NOVELL CERTIFIED PROFESSIONAL
Novell BranchManager for NT
Reaching Out to Branch Offices
t is a fact: Over the past few years, Windows NT server in-
I stallations have proliferated. According to industry analysts,
however, the new Windows NT server installations have not
TAKING THE PAIN OUT OF WINDOWS NT MANAGEMENT
If you are familiar with even one of the products included
with Novell BranchManager for NT, you can predict how the
replaced existing NetWare servers. Instead, industry analysts’ re- entire solution can make managing remote Windows NT servers
search show that companies are installing these Windows NT easier. If you are not familiar with the Novell BranchManager
servers as branch office and departmental servers. (“Server Op- for NT products, the following sections provide a brief overview:
erating Environments: 1998 Worldwide Markets and Trends.”
You can view the abstract of this article by visiting http://www. NDS for NT 2.01
idc.com and searching for document 16107.) Many companies NDS for NT 2.01 integrates Windows NT domains with
have adopted NetWare and Novell Directory Services NDS. You can then manage all aspects of the Windows
(NDS) as the network solution at their company NT domains through NDS. For example, you can
headquarters and have chosen Windows NT Ser- manage all Windows NT users and groups
ver as an application server at the branch or through Novell’s NetWare Administrator
departmental level. Companies are typically (NWADMIN) utility. The NWADMIN
using Windows NT servers to run personal utility gives you a global view and cen-
productivity and off-the-shelf applications. tralized management of the entire net-
If you are responsible for managing work—including multiple domains.
Windows NT servers in such an environ- If you prefer, you can still use Micro-
ment, you are probably no stranger to soft’s User Manager utility to create
airports, late nights, and stress. To make users, and NDS for NT 2.01 will redi-
it easier to manage those Windows NT rect the changes to NDS. Unlike the
servers, Novell recently released Novell NWADMIN utility, however, the User
BranchManager for NT. Manager utility does not provide a global
view of multiple domains: You must view
SAME PRODUCTS, LOWER PRICE and manage domains individually.
Novell BranchManager for NT is a combina- NDS for NT 2.01 also lets you manage
tion of several existing products that make remote Windows NT file shares through NDS—again
Windows NT servers easier to access, easier to manage, saving you the time and expense of managing these
and more fault tolerant. Novell BranchManager for NT inte- file shares through Windows NT utilities. Using the NW-
grates remote Windows NT servers into your company’s existing ADMIN utility, you can set up and manage users’ access to the
NDS network. You can then manage these servers from a central file systems on both NetWare and Windows NT servers.
location just as you manage the rest of the NDS network. As a If your company has a TCP/IP network, you can easily add
result, you save countless management hours and expenses. NDS for NT 2.01, which now supports pure IP.
Novell BranchManager for NT includes the following NDS for NT 2.01 also makes it easier for users to access a
products: mixed network. After you install NDS for NT 2.01 on your
company’s Windows NT servers, each user has one global
• NDS for NT 2.01 identity for the entire network. Each user enters only one user-
• ZENworks 1.1 name and password to access both the NetWare and Windows
• BorderManager Authentication Services 3.0 NT platforms.
• ManageWise Agent for Windows NT Server 2.6 Of course, this single global identity also saves management
time and costs. Since users must remember only one username
Novell BranchManager for NT is available for approximate- and password for both platforms, you will spend less time chang-
Illustration: Jessica Chen
ly 60 percent less than you would pay for these products sepa- ing forgotten passwords. In addition, you have to create and
rately. The retail price for Novell BranchManager for NT is manage only one user account for each user. Without NDS for
U.S. $995 for a server license and five client licenses. You can NT 2.01, you must create and manage two user accounts for
add clients for U.S. $49 each. each user who must access both platforms.
34 NetWare Connection November 1999
NOVELL CERTIFIED PROFESSIONAL
Novell BranchManager for NT
NDS for NT 2.01 also enables you to ZENworks Application Launcher works
store NDS replicas on the Windows NT with NDS to allow you to centrally
servers installed at branch offices. Storing manage, upgrade, and distribute appli-
replicas on these Windows NT servers im- cations across your company’s network.
proves performance and provides fault tol- Using the Application Launcher, you
erance. Because NDS can service requests can dynamically update users’ desktops
through the replicas stored on local Win- when new applications become avail-
dows NT servers, NDS does not have to able, you can modify registry or INI
send these requests across your company’s settings, and you can provide applica-
WAN link. If the WAN link is down, tion fault tolerance and load balancing.
users can still access NDS data on the • Desktop Management. ZENworks 1.1
local replica. allows you to store workstation depen-
The Windows NT servers are also dencies (such as desktop preferences,
more fault tolerant because NT user and printer configurations, Novell client
group information is stored in NDS. If parameters, and Remote Access Server
anything happens to a Windows NT ser- configurations) as policies in NDS. As
ver, this user and group information is a result, you don’t have to visit each
still accessible via NDS. As a result, you workstation to change configuration
can still perform management tasks, and parameters. Instead, you can change
users can still access the rest of network. the appropriate policy once in the
NWADMIN utility, and NDS will de-
ZENworks 1.1 ploy the configuration to the User ob-
In addition to managing Windows NT jects, Workstation objects, or container
servers at branch offices, you must man- objects you specify.
age all of the workstations at branch of- • Desktop Maintenance. ZENworks 1.1
fices. ZENworks 1.1 extends NDS to in- includes a help desk component that is
clude information that is normally stored tightly integrated with NDS. This help Please visit our advertiser:
on a Windows NT, 98, 95, or 3.x work- desk component enables users to com-
station. For example, ZENworks 1.1 municate problems to the IS help desk. Tobit Software
stores information such as the look and In addition, ZENworks 1.1 includes re-
feel of the desktop (such as backgrounds, mote control software that allows you to
screen savers, and shortcuts), applica- remotely diagnose and repair worksta- http://www.tobitsoftware.com
tions, and printers in NDS. tions. With ZENworks 1.1, you no long-
ZENworks 1.1 and NDS save you time er need onsite support technicians at
because they eliminate the need to man- branch offices. Users simply report prob-
ually configure each workstation from lems through the ZENworks 1.1 help
which a user may need to access the net- desk component, and you can use the
work. When a user logs in to the network, ZENworks 1.1 remote control software
ZENworks 1.1 automatically delivers to diagnose and repair most problems.
everything that user needs (such as ap-
plications and printer configurations) to BorderManager Authentication
do his or her job. You no longer have to Services 3.0
travel to a branch office to install new BorderManager Authentication Ser-
software, to update existing software, or to vices 3.0 provides a secure way for remote
change workstation configuration informa- dial-in users to access your company’s
tion. You can make these changes in NDS, NDS network. BorderManager Authenti-
and the changes are automatically de- cation Services 3.0 connects remote dial-
ployed to workstations across the network. in users to any network access server that
With ZENworks 1.1 and NDS, you is running the Remote Authentication
can also correct workstation problems at Dial-In Users Service (RADIUS) proto-
branch offices. If you need to trouble- col. After remote users are connected to
shoot a workstation that is located at a your company’s NDS network, they can
branch office, you can view specific user access all the network resources to which
and workstation information and remote- they have rights.
ly control the workstation—all without Remote dial-in users can authenticate
leaving your desk. to the network through Point-to-Point
Z.E.N.works 1.1 includes three main Protocol (PPP), Password Authentication
components: Protocol (PAP), Challenge Handshake
Authentication Protocol (CHAP), UNIX
• ZENworks Application Launcher. The login, and other authentication protocols
For more information, visit
NOVELL CERTIFIED PROFESSIONAL
Novell BranchManager for NT
• Storage of trend information such as
CPU utilization and free disk space
• Windows NT server threshold alarms
for all parameters that can be tracked
• Windows NT system events reported
as SNMP traps
The information provided by Manage-
Wise Agent for Windows NT Server 2.6
helps you monitor, tune, and troubleshoot
Windows NT servers. In addition, this
agent enables you to control these Win-
dows NT servers from a remote location.
INSTALLING THE PRODUCTS
To simplify the installation of Novell
Figure 1. You install all of the products included in Novell BranchManager for NT from BranchManager for NT, Novell has in-
the main menu on the CD. cluded all of the products on one CD and
has created an integrated installation
that implement a username and pass- ager Authentication Services 3.0 also menu, which allows you to choose the
word. Using Rivest, Shamir, Adleman maintains accounting logs which enable product you want to install. (See Figure 1.)
Algorithm (RSA) and Message Digest 5 you to create reports for statistical analysis Before you install the products included
Algorithm (MD5) encryption methods, and interdepartmental billing. with Novell BranchManager for NT, you
BorderManager Authentication Services Because BorderManager Authentica- should ensure that the network meets the
3.0 and RADIUS provide secure trans- tion Services 3.0 is integrated with NDS, following minimum requirements:
port of authentication, authorization, and you can use the NWADMIN utility to
configuration information. manage remote access to your company’s • The network must include at least one
For added security of remote access to network. By creating a Dial Access System Windows NT 4.0 server that is run-
your company’s NDS network, Border- object in the NWADMIN utility, you can ning the NT File System (NTFS).
Manager Authentication Services 3.0 al- manage all RADIUS servers on your com- This server must also be running Win-
so supports NDS authentication through pany’s network from a central location. If dows NT Service Pack 1, 3, or 4.
smart card token devices (such as Activ- an Internet service provider (ISP) provides • The network must include at least one
Card). These devices require users to remote access to your company’s network, NetWare 4.11 or above server. This ser-
provide personal identification informa- you can use BorderManager Authentica- ver must be running NetWare 4 Sup-
tion as well as device-specific authenti- tion Services 3.0 to control dial-in user port Pack 6 or above and NDS 5.99a or
cation information. authentication through NDS while the above. (To download support packs for
BorderManager Authentication Ser- ISP manages dial-in access. (For more in- NetWare servers, visit Novell’s Support
vices 3.0 also includes other features that formation about BorderManager Authen- Connection web site at http://www.
ensure the security of remote access. For tication Services 3.0, see “Novell’s Border- support.novell.com/misc/patlst.htm#nw.)
example, you can configure the RADIUS Manager Authentication Services: Arm • For full IP support, the network must
server to use an automatic callback fea- Your Network for Remote Users,” NetWare include a NetWare 5 server, and this
ture. The RADIUS server will then in- Connection, Dec. 1998, pp. 21–30. You can server must be running NetWare 5 Sup-
struct the network access server that pro- download this article from http://www. port Pack 2 or above.
vides dial-in access to “hang up” on a nwconnection.com/past.) • A master replica must be stored on a
user and call that user back at a specified NetWare server.
number. Automatic call back ensures ManageWise Agent for Windows NT
that only authorized users can dial in to Server 2.6 Before you begin installing the products
your company’s network. The ManageWise Agent for Windows you want to use, you should also check the
In addition, BorderManager Authen- NT Server 2.6 allows you to manage Win- minimum requirements for each product.
tication Services 3.0 lets you limit the dows NT servers from a central location (These requirements are listed in the sec-
number of concurrent dial-in connections using the same Simple Network Manage- tions that follow.) In addition, you must
that a remote user can have at one time. ment Protocol (SNMP) based-manage- install NDS for NT 2.01 before you install
In addition, BorderManager Authentica- ment console that you use to manage the any other product included on the Novell
tion Services 3.0 records all authentica- rest of the network. The ManageWise BranchManager for NT CD.
tion attempts in an audit log. You can use Agent for Windows NT Server 2.6 pro-
the audit log to determine if unauthorized vides the following capabilities: INSTALLING NDS FOR NT 2.01
persons are attempting to access your Before installing NDS for NT 2.01,
company’s network and to diagnose re- • Automatic discovery and monitoring you should make sure the network meets
mote connection problems. BorderMan- of Windows NT 4.x servers the following minimum requirements:
36 NetWare Connection November 1999
NOVELL CERTIFIED PROFESSIONAL
Novell BranchManager for NT
• You must install NDS for NT 2.01 on a After the server is rebooted, the Domain To run the Domain Object wizard,
Windows NT 4.0 server running Win- Object Wizard (SAMMIG.EXE) is auto- choose Next from the the NDS for NT
dows NT Service Pack 1, 3, or above. matically launched. 2.01 introduction screen. You can then
• The Windows NT server must be run- follow the prompts to complete the mi-
ning the NTFS file system. Running the Domain Object Wizard gration of the Windows NT users and
• If the Windows NT server will host an After you reboot the Windows NT groups to NDS. If you need more infor-
NDS replica, the server should have a server, you log in to this server as Ad- mation, refer to the online help provid-
minimum of 32 MB of RAM. (Novell ministrator and then log in to NDS as ed with the Domain Object wizard.
recommends 64 MB of RAM.) ADMIN or another user with Write
• NDS for NT 2.01 requires 90 MB of access to the [Root] of the NDS tree. Installing the Administration Utilities
available disk space on the Windows (You must have this right because NDS To complete the NDS for NT 2.01
NT server. If the server will host an for NT 2.01 extends the NDS schema to installation, you must install the follow-
NDS replica, you will need 150 MB support NDS for NT 2.01 objects.) After ing administration utilities:
per 1,000 users in the replica. you log in, the Domain Object wizard
• To install NDS for NT 2.01, you must launches automatically. • Domain Object Wizard. You can use
have administrative rights to the Win- You use the Domain Object wizard to this utility to add or remove NDS rep-
dows NT server and the NDS tree. complete the following tasks: licas from a Windows NT server. You
• If the network includes NetWare 4.11 can also use this utility if you want to
servers, these servers must be running • Move the objects in the Windows NT remove NDS for NT 2.01 from a Win-
NetWare 4 Support Pack 4 or above domain to NDS dows NT server.
and NDS 5.99a or above. • Reconfigure the Windows NT server • NDS Manager. You can use this utility
• If the network includes NetWare 5 to change the domain name to manage NDS partitions and replicas
servers, these servers must be running • Install an NDS replica on the Win- from a Windows NT server.
NetWare 5 Support Pack 1 or above. dows NT server (optional) • NetWare Administrator for Windows
• If you use Microsoft Exchange, you • Remove an NDS replica from a Win- NT. You can use this utility to manage
must install Exchange Service Pack dows NT server or remove NDS for the NDS tree, including Windows NT
1.0 or above to run Mailbox Manager NT 2.01 from the server domains that have been moved to NDS.
• NDS for NT 2.01 should be installed
on the Primary Domain Controller
(PDC) and, ideally, on each of the
Backup Domain Controllers (BDCs).
You should install NDS for NT 2.01 on
the PDC first and then on the BDCs.
Installing NDS for NT 2.01 is simple.
The installation has only three main steps:
1. Install NDS for NT 2.01 on the Win-
dows NT server.
2. Run the Domain Object wizard.
3. Install the NDS for NT 2.01 manage- Please visit our advertiser:
Installing NDS for NT 2.01 Software Biscom Inc.
To install NDS for NT 2.01 on a Win-
dows NT server, you log in to the server as
Administrator or a user with administra- http://www.biscom.com/cd_offer
tive privileges. Then you insert the Novell
BranchManager for NT CD into the CD-
ROM drive of the Windows NT server,
and choose NDS for NT from the menu.
You then follow the prompts to com-
plete the installation. If you need more in-
formation, see the Quick Start Guide for
NDS for NT, which is included on the CD.
After the NDS for NT 2.01 files are
copied to the server, a dialog box appears,
indicating that the server must be reboot-
ed in order for the changes to take effect.
For more information, visit http://www.nwconnection.com/advertise.html.
NOVELL CERTIFIED PROFESSIONAL
Novell BranchManager for NT
• Novell Login. You can use this pro- • TCP/IP is configured and functioning. ManageWise console, you must change
gram to log in to the NDS tree and • NetWare 4 servers are running NetWare the setting on all the Windows NT ser-
Windows NT servers with one user- 4 Support Pack 5 or above. vers you manage through ManageWise.
name and password (if passwords are • NetWare 5 servers are running NetWare
synchronized). 5 Support Pack 2 or above. When you install ManageWise Agent
• Novell Send Messages. You can use this • Novell client software is installed on for Windows NT Server 2.6, the installa-
utility to send messages to other users Windows NT servers. tion program will confirm that the Man-
who are logged in to the NDS tree. ageWise 2.6 console is installed on your
BorderManager Authentication Ser- network. To support the ManageWise
To install these utilities, choose Admin vices 3.0 also requires an administrative Agent, the ManageWise console must be
Utilities from the NDS for NT 2.01 Instal- workstation that is running Windows NT, running the Microsoft network software,
lation menu on the Novell BranchMan- 98, or 95 with the appropriate Novell including the Microsoft client. In addition,
ager for NT CD, and follow the prompts. client software. The workstation must the ManageWise console should be con-
also have 2 MB of free disk space. figured with the following:
INSTALLING ZENWORKS 1.1 After you have verified that the net-
Before you install ZENworks 1.1, you work meets these requirements, you can • File and print sharing (with File shar-
must ensure that the Windows NT server begin to install BorderManager Authen- ing selected)
has at least 40 MB of available memory tication Services 3.0. The installation • Novell NetWare client as primary
and 175 MB of free disk space. You will al- program copies the RADIUS server files network logon
so need log in to NDS as ADMIN or an- and the NWADMIN snap-in modules for • Microsoft TCP/IP protocol loaded and
other user with Write access to the [Root] BorderManager Authentication Services bound
of the NDS tree because you must extend 3.0 to the Windows NT server. With these
the schema to support ZENworks 1.1. snap-in modules, you can use the NWAD- To install ManageWise Agent for
Installing ZENworks 1.1 on a Win- MIN utility to manage remote access to Windows NT Server 2.6, select the Man-
dows NT server is a straightforward pro- your company’s network. The installation ageWise option from the main menu of
cess. To begin the installation, simply program also extends the schema of the the Novell BranchManager for NT CD,
insert the Novell BranchManager for NT NDS tree to include the new Dial Access and follow the prompts to install the
CD into the CD-ROM drive of the Win- System object classes and attributes. product. Unfortunately, the ManageWise
dows NT server, choose ZENworks from Like the ZENworks 1.1 installation, Agent for Windows NT Server 2.6 docu-
the main menu, and follow the prompts. the installation of BorderManager Au- mentation is not included on the Novell
If you need more information, the ZEN- thentication Services 3.0 is straightfor- BranchManager for NT CD. If you need
works 1.1 documentation is included on ward. To begin the installation, simply more information, download the docu-
the Novell BranchManager for NT CD. insert the Novell BranchManager for NT mentation from http://www.novell.com/
CD into the CD-ROM drive of the Win- documentation/mw26.html.
INSTALLING BORDERMANAGER dows NT server, choose B.M.A.S. from ManageWise Agent for Windows NT
AUTHENTICATION SERVICES 3.0 the main menu, and follow the prompts. Server 2.6 is an extension of Microsoft’s
Before you install BorderManager If you need more information, the docu- SNMP service. After the installation is
Authentication Services 3.0, you need mentation for BorderManager Authen- completed, you should reinstall any Win-
to ensure that the network access server tication Services 3.0 is included on the dows NT Service Packs that are running
meets the following requirements: Novell BranchManager for NT CD. on the Windows NT server.
• TCP/IP is configured and functioning. INSTALLING MANAGEWISE AGENT FOR CONCLUSION
• The server is RADIUS compliant. WINDOWS NT SERVER 2.6 If your company has an enterprise net-
• The server is RADIUS authentication To install ManageWise Agent for Win- work with NetWare 4 or NetWare 5 ser-
enabled. dows NT Server 2.6, you must have Ad- vers installed at company headquarters
• The RADIUS server address is set to ministrator or equivalent rights to the and Windows NT servers installed at
the Windows NT server on which Bor- Windows NT server on which you want branches and departments, you should
derManager Authentication Services to install the agent. You must also have take a close look at Novell BranchMan-
3.0 will be installed. Administrator rights to the ManageWise ager for NT. You are already enjoying the
• The RADIUS shared secret is estab- console workstation if this workstation is benefits of a single point of network ac-
lished and known. running Windows NT. cess and management at company head-
• SNMP service is installed. The Windows NT server must meet quarters; Novell BranchManager for NT
the following requirements: extends these benefits to remote Win-
The RADIUS server must meet the dows NT servers.
following requirements: • The IPX protocol must be loaded. Sandy Stevens is a freelance writer
• The SNMP service must be loaded. The based in San Diego, California. She is co-
• The server is running NetWare 4.11 SNMP setting on the Windows NT author of Novell’s Guide to Integrating
or above or Windows NT 4.0. server must be the same as the SNMP NetWare 5 and NT, Novell’s Guide to
• The server has 1 MB of free disk space. setting on the ManageWise console. If NetWare Printing, and Novell’s Guide
• The server has 1 MB of RAM. you change the SNMP setting on the to BorderManager. b
38 NetWare Connection November 1999