Identity Based Storage
Management
Novell File System Factory
Douglas Ouzts
Condrey Consulting Corporation
douzts@condreyconsulting.com
The one Net vision
:
:
:
Novell exteNd™
:
Novell Nsure™
Novell Nterprise™
Novell
NgageSM
Novell Nsure™
Novell Nsure solutions take identity management to a whole new level.
Novell Nsure gives you the power to control access so you can
confidently deliver the right resources to the right people — securely,
efficiently, and best of all, affordably.
2
The one Net vision
:
:
:
Novell exteNd™
:
Novell Nsure™
Novell Nterprise™
Novell
NgageSM
one Net: Information without boundaries…where the
right people are connected with the right information
at the right time to make the right decisions.
3
Agenda
• Introduction to Condrey Consulting Corporation
• Identity Based Storage Management
•
•
File System Factory Overview
File System Factory Technical Components
• IUAdmin - Web Based Access and Management
• AuditLogin – Who’s Accessing Storage
• TrustFun – File Rights & Trustee Analysis
• Live Demo
• Q&A
4
Condrey Consulting Corporation
Company Overview
• David Condrey – Owner and CEO
• US Software Engineering Corporation based in Greenville, SC
• Customers in 33 countries representing Commercial, Fortune
1000, State & Federal Government, Military, Healthcare,
Higher-Ed and K12
• Well known and respected by customers, especially in the
academic market
• Well known at Novell – Model Partner
• Invested in the future of Novell
5
Condrey Consulting Products Overview
• Novell File System Factory™ – Novell Nsure - Novell Price List
•
•
•
Identity Based Storage Management
Ties Provisioning to the NetWare OS – Event Driven and Policy Based
Lifecycle Content and Data Management
• IUAdmin™
•
•
•
•
Policy Based Personal and Collaborative Storage Access
– Integrates with File System Factory™
– Integrates with exteNd Portal, Virtual Office and iChain
Web Based Access to Personal and Group Content
Web Based Help Desk Administration
Web Based User Self-Service and Password Reset
• AuditLogin™ and TrustFun
•
6
Who’s Accessing Storage and What Rights Do They Have?
- Login/Logout - Date, Time,Workstation
- Trend Reports and Graphs
- File and Directory Rights Analysis
File System Factory Education Customers
• University of Kentucky – 43,000 users
• Northern Illinois University – 67,000 users
• Minnesota State Colleges & Universities – 93,000 users
• Charleston County Schools, SC – 42,000 users
• University of Georgia – 60,000 users
• Embry Riddle University – 12,000 users
• Hemet School District, Los Angeles
• Grand Rapids Community College
• Savannah Chatham County Schools, Georgia
• Douglas County Schools, Georgia
• Newton County Schools, Georgia
7
More File System Education Customers
•Northwestern Michigan University
•Old Dominion University
•Madison Area Technical College
•Waukesha County Technical College
•Blackhawk PA School District
•Marysville Village Schools
•Spearfish School District
•Maine Township High School District
•Waubonsee Community College
•Western Illinois Univeristy
•Escondido Union High School District
•Sutton Public Schools
8
•Escondido Union High School District
•Sutton Public Schools
•Ramaz School
•Augsburg College
•Southwestern Community District No. 9
•Le Moyne College
•Macon County R-1
•Grant MacEwan College
•Clemson University
•Community Consolidated School
District – Illinois
•Ramaz School
•Augsburg College
Sample of Education Customers Leveraging
File System Factory, IUAdmin and AuditLogin
9
Identity Based Storage Management
The Challenge
Do you give all your users home directories?
•
•
•
If you do, how do you manage the disk space?
Do you evenly distribute the disk space? Criteria?
How do you manage growth?
If you do give your users home directories, how do you
clean them up? How extensible is it?
Do you give ALL your groups of users collaborative
storage space?
•
•
•
•
11
Business: All working groups?
Education: All sections of all classes?
Do you evenly distribute the disk space?
How do you manage growth? Cleanup?
Creating and Managing
eDirectory Objects
®
App
LDIF
LDAP
PS
12
IDM
Datafile
Datafile
UIMPORT
Custom or
3rd Party
eDirectory
File System Factory
Philosophy and Mission
A New Philosophy
Point your tree…
…at your disk…
…and be done with it.
14
Mission #1
Automatic disk space for ALL Users!
15
Mission #2
Automatic disk space for EACH Work Group!
16
Solution
Yeah, we can do that…
We
create it,
manage it,
and most importantly…
17
clean it up!
Solution
All you have to do is create the objects…
…any way
you want…
…we’ll handle the rest!
18
What is File System Factory?
Identity-Based Storage Management
ZENworks
for
Desktops
Peoplesoft
BorderManager
Identity Mgr
PeopleSoft
Driver
eDirectory
Identity Mgr
AD
Driver
Active
Directory
NetMail
FSF
Driver
LINUX
• Policy Based, Event-Driven
• Control it with ZENworks®
like policies.
• Load balancing
20
NetWare
NetWare
• Storage creation
• Storage management
• Storage cleanup
• Personal user storage
• Group storage
Novell File System Factory Overview
Automatic NetWare® storage which provides access from Windows,
Mac, UNIX, and the Web.
Relieves disk management headaches.
All Namespaces
Traditional and Novell Storage Services™ (NSS) supported
Built on procedures proven in “real world” environments.
Load balancing.
Automated policy based data Migration between servers
Cleanup (everybody’s pain point) is now automated based on policy.
Executive and Administrative Dashboard
Employee Data Manager (Workflow)
Web Based Quota Manager
Web Based File System Rights Analysis
21
File System Factory
Storage Management based on Policy and Events
Identity Mgr
DirXML 1.x
LDAP
Policy
UIMPORT
ConsoleOne
Manage
iManager
NWAdmin
Custom/3rd
File
System
Factory
iManager
LDIF
22
eDirectory
Events
Use multiple
account
Move to
provisioning
modern
methods
provisioning
concurrently
technology
without
without
worrying
worrying
about
aboutfile
file
storage.
storage.
Provision
Move to newer
LDAP tools and let
policy govern
ConsoleOne
storage
NWAdmin management
instead of
helpdesk or
Custom/3rd
local admins.
You Create and Manage objects any way
you want, FSF will handle the file system.
Coming up Next
File System Factory for:
Microsoft
Active Directory
Linux
23
Provision and De-Provision Storage for
Netware, Active Directory and Linux
ZENworks
for
Desktops
PeopleSoft
BorderManager
Identity Mgr
AD
Driver
Identity Mgr
PeopleSoft
Driver
Active
Directory
eDirectory
NetMail
LINUX
FSF
NetWare
24
NetWare
FSF
Methodology
FSF Methodology
New workflow component allows
employee’s manager to review,
reassign, or vault user data prior to
deletion.
Algorithm: Random Balance
Rights: RWCEMFA
Quota: 150 MB
Template: SERV1/VOL1:Procedures
DelWait: 90 Days
Digital Air
Work
New York
•Create
•Rename
•Delete
Policy
Atlanta
BJones
BSmith
Copy
SERV1/VOL1:Procedures
26
Target
File Systems
RWCEMFA
BSmith
BJones
150MB
Policy Assignment & Data Migration
Jefferson
Employee
Students
Other
Sunshine Elem
Lincoln Middle
Riverside High
BSmith
•
BSmith
Seamless
• Fault-tolerant
• Safe
Scheduler – 9:00PM
Policy
Policy
BSmith
25MB
27
Policy
BSmith
50MB
Northern Illinois University
Data Migration - Backfill
NIU
Faculty
Students
Other
BSmith
RJones
KJackson
Admin issues Backfill
with “Enforce Policy
Paths” option, which
will move data.
RJones
KJackson
RCroom
NCS
DWyatt
Pentium Pro 200’s –
Policy
0 Users
67,672
Users
28
RJones
BSmith
KJackson
RCroom
BSmith
RCroom
DWyatt
DWyatt
Data Migration Scheduling
29
Policy Assignments
can be made via:
File System Factory Web Interface
LDAP
Nsure Identity Manager
NDK Application
CN=BSmith
Surname=Smith
StudentID=123456789
cccFSFactoryPolicy=Riverside.Schools.Jefferson
30
Collaborative Storage
Why is this Important?
Sharing data and working together is what networks are
all about.
Yet in most environments, managing shared disk storage
is the most manual process in the shop.
•
This means it’s resource intensive.
•
This means it is not managed in a timely manner.
•
This means that many times collaborative storage just
does not happen.
Why do we have this network again?
32
Policy Definitions
Paths
Quota
Rights
Template
…
DeleteWait
33
Policy Definitions
cccFSFactoryHomedir
34
Home Directory
Paths
Paths
Quota
Quota
Rights
Rights
Template
Template
…
…
DeleteWait
DeleteWait
Business
FSF Group Policy Example
Algorithm: Random Balance
Rights: Template
Quota: 500 MB
Template: SERV1/VOL1:ProjectFiles
DelWait: Never
Assign Policy to Projects Container
ACME
Projects
Create Project
Group Object
Engineering
ATL-BLDG-1 Automatically Create Project Storage and Assign Policies
Copy Project Files from Template
Copy
SERV1/VOL1:ProjectFiles
35
Target
File Systems
Policy
Sales
ATL-BLDG-1
150MB
Education
Group Policy Example
Algorithm: Random Balance
Rights: none
Quota: 500 MB
Template: SERV1/VOL1:Courses
DelWait: 90 Days
Assign Policy to Courses Container
Jefferson
Courses
Create Course
Group Object
Employee
Student
Target
File Systems
SPAN340-001 Automatically Create Group Storage and Assign Policies
Copy Course Files for Each Student from Template
Copy
SERV1/VOL1:Courses
36
Policy
SPAN340-001
150MB
Group Policy Templates
Configuration Steps
Create
Group
Object
SPAN340-001.MS.COURSES.STATEU
Create FSF Group
Policy Using the
FSF Management
Interface
Create eDir
Objects
Create
Template
Assign
Rights to
Directories
37
Assign
Members &
Owners to
the Group
Group Policy Templates
Assign Students as Members and Instructors as Owners
Members
JSmith.Students.STATEU
MRoberts.Students.STATEU
NFrost.Students.STATEU
PJones.Students.STATEU
RBrooks.Students.STATEU
SSmith.Students.STATEU
STimms.Students.STATEU
TJones.Students.STATEU
TSmythe.Students.STATEU
WClark.Students.STATEU
38
Owners
ABelcher.Staff.STATEU
KAlesanto.Staff.STATEU
Group Policy Templates
File System Factory
Automatically Provisions
Storage for Students and
Instructors
39
Universal Resource Access
(URAccess)
Where’s my stuff?
Users need an easy way to find their storage
…even if you need to move it.
Personal Storage and Group Storage.
Map a Drive? There’s only so many letters in the alphabet.
Login Script Management is a headache for group storage.
41
URAccess
End-User tool for dynamically building personalized access
links to storage.
Leverages Home_Directory user attribute for personal storage.
Leverages cccFSFactoryHomedir group attribute for shared storage.
Creates a local set of UNC paths and description presented to the
user in a Windows UI.
Like App-Launcher for ZENworks, except provides access to storage.
List can be refreshed at any time.
Supports multiple tree connections.
42
URAccess
BOB.USERS.ACME
Home Directory
CLUST1/USERVOL6:USERS\BOB
SecEqual
EVERYONE.ENGR.ACME
BIG PROJECT.ENGR.ACME
MANAGERS.ENGR.ACME
SMALL PROJECT.ENGR.ACME
EVERYONE.ENGR.ACME
cccFSFactoryHomedir
SERV6/GVOL:ENGR\EVERYONE
cccResource*
http://www.IEEE.com
NWCCGetAllConnRefInfo()
*requires IUAdmin™
43
URAccess
44
Executive and Admin Dashboards
Executive Storage Dashboard
Storage Trends on User and Group Policies
46
Administrative Storage Dashboard
Event Statistics
Storage Health Check
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFExecutiveDashboard.
47
Web Based Quota Manager
Web Based Quota Manager
Policy Configuration
49
Quota Manager – Help Desk Interface
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFQuotaMgr
50
Quota Manager – Help Desk Interface
Green = space available > 25% of quota
Yellow = space available < 25% of quota
51
Red = space available < 10% of quota
Quota Manager – Help Desk Interface
52
File System Rights Analysis
File System Rights Analysis
54
Rights Analysis
OWNERS
MEMBERS
55
Employee Data Manager
Workflow
Novell eGuide Manager
57
Policy Configuration
58
Employee Data Manager Interface
59
Identity Based Storage Management
ZENworks
for
Desktops
PeopleSoft
BorderManager
Identity Mgr
AD
Driver
Identity Mgr
PeopleSoft
Driver
Active
Directory
eDirectory
NetMail
LINUX
FSF
NetWare
60
NetWare
FSF
Technical Overview
What are the requirements?
NDS/eDir
Any Novell supported version of NDS® or eDirectory
(6.xx, 7.xx, 8.xx, 85.xx, 8.6.x, 8.7.x)
FSF_Event
NetWare 5.1 SP6 or later
NetWare 6.0 SP4 or later
NetWare 6.5 or later
FSF_Engine
NetWare 6.0 SP4 or later
NetWare 6.5 or later
NetWare
NetWare
NetWare
NetWare
NetWare
62
4.x SP9 or later
5.0 SP6a or later
5.1 SP6 or later
6.0 SP4 or later
6.5 or later
Global Event Subsystem
and Transaction Tracking
A
B
C
FSF_Event
FSF_Event
FSF_Event
Event DB
FSF_Engine
63
The State Machine Architecture
“Neither rain, nor snow, nor sleet, nor gloom
of delayed DS synchronization shall stay this
system from the swift (or eventual)
completion of its appointed tasks…”
DS is replicated.
Servers go down for maintenance or other reasons.
Routers die.
Fiber is dug up on occasion.
…That’s real life.
64
The State Machine Architecture
Server R1
Server R2
Server R3
SALES.ACME
SALES.ACME
SALES.ACME
FSF-EVENT
Event:
AddUser
Server Z
Server E
FSF-ENGINE
65
+RWEMFA
Actions and States
Add User
#define FSF_ACTION_NEW_USER 4000
#define FSF_ACTION_NEW_USER_STATUS_WAIT_TO_SEE 4010
#define FSF_ACTION_NEW_USER_STATUS_WAIT_FOR_POLICY 4013
#define FSF_ACTION_NEW_USER_STATUS_GET_POLICY 4016
#define FSF_ACTION_NEW_USER_STATUS_WAIT_FOR_PATHS 4018
#define FSF_ACTION_NEW_USER_STATUS_PICK_LOCATION 4020
#define FSF_ACTION_NEW_USER_STATUS_NO_PATHS 4021
#define FSF_ACTION_NEW_USER_STATUS_CREATE_DIRECTORY 4030
#define FSF_ACTION_NEW_USER_STATUS_SET_OWNER 4035
#define FSF_ACTION_NEW_USER_STATUS_APPLY_TRUSTEE 4040
#define FSF_ACTION_NEW_USER_STATUS_SET_QUOTA 4050
#define FSF_ACTION_NEW_USER_STATUS_COPY_TEMPLATE 4060
#define FSF_ACTION_NEW_USER_STATUS_SET_HOMEDIR_ATTRIBUTE 4070
#define FSF_ACTION_NEW_USER_STATUS_SET_MESSAGE_SERVER_ATTRIBUTE 4075
#define FSF_ACTION_NEW_USER_STATUS_USER_EXIT 4080
#define FSF_ACTION_NEW_USER_STATUS_NORMAL 4090
66
State and the Process Queue
Server R1
Server R2
Transaction #
Event Type
Status State
FSF-EVENT
FSF-EVENT
FDN
ObjectCreated
Server E
EventTriggered
TargetPath
ObjectDeleted
…
67
FSF-ENGINE
Web Based Access and Management
Internet User Administrator
IUAdmin™
IUAdmin™
• Web Based Access to Netware Personal Home Directory Storage
Managed by File System Factory Policies
• Web Based Access to Collaborative Group Storage Based on
File System Factory Policies
• Integrate with Novell Extend Portal, Netware 6.5 Virtual
Office Portal and Novell iChain
• User Self Service
•
Self-Service Password Reset
•
Let Users Optionally fix their own problems
• Help Desk Administration
Intruder Lockout
Grace Logins
Login Disabled
Account Expired
69
•
Location and Departmental based Help Desk
•
Help Desk Group Management
•
User Help Indicators Identify Account Problems
IUAdmin™ Web Based Access & Management
Personal
Storage
User Self
Service
(each can be
disabled)
Personal
And Group
Storage Access
Help
Desk
(these options
are not seen
by the end
user interface
– only the
admin
interface.)
70
Group
Storage
Managed By File
System Factory
Events & Policies
IUAdmin Help Desk
71
IUAdmin™ Architecture
•
Built on top of Novell’s HTTPSTK..no webserver
to install or configure.
•
SSL connections for security.
•
Contextless Login.
•
No schema extensions. However
optional extensions are provided
for increased functionality.
•
Runs on Netware 5.1 or above with
any version of eDirectory.
Other products provide
Management Paks that plug in
to the architecture.
72
User Self
Service
File
System
Access
File
System
Factory
Help
Desk
IUAdmin
Core
Architecture
File
System
Mgt
Resource
Mgt
AuditLogin ePortfolio
Trustfun
Security - Audit Access & Rights Analysis
AuditLogin™
TrustFun™
AuditLogin™
• Audits all objects in tree in a single operation
•
No configuring multiple containers.
• Logs are automatically cleaned up based on user parameters
• Logs from all servers are consolidated into a single set of
comprehensive files.
• Log files are simple text files that can be easily searched or
imported into other programs for trends analysis.
• 5 minute installation.
Currently
• Self-Maintaining based on user options.
Installed in 33
Countries
• Multiple log formats supported.
• Remote server configuration from Windows workstation.
• Graphing subsystem that supports multiple servers
concurrently on a single graph.
74
AuditLogin Graph
75
AuditLogin - Log File Report
76
TrustFun - Rights & Trustee Analysis
Win32 Application
77
TrustFun Report
78
Trustee Assignment Detail
79
Tying it all together
GroupWise®
eDirectory™
User
ZENWorks™
NetMail
UIMPORT
File System
Factory™
LDAP
IDM
Console
One
Employees
User
Web Based
File Storage Access
Help Desk
Self Service
Password Reset
Novell
iChain
Identity Based Storage Management
Home Directory Management
Group Storage Management
Web Based Quota Management
File Rights & Trustee Analysis
Exec and Admin Storage Dashboards
Employee Data Manager (Workflow)
IUAdmin™
AuditLogin™
User
80
AuditLogin
Report
& Graph
DEMO
•
•
•
•
•
•
•
•
•
•
•
•
82
File System Factory Initial Installation
Review of Management Interface
Backfill Existing Users - Create a User Policy
Move Users to new location – Move Files
Rename User
Delete User – Clean Up Files
Group & Course Policies – Business & Education Example
Rights and Trustee Analysis
URAccess – Access to Group Storage – No Drive Mappings
Quota Manager Interface
Executive Dashboard Interface
IUAdmin – Web Based Access and Management
For More Information
83
•
Visit www.novell.com/products/filesystemfactory
•
Visit www.filesystemfactory.com
•
Discuss on the FSF forum at http://support.novell.com/forums/
•
Send product questions/suggestions to FSFDev@novell.com
•
Visit www.condreyconsulting.com
•
Talk to your Local Account Team or Business Partner Rep
•
50% Off Promotion for VLA, CLA and MLA Customers