Novell eDirectory Design and Implementation

Chapter 3: Plan the User Environment

 

Objectives:

This chapter explains aspect of design that relate to users accessing resources. The objectives important to this chapter are on page 3-1:

  1. Create a user accessibility needs analysis document.
  2. Create an accessibility guidelines document.
  3. Create an administrative strategies document.
Concepts:

The chapter opens with two guidelines for design that address daily activities:

  • The user's environment should be managed centrally - this will provide uniformity for the users
  • Management of services and applications should be as simple as possible - this will make your job easier
Create a User Accessibility Needs Analysis Document

You accomplish these ends with the tools described in this chapter. The first step is to assess the users' needs.

  • What physical resources do users need? Where are they located? Which users have common needs?
  • Do users need bindery based (legacy) services or resources? Handle this by placing these resources and users in specific contexts.
  • What applications do users need? Will they need to share data files across WAN links? What about icons they will need on the desktop and applications that should run when they log in?
Create an Accessibility Guidelines Document

Having gathered the information above, you create an accessibility guidelines document, based on the two principles at the start of the chapter. These guidelines are operating procedures for administrators working on this network. Examples are given on pages 3-10 through 3-12 of guidelines for several "topics" relating to the creation and placement of objects and to the granting of rights. This document will be useful in training new network staff, and in attaining uniformity. It should state when to use each of the following objects:

  • Container Policy Package - these objects should be placed as high as possible, but you should consider having one for each location
  • User Policy Package - remember that these policies affect what applications users can see and run; place them near the users who will use them
  • Application objects - don't span the WAN
  • Group objects - groups should be limited to 1500 users (or less) who are all at the same location
  • Profile objects - profile objects (and their scripts) are more useful when users are not in the same containers
  • Organizational Role - at least one, used for network administrators and their backups
  • Directory Map objects - list these in your document for those used in the whole network
  • Alias objects - the text suggests making rules for when to use them
  • User login scripts - when is it necessary to use this, as opposed to a container or profile script?
  • IRFs for Containers - rules should be established for blocking rights
  • Drive Mappings - common drive pointers should be chosen for common directories
  • Security Precautions - make rules about who is to be given Supervisor rights to objects
Create an Administrative Strategies Document

Page 3-15 begins the discussion of the administrative strategies document. Seven topics are listed. The goal for this document is to finalize the rules by which this network is administered:

  • Design a strategy for legacy network services - although the general advice would be to get rid of bindery based resources as soon as possible, the advice here is to pay attention to where the resources are located and to who needs those resources
  • Specify a standard file system structure - as noted above
  • Specify client configurations - as noted above
  • Design a strategy for mobile users - you should know that Novell makes a distinction between a remote user (who simply accesses the network remotely) and a mobile user. The mobile user needs access to resources at the usual network, and at the network where he/she is currently located. Six options for addressing the needs of mobile users are offered:
    • Location profiles - You can save the information from a user's specific login into a location profile.
    • VPN Client - A VPN client is a dial-in client that uses the Point-to-Point Protocol (PPP) to connect to a slave or master VPN server.
    • Contextless login - this allows a user to log in to a system with only a user name and Tree name. It depends on eDirectory Catalog Services to work. It would make it easier for a mobile user, by not having to remember their context.
    • Knowledgeable user login - a user who understands eDirectory could be instructed to always log in with their distinguished name.
    • Alias object - this could be an alias for the user object, placed high in the Tree, to make it easy to remember that context.
    • Login scripts - these would likely be user scripts, granting the specific accesses each mobile user needs.
    • Client configuration - setting the the context and preferred server in the client will save the user some work.
  • Create security guidelines - this section recaps what has gone before about administration. Some newer concepts are the Password Admin (who has the ability to reset passwords) and the Special Use Admin (who administers servers not under control of the regular NetWare administrators). Page 3-25 offers a table of settings that are recommended for user objects. These settings should be considered, but not adopted blindly, since your users may have network needs that vary from the average users.
  • Specify common login scripts - as noted above
  • Specify ZENworks object configurations - as noted above