PRESENTATION NAME

Joel MoyaJalaoftseDirectoryEDirectoryUnderstanding Novell eDirectory

Novell eDirectory is a list of objects that represent network resources, such as network users, servers, printers, print queues, and applications.

It can store and manage millions of objects.

Novell eDirectory is a highly scalable, high-performing, secure directory service.

.

EDirectoryA Brief History of NDS/eDirectory and Its Versioning

The meaning of the acronym NDS has changed a number of times since it was first introduced with NetWare 4.0. When Novell initially introduced NDS as a component of NetWare 4.0 in 1993, NDS stood forNetWare Directory Servicebecause at that time NDS was availableonlyon NetWare. Working with third-party vendors such as IBM, Hewlett-Packard (HP), Microsoft, and Sun, in 1999 Novell made NDS available for a number of different platforms:

NDS for Windows NTNetWare Services for UnixWare 7NDS for SolarisNetWare 4.1 Services for HP 9000Novell Network Services for AIXNovell Network Services for OS/390

.

EDirectory

Novell eDirectory offers a secure identity management solution that runs across multiple platforms, is internet-scalable, and extensible.

SUSE Linux Enterprise Server Red Hat Enterprise LinuxSolarisAIXWindows

EDirectoryNovell eDirectory Architecture

EDirectory

eDirectory FeaturesLDAP SupportLDAP v3 support including SSLOpenLDAP SDKCross-platform supportAlready runs on NetWare, NT 4, Linux, Windows and Solaris Looking at other UNIX and mainframe platforms (e.g AIX)Improved administration tools Monitoring and repair tools ICE (Import/Convert/Export) utilityiMonitor utilityFiltered replicaA new replica type that enables flexible control of whats replicatedDown to the attribute levelDirXML SupportProvides foundation for integrating network information for any system, application, device, etc. EDirectoryConsole

NWAdmin A graphical utility that runs in Windows, used to perform administrative tasks.

iManager A Web-based tool, which give you the ability to manage your NetWare server using a Web browser.

ConsoleOne Both a server and workstation Java-based NetWare utility that can be used to perform administrative tasks. Preferred tool for working with eDirectory. Newer product.Novell iManager lets you manage the directory and users, and access rights and network resources within the directory, from a Web browser and a variety of handheld devices. EDirectory

Ease of Management through Novell iManager

The eDirectory plug-ins to iManager give you access to basic directory management tasks, and to the eDirectory management utilities you previously had to run on the eDirectory server, such as DSRepair, DSMerge, and Backup and Restore.EDirectory

Plug-ins in Novell iManagerPowerful Tree Structure.

Novell eDirectory organizes objects in a tree structure, beginning with the top Tree object, which bears the tree's name.Whether your eDirectory servers are running Linux, UNIX, or Windows, all resources can be kept in the same tree. EDirectory

Single Login and Authentication

With eDirectory, users log in to a global directory, so you dont need to manage multiple server ordomain accounts for each user, and you dont need to manage trust relationships or pass-through authentication among domains.

EDirectory

EDirectoryObject Classes and Properties

The definition of each type of eDirectory object is called an object class. For instance, User and Organization are object classes. Each class of object has certain properties.

EDirectorySchema

The schema defines the object classes and properties, along with the rules of containment

The Schema role in Novell iManager lets users who have the Supervisor rights to a tree customize the schema of that tree.

EDirectoryList of Objects

EDirectoryInstallationSystem Requirements

For Linux eDirectory support 32-bit and 64-bit (x86_64) installation.

Hardware requirements.

eDirectory also requires the following:

A minimum of 512 MB RAM for eDirectory

162 MB of disk space for the eDirectory server

30 MB of disk space for the eDirectory administration utilities

50 MB of disk space for every 50,000 usersEDirectoryList of Objects

EDirectoryInstallationSoftware requirements.

Network server time synchronizedUse Network Time Protocol's (NTP) xntpd to synchronize time across all network servers.

Compat-libstdc++ RPMIf the compat-libstdc++ RPM is not present on your host machine, install it. This RPM containslibstdc++-libc6.1-1.so.2.

Configuring Static IP AddressStatic IP address must be configured on the server for the eDirectory to perform efficiently.Configuring eDirectory on the servers with DHCP address can lead to unpredictable results.

EDirectoryInstallationEnter the following command at the setup directory:./nds-install

EDirectoryInstallationThe ndsconfig UtilityYou can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree.

Creating A New TreeUse the following syntax:ndsconfig new [-t ] [-n ] [-a ] [-i] [-S ] [-d ] [-m ] [e] [-L ] [-l ] [-o ] [-O ] [-p ] [-R] [-c] [-w ] [-b ] [-B , ,..] [-D ] [--config-file ]

A new tree is installed with the specified tree name and context.EDirectoryInstallationAdding a Server into an Existing TreeUse the following syntax:ndsconfig add [-t ] [-n ] [-a ] [-w ] [-e] [-P ][-L ] [-l ] [-o ] [-O ] [-S ] [-d ] [-m ] [-p ] [-R] [-c] [-b ] [-B , ,..] [-D ] [--config-file ][-E]

A server is added to an existing tree in the specified context. If the context that the user wants to add the Server object to does not exist, ndsconfig creates the context and adds the server.

Removing a Server Object And Directory Services From a TreeUse the following syntax:ndsconfig rm [-a ] [-w ] [-p ] [-c]eDirectory and its database are removed from the server.EDirectoryeDirectory vs Active DirectoryFeatureeDirectory Active Directory

eDirectory advantageMulti-platform SupporteDirectory runs on Windows NetWare, SUSE Linux, Red Hat, Solaris*, AIX*,Active Directory only runs on WindowsBetter for heterogeneous server environmentsMulti-platform AccessFull support for Windows desktop,, Windows Server, Macintosh, Linux, UNIX, and AIX.Full feature support only for Windows,Better for heterogeneous client environmentsOpen Standards SupportSupports LDAP, JNDI, ODBC, JDBC, ADSI, XML, EJB, RADIUS, DNS, DHCP, C/C++, ActiveX* and Visual Basic* Libraries enabling developers to write to open standards rather than specificAPIs.Requires applications written to ADSI or customized integration with Win32* platforms.More easily integrates with other open-standard applications and configurationsDirectory SynchronizationUsing eDirectory and Novell DirXML, any other directory can be synchronized bi-directionally with eDirectory. Event engine synchronizes changes as they occur.Active Directory provides only one-way ynchronization with other directories. Changes must be searched for (dredged), an inefficient method producing latent updates.Makes it possible to make changes in any directory and all other directories are automatically updatedEDirectoryeDirectory vs Active DirectoryFeatureeDirectory Active Directory

eDirectory advantageTree ArchitectureeDirectory can utilize a single tree across all connected environments to contain all objects and resources. All resources are centrally managed from a single interface.Active Directory, due to the constraints caused by the domain model, is organized into separate trees, contained within a forest. Rights only flow in trees (not the forest) with each tree administered separately requiring and additional layer of manual management.Provides unified and centralized management for all resourcesnot just resources in one domain or locationReplicationeDirectory allows directory partitions defined at any point within the tree, and replicas of these partitions can be placed on any server in the tree. This enables administrators to optimize for authentication efficiency, bandwidth utilization and fault tolerance.Active Directory partitioningmust be done with entire domains, and only one domain can exist on any server.Increases authentication performance and reduces bandwidth requirements by ensuring the data is available where and when its needed.Directory MaintenanceeDirectory includes a comprehensive set of management tools for managing the directory and monitoring tree, replica and partition status. eDirectorys crossplatform repair tools allow for |a live repair of any portion of the directory, ranging from the whole tree, to a single object.Active Directory must be downed to reclaim lost directory space and perform advanced repairs. There is no ability to remotely repair a database, rename domains, or merge and split domains.Simplifies and providesgreater power for irectorymanagement enabling better monitoring and more precise tools for directory operations.EDirectoryeDirectory vs Active DirectoryFeatureeDirectory Active Directory

eDirectory advantageDatabase Size An eDirectory base instancerequires 1 MB of disk space,growing to 75 MB for 50,000objects. When access rights areassigned, they are calculateddynamically with little effect ondatabase size.Active Directory requires a 44MB base growing to 280 MB with 50,000 objects. When access rights are assigned, they are actually written to each object causing the database to balloon even larger.Enables many more resourcesto be managed with muchsmaller database. A smallerdatabase provides higherperformance and distributionefficiencies for overall betterscalability.Integrated AuthenticationeDirectory utilizes PKI, the mostwidely-used form of public-key authentication, licensed from RSA Security. Supported authenticationmethods include digital certificates and biometrics, smart cards and tokens.Active Directory uses aMicrosoft-altered version ofKerberos, a secret-keyauthentication method.Provides greater flexibility inintegrating different types ofsecurity solutions.END