NT -- TECHNICAL SUPPORT

NT Networking


Chapter 9 - NT Networking Environment

Chapter 10 - Configuring NT Protocols

Chapter 11. NT Networking Services

Chapter 12 Implementing Remote Access Service (RAS)

Chapter 13 Internetworking and Intranetworking (IIS and PWS)

Chapter 14 - Interoperating with Novell NetWare


Chapter 9 - NT Networking Environment


NT network Components

Distributed Processing

File and Print Sharing Components Supported by NT


Networking capabilities are built into NT operating system (MS-DOS and Windows install network capbilities separately from the core operating system). A single NT computer can simultaneously interoperate with the following networking environment:

NT network Components (refer to the diagram on page 321)


Boundary Layers in NT Networking Environment

Each NT networking component communicates through programming interfaces called boundaries. There are two boundary layers in NT networking architecture model:

Boundary Layers modularize NT network architecture and provide a platform for developers to build distributed applications. For example, vendors developing protocols need to program only between the boundaries, instead of programming for the entire Open System Interconnection (OSI) model.


Distributed Processing


File and Print Sharing Components Supported by NT

NT computers have the following components, that are needed for accessing file and print resources on a network:

Note: without Server Service (when it is disabled), an NT computer cannot share resources.
 

Chapter 10 - Configuring NT Protocols


Install and configure Network Adapter Card

Install and configure Protocols
Network Number and Internal Network Number
Routing Information Protocol (RIP)

To install and configure Network Adapter Card

>> Control Panel >>Network >>Adapters

Protocols communicate with network adapter cards by means of NDIS 4.0-compatible netwrok adapter card drivers.

NT supports multiple protocols, bound to one or more adapters, simultaneously.

To install and configure Protocols

>> Control Panel >>Network >>Protocols

NWLink IPX/SPX Compatible Transport ptotocol

-- MS 32-bit NDIS 4.0-compatible version of Novell's IPX/SPX protocol. Used when:

Frame types --

NT can be set to detect frame types automatically. However, if multiple frame types are detected in addition to 802.2, NWLink defaults to the 802.2 only -- i.e. NT can automatically detect only one frame type.
(on Ethernet networks, standard frame for NetWare 2.2 and 3.11 is 802.3. Starting from NetWare 3.12, the default frame type was changed to 802.2)

It is possible to establish connections between two computers that are using different frame type, when one of those computers is a NetWare computer acting as a router. But this is not effcient and, depending on the number of computers using the two frame types, could potentially result in a bottleneck.

An NT computer can (must) be manually configured to use multiple frame types simultaneously. How?


Network Number and Internal Network Number

Network Number

-- identifies the network segment that you access. Also referred to as the external network number. Must be unique for each network segment. When choose "Manual Frame Type Detection", you assign a network number to each frame type and adapter combination on your computer.

Internal Network Number

-- an eight-digit hexdecimal number (00000000, by default) identifies your computer on the network for internal routing. NT does NOT automatically detect the internal network number. In each of the following situations, you need to assign an unique non-zero internal network number to your computer:


Routing Information Protocol (RIP)

Using RIP routing over IPX, an NT Server can act as an IPX router. RIP allows a router to exchange info with neighboring routers.

to enable or disable the RIP -->>Network >>Protocols >>NWLink IPX/SPX >>Routing


NetBEUI

-- a protocol developed for small LANs of 20 to 200 computers. Not suitable for WANs, because it is non-routable. Mostly used for older, existing LANs.


Microsoft TCP/IP

-- a flexible suite of protocols designed for WANs and adaptable to a wide range of network hardware.

Parameters required for each network adapter card when using TCP/IP:

Note: IP address and subnet mask must be assigned. For communication with a remote network, default gateway also need to be specified.


Network Bindings

>>Control Panel >>Network >>Bindings

Network bindings are links that enable communication between network adapter card drivers, protocols, and services.

Bindings can be enabled, disabled, and ordered to optimize the network communication.

Example: An NT Server computer use TCP/IP as its primary protocol. It has also NWLink installed for the sole purpose for hosting connections from NetWare clients. How to optimize the bindings for this server?

Solutions -- For the Server service, order the bindings so that TCP/IP is first, and NWLink second. For the Workstation service, disable the binding between the Workstation service and NWLink, because the server will never need to establish connections or authenticate users over NWLink.


Chapter 11. NT Networking Services


DHCP

WINS

DNS -- Domain Name System

WINS vs DNS

Computer Browser Service


to install or configure -->>Control Panel >>Network >>Services
to start /pause /continue -- >>Control Panel >>Services (or from Server Manager >>Computer >>Services)

Note: DHCP, WINS, and DNS are all related services for TCP/IP.

DHCP -- Dynamic Host Configuration Protocol

Overview of DHCP Clients and Servers

A DHCP Server is a computer running NT Server, Microsoft TCP/IP, and the DHCP server software.

Note -- If you want to use a DHCP server to support subnetworks that span multiple routers, you may need a firmware upgrade for your routers. Your routers must support RFCs 1533, 1534, 1541, and 1542.

DHCP uses a client-server model. The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration info and provide it to clients. The server database includes:

An NT computer becomes a DHCP client if Obtain an IP address from a DHCP server is selected in NT TCP/IP. When a DHCP client computer is started, it communicates with a DHCP server to receive the required TCP/IP configuration info, which includes at least an IP address and subnet mask plus the lease associated with the configuration.

Configuring DHCP servers for a network provides the following benefits:


How the DHCP Server Service assigns an IP address

The client sends out a request. Each of the DHCP servers that receives the request selects an address from the pool of addresses defined in its database and offers it to the client. The client then accepts one of the offers, and the IP address is leased for a specific period of time.


DHCP Requirements


Installing and Configuring DHCP

In the Unique Identifier box, type the physical address (without the hyphens) of the client computer's network adapter card. You can use ping and arp utility (in command prompt) to get the physical address of a computer's network adapter card.


WINS

TCP/IP devices use IP address rather than the computer names to locate a computer on the internetwork.

What is a NetBIOS name -- NT computer names, assigned during setup, such as server1, are NetBIOS names. A computer NetBIOS name (sometimes also referred to as NetBIOS computer name):

What is NetBIOS Name Resolution -- In order to communicate successfully on a TCP/IP-based network, hosts need to identify each other's media access control address (also referred to as the hardware address), which is the physical address assigned to the network adapter card, for example the burned-in address. The process of converting a computer name to a media access control address is also known as name resoultion.

Name resoultion in a TCP/IP network is really a two-step process: computer name -> IP address -> hardware address (media access control address)


Miscrosoft TCP/IP can use ANY of the methods to resolve computer names to IP addresses:


What is WINS -- a dynamic naming service that resolves NetBIOS computer names to IP addresses. Typically, DHCP automatically configures your computer for WINS.

WINS uses p-node (peer-peer) mode to resolve NetBIOS names.

Because WINS database obtains NetBIOS name/IP address mappings dynamically, it is always current. If the WINS server is unavailable, the client switches to b-node (broadcast) and sends the query as a broadcase message on the local subnet.

Note: Non-WINS computers that use broadcasts can access WINS through proxies. Proxies are WINS-enabled computers that listen to name-query broadcast message, forward the request to the WINS server, and then respond for names that are not on the local subnet.


Installing and Configuring WINS


DNS -- Domain Name System

What is DNS

DNS is a distributed database providing a hierachical naming system for identifying hosts on the internet.

DNS computer names consist of two parts: a host name and a domain name, which combine to form the fully qualified domain name (FQDN). For example, research.widgets.com is a FQDN where reserach is the host name, widgets.com is the domain name.

(Note: the term domain, when used in the context of DNS, is not related to the term domain used when discussing NT Directory Services. An Internet domain is a unique name that identifies an Internet site. )

FQDN rules

An example of FQDN: corp1.mrg.bigone.com.


What is DNS Server Service

is a name resolution service that resolve a FQDN to the IP address that is used by the internetwork.


DNS Benefits

Using DNS on an NT computer allows


The DNS name Space -- the DNS database is a tree structure called domain name space. Each domain (node in the tree structure) is named and can contain subdomains.

How are Root and Top-Level Domains managed -- The root and top level domains (such as .com, .edu, .au, .cn) are managed by the InterNIC. The DNS name space below the top level is delegated to other organizations by the InterNIC. These organizations further subdivide the name space and delegate responsibility down the hierachical tree structure. This decentralized administrative model allows DNS to be autonomously managed at the levels that make the most sense for each organization involved.

Zone -- is the administrative unit for DNS. It is a subtree of the DNS database that is administrated as a single separate entity. It can consist of a single domain or a domain with subdomains.


WINS vs DNS

DNS WINS
Internet name (FQDN) to IP address NetBIOS computer names to IP address
Static database of DNS computer name to IP address mappings.

It must be manually updated

Dynamic database of NetBIOS computer names and IP addresses.

It is dynamically updated.


Installing and Configuring DNS Server (NT Server only)

Installing

-- >>Control Panel >>Network >>Services >>Add >>Microsoft DNS Server

Configuring

-- >> Administrative Tools (Common) >>DNS Manager ...

Configuring a DNS Client

NT Server, NT Workstation, Win95, WfW 3.11 with MS TCP/IP-32 installed all include DNS-resover functionality. Similar to WINS configuration, two ways to configure an NT client to use DNS server service --

Manually -- Control Panel >>Network >>Protocols >> TCP/IP Properties >> DNS ...

In conjunction with DHCP -- >> Administrative Tools (Common) >> DHCP Manager >>Local Machine >>DHCP_Options >>Scope >>add 006 DNS Server, type in the IP addresses of DNS Servers.

Note: on the client side, to configure either WINS or DNS to work together with DHCP, you use DHCP Manager


Integrating WINS and DNS

Whenever a new host is added or when an existing host is moved, the structure of a DNS zone changes. Because DNS is not dynamic, you must manually change the DNS database files if the zone is to reflect the new configuration.

NT DNS Server Service can be configured to use WINS for host name resolution. With this, you can direct DNS to query WINS for name resolution of the lower levels of the DNS tree in your zone (remember a FQDN consists of host name and domain name. WINS can only do the host name, which is the lower level in a FQDN). This integration creates a form of dynamic DNS Server Service that takes advantage of the best features of both DNS and WINS.

to configure DNS to use WINS to resolve the host name of a FQDN

-->>DNS Manager >>highligh the zone you want it to consult WINS for name resolution >>(right click) Properties >>WINS Lookup >>check "Use WINS Resolution" >>type in the WINS Servers' IP addresses


Computer Browser Service

NT uses the Computer Browser Service to display a list of currently available network resources.

The Computer Browser Service maintains a centralized list of available network resources. This list is distributed to specially assigned computers that perform browsing services, along with other normal services. This reduces the amount of network traffic required to build and maintain a list of all shared resources on the network, and also frees the CPU time each computer would had to use in creating a network resource list.

Browser Roles -- the responsibility of providing a list of resource servers (here server is defined as any computer that provides resources to the network) to clients is distributed among multiple computers on a network. The browser roles of these computers are known to the Browser Service as:

In summary -- the procedure of the resource server list is transferred in this order:

Domain Master Browser ->> Master Browser ->>Backup Browser ->>Browser Clients (Non-Browsers)

Note: a client firstly contacts the Master Browser for a list of backup browsers, then requests the resource list from one of the backup browsers. (refer to page 413)


Browser Election -- ensure one master browser exists in a workgroup or a subnet

When a client computer cannot locate a master browser, or when a backup browser attempts to update its network resource list and cannot locate the master browser, a new master browser must be selected. This selection process is called a browser election, which ensures that only one master browser exists per workgroup or segment (subnet) in a domain.

Election Packet and Browser Criteria

Network computers can initiate an election by broadcasting a special message called an election packet. All browsers process the election packet. The Browser Criteria is used to determine which computer should be the master browser. The criteria include, among other things, the operating system (NT Server > NT Workstation >Win95 >WfW), the operating system version (for example, NT 4.0 > NT 3.51 > NT 3.5), the configured role in the browsering environment (browser >potential browser >non-browser).

The election process continues until a master browser is elected, based on the highest ranking criteria value.


Chapter 13. Internetworking and Intranetworking

IIS and PWS Networking Components
Features of IIS and PWS
IIS and PWS Comparison
Installing IIS and PWS
Configuring IIS and PWS
MS Internet Explorer
Securing Internet and Intranet Sites

-- how NT computers access and distribute resources over the Internet and a private intranet.

The Internet is a network of computers located around the world that are able to communicate with one another through telephone lines. An intranet exists at a local level, internal to a company or organization, and consists of computers that are connected by LANs. Adding WWW, Gopher, and FTP services does not change the security of an intranet site.

The Internet and intranet communicate using common languages and protocols.


IIS and PWS Networking Components

IIS and PWS (Peer Web Services), as two additional Internet and intranet components, provide NT computers with the ability to publish resources and services on the Internet and on private intranets. Use IIS and PWS for publishing hypertext Web pages and client/server applications, and for interactive Web applications.

IIS and PWS are network file and application servers that use HTTP, Gopher, and FTP to provide info over the Internet and an intranet.

IIS and PWS support the Internet Server application programming interface (ISAPI), ISAPI is used to create interfaces that can be used for client/server applications.


Features of IIS and PWS

IIS and PWS Comparison

  IIS PWS
Supported by NT Server NT Workstation
Designed to support the heavy usage occur on the Internet for a small scale Web server to exchange info on an intranet

Installing IIS and PWS

IIS must be installed on an NT Server with TCP/IP.

PWS must be installed on an NT Workstaion with TCP/IP.

Changes can be made to a current IIS installation through the Internet Information Server Setup icon in the Microsoft Internet Server (Common) folder. Before adding or removing components, or reinstalling IIS, disable any previous versions of FTP, Gopher, or other Web services that may be installed on the NT Server.

Changes can be made to a current PWS installation through the Peer Web Services Setup icon in the Microsoft Peer Web Services (Common) folder. Before adding or removing components, or reinstalling PWS, disable any previous versions of FTP, Gopher, or other Web services that may be installed on the NT Workstation.


Configuring IIS and PWS

All of the Internet and intranet services can be configured and managed from one central point -- the MS Internet Service Manager (ISM).

ISM can be used to configure and monitor all of the internet services running on any NT computer in the network from one computer.

ISM is located in the MS Internet Server Tools (Common) on an NT Server computer, or in the MS Peer Web Services Tools (Common) folder on an NT Workstation computer.


MS Internet Explorer

Internet Explorer is a Web browser used to navigate and access, or browse, info on the web.


Securing Internet and Intranet Sites

NT security is fully integrated with IIS and PWS. Both IIS and PWS can be configured to require a vallid user account and an encrypted authentication in order to access the site. You can allow anonymous access to your site through the Internet Guest account or another account designated by you, or to require an NT user name and password. Besides, specific resources can be protected by granting permissions to appropriate users and groups.

By default, NT security can protect computers from causal intrusion. However, it is still good idea to configure your computer securely.

-- Allow Anonymous Access with the Internet Guest Account

When you allow anonymous connections to your WWW, Gopher, and FTP services, NT uses the user name and password configured for the service to make the anonymous connections. By default, the Internet Guest account, IUSR_computername, which was created during IIS or PWS installation, is used to allowing anonymous connections.

Note: the Internet Guest account is added to the Guests group. Changes to the Guests group user rights and resource permissions also apply to the Internet Guest accounts. Review and ensure they are appropriate for the Internet Guest account.

If remote access is available only to the Internet Guest account, remote users do not provide a user name and password, and have only the permissions assigned to the Internet Guest account. This prevents unauthorized users from gaining access to sensitive info with fraudulent or illegally-obtained passwords.

-- Require a User Name and Password

The WWW and FTP services can be configured to require a valid user name and password to access your site's Internet resources. There are two types of authentication: Basic and NT Chanllenge/Response.

Basic authentication does not encrypt transmissions between the client and server. They are sent in clear text over the network.

NT Challenge/Response authentication, supported by IE 2.0 or later, protects the password, thereby providing for secure logon over the network.

Note: the FTP services only supports basic authentication, so your FTP site is more secure if you only allow anonymous connections.

-- Guidelines for Securing and Internet and Intranet Site


Chapter 14 - Interoperating with Novell NetWare


NT Connectivity with NetWare -- Services and software for the interoperating with NetWare


NWLink

NWLink IPX/SPX Compatible Transport (or NWLink in short) is a native 32-bit NT implementaion of IPX/SPX and supports application servers in a NetWare environment (remember Novell NetWare use IPX/SPX as its primary network protocol.)

NWLink allows NT computers to communicate with other NT computers, as well as with NetWare servers. Two networking application programming interfaces (APIs) are supported to allow these communications -- Windows Sockets and NetBIOS.

NWLink enables NT-based computers connect to client/server applications running on a NetWare server. But,

By itself, NWLink does NOT provide access to NetWare file and print resources. (what NWLink allowes is the access to NetWare application servers only)

Client Service for NetWare (CSNW)

included with NT Workstation, enables NT Workstation computers to make direct connection to file and printer resources at NetWare servers (NetWare 2.x or later).

NT computers with CSNW and NWLink installed support:

CSNW (and GSNW) supports NetWare 4.x servers running either NetWare Directory Service (NDS) or bindery emulation (version 3.x); and login script:

NDS organizes shared objects on participating NetWare Servers into a hierachical tree. Thus installing CSNW on an NT provides NT clients with the ability to browser resources, use authentication, and use printing services on NDS hierarchies.

NetWare bindery, which is Novell's equivalent of NT directory database, is where user accounts and privileges are stored.

Installing and Configuring CSNW

Note: before install CSNW or GSNW, use >>Control Panel >>Network >> Services to remove any existing NetWare redirector, such as NetWare Service for NT from Novell, then restart the computer.

Install CSNW ->>Control Panel >>Network >>Services >>Add >>Gateway (and Client Service) for NetWare (Note: this is the same as installing GSNW)>> ... ... >>Restart the computer, a new icon "CSNW" appears in the Control Panel

Configure CSNW ->> Control Panel >>CSNW >>...

Note: When configuring CSNW, if the NetWare network uses NDS, you should have a Default Tree and Context instead of a Preferred Server

NetWare Directory Services (NDS) -- On networks running Novell NetWare 4.0, NDS is a distributed database that maintains information about every resource on the network and provides access to these resources.


Gateway Services for NetWare (GSNW)

GSNW enables computers running NT Server and using NWLink as a transport protocol to access files and printers at NetWare servers.

In addition, you can use GSNW to create gateways to NetWare resources, to enable computers running only MS network client (such as NT Workstation, Win95, WfW) to access NetWare resources through the gateway.

How a Gateway Works

GSNW acts as a bridge between the server message block (SMB) protocol used by the NT network and the NetWare core protocol (NCP) used by the NetWare network. When a gateway is enabled, network clients running Microsoft client software can access NetWare files and printers without having to run NetWare client software locally.

A File Gateway Example: an NT Server running GSNWconnects to a NetWare file server's directory and then shares it, just as if the directory were on the NT server. Then MS network clients can access the directory on the NetWare server by connecting to the share created on the NT server)

Note:

Note: NT Server and NT Workstation (version 4.0) support connections to NDS, but they do NOT support administration of NDS trees.


Installing GSNW

To install the GSNW ->>Control Panel >>Network >>Services >>Add >>Gateway (and Client) Services for NetWare >>Add >> ... (exactly the same as instll CSNW on an NT Workstation) >>Restart the computer, a new icon "GSNW" appears in the Control Panel

Note: Before installing the Gateway Service, remove any existing third-party network service or client software, including Novell NetWare client software.

You must be logged on as a member of the Administrators group to install and configure the Gateway Service.

Configuring GSNW

>>Control Panel >>GSNW >> ...

>>Start >>Settings >>Printers >>Add Printer >>(Add Printer Wizard) Network printer server >>Next >>In Shared Printers, click the printer you want >>OK (if necessary, double-click NDS tree names and NetWare server names to find the printer) -->

>>In the Printers folder ->>File >>Properties >>Sharing >>Shared >>type a share name for the printer in Share Name >>OK.

Notes:


Creating a Gateway -- summary

GSNW installation requirements (on the NetWare network!)

For an NT Server act as a gateway to resources on a NetWare server, the steps that must be taken on the NetWare network:

  1. A user account must be set up on the NetWare server, with the same name and password that the user will use to log on to the NT Server computer. (! this NetWare user account will be used when configuring GSNW gateway as the "Gateway Account" )
  2. The user account set up on the NetWare server must have the necessary permissions assigned for the resources that are to be accessed.
  3. on the NetWare server, a group account named NTGATEWAY must be created and include the user in step1

Note: The NetWare user account you use to enable gateways can be either an NDS account or a bindery account. If the server will have gateways to both NDS resources and resources on servers running bindery security, the user account must be a bindery account. (This account can connect to NDS resources through bindery emulation). If you create gateways only to NDS resources, the account can be an NDS account.

Creating a gateway is a two-step process: enable and activate

1. First you enable gateways on the NT Server. When you enable a gateway, you must type the name and password of the user account that has access to the NetWare server and is a member of the Ntgateway group on that NetWare server.

You need to do this only once for each server that will act as a gateway.

2. For each volume or print queue to which you want to create a gateway, you activate a gateway. When you activate a gateway, you specify the NetWare resource and a share name that Microsoft client users will use to connect to the resource.

If you are activating a gateway to an NDS resource, and the gateway user account is a bindery user account, you should specify the resource using the bindery context name.

If you are using a NDS user account, and you do not plan on also creating gateways to bindery resources, than you can specify the NDS resource name.

Security for gateway resources is provided on two levels:

On the NT Server that acting as a gateway, you can set share-level permissions for each resource made available through the gateway.

On the NetWare file server, the NetWare administrator can assign trustee rights to the user account used for the gateway or to the Ntgateway group. These rights will be enforced for all Microsoft client users who access the resource through the gateway. There is no auditing of gateway access.

RAS clients can also use GSNW to access NetWare servers. NT Server with GSNW enable remote users to have reliable and secure access to a NetWare LAN.


Changing Password on a NetWare Server from NT Computer

Users who use either GSNW or CSNW to directly access NetWare resources can change their passwords on NDS trees and NetWare bindery servers on the network. To do this, use the standard NT Server password changing procedure:

CTRL+ALT+DEL >>Change Password >>Domain >>choose NetWare or Compatible Network...

Notes: Your password is changed on all NDS trees to which you are currently connected. If the old password you specify does not match your current password on any of those trees, you are prompted to supply the old password for those trees.

>>Command Prompt >>change to the drive for the NetWare server >> type cd \public >>type setpass followed by the name of the NetWare server on which you want to change your password >> ...

Notes: To change your password on more than one NetWare bindery server, connect to all the servers before running setpass.


Summary on changing password: on an NT computer running CSNW or GSNW, Ctrl+Alt+Del change passwords on NDS trees, setpass change passwords on NetWare bindery servers.

If the NT computer also runs Directory Service Manager for Netware, Ctrl+Alt+Del change password for all servers in the NT Server domain (in this case, one password for all of the servers, whether NetWare Server or NT Server)


Issues related to direct connecting to NetWare Server

oppsite to using gateway services

Directly Connecting to NetWare Resources with GSNW

In addition to providing gateway technology, GSNW enables users working locally at the server to access NetWare resources directly, just as CSNW provides this service to NT Workstation users.

Connecting Directly to NetWare Resources -- Logon Scripts

When a user running either GSNW or CSNW to directly access NetWare resources first makes a connection to a particular NetWare server, the user’s logon script (if any) runs.

Users who connect to NetWare resources through a gateway do NOT have a logon script run, however.

Running NetWare Utilities and NetWare-Aware Applications

With NT Server and GSNW, you can run many standard NetWare utilities from the command prompt. For some administrative functions, you must use NT Server management tools. In addition, GSNW supports many NetWare-aware applications.


Exam Specific Notes on Using GSNW

Q1: How to install and configure GSNW?

1. Install GSNW on an NT server, and create a group called NTGATEWAY on the NetWare server (what this question is asking is really asking is where is Gateway for NetWare Services installed and where is the group called NTGATEWAY installed)

2. create a group called NTGATEWAY on the NetWare server, assign permissions to this group, and add any user accounts that need access to the NetWare server to this group.
(what these questions are probing at is on which server is what created)

NOT: Create a group called NTGATEWAY on the NetWare server, create a local group with the same name on the NT server, assign permissions to this group on the NetWare server, and add any user accounts that need access to the NetWare server to the NTGATEWAY groups on both machines


Q2: What are the steps of creating GSNW?

After enabling a NT gateway to a NetWare resource, what else must you do to activate the gateway?

a. create the NTGATEWAY group on the NetWare server
b. create user accounts that will access the gateway in the NTGATEWAY group on the NetWare server
c. map a NT server drive letter to the shared NetWare resource
d. enable bindery security on the NT server

Choice c is correct. 

Q3. The two steps of creating a gateway to a NetWare resource are enabling and activating

1. Enabling a gateway involves creating user accounts in the NTGATEWAY group of the NetWare server that require access to the NetWare resource. 
 
2. Activating a gateway involves mapping a networking drive to a NetWare resource or adding a printer, depending on whether a resource or print queue is to be accessed.

High, High level brief on how it is done:

Part 1 --

Part 2-- (through Control Panel GSNW Applet -- the only place to manage the NetWare shares and permissions)



FPNW -- File and Print Services for NetWare

FPNW allow NetWare clients to access resources on NT Server computers. (CSNW and GSNW allow NT computers to access NetWare servers)

In other words, FPNW enables an NT Server to function as a NetWare 3.12-compatible file and print server --to the NetWare clients, the server appears just like any other NetWare server. NetWare clients can access volumes, files, printers and application services on the NT server. No change or additions to the NetWare client software are necessary.


Remote Administration of Novell Networks

Novell NetWare servers cannot be administered directly; instead, a NetWare client acts as the system console and controls the administration of the NetWare server.

Syscon - System Console, primary admin tool used to setup user accounts, define policies, grant user access permissions to NetWare network

RConsole - provides remote view of NetWare system console. Console functions can be performed on remote console

PConsole - provides the administrator with tools necessary to manage print servers.

An NT computer with CSNW or GSNW enabled can also act as a system console to administer NetWare servers. Multiple sessions of NetWare administration tools can be run on a single NT client -- this allows to monitor all of the NetWare servers from one system console (NT Server and Workstation only; not possible in other MS operating systems, such MS-DOS).

Note: For NetWare client to access and administer an NT server, FPNW must be installed on that NT server computer. ( ! this means NetWare client can also administrater an NT server, when FPNW is installed on the NT server computer)


Directory Service Manager for NetWare (DSMN)

DSMN extends NT Server directory service feature to NetWare servers. DSMN allows a single network login for NetWare clients by synchronizing accounts across all NetWare servers.

It provides the ability to have one user account and password between a domain running NT and NetWare servers. Therefore, with DSMN, you can centrally manage mixed NT, and NetWare 2.x, 3.x, and 4.x (in bindery emaulation mode) environment with NT Directory Services.

Tasks that DSMN can accomplish -- the benefits of DSMN

Note: With DSMN, sharing account info is accomplished without having to install additional software on NetWare servers.


Migration Tool for Netware

The NT Server Migration Tool for NetWare enables you to migrate NetWare servers to computers running NT Server. The Migration Tool transfers user and group accounts, volumes, folders, and files. In addition, if the server you are migrating to runs FPNW, you can transfer users’ logon scripts.

The Migration Tool enables you to

Migration Tool for NetWare --Software Requirements

Note: the Migration Tool can be run locally, or remotely on an NT Server or even an NT Workstation, but the comupter that you are migrating to must be a Domain Controller.


Interoperability with Novell NetWare

! You always need NWLink on NT and IPX on NetWare

Platform Running  Allows Is Able to Connect to
NetWare Client IPX with NetBIOS, Named Pipes, or Windows Sockets support Client/Server (distributed) applications Client/Server (distributed) applications running IPX such as SQL Server on NT  computers running NWLink.
NetWare Client IPX Note: What GSNW is to MS Network clients, FPNW is to native NetWare clients.
Note:
For NetWare clients to admin NT Server remotely, FPNW must be installed on that NT server.
NT Server, with NWLink and FPNW Service installed, for file and print services.
NT computer NWLink  -Client/Server (distributed) applications Client/Server (distributed) applications on a NetWare server running IPX.
NT Workstation NWLink and CSNW  -Client/Server (distributed) applications 
-Browsing of resources on NetWare servers. Looks same as MS Network 
-Using the authentication on NetWare servers. 
-Using print services on NetWare servers. 
 
NetWare Servers 2.x or later for for file and print services.
NT Server NWLink and GSNW -NT Server gains all the benefits of using NWLink and CSNW. 
-NT Server is still acting as a client to the NetWare Server. 
-BASICALLY, PROVIDES THE "NWLink" and "CSNW" for its clients. 
NetWare Servers 2.x or later for file and print services.
Platform Running  Allows Is Able to Connect to

Reminders:

Tips on Interoperability with NetWare

NWLink can be thought of as the same language as NetWare's IPX -- NT uses NWLink as the only language to communicate with NetWare with IPX. Whatever services for the interoperating between NT and NetWare, NWLink (on NT computer) and IPX (on NetWare) are ALWAYS needed -- this simply because if there is no communication, nothing can be done.
  • you always need NWLink on the NT side, no matter what you want to do!
  • you always need IPX on the NetWare side, no matter what you want to do!

NWLink or IPX alone can only enables its owner to access applications on the other side.

To access file and printer resources (no matter who is the client -- NT or NetWare), besides NWLink on the NT side ), you need also some other services:

  • CSNW/GSNW + NWLink -- enable NT Workstation/Server client to access NetWare file and print resources (connection to NetWare for file and print services)

  • FPNW + NWLink on the NT Server -- enable NetWare client (+IPX) to access that NT server for file and print services.

All the interoperating services (CSNW/GSNW, FPNW, Migration Tool) are installed on the NT side. Absoultly NOthing need to be done on the NetWare side.


Overview of NetWare Compatibility Features -- Summary

NT Server and NT Workstation provide several features and services that enable NT computers to coexist and interoperate with Novell NetWare networks and servers. Some of these services are included in NT Server and NT Workstation; others are available as separate products.

The NetWare Link IPX/SPX Compatible Transport (NWLink) is the NT implementation of the IPX/SPX protocol. NWLink supports connectivity between computers running NT and computers running NetWare and compatible systems. NWLink can also be used as a protocol connecting multiple NT computers. NWLink is included with both NT Server and NT Workstation.

CSNW, included with NT Workstation, enables workstations to make direct connections to file and printer resources at NetWare servers running NetWare 2.x or later. CSNW supports NetWare 4.x servers running either Novell Directory Services (NDS) or bindery emulation. Login script support is also included .

GSNW, included with NT Server, enables: 1. a computer running NT Server to connect to NetWare servers, just as CSNW enables workstations to connect to NetWare servers. 2. Creating a gateway to NetWare resources, which enables computers running only Microsoft client software to access NetWare resources through the gateway (no changes or addition to these MS clients are necessary).

Migration Tool for NetWare, included with NT Server, enables you to easily transfer user and group accounts, volumes, folders, and files from a NetWare server to a computer running NT Server. If the server you are migrating to runs File and Print Services for NetWare, you can also migrate users’ logon scripts.

FPNW is a separate product. It enables an NT Server computer to provide file and print services directly to NetWare and compatible client computers. The server appears just like any other NetWare server to the NetWare clients, and the clients can access volumes, files, and printers at the server. No changes or additions to the NetWare client software are necessary.

Directory Service Manager for NetWare, also available separately, extends NT Server directory service features to NetWare servers. It enables you to add NetWare servers to NT Server domains and to manage a single set of user and group accounts that are valid at multiple servers running either NT Server or NetWare. Users then have just one user account, with one password, to gain access to these servers.


Chapter 12 Implementing Remote Access Service (RAS)

 

RAS Facts

Purpose of RAS and Dial-Up Networking

Principal features of RAS

Installing and Configuring RAS

Test the RAS Installation and Configuration

Troubleshooting RAS


With RAS, users in remote sites can use the network as if their computers were directly connected to the network. RAS on the client side is called Dial-Up Networking.

RAS Facts:

You administer NT Remote Access servers and set permissions for RAS users using Remote Access Admin. User Manager for Domains can also be used to set permissions for RAS users.

You can use RAS phone book to maintain the telephone numbers of remote networks, and to connect to and disconnect from these remote networks.

NT Server RAS permits up to 256 remote clients to dial in. NT Workstation RAS supports only one dial-up connection.

The RAS server can be configured to provide access to an entire network or restrict access to resources on the RAS server only.

Purpose of RAS and Dial-Up Networking

The RAS server acts as a gateway between the remote client and the network. RAS enables incoming connections from remote clients that are using Dial-Up Networking or other Point-to-Point (PPP) or Serial Line Internet Protocol (SLIP) dial-up software.

Using RAS and Dial-Up Networking, a business can extend its networks over Publish Swithed Telephone Network (PSTN), Integrated Services Digital Network (ISDN), X.25, and the Internet.

Because RAS supports WAN connections, protocols, and NT security features, remote clients can use the network as if they were directly connected to it.


Principal features of RAS

Remote clients can connect directly to a RAS server through --


According to their functions, protocols supported by RAS can be grouped as LAN and WAN protocols:

LAN protocols -- RAS supports TCP/IP, IPX/SPX, NWLink, NetBEUI, thus, RAS can be integrated into existing MS, UNIX, or NetWare networks using the PPP remote access standard. NT RAS clients can also connect to existing SLIP-based remote access servers (primarily UNIX servers).

When you install and configure RAS, any protocols already installed on the computer (such as NetBEUI, TCP/IP, and IPX) are automatically enabled for RAS.

WAN protocols (remote access protocols) -- such as PPP, SLIP, and the MS RAS protocol

RAS connections can be established through SLIP or PPP.

SLIP -- Serial Line Internet Protocol - primary function is to dial in to Unix Server.

PPP -- Point-To-Point Protocol

Microsoft RAS protocol -- a proprietary remote access protocol supporting the NetBIOS standard.

It is supported in all previous versions of MS RAS, and is used in NT 3.1, WfW, MS-DOS, and LAN Manager client. A RAS client dialing in to an older version of Windows (e.g. NT 3.1, WfW) must use the NetBEUI protocol. The RAS server then acts as a "gateway" for the remote client, providing access to servers that use the NetBEUI, TCP/IP, or IPX protocols.

The PPP Multilink Protocol provides the means to increase data transmission rates, by combining multiple physical links into a logical bundle to increase bandwidth. With PPP MP, it is possible to combine analog modem paths, ISDN paths, and even mixed analog and digital communications links on both client and server computers. For example, with two 28.8 kbps modems and two PSTN lines can use MP to establish a single 57.6 kbps connection to an MP server.

Both the Dial-Up Networking client and RAS server need to have MP enabled for this protocol to be used.



this feature enables clients to record telephone numbers that are needed to connect to remote networks (this requires Dial-Up Networking installed on the client side).


Telephony API

NT Telephony API (TAPI) virtualizes the telephone system by acting as a device driver for a telephone network.

To configure -->>Control Panel >>Telephony


Installing and Configuring RAS

If you select "Remote access to the network" during NT setup, both RAS and Dial-Up Networking will be automatically installed.

Either one or both services can also manually after NT installation, through >>Control Panel >>Network >>Services >>Add >>Remote Access Services >>...

Configuring a RAS Server (how to re-configure RAS after RAS Installation)

where to? >>Control Panel >>Network >>Services >>Remote Acess Service >>Properties... >> Remote Acess Setup diaglog box ...

Note: if TAPI has already configured, RAS Setup will not prompt for the Location Information.

Configure... -- to set up the specific port usage of a installed modem (or X.25 card) to be one of:

Dial out only / Receive calls only /Dial out and Receive calls
Configuration of Port Usage affect only the specified port.

Network... -- to configure network protocols (NetBEUI, TCP/IP, IPX), Multilink, and encryption settings.

Note: to use Multilink, both the client and the server must have Multilink enabled.


Granting Remote Access Permissions to Users

After installing RAS on a server, you must grant Remote Access permissions to users before they can connect through Dial-Up Networking. To do this,

use >>Administrative Tools >>Remote Access Admi >>Users >>Permissions...
or
>> Administrative Tools >>User Manager for Domains >>User >>Properties >>Dialin >>check Grant dialin permission to user


Installing and Configuring Dial-Up Networking

Installing -- Dial-Up Networking is automatically installed if you selected Remote access to the network when installing NT; or you chose to dial out and receives calls, or dial out only when installing RAS.

To Manually Install (and reconfigure) Dial-Up Networking -- >>My Computer >>Dial-Up Networking

Configuring Phonebook Entries

A phonebook entry stores all of the settings needed to conncet to a particular remote network. (when a phonebook is shared among all users, it is called a system phonebook).

To create/edit phonebook entries, -->>My Computer (or >>Programs >>Accessories) >>Dial-Up Networking

Configuring Loggon Preferences

These preferences apply to "Logon using Dial-up Networking" at Ctrl+Alt+Del login.

>>Dial-Up Networking >>More >>Loggon Preferences ... can configure: Dialing (interval between redial attempts...), Callback, Appearance, and Phonebook (specify the system phonebook or an alternate phonebook to be used when logging on).

To use local-catched profile when loggon -- >>Control Panel >>System >>User Profiles >>User Profiles >>Change Type >>Local profile /Roaming profile

This can be used to speed up the loggon process with Dial-Up Networking -- configure the client computer so that it does not download the server-based profile during logon across RAS.

The same logon process is used by NT to log on to a LAN directly or through Dial-Up Networking. The reason for this is that a copy of user's profile is catched on the client each time the user logs off. You may use the locally catched user profile rather than the server-based profile when logging on through Dial-Up Networking (especially when the server containing your server-based profile is unavailable).

AutoDial (enabled by default)-->>Dial-Up Networking >>More >>User Perferences ... >>Dialing >>Enable auto-dial by location

RAS AutoDial works only when the Remote Access AutoDial service is running. To determine if this service is running, >>Control Panel >>Services >> Remote Access AutoDial Manager ...

AutoDial (available only in NT 4.0 Dial-Up Networking, not in Win95 or NT 3.51) maps and maintains network addresses to phonebook entries, allowing them to be automatically dialed when referenced from an application or from the command line.

The AutoDial database include IP address (e.g. 202.209.76.138), Internet host names (e.g. www.mysite.com) or , NetBIOS names (e.g. server1). Each of these addresses are accociated with a set of one or more entries in the AutoDial databse. An entry in a AutoDial database specifies a phonebook entry that RAS can dial to connect to the address from a particular TAPI dialing location.

AutoDial keep track all connections made over a Dial-Up Networking connection so that clients can be automatically reconnected.


Two methods of testing RAS installation and configuration: