Attend this session to learn how Domain Services for Windows can help you enhance Windows interoperability. Find out how to design trees and forests for Domain Services for Windows, how to integrate it into existing Novell eDirectory trees, how to leverage deployment methods that support application access and much more. We'll also discuss how you can deploy Domain Services for Windows with Citrix, VMware and NetApp.

1. Domain Services for Windows:
Best Practices for Windows Interoperability
Nicel KM David Shepherd
Engineering Manager Senior Technical Specialist
mnicel@novell.com dhepherd@novell.com

2. Agenda
• What is Domain Services for Windows (DSfW)?
• Features in DSfW
• Prerequisites for Successful Deployment
• Deployment Options
• Demonstration
• DSfW in OES2 SP2 and beyond
• Third Party Applications Support
2 © Novell, Inc. All rights reserved.

3. What is Domain Services for Windows?

4. What is Domain Services for
Windows?
• Domain Services for Windows (DSfW) is a suite of
technologies
• Provides AD style authentication to users, applications
• eDirectory users can access AD resources and
™
applications with a cross forest trust in place
• Seamless (need to depict that it doesnt change becos
of dsfw) access to OES services like file and print
services present on NSS or POSIX file systems
4 © Novell, Inc. All rights reserved.

5. DSfW: What Does It Achieve?
eDirectory Tree
™
Active
Directory
Forest
eDirectory
DSfW Cross Forest Trust
Resource Access
DSfW
iManager
AD Style Authentication eDirectory
Applications User
Clientless Access
Add/Modify User
MMC
Windows
User
5 © Novell, Inc. All rights reserved.

6. Features in DSfW

7. Features in DSfW
• AD protocol support
• Domain Emulation/Samba support
• Manageability – MMC/iManager
• Authentication
7 © Novell, Inc. All rights reserved.

8. Features in DSfW (cont.)
• need more information here.
8 © Novell, Inc. All rights reserved.

9. Prerequisites for
Successful Deployment

10. Understand What You Are Trying To
Achieve
• What is DSfW going to be used for?
– Application support. Check that the Windows based application
is going to work with DSfW. Do you need a Trust to a real AD
Domain for this to work correctly? What is the support position
on the proposed solution?
– Windows 2003 and 2008 are not yet supported as member
servers but do seem to work
• DSfW into an existing Tree
– eDirectory versions need to be up to date. At least one existing
™
eDirectory 8.8 Server should be in the tree with the rest at
8.73.10 or later. Put at least one OES2 Linux Server in place to
begin with with any NetWare 6.5 Servers on SP8
®
– Time synchronization is key. Kerboros is also time sensitive
10 © Novell, Inc. All rights reserved.

11. Understand What You Are Trying To
Achieve
• Current eDirectory Structure ™
– Examine your existing eDirectory structure. Flat eDirectory
designs with many Organization objects at the Tree Root may
be problematic to implement DSfW
– The first DSfW servers DNS Suffix needs to match the AD
Domain Name and suffix. For example if your AD domain name
is dc=novell,dc=com then the DNS Suffix needs to be
novell.com
– Schema checks. Check your schema in accordance with Novell ®
tid 7003431. May require a dial in to fix
– Partitioning and replication. Check the general tree health and
how the existing partitions map to DSfW
11 © Novell, Inc. All rights reserved.

12. Deployment Options

13. New Domain
Non-Name Mapped Configuration
• Characteristics:
– eDirectory tree is new ™
– eDirectory Tree Administrator is newly created and the DN is
fixed. The AD Forest Name is created at the Tree Root as a
hierarchy of DC objects. User administrator is created in
cn=administrator,cn=users,dc=novell,dc=com. The dc objects
are actual eDirectory objects
dc=example, dc=com
domain
Domain server 1 server 2 server 3 server 4 server 5
Controllers
13 © Novell, Inc. All rights reserved.

14. New Domain
Non-Name Mapped Configuration
• Why would this be used?
– Single Server Tree can only be configured in a Non-Name
Mapped configuration
– New Tree just for DSfW. No other application considerations
– The eDirectory Tree Administrator is also the DSfW
Administrator. No eDirectory user called admin is created
– A domain is automatically mapped to the eDirectory container.
e.g. domain acme.com is mapped to container
dc=novell,dc=com
14 © Novell, Inc. All rights reserved.

15. Into Existing eDirectory Trees ™
(Name Mapping Mode)
• Characteristics
– A existing eDirectory Tree's partitioned container is used to map
the DSfW domain (Name Mapping Mode)
– The eDirectory Tree Administrator is different from the First
Domain Administrator
– The domain mapping to eDirectory Tree is managed by the
eDirectory Tree Administrator
15 © Novell, Inc. All rights reserved.

16. Into Existing eDirectory Trees ™
(Name Mapping Mode)
• Why would this be used ?
– To add DSfW to an existing eDirectory environment
– To allow the use of Novell Workstations without the Novell®
Client
– To allow access through an AD style trust for Microsoft
Applications to Novell Users and Data
– To preserve use of existing Novell based applications such as
GroupWise and the Novell Client
®
16 © Novell, Inc. All rights reserved.

17. Demonstration of Deployment

18. Deployment of DSfW Into An Existing
eDirectory Tree ™
• Existing NW6.5 SP8 Tree – Novell-Tree
• OES2 SP2 Server has already been part configured
and joined to the tree
• The DSfW Provisioning wizard still needs to run
• Once deployed examine how access can be given to
Microsoft Clients to data volumes hosted on the
NetWare Server ®
18 © Novell, Inc. All rights reserved.

19. DSfW in OES2 SP2 and Beyond

20. DSfW in OES2 SP2
• New Provisioning Wizard
• Sysvol replication
• Password Policies
• Upgrade
20 © Novell, Inc. All rights reserved.

21. DSfW Provisioning Wizard
• Allows autoYaST to configure a basic OES2 SP2
system. A Java-based wizard is then used
• Gives more control and management over the DSfW
install process then OES2 SP1
• Gives the opportunity for remedial action if an
installation stage fails. Each stage can be executed
multiple times until successful
• Is only run when the base OS is installed and
operational
• Can be scripted if required
21 © Novell, Inc. All rights reserved.

22. DSfW Provisioning Wizard
22 © Novell, Inc. All rights reserved.

23. SysVol Replication
• Allows for the replication of sysvol between Domain
Controllers in OES2 SP2
• Uses rsync to execute the synchronization
• Similar functionality to native Windows 2003 Domain
Controller
23 © Novell, Inc. All rights reserved.

24. Password Policies
• Needs adding
24 © Novell, Inc. All rights reserved.

25. Upgrade
• Allows the in place upgrade of an existing DSfW
Domain Controller
25 © Novell, Inc. All rights reserved.

26. DSfW in OES2 SP3
• Removing Partition Boundary Limitation
• DNS configuration on ADC
• Deployment limiters
– Not moving master replica
– Disconnected children
– Domain name != container name
• Windows 2008 member server support
• Application?
26 © Novell, Inc. All rights reserved.

27. Third Party Application Support

28. Citrix
• Supported configuration for Citrix XENDesktop and
DSfW: http://support.citrix.com/article/CTX123281
– XenDesktop 3 and 4 are supported when used in an
environment with Novell Domain Services for Windows (DSfW)
®
in Open Enterprise Server 2 Support Pack 1 and higher as
follows:
– The XenDesktop farm must be configured to use registry-based
controller discovery, as documented in KB article CTX118976 -
How to Configure XenDesktop to Function Properly Without an
Organizational Unit in Active Directory, and all Desktop Delivery
Controllers and virtual desktops must be a member of the same
“Domain Services for Windows” domain. There is no
requirement for Novell client software to be installed either on
the Desktop Delivery Controllers or the virtual desktops
28 © Novell, Inc. All rights reserved.

29. NetApp
DSfW
Domain
USERS
COMPUTERS
29 © Novell, Inc. All rights reserved.

31. •Unpublished Work of Novell, Inc. All Rights Reserved.
•This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell,
Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the
scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised,
modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of
Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and
civil liability.
•
•General Disclaimer
•This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.