WORKSHOPS

NT Server In A NetWare Shop: A Full Course Meal

by Ron Anderson

Syracuse University has made a large investment in deploying and maintaininga Novell-based microcomputer campus network. With good reason-- Microsoft'sNT Server has begun to penetrate our NetWare domain. We have been impressedwith NT Server's ability as an application server and even more impressedwith NT's ability to fit into a NetWare shop and add value to our networkinginfrastructure.

Microsoft offers a cornucopia of built-in, as well as add-on, products forNT Server to entice you to sample its fare--first a nibble, then, why nota whole meal? Lets examine the menu, and perhaps you'll find something tasty.

The Appetizer Introducing any server into a NetWare shop that requireswholesale changes to your NETX- o r VLM-based clients gives most administratorsindigestion. Microsoft knows this as well as anyone, hence NT Server comesequipped with NWLink, Microsoft's IPX/SPX-compatible protocol stack. NWLinkprovides NetWare clients with connectivity to the server end of a distributedapplication via a number of industry standard interprocess communications(IPC) mechanisms, including NetBIOS, Windows Sockets, Named Pipes, Mailslots and Remote Procedure Calls (RPCs). These application interfaces enableapplications to be split or distributed across more than one computer--aclassic client/server scenario.

Microsoft's SQL Server and SNA Server are good examples of distributed applicationsthat can easily fit into your NetWare shop via these mechanisms. Your clientswon't be able to see the NT Server using Slist, won't be able to t ake advantageof NT's file and print sharing or "login" to the NT Server, butthey will have access to the new back-end service without making wholesalechanges to your clients' networkin g components. Still hungry?

Soup and Salad Microsoft's Gateway Service for NetWare is primarilythought of as a way for Server Message Block (SMB) clients (clients basedon the Microsoft family of network products like LAN Manager, IBM's LANServer and so on) to access NetWare Core Protocol (NCP) resources (thatis, NetWare Servers). We've found some other uses for this service thatare more apropos for a NetWare shop.

Do you have roaming users that want access to their NetWare home directorieswhile they're out of the office? NT Server comes equipped with a software-basedcommunications interface, Remote Access Service (RAS), which also servesas a multiprotocol router. RAS permits up to 256 simultaneous remote usersto connect to a single NT Server and access the campus network via IPX orTCP/IP. RAS client software is available free of charge for all of Microsoft'soperating systems and allows clients to connect to the network as remotenodes. Since NT's RAS is based on PPP, any third-party PPP client with anIPX stack would work as well. Couple RAS and the Gateway Service on theNT box with the right software on your users' systems and your roamers willgain authenticated access to their NetWare home directories.

We use RAS at Syracuse University to provide NetWare administrators withremote access to the network for troubleshooting and administration. Thisis especially useful at 3 a.m. on a cold winter's night when the last thingyou want to do is get dressed, climb into a cold car, drive 30 minutes onsnow-covered roads, only to find that unloading and reloading an NLM solvedthe problem. Total elapsed time: one hour, 40 minutes and 10 seconds; 10minutes to wake up, one hour round trip, 10 seconds at the server console,and 30 minutes to get back to sleep. Mileage may vary.

It's great to be able to fir e-up RCONSOLE from home, do the dirty deed andget back to sleep so you are well rested the next day when you lay intothe vendor that sold you the offending NLM in the first place. (Warning :the previous example presupposes that modem users have the NetWare utilitiesthey need preloaded on their home system to avoid a slow, torturous, near-deathexperience.) Of course, remote control products give you similar capabilitiesand we use those as well, but we've found RAS to be a more robust solution,not prone to unexpected freezes or sudden crashes that require a rebootof the host machine that's conveniently locked away in your office.

We've found another use for Microsoft's Gateway Service for NetWare thathelps our NetWare users implement and manage Web pages in a familiar environment.Previously, individual and departmental users had access to creating Webhome pages via a couple of Unix-based Web servers on campus. Our PC usershad to adapt to this service either by learning a Unix editor to createand manage their HTML documents, learning to use FTP to transfer documentsto the Unix host that they had created on their PC or relying on some savvycomputer geek to take their creations and place the m on the Unix host.

Late last year, we made a new service available that enabled our NetWareclients to create and manage their HTML documents right on the NetWare filesystem that they were already using for their day-to-day tasks. We implementedthis new service by creating links via the Gateway Service for NetWare tovolumes on our NetWare servers. The NT box that serves as the Gateway machinealso hosts an NT-based Web server. The Web server enables us to map partsof the Web to the NetWare volumes. We were looking to minimize administrativeoverhead while creating an environment for users that was familiar and easyto use, and we scored big on both counts. You can check this service outat http://sumweb.syr.edu/.

Main Course Up until now we've been talking about NT Server's out-of-thebox capabilities. Micros oft also sells two products, Directory Service Managerfor NetWare (DSMN) and File and Print Services for NetWare (FPNW), to helpfurther integrate NT server into your NetWare shop. Adm ittedly, these productsstart to blur the line between NT Server integration and total replacementof NetWare by NT, but, when viewed with a less jaundiced eye, their potentialvalue to existing NetWare shops is apparent. Each of these products willset you back $99.95.

Unless you've made the move to NetWare 4.1 and NDS, you probably have numerousduplicate accounts on your 3.x servers so your users can get to the resourcesthey need to get their jobs done. Those of you dealing with these multiplepoints of administration know that this situation is less than ideal. Microsoftoffers Directory Service Manager for NetWare (DSMN) to help ease your administrativeburden.

DSMN is a new product that consolidates multiple NetWare 2.x and 3.x binderiesinto an NT domain for a single point of administration. Changes to the accountson the NT domain are replicated back to the NetWare bindery. (Note thatthis is a one-way street; if you were to use SYSCON to change a previouslyconsolidated account on the NetWare box , the NT account will get out ofsync.) To prevent your users from creating out-of-sync conditions, Microsofthas a replacement for SETPASS, Novell's password changing utility. NetWareshops that adopt DSMN must be sure all account changes are made throughthe NT account manager. SETPASS and SYSCON should be removed from migratedservers.

With FPNW, your NT server masquerades as a NetWare 3.12 server. Your NETXand VLM clients won't know the difference. Logins, MAPs and Captures workwith the NT Server, just as you'd expect them to work with NetWare. NetWareshops that have already implemented other features of NT Server might beable to make use of FPNW for that small departmental server that needs tobe deployed. Why not just use the spare processing cycles and extra diskspace of that SNA Server instead of investing in a new NetWare server andlicense?

FPNW introduces an important and not-so-subtle shift away from just thinkingabout integrating NT into your NetWare shop. With FPNW, you can begin tothi nk about NT Server replacing NetWare, which brings us to our final topic:Microsoft's dessert.

Dessert Microsoft has a plan for NT Server that doesn't stop withsimple integration into a NetWare shop. Microsoft's Migration Tool for NetWareprovides a mechanism to migrate your users and their data to NT Server.This product is available out-of-the-box. The migration process is fairlycomplete and includes user and group information, login scripts, and filesand directories with file rights, file attributes and access control lists.The biggest problem with this tool is that passwords are not imported alongwith the rest of the user information. The import tool gives you a numberof options for dealing with this shortcoming: All NT accounts get a blankpassword, the user name is assigned as the password, the same password isassigned to all users and so on, none of which are very appealing.

Besides the problem with setting passwords, you could conceivably migrateyour users overnight, install FPNW, give the new NT server the same nameas the old NetWare server, and the next morning your users would be nonethe wiser that they had just logged into NT rather than NetWare. The MigrationTool for NetWare enables Microsoft to change the stakes from seamless integrationto seamless replacement.

Ron Anderson is the manager of Microcomputer Network Services at SyracuseUniversity. He can be reached via e-mail at rbanders@syr.edu.

March 11, 1996