Novell Open Enterprise Server 11 SP3 User guide

www.novell.com/documentation

Deployment Guide

iFolder 3.9.2

January 2014

Legal Notices

Novell,Inc.,makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecifically

disclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.,

reservestherighttorevisethispublicationandtomakechangestoitscontent,at

anytime,withoutobligationtonotifyany

personorentityofsuchrevisionsorchanges.

Further,Novell,Inc.,makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsany

expressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.,reservestheright

makechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityof

suchchanges.

AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.S.exportcontrolsandthetrade

lawsofothercountries.Youagreeto

complywithallexportcontrolregulationsandtoobtainanyrequiredlicensesor

classificationtoexport,re‐exportorimportdeliverables.Youagreenottoexportorre‐exporttoentitiesonthecurrentU.S.

exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.S.

exportlaws.Youagreetonotuse

deliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.SeetheNovellInternationalTrade

ServicesWebpage(http://www.novell.com/info/exports/)formoreinformationonexportingNovellsoftware.Novellassumes

noresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.

Novell,Inc.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,storedon

aretrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.

Novell, Inc.

1800 South Novell Place

Provo, UT 84606

U.S.A.

www.novell.com

OnlineDocumentation:ToaccessthelatestonlinedocumentationforthisandotherNovellproducts,seetheNovell

DocumentationWebpage

(http://www.novell.com/documentation).

Novell Trademarks

ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.novell.com/company/legal/trademarks/

tmlist.html).

Third-Party Materials

Allthird‐partytrademarksarethepropertyoftheirrespectiveowners.

Contents 3

Contents

About This Guide 7

1 Understanding iFolder Deployment 9

1.1 Before You Deploy iFolder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.1.1 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

1.1.2 Security Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.1.3 Additional Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.1.4 Encryption and Key Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.2 Using a Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

2 Single-Server Deployment 13

2.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

2.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

2.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

2.4.1 User Data Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.4.2 Document Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3 Multi-Server (Master-Slave) Deployment 17

3.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

3.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.4.1 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.4.2 Data Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

4 Multi-Server (Master-Master) Deployment 21

4.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

4.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

4.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

4.4.1 Functional Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

4.4.2 Specialized Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

5 Master-Slave Deployment for a High Web Access Load 25

5.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

5.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

5.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

5.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

5.4.1 Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

5.4.2 Online Application Submission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

6 Single-Server Cluster Deployment 29

6.1 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4 Novell iFolder 3.9.2 Deployment Guide

6.1.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.2 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

6.3 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.5 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.5.1 Document Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

7 Multi-Server Master-Slave Deployment in a Cluster 33

7.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

7.1.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

7.1.2 Web Admin Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

7.1.3 Web Access Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

7.2 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

7.3 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

7.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

7.5 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

7.5.1 Business Services with High Volatility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

8 Using an iFolder Master Server as a Load Balancer 37

8.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

8.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

8.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

8.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

8.4.1 Information Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

8.4.2 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

9 Using Fibre Channel to Deploy iFolder in a Storage Area Network 41

9.1 iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

9.2 Web Admin and Web Access Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

9.3 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

9.4 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

9.5 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

9.6 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

9.6.1 Case 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

9.6.2 Case 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

10 Using Xen to Deploy iFolder as a Virtual Service 45

10.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

10.2 LDAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

10.3 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

11 NAT-Based Configuration 49

11.1 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

11.2 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

11.3 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

11.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

12 Using Router Port Forwarding and Mod Proxy 51

12.1 Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Contents 5

12.2 Mod Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

12.3 Port Forwarding and Mod Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

12.4 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

12.5 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

12.6 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

13 Deploying iFolder behind Access Manager or iChain 55

13.1 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

13.2 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

13.3 Additional Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

13.4 Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

14 Deploying the My Documents Folder as an iFolder 59

14.1 Environments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

14.1.1 Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

14.1.2 Untrusted (User Network Alone) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

14.1.3 Untrusted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

14.2 Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

14.2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

14.2.2 Single Server and Multi-Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

14.2.3 Novell iFolder Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

14.2.4 Novell Web Admin Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

14.2.5 Web Access Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

14.2.6 Converting the My Documents Folder to an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

14.3 Key Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

14.4 Scalability Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6 Novell iFolder 3.9.2 Deployment Guide

About This Guide 7

About This Guide

NovelliFolderisdesignedwiththebasicprincipleofscalabilitytosupportorganizational

modifications.TheNovelliFolder3.9.xDeploym entGuidedescribeshowtosuccessfullydeploythe

followingiFoldercomponentsinyourproductionenvironment:

 iFolderEnterpriseServer

 iFolderWebAccess Server

 iFolderWebAdminServer

 iFolderClient

Thecasesconsideredin

thisguidearenotexhaustive.Theyareintendedtobeexamplesthatcanbe 

mappedtoyourorganizationalfunctions.

 Chapter 1,“UnderstandingiFolderDeployment,”onpage 9

 Chapter 2,“Single‐ServerDeployment,”onpage 13

 Chapter 3,“Multi‐Server(Master‐Slave)Deployment,”onpage 17

 Chapter 4,“Multi‐Server(Master‐Master)Deployment,”onpage 21

 Chapter 5,“Master‐SlaveDeployment

foraHighWebAccessLoad,”onpage 25

 Chapter 6,“Single‐ServerClusterDeployment,”onpage 29

 Chapter 7,“Multi‐ServerMaster‐SlaveDeploymentinaCluster,”onpage 33

 Chapter 8,“UsinganiFolderMasterServerasaLoad Balancer,”onpage 37

 Chapter 9,“UsingFibreChanneltoDeployiFolderinaStorageAreaNetwork,”

onpage 41

 Chapter 10,“UsingXentoDeployiFolderas aVirtualService,”onpage 45

 Chapter 11,“NAT‐BasedConfiguration,”onpage 49

 Chapter 12,“UsingRouterPortForwardingandModProxy,”onpage 51

 Chapter 13,“DeployingiFolderbehindAccessManageroriChain,”onpage 55

 Chapter 14,“DeployingtheMyDocumentsFol derasaniFolder,”onpage 59

Audience

ThisguideisintendedforiFolderadministrators.

Feedback

Wewanttohearyourcommentsandsuggestionsaboutthismanualand theotherdocumentation

includedwiththisproduct.PleaseusetheUserCommentsfeatureatthebottomofeachpageofthe

onlinedocumentation.

Documentation Updates

ForthemostrecentversionoftheNovelliFolder3.9.xDeploymentGuide,visittheNovelliFolder3.x

Documentation.

8 Novell iFolder 3.9.2 Deployment Guide

Additional Documentation

Fordocumentation,seethefollowing:

 NovelliFolder3.xdocumentation

 NovellOpenEnterpriseServerdocumentation

 NovelleDirectory8.8.xdocumentation

 NovelliManager2.7.xdocumentation

 NovellTechnicalSupport

Understanding iFolder Deployment 9

Understanding iFolder Deployment

Administrationoverheadandhandlingusersupportcallsaremajor tasksintheInformationand

Servicedepartmentofanyorganization.Deployingaservicewithoutproperunderstandingofthe

currentrequirements,thequalityoftheservice,andtheprojectedorganizationalgrowthcancause

unexpecteddemandsonthesystemthatleadtoextracosts

tomanagetheservice.

ThisguidehelpsyouunderstandthevariousscenariosinwhichtheNovelliFolderservicecanbe 

deployed,basedonrequirementsandfutureexpansionplans.ItaddressesvariousiFolder

deploymentscenariosandusecasesrangingfromsimpletocomplex,targetingsmall,medium,and

enterpriseusers.Youcan

alsorequestassistancefromNovellsupportpersonneltohelpyou

implementthesedeploymentscenarios.

 Section 1.1,“BeforeYouDeployiFolder,”onpage 9

 Section 1.2,“UsingaDeploymentManager,”onpage 11

1.1 Before You Deploy iFolder

BeforeyouinstallNovelliFolder,youmustplanthesetupthatissuitableforyourenterprise.You

shouldorganizethedeploymentbasedonyourcurrentrequirements,thequalityofservicerequired,

andtheprojectedneedsforfuturegrowth.

BeforeyoudeployiFolder,considerthefollowing:

 Section 1.1.1,“HardwareandSoftwareRequirements,”on

page 9

 Section 1.1.2,“SecurityConsiderations,”onpage 10

 Section 1.1.3,“AdditionalDocumentation,”onpage 10

 Section 1.1.4,“EncryptionandKeyRecovery,”onpage 11

1.1.1 Hardware and Software Requirements

 “ServerHardwareRequirements”onpage 9

 “ServerSoftwareRequirements”onpage 10

 “ClientRequirements”onpage 10

Server Hardware Requirements

ANovelliFolderserverhasthefollowinghardwarerequirements:

 AserverclassmachineforOpenEnterpriseServer11

 Aminimumof2GBRAM

 200GBdedicatedstorage(200MBstorageperuserfor1000users)

 Minimum100MbpsdedicatedNIC

10 Novell iFolder 3.9.2 Deployment Guide

ThisguidefollowstheOES11Linuxrecommendedhardwareforserver,storageareanetwork(SAN),

andclients.Thisalsoincludesthenetworkrequirements.

Server Software Requirements

ANovelliFolderserverhasthefollowingsoftwarerequirements:

 NovellOpenEnterpriseServer11withupdatedMonopatches

 Apache*configuredinworkmode

 ApacheconfiguredfortraditionalNIC

Client Requirements

TheNovelliFolderclientsupportsthefollowingworkstationoperatingsystems:

 SUSELinuxEnterpriseDesktop(SLED)10SP3

 SUSELinuxEnterpriseDesktop(SLED)11SP164‐bit

 openSUSE11.4

NOTE:TheiFolderLinuxclientrequirestheMonoframeworkforLinuxandaGNOMEdesktop

foriFolderNautilusplug‐insupport.

 WindowsXPSP332‐bit

 WindowsVistaSP1

 Windows7

 MacintoshOSX32‐bit(Intelarchitecture)v10.5andlater(requiresMono2.4.2.3).PowerPc

architectureisnotsupported.

1.1.2 Security Considerations

Basedonyoursecurityrequirements,youcancreateanencryptediFolderoranormaliFolder.The

communicationbetweentheiFolderserver,clients,WebAdminserver,andWebAccessservercanbe

settonon‐SSLorSSL(secure)orboth.

1.1.3 Additional Documentation

Formoreinformation,seethefollowing:

 iFolder3.9.1AdministrationGuide

 “PlanningiFolderServices”

 “PrerequisitesandGuidelines”

 iFolder3.9.1Cross‐PlatformUserGuide

 “GettingStarted”

 NovelliFolder3.9.2SecurityAdministrationGuide

Understanding iFolder Deployment 11

1.1.4 Encryption and Key Recovery

Fordetailedinformationonencryptionandkeyrecovery,refertothefollowingguides:

 iFolder3.9.1UserGuide

 “Encryption”

 “EncryptionPolicySettings”

 “ManagingPassphraseforEncryptediFolders”

 iFolder3.9.1SecurityAdministrationGuide

 “CreatinganEncryptediFolder”

 “CreatingStrongPasswordAndPassphrase”

 “UsingtheRecoveryAgent”

 “

TransferringtheEncryptionKey”

1.2 Using a Deployment Manager

NovelliFoldersupportsauto‐accountcreationthroughanXML‐basedresponsefile.Youcanuseany

deploymentmanager,suchasNovellZENworks,todistributetheresponsefilealongwiththeclient

totheusermachines.Aftertheclientisinstalled,theclientstartupauto‐createsanaccountwhenthe

responsefile

isdetected.Thisisbeneficialforlargedeployments.Italsosavestimeforusersand

avoidssupportcallsbecauseofaccount creationerrors.

12 Novell iFolder 3.9.2 Deployment Guide

Single-Server Deployment 13

Single-Server Deployment

Asingle‐serversetupconsistsofasingleserverwithuptoonethousandclientssimultaneously

connectedtoit.Insuchasetup,theiFolderserverandthedatabasearelocatedonasingleOpen

EnterpriseServer(OES)11server,andtheclientworkstationsareconnectedtoit.Thisscenariois



illustratedinthefollowingfigure.

Figure 2-1 SingleServer

Inasingle‐serversetup,allthreeiFoldercomponentsareinstalledandconfiguredonthesameserver.

AuthenticationofusersisalwaysLDAP‐based.Thismeansthatalltheuserstryingtologinand

accessiFolderdataareauthenticatedwiththeLDAPserverfirstandthenallowedtoaccessiFolder



data.Allclient‐to‐servercommunicationandcommunicationbetweenservercomponentsisdonevia

HTTPS.Inthissetup,asingleserverhoststheiFolderserver,iFolderWebAccessservices,and

iFolderWebAdminservices.LoadbalancingcannotbeperformedinthissetupandheavyWeb

Accessusageisalsonot

recommended.

Thefollowingsectionsdescribethedeploymentofasingleserversetupinyourenvironment.

 Section 2.1,“KeyBenefits,”onpage 14

 Section 2.2,“LDAPConfiguration,”onpage 14

Simple Server

HTTP

100 Mbps

iFolder server

Public URL = 10.1.1.1

Private URL = 10.1.1.1

Server IP = 10.1.1.1

Client connects

To Public URL

Linux

SLED 10 SP1

or greater

Macintosh

OSX v10.4

or greater

Windows

XP/Vista

Browser

Web Access

/ iFolder

Browser

Web Admin

/ admin

eDirectory

o=ifadmin, o=novell,

url=ifproxy, o=novell

14 Novell iFolder 3.9.2 Deployment Guide

 Section 2.3,“ScalabilityParameters,”onpage 14

 Section 2.4,“DeploymentScenarios,”onpage 14

2.1 Key Benefits

Thekeybenefitsofasingle‐serversetupareasfollows:

 Asingle‐serversetupiseasytomaintainbecauseoperationssuchasupdatingpatches,

upgradingtheserver,takingabackup,andrestoringabackuparelimitedtoasingleserver.

 SharingiFoldersisfasterinasingle‐serversetupas

opposedtoamulti‐serverenvironment.This

isbecauseinasingle‐serversetup,usersareprovisionedtoasingleserver,butinamulti‐server

environmentusersareprovisionedacrossmultipleservers.

 Asingle‐serversetupisbeneficialforsmallsetupsof500to1000users.Insucha

scenario,where

allusersareprovisionedonthesameserver,theresponsetimeisguaranteed.Forexample,ifa

serverhasadedicatednetworkinterfacecard(NIC)withaminimumof1Gbpscapacityand

eachclienthasaNICwithaminimumcapacityof100Mbps.Withthisconfiguration,a

usercan

uploadordownloada1GBfileinlessthan5minutes.

2.2 LDAP Configuration

TheLDAPconfigurationinformationforasingle‐serversetupisasfollows:

 eDirectory,OpenLDAP*,andActiveDirectory*directoryserversaresupported.

 Ensurethatallusersareapartofeitheracontainerorastatic/dynamicgroupontheLDAP

directoryserver.DuringiFolderinstallation,youmustusethesamecontaineror

groupDNsto

configuretheSearchcontextfield.

 iFoldersupportsbothsecureandnon‐securecommunicationwiththedirectoryserver.Youcan

chooseanycommunicationchannelthatfitsyourrequirements.Ensurethatthedirectoryserver

islisteningonstandardLDAPportsforsecureandnon‐securechannels.

2.3 Scalability Parameters

Thescalabilityparametersforasingle‐serverdeploymentareasfollows:

 Asingle‐serversetupisidealforsmallsetupsof500to1000users.

 Clientsmusthaveadedicatednetworkinterfacecard(NIC)of100Mbpscapacity.

 Web‐basedaccessmustbelow,andthickclientaccessmustbemoderate

withupto500active

connections.

 Datatransfer(synchronizationofuserdata)ratemustbe10MBperhourperclient.

 Thesynchronizationintervalmustbe10minutes.

2.4 Deployment Scenarios

Thefollowingsectionsdescribethedeploymentscenariosinasingle‐seversetup:

 Section 2.4.1,“UserDataBackup,”onpage 15

 Section 2.4.2,“DocumentManagement,”onpage 15

Single-Server Deployment 15

2.4.1 User Data Backup

Considerascenariowhereanorganizationwantsasetof500userstobeabletobackuptheirdesktop

dataatregularintervals.TheorganizationprovidesadedicatedLANlinktoensurethat500users

cansynchronizethedataattherateof10MBperhour. A single‐server

setupisidealinsucha

scenario.Beforeyouuseasingle‐serversetupforthisscenario,youmustconsiderthefollowing

policies:

 “LimitingtheNumberofiFoldersPerUser”onpage 15

 “DisablingSharing”onpage 15

 “SettingaDiskQuota”onpage 15

Limiting the Number of iFolders Per User

Inordertomaintaintheserverloadatanoptimallevel,youmustlimitthenumberofiFoldersthata

usercancreate.UsetheWebAdminconsoletolimitthenumberofiFoldersperuserinagiven

iFoldersystem.Youcansetthispolicyatuserandsystemlevels.

TherecommendedlimitofiFolders

peruseris5.

Disabling Sharing

Toenable aneffectivebackupandtoavoiduserdatacollision,youmustdisableiFoldersharing. If

necessary,youcanenablesharingwithread‐onlyaccess.Thisisusefultomaintainthe10MBper

hourdatatransferrateat500simultaneousconnections.

Setting a Disk Quota

Thediskquotalimitisbasedontheservercapacity.Therecommendedlimitis4GBperuser.This 

requirementcanbeafloatingvalue,sothatanaverageof4GBperuserisachieved.Thismeansthat

defaultsettingsareusedtoachievetherequirement.

2.4.2 Document Management

ThisdeploymentscenarioillustratestheiFolderabilitytosynchronizedocumentsacrossvarious

levelsinanenterprise.Considerascenariowhereacustomerinabankinitiatesaloanrequest

processby submittinganapplicationformtoabankclerk.Asapartoftheloanrequestprocess,the

applicationformis

senttoanofficialatahigherlevelforapproval.

Inthisscenario,youcancreatethreeiFoldersnamedSubmission,Level1,andLevel2fortheinitial

submissionandforthenextlevelsofapprovals.ThefirsttwoiFolders,SubmissionandLevel1,can

besharedbetweentheclerk

andthemanager.TheLevel2iFoldercanbesharedbetweenthe

managerandtheseniormanagerandmadeinaccessibletotheclerk.

Aftertheinitialverification,theclerkcanmovetheloanapplicationformstoredintheSubmission

iFoldertotheLevel1iFolder.Themanageraccessestheverifiedloan

applicationformfromtheLevel

1iFolderforfurtherverificationandapproval.Iftheloanrequestisverifiedandapproved,the

managermovestheapplicationformtotheLevel2iFolderfortheseniormanager’sapproval.

Thevariouslevelsofaccessallowyoutouseasingle‐serversetupto

easilymanagetheflowof

documentsinanenterprise.

16 Novell iFolder 3.9.2 Deployment Guide

Multi-Server (Master-Slave) Deployment 17

Multi-Server (Master-Slave) Deployment

Amulti‐serversetupconsistsofmultipleservers,whichcaneachhavemorethanathousand

simultaneousconnectionsatanypointoftime.Multi‐serverconfigurationsareoftwotypes,master‐

masterandmaster‐slave.Thissectiondiscussesthemaster‐slavesetup,andthemaster‐mastersetup

isdiscussedinChapter 4,

“Multi‐Server(Master‐Master)Deployment,”onpage 21.

Multi‐serverconfigurationsarebeneficialfororganizationsthatareexpandingtheiremployee

strength.Thistypeofsetupisalsousefulfororganizationsthathavetheirworkforcespreadacross

theglobewithmultiplebranchesacrosscountriesandcontinents.Youcanuseamulti‐server



deploymenttosynchronizeandsharedataacrosstheglobe withapredictableresponsetime.

Youcanconvertasingle‐serversystemtoamulti‐serversystembyconnectinganadditionalserverto

themainserverandcreatingamaster‐slaveconfiguration.Amulti‐server(master‐slave)setupis

illustratedinthe

followingfigure.

Figure 3-1 Master‐Slave

Inthissetup,theiFolderserverandtheiFolderdatabasearelocatedonOpenEnterpriseServer(OES)

11serverswithclientworkstationsconnectedtotheiFolderserver.TheiFoldermasterandslave

serversareconnectedtoeachothertoexchangemetadatainformation.TheWebAccessandWeb

Adminconsolesofthe

masterserverareaccessedthroughabrowser.Userauthenticationisdone

throughtheeDirectorysecureLDAPprotocolandalltheserver‐to‐serverandclient‐to‐server

communicationisdoneviaHTTPS.

18 Novell iFolder 3.9.2 Deployment Guide

Thefollowingsectionsdescribeamulti‐server(master‐slave)iFoldersetup:

 Section 3.1,“KeyBenefits,”onpage 18

 Section 3.2,“LDAPConfiguration,”onpage 18

 Section 3.3,“ScalabilityParameters,”onpage 19

 Section 3.4,“DeploymentScenarios,”onpage 19

3.1 Key Benefits

Thekeybenefitsofamulti ‐server(master‐slave)setupareasfollows:

 Supportsasecurecommunicationchannel(SSL)tosecurethedataexchangedonthewireand

securesiFolderdatastoredontheserverwiththeNovellpatentedencryptionandrecovery

mechanism.

 Ensuresscalabilitywithnotheoreticallimitonthe

numberofserversparticipating .Inaddition,

eachservercanhavemultipledatavolumesconfiguredwithanylimit.

 Guaranteesresponsetimebecausethenumberofusersthatareprovisionedperserverislimited

to1000,sothateachusercanhaveapredictableresponsefromtheserveriftheserverhas

a

dedicatednetworkinterfacecard(NIC)withaminimumof1Gbpscapacityandeachclienthas

atleasta100MbpsNIC.Withthisconfiguration,theusercanuploadordownloada1GBfilein

lessthan5minutes,whichisalmost4MBpersecond.

 Enablesusersacross

differentgeographicallocationstosharedatainasecuremanner.

 EnablesNovelliFolderserversacrossdifferentgeographicallocationstobeintegratedwith

BusinessContinuityClusters(BCC)fordatareplicationandhighavailability.

3.2 LDAP Configuration

TheLDAPconfigurationinformationforamulti‐server(master‐slave)setupisasfollows:

 eDirectory,OpenLDAP,andActiveDirectorydirectoryserversaresupported.

 TheLDAPSearchContextoptionmustbesettoanappropriatevalueforbothmasterandslave

inordertooptimizeLDAPsynctimeonbothservers.The

MasterLDAPsearchcontextspecified

musteitherbeasupersetofalltheslavesearchcontextsoracombinedlistofallslavesearch

contextsasshownintheexamplesgivenbelow:

 Mastercontext

o=org

,Slave1context

ou=ku,o=org,

Slave2context

ou=dl,o=org

 Mastercontext

ou=ku,o=org##ou=dl,o=org

,Slave1context

ou=ku,o=org

,Slave2context

ou=dl,o=org

 EnsurethateachiFolderserverhasitsowneDirectoryreplicassothatthe authentication

happenslocallyinsteadofwalkingtheeDirectorytree.

 iFoldersupportsbothsecureandnon‐securecommunicationwiththedirectoryserver.Youcan

chooseanycommunicationchannelthatyouneed.Ensurethatthedirectoryserverislistening

onstandardLDAPportsforsecureandnon‐securechannels.

Multi-Server (Master-Slave) Deployment 19

3.3 Scalability Parameters

Thescalabilityparametersforamulti‐server(master‐slave)deploymentareasfollows:

 Themulti‐server(master‐slave)deploymentisscalableto1000users.

IfanexclusiveWebAccessserverisnotdeployed,theWebAccessusersarealsoconsideredin

thisscalableparameter.AnindependentWebAccessservercanhandle

1000usersatanygiven

pointintime.Iftherearemorethan1000Webusersconnectingatanygivenpointintime,

considerthedeploymentscenarioinChapter 5,“Master‐SlaveDeploymentforaHighWeb

AccessLoad,”onpage 25.

 TheEnterpriseiFolderservermusthaveWebAdminandWeb

Accesscapability.

 WebAccessusagemustbeminimaltoensureguaranteedresponsetime.

 ClientsmusthaveadedicatedNICofatleast100Mbps.

 Web‐basedaccessmustbelow,andthickclientaccessmustbemoderatewith500active

connections.

 Thedatatransfer(synchronizationofuserdata)ratemustbe

atleast10MBperhourperclient.

 BothSSLandnon‐SSLcommunicationissupported.

 Thesynchronizationintervalmustbenomorethan10minutes.

 IfthemasterandslaveiFolderserversareintwodifferentgeographicallocations,individual

WebAccessserversarebeneficialtoimprovetheresponsetime.

3.4 Deployment Scenarios

Thefollowingsectionsdiscussthedeploymentcasesinamulti‐seversetup.Thesedeploymentcases

indicatehowamulti‐server(master‐slave)setupcanbeusedforloadbalancinganddata

synchronizationinanorganizationwheretheemployeestoragerequirementisgrowingintermsof

sizeandfrequencyofaccess.In

asituationwhe reanorganization’semployeestoragerequirementis

increasing,anorganizationneedsareliableresponsetimeforusers.Also,datasynchronizationin

suchasituationneedsstricttimeconstraints.

 Section 3.4.1,“LoadBalancing,”onpage 19

 Section 3.4.2,“DataSynchronization,”onpage 20

3.4.1 Load Balancing

Considerthecaseofaglobalmanufacturingfirmthatrequiresitscomponentplansanddrawingsto

besavedinasecureplace.Theworkforceinvolvedinthemanufacturingdivisionoftheorganization

needsthisconfidentialinformationtobeaccessed,updated,added,orsharedwithpeersinother

departmentsforvariousactions

tobetaken,suchasapprovalofplans.

Inthiscase,youcandeployNovelliFolderinamulti‐serversetupsothatthemanufacturing

divisionscansharetheplansandotherdocumentsinasecuremanner.Becausethenumberofunits

manufacturedmightbetime‐sensitiveandlimited,theplans

anddrawingsmustreachtherespective

divisionsontime,andtheoperatorsmustbeabletoretrieve,update,andsynchronizethemwithin

therequiredresponsetime.Amulti‐serverconfigurationisveryusefulinmanagingthiskindofload

inatimelymanner.

20 Novell iFolder 3.9.2 Deployment Guide

3.4.2 Data Synchronization

Consideranexamplewhereacompanyisorganizinganeventtoshowcaseitsproductsonthesame

dayindifferentgeographicallocations.Representativesofthecompanyareatthedifferentlocations

fortheeventwiththeirpresentations,spreadsheets,andFlash*videos.Thepresentationmaterial

needstobereplicatedacrossdifferentlocations.

Becausethepresentationmaterialmightneedlast‐

minutechanges,itneedstobesynchronizedinrealtime.Insuchascenario,aniFoldermulti‐server

(master‐slave)deploymentcanofferreal‐timedatasynchronizationcapabilities.

Page is loading ...

Novell Open Enterprise Server 11 SP3 , iFolder 3 User guide

Related papers

Other documents