|
|
  |
|
|
"NovellŽ NetStorage is a feature of NetWareŽ 6 that provides simple Internet-based access to file storage. NetStorage is a Net services software solution that is a bridge between a company's protected Novell network and the Internet. It gives users secure file access from any Internet location, with nothing to download or install on the user's workstation. Files and folders on a Novell network can be accessed using either a browser or Microsoft* Web Folders." http://www.novell.com/documentation/lg/nw6p/index.html?page=/documentation/lg/nw6p/netstor/data/ae7px3l.html The following are some important tips and caveats to consider when evaluating or installing NetStorage. These are issues we have discovered in testing and installation, as well as some important points to consider from the documentation (persistent cookies, authentication domains.) Another important site to review upon installation is the nsadmin utility. This utility can be used to change the Netstorage configuration after it has been installed. The URL is http://server_ip_address/oneNet/nsadmin/ Important points to consider when using Netstorage are: IMPORTANT! NetStorage Will only allow access to Netware 5, 6, or 6.5 servers over IP. Sorry, no access to Netware 4.X boxes. Persistent Cookies "The Persistent Cookies setting can be turned either on or off. With the value set to 0, PersistentApache\ Cookies is turned off. Persistent Cookies is turned on (the default) if there is no value or the value is set to anything other than 0. With Persistent Cookies turned off, the NetStorage session will end when the user closes the current browser or Web folder. Also, if the user has a current instance of NetStorage up in a browser window or web folder and starts up a new browser instance or web folder, the user will be required to re-authenticate. Turning off Persistent Cookies can be beneficial if you have workstations that are shared because as long as the browser instance is closed down, the next user of the workstation cannot accidently or intentionally obtain access to your network through NetStorage. Leaving Persistent Cookies turned on can be beneficial if your workstations are not shared because it prevents users from having to unnecessarily re-authenticate. If the user selects the Logout option in NetStorage, the NetStorage session will end regardless of whether Persistent Cookies is turned on or off. " http://www.novell.com/documentation/lg/nw6p/index.html?page=/documentation/lg/nw6p/netstor/data/ae7px3l.htm Storage of proxy user password in netware registry and nsadmin in cleartext prior to Netware 6 SP2. This user account is used by NetStorage to do LDAP searches. By default it uses the credentials of the account used to perform the netstorage install. This can be changed later and the proxy user account needs only the access login and browse your container. http://support.novell.com/cgi-bin/search/searchtid.cgi?/10075539.htm IMPORTANT! Be sure that the proxy user account is within the primary authentication domain already configured. Failure of this user residing in this domain can result in the netstorage being unusable, and also you will be unable to access nsadmin to make the necessary changes. This can be fixed by modifying netware registry entries. SSL Certificates We encountered some problems with the default certificate installed by netstorage for ssl connections, a cert called NetIdentity. We also saw that if you created a different cert through consoleone, and then changed this cert using the nsadmin utility, netstorage would continue to use a different cert. What appears to be happening is that netstorage is using the cert dictated by the apache server configuration to handle its ssl connections. This cert can be changed by modifying the SecureListen line in the SYS\Apache\conf\adminserv.conf file. The certificate used by apache is in quotes at the end of the SecureListen line. Trusted root certificate When you are able to resolve the security alert concerning the server security certificate, you may still encounter an error that reads : "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." Here is a good TID on resolving these errors, Section A being a good walkthrough to installing the trusted root cert: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10081133.htm SSL connectivity to Netstorage Although SSL connectivity to Netstorage is available, there are several issues to consider with this current revision of the service. The first issue is that although authentication can be handled over https, file transfers are handled by Tomcat over standard http, port 80. According to Novell Knowledgebase, this can be modified post SP2 for Netware 6, but the steps indicated by Novell Technical Support were unsuccessful. We have reported this as a bug and will be monitoring its progress until corrected. This is also important to consider because since port 80 must be left available, it is possible for your users to access netstorage via http, thus putting their authentication at risk. It has also been found that when using Microsoft's Web Folders, even with specified https connection to the Netstorage Webdav server, the authentication is done via ssl, and the first screen that presents your available drives is shown as an https connection, but as you drill down further, the connection goes over http, as evidenced by the address bar. NetDrive "NovellŽ NetDrive lets you map a drive from your computer to a NetWareŽ 6 or Novell iFolderTM 1.0 or 2.0 server without installing the Novell Client. The benefit of mapping a drive through NetDrive instead of the Novell Client is that NetDrive uses Internet protocols to connect to the server, thereby helping you access your network files from multiple locations." Netdrive is a way to access all the servers in your login script, under one drive mapping on your computer, without the need for Client32, you only need the netdrive client. We worked through an issue with Novell Technical Support recently regarding the client causing the machine to hang or spike at 100% when downloading a file over https. This has been fixed with the NetDrive 4.1 build 862 release as indicated in this tid: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965552.htm The Netdrive 4.1 Build 862 release is also avaiable on the Netware volume at \\itd-nw1\NETWARE\Clients\NetDrive 4.1\patches\ndrv41862 File sorting We have found that when a volume is accessed via netstorage, the volumes accessed must be NSS volumes in order to sort alphabetically. When accessing traditional volumes the files appear in no discernible order. 8. 25 file limit per screen after netware 6 sp2 Your users will notice that they are only able to see 25 files per screen after service pack 2 is installed. According to the following tid, increasing this number has been reported as an enhancement request to Novell. http://support.novell.com/cgi-bin/search/searchtid.cgi?/10075752.htm Another important point is that when accessing a volume with greater than 25 folders through the netstorage with folder view, in the left pane you will see the first 25 folders, in alphabetical order, but when you scroll to show more, the new folders shown will append themselves to the top of the left pane folder list, moving the first list of folders to the bottom. Novell NetStorage is an excellent way to provide file system access for users that is platform independent. There are obviously issues that Novell will need to overcome to make this a viable option for all, but it is important to consider that this is a 1.0 release of the product, and considerable improvements have been made with each service pack release. To offer constructive criticism, or provide other feedback about our site, click here.
|
