With proven services trusted by organizations all over the world, Novell Open Enterprise Server continues to bring you the innovative capabilities your environment demands. Attend this session to learn more about the architecture that underpins this product and its enterprise-class services. You'll walk away having a greater understanding of Novell Open Enterprise Server on Linux—and how you can leverage it for maximum efficiency and cost savings.

1. Novell Open Enterprise
®
Server Architecture
Haripriya Srinivasaraghavan Jason Taylor
Distinguished Engineer Senior Product Manager
sharipriya@novell.com jhtaylor@novell.com

2. Novell Open Enterprise Server
®
• Open Enterprise Server 2 Linux – the migration path for
NetWare ®
• Get the unique capabilities of NetWare, with the proven
application support, and ecosystem of SUSE Linux ®
Open Enterprise Server 2
NetWare Migrate
SUSE
Linux Enterprise Server
The long-standing leader of NetWare services on top of an
secure networking services award-winning open-source server for
delivering business-level applications
2 © Novell, Inc. All rights reserved.

3. Agenda
• Product Overview
• Product Architecture
• Bundled Products - Highlights
• Common Frameworks
• Question and Answer
3 © Novell, Inc. All rights reserved.

4. Product Overview

5. Open Enterprise Server 2
Product Summary
• Product Goal
– To be what NetWare is to you and a lot more
®
> Provide the proven features and capabilities of NetWare to run your
enterprise
» NCP, AFP, CIFS, Salvage, Remote FTP, SLP, and a lot more
> Provide additional powerful capabilities for your changing enterprise
» Domain Services for Windows, Dynamic Storage Technology, new and improved
iFolder, iPrint, a whole lot of applications and vendor support that is part of the Linux
ecosystem
• Product Life-stage
– OES2 with its support packs (SP1, SP2, SP3)
> Heavy focus on closing the gaps with NetWare, and addressing any stability,
performance, usability issues
> Targeted focus on migrations from NetWare to OES2
5 © Novell, Inc. All rights reserved.

6. Open Enterprise Server 2
The Making of OES2
Identity and
openSUSE SLE Workgroup
Solutions
Closed Source
SLED SLES OES2
Open Source
6 © Novell, Inc. All rights reserved.

7. Open Enterprise Server 2
Software Platforms and Hardware Architecture
• Open Enterprise Server NetWare ®
– 32-bit
– Virtualized OES
• Open Enterprise Server 2 Linux
– SLES 10 - 32 bit (i386) - Intel 32 bit
– SLES 10 - 64 bit (x86_64) - AMD64/EM64T
• For x86_64
– Kernel is 64 bit, Supports 32 bit applications
– /usr/lib and /usr/lib64
– Some of OES2 x86_64 still 32 bit applications
> Kernel modules and other dependencies are 64-bit
> 64 bit eDirectory since OES2 SP1
™
7 © Novell, Inc. All rights reserved.

8. Open Enterprise Server 2
Install Scenarios
• Concurrent Install
– Install Open Enterprise Server 2 with SUSE Linux
®
Enterprise Server 10 SP2
• Post Install
– Install Open Enterprise Server 2 after SUSE Linux
Enterprise Server 10 SP2
• CD/DVDs
• Network install
– Mini boot CD
– install=[http|nfs]://<server>/<install path>
• AutoYaST
– Install one server, create an AutoYaST file
8 © Novell, Inc. All rights reserved.

9. Open Enterprise Server 2
Upgrade Scenarios
• Down Server Upgrade
– Upgrade from the media by rebooting the server
• Channel Upgrade
– Upgrade through the OES2 channel
– New in SP2
9 © Novell, Inc. All rights reserved.

10. Integrated YaST Install Experience
10 © Novell, Inc. All rights reserved.

11. Open Enterprise Server 2
The Novell Virtualization Story
®
• Novell Virtual Machines are based on Xen technology
– Open-source project, maintained by XenSource, with major industry players
– Linux Virtual Machine Server (VMS) dom0
– Virtual Machine (VM) domU
– After the Host environment (Dom0) is installed, the Guest OES 2 server can be
installed
• Open Enterprise Server 2 Linux Guest
– Para-virtualized in SLES 10 SP1 i386 or x86_64 Guest environments
– All Open Enterprise Server 2 services are supported in either Guest environment
• Open Enterprise Server NetWare Guest ®
– Para-virtualized 32-bit Guest on i386 SLES 10 SP2 Host
– Para-virtualized 32-bit Guest on x86_64 SLES 10 SP2 Host
> In this mode NetWare will be fully functional as a 32bit VM
• Open Enterprise Server 2 SP1 – over SLES 10 SP2
11 © Novell, Inc. All rights reserved.

12. Novell Virtual Machine Architecture
®
12 © Novell, Inc. All rights reserved.

13. Registration: Novell Customer Center ®
• During or after install you can register Open
Enterprise Server 2
• Novell Customer Center
– http://www.novell.com/customercenter/
– Online service to manage your products, subscriptions
and services
– Obtain critical Linux patches, updates, and support
– Helps to ensure licensing compliance
– Helps to reduce systems management costs
13 © Novell, Inc. All rights reserved.

14. Partner Product Certification
• SUSE Linux Enterprise Server provides a certification
®
program for partners
– http://www.novell.com/partnerguide/
• SUSE Linux Enterprise Server is a true enterprise
Linux server
– Protection from open source breakage
– Releases are supported for 7 years
• Products certified on SUSE Linux Enterprise Server
also supported on Open Enterprise Server
• Backup and anti-virus products supported on Open
Enterprise Server 2
– http://www.novell.com/products/openenterpriseserver/partners/
14 © Novell, Inc. All rights reserved.

15. OES Architecture

16. Bundled Products and Services
Open Enterprise Server 2 SP1 – New/Modified
• Directory and Identity Services
– Novell eDirectory 64 bit
®
™
– Novell Domain Services for Windows
– Linux User Management (LUM)
• File Server
– Novell Storage Services (NSS)
– NCP Server (with Novell eDirectory)
™
– Novell AFP
– Novell CIFS
– Open Enterprise Server 2 configured Samba
– Open Enterprise Server 2 configured FTP
•
16 © Novell, Inc. All rights reserved.

17. Bundled Products and Services
Open Enterprise Server 2 (cont.)
• File Services
– Dynamic Storage Technology
– Distributed File Services
– Novell Archive and Version Server
®
• Novell Cluster Services (NCS) ™
• Novell Backup / Storage Management Services (SMS)
• Novell iFolder 3.9 ®
• Novell iPrint
• Novell NetStorage
• Novell QuickFinder ™
17 © Novell, Inc. All rights reserved.

18. Bundled Products and Services
Open Enterprise Server 2 (cont.)
• Networking
– Novell DHCP ®
– Novell DNS
• Management/Configuration/Monitoring
– Novell iManager
– Novell Remote Manager (NRM)
– OpenWBEM and CIM plugins
• CASA
18 © Novell, Inc. All rights reserved.

19. Base Packages
From SUSE Linux Enterprise Server 10 SP3 (TBD)
®
• Kernel 2.6.16 (plus)
• GCC 4.1.2 (plus)
• Xen 3.2.0 (plus)
• Tomcat5 5.0.30 (plus)
• Apache2 2.2.3 (plus)
• Samba 3.0.28 (plus)
• Novell LDAP Extension Libraries 1.0 – 3.4.1 (plus)
®
• OpenLDAP2 2.3.32 (plus)
• OpenSSL 0.9.8a (plus)
• OpenWBEM 3.2.0 (plus)
• MIT Kerberos5 1.4.3 (plus)
19 © Novell, Inc. All rights reserved.

20. OES 2 SP1 - Component Groups
Single Server - Linux
Productivity Services Migration Directory and Identity Services
iPrint Migration CASA
eDirectory
LDAP
XTier Tools
+ DSFW
Apache
Quickfinder Java NCP
LUM
File Access Protocols
File Access Protocols
mono iFolder 3.7 CIFS
Tomcat iManager Plugins AFP
Management
Management
J2SE NS
NRM (httpstk) Versioning FTP
Samba
OpenWBEM DST DFS
DHCP DNS NCS Reiser3 NSS EXT3 SMS
Network Services High Availability File Systems and Storage Services
20 © Novell, Inc. All rights reserved.

21. OES 2 SP1 - Component Groups
Single Server - Linux
iPrint Migration CASA
eDirectory
LDAP
XTier Tools
+ DSFW
Apache
Quickfinder Java NCP
LUM
mono iFolder 3.7 CIFS
Tomcat iManager Plugins AFP
NS
Versioning FTP
Samba
DST DFS
Reiser3 NSS EXT3 SMS
File Systems and Storage Services
21 © Novell, Inc. All rights reserved.

22. OES 2 SP1 - Component Groups
Single Server - Linux
NCP
File Access Protocols
File Access Protocols
CIFS
AFP
NS
Versioning FTP
Samba
DST DFS
Reiser3 NSS EXT3 SMS
File Systems and Storage Services
22 © Novell, Inc. All rights reserved.

23. OES 2 SP1 - Component Groups
Single Server - Linux
Directory and Identity Services
CASA eDirectory
LDAP
+ DSFW
LUM NCP
File Access Protocols
File Access Protocols
CIFS
AFP
NS
Versioning FTP
Samba
DST DFS
Reiser3 NSS EXT3 SMS
File Systems and Storage Services
23 © Novell, Inc. All rights reserved.

24. OES 2 SP1 - Component Groups
Single Server - Linux
Directory and Identity Services
CASA eDirectory
LDAP
+ DSFW
LUM NCP
File Access Protocols
File Access Protocols
CIFS
AFP
NS
Versioning FTP
Samba
DST DFS
NCS Reiser3 NSS EXT3 SMS
High Availability File Systems and Storage Services
24 © Novell, Inc. All rights reserved.

25. OES 2 SP1 - Component Groups
Single Server - Linux
Directory and Identity Services
CASA eDirectory
LDAP
+ DSFW
LUM NCP
File Access Protocols
File Access Protocols
CIFS
AFP
NS
Versioning FTP
Samba
DST DFS
DHCP DNS NCS Reiser3 NSS EXT3 SMS
Network Services High Availability File Systems and Storage Services
25 © Novell, Inc. All rights reserved.

26. OES 2 SP1 - Component Groups
Single Server - Linux
Directory and Identity Services
CASA eDirectory
LDAP
+ DSFW
Apache
LUM NCP
File Access Protocols
File Access Protocols
CIFS
Tomcat iManager Plugins AFP
Management
Management
J2SE NS
NRM (httpstk) Versioning FTP
Samba
OpenWBEM DST DFS
DHCP DNS NCS Reiser3 NSS EXT3 SMS
Network Services High Availability File Systems and Storage Services
26 © Novell, Inc. All rights reserved.

27. OES 2 SP1 - Component Groups
Single Server - Linux
Productivity Services Directory and Identity Services
iPrint CASA eDirectory
LDAP
XTier + DSFW
Apache
Quickfinder NCP
LUM
File Access Protocols
File Access Protocols
mono iFolder 3.7 CIFS
Tomcat iManager Plugins AFP
Management
Management
J2SE NS
NRM (httpstk) Versioning FTP
Samba
OpenWBEM DST DFS
DHCP DNS NCS Reiser3 NSS EXT3 SMS
Network Services High Availability File Systems and Storage Services
27 © Novell, Inc. All rights reserved.

28. OES 2 SP1 - Component Groups
Single Server - Linux
Productivity Services Migration Directory and Identity Services
iPrint Migration CASA
eDirectory
LDAP
XTier Tools
+ DSFW
Apache
Quickfinder Java NCP
LUM
File Access Protocols
File Access Protocols
mono iFolder 3.7 CIFS
Tomcat iManager Plugins AFP
Management
Management
J2SE NS
NRM (httpstk) Versioning FTP
Samba
OpenWBEM DST DFS
DHCP DNS NCS Reiser3 NSS EXT3 SMS
Network Services High Availability File Systems and Storage Services
28 © Novell, Inc. All rights reserved.

29. OES2 SP1 Component Architecture
Single Server - Linux
LDAPS (636) NCP (NDAP, File) (524)
LDAP (389) http (1008), https
(1010)
iPrint Migration CASA
eDirectory
LDAP
Xtier Tools
+ DSFW
IPP (631)
Quickfinder
Apache
NCP (524)
Java LUM NCP
http (80)
mono iFolder 3.7 CIFS CIFS
(137, 138,
AFP 139)
https (443) Tomcat iManager Plugins AFP ( 548)
NS WebDav ( 80)
J2SE
FTP (21)
http (1008) FTP
https (1010) NRM (httpstk) Versioning
CIFS
CIMXML (5988) Samba
(137, 138,
CIMXMLS (5989)
OpenWBEM DST DFS 139)
DHCP DNS NCS Reiser3 NSS EXT3 SMS
DHCP (67) DNS (53) GIPC (224)
29 © Novell, Inc. All rights reserved.

30. Bundled Components

31. Open Enterprise Server 2 File Systems
Types and Access Protocols
• Multiple choices for File Systems
– Novell Storage Services ™
– Posix File-Systems: Ext3, Reiser, XFS
• Multiple choices for File Access Protocols
– NCP - Novell NCP
™
– CIFS/SMB – Novell CIFS, Samba®
– AFP – Novell AFP
– HTTP – NetStorage, Apache
– FTP – PureFTP with Novell changes
– NFS – Linux NFS
31 © Novell, Inc. All rights reserved.

32. Novell Storage Services ™
• Novell Storage Services file system provides unique and powerful
file system capabilities
– Visibility and Trustee access controls with rich file attributes
– Multiple simultaneous namespace support and Unicode
– User and Directory quotas
– Event file lists, and a file salvage subsystem
• Especially suited for managing file services for thousands of users
in an organization
• Novell Storage Services volumes are cross-compatible
between kernels
– You can mount a non-encrypted Novell Storage Services data volume
on either the Linux or NetWare kernel and move it between them
®
– In a clustered SAN, volumes can fail over between kernels
• Salvage does not need user LUM enabling anymore
32 © Novell, Inc. All rights reserved.

33. Apple Filing Protocol (Novell AFP) ®
• Apple Filing Protocol support on OES 2 Linux SP1
– Mac clients can access files from the OES 2 server
– Closing the gap with NetWare ®
• Feature Overview
– Support for AFP 3.1, OSX 10.3, OSX 10.4
– Authentication: Universal Password, DH1
– Support for NSS volumes, NCS Clustering
– Support for NetWare trustee and rights model
– Support for Mac Resource Forks
– Cross-Protocol Locking with NCP , Samba
™
– Simplified management using iManager
– Migration from NetWare
– Multi-processor support (not available on NetWare AFP)
33 © Novell, Inc. All rights reserved.

34. Apple Filing Protocol (Novell AFP) ®
Architecture
AFP
Server
iManager
Plugin ncp-rpc NCP
Server
nmas-ldap
xplat (ncp)
conf
eDirectory
file
CIM
Provider
zAPI
CASA
NSS store
34 © Novell, Inc. All rights reserved.

35. Apple Filing Protocol (Novell AFP) ®
Linux Implementation
• Install and Configuration
– YaST install
– Configuration using iManager, CIM providers for configuration and management
• Design details
– Stand-alone server communicating with eDirectory for authentication and
™
authorization
– NSS file-system, resource forks fully supported, uses zAPI
• User access for AFP
– Any eDirectory user with universal password enabled
– User contexts to be configured for the AFP server
– LUM-enabling of eDirectory users is not required
• Cross-protocol locking (CPL)
– Byte-range locks and Share modes
• CPL supported across AFP, NCP and Samba ™
35 © Novell, Inc. All rights reserved.

36. Novell CIFS ®
• Novell CIFS support on OES 2 SP3 Linux
– Support for SMB V1 and Browser protocol
– Authentication: Universal password, NTLMv1
– Support for NSS volumes and NetWare trustee and rights model
®
– Cross-protocol locking support
– Management using iManager and CLI, Migration from NetWare
– Multi-processor support (not available on NetWare CIFS)
– LUM-enabling of users not required
– Auditing support
• New in SP3
– DST support, NTLMv2 support
36 © Novell, Inc. All rights reserved.

37. Novell CIFS ®
Architecture
CLI tools CIFS
Server
IPC ncp- NCP
rpc Server
iManager
Plugin IPC nmas-
ldap
NW Rights xplat eDirectory
(ncp)
+ Cache
CIM
trustee
file
_admin POSIX
libmanagus CASA
NSS store
37 © Novell, Inc. All rights reserved.

38. Novell CIFS ®
Linux Implementation
• Install and Configuration
– YaST install
– Configuration using iManager, command-line tools
• Design details
– Stand-alone server communicating with eDirectory and NCP server
™ ™
– Requires NCP Server on the same box, but no local eDirectory replica required
– Uses standard POSIX interfaces, supports NSS file-system
– Uses trustee.xml file managed by the NCP server
• User access for CIFS
– Any eDirectory user with universal password enabled
– User contexts to be configured for the CIFS server
– LUM-enabling of eDirectory users is not required
• Unsupported
– Interoperability with Domain Services for Windows on the same server
38 © Novell, Inc. All rights reserved.

39. Novell NCP Server ®
™
• Novell NCP Server for Linux enables support for
– Login scripts,
– Mapping drives, and...
– Other services commonly associated with Novell Client ™
• Services included with NCP (NetWare Core Protocol)
®
– File access and locking
– Tracking of resource allocation
– Event notification
– Connection and communication management
– Legacy print services and queue management, and...
– Network management
39 © Novell, Inc. All rights reserved.

40. Novell NCP Server (cont.)
®
™
• NCP Server can run in front of POSIX file systems
– EXT3, Reiser
– Virtual File System (VFS) layer
– Lossy mapping from Novell rights to POSIX attributes
• NCP Server can run in front of Novell Storage
Services file systems ™
– Complete mapping for Novell rights and trustees
• Moving users from NetWare to Linux ®
– With Open Enterprise Server 2, you no longer need to
Linux enable the user just to run a Linux server
40 © Novell, Inc. All rights reserved.

41. Domain Services for Windows
• An OES pattern
– Emulates an Active Directory domain controller
– Works with Samba, iPrint, and applications doing AD authentication
– Supports interoperability in a mixed eDirectory /AD environment
™
• Use cases
– For AD application support (authentication only applications)
– Client-less access (no NCP on wire)
– Management using iManager or MMC
• Comprises of
– OSS: NTP, Samba, DNS, glibc, MIT Kerberos, DCE-RPC
– Closed source: Novell eDirectory, LUM
®
41 © Novell, Inc. All rights reserved.

42. Co-existence – A Typical Use Case
• Cross-domain and cross-forest trusts with AD
Cross Forest Trust
User Add/Modify
Mforest.abc.com
Root
iManager
Organization Domain DSfW ADPH eDirectory 8.7.3
Master SPx
Domain
Organization
Unit
eDirectory Replica Ring
User Add/Modify
User Add/Modify
DSfW eDirectory 8.8 SP1
MMC
User Add/Modify
ConsoleOne
42 © Novell, Inc. All rights reserved.

43. Domain Services for Windows
• New features
– New and improved DSfW install and provisioning
> Reduced DSfW install failures
> Improved install troubleshooting
– sysvol replication support
– Partner support
> Support for Citrix Server interoperability
> Support for VMWare
– Connected partition restriction on domains removed
43 © Novell, Inc. All rights reserved.

44. Dynamic Storage Technology (cont.)
• Reducing the cost of storage with shadow volumes
– Overlay 2 subdirectory trees to create 1 virtual volume
– Transparent to clients
– Define policies to manage file distribution between trees
• Benefits
– Partition files based on “need to backup”
– Can have different backup policies for each tree
> Smaller, faster backups for most important data
– Can use different storage for each tree
> Less expensive storage for less important data
– Like HSM but without the pain
44 © Novell, Inc. All rights reserved.

45. Dynamic Storage Technology
Important Data Less Important Data
PRIMARY TREE: SHADOW TREE:
Subdirectory – 1 Subdirectory – 1
file – 1 file – 3
file – 2 CLIENTS SEE: Subdirectory – 2
Subdirectory – 2 file – 5
file – 4 Subdirectory – 1 file – 6
file – 1
file – 2
file – 3
Subdirectory – 2
file – 4
file – 5
file – 6
45 © Novell, Inc. All rights reserved.

46. Novell Linux User Management (LUM)
®
• Linux User Management (LUM) enables eDirectory ™
users to function as local POSIX users on
Linux servers
• This functionality lets administrators use eDirectory
to centrally manage remote users for access to one
or more Open Enterprise Server Linux servers
• Delivered as a set of modules
– Pluggable Authentication Modules (PAM) “pam_nam”
– Name Services Switch “nss_nam”
– Caching Daemon “namcd”
46 © Novell, Inc. All rights reserved.

47. Novell Linux User Management (cont.)
®
getFDN()
PAM Enabled getGUID()
Apps
pam_*.so LDAP
pam_*.so (bind)
pam_*.so pam_*.so
pam_nam.so
pam_*.so LDAP
Open PAM
Closed
Source /etc/nam.conf
Closed
Source /etc/pam.d/*.conf
Source
LDAP
<app>.conf socket (proxy)
namcd
socket cache
Closed
Closed
Source
Closed
Source eDir
Source libnss_nam.so
pam_*.so
NSS pam_*.so
/etc/nsswith.conf schema
47 © Novell, Inc. All rights reserved.

48. Novell eDirectory 8.8 SP5 (TBD)
®
™
• Native 64 bit eDirectory
– The NCP Server also runs as 64 bit service
• LDAP Auditing
• Enhanced Authentication Protocol Support
• Enhanced Directory Monitoring in LDAP layer
48 © Novell, Inc. All rights reserved.

49. Novell iFolder 3.9 ®
• File access from anytime anywhere
– A simple and secure storage and synchronization solution
> Backup, Encrypt, Access and Manage files
• iFolder 3.7
– Centralized Server Administration using Web Console
– Enhanced conflict management
– Response file support for large deployments
– LDAP group support for access control
– Secure communication
– Server-side Migration: 2.x to 3.7
– Mac Client Support
– AD Support
49 © Novell, Inc. All rights reserved.

50. Other components
• NCP Server
– Can host any POSIX file-system with lossy mapping of rights
– Can also host NSS file-system with complete support for Novell ®
rights model
– LUM-enabling not required
– New 64-bit NCP Server on Linux
• iPrint
– Added support for iPrint accounting API on Linux
• DNS/DHCP
– Closed-source DNS, open-source DHCP
– New Java Console on Windows
50 © Novell, Inc. All rights reserved.

51. Common Frameworks

52. Open Enterprise Server 2 SP1
Common Frameworks
• Migration
– Migration Tools, SCMT
• Installation
– YaST
• Configuration
– iManager
– Backend database: files or eDirectory
™
• Management
– NRM, iManager
– CIM, CIM providers
> OpenWBEM
• Auditing
– LAF
52 © Novell, Inc. All rights reserved.

53. Upgrade/Migration Matrix
• Supported Upgrade Sources
– NetWare 5.1 SP8 ®
– NetWare 6.5 SP6
– Open Enterprise Server 1 SP2 Linux
– SUSE Linux Enterprise Server 10 SP1
®
• Supported Migration Sources
– NetWare 5.1 SP8
– NetWare 6.5 SP6
– Open Enterprise Server 1 SP2 Linux
– Windows NT4 or Windows 2003
53 © Novell, Inc. All rights reserved.

54. Open Enterprise Server 2 SP1
Migration Framework
• Migration Tool
– An integrated GUI with plugins for each service requiring
migration
– Backend CLI tools that can be used as well
• Theory of operation
– Migration GUI Framework – Java-based
> Consolidated GUI – service UIs plug-in into this framework
> Uniform capabilities: Scheduling, check-pointing, notifications, parameters
> Skins on top of existing CLI commands where required
– Command-line tools for file-system migration
54 © Novell, Inc. All rights reserved.

55. Open Enterprise Server 2 SP1
Migration Scenarios, Platforms and Services
• Migration Scenarios
– Upgrade, Migration, Consolidation (not supported)
– Migration
> Same Tree, Server ID Transfer
• Supported Source Platforms
– OES 1.0 SP2, NetWare 6.5 SP6, NetWare 5.1 SP8
®
• Service Support
– eDirectory , Archive Version Services, DNS, DHCP, iPrint, iFolder, AFP,
™
Novell CIFS, FTP, NTP
®
– File System
> Supports NSS and traditional FS on NetWare as sources
> Supports only NSS on OES 1.0
> Supports migrations from NTFS
55 © Novell, Inc. All rights reserved.

56. Learn More at BrainShare ... ®
• Attend any of the following related sessions:
– IO101: Open Enterprise Server 2 Introduction, Overview
and Futures
– IO104: Introduction to the Novell Open Workgroup Suite
®
– IO111: Migration Tools on OES 2
– TUT106: Domain Services for Windows
– TUT211: Enhanced Protocol Support in OES 2 SP1 – AFP and
CIFS
– TUT109: DNS-DHCP on OES 2
– TUT208: Dynamic Storage Technology
• Stop by the OES tables E8-E19 in the technology lab
56 © Novell, Inc. All rights reserved.

57. Question and Answer

58. Backup Slides

59. Novell Open Enterprise Server
®
• Novell Open Enterprise Server is a suite of services
– File, Print and Storage Services
– High Availability Services
– Management Services
– Productivity and Networking Services
– Identity and Security Management
• Open, easy-to-deploy platform
www.novell.com/oes
59 © Novell, Inc. All rights reserved.

60. Background and History

61. A Brief History
• Novell has ported NetWare services to other
® ®
platforms
– Windows, Unix, Linux
• Novell Nterprise Linux Services ™
– First full suite of services similar to NetWare
– Supported on SUSE Linux Enterprise Server and RedHat
®
• Open Enterprise Server 1.0
– Only supported on SUSE Linux Enterprise Server 9 (SLES)
– Full mixed source distribution
• Open Enterprise Server 2
– An add-on product hosted on SUSE Linux
Enterprise Server 10 SP1 (SLES10 SP1)
61 – Update to OES2 slated for release in 4Q 2008
© Novell, Inc. All rights reserved.

62. Open Enterprise Server 2
Auditing/LAF
• SUSE Linux Enterprise Server 10 introduces a
®
new auditing subsystem
• LAF (Lightweight Audit Framework)
– Kernel interfaces for kernel modules
– User space interfaces for users space applications
• Many still write to syslog
• Sentinel and other auditing products will have
LAF connectors
• Audit log all system and security issues:
– Authentication
– Authorization
– Configuration changes
62 © Novell, Inc. All rights reserved.

63. Rights Models
• Posix compliant file systems
– Linux Attributes
> (u)ser, (g)roup, (o)ther
> (r)ead, (w)rite, e(x)ecute
> Example: 770 (user = rwx, group = rwx, other = ---)
> Example: 644 (user = rw-, group = r--, other = r--)
– Linux Access Control Lists (ACLs)
> More robust than attributes
> user1 = rwx, user2 = r--, user 3 = r-x
• Non-Posix compliant file systems
– Other rights models: Novell ACLs; MS rights
®
63 © Novell, Inc. All rights reserved.

64. Java (IBM, Sun, 32 bit and 64bit)
• Java 1.5
– SUSE Linux Enterprise Server 10 shipped with JVM 1.4.x
®
– SUSE Linux Enterprise Server 10 SP1 will include JVM 1.5
• Vendors
– SUSE Linux Enterprise Server 10 ships both IBM and
Sun JVMs
• Open Enterprise Server 1.0 defaulted to the Sun JVM
• Open Enterprise Server 2 will default to the IBM
1.5 JVM
• On x86_64
– Use the 32bt JVM (supports 32bit JNI) java-1_5_0-ibm-32bit
– Careful with /usr/lib/jvm/java and /usr/lib64/jvm/java
64
•
© Novell, Inc. All rights reserved.

65. Open Enterprise Server 2 SP1
Security Focus
• Architecture Reviews
– Secure communications
– Protecting credentials
• Basic secure coding guidelines
– Buffer overflow protection
– Not running as root and reduced privileges
– Separation of authentication from service
• Vulnerability Testing
– System wide “nessus” testing
65 © Novell, Inc. All rights reserved.

66. CASA
• CASA (Common Authentication Service Adapter)
– Credential store for single sign on, Authentication Services
– Client Store: Safely store shared secrets and credentials
– Server Store: Safely store daemon secrets for booting with
authentication
– Authentication: Simplified API for “kerberizing” applications
• Open Enterprise Server bundles CASA
– Fully open sourced
• Programming support and Bindings (C, C#, Java)
– Client: Authentication Token Client API, Secret Store API
– Server: Authentication Token Verification Module API, Secret
Store API
66 © Novell, Inc. All rights reserved.

67. Novell ®
Archive and Version Services
• Periodically captures and stores versions of
your network files
• Uses an archive database
• Uses a schedule that you determine
• Users can search for a previous version of
a file and quickly restore it
• Archive and Version Services on Linux was introduced
in OES2
67 © Novell, Inc. All rights reserved.

68. OpenWBEM and CIMOM (cont)
Other Management • Command Line
Consoles • Open Standard
• Scriptable
Management Managed
Servers Servers
plugin OES provider OES
Linux Linux
iMgr plugin CIM Client CIMOM provider
CIMXML provider
plugin
HTML
browser
plugin OES provider OES
NetWare NetWare
iMgr plugin CIMOM provider
CIM Client
plugin provider
68 © Novell, Inc. All rights reserved.

69. Open Enterprise Server Architecture
• First level bullet (24pt)
– Second level bullet (20pt)
> Third level bullet (16pt)
» Fourth level bullet (14pt)
69 © Novell, Inc. All rights reserved.

71. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.