Exploring a Whole New Experience of Network Integration Possibilities with OS/400 Enhanced NetWare Integration.

BACKGROUND

By an informal survey, we find out that over 50% of the AS/400 customers use Novell NetWare servers somewhere in a Local Area Network (LAN) for file serving, print serving and application deployment. With the use of databases, traditional applications and file systems in different platforms within networks, many IT professionals face a common problem as how to access to data efficiently in an inter-network environment. Together with the increasing use of internet and intranet, being able to use all the pertinent data in a organization is becoming more and more of a problem.

PROBLEMS FACING IT PROFESSIONALS

AS/400 ENHANCED INTEGRATION FOR NOVELL NETWARE

A very powerful licensed program called OS/400 Enhanced Integration for Novell NetWare (5716-SS1, Option 25) is ideal for network integration if the AS/400 system has OS/400 version 3 release 7 or up and the NetWare servers are of version 3.12, 4.1 or IntranetWare.

The Requirement for Integration

Let us look at how this product can help fulfilling the requirement for network integration:

Figure 1 on the right shows that we have an AS/400 in the main office of a bank for commercial processing (billing and account information). In branch offices, there are NetWare servers and printers for local application sharing and printing account information.

Our network integration requires

  1. Commercial applications must access network data.
  2. AS/400 printing must be sent to branch offices.
  3. Dual user profiles administration costs must be reduced.

Figure 1 (The Bank Example)

 

Product Introduction

The OS/400 Enhanced Integration for NetWare can be viewed as a client-server program serving between Novell NetWare servers and AS/400s.

This product contains a client part in the form of a licensed program (5716-SS1, Option 25) running on the AS/400, and a server part in the form of a NetWare loadable module (NLM) running on a NetWare Server.

Since IPX is supported natively on the AS/400, the client and server parts can use this network protocol for communication. The NLM is installed in the normal way through the NetWare console. It takes approximately 2MB of server memory, depending on the number of connections that are requested.

Once the NLM is loaded on the server, it advertises the NetWare Enhanced Integration function on the IPX network using the service advertising protocol. No configuration is required on the NetWare server, all the functions are started automatically with a single command.

 

Figure 2 - Client and Server parts in action

Functional Component Overview

With the client and server parts of this product working together, the product can be viewed as different functional components:

  • QNETWARE File System under OS/400 Integrated File System (IFS)

The QNETWARE file system is the "subtree" under OS/400 IFS which provides access to all NetWare Servers with Enhanced NetWare Integration NLM loaded.

  • NetWare Servers Administration Commands

A set of administration commands is provided for remote NetWare network administration on the OS/400.

  • NetWare Server Authentication Entry

NetWare server authentication entries are provided in the OS/400 to provide user security and authentication.

  • Print Support

An AS/400 can be easily configured to use remote NetWare printers.

  • Native IPX support

The communication protocol for NetWare servers (IPX) are supported natively on the AS/400. Basic network management can be done through the AS/400.

In the following sections, we will look at how the above functional components help customers in network integration.

 

Network User Security and Authentication

Most file system functions, remote server administration and printing require user to have an authenticated connection from AS/400 to a NetWare server running the Enhanced Integration for NetWare NLM. The authenticated connection is achieved by using the authentication entry in the AS/400. We can think of the authentication entry as a passport of the AS/400 users. This passport will be used when accessing different NetWare servers.

To make an authenticated connection, user must setup his/her passport (authentication entry) in the AS/400 with NetWare user name and password. This connection is then used for administrative, printing, and file system requests. In order to reduce administration overhead, Network administrators should keep the NetWare user name and the AS/400 user profile the same. However, the option of mapping a different NetWare user name to an AS/400 user profile is provided (for example, mapping NetWare admin userid into AS/400 user profile CARMEN might be useful). AS/400 simply takes the NetWare user name and password specified in the authentication entry and attempts to start a connection on behalf of the user.

Figure 3 shows an NetWare authentication entry setup for an AS/400 user with user profile CARMEN. This user has access to NDS tree COMP_TREE and TEST_TREE, and NetWare 3.12 servers NETW312A and NETW312B.

The authentication of users is a fundamental part of the Enhanced Integration product, ensuring that AS/400 users are fully secured in their access to NetWare. After this one-time setup, the user authentication information is held in the user profile under server security data object. User then is not required to login explicitly to a tree or server.

Administrator can create an authentication entry for each tree or server for which the user is authorized. When a request is made using, for example, the file system or printing integration, the AS/400 will attempt to start a connection to the server using the information in the authentication entry.

This greatly simplifies the user's connection to the network, particularly those AS/400 users who are not familiar with NetWare terms.

If an authentication entry does not exist for the tree or server being requested, then a connection must be started explicitly to that tree/server. Starting a connection is also required if the authentication entry specifies *PROMPT, which forces the user to enter the password each time a connection is made.

Normally, the user's password to the network is stored with the user profile, and entered during the creation of the authentication entry. An AS/400 administrator has the option to deny the storage of passwords in the authentication entry by using a system value retain server security data (QRETSVRSEC). The system is shipped with the QRETSVRSEC value of NO.

Figure 3 - NetWare Authentication Entry on the AS/400

 

Network Resource Sharing

Network resource sharing can be achieved by using the QNETWARE file system, which will automatically mounted under IFS when OS/400 Enhanced Integration for Novell NetWare is installed (Figure 4). The QNETWARE file system provides access to NetWare files, directories, and NetWare Directory Services (NDS) objects.

QNETWARE file system can also be used to dynamically mount NetWare file systems over any local mountable file system. Flexible mount options, similar to the NetWare MAP command, simplify and speed up access to NetWare files. Besides, it can be used to store data in stream files.

Figure 4 - QNETWARE File System under Integrated File System

 

Figure 5 shows NetWare servers’ data can be seamlessly viewed from the AS/400 using QNETWARE file system. Access to multiple NDS trees and 3.12 servers simultaneously are supported. Thus, we can immediate access to data on servers throughout AS/400 and NetWare network. Figure 5 - Access data in NetWare servers from AS/400 using CA/400.

 

An AS/400 file can be copied to or from a file on the NetWare server with an OS/400 command. AS/400 applications can be written using the IFS APIs to access stream file data on NetWare servers. Figure 7 shows part of an ILE C/400 Program Using QNETWARE file system under IFS.

Standard APIs such as open(), write() and close() can be used to open, write data or close a file in a NetWare server from the AS/400.

Different possibilities of network data sharing can be resulted from the QNETWARE file system. In-house programmers can write applications on the AS/400 that can access both local data as well as all the data located in a NetWare network.

If a web server is running on the AS/400, a program can be written for the Common Gateway Interface (CGI) to access data in a NetWare network. Thus, users of the internet or intranet can get access from a NetWare network in runtime.

File Transfer Protocol (FTP) can be used to transfer files to and from the QNETWARE file system. AS/400 commands and shared folders also support moving data from one NetWare server to another.

/* This program copies a AS/400 database file CUSTCDT to a stream file in the QNETWARE file system. It uses IFS APIs to create and write the file. It converts the data from CCSID 37 to ASCII codepage 850 using the QTQICONV system API. */

#include <stdio.h>

int main (void)

{

char *dbfile = "CUSTCDT";

char *stmfile = "QNETWARE/SERVER.SVR/VOLUME/DATA/CUST.DAT";

/* Open and create the stream file using the open() IFS API */

fildes = open(stmfile, O_WRONLY|O_TRUNC, S_IRWXU);

….

/* Open the database file for processing in arrival sequence */

in = _Ropen(dbfile, "rr, arrseq="Y");

/* Create a buffer filled with information from the database file */

ilen += sprintf(dbrcd+ilen, "%D(6,2)", rcd.CDTDUE);

….

/* Write the buffer to the stream file using the IFS write API. */

write (fildes, stmrcd, stmlen);

/* Close all files */

_Rclose (in); /* Close the database file */

close (fildes); /* Close the streamfile */

Figure 7 - IFS API example using QNETWARE file system.

Network Servers Remote Administration

Basic NetWare servers administration commands are available from the AS/400. We can query the status of a NetWare server, manage authenticated connections, and manage NetWare volumes from the AS/400.

Figure 8 shows the *NETWARE version of the Work with Network Server Status (WRKNWSSTS) command. This command can be viewed as a starting point for remote network servers administration. It not only shows status and location of all the NetWare servers, but also provides options to work with connections, users, and volumes. Server administrator now has the option of doing basic administration from the AS/400 no matter where the remote server is actually located at.

 

Figure 8 - Work with Network Server Status Display - Enhanced Integration for NetWare.

NetWare Connection provides flexibility in accessing NetWare servers from the AS/400. User can explicitly start a NetWare Connection by issuing the Start NetWare Connection (STRNTWCNN) command in figure 9. This command can be used to provide different authentication information (NetWare userid and password) from that specified in the user profile authentication entry, or to specify a preferred server for NetWare operations that may otherwise use a different server.

With this concept in mind, network administrators from the AS/400 can easily write a CL program to control the starting and ending of NetWare operations in specified NetWare servers in the network. Servers and network loading can be controlled as a result.

Figure 9 - Start NetWare Connection Command

Volumes are the basic storage units of a NetWare server. Figure 10 shows the Work with NetWare Volumes (WRKNTWVOL) command. It can be viewed as the starting point for server volume management. This feature greatly enhances remote server administration by allowing the administrator to display, create, change, or delete NetWare server volumes from the AS/400.

Figure 10 - Work with NetWare Volumes

 

The user integration features allow AS/400 users and groups to be enrolled on NetWare servers and user passwords to be synchronized.

The network server user attributes are used to specify a user or group profile that will be enrolled into the NetWare Directory or on a NetWare 3.12 server. If all users are to be enrolled in the same tree and/or servers, then the system wide network server attributes can be used to simplify enrollment.

When an OS/400 group profile is enrolled in the network with the parameter set for propagate group members, then all user profiles in that group are enrolled on the network and put into the new group.

One user can be enrolled in multiple trees/servers in the network using these features.

When a user is enrolled in the network, an AS/400 authentication entry is created, simplifying the administration of user profile objects. When AS/400 users change their passwords, the password in the authentication entry is changed in addition to the password on the NetWare server. However, if a password is changed through the NetWare server interface, the change is not synchronized to the AS/400 user profile.

Figure 11 - Synchronization of User Profiles between AS/400 and NetWare servers.

Work with NWS User Enrollment command in Figure 12 shows user and group enrollment for password synchronization and the status of users' passwords. This command provides an easy way of monitoring the different users' enrollment and password status across multiple trees and servers.

If the password synchronization has been successful, then the status is marked as current on this screen. In the event of a failure, an error message will be displayed. An error can occur if a server is down when the password synchronization was attempted. In that case, synchronization will be retried by the system periodically or the operator can attempt to synchronize the password manually.

Figure 12 - Work with NWS User Enrollment

 

Network Print Sharing

The AS/400 to NetWare or Host to LAN printing function provides the ability to route AS/400 printed output to a printer queue controlled by a NetWare server.

On the AS/400 an output queue is configured, naming the target NetWare print queue and its NDS context or server. A remote printer writer is then started which then allows printing for properly authenticated users to be sent to the NetWare print queue. On the NetWare server, no special configuration is required.

On the output queue you can specify the parameter *NOWAIT which will remove the print job from the AS/400 queue as soon as it has been transferred to the NetWare print queue. Without this parameter, the job will remain in the AS/400 output queue until it has been printed on the server.

Each AS/400 user sending printing to the NetWare server must be properly authenticated. For each entry on the output queue, the user profile is checked for a connection to the NetWare server and, if not connected, the user's authentication entry is used to make a connection. A connection to the server can also be started manually, and specify the *ANY parameter to allow print jobs to use the connection.

This print function uses OS/400 host print transform to translate the print data stream. Common target PC printers can be specified on the output queue. The wide range of supported translations now include AFP to PCL. With this function network print sharing between AS/400s and NetWare servers can easily be achieved.

Figure 13 - Network Print Sharing

Figure 14 - AS/400 Output Queue to NetWare Print Queue.

 

HIGHLIGHTS

AS/400 Enhanced Integration for Novell NetWare enables:

MORE INFO

Additional information can be obtained under the product home page at http://www.as400.ibm.com/netware.

Training Information for both AS/400 and NetWare IT professional is available under "Education for CNEs" in http://www.as400.ibm.com/netware.

Richard Sinn is a freelance writer. He is a software engineer in IBM Rochester and a lecturer in University of Minnesota. He can be reached via e-mail at webmaster@openloop.com.