Document

advertisement
Novell GroupWise® 6
Deployment and Best
Practices
www.novell.com
Howard Tayler
GroupWise Product Manager
htayler@novell.com
Steve Whitehouse
Systems Engineer
swhitehouse@novell.com
Frank Sinak
Technical Consultant
UAB Health System
fsinak@uabmc.edu
Jayson Berger
Account Manager
jberger@novell.com
Gregory White
Systems Engineer
gbwhite@novell.com
Vision…one Net
A world where networks of all types—corporate and public,
intranets, extranets, and the Internet—work together as
one Net and securely connect employees, customers,
suppliers, and partners across organizational boundaries
Mission
To solve complex business and technical challenges with Net
business solutions that enable people, processes, and
systems to work together and our customers to profit from
the opportunities of a networked world
Agenda
• Guidelines for deployment of Novell GroupWise® 6
 The
upgrade process
• Case Study: University of Alabama
• Leveraging new features of GroupWise 6
 Server
consolidation
 Proactive monitoring
 LDAP authentication
 The “Internet Office”
guidelines for
deploymeNt
Key Principles Behind the
GroupWise 6 Upgrade
• Take no chances
 Pilot
the code before rolling out enterprise-wide
 Remember, GroupWise is a mission-critical app
• Admin, agents, clients
 The
“back end” is compatible with all 4.x and 5.x
“back end” components
 The GroupWise 6 Client, WebAccess, and GWIA
cannot connect to a 5.x post office
 The GroupWise 5.x Client, WebAccess, and GWIA
connect fine to a 6.x post office
Upgrade At-A-Glance
•
•
•
•
•
Install the Novell ConsoleOne® snap-ins
Upgrade the primary domain
Upgrade secondary domains and post offices
Upgrade gateways
Deploy clients
• The upgrade is simple—just install and load the
new code
Upgrading Domains
• Primary domain first
• Communication


Primary must be able to communicate with all secondary
domains
4.x and 5.x MTAs can communicate directly with a GroupWise 6
MTA
• Steps





Install GW 6 MTA—agent install will merge startup files (user ID
and password can be in the directory now)
Previous configuration settings in Novell eDirectory™ are
preserved
Unload MTA and reload with GroupWise 6 MTA
View domain with ConsoleOne to verify version
Repeat for each secondary
Upgrading Post Offices
• The “owning” domain must be upgraded first
• Steps
 Install
GroupWise 6 Post Office Agent (POA)
 Unload/reload POA
 Wait…
• Post office upgrade is complete when the POA has
rebuilt/recovered WPHOST.DB
 ConsoleOne
will indicate version 6 for the post office
 The Admin thread in the POA will show a “recovery
count” of 1
Agent Installation Information
• Information to have on hand
 Domain
name (for MTA startup file naming)
 Post office name (for POA startup file naming)
 Universal Naming Convention (UNC) path to domain
and post office directories
 HTTP port for the monitoring agent
• Automatically launch agents?
 If
this is used, and a POA and MTA are running on the
same server, the POA will need to be unloaded and
reloaded later
Upgrading GroupWise WebAccess
• Upgrade servlet
• Upgrade GWINTERs
• ConsoleOne will have new objects

Provider (Application) objects for GroupWise Monitor,
WebAccess, WebPublisher
Servlet objects

WebAccess is now capable of redirection

Rules, Signatures,“Mark Unread,” personal address book
creation

• Set default WebAccess
• New features
• Required for GroupWise wireless
Upgrade the GroupWise
Internet Agent (GWIA)
• Run the agent install
• Configuration tips
 DSN
(Delivery Status Notification) is now available
 Relay does not require exceptions for authenticated
POP and IMAP
 Secure POP, IMAP, and SMTP require a certificate
• The certificate cannot be password-protected
Roll Out The GroupWise 6 Client
• Novell ZENworks®
 Use
.AXT files provided by Novell with GW6 SP1
 Installation MUST deal with dependencies: Windows
Messaging is the critical piece
Or…
• SetupIP with SETUP.CFG
 Hide
prompts from users
 Force standardization of paths
 Prevent help-desk calls
Using SetupIP and SETUP.CFG
• Run WRITEIP.EXE



Software/admin/utility/setupip
GUI for creating WRITEIP.INI and SETUPIP.EXE
List paths to up to four web servers for client install
• Edit SETUP.CFG



Show dialogs = No, Standard Install = Yes
New option for showing individual dialogs
“Windows Messaging = Yes” will require a reboot mid-install
• Web server requirements


Web server must support file dates
Web server must list 400 files without truncating the list
deployment
in
actioN
Deployment Case Study: The University
of Alabama at Birmingham Medical Center
The University of Alabama
at Birmingham (UAB)
• The cornerstone of the UAB Health System is the
University of Alabama at Birmingham (UAB)



UAB was established in 1969 as an autonomous university
within the University of Alabama system
It now serves as one of the nation’s top-ranked universities in
research support and higher education and is home of a worldclass medical center that has been serving Alabama for over
50 years
UAB is widely known for top-notch medical education and
innovative medical and scientific research activities
• Participating in Novell Academic Licensing Agreement
(ALA) and Novell Tech Support Premium 600 with PSE
The University of Alabama
at Birmingham Medical Center
• The medical center is part of the UAB Health System

UAB Hospital—908 beds
UAB Kirklin Clinic—30 distinct multidisciplinary clinical units
UAB Health Centers—neighborhood clinics in Birmingham,

The University of Alabama Health Services Foundation—

UAB Eye Foundation Hospital—offering the latest ophthalmic

The University of Alabama School of Medicine—clinical


Hoover, Huntsville, Montgomery, Selma, and Tuscaloosa
a 660+ closed-group physician practice
microsurgery, corneal transplantation, and an emergency
department dedicated to treating trauma to the eye
training programs
Just the Facts…
• The University of Alabama Health System (UABHS)
network is a campus area network consisting of over 685
hubs, routers and switches connecting 55 buildings and
maintaining, on average, over 9,800 active user
connections
• UABHS maintains two parallel network backbones


An ATM LANE network and a Gigabit Ethernet network
Full migration to Gigabit is currently in progress
• 11,000+ users (total), 8,000+ GroupWise users
• 128+ servers (total), 16 GroupWise servers


68 NetWare, 49 NT/2000
3 domain servers, 10 Post Office servers, and 3 gateways
UABHS GroupWise Layout
Primary Domain
UAB
Internet Agent
GWIA1
MSGUAB
Secondary Domain
HSF
MSGHSF
Secondary Domain
HOS
MSGHOS
ADM
SVC
ANC
CLN
MSGADM01
HOSP01
HOSP05
MSGSVC01
HOSP02
HOSP06
MSGANC01
HOSP03
HOSP07
MSGCLN01
HOSP04
HOSP08
MAGADM02
HOSPO09
MSGSVC02
HOSPO10
MSGANC02
HOSPO11
MSGCLN02
HOSPO12
Secondary
Secondary
Domain WEB1 Domain WEB2
MSGWEB2
MSGWEB1
SFM/SVC
MSGHSF01
HSFPO1
HSFPO2
HSFPO5
Internet Agent
GWIA
MSGIA
ANC/CLN
MSGHSF02
HSFPO3
HSFPO4
HSFPO6
GuinNT
GuinNT2
Why Move to GroupWise 6
•
•
•
•
•
•
•
Secure POP/IMAP
Near full-featured WebAccess
Wireless
Backup/restore
GW Server clustering
Improved user move/post office consolidation
Mailbox size restrictions
Pre-Installation—
Do the Homework
• Read
 README.TXT
 Novell
Product Documentation Installation
and Upgrade Manual
 “GroupWise 6 Upgrade Guide”
• By Tay Kratzer and Danita Zanré
• Developed implementation procedures
 Performed
upgrade on test system
 Created check list
Pre-Installation—
Do the Homework
(cont.)
• Prepared the system
 Validated
domains and post offices to be sure no
physical problems exists
 Backed-up each component immediately before the
upgrade
 Copied new startup files to each domain and post
office
• Prepared the users
 Scheduled
a time
 Notified/reminded the users
Installation
• Used installation wizard
 Extended
schema
 Walked through the wizard to upgrade each
component
 Upgraded the entire system at once
Post-Installation
• Rolled-out new GWCheck
• Rolled-out ConsoleOne and new snap-ins
• Flagged GWDOM.DC and GWPO.DC files as readonly
• Obtained new MAC view files from
Support.Novell.com and installed to each PO
• Pushed client
Problems/Gotchas
• WebAccess
 WebServer
would not load
 Installed Field Test File of GW 5.5 Enhancement Pack
Support Pack 3 to work around problem until a fix
was found
• Relay exceptions
 With
GW6, the IMAP or POP client must authenticate
to the server before they can relay
 No other exceptions need be defined
“Upgrading to GroupWise 6
was no more difficult
than applying a GroupWise
Support Pack”
Frank Sinak
UAB Health Systems
turning
principles
into
solutioNs
Getting the Most Out of GroupWise 6
• Proactive System Monitoring
• Server Consolidation
• LDAP Authentication
• The “Internet Office”
Proactive System Monitoring
• Deploy GroupWise Monitor


Use the same HTTP Monitoring password for all agents
Monitor can track legacy agents via SNMP
• Set Thresholds





Queues
Agent Status
Requests Pending
Disk Space
Rebuild/Recover operations
• Start with low thresholds


Monitor with increasing severity
Frequency, magnitude, and duration yield Impact
GroupWise Monitor
MTA
POA
MTA
POA
POA
Connect
to Domain
Database
Poll agents via
XML over HTTP
Alerts
GroupWise
Monitor
WAP
Device
SNMP-based
Mgmt System
Learn more during
Session TUT221
Server Consolidation
• Why Consolidate?




Reduced hardware expense
Reduced administration overhead
Increased administrative responsiveness
The “Internet Office”
• Supporting Features





GroupWise Smart Caching™ mode
Multi-threaded GWCheck
“Live” mode user moves
Disk-space management
GWCheck expire downloaded items
Online Mode vs. Caching Mode
Performance Scalability Thresholds
• Lab Results on a Pentium 1266 system
 The
POA starts to back up at around 570 c/s requests
per second
 Online mode: the 570/sec mark is around 4700 users
 Caching mode: 570/sec is around 14,000 users
• With Caching mode, performance thresholds are
not your limiting factor
Preparation for Server Consolidation
• Deploy GroupWise 6 at the POA and all clients
• Collect Benchmarks
• Apply Mailbox Size Limitations
 Be
generous… just let online users know the space
they are taking up
• Enforce Caching mode
• Run GWCheck with “expire after download”
options
• Collect Benchmarks
Meaningful Benchmarks to Record
•
•
•
•
•
•
•
Post office directory size
Time required for backup/restore
Pending Client/Server Requests
Client/Server Requests per unit of time
Server Utilization
Messages in queues
End-user opinion
• Be sure to tune the server for best GroupWise
performance

TID 10016883, Appendix B
Server Consolidation
• Based on your benchmarks, decide how many
users you can support on a single server
• Consolidate by moving users from multiple post
offices to a single post office
• The GroupWise 6 “Live” move process is 4 times
faster than the 5.5 move process and is
transparent to the end-user
Server Consolidation And The WAN
• Configure for Stability





LAN links should be meshed
WAN links should follow WAN topology
One MTA and domain per server
Immediate Purge ON
Create separate routing domains for GWIA, Async, and
WebAccess as necessary
• Improvements in GroupWise 6



8KB chunk transmission (first appeared in 5.5ep SP2)
Message size-based delay and blocking per link
Message size restriction per user, domain, or post office
LDAP Authentication to GroupWise
Post Office
Agent
Login
Request
GroupWise
6 SP1
Results
GroupWise
Client
GroupWise
WebAccess
LDAP
Server
Credentials
Results
eDirectory
8.5
(or any LDAP v3
Directory)
LDAP Authentication:
Prerequisites and Limitations
• GroupWise 6 SP1 POA, WebAccess, and Client

(client and WebAccess required for interface support of
password expiration dialogs)
• eDirectory 8.5 LDAP Server, with GroupWise users in the
eDirectory 8.5 tree

OR
• User object MAIL attribute synchronization between
GroupWise and the LDAP server of choice
• For full password expiration functionality the POA must
be forced to BIND
LDAP Authentication:
Post Office Configuration
required
recommended
636
leave blank
LDAP Configuration:
Why Leave the LDAP User Name Blank?
• Credential behavior with the LDAP user name and
password


POA will use this user name and password to connect, and then
do a ‘compare’ of the user-provided credentials against the
LDAP directory
‘compare’ does not support expiration of passwords
• Credential behavior without the LDAP user name and
password


POA will use the user-provided credentials to attempt to bind to
the LDAP server.
Password expiration is supported for a BIND connection
LDAP Configuration:
SSL Certificate Use and Requirements
• Why Use SSL?

Without SSL LDAP credentials are passed in the clear—this is
unacceptable, even within your firewall
• SSL Certificate must be a Trusted Root certificate for the
LDAP directory

This is the way the standard is written—it’s an LDAP requirement
• The LDAP SSL Port is 636—required in the address field
Learn more during
Session TUT222
LDAP Configuration: Using an external
LDAP Directory
• By default, the POA will look for the DN-
converted user name (CN=htayler, OU=groupwise,
O=novell)
• If the LDAP directory is not structured like the
tree GroupWise is using, this will fail, and the
POA will fall back on the MAIL attribute.
 This
assumes a meta-directory synchronization tool
(DirXML, anyone?) populating both GroupWise and
the external LDAP directory, so that the GroupWise
email address and the LDAP MAIL attribute match.
Reducing Your Network Costs:
The Internet Office
WAN $$
Corporate
Network
Reducing Your Network Costs:
The Internet Office
Internet
GroupWise 6
Corporate
Network
Supporting Features for
The Internet Office
• SSL Transfer Between Agents
 Securely
traffic
use the Internet as your WAN for POA and MTA
Learn more during
Session TUT222
• POA Proxy-Server Connectivity
 Allow
remote users to connect to the POA without
requiring a VPN or a Live-Remote MTA
The Internet Office:
POA Proxy-Server Connectivity
Client @ IP
Address “X”
Proxy Server @
IP Address “Y”
Requests sent
to address “Y”
Responses sent
to address “X”
POA @ IP
Address “Z”
Requests sent
to address “Z”
Responses sent
to address “Y”
POA Proxy Server Connectivity:
Agent Configuration
required
start here
recommended
For More Information
• GroupWise 6 Best Practices Guide

http://www.novell.com/coolsolutions/gwmag/features/a_best_
practices_guide_gw.html
• GroupWise 6 Deployment Guide

http://www.novell.com/info/collateral/docs/4621213.01/46212
13.pdf
• GroupWise 6 Upgrade Guide


From Tay Kratzer and Danita Zanré
http://www.caledonia.net/update6.html
• GroupWise 5.5 Best Practices Guide

TID 2955576 at http://support.novell.com
Download