e-mail   
 Menu
  Home
  Download
  Top 10 Downloads
  Last 15 New Files
  Web Links
  Tips
  Last 15 New Tips
  NLM Programming
  Admins Club





Installation and Administration






Polish Forum SUSE




Novell Connection Magazine


 
Who's Online

 There are currently,
14 guest(s)
that is (are) online.
 


Novell BorderManager 3.8

 

  Installing Novell BorderManager

This section provides instructions for installing the Novell BorderManager 3.8 software.

1.1 Additional Product Information

1.2 System Requirements

Novell BorderManager 3.8 is installed on a NetWare® server and is administered using Novell iManager 2.0.1 and NetWare Administrator (for Proxy) from a client Windows* 98, Windows 2000, Windows NT* or Windows XP workstation. Review the following requirements to ensure that your server and client environments meet the installation prerequisites.

1.2.1 Server Hardware

  • PC with a Intel Pentium* II or higher processor
  • Minimum of 256 MB of RAM above OS requirements
  • Minimum of 300 MB of disk space, with an additional 40 MB available during installation
  • CD-ROM drive that can read ISO 9660 formatted disks
  • Super VGA or higher resolution display adapter
  • One or more network interfaces
  • PS/2 or serial mouse
  • DOS partition with at least 250 MB
  • 4 GB SYS volume recommended
  • Minimum 2 GB of free drive space for the creation of a dedicated CACHE volume

1.2.2 Server Software

The following is to be installed in this order:

  • Operating System: NetWare 6.5, NetWare 5.1 SP6 or NetWare 6 SP3
  • The installation server and all servers holding a copy of the partition where the Novell BorderManager 3.8 Server object resides should have Novell eDirectoryTM 8.6.2 or 8.7.1. The recommended version is 8.7.1.
  • NICI 2.6
  • Netnlm32.nlm version 5.5.8 dated June 04, 2003

Special Requirements:

  • TCPIP Secure version (required for VPN)
  • If you are using eDirectory 8.6.2 and extending the VPN schema using SSL, copy the files under ICE patch directory to sys:system from the Companion CD

NOTE:  Novell BorderManager 3.8 must be installed on a NetWare server that holds an eDirectory read/write replica of the partition containing that server's object.

IMPORTANT:  If you are upgrading BorderManager from an earlier version of the product, stop all running BorderManager services before installing Novell BorderManager 3.8.

1.3 End User License Agreement (EULA)

Before installing Novell BorderManager 3.8 you need to go through the End User License Agreement (EULA). The EULA is present in the relevant language directory at the root of the product directory > \EULA.

1.4 Documenting Your Environment

Review this list of items and record information as required to complete the installation:

  • Location of license diskettes or path to the license file
  • Public and private interfaces and their IP address bindings
  • Domain Name System host name
  • IP addresses for up to three DNS name servers on the network
  • Domain Name for Mail Proxy and whether you want to proxy an internal mail server or external mail server or both
  • Server certificates if secure LDAP is to be used for schema extension
  • Default gateway
  • Certificate names and concerned trusted root container and objects

1.5 NICI 2.6 (only for NetWare 5.1 and NetWare 6)

Novell International Cryptography Infrastructure 2.6 is present in the Companion CD at nici\nwserver. To install NICI 2.6:

1.      Create a local copy of NICI 2.6 on the server on which you are installing Novell BorderManager 3.8 (Unzip the nici_u0.exe on that server) .

2.      Go to NWCONFIG, Product Options and select Install A Product Not Listed and then enter the path where you have copied NICI 2.6.

3.      Restart server after installation.

1.6 Netnlm32.nlm

Check if you have version 5.5.8 dated June 04, 2003 on your machine. This version is required to start NMAS 2.2. If your server does not have the minimum required version of this NLM, copy the netnlm32.nlm from the directory NETNLM32 on the Companion CD to sys:\system directory of your server.

The latest version of the NLM can be downloaded from support.novell.com. Download and extract nwlib5.exe on the server. The DSAPI directory will be available in the extract. Copy netnlm32.nlm from the DSAPI directory to the sys:\system directory.

1.7 TCPIP (Only for VPN)

TCPIP is available on the Companion CD and can be installed by running a perl script (tinstall.pl) on the server.

1.7.1 Installing TCPIP from CD:

1.      Insert and mount the Companion CD.

2.      At the server console enter

perl NBM38CCD:\TCPIP\tinstall.pl [-f]

Provide the -f option if you have null encryption versions of these nlms on the server.

Restart the server.

1.7.2 Installing TCPIP from Web:

1.      Unzip Novell BorderManager 3.8 Companion CD on a drive that is accessible from your server.

2.      On the server console enter

perl <Companion CD Path>\TCPIP\tinstall.pl [-f] [-p path]

Provide the -f option if you have null encryption versions of these nlms on the server.

Provide the -p option to give the name of the directory where the Companion CD is unzipped.

Restart the server.

1.8 Installing Novell BorderManager 3.8 on NetWare 6 SP 3 or NetWare 5.1 SP6 or NetWare 6.5

To install Novell BorderManager 3.8 on the server:

1.      Run INETCFG before you install Novell BorderManager 3.8.

2.      Make sure Novell BorderManager 3.8 is unzipped on a drive that is accessible from your server.

Or

If it is a product CD, mount Novell BorderManager 3.8 CD from server by typing CDROM on server console.

3.      On the server side, go to the X-Server Graphical Console. If the X-Server Graphical Console is not loaded, type STARTX on the server console.

If STARTX is already loaded, press Ctrl-Esc and select the X-Server Graphical Console.

4.      Click the Novell logo, then select Install to display the currently installed products.

5.      Click Add, then browse to the root of the Novell BorderManager 3.8 directory and select product.ni, which is displayed in the right frame.

6.      On the Welcome page click Next.

7.      Read the license agreement. If you accept the terms of the agreement, click I Accept.

8.      The next page shows the Novell BorderManager 3.8 services that will get installed.

9.      Trial Licenses are selected by default. You could select the Shipping License or check the Skip License Install check box and click Next so that the licenses can be installed later.

Trial and Shipping licenses are located in the LICENCES directory in the root of the CD. You can install the system files without installing the license; however, Novell BorderManager 3.8 services will not load until a valid license is installed. For more information on moving from trial to production version see 1.9 Moving from Trial to Production .

NOTE:  You can install trial license only once per tree.

10.   The Minimum Requirements screen will be displayed. On this screen see the Results column to verify whether the minimum system requirements are met or not. Click Next to proceed.

NOTE:  If any of the base requirements except TCPIP modules or iManager 2.0 is not met, the install will abort (Check the help for more details). Fulfill the requirements according to the table appearing on the page and re-start the installation. If the base requirements for the TCPIP modules is not met a warning will be displayed. You can ignore the warning and install, however you would need to copy the right TCPIP modules later (see "TCPIP" on page 5) if you want to use VPN services.

If iManager 2 is not installed the plugins for Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration will not be installed. If that is the case, install iManager 2 after Novell BorderManager installation and this will automatically install the Novell BorderManager Firewall Configuration and Novell BorderManager VPN Configuration plugins.

11.   In the login dialog box, log in to the eDirectory tree with a fully distinguished name (FDN, with administrative rights).

Either provide the FDN or provide only the name and then the context in the Context field.

You must have administrative rights to the root of the eDirectory tree. This requirement applies to any user who is a trustee with Supervisor rights at a container at the same level as the server. Administrative rights are required to extend the eDirectory schema, install product licenses, and configure Novell BorderManager 3.8 for the first time.

12.   Select the NMAS login methods you want to install, then Click Next.

13.   Radius components and ConsoleOne® snap-ins for NMAS will be installed by default. Incase of upgrade you might select Migrate Radius Components and fill in the details.

NOTE:  If this is an upgrade the next screen will prompt you to provide details for the VPN services. See Step 22 on page 6. Else continue with the next step.

14.   If you are installing Novell BorderManager firewall/caching services or Novell BorderManager VPN services, review the list of network interfaces and their IP bindings. Specify each interface as public, private, or both for proxy and firewall services.

For firewall and caching services, you must specify a public IP address to secure the network border. Public IP addresses specify server interfaces to a public network, typically the Internet. Private IP addresses specify server interfaces to a private network or intranet.

a.      Check either a public IP address or a private IP address or both.

b.      Specify the default gateway.

c.       By default the iManager snap-ins for Firewall are checked. Uncheck the box if you do not want to install the snap-ins.

15.   Click Next

16.   Check the check boxes for the services that you want to enable. Filter exceptions for these services will be created on the public interface. Click Next.

NOTE:  On a single interface machine filter exceptions will be created but the filters will not be enabled. Filter exceptions corresponding to the checked services will be created on the public interface. Filter exceptions along with the filters get activated if IP Packet Filtering is selected. IP packet filtering will not be enabled if only one interface is available. If this is an upgrade, existing filters are preserved. Deny all filters are not set on public interfaces.

17.   (Optional) If you selected Mail, check either or both of the External/Internal boxes in order to set appropriate filter exceptions, depending on whether you want to proxy either an internal mail server(s)/external mail server(s) or both. Enter the name of one domain for the mail proxy.

18.   (Optional) If HTTP, FTP or HTTP Transparent are selected in the Proxy and Filter Exception screen in NetWare 6.5, click Create Volume and provide the required details in the pop-up screen to create traditional volumes for caching. You can also use existing traditional volume(s) for caching.

NOTE:   If you do not create a volume or select a traditional volume for caching, the sys:etc\proxy\cache directory will be used for caching.

19.   The check box for Access Control is enabled by default. We recommend that you accept the default. Access control enforces additional security by denying all proxy services traffic.

Access control rules can be set using the NetWare Administrator utility. Access rules are used to allow or deny access from any source or to any destination. This option comes up only if you select Proxy Services on the previous page.

20.   Specify a unique DNS domain name for your network, then click Next.

21.   Click Add to specify at least one or up to three DNS server IP addresses. By default the existing DNS entry is used.

22.   If you selected VPN, select the Allow Clear Text Password option so the VPN schema extension can use Clear Text Passwords. Else to use SSL to encrypt your password, select the option Use SSL for Schema Extension.

By default the iManager snap-ins for VPN would be checked. Uncheck the box if you do not want the snap-ins to be installed.

If the install is an upgrade from BMEE 3.6 or NBM 3.7, the option Migrate VPN Configuration is checked. Uncheck this option if you do not want to migrate the VPN configuration.

Do not change the Port on which LDAP is listening setting unless LDAP is listening on a non-standard port.

In case nldap.nlm is not loaded a message box will pop up asking you to configure the LDAP server.

NOTE:  To enable Clear Text Passwords, log in to ConsoleOne, then select LDAP Group Object > Properties. As applicable, either check the Allow Clear Text Password box (for eDirectory 8.6.2) or uncheck the Required TLS for Simple Bind with Password (for eDirectory 8.7.1).

To use SSL: For Schema Extension to succeed in this mode, you must have a valid Server Trusted Certificate, usually a DER file present in the sys:\public directory of your server. Browse to the file or enter its name in the box.

23.   Click Finish if you are done or click Back to return to previous windows and modify your selections.

24.   Do one of the following:

    • Click Reboot for Novell BorderManager 3.8 services to come up.
    • Click Close to complete the installation and return to the GUI screen.
    • Click ReadMe to view the ReadMe.

The install summary is available in sys:\ni\data\nbm_instlog.csv. The readme is available at the root of the CD under Documents > ReadMes > enu.

NOTE:  Novell BorderManager 3.8 provides the option to recover from a failed install. Install pops up an option after the authentication dialog (Step 11 on page 5). To recover from a failed install select the Fresh Install Option. Else select the Upgrade option. Continuing with the Fresh Install option with a working NBM 3.8 server may give unexpected results, particularly with existing filter exceptions. After using this option review your NWAdmn settings and filter exceptions.

1.9 Moving from Trial to Production

If you want to move from the trial Novell BorderManager 3.8 product to the production version, you need not re-install Novell BorderManager 3.8. Follow these steps:

1.      Install the Production License from the licenses\regular directory on the product CD using NWAdmn or iManager.

2.      Un-install the trial VPN Client. Install the production version of VPN Client from the product CD (CL_INST\VPN\EXES\SETUPEX.EXE).

3.      Un-install trial NCF. Install the production version of NCF from the product CD (CL_INST\NCF\NCFInstall.exe)



Portal posiada akceptację firmy Novell Polska
Wszystkie materiały dotyczące produktów firmy Novell umieszczono za zgodą Novell Polska
Portal has been accepted by the Novell Polska
All materials concerning products of Novell firm are placed with Novell Polska consent.
NetWare is a registered trademark of Novell Inc. in the United States and other countries.
Windows is a trademark or a registered trademark of Microsoft Corporation in the United States and other countries.
Sybase is a registered trademark of Sybase Inc. in the United States of America.
Other company and product names are trademarks or registered trademarks of their respective owners.