Basics

The NetWare 5 OS consists of three components: Kernel, Console, and NLMs.

Minimum System Requirements

• Pentium 100
• 64 MB RAM
• 30 MB Free on DOS partition
• 200 MB free space for SYS volume
• NIC
• CD-ROM Drive
• Mouse (Optional for Java support)
• VGA Card (Optional for Java support)

Never move, rename, or delete the SYS volume or any of the 16 directories on

SYS created by the installation of NetWare (CDROM$$.ROM, Deleted.sav, Etc,

Java, JavaSave, License, Login, Mail, NDPS, NetBasic, Ni, Perl, Public,

ReadMe, System, and Temp).

Console Hotkeys:

• <CTRL><ESC> give you a listing of current screens
• <ALT><ESC> cycles through the available screens
• <CTRL><ALT><ESC> allows you to down the server or cancel the mounting of a volume. Use if the console locks up.

Long file name support is enabled by default in NetWare 5.

NetWare Storage Services

• Benefits:
• Handles files up to 8 TB
• Unlimited files in single directory
• Faster access to data in files
• Volumes mount and repair more quickly
• Low RAM Requirements (32MB minimum)
• Supports most types of storage devices
• Space on multiple devices can be combined into one volume
• Enhanced CD-ROM volume-mounting support
• Allows 4 NetWare partitions per disk
• Unlimited volumes per NetWare partition
• Drawbacks:
• Transaction Tracking Services (TTS) not supported
• Disk striping/mirroring not supported
• Hierarchical Storage Management (HSM) not supported
• Real-Time Data Migration not supported
• File compression not supported
• VREPAIR not supported (uses VERIFY and REBUILD instead)
• NSS can’t be used on SYS.

Three components are: NSS Provider, Consumer, and Storage Group.

• Provider scans devices to find free space. (NWPRV is the provider for NetWare volumes and MMPRV is the provider for IBM-compatible volumes.)
• Consumer manages free space by placing a deposit object to register ownership.
• Storage group represents all disk space on server regardless of device. Storage group can be organized into volume(s).

Use NWCONFIG.NLM to create NSS volumes.

Upgrading

Preparation for Server Upgrade

• Investigate all NLMs and .HAMs for compatibility issues
• Make 2 or more backups of existing file systems, bindery, and NDS
• Write down IRQ and I/O port of NICs
• Broadcast message to all users to log out
• If upgrading from NetWare 2.x, you must do an intermediate upgrade to 3.x or 4.x first.
• If upgrading from NetWare 4.x, you should upgrade the server with the Master Replica of [Root] partition first.
• On 3.x, consolidate user names from different servers
• Upgrade Workstations to Client32 version 2.2 or higher
• If servers are on different segments, disable SAP filtering
• NetWare 3.x requires upgrading NLMs with those from Upgrade Wizard
• On NetWare 3.1x, UNLOAD TSA31x.NLM, SMDR.NLM, SMDR32x.NLM, SPXS.NLM, TLI.NLM, AFTER311.NLM, CLIB.NLM, A3112.NLM, STREAMS.NLM and LOAD TSA312.NLM in this order.
• Add any name spaces from old server to new server

Two methods of upgrading:

1. In-place upgrade: Boot server to DOS (don't start server.exe) and run INSTALL.BAT from CD. Risks data loss if there's a failure during upgrade.
2. Across-the-wire upgrade (migration): Must have an existing NetWare 5 server and NDS tree first. Install the Novell Upgrade Wizard on a workstation, log in to both old and new servers as Admin equivalent, run Upgrade Wizard, and create a new project. Drag and drop users, groups, volumes, printers, and other bindery objects from old server to their new locations in the NDS tree.

GUI and Java Support

• A Java Class is a full Java application; A Java Applet is a Java program that runs in a web browser or applet viewer.
• Java class and applet names are case sensitive and require long filename support
• To run a Java app: JAVA [-options] <Class Path & Filename>
• To run an applet: APPLET http://<URL to HTML file with applet tag>
• To load/unload the GUI console: STARTX.NCF or UNLOAD STARTX.NCF
• C1START loads the GUI and then also ConsoleOne

Server Configuration Files

• When server is powered-on, startup files execute in the following order: AUTOEXEC.BAT, SERVER.EXE, STARTUP.NCF, AUTOEXEC.NCF
• Use SERVER.EXE -NS To bypass startup.ncf; SERVER.EXE - NA bypasses autoexec.ncf
• .NCF files are server batch/script files

Securing the File Server

• Physical Security - Keep server in locked room and/or install keyboard lock.
• SECURE CONSOLE command - Prevents loading of NLM except from C:\NWSERVER or SYS:\SYSTEM. Also prevents date/time change.
• Put passwords on server screen saver and remote console access

Backup Strategies

• Full - Backs up all data. Takes the longest to backup, but fastest to restore.
• Incremental - Only backs up files added or changed since last backup. Quick to back up, but restore requires multiple tapes (last full backup tape plus all incremental tapes since)
• Differential - Only backs up files since last FULL backup. Each backup takes a little longer, but restore requires only two tapes (most recent full backup and most recent differential backup)
• NEVER MIX INCREMENTAL WITH DIFFERENTIAL

Enhanced SBACKUP

• Backs up everything - files, NDS Tree, binderies from old servers, clients, etc.
• Requires a Target Service Agent (TSA) on machine being backed up.
• Use W95TSA on Win95 clients;
• Use TSAMAIN.EXE and TSAPREFS.EXE on NT Client;
• Use TSANDS.NLM on a server to back up its partition of the NDS Tree.
• Required NLMs: SMDR.NLM, TSA500.NLM, SMSDI.NLM, QMAN.NLM, SBSC.NLM, SBCON.NLM
• Run NWBACK32.EXE from a workstation to manage backup jobs

ConsoleOne

To run ConsoleOne from a workstation, run SYS:\PUBLIC\MGMT\Console1.exe

ConsoleOne can be used to:

• Rename, Copy, Delete files in volumes
• Edit text files (including server config files)
• Administer NDS (But will only create new Group, Org., Org. Unit, or User objects)

Remote server access (requires RCONAG6.NLM on server). Go to My Server, Tools, RConsoleJ. In right pane, enter server's IP address and password, click Connect.

Remote Console Access

Remote Console Requires RSPX.NLM and REMOTE.NLM on server, RCONSOLE.EXE on workstation.

Remote Console via modem requires a modem directly connected to the server and the following NLMs on the server: REMOTE.NLM, AIO.NLM, RSPX.NLM, RS232.NLM.

RConsoleJ - Run SYS:\PUBLIC\RCONJ.EXE. Provide IP and password of server.

MONITOR.NLM

MONITOR.NLM is used at console to view server performance statistics and set parameters

Queue-Based Printing

A physical printer can be attached to the network as follows:

• Via a Win95 workstation (remote or manual load. Run NPTWIN95.EXE on PC)
• Attached to a NetWare file server (remote or manual load. Requires NPRINTER.NLM)
• Attached to a Print Server (local or auto load. Requires PSERVER.NLM)
• Directly to the network wire (Follow manufacturer's instructions)

Three NDS Objects are required: Queue, Printer, and Print Server.

The queue is assigned to a printer, which is assigned to a print server.

1. One Print Server can handle multiple queues and printers. Critical properties of a print server are name and printer assignments.
2. The print queue holds jobs waiting to be printed. Critical properties of a queue are queue name, volume, and printer & print server assignments.
3. The printer object contains port, interrupt, and connection info. Critical printer properties are printer name, printer type, port & interrupt, and queue assignment.

• Queue Users can send jobs to the queue and modify only their own jobs.
• Queue Operators can change queue assignments and operator flags and modify all jobs in the queue
• Print Server Users can receive printer error messages and monitor the server, but can't change anything.
• Print Server Operators can bring the print server down or up, change printer status, and edit the printer notify list.

The printer notify list determined which users get printer error messages. Job Owner receives error messages by default.

Novell Internet Access Server (NIAS)

• Users dial in to modems connected to a NetWare server and access all their usual resources.
• Supports regular phone line, ISDN, and DSL.
• Use NIASCFG.NLM at server to install and configure NIAS.
• The server needs to have an Asynchronous I/O port, IP and IPX addresses, and remote services selected
• The client needs to have dial-up networking installed and a PPP dial-up created.
• NIAS can dynamically assign IP addresses to dial-in clients
• Remote Access Management Agent (RAMA) allows NIAS to be managed through ManageWise or other SNMP system.

Remote Authentication Dial-In User Service (RADIUS)

• Users dial in to their ISP and connect to NetWare via the Internet.
• Requires a RADIUS host/proxy server (usually provided by the ISP).
• RADIUS Accounting server on company LAN authenticates user.

DNS and DHCP

Three ways to install DNS/DHCP on server:

1. Select it during installation;
2. Use DNIPINST.NLM; or
3. In the GUI console, click the Novell button, then Install, then New Products.

The workstation software is a Java app called the DNS/DHCP Management Console. To install it, run SYS:\PUBLIC\DNSDHCP\SETUP.EXE. It adds a snap-in to NetWare Administrator and it places an icon on your desktop. The DNS/DHCP Mgmt Console has two tabs: one for DNS, one for DHCP. Be sure to use to correct tab. DNS/DHCP objects can be viewed in NetWare Administrator, but you must use DNS/DHCP Mgmt Console to create, edit, or delete DNS/DHCP objects.

Default DNS/DHCP Objects in the NDS Tree:

• DNSDHCP-Group - Contains users and any servers running DNS/DHCP
• DNS-DHCP Locator Object - Contains global configuration info, a list of servers, subnets, and zones in the tree. Used by DNS/DHCP Mgmt Console to locate objects. Can't be configured, and doesn't display in the Mgmt Console.
• RootServerInfo - A Zone object used in looking up host names outside your domain.

Configure workstations to use DNS and/or DHCP in the TCP/IP properties of the network control panel.

Domain Name Services (DNS)

Translates host names (such as 'www.cramsession.com') into IP addresses (139.142.34.89).

• The master name server (a.k.a. primary name server) maintains the database of resource records.
• An optional secondary name server maintains a copy of the database from a master name server (through a zone transfer) and is used to provide a faster, more local name server.

A DNS Zone is all or part of a domain for which the server provides DNS services. For example, the novell.com domain can be broken into a zone for support.novell.com and a zone for education.novell.com. Each portion of the domain can have its own DNS server to handle requests within the zone. Each DNS server has a Start of Authority (SOA).

Six types of record resources (RRs):

1. A (Address) - A Hostname to IP-address mapping
2. NS (Name Server) - A listing for another name server
3. SOA (Start of Authority) - This server's zone of authority
4. CNAME (Canonical Name) - An alias. Resolves alias hostname to primary hostname.
5. MX (Mail Exchange) - Maps e-mail addresses to domain names
6. PTR (Pointer) - Pointer to other records when doing reverse lookups. Used in IN-ADDR.ARPA zones.

DNS-Specific NDS Objects: DNS Name Server, DNS Zone, Resource Record, Resource Record Set.

To change a resource record object, you must delete it and recreate it.

To start DNS services, run NAMED.NLM on the server.

Dynamic Host Configuration Protocol (DHCP)

Assigns IP address, subnet mask, default gateway (router), DNS servers, and other IP configuration info to a PC automatically. The three types of address assignments are:

1. Dynamic Allocation: An IP address is leased to the client for a limited time period.
2. Automatic Allocation: The IP address is leased to the client without an expiration (permanent).
3. Manual Allocation: A specific IP address is reserved for a specific client.

DHCP can import DHCP 2.0 or 3.0 file formats.

NDS Objects: DHCP Server, Subnet, Subnet Address Range, IP Address, Subnet Pool

Netscape FastTrack Web Server for NetWare

Requires long filename namespace on volume that holds website files. (LOAD LONG.NAM & ADD NAME SPACE LONG TO <volume name>)

To install, log in from a workstation as Admin-equivalent and run \PRODUCTS\WEBSERV\SETUP.EXE from the NetWare 5 CD. Make note of the Administration Server TCP Port. The following 7 NLMs make up the web server: ADMSERV.NLM, BTRIEVE.NLM, CRON.NLM, CSSYSMSG.NLM, NETDB.NLM, NSHTTPD.NLM, NSLCGI.NLM. At the NetWare console, use NSWEB.NCF to load the server and NSWEBDN.NCF to unload the web server. By default, web pages are stored under SYS:\NOVONYX\SUITESPOT\DOCS.

Manage the web server through the Netscape Server Administration Page via a web browser. The URL will be HTTP://<SERVER NAME>:<ADMIN TCP PORT>. You have full access to administer all Netscape FastTrack web servers on your network from here. Click the button for the server you want to manage, then you have the following options:

• ON/OFF - Loads or unloads web services on the selected NetWare server
• VIEW SERVER SETTINGS - Hostname, IP Address, Port, log settings, document directories and defaults, CGI settings, and index style
• RESTORE CONFIGURATION - You can restore the server to previously used saved configuration settings
• PERFORMANCE TUNING - Number of connections (48 is default), DNS lookups, size of listen queue, http connection timeout, buffer and packet sizes.
• MIME TYPES - Add, Remove & Edit MIME types by file extension
• NETWORK SETTINGS - TCP Port, IP address, hostname, news & mail servers
• ERROR RESPONSES - customize error messages by error code
• RESTRICT ACCESS - Access control settings
• ENCRYPTION ON/OFF - enable/disable encryption, set ports & aliases
• ENCRYPTION PREFERENCES - SSL version, cipher settings

To restrict the size of a web directory, use NWADMIN to limit directory size.

Novell FTP Services for NetWare

Can handle up to 65 simultaneous connections. FTP services are installed as part of NetWare NFS Services. NFS name space (NFS.NAM) is required for FTP. Install FTP services through NWCONFIG.NLM --> Product Options --> Install Products not Listed. Browse to \PRODUCTS\NWUXPS on the NetWare CD. Choose FTP Server from the list.

INETD.NLM accepts connections and loads and unloads FTPSERV.NLM as needed.

Configure FTP services at server console with UNICON.NLM. Parameters are:

• DEFAULT NAME SPACE - DOS or NFS directory listing style
• DEFAULT USER'S HOME DIR - Used when a user doesn't have one assigned
• DETECTION RESET INTERVAL - Time frame for intruder detection
• IDLE TIME BEFORE FTP SVC UNLOADS - Timeout before INETD.NLM unloads FTPSERV.NLM
• INTRUDER DETECTION - Enable or Disable for FTP Services
• LOG LEVEL - Log file settings
• MAX NUMBER OF SESSIONS - Concurrent sessions allowed. Can be 1 to 64.
• MAX SESSION LENGTH - Total time allowed for each session before disconnect
• MAX NO. OF UNSUCCESSFUL ATTEMPTS - Login attempts allowed within DETECTION RESET INTERVAL before intruder detection kicks in.

FTP Troubleshooting steps: 1) Ping server; 2) Check if FTP services loaded and running; 3) Check account restrictions; 4) Check client's TCP/IP config; 5) Check for user error.

Memory Management

NetWare 5 uses virtual memory paging. Page size is 4K. Least used pages are moved to a swap file on a disk drive to free up RAM for other uses. Swap file is created on SYS during installation. Swap file shrinks and grows dynamically. Novell suggests deleting swap file on SYS and recreating swap files on other volumes. Swap files on non-SYS volumes require "SWAP ADD <volume name> [Parameters]" in AUTOEXEC.NCF. Parameters of SWAP file can be MIN, MAX, and MIN FREE. SWAP by itself displays swap file info. "SWAP DEL <volume name>" deletes a swap file from a volume and moves its data to another volume. "SWAP PARAMETER <volume name> [Parameter]=<value>" changes swap file settings. Use MONITOR.NLM --> Virtual Memory --> Swap Files to view swap statistics. Disk Thrashing is excessive swapping of pages. The solution to thrashing is to add RAM.

Protected Memory pools can be created to prevent corruption of memory. A program running in protected address space can't affect anything outside its pool and cause ABENDs. At the console, you can name protected address spaces.

• Use "LOAD ADDRESS SPACE=<space name> <module name>" to load multiple modules to a named space.
• Use "UNLOAD ADDRESS SPACE=<space name>" to unload entire space and all contents.
• "UNLOAD ADDRESS SPACE=<space name> <module name>" unloads only specific module from specific name space.
• Use "LOAD PROTECTED <module name>" to load a module into new space.
• "UNLOAD KILL ADDRESS SPACE=<space name>" returns space's RAM to system without trying to unload modules.
• "MODULES" is used to list all loaded modules and their space names.
• "PROTECT <ncf file>.NCF" loads all modules in NCF to a new protected space.
• "PROTECTION" displays all address spaces with modules (similar to MODULE).
• "RESTART <module name>" loads a module in protected space so that the system will shut down and restart the protected space if the module ABENDs.
• "SET MEMORY PROTECTION FAULT CLEANUP=ON" removes modules and frees up its memory if the module ABENDs.

NetWare uses Garbage Collection. When a program unloads, it marks its RAM as free. Later, garbage collection goes through and returns free RAM back to the OS for re-use. Garbage collection runs frequently as a background process.

Disk Optimization

Block Suballocation is enabled by default. The only way to disable it is to delete and recreate the volume. It subdivides a normal block (for example 4 KB) into 512-byte suballocation blocks. All files still start at the beginning of a normal block, but files larger than the block size can use suballocation blocks for the remaining portion at the end of the file.

File compression saves about 63% of disk space. At a set interval, the OS searches the volume for files that can be compressed. Use SET commands in AUTOEXEC.NCF to control searches. Once compression is enabled for a volume, it can't be removed. However, you can prevent new compression from taking place with "SET ENABLE FILE COMPRESSION=OFF" at the console. Use NetWare Administrator, Windows Explorer, NDIR, or FILER to view compression statistics.

NetWare 5 uses file and directory caching to speed up access to recently used files. Use MONITOR.NLM to view caching statistics. Long-term cache hits should be 90% or more. Total cache buffers should be 75% to 80% of remaining RAM after the NetWare OS is loaded. The LRU sitting time should be over 15 minutes. If it’s frequently less than 15 minutes, add RAM. Directory caching is used to hold directory entries. Dirty buffers are cache buffers that contain changes in RAM that haven’t been written to the disk yet.

Packet Optimization

Packet Burst Protocol

Allows up to 64K to be sent at one time without waiting for a response, increasing network performance by 10% to 300%. It is enabled by default at both client and server. It can only be turned off at the client, not at the server. When establishing connection, both nodes negotiate burst window size, which lasts for the entire connection. Theoretical maximum burst size is 128 packets, 512 bytes each, for a total of 64K. Burst Gap Time is the interval between each packet. Modify packet burst parameters in Network Control Panel --> Novell NetWare Client --> Advanced Settings.

Large Internet Packets (LIP)

Normal (non-LIP) packet size is 512 bytes. If all routers, servers, and clients can handle larger packets, LIP can be used. It is enabled by default at server and in Client32. To enable a server acting as a router to handle LIP, use SET MAXIMUM PHYSICAL RECEIVE PACKET SIZE=<size> at console or in STARTUP.NCF. Maximum size on Ethernet networks is 1514; on Token Ring the max is 4202.

Receive Buffers

Maximum packet receive buffers should be greater than current packet receive buffers, which should be greater than minimum packet receive buffers. If NO ECB AVAILABLE COUNT is 2% or higher of total, it means you’re out of packet receive buffers and you should increase the maximum.

Application Share Values

Share values determine how much CPU time each process gets. Higher share value gets more CPU time. The amount of time is based on the app's percentage of total share values assigned to all apps. LOAD -A=<app name> <module or NCF name> creates a new app. Adjust share values of apps in MONITOR.NLM --> Kernel --> Applications.

NDS Maintenance

The NDS database can be partitioned and/or replicated across multiple servers. For example, Server1 can contain the O=CONTAINER1 partition and Server2 can contain the O=CONTAINER2 partition. Partitions can also be replicated to other servers to improve performance across WANs and provide fault tolerance. The four types of replicas are:

1. MASTER - Complete copy of partition that handles all changes to the data in it. You can only have one master replica per partition.
2. READ/WRITE - Complete copy of partition that can also handle changes, but all changes are passed to the master replica. Multiple R/W replicas allowed.
3. READ ONLY - Complete copy of partition, but it passes all changes to either the master or R/W replica. Multiple R/O replicas allowed.
4. SUBORDINATE REFERENCE - Does not contain the database. Acts as a pointer to one of the other three types of partitions.

Access the NDS Manager utility by running SYS:\PUBLIC\WIN32\NDSMGR32.EXE. It can be used to view servers' replicas, add replicas, check synchronization, merge and move partitions, establish partition continuity, edit the schema (requires supervisor rights to [root]), and check the NDS version.

Enter "SET NDS TRACE TO SCREEN=ON" at console to enable display of NDS activities. Common Synchronization errors: "SYNC: FAILED TO COMMUNICATE WITH SERVER" and "SYNC: END SYNC OF PARTITION..."

DSREPAIR.NLM can correct problems in the tree, schema, records, and synchronization. The -U option tells DSREPAIR to unload when finished.

If the NDS database develops inconsistencies, the symptoms can be

1. unknown objects appear in NDS;
2. NDS error messages; and
3. users get prompted for password when none should be required;
4. login takes long time;
5. changes to NDS data doesn't keep;
6. users find they have more rights than they used to.

Steps to diagnose database inconsistencies:

1. Use SET commands to check for sync errors
2. Use NDS Manager to check partition sync status
3. Use NDS Manager to check partition continuity

To recover from a Master Replica failure, use NDS Manager to make a read/write replica into a Master replica, then delete the failed server and volume objects. Test synchronization, then delete references to the failed replica from all replica lists.

Other Novell Products

Border Manager protects the LAN from unwanted inbound and outbound traffic with the Internet. It uses packet-filtering routing, circuit gateways (NAT), and application gateways. Its components are:

• NIAS - (See above)
• Remote Access - Modem dial-in to Intranet
• IP Gateway - Translates IPX and IP to IP for the Internet
• Virtual Private Networking (VPN) - Point-to-point encryption and tunneling over a WAN or the Internet
• Proxy Cache - Stores a local copy of frequently used websites

NDS for NT adds Windows NT domains as NDS objects. Eliminates the need for trust relationships and provides a single point of administration. Domains are managed like group objects. Allows more specific access rights, such as granting rights to specific printers rather than all or nothing in NT. Use the Domain Object Wizard to install and uninstall NDS for NT on an NT server and import its object into the tree. NT's SAMSRV.DLL file is replaced with Novell's version, which redirects domain security calls to NDS. NDS for NT should be installed first on the PDC, then on every BDC. It also installs the Novell Client on NT Servers. NetWare Administrator gets a snap-in for administering NT domains. Another snap-in is Mailbox Manager for Exchange for administering Microsoft Exchange mailboxes.

GroupWise 5 provides shared calendaring, scheduling, threaded conferencing, Internet access, remote access, task management, and shared folders. A snap-in to NetWare Administrator allows central administration. The six components are: client, message transfer system, admin program, message store, directory store, and document store. The Message Transfer Agent (MTA) uses a store-and-forward method to deliver messages in the message store to the recipient using info from the directory store. The directory store holds data on users' names, locations, etc.

ManageWise does network asset inventories, monitoring and management of servers, manages desktops, analyzes network traffic, monitors print queues, and protects the LAN from viruses. The inventory feature can discover network devices regardless of protocol, show graphical maps of network topology, get info on CPUs, RAM, etc., and find duplicate IP and IPX addresses. The server management feature can compare settings and performance of multiple servers, do unattended monitoring for thresholds, and track trends. For network traffic analysis, it can find overloaded devices or segments and provide detailed troubleshooting info. The anti-virus feature works on servers and workstations using rule-based scanning to find virus-like behavior, and it checks all files moved to or from a server and regularly scans workstations. The five components of ManageWise are ZEN Works, NetExplorer, NetWare Management Agent (NMA), LANalyzer, and Virus Protect.