2 months ago I spent some time in Dallas, TX. training on Novell's IDM solution. I've been supporting an IDM system since 2008, but only had training from the implementing consultant and what I could find on Novell.com. Came back from the training with a new appreciation for what this software is capable of bringing in terms of value to any enterprise.
One of the best things to train up people, in my opinion, is by doing. Living by my own advice I built up a duplicate test environment resembling our production network, and use the edir2edir driver to mirror the users through the new environment. Some small tips arose from this, and it is worth it to put them down here.
Novell Designer for IDM : While the iManager IDM suite works quite well, the Designer from Novell is one of the best tools for dealing with the in's and out's of working with IDM. The ability to export your IDM as a backup is must have.
Apache Directory Studio : A must have for working with Directory Services, a very flexible and free tool from the Apache project. Platform neutral, it runs on most hardware. I use it to look at the results of various "what if's?" as well as correcting issues.
Terminal, using SSH you can do many things, but the most helpful one was running "tail -f" on the idmtrace logs
Sep 14, 2010
Of Disks and Disruptions
We use a Novell Netware Cluster for our file services. We established this cluster approximately 2 years ago. It's been a good network network citizen, quietly doing it's job day in and day out. It's grown from one 400gb partition to multiple ones adding up to about 4TB. the only disruptions we've seen were either due to power interruptions (UPS failed,) or SAN issues. One of the things we've found over the last two years is that if your SAN admin moves the data from one disk group to another , you can NOT move it at 100%,This is a "quirk" with the the IBM SVC, if you move the disk group at any other speed besides 100%, it's fine.
Aug 26, 2010
Brave New World
Today was rather epic. We finally installed our first eDir 8.8.5 server in our tree. We did it on a SLES 11 64bit VM box. My GAWD it's fast. We are definitely on a fast track to OES2 after we upgrade our Identity Manager implementation. Replication times have fallen and several of our "issues" with eDir were resolved by this.
Last week I completed the 3091 IDM course. Great product, the shame of the training was that it was on 3.5.1 and we're moving to 3.6.1. Not a big deal in the scheme of things, and the course was very informative. This will make several of the projects currently in motion much easier.
Now I need to do a crash course in XML scripting and driver logic.
Last week I completed the 3091 IDM course. Great product, the shame of the training was that it was on 3.5.1 and we're moving to 3.6.1. Not a big deal in the scheme of things, and the course was very informative. This will make several of the projects currently in motion much easier.
Now I need to do a crash course in XML scripting and driver logic.
Jun 28, 2010
CA Renewal and Distribution
so your tree has been up for coming up on 10yrs...ever redo the CA? then it's time.
In Novell land, the CA is the certificate authority, the place from which all certs come from. There are plenty of TID's at Novell about changing out your CA for a new one, but not much on what to do afterwards. We hit a few snags when we redid ours, but the basic procedure goes something like this....(we got this from Novell)
Export the existing CA (you might need it if things go bad)
Delete the existing CA
Create a new CA, either choose maximum or 10yrs (that way you don't have to do this again for awhile)
Export that to a new cert and save it as rootcert.der
Go to your eDIr Master (if you have more than one, then the one with the most MASTER replicas on it.) and do the following:
at every step check the logger screen for errors........
In Novell land, the CA is the certificate authority, the place from which all certs come from. There are plenty of TID's at Novell about changing out your CA for a new one, but not much on what to do afterwards. We hit a few snags when we redid ours, but the basic procedure goes something like this....(we got this from Novell)
Export the existing CA (you might need it if things go bad)
Delete the existing CA
Create a new CA, either choose maximum or 10yrs (that way you don't have to do this again for awhile)
Export that to a new cert and save it as rootcert.der
Go to your eDIr Master (if you have more than one, then the one with the most MASTER replicas on it.) and do the following:
- copy rootcert.der to sys:\public(rename the existing one first)
- ap2webdn
- tc4(5)stop (depending on which one you are running)
- tckeygen
- java -exit
- ap2webup
- tomcat4(5)(depending on which one you are running)
- unload nldap
- pkidiag
- options 4,5 and then 0
- nldap
- reboot
at every step check the logger screen for errors........
May 17, 2010
PMO Infection
Seems to be a recurring nightmare for some people. Project Management becomes a buzz word, the buzz word becomes a desire and the desire becomes someone deciding that EVERYTHING needs to be handled by a PMP.
No, it doesn't.
No.
In the words of Mrs. Reagan, just say no. please?
I am NOT saying that Project Management is bad, it's not, it brings organization to chaos. In day to day operations, if you make something so hard to do, people will inevitably either not do something and blame the PM structure or go around the PM structure and again blame it as their rationalization. Now with the whole movement to "cloud" computing many projects are firing up, the one that is to move your data to the cloud, use a PMP, the one to reset the nic card on server? just make it happen...
You'll learn eventually that most things are "Just make IT happen" (pronounce "IT" either way, it works)
No, it doesn't.
No.
In the words of Mrs. Reagan, just say no. please?
I am NOT saying that Project Management is bad, it's not, it brings organization to chaos. In day to day operations, if you make something so hard to do, people will inevitably either not do something and blame the PM structure or go around the PM structure and again blame it as their rationalization. Now with the whole movement to "cloud" computing many projects are firing up, the one that is to move your data to the cloud, use a PMP, the one to reset the nic card on server? just make it happen...
You'll learn eventually that most things are "Just make IT happen" (pronounce "IT" either way, it works)
Apr 28, 2010
Experiments in Novell Management (cont'd)
Desktop ended up being a SLED 32bit install. The 64bit was just a bit too much in the day the day maintenance for this site since clntrust and ifolder (2.1.8) weren't working. Used the proprietary ATI driver for the dual monitor setup and then built an XP machine in virtualbox since I still need to do some Windows work.
I like the multiple desktops and the ability to separate out my screens into a more logical workflow. All in All I like it!...like it so much that I also installed it on my corporate laptop.
Wow, after 10yrs of trying, I am running Linux for work.
I like the multiple desktops and the ability to separate out my screens into a more logical workflow. All in All I like it!...like it so much that I also installed it on my corporate laptop.
Wow, after 10yrs of trying, I am running Linux for work.
Apr 27, 2010
BorderManager, WebSense and Abends...Oh My!
Last week a BorderManager server abended, nothing new there, happens. When it came back up, checked that the internet was there, and case over right?
Wrong....
The Surfcontrol filtering wasn't working, free porn and facebook for everyone!
Wrong....
The Surfcontrol filtering wasn't working, free porn and facebook for everyone!
- The ruleset was restored from backup, no change
- Removed the surfcontrol db and redownloaded it, no change
- Management panic because actually letting the employees make decisions on time management is bad.
- Call to the vendor
- 2nd Call to the vendor
- Email from vendor
- Troubleshooting ensues
- change this file, reboot, no change
- change this setting, reboot, no change
- reinstall software, reboot, no change
- downgrade Bordermanager to 3.9 SP1, reboot, no change
- see a pattern here?
- reupgrade to BM3.9 SP2, but keep the proxy.nlm from 3.9 SP1, reboot, no change
- Apply the BM3.9 SP2 IR1 patch, reboot, well the rules load quicker, but otherwise no change
- Escalated to 2nd level support, repeat most of above, no change
- Boss emails sales rep, sales rep calls support, escalated to the real geeks
- 10 minutes of technical jiggery pokery, corrupted filtprod.dat found in sys\etc\border\english, replaced corrupted file, no reboot just issue a "stopbrd and a startbrd" and everything works!
Apr 2, 2010
Experiments in Novell Management....
Attempting to setup my primary work desktop as a SLED 11 monster. Thinking SLED 11 64 specifically. At this point 90% of my management work for the Novell side of the farm is done via the web, so that's a no brainer, the AD side may be an issue though, time will tell.....
Mar 31, 2010
Droid Day....
Verizon has finally sent out the Android 2.1 update to the Motorola Droid phones. It does have several neat features:
1. Live Wallpapers, we'll see how long before this becomes annoying and/or a battery suck
2. Speech to Text, not sure how well this is going to work in an office environment.
3. 3D Gallery, or Microsoft Surface on your phone.
4. Multi touch, which it has been able to do all along, but it wasn't turned on in the software.
No extra home screens, no 3D app launcher...
If you have a Motorola Droid AND do not want to wait, Androidcentral has the procedure. It's fairly straight forward
I have to delve into more and see if they updated the ActiveSync side of things, we rejected the Droid, and all android phones as a corporate phone because the bad state of activesync. We use BES (who doesn't?) as well as Notifylink's product for connecting to iPhones. One more platform wouldn't hurt, but you never know.
1. Live Wallpapers, we'll see how long before this becomes annoying and/or a battery suck
2. Speech to Text, not sure how well this is going to work in an office environment.
3. 3D Gallery, or Microsoft Surface on your phone.
4. Multi touch, which it has been able to do all along, but it wasn't turned on in the software.
No extra home screens, no 3D app launcher...
If you have a Motorola Droid AND do not want to wait, Androidcentral has the procedure. It's fairly straight forward
I have to delve into more and see if they updated the ActiveSync side of things, we rejected the Droid, and all android phones as a corporate phone because the bad state of activesync. We use BES (who doesn't?) as well as Notifylink's product for connecting to iPhones. One more platform wouldn't hurt, but you never know.
Mar 30, 2010
The "Old" Argument
Should we get rid of "Novell"?
I've heard this argument several times during my career with various outcomes. With a well reasoned argument it's a good discussion. it's the non-rational ones that tick me off
"It's OLD!"
That doesn't make it bad, just means you haven't studied enough to find out that 4.11 was several major revisions ago. Currently Novell is at the forefront of Identity Management along with the old core business of File and Print. The current OES2 has much more than MS offers and Novell has a lower price.
"It doesn't work with ANYTHING!"
Define that, usually it means that MS doesn't work with Novell. Which isn't "anything", and if you look a bit deeper, Novell works with MS products better than anything else, including MS's own products.
"It's not OUTLOOK!"
One word answer - Good! More words answer, by not being Outlook, it means that you don't need to worry about targeted attacks or users making royal blunders. Teamed with good spam and virus filtering, good ol Groupwise keeps the mail flowing without the necessity of constant vigilance. And IF you insist on using MS Outlook, there are connectors for it for the Groupwise 7 backend.
"It's it's it's not what I know!"
It's not Novell's fault you have never studied anything else but MS. Novell has far more experience doing Directory Services and user authentication than MS does. eDirectory runs circles around Active Directory. The only system that may have been able to give eDir a run was Banyan Vines and MS bought them and took the code into AD, and didn't know what they had.
"It won't connect to X, Y, or Z"
Neither will MS. Well in actuality, MS will connect to MS. So will Novell, Novell will also connect to IBM, Sun/Oracle and about 90 other things. (see Identity Manager).
"It's too hard!"
It's not that nothing worthwhile is easy, more so that it's different and damn near impossible to understand unless you get off the MS branded sippy cup. Not everything requires a wizard.
"It's broke all the time!"
Is it broke? or because you have no understanding of it, you hired people who had no understanding of it, or worse, hacked around in it to make it sort of work. Build a Novell system from the ground up with competent people at the helm and it will be a paragon of virtue and reliability. Muck with it? and you deserve what you got.
"I don't like "Novell""
Define Novell, no really, define it, and I'll bet the part you don't like is something that has been ignored, abused or abandoned for a long time. You need to keep current, and keep up maintenance. Do you not change oil in your car and then complain when it strands you on the road? Yes there are stories about old 3.11 Netware servers sitting in walls that run forever, these were also servers that did not require 10 fans to run, and only had 10-30 users on them. You need to keep up with things, otherwise you become the people in Star Trek who forgot how to fix their tools and lived in fear of them.
"Homogeneous environments are easier to support."
This is true, right up to the moment that a zero day virus gets in your network and eats all the MS based things and you find yourself looking out at a vast homogeneous wasteland that is effectively dead.
I've heard this argument several times during my career with various outcomes. With a well reasoned argument it's a good discussion. it's the non-rational ones that tick me off
"It's OLD!"
That doesn't make it bad, just means you haven't studied enough to find out that 4.11 was several major revisions ago. Currently Novell is at the forefront of Identity Management along with the old core business of File and Print. The current OES2 has much more than MS offers and Novell has a lower price.
"It doesn't work with ANYTHING!"
Define that, usually it means that MS doesn't work with Novell. Which isn't "anything", and if you look a bit deeper, Novell works with MS products better than anything else, including MS's own products.
"It's not OUTLOOK!"
One word answer - Good! More words answer, by not being Outlook, it means that you don't need to worry about targeted attacks or users making royal blunders. Teamed with good spam and virus filtering, good ol Groupwise keeps the mail flowing without the necessity of constant vigilance. And IF you insist on using MS Outlook, there are connectors for it for the Groupwise 7 backend.
"It's it's it's not what I know!"
It's not Novell's fault you have never studied anything else but MS. Novell has far more experience doing Directory Services and user authentication than MS does. eDirectory runs circles around Active Directory. The only system that may have been able to give eDir a run was Banyan Vines and MS bought them and took the code into AD, and didn't know what they had.
"It won't connect to X, Y, or Z"
Neither will MS. Well in actuality, MS will connect to MS. So will Novell, Novell will also connect to IBM, Sun/Oracle and about 90 other things. (see Identity Manager).
"It's too hard!"
It's not that nothing worthwhile is easy, more so that it's different and damn near impossible to understand unless you get off the MS branded sippy cup. Not everything requires a wizard.
"It's broke all the time!"
Is it broke? or because you have no understanding of it, you hired people who had no understanding of it, or worse, hacked around in it to make it sort of work. Build a Novell system from the ground up with competent people at the helm and it will be a paragon of virtue and reliability. Muck with it? and you deserve what you got.
"I don't like "Novell""
Define Novell, no really, define it, and I'll bet the part you don't like is something that has been ignored, abused or abandoned for a long time. You need to keep current, and keep up maintenance. Do you not change oil in your car and then complain when it strands you on the road? Yes there are stories about old 3.11 Netware servers sitting in walls that run forever, these were also servers that did not require 10 fans to run, and only had 10-30 users on them. You need to keep up with things, otherwise you become the people in Star Trek who forgot how to fix their tools and lived in fear of them.
"Homogeneous environments are easier to support."
This is true, right up to the moment that a zero day virus gets in your network and eats all the MS based things and you find yourself looking out at a vast homogeneous wasteland that is effectively dead.
Complete ReBoot
Sometimes you just need to power off the box and give it another go. My old blog "..and a sense of humor" died due to lack of interest on my part. This blog is about tech, specifically Information Technology used in healthcare. Novell, Windows and Linux are my focus, others may appear as warranted.
Subscribe to:
Posts (Atom)