S 2.98 Secure installation of Novell Netware servers

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

To ensure a fault-free, secure installation of a Novell Netware server, the following aspects should be observed before installation and set-up:

Installation documentation:

The installation of Novell Netware servers should be comprehensively documented so that substitute supervisors, outsiders or newcomers can understand this material after brief viewing.

In particular, the documentation should contain parameterisation of the server (network connection, driver), additional NLMs (Netware Loadable modules, e.g. for data backup) and their configuration, and installed patches. Furthermore, the installation and integration of additional hardware (e.g. network printers, tape drives) should be comprehensively documented.

The documentation should also contain a detailed description of the server hardware and the installed peripheral equipment (e.g. network printer). Depending on the complexity of the Novell network the deployment of administration tools for documentation and revision purposes is desirable.

All the necessary software for installation and configuration of a Novell Netware server should be stored in a secured area, so that unnecessary delays can be avoided. Particular attention should be paid to the patches of the operating system, additional NLMs and drivers.

When loading NLM-Utility SYS:SYSTEM\CONLOG.NLM all messages that appear on the server monitor are simultaneously routed to the file SYS:ETC\CONSOLE.LOG. This NLM should already be loaded in the start file AUTOEXEC.NCF, so that problems reported in the start phase of the server can be detected.

Hardware equipment

When determining the necessary memory capacity (RAM) for Novell Netware servers along with the capacity of the hard drive and the installed operating systems of Novell Netware clients, the RAM utilisation must be taken into account, when loading additional NLMs.

Regarding the capacity of the hard disk when setting up individual volumes on a Novell Netware server, in particular the SYS: volume must have sufficient dimensions, since all Netware processes are carried out in this volume as standard. If the dimensions of the SYS: volume are insufficient, temporary processes such as print commands may, after certain operation time, exhaust the capacity of the volume, thereby causing an avoidable ABEND (abnormal end - server crash).

Hardware requirements:

To increase the availability of Novell Netware servers, i.e. of stored data, Novell Netware  3.x provides three hierarchical System Fault Tolerance Levels, which are listed below. Each level contains the functionalities of the previous levels.

• SFT I (System Fault Tolerance I)

Novell Netware  3.x supports SFT I as standard. This level prevents loss of data due to physical hard disk problems. After a write access to a file, the stored data on the disk is compared to the still available memory image on the Netware server. If the data do not compare, the sector of the hard disk will be marked as faulty and will be locked for future access.

The data is then stored in a "Hot Fox Area" on the hard disk. Within Novell Netware this area occupies two percent of the disk as a standard.

• SFT II (System Fault Tolerance II)

SFT II can be implemented in two different ways.

• Disk Mirroring (System Fault Tolerance II)

For disk mirroring two identical hard disks are connected to the same controller of a server. The data is stored simultaneously on both hard disks. If one disk fails, the second disk will be used without a loss in availability.

• Disk Duplexing (System Fault Tolerance II)

Disk Duplexing means the installation of two hard disks and their controllers. With this mechanism not only a hard disk failure can be remedied, but also the failure of a hard disk controller can be recovered.

• SFT III (System Fault Tolerance III)

SFT III is the highest level of tolerance for hardware faults that arise during operation. Two identical Novell Netware servers operate simultaneously and parallel to one another within the network.

The servers are connected via their own high speed network. If one server breaks down, operation of the network can be continued with the second server almost without loss of time and data.

The decision as to whether or not additional measures will be needed besides level I is dependent upon the required level of availability in the network.

Uninterruptible Power Supply (UPS)

By using an uninterruptible power supply (UPS), the consequences of a power failure can be remedied. Netware supports the utilisation of devices supporting UPS-Monitoring. In case of a power failure the server will be shut down at the end of the lifetime of the UPS in an orderly manner. All data residing in caches are written to hard disks. Connections to servers are terminated, as are server processes.

Additional controls:

• Is the documentation sufficient for a substitute administrator?

• How has the choice of SFT level been justified?