Novell Certificate Server to Implement Public Key

MODULE 4 Maintain and Manage eDirectory

SECTION 7 Optimize eDirectory Performance

TOC-x This document should only be used by a Novell-certified instructor. Version 1

Objective 2 Identify Basic eDirectory Administrative Procedures . . . . . . 7-20

SECTION 8 Use iMonitor to Manage and Maintain eDirectory

TOC-xi This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Repair eDirectory Using iMonitor . . . . . . . . . . . . . . . . . . . . . 8-26

SECTION 9 Manage eDirectory Upgrades, Resource Redirections,

TOC-xii This document should only be used by a Novell-certified instructor. Version 1

Objective 2 Use the eDirectory Import/Export Wizard to

TOC-xiii This document should only be used by a Novell-certified instructor. Version 1

MODULE 5 Implement Novell Licensing Services

SECTION 10 Identify the Fundamentals of Novell Licensing Services

TOC-xiv This document should only be used by a Novell-certified instructor. Version 1

MODULE 6 Set Up and Manage Network Storage

SECTION 11 Set Up and Configure File Storage and Access

TOC-xv This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Set Up User Access to the Server File System . . . . . . . . . . 11-40

SECTION 12 Perform Backup and Restore Tasks with NetWare 6

TOC-xvi This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Restore Data with SBCON and NWBACK32 . . . . . . . . . . . 12-48

MODULE 7 Implement Internet Services

SECTION 13 Manage Novell Web Services

TOC-xvii This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Install and Configure NetWare FTP Server . . . . . . . . . . . . . 13-22

MODULE 8 Upgrade NetWare Servers to NetWare 6

SECTION 14 Plan for a NetWare 6 Upgrade or Migration

TOC-xviii This document should only be used by a Novell-certified instructor. Version 1

SECTION 15 Upgrade or Migrate to NetWare 6

SECTION 16 Add a NetWare 6 Server to the Tree

TOC-xix This document should only be used by a Novell-certified instructor. Version 1

Objective 3 Install NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5

TOC-xx This document should only be used by a Novell-certified instructor. Version 1

Maintain and Manage eDirectory

Section 7 Optimize eDirectory Performance

Section 8 Use iMonitor to Manage and Maintain eDirectory

Section 9 Manage eDirectory Upgrades, Resource Redirections, and

SECTION 7 Optimize eDirectory Performance

Objective 1 Define eDirectory Replication and

Replication is the process of logically dividing the eDirectory

Synchronization is the process of updating the replicated

In NetWare 6, servers are queried to find out if they are