Leveraging Services for NetWare

Services for NetWare (SFNW) is a US$150 add-on available from Microsoft that provides a series of tools that help organizations integrate and migrate Novell and Microsoft networks. Surprisingly, very few organizations are even aware that the product exists; however, when working in a co-existence environment, or even considering migrating from NetWare to Windows, the SFNW can greatly assist an organization with the task.

SFNW provides organizations with the tools to integrate or migrate Novell users and resources to Windows environments. SFNW provides the following tools:

• Gateway Services for NetWare (GSNW)

• File and Print Services for NetWare (FPNW)

• Microsoft Directory Synchronization Services (MSDSS)

• File Migration Utility (FMU)

Using Gateway Services for NetWare to Bridge Environments

Integration of a Windows environment with Novell network operating systems is simplified through the use of Gateway Services for NetWare (GSNW). Gateway Services for NetWare is an integration product that allows Windows Server 2003 systems to provide a bridge to Novell NetWare server resources. GSNW provides for the following functional elements:

• Windows client access to file and print services on NetWare servers

• NetWare client service access to Windows file and print servers

Specific scenarios for GSNW include the following:

• A Windows Server 2003 or Exchange server requires direct access to NetWare File or Print Services.

  One circumstance in which this service would be required is the extraction of NetWare accounts from a server or the source extraction of accounts from a NetWare-hosted messaging system such as GroupWise.

• A company is migrating desktop clients from a Novell-based network to a Microsoft Windows Server 2003 network.

  The Microsoft-based clients that have been migrated over and no longer belong to the Novell network but require access to NetWare resources can access the NetWare resources through GSNW.

Using File and Print Services for NetWare to Replace Servers

File and Print Services for NetWare is a back-end service that allows a Windows server to emulate a NetWare 3.12 “compatible File and Print Server. NetWare clients can connect to the file and printer shares as if they were connecting to a Novell server. Novell clients use the same user interface to access file and printer resources running on an FPNW server. Essentially, FPNW allows an FPNW server to spoof an existing NetWare server after it has been retired , allowing you the time to gradually migrate desktops over to the Windows environment.

Specific scenarios for FPNW would include the following:

• A company needs to retire an aging Novell 3.12 server without having to make any network configuration changes to the NetWare desktop clients. The Windows Server 2003 running FPNW would be configured with the same File and Print Services as the Novell 3.12 server.

• A company is migrating from a Novell-based network to a Microsoft Windows Server 2003 network. During the migration, Novell-based clients that have not yet been migrated over to the Windows Server 2003 network can access the File and Print Services that have already been migrated over to Windows Server 2003 through FPNW.

Using Microsoft Directory Synchronization Service to Integrate Directories

Microsoft Directory Synchronization Services (MSDSS) is a tool used for synchronization of directory information stored in the Active Directory and Novell Directory Services (NDS). MSDSS synchronizes directory information stored in Active Directory with all versions of NetWare; MSDSS supports a two-way synchronization with NDS and a one-way synchronization with Novell 3.x bindery services.

Because Active Directory does not support a container comparable to an NDS root organization and because Active Directory security differs from Novell, MSDSS, in migration mode only, creates a corresponding domain local security group in Active Directory for each NDS organizational unit (OU) and organization. MSDSS then maps each Novell OU or organization to the corresponding Active Directory domain local security group .

MSDSS provides a single point of administration; with a one-way synchronization, changes made to Active Directory will be propagated over to NDS during synchronization. Synchronization from Active Directory to NDS allows changes to object attributes, such as a user's middle name or address, to be propagated. In two-way synchronization mode, changes from NDS to Active Directory require a full synchronization of the object (all attributes of the user object).

One of the key benefits to MSDSS is password synchronization. Passwords can be administered in Active Directory and the changes propagated over to NDS during synchronization. Password synchronization allows users access to Windows Server 2003 and Novell NDS resources with the same logon credentials.

The MSDSS architecture is made up of the following three components. These components manage, map, read, and write changes that occur in Active Directory, NDS, and NetWare bindery services:

• The configuration of the synchronization parameters is handled by the session manager.

• An object mapper relates the objects to each other (class and attributes), namespace, rights, and permissions between the source and target directories.

• Changes to each directory are handled by a DirSync (read/write) provider. Lightweight Directory Access Protocol (LDAP) is used for Active Directory calls and NetWare NCP calls for NDS and NetWare binderies.

In addition to the core components of MSDSS, the session configuration settings (session database) are securely stored in Active Directory.

Specific scenarios for MSDSS would include the following:

• A company is migrating directly from Novell to a Windows Server 2003 network. All network services such as DNS, DHCP, and IIS services are running on a single server. MSDSS can be used to migrate all users and files over to Windows Server 2003 after all services have been migrated.

• A company is gradually migrating from Novell to a Windows Server 2003 network. The network services such as DNS, DHCP, and IIS are installed on multiple servers and sites. MSDSS can be used to migrate and synchronize AD and NDS directories during the migration.

File Migration Utility (FMU)

The File Migration Utility is used to manage the migration of files from NetWare File and Print Servers to Windows Server 2003 systems automatically.

Integrated with MSDSS, FMU copies files while preserving the permissions and access control lists (ACLs) associated with each file. FMU copies the file permissions using a user-mapping file that matches an NDS user account with an Active Directory account. Through this mapping file created with MSDSS, files and the rights inherited or assigned in NetWare are calculated and maintained in the Windows network, preserving security and minimizing the time-consuming process of reassigning file rights and permissions. Without the mapping file, FMU will assign file permissions on all migrated files to the administrator.