background image

Executive Dashboard Security Principle Object

To secure the Executive Dashboard, File System Factory™ uses Security Equivalence to
determine who has rights to login to the Executive Dashboard. To accomplish this, File
System Factory™ supports any object type that supports security equals to (e.g. group
and organizational role objects).

Novell File System Factory™ Administrator’s Guide

 

© 2002-2005 Condrey Consulting Corporation. All Rights Reserved.

57

Summary of Contents for FILE SYSTEM FACTORY 1.2.1 - ADMINISTRATION

Page 1: ...Novell w w w n o v e l l c o m File System Factory 1 2 1 A u g u s t 3 0 2 0 0 5 A D M IN I S T RA T IO N GU ID E...

Page 2: ...y or fitness for any particular purpose Further Condrey Consulting Corporation reserves the right to make changes to any Condrey Consulting Corporation software product described herein at any time wi...

Page 3: ...s a trademark of Novell Inc Novell Directory Services is a trademark of Novell Inc Client32 is a trademark of Novell Inc ConsoleOne is a trademark of Novell Inc DirXML is a trademark of Novell Inc eDi...

Page 4: ...er 20 Installation and Configuration Verification 20 Applying a Policy to Existing Users 21 10 Management Interface 22 Accessing the Management Interface 22 Using the Management Interface 24 11 Policy...

Page 5: ...Template Summary 73 17 Mass User Testing 74 18 Universal Resource Access 75 19 Home Directory Deployment Scenarios 77 20 Collaborative Storage Management 79 Collaborative Storage in Business 79 Collab...

Page 6: ...king groups Designed for the real world from the inside out Novell File System Factory is built on procedures proven in real world environments In the real world target servers die volumes dismount ro...

Page 7: ...p storage As a result your business can simplify access and management of storage based on users identities Regardless of how you create move or delete user and group accounts in the directory Novell...

Page 8: ...cess By using File System Factory to make storage creation and management a separate but linked component of the user provisioning process organizations are now free to adopt and migrate to the new pr...

Page 9: ...ents are sent to a server running the File System Factory action engine component If the engine determines that a Policy has been associated directly or indirectly with the object being created modifi...

Page 10: ...l as a default trustee assignment and optionally an initial quota and copy template path 2 Then the Policy is assigned or associated with one or more objects in the tree such as a container 3 The even...

Page 11: ...g NLM FSF_EVENT Supported on the following platforms 5 1 5 1 6 0 6 0 6 5 6 5 NetWare 5 1 SP6 or later NetWare 6 0 SP4 or later Action Engine NLM FSF_ENGINE Supported on the following platforms 6 0 6 0...

Page 12: ...objects now displayed in selection interface New return code added to correctly process member and owner events New features and enhancement include Changes and additions to backfill operations see c...

Page 13: ...use To gain access send an email request to fsfdev novell com New Features in Version 1 2 Novell File System Factory 1 2 has been updated to the Novell common web interface skin It also has many new...

Page 14: ...ile system see section 13 Quota Manager 7Global Event Subsystem Description File System Factory contains an event services component FSFEVENT NLM that intercepts relevant User and Group events in the...

Page 15: ...t System is to require the event monitoring component to run on a server that holds a replica of every partition that contains relevant objects NDS eDirectory is a scalable replicated database that al...

Page 16: ...Add Owner Delete Owner Priority Events New in File System Factory 1 2 user create events received by the FSF engine will be assigned a higher priority than other events This will allow them to be proc...

Page 17: ...o ensure that Policies are applied when events happen no matter what Each transaction consists of a series of steps or states The engine contains a Process Queue that is backed by the file system of t...

Page 18: ...server object of the server it is running on Before you start this section you should take a look at the rights your server already has in the tree Novell gives some server objects Supervisor rights t...

Page 19: ...ngine using a browser If you are unsure of how to do this see section 12 of this document which describes the management interface and how to attach to it 2 At the bottom of the page you will see an e...

Page 20: ...int all components are installed and you have created a Policy and assigned it to a container The children of the container a Policy was originally associated with inherit that Policy File System Fact...

Page 21: ...iner or any sub container 3 Click on the backfill icon beside the name of the container The container management page will be shown 4 Select the Backfill option 5 Click on the Apply Policy button The...

Page 22: ...File System Factory See Chapter 14 Executive Dashboard Accessing the Management Interface File System Factory is managed using a browser The management interface is accessible through the NetWare Rem...

Page 23: ...ports HTTPSTK is listening on You may specify the ports on the HTTPSTK NLM LOAD command as well Also you can force the HTTPSTK to always use SSL connections which will secure the use of the interface...

Page 24: ...hapters 13 14 and 15 for more details on these interfaces Using the Management Interface The options available from the management interface include Admin Dashboard Configure FSF Engine Reports Logfil...

Page 25: ...which the administrator may click on and go immediately to the properties of that policy The summary includes whether the user and or group properties are in use the selected distribution algorithm t...

Page 26: ...details of the pending events Those operations are available in the Manage FSF Engine option Event Statistics The Event statistics page gives a daily view of the same event statistics that are tracke...

Page 27: ...ow Health Check The server health check indicates whether the server running the File System Factory Engine is able to communicate with other servers The areas of concern are the servers running the e...

Page 28: ...n be generated are as follows Disk space usage reports relative to o Users o A specific Policy o Groups o A specific Volume These graphical reports provide information on how much file space is availa...

Page 29: ...If Policy or Volume is selected the appropriate drop down list box will be enabled Select an item from the list Select one or more time frame and press submit to generate the report Novell File System...

Page 30: ...licies If Individual Policy is selected the drop down list box will be activated Select the desired policy and press submit Configure FSF Engine This option allows access to the areas of the product t...

Page 31: ...om the links on the configuration page This information is also available in Chapter 13 Quota Manager and chapter 15 Workflow The details of the Executive Dashboard configuration are available in Chap...

Page 32: ...n a list of the partitions stored on the server and the replica type of each Pending Events Also on the engine status screen is the count of pending events in the engine To see what types of events ar...

Page 33: ...nal information about the event and the object it is working on and some additional options for troubleshooting purposes Each option is explained in detail on the page to assist with troubleshooting N...

Page 34: ...received until the engine is set to accept events again If the light for processing events is not green no events in the queue will be processed If accept is on additional events will be added to the...

Page 35: ...ll Operations Browse the tree Add Organizational Units View or set a home directory quota Browse the file system View Trustee assignments in the file system Perform Consistency Check for user or group...

Page 36: ...o create an Organizational Unit Under the list of all the container objects is an edit field and the AddOrgUnit button Enter the name of the Organizational Unit to add and click the button The organiz...

Page 37: ...ailable to the user Press Back to return to the previous screen Browse the File System Selecting the File button from the Object Management page allows the administrator to view the files and director...

Page 38: ...e selected directory It provides a list of each object with effective rights and identifies how those rights were given i e through a direct trustee assignment thought inheritance or via security equi...

Page 39: ...t interface The user report identifies potential problems or inconsistencies with a set of users and home directory management and the group report shows this information with groups and group storage...

Page 40: ...Novell File System Factory Administrator s Guide 2002 2005 Condrey Consulting Corporation All Rights Reserved 39...

Page 41: ...to them in eDirectory 3 The parent container of the user object 4 The parent s parent container and so on up to the Root Assigning a Policy Directly to a User As mentioned above a user storage policy...

Page 42: ...ven thousands of users which could be gigabytes or even terabytes of data Backfill operations constitute a direct request from the administrator to take these actions See the chapter on Data Migration...

Page 43: ...ach User s home directory Quota Ceiling No If Quota Management is enabled for the policy this specifies the maximum disk space quota the user can have through quota management If zero there is no maxi...

Page 44: ...and assign target paths in the User Properties section but do not assign any paths in the Group Properties section then the Policy has no effect on group events in containers where the Policy is appli...

Page 45: ...leanup user and group disk space based on events in the Directory The design of File System Factory is such that the engine is still able to locate a specific user s home directory after the user has...

Page 46: ...be prompted for approval to modify the 400 pending deletes so that each of them adheres to the new 45 day policy Novell File System Factory Administrator s Guide 2002 2005 Condrey Consulting Corporat...

Page 47: ...lp determine what backfill options need to be run against a given group or container See more details on the consistency checks in section 10 You may perform a backfill operation against a container a...

Page 48: ...ents where users exist in the tree but to this point have not been given personal storage on the network This option is also useful for seamlessly moving user data to other volumes or servers on the n...

Page 49: ...existing quota assignments will be overwritten Set Attributes New in File System Factory version 1 2 1 this option can be used to retroactively set attributes on all user home directories The attribu...

Page 50: ...tional backfill operations using those options This option is useful for introducing legacy users that have a home directory on the network but the directory is not specified correctly in the home dir...

Page 51: ...to individual home directory management To use these options browse to a group and select the bacfill icon On the left menu select Group Storage Management This backfill has its own set of options Nov...

Page 52: ...cation will be cataloged and managed Hint Use this option if the group does not already have storage or if you have previously assigned storage to the home directory attribute of the group Apply Group...

Page 53: ...wise an upper limit maximum may be set The other option determines how the quota is raised by the manager A predetermined amount can be set and the administrator will be able to raise a user s quota b...

Page 54: ...b browser The default URL is http your server name or ip address 8008 FSF HTTP_FSFQuotaMgr or for SSL https your server name or ip address 8009 FSF HTTP_FSFQuotaMgr It will be necessary for the user t...

Page 55: ...ich have quota management enabled Each user will have a stoplight indicator showing what percentage of their directory quota is in use The stoplights are based on directory space available and go from...

Page 56: ...no interval has been set the manager will be able to manually type in the new quota In addition to the quota information the manager can view file statistics based on file extension Statistics include...

Page 57: ...erface for Executive Dashboard will not be available Next select or type in the name of the object which will have rights to use the external interface for the Executive Dashboard See the next section...

Page 58: ...ence to determine who has rights to login to the Executive Dashboard To accomplish this File System Factory supports any object type that supports security equals to e g group and organizational role...

Page 59: ...actory index the common name will be sufficient otherwise a fully distinguished name is required Once logged in the user will have access to those elements of the dashboard enabled in the configuratio...

Page 60: ...is available to the selected report category and how much is actually in use It is possible to select multiple time periods to be able to observe change over time To generate one of these reports sel...

Page 61: ...and the number of users managed by that policy To generate this report select either Individual Policy or All Policies If Individual Policy is selected the drop down list box will be activated Select...

Page 62: ...es The amount of space on the volume the amount of space in use the amount of space available and the percentage free are displayed A status stoplight indicates where space is getting low Novell File...

Page 63: ...and Tom Stuart both report to Bob Smith in the Engineering organization If the File System Factory Policy governing storage for Tom is configured when Tom leaves the organization his home directory c...

Page 64: ...re As discussed above File System Factory leverages the Organizational Structure defined in eGuide See the eGuide documentation for information on configuring and using eGuide File System Factory moni...

Page 65: ...nagement web page that your users commonly access It will be necessary for the user to log in If the user is in the File System Factory index which they will be if they are managed the common name wil...

Page 66: ...ly performs no further actions on the user home directory unless specifically instructed to do so by the administrator No further action is taken until the directory is deleted As is discussed below t...

Page 67: ...can be made where ever needed in the structure For more details see Trustee Management with Group Templates below 4 Set up a File System Factory policy using the group paths and properties Point the...

Page 68: ...s STATEU MRoberts Students STATEU NFrost Students STATEU PJones Students STATEU RBrooks Students STATEU SSmith Students STATEU STimms Students STATEU TJones Students STATEU TSmythe Students STATEU WCl...

Page 69: ...each set of directories created as a result of the application of the Policy For example you may wish to have a proxy user APACHEUSER SYSTEMS STATEU associated with a web server to have rights to a sp...

Page 70: ...rustee assignment to the given file or directory At initial creation of the file system for the group member The specific group member is given the specified trustee assignment to the given file or di...

Page 71: ...READONLY folder 7 Each student should have RWCEMF over his or her personal TURNIN folder 8 Instructors should have RF over all students TURNIN folders 9 Each student should have RF over his or her pe...

Page 72: ...te how or if member owner changes affect things Now suppose that an instructor BSmith staff STATEU is added as an owner Here is the result Notice that the new owner BSmith now has a folder under the i...

Page 73: ...roups You have the opportunity to dynamically populate user home directories with any file and directory structure that you choose This population includes trustee assignments as well as file system a...

Page 74: ...d bulkadd NLM s21 e2499 pbob csales acme a1 Would create the following users bob21 sales acme bob22 sales acme bob23 sales acme bob2497 sales acme bob2498 sales acme bob2498 sales acme Note This NLM i...

Page 75: ...just as the Home Directory attribute of the user object is populated with a path pointer to personal storage URAccess is located in the FACTORY URACCESS directory on the Engine server URAccess is a Wi...

Page 76: ...icking the Refresh button on the menu as shown above URAccess will automatically build access lists from all trees to which the user is currently authenticated Novell File System Factory Administrator...

Page 77: ...ve the Policy applied and be given new managed home directories Scenario 2 Existing Tree No User Home Directories If you already have user accounts in your tree but have not taken the steps to give th...

Page 78: ...ntainers holding the user objects This will apply the Policy to all users in the container as if they were just created Since the users already have home directories File System Factory will catalog t...

Page 79: ...access 8 Communicating with the manager to determine which parts of the storage the manager should have special access to 9 Giving the manager appropriate special access 10 Repeatedly performing steps...

Page 80: ...all classes as well as a per class location for teachers to communicate with parents via the web Create a virtual desk for each student in the class inside the disk space These are just a few of the...

Page 81: ...imited only by your imagination in this area If you skipped the section above on Collaborative Storage in Business be sure to review that section to see how File System Factory can meet the collaborat...

Page 82: ...ool container and configure it so that it points to the server at the school Create the students in the appropriate container based on the school When students are promoted say from Middle School A to...

Page 83: ...age She would like to do this now using 5 NetWare 5 1 servers that she runs She is somewhat hesitant about doing this now given that she anticipates installing a 3 node NetWare 6 0 server cluster conn...

Page 84: ...user that owns the data and the integrity of the data itself is not impacted Simply copying the data to the new location and deleting the data in the old location is not good enough What if files are...

Page 85: ...anizations and Organizational Units which have a File System Factory policy applied are moved or renamed a backfill operation will have to be performed to restore continuity in File System Factory Nov...

Page 86: ...End of Document Novell File System Factory Administrator s Guide 2002 2005 Condrey Consulting Corporation All Rights Reserved 85...

Reviews: