260 likes | 395 Views
Novell Directory Services Presented by: Yunchuan Zhang Date: Nov 10 1999. Introduction. NDS LDAP DNS/DHCP. NDS:. Novell Directory Services (NDS) is a full-function directory service that is based on the X.500 international standard.
E N D
Novell Directory ServicesPresented by: Yunchuan ZhangDate: Nov 10 1999
Introduction • NDS • LDAP • DNS/DHCP
NDS: • Novell Directory Services (NDS) is a full-function directory service that is based on the X.500 international standard. • Although NDS is very closely aligned with X.500, there are some differences between the two. NDS chose to implement LDAP over the heavyweight Open System Interconnection defined by X.500.
Directory Service • A directory is a listing of information about objects arranged in some order that gives details about each object. • In computer terms, a directory is a specialized database, also called a data repository, that stores typed and ordered information about objects. • Directories allow users or applications to find resources that have the characteristics needed for a particular task.
Directory Service • Database of objects • Manages relationships • Authorization
Difference A directory is often described as a database, but it is a specialized database that has characteristics that set it apart from general purpose relational databases. One special characteristic of directories is that they are accessed (read or searched) much more often than they are updated (written).
Database of objects • An object-oriented database representing network users and resources. Within each object is stored specific information about the individual user or network resource. • Objects are structured hierarchically in a directory tree which provides the framework that can be organized the way your resources are organized.
Manages relationships Every user and resource has relationships with other users and resources on the network. A directory controls the relationships between people and machines and between one machine and another.
Authorization Once a user is authenticated, the network allows the authenticated user to manage or use network resources he or she has rights to. Rights are distributed globally, organizationally or across workgroups and then managed by exception at the individual user levels.
LDAP • Lightweight Directory Access Protocol (RFC- 1777) defines a standard method for accessing and updating information in a directory. • LDAP is gaining wide acceptance as the directory access method of the Internet and is therefore also becoming de facto standard access method for directory information. • LDAP provides an extendable architecture for centralized storage and management of information that needs to be available for today's distributed systems and services.
LDAP LDAP is based on the client/server model of distributed computing.The request is performed by the directory client, and the process that looks up information in the directory is called the directory server. In general, servers provide a specific service to clients. Sometimes a server might become the client of other servers in order to gather the information necessary to process a request.
LDAP Architecture LDAP defines the content of messages exchanged between an LDAP client and an LDAP server. The messages specify the operations requested by the client (search, modify, delete, and so on), the responses from the server, and the format of data carried in the messages. LDAP messages are carried over TCP/IP, a connection-oriented protocol; so there are also operations to establish and disconnect a session between the client and server.
LDAP Architecture • The directory stores and organizes data structures known as entries. A directory entry usually describes an object such as a person, a printer, a server, and so on. • The entries can be arranged into a hierarchical tree-like structure based on their distinguished names. This tree of directory entries is called the Directory Information Tree (DIT). • Each entry contains one or more attributes that describe the entry. Each attribute has a type and a value.
LDAP C/S Interaction • The client establishes a session with an LDAP server. This is known as binding to the server. • The client then performs operations on directory data. LDAP offers both read and update capabilities. Searching is a very common operation in LDAP. • When the client is finished making requests, it closes the session with the server. This is also known as unbinding.
NDS Core Services • NDS Manager Partitioning and replication services for NDS on a NetWare server. NDS Manager allows the administrator to partition the tree for optimal replication. • DNS/DHCP Integrating DNS and DHCP with NDS, tying network resources together into a single, trusted system.
DNS/DHCP Novell DNS/DHCP Services is standards-based software that integrates the Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) into Novell Directory Services (NDS). DNS/DHCP Services also supports Dynamic DNS (DDNS), which dynamically updates the host name database with new IP addresses. DNS/DHCP Services extends the NDS schema and enables you to centrally administer and manage IP addresses and host names through NDS.
DNS/DHCP NDS is a highly fault tolerant and secure environment. By using NDS as the configuration and address/name assignment database, standard replication features make the data available across the network. This provides the concept of 'virtual' DNS and DHCP servers within NDS, which allows for a high degree of fault tolerance if existing DNS servers are unavailable.
DHCP • DHCP is a client/server protocol that automatically assigns and tracks IP addresses and other configuration data in network devices. • DHCP uses the concept of a "lease" or amount of time that a given IP address will be valid for a computer.
DHCP The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It's especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. DHCP supports static addresses for computers containing Web servers that need a permanent IP address.
Benefit of this Integration • Simplifies IP address and name management through NDS • Ensures high fault tolerance through NDS • Creates secure environment for DNS and DHCP data • Automates IP address assignment and host name updates
The advantage of NDS • The hierarchical database structure of NDS reduces network traffic and makes your searches and operations fast and efficient. • NDS uses an authentication service based on the RSA public-key/private-key encryption technology. This authentication mechanism uses a private key attribute and a digital signature to verify a user's identity. Authentication is session-oriented and the client's signature is only valid for the duration of the current session.
The advantage of NDS • Fault Tolerant and Accessible: NDS is a fully distributed and replicated database. By segmenting the NDS database into manageable pieces (partitioning) and distributing it across the network (replicating) fault tolerance is achieved. NDS partitions are copied or replicated across the entire network as many times as necessary. If a primary or master partition is lost, the network begins using other copies of the partition.
The advantage of NDS • Improves manageability with inherited rights. • Simplify the configuration and management of network.
Conclusion • A directory that is accessible by all applications is a vital part of the infrastructure supporting a distributed system. • Directory based system can tie all the network levels together and make the network easy to use and easy to manage, provide more powerful and flexible services.
Related document: http://www.novell.com/whitepapers/nw5/nds.htmlhttp://www.novell.com/whitepapers/nds/whitepaper.htmlhttp://www.novell.com/whitepapers/nw5/dns_dhcp.html http://www.redbook.ibm.com/ http://www.cs.odu.edu/~yczhang/cs875/cs875.ppt