Novell Open Enterprise Server Architecture

Novell® Open Enterprise Server Architecture

Haripriya SrinivasaraghavanDistinguished [email protected]

Jason TaylorSenior Product [email protected]

mailto:[email protected]

mailto:[email protected]

© Novell, Inc. All rights reserved.2

Novell® Open Enterprise Server

• Open Enterprise Server 2 Linux – the migration path for NetWare®

• Get the unique capabilities of NetWare, with the proven application support, and ecosystem of SUSE® Linux

NetWare

Open Enterprise Server 2

SUSE Linux Enterprise Server

Migrate

The long-standing leader ofsecure networking services

NetWare services on top of anaward-winning open-source server fordelivering business-level applications


Agenda

• Product Overview

• Product Architecture

• Bundled Products - Highlights

• Common Frameworks

• Question and Answer

Product Overview


Open Enterprise Server 2Product Summary

• Product Goal– To be what NetWare® is to you and a lot more

> Provide the proven features and capabilities of NetWare to run your enterprise

» NCP, AFP, CIFS, Salvage, Remote FTP, SLP, and a lot more

> Provide additional powerful capabilities for your changing enterprise» Domain Services for Windows, Dynamic Storage Technology, new and improved

iFolder, iPrint, a whole lot of applications and vendor support that is part of the Linux ecosystem

• Product Life-stage– OES2 with its support packs (SP1, SP2, SP3)

> Heavy focus on closing the gaps with NetWare, and addressing any stability, performance, usability issues

> Targeted focus on migrations from NetWare to OES2


Open Enterprise Server 2The Making of OES2

SLEopenSUSE

SLED SLES OES2

Identity and WorkgroupSolutions

Open Source

Closed Source


OES

Open Enterprise Server 2Software Platforms and Hardware Architecture

• Open Enterprise Server NetWare®

– 32-bit– Virtualized

• Open Enterprise Server 2 Linux– SLES 10 - 32 bit (i386) - Intel 32 bit– SLES 10 - 64 bit (x86_64) - AMD64/EM64T

• For x86_64– Kernel is 64 bit, Supports 32 bit applications– /usr/lib and /usr/lib64– Some of OES2 x86_64 still 32 bit applications

> Kernel modules and other dependencies are 64-bit> 64 bit eDirectory™ since OES2 SP1


Open Enterprise Server 2Install Scenarios

• Concurrent Install– Install Open Enterprise Server 2 with SUSE® Linux

Enterprise Server 10 SP2

• Post Install– Install Open Enterprise Server 2 after SUSE Linux

Enterprise Server 10 SP2

• CD/DVDs• Network install

– Mini boot CD– install=[http|nfs]://<server>/<install path>

• AutoYaST– Install one server, create an AutoYaST file


Open Enterprise Server 2Upgrade Scenarios

• Down Server Upgrade

– Upgrade from the media by rebooting the server

• Channel Upgrade

– Upgrade through the OES2 channel

– New in SP2


Integrated YaST Install Experience


Open Enterprise Server 2The Novell® Virtualization Story

• Novell Virtual Machines are based on Xen technology– Open-source project, maintained by XenSource, with major industry players– Linux Virtual Machine Server (VMS) dom0– Virtual Machine (VM) domU– After the Host environment (Dom0) is installed, the Guest OES 2 server can be

installed

• Open Enterprise Server 2 Linux Guest– Para-virtualized in SLES 10 SP1 i386 or x86_64 Guest environments– All Open Enterprise Server 2 services are supported in either Guest environment

• Open Enterprise Server NetWare® Guest– Para-virtualized 32-bit Guest on i386 SLES 10 SP2 Host – Para-virtualized 32-bit Guest on x86_64 SLES 10 SP2 Host

> In this mode NetWare will be fully functional as a 32bit VM

• Open Enterprise Server 2 SP1 – over SLES 10 SP2


Novell® Virtual Machine Architecture


Registration: Novell® Customer Center

• During or after install you can register Open Enterprise Server 2

• Novell Customer Center

– http://www.novell.com/customercenter/

– Online service to manage your products, subscriptions and services

– Obtain critical Linux patches, updates, and support

– Helps to ensure licensing compliance

– Helps to reduce systems management costs

http://www.novell.com/customercenter/


Partner Product Certification

• SUSE® Linux Enterprise Server provides a certification program for partners

– http://www.novell.com/partnerguide/

• SUSE Linux Enterprise Server is a true enterprise Linux server

– Protection from open source breakage– Releases are supported for 7 years

• Products certified on SUSE Linux Enterprise Server also supported on Open Enterprise Server

• Backup and anti-virus products supported on Open Enterprise Server 2

– http://www.novell.com/products/openenterpriseserver/partners/

http://www.novell.com/partnerguide/

http://www.novell.com/products/openenterpriseserver/partners/

OES Architecture


Bundled Products and Services Open Enterprise Server 2 SP1 – New/Modified

• Directory and Identity Services– Novell® eDirectory™ 64 bit– Novell Domain Services for Windows– Linux User Management (LUM)

• File Server– Novell Storage Services (NSS)– NCP™ Server (with Novell eDirectory)– Novell AFP– Novell CIFS– Open Enterprise Server 2 configured Samba– Open Enterprise Server 2 configured FTP

•


Bundled Products and Services Open Enterprise Server 2 (cont.)

• File Services– Dynamic Storage Technology– Distributed File Services– Novell® Archive and Version Server

• Novell Cluster Services™ (NCS)• Novell Backup / Storage Management Services (SMS)• Novell iFolder® 3.9• Novell iPrint • Novell NetStorage• Novell QuickFinder™


• Networking

– Novell® DHCP

– Novell DNS

• Management/Configuration/Monitoring

– Novell iManager

– Novell Remote Manager (NRM)

– OpenWBEM and CIM plugins

• CASA

Bundled Products and Services Open Enterprise Server 2 (cont.)


Base PackagesFrom SUSE® Linux Enterprise Server 10 SP3 (TBD)

• Kernel 2.6.16 (plus)• GCC 4.1.2 (plus)• Xen 3.2.0 (plus)• Tomcat5 5.0.30 (plus)• Apache2 2.2.3 (plus)• Samba 3.0.28 (plus)• Novell® LDAP Extension Libraries 1.0 – 3.4.1 (plus)• OpenLDAP2 2.3.32 (plus)• OpenSSL 0.9.8a (plus)• OpenWBEM 3.2.0 (plus)• MIT Kerberos5 1.4.3 (plus)


OES 2 SP1 - Component GroupsSingle Server - Linux

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUMJava

File Systems and Storage ServicesNetwork Services High Availability

File Acce ss Protoc ols

Directory and Identity ServicesProductivity Services

Managem

ent

Migration

Tools

Migration

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUMJava




Managem

ent

Migration

Tools

Migration

NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

Tomcat

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

Quickfinder

eDirectory

+ DSFWLDAP

SMS

CASA

DST

LUMJava

File Systems and Storage Services

Migration

Tools

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFSDST




NSS EXT3Reiser3

Versioning

DFS

SMS

DST



NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

SMS

DST



NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

eDirectory

+ DSFWLDAP

SMS

CASA

DST

LUM



Directory and Identity Services

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

eDirectory

+ DSFWLDAP

SMS

CASA

DST

LUM




NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM

File Systems and Storage ServicesHigh Availability



NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM

File Systems and Storage ServicesHigh Availability



NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

NRM (httpstk)

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




Managem

ent

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

NRM (httpstk)

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




Managem

ent

NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




Managem

ent

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUM




Managem

ent

NCP

CIFS

AFP

Samba

FTP

NS



NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUMJava




Managem

ent

Migration

Tools

Migration

NCP

CIFS

AFP

Samba

FTP

NS

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

XTier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUMJava




Managem

ent

Migration

Tools

Migration

NCP

CIFS

AFP

Samba

FTP

NS


OES2 SP1 Component ArchitectureSingle Server - Linux

NSS EXT3Reiser3

Versioning

DFS

Tomcat

J2SE

Apache

iManager Plugins

iPrint

Xtier

mono iFolder 3.7

NRM (httpstk)

Quickfinder

OpenWBEM

DHCP DNS

eDirectory

+ DSFWLDAP

SMSNCS

CASA

DST

LUMJava

Migration

Tools

IPP (631)

http (80)

https (443)

http (1008)

https (1010)

GIPC (224)

NCP (NDAP, File) (524)

http (1008), https (1010)

LDAPS (636)

LDAP (389)

NCP (524)

AFP ( 548)

FTP (21)

CIFS

(137, 138, 139)

CIFS

(137, 138, 139)

NCP

CIFS

AFP

Samba

FTP

NS WebDav ( 80)

DHCP (67) DNS (53)

CIMXMLS (5989)

CIMXML (5988)

Bundled Components


Open Enterprise Server 2 File SystemsTypes and Access Protocols

• Multiple choices for File Systems– Novell Storage Services™

– Posix File-Systems: Ext3, Reiser, XFS

• Multiple choices for File Access Protocols– NCP™ - Novell NCP

– CIFS/SMB – Novell® CIFS, Samba

– AFP – Novell AFP

– HTTP – NetStorage, Apache

– FTP – PureFTP with Novell changes

– NFS – Linux NFS


Novell Storage Services™

• Novell Storage Services file system provides unique and powerful file system capabilities

– Visibility and Trustee access controls with rich file attributes– Multiple simultaneous namespace support and Unicode– User and Directory quotas– Event file lists, and a file salvage subsystem

• Especially suited for managing file services for thousands of users in an organization

• Novell Storage Services volumes are cross-compatible between kernels

– You can mount a non-encrypted Novell Storage Services data volumeon either the Linux or NetWare® kernel and move it between them

– In a clustered SAN, volumes can fail over between kernels

• Salvage does not need user LUM enabling anymore


Apple Filing Protocol (Novell® AFP)

• Apple Filing Protocol support on OES 2 Linux SP1– Mac clients can access files from the OES 2 server– Closing the gap with NetWare®

• Feature Overview– Support for AFP 3.1, OSX 10.3, OSX 10.4– Authentication: Universal Password, DH1– Support for NSS volumes, NCS Clustering– Support for NetWare trustee and rights model– Support for Mac Resource Forks– Cross-Protocol Locking with NCP™, Samba– Simplified management using iManager– Migration from NetWare– Multi-processor support (not available on NetWare AFP)


Apple Filing Protocol (Novell® AFP)Architecture

NSS CASAstore

CIMProvider

NCPServer

eDirectory

AFPServeriManager

Plugin ncp-rpc

nmas-ldapxplat (ncp)

zAPI

conffile


Apple Filing Protocol (Novell® AFP)Linux Implementation • Install and Configuration

– YaST install– Configuration using iManager, CIM providers for configuration and management

• Design details– Stand-alone server communicating with eDirectory™ for authentication and

authorization– NSS file-system, resource forks fully supported, uses zAPI

• User access for AFP– Any eDirectory user with universal password enabled– User contexts to be configured for the AFP server– LUM-enabling of eDirectory users is not required

• Cross-protocol locking (CPL)– Byte-range locks and Share modes

• CPL supported across AFP, NCP™ and Samba


Novell® CIFS

• Novell CIFS support on OES 2 SP3 Linux– Support for SMB V1 and Browser protocol– Authentication: Universal password, NTLMv1– Support for NSS volumes and NetWare® trustee and rights model– Cross-protocol locking support– Management using iManager and CLI, Migration from NetWare– Multi-processor support (not available on NetWare CIFS)– LUM-enabling of users not required– Auditing support

• New in SP3– DST support, NTLMv2 support


Novell® CIFSArchitecture

CLI toolsNCP

Server

eDirectory

NSS CASAstore

trusteefile

CIFSServer

NW Rights+ Cache

libmanagus

_admin

iManagerPlugin nmas-

ldapxplat (ncp)

ncp-rpc

POSIX

IPC

CIM

IPC


Novell® CIFSLinux Implementation

• Install and Configuration– YaST install– Configuration using iManager, command-line tools

• Design details– Stand-alone server communicating with eDirectory™ and NCP™ server– Requires NCP Server on the same box, but no local eDirectory replica required– Uses standard POSIX interfaces, supports NSS file-system– Uses trustee.xml file managed by the NCP server

• User access for CIFS– Any eDirectory user with universal password enabled– User contexts to be configured for the CIFS server– LUM-enabling of eDirectory users is not required

• Unsupported– Interoperability with Domain Services for Windows on the same server


• Novell NCP Server for Linux enables support for– Login scripts, – Mapping drives, and...– Other services commonly associated with Novell Client™

• Services included with NCP (NetWare® Core Protocol)– File access and locking– Tracking of resource allocation– Event notification– Connection and communication management– Legacy print services and queue management, and...– Network management

Novell® NCP™ Server


Novell® NCP™ Server (cont.)

• NCP Server can run in front of POSIX file systems– EXT3, Reiser

– Virtual File System (VFS) layer

– Lossy mapping from Novell rights to POSIX attributes

• NCP Server can run in front of Novell Storage Services™ file systems

– Complete mapping for Novell rights and trustees

• Moving users from NetWare® to Linux– With Open Enterprise Server 2, you no longer need to

Linux enable the user just to run a Linux server


Domain Services for Windows

• An OES pattern– Emulates an Active Directory domain controller– Works with Samba, iPrint, and applications doing AD authentication– Supports interoperability in a mixed eDirectory™/AD environment

• Use cases– For AD application support (authentication only applications)– Client-less access (no NCP on wire)– Management using iManager or MMC

• Comprises of– OSS: NTP, Samba, DNS, glibc, MIT Kerberos, DCE-RPC– Closed source: Novell® eDirectory, LUM


Co-existence – A Typical Use Case

• Cross-domain and cross-forest trusts with AD

Mforest.abc.com

OrganizationUnit

Organization Domain

Root

eDirectory Replica Ring

MMCUser Add/Modify

User Add/Modify

eDirectory 8.7.3 SPx

eDirectory 8.8 SP1

User Add/Modify

User Add/Modify

DSfW

DSfW ADPHMaster

ConsoleOne

Cross Forest Trust

iManager

Domain


Domain Services for Windows

• New features

– New and improved DSfW install and provisioning

> Reduced DSfW install failures

> Improved install troubleshooting

– sysvol replication support

– Partner support

> Support for Citrix Server interoperability

> Support for VMWare

– Connected partition restriction on domains removed


Dynamic Storage Technology (cont.)

• Reducing the cost of storage with shadow volumes– Overlay 2 subdirectory trees to create 1 virtual volume– Transparent to clients– Define policies to manage file distribution between trees

• Benefits– Partition files based on “need to backup”– Can have different backup policies for each tree

> Smaller, faster backups for most important data

– Can use different storage for each tree> Less expensive storage for less important data

– Like HSM but without the pain


PRIMARY TREE:

Subdirectory – 1file – 1

file – 2Subdirectory – 2

file – 4

Important Data

Dynamic Storage Technology

Less Important Data

SHADOW TREE:


Subdirectory – 2file – 5file – 6

CLIENTS SEE:


file – 2file – 3 Subdirectory – 2

file – 4file – 5file – 6


Novell® Linux User Management (LUM)

• Linux User Management (LUM) enables eDirectory™ users to function as local POSIX users onLinux servers

• This functionality lets administrators use eDirectory to centrally manage remote users for access to one or more Open Enterprise Server Linux servers

• Delivered as a set of modules

– Pluggable Authentication Modules (PAM) “pam_nam”

– Name Services Switch “nss_nam”

– Caching Daemon “namcd”


Novell® Linux User Management (cont.)

PAM Enabled Apps

Closed Source

Closed Source

Open Source

Closed Source

Closed Source

Closed Source

PAM/etc/pam.d/*.conf

<app>.conf

pam_*.sopam_*.so

pam_*.so

pam_*.sopam_*.sopam_nam.so

/etc/nam.conf

namcd

LDAP

cache

LDAP(bind)

LDAP(proxy)socket

NSS

/etc/nsswith.conf

pam_*.sopam_*.solibnss_nam.so

socket

eDir

getFDN() getGUID()

schema


Novell® eDirectory™ 8.8 SP5 (TBD)

• Native 64 bit eDirectory

– The NCP Server also runs as 64 bit service

• LDAP Auditing

• Enhanced Authentication Protocol Support

• Enhanced Directory Monitoring in LDAP layer


Novell iFolder® 3.9

• File access from anytime anywhere– A simple and secure storage and synchronization solution

> Backup, Encrypt, Access and Manage files

• iFolder 3.7– Centralized Server Administration using Web Console– Enhanced conflict management– Response file support for large deployments– LDAP group support for access control– Secure communication– Server-side Migration: 2.x to 3.7– Mac Client Support– AD Support


Other components

• NCP Server – Can host any POSIX file-system with lossy mapping of rights– Can also host NSS file-system with complete support for Novell®

rights model– LUM-enabling not required– New 64-bit NCP Server on Linux

• iPrint– Added support for iPrint accounting API on Linux

• DNS/DHCP– Closed-source DNS, open-source DHCP– New Java Console on Windows

Common Frameworks


Open Enterprise Server 2 SP1Common Frameworks

• Migration– Migration Tools, SCMT

• Installation– YaST

• Configuration– iManager– Backend database: files or eDirectory™

• Management– NRM, iManager– CIM, CIM providers

> OpenWBEM

• Auditing– LAF


Upgrade/Migration Matrix

• Supported Upgrade Sources– NetWare® 5.1 SP8

– NetWare 6.5 SP6

– Open Enterprise Server 1 SP2 Linux

– SUSE® Linux Enterprise Server 10 SP1

• Supported Migration Sources– NetWare 5.1 SP8

– NetWare 6.5 SP6

– Open Enterprise Server 1 SP2 Linux

– Windows NT4 or Windows 2003


Open Enterprise Server 2 SP1Migration Framework

• Migration Tool– An integrated GUI with plugins for each service requiring

migration

– Backend CLI tools that can be used as well

• Theory of operation– Migration GUI Framework – Java-based

> Consolidated GUI – service UIs plug-in into this framework

> Uniform capabilities: Scheduling, check-pointing, notifications, parameters

> Skins on top of existing CLI commands where required

– Command-line tools for file-system migration


• Migration Scenarios– Upgrade, Migration, Consolidation (not supported)– Migration

> Same Tree, Server ID Transfer

• Supported Source Platforms– OES 1.0 SP2, NetWare® 6.5 SP6, NetWare 5.1 SP8

• Service Support– eDirectory™, Archive Version Services, DNS, DHCP, iPrint, iFolder, AFP,

Novell® CIFS, FTP, NTP– File System

> Supports NSS and traditional FS on NetWare as sources> Supports only NSS on OES 1.0> Supports migrations from NTFS

Open Enterprise Server 2 SP1Migration Scenarios, Platforms and Services


Learn More at BrainShare®...

• Attend any of the following related sessions:– IO101: Open Enterprise Server 2 Introduction, Overview

and Futures– IO104: Introduction to the Novell® Open Workgroup Suite– IO111: Migration Tools on OES 2– TUT106: Domain Services for Windows– TUT211: Enhanced Protocol Support in OES 2 SP1 – AFP and

CIFS– TUT109: DNS-DHCP on OES 2– TUT208: Dynamic Storage Technology

• Stop by the OES tables E8-E19 in the technology lab

Question and Answer

Backup Slides


Novell® Open Enterprise Server

• Novell Open Enterprise Server is a suite of services– File, Print and Storage Services– High Availability Services– Management Services– Productivity and Networking Services– Identity and Security Management

• Open, easy-to-deploy platform www.novell.com/oes

http://www.novell.com/oes

Background and History


A Brief History

• Novell® has ported NetWare® services to other platforms

– Windows, Unix, Linux

• Novell Nterprise™ Linux Services– First full suite of services similar to NetWare– Supported on SUSE® Linux Enterprise Server and RedHat

• Open Enterprise Server 1.0– Only supported on SUSE Linux Enterprise Server 9 (SLES)– Full mixed source distribution

• Open Enterprise Server 2– An add-on product hosted on SUSE Linux

Enterprise Server 10 SP1 (SLES10 SP1)– Update to OES2 slated for release in 4Q 2008


Open Enterprise Server 2Auditing/LAF

• SUSE® Linux Enterprise Server 10 introduces a new auditing subsystem

• LAF (Lightweight Audit Framework)– Kernel interfaces for kernel modules– User space interfaces for users space applications

• Many still write to syslog• Sentinel and other auditing products will have

LAF connectors• Audit log all system and security issues:

– Authentication– Authorization– Configuration changes


• Posix compliant file systems– Linux Attributes

> (u)ser, (g)roup, (o)ther> (r)ead, (w)rite, e(x)ecute> Example: 770 (user = rwx, group = rwx, other = ---)> Example: 644 (user = rw-, group = r--, other = r--)

– Linux Access Control Lists (ACLs)> More robust than attributes> user1 = rwx, user2 = r--, user 3 = r-x

• Non-Posix compliant file systems– Other rights models: Novell® ACLs; MS rights

Rights Models


Java (IBM, Sun, 32 bit and 64bit)

• Java 1.5– SUSE® Linux Enterprise Server 10 shipped with JVM 1.4.x– SUSE Linux Enterprise Server 10 SP1 will include JVM 1.5

• Vendors– SUSE Linux Enterprise Server 10 ships both IBM and

Sun JVMs

• Open Enterprise Server 1.0 defaulted to the Sun JVM• Open Enterprise Server 2 will default to the IBM

1.5 JVM• On x86_64

– Use the 32bt JVM (supports 32bit JNI) java-1_5_0-ibm-32bit– Careful with /usr/lib/jvm/java and /usr/lib64/jvm/java

•


Open Enterprise Server 2 SP1Security Focus

• Architecture Reviews– Secure communications– Protecting credentials

• Basic secure coding guidelines– Buffer overflow protection– Not running as root and reduced privileges– Separation of authentication from service

• Vulnerability Testing– System wide “nessus” testing


CASA

• CASA (Common Authentication Service Adapter)– Credential store for single sign on, Authentication Services– Client Store: Safely store shared secrets and credentials– Server Store: Safely store daemon secrets for booting with

authentication– Authentication: Simplified API for “kerberizing” applications

• Open Enterprise Server bundles CASA– Fully open sourced

• Programming support and Bindings (C, C#, Java)– Client: Authentication Token Client API, Secret Store API– Server: Authentication Token Verification Module API, Secret

Store API


Novell® Archive and Version Services

• Periodically captures and stores versions of your network files

• Uses an archive database• Uses a schedule that you determine• Users can search for a previous version of

a file and quickly restore it• Archive and Version Services on Linux was introduced

in OES2


OpenWBEM and CIMOM (cont)

OES Linux

CIMOM

browser

OES Linux

plugin

pluginiMgr

Management Servers

Managed Servers

OES NetWare

iMgr

plugin

plugin

plugin

CIM Client

OES NetWare

CIMOM

Other Management Consoles

• Command Line• Open Standard• Scriptable

HTML

plugin

CIMXMLCIM Client

plugin

plugin

provider

provider

provider

provider

provider

provider


Open Enterprise Server Architecture

• First level bullet (24pt)– Second level bullet (20pt)

> Third level bullet (16pt)» Fourth level bullet (14pt)

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Documents

Novell Open Enterprise Server Architecture