Back to Contents Page

Advanced Features

Dell™ PowerVault™ 715N NAS Systems Administrator's Guide

  Using Console Redirection

  Installing Multilanguage User Interface
(MUI) Support

  Installing and Configuring Support for Other Languages

  Network Adapter Teaming

  Services for UNIX®

  File Server for Macintosh

  Services for Novell® NetWare®

  Microsoft Directory Synchronization Services

  Using Secure Sockets Layers

  SNMP Considerations

This section includes descriptions of advanced features that cannot be performed from the Dell™ PowerVault™ NAS Manager menus.

To perform the procedures in this section, you must use the Terminal Services Advanced Client. To access the Terminal Services Advanced Client, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. From the NAS Manager, click Maintenance.
   
   
3. Click Terminal Services.
   
   
4. Log on as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

Using Console Redirection

Console redirection allows you to view the NAS system's power-on self-test (POST) and change BIOS settings from a client system. Console redirection redirects keyboard input and text output through the serial port. Graphic output is not redirected. This section describes the simplest connection possible: connecting to a system with a serial cable.

Minimum Hardware and Connection Requirements

To use console redirection, you must have the following:

• An available serial port (COM port) on a client system. (This port must not conflict with any other ports on the system.)
  
  
• An available serial port (COM 1) on the NAS system.
  
  

NOTE: Console redirection is enabled by default in the NAS system BIOS.

• The serial cable provided with your NAS system.
  
  
• Hyperterminal installed on the client system. If Hyperterminal is not installed on the client system, you can install it from your operating system CD.
  
  

Setting Up Console Redirection in Microsoft® Windows® 2000

NOTE: You can use clients running operating systems other than Windows 2000 for console redirection. However, this section provides information for setting up console redirection only on a Windows 2000 client system. For console redirection information on other operating systems, see the operating system documentation.

To set up console redirection on a Windows 2000 client system to manage your NAS system, perform the following steps:

1. Connect a Windows 2000 client system to the NAS system:
   
   
   1. Shut down the NAS system, and do not turn it back on until instructed.
      
      

See "Shutting Down the NAS System" in "NAS Manager."

2. Turn off the client system, if it is running.
   
   
3. Connect the serial cable between the COM port on the NAS system and the COM port on the Windows 2000 client system.
   
   

The COM port used on your client system is typically labeled COM1 or COM2.

2. Turn on the client system and set up a Hyperterminal connection:
   
   
   1. Click the Start button and point to Programs® Accessories® Communications® Hyperterminal.
      
      
   2. Select 115200 for the bits per second, 8 for data bits, None for parity, 1 for stop bits, and Xon\Xoff for flow control.
      
      
3. Restart the NAS system.
   
   

You can now use your client system to manage your NAS system. If you need to configure your BIOS settings, see "Entering the BIOS Setup Utility" in your User's Guide.

Navigating With Console Redirection

Because of ANSI limitations, not all keys can be used with console redirection. Table 7-1 shows the keystroke combinations used for the version of Windows on your client system.

Table 7-1. Console Redirection Keys 

Normal Keys (As They Appear on the Keyboard)	Keys Used for Windows 2000 Prior to Service Pack 2 and Windows XP	Keys Used for All Other Windows Operating Systems
Home	<Esc><h>	<Esc><h>
End	<Esc><k>	<Esc><k>
Insert	<Esc><+>	<Esc><+>
Delete	<Esc><->	<Esc><->
Page Up	< Esc><?>	<Page Up>
Page Down	<Esc></>	<Page Down>
F1	<Esc><1>	<F1>
F2	<Esc><2>	<F2>
F3	<Esc><3>	<F3>
F4	<Esc><4>	<F4>
F5	<Esc><5>	<Esc><5>
F6	<Esc><6>	<Esc><6>
F7	<Esc><7>	<Esc><7>
F8	<Esc><8>	<Esc><8>
F9	<Esc><9>	<Esc><9>
F10	<Esc><0>	<Esc><0>
F11	<Esc><!>	<Esc><!>
F12	<Esc><@>	<Esc><@>
Up arrow	<Esc><w>	Up arrow
Right arrow	<Esc><a>	Right arrow
Left arrow	<Esc><d>	Left arrow
Down arrow	<Esc><x>	Down arrow
<Ctrl><Alt><Delete>	<Esc><Shift><r> <Esc><r> <Esc><Shift><r> OR <Esc><Shift><b>	<Esc><Shift><r> <Esc><r> <Esc><Shift><r> OR <Esc><Shift><b>

Installing Multilanguage User Interface
(MUI) Support

NOTE: Installing the MUI for your language automatically installs the appropriate language locale.

The PowerVault 715N NAS system allows you to change languages for its Microsoft Windows Powered operating system's user interface. The MUI allows the PowerVault 715N to display Windows Powered operating systems menus, dialogs, and help files in multiple languages. The supported MUI languages are simplified Chinese, traditional Chinese, Dutch, English, French, German, Italian, Japanese, Korean, Spanish, and Swedish. You must install a language MUI from the Multilingual Support CD before it can be used on the system. When you receive a PowerVault 715N NAS system from Dell, the root directory of drive C includes a localization directory, which contains all of the files included in the Multilingual Support CD. If you have performed the reinstallation procedure, this directory does not exist, and you must install a language MUI from the Multilingual Support CD.

NOTE: Installing and configuring the operating system MUI does not affect the language used by the NAS Manager.

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the system as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Close the Advanced Administration Menu by clicking Exit.
   
   
5. Double-click My Appliance on the NAS desktop.
   
   
6. If this is a new system, perform the following steps, and then go to step 8. Otherwise, go to step 7.
   
   
   1. Double-click Local Disk C: to open the root directory.
      
      
   2. Double-click the localization directory.
      
      
   3. Double-click the muisetup.exe file to configure the language.
      
      
7. If you performed the reinstallation procedure on your system, perform the following steps:
   
   
   1. In the Sharing tab on the Compact Disk Properties page, click the radio button next to Share this folder to share the CD drive, and then insert the Multilingual Support CD that came with your NAS system into your remote client system's CD drive.
      
      
   2. Map a network drive to the CD share, but do not select Reconnect at logon.
      
      
   3. Browse to the mapped drive, and then double-click the CD icon to launch the Multilingual Support CD's Web interface.
      
      
   4. Click the Install Multilanguage User Interface (MUI) Support link to launch the Multilanguage File Installation installer program.
      
      
8. In the installer window, select the languages to be installed, and select the default MUI language from the menu.
   
   
9. Click OK to perform the installation.
   
   
10. If the Insert Disk window appears, you must perform the following steps:
    
    
    1. Click OK.
       
       
    2. In the Files needed window, click Browse, browse to the i386 directory on the Multilingual Support CD or in the C:\localization directory (which does not exist if you reinstall the operating system), and then click Open.
       
       
    3. If the Insert Disk window displays, click OK to allow the operating system to find the required files for installation.
       
       
11. Disconnect the mapped network drive from the CD share that you mapped in step 7.
    
    
12. After the installation is complete and you have disconnected the network drive, you must reboot your system.
    
    

After a MUI language has been installed, you can apply it to any user by performing the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the system as an administrator.
   
   

The default administrator user name is administrator and the default password is powervault.

4. On the Advanced Administration Menu, click System Management, and then click Set Regional Options to launch the Regional Options control panel.
   
   
5. On the General tab, select the MUI language from the Your locale (location) drop-down menu, and then click Apply.
   
   
6. Log off and log in to the system again for the new language MUI to take effect.
   
   

Installing and Configuring Support for Other Languages

NOTE: Install additional language locales only if your preferred language is not available with MUI support or you need additional locale support.

The Windows Powered operating system that comes installed on the PowerVault 715N can be configured to support reading and writing documents in a number of languages. To install the software required to support a specific language, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the system as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Close the Advanced Administration Menu by clicking Exit.
   
   
5. Double-click My Appliance on the NAS desktop.
   
   
6. If this is a new system from Dell, perform the following steps, and then go to step 8. If you are performing this procedure after reinstalling your operating system, go to step 7.
   
   
   1. Double-click Control Panel.
      
      
   2. Double-click Regional Options.
      
      
7. If you performed the reinstallation procedure on your system, perform the following steps:
   
   
   1. In Windows Explorer on a remote system, right-click the CD drive, and then click Sharing. In Sharing tab on the Compact Disk Properties page, click the radio button next to Share this folder to share the CD drive, and then insert the Multilingual Support CD that came with the PowerVault 715N into your remote system CD drive.
      
      
   2. Map a network drive to the CD share, but do not select Reconnect at logon.
      
      
   3. Browse to the mapped drive, and then double-click the Multilingual Support CD icon to launch the Multilingual Support CD's Web interface.
      
      
   4. Click the Install Language Locales Not Supported by MUI link to launch the Regional Options control panel.
      
      
8. From the Language Settings for the System panel, select the languages to be configured.
   
   
9. Set the default language for the system by clicking Select default... and selecting the appropriate language from the menu, and then click OK.
   
   
10. Click Apply to complete the operation.
    
    
11. If the Insert Disk window appears, you must perform the following steps:
    
    
    1. Click OK.
       
       
    2. In the Files needed window, click Browse, browse to the i386 directory on the Multilingual Support CD or in the C:\localization directory (which does not exist if you reinstall the operating system), and then click Open.
       
       
    3. Click Open, and then click OK from the Insert Disk window to allow the operating system to find the required files for installation.
       
       
12. After the installation is complete, if applicable, disconnect the mapped network drive from the CD share that you mapped in step 7.
    
    
13. Reboot your system.
    
    

NOTE: For more information, see the Microsoft Windows Powered operating system's online help.

Network Adapter Teaming

Network adapter teaming allows the system to use the combined throughput of multiple network ports in parallel to increase performance or to provide fault tolerance. Network adapter teaming on your NAS system supports the following technologies:

• Adaptive Load Balancing (ALB) from Intel®
  
  
• Adapter Fault Tolerance (AFT) from Intel
  
  
• Link Aggregation
  
  
• Fast EtherChannel (FEC)
  
  
• IEEE 802.3ad
  
  

NOTE: When creating or removing teams, the IP address of the NAS system's LAN connections changes. To prevent disconnecting from the NAS system during team configuration, use a serial connection when creating or removing teams. See "Configuring Your System Using a Serial Connection" in "Initial Configuration" before configuring your teams.

Adaptive Load Balancing

Adaptive Load Balancing (ALB) is a simple and efficient method for increasing the NAS system's network transmission throughput. The ALB software continuously analyzes transmission loading on each adapter and balances the load across the teamed ports as needed. Adapter teams configured for ALB also provide the benefits of adapter fault tolerance. To use ALB, the Ethernet ports on the NAS system must be linked to the same Ethernet switch.

Adapter Fault Tolerance

Adapter Fault Tolerance (AFT) provides the safety of an additional backup link between the NAS system and the hub or switch. If a hub, switch port, cable, or Ethernet port fails, you can maintain uninterrupted network performance. AFT is implemented with a primary adapter and a backup, or secondary, adapter. If the link to the primary adapter fails, the link to the secondary adapter automatically takes over.

Link Aggregation

Link aggregation is a performance technology developed by Intel and others to increase a system's network throughput. Unlike ALB, link aggregation can be configured to increase both transmission and reception channels between your system and switch. Link aggregation works only with compatible Intel switches. To use link aggregation, the Ethernet ports of the NAS system must be linked to the same Intel Ethernet switch.

Fast EtherChannel

Fast EtherChannel (FEC) is a performance technology developed by Cisco Systems to increase a system's network throughput. Unlike ALB, FEC can be configured to increase both transmission and reception channels between your NAS system and switch. FEC works only with compatible Cisco switches. To use FEC, the Ethernet ports of the NAS system must be linked to the same Cisco FEC-compatible switch.

IEEE 802.3ad

IEEE 802.3ad is a performance technology standard that increases a system's network throughput. IEEE 802.3ad is similar to the FEC standard developed by Cisco. However, whereas FEC works only with FEC-compatible Cisco switches, IEEE 802.3ad works with all switches that support IEEE 802.3ad. To use IEEE 802.3ad, the Ethernet ports of the NAS system must be linked to the same IEEE 802.3ad switch.

Creating Intel PROSet II Network Teams

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Intel Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Network Teaming utility, Intel PROSet II, displays.

5. Click Action, click Add to Team, and then click Create New Team.
   
   

The Teaming Wizard displays.

6. Select the type of team to create, and then click Next.
   
   

The types of team include Adapter Fault Tolerance, Adaptive Load Balancing, Fast EtherChannel*/Link Aggregation, and IEEE 802.3ad.

7. Select the Intel adapters to include with this team, and then click Next.
   
   

NOTE: Broadcom NICs cannot be selected.

8. Verify that the team contains the appropriate members, and then click Finish.
   
   
9. If the team needs to be modified, click Back.
   
   

Removing Intel PROSet II Network Teams

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Intel Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Network Teaming utility, Intel PROSet II, displays.

5. In the tree view, click the team that you want to remove.
   
   
6. Click Action, and then click Remove.
   
   

Removing an Intel PROSet II Adapter From a Network Team

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Intel Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Network Teaming utility, Intel PROSet II, displays.

5. In the tree view, click the adapter that you want to remove.
   
   
6. Click Action, and then click Remove.
   
   

Changing the Intel PROSet II Network Team Mode

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Intel Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Network Teaming utility, Intel PROSet II, displays.

5. In the tree view, click the team to modify.
   
   
6. Click Action, and then click Change Team Mode.
   
   
7. In the Teaming Wizard, select the type of team that you want to create, and then click Next.
   
   

The types of team include Fault Tolerance, Load Balancing, Fast EtherChannel*/Link Aggregation, and IEEE 802.3ad.

8. Click OK to close.
   
   

Creating Network Teams Using the Broadcom Advanced Server Control Suite

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Broadcom Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Broadcom Advanced Server Control Suite window displays.

5. Click Load Balance/Virtual LAN.
   
   
6. Click Create Team.
   
   
7. Enter the team name and select the appropriate team mode.
   
   

The types of team include Start Load Balance and Fail Over, FEC/GEC, and Link Aggregation (IEEE 802.3ad).

8. Click OK.
   
   
9. Select the team name in the Configuration box.
   
   
10. Select an unassigned adapter to add to the team, and then click the arrow adjacent to the Team Members list to add the adapter.
    
    
11. Repeat step 10 for the second adapter.
    
    
12. Click OK.
    
    

Removing Broadcom Adapter From a Network Team

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Broadcom Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Broadcom Advanced Server Control Suite window displays.

5. Click Load Balance/Virtual LAN.
   
   
6. Select the team name in the Configuration box.
   
   
7. Select an adapter in the Team Members list, and then click the arrow adjacent to Team Members to remove the adapter.
   
   
8. Click OK.
   
   

Changing the Network Team Mode Using the Broadcom Advanced Server Control Suite

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. Under Administrative Tools on the Advanced Administration Menu, click Broadcom Network Teaming.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

The Broadcom Advanced Server Control Suite window displays.

5. Click Load Balance/Virtual LAN.
   
   
6. Select the team name in the Configuration box.
   
   
7. Select the new type of team and click OK to apply the change.
   
   

The types of team include Start Load Balance and Fail Over, FEC/GEC, and Link Aggregation (IEEE 802.3ad).

Services for UNIX®

Services for UNIX (SFU) provides the tools needed to integrate UNIX and Windows networks by leveraging existing UNIX network resources and expertise. SFU includes more than 60 of the most common UNIX command line utilities to provide a familiar environment for UNIX users and administrators.

Server for NFS allows you to leverage your existing UNIX network resources for UNIX clients.

SFU provides important tools to enhance and simplify the administration of your network.

• Telnet Server enables character- and script-based remote administration of Windows 2000 and Windows NT®-based servers from a variety of clients.
  
  
• Microsoft Management Console (MMC) snap-in enables a consistent and central management point for all SFU functionality.
  
  
• ActivePerl enables existing and new scripts to use the Windows Management Interface (WMI) to automate network administration tasks.
  
  
• User Name Mapping associates Windows and UNIX user names, which allows users to connect to NFS resources without having to log in to UNIX systems separately.
  
  

Server for Network File System (NFS)

SFU provides a robust Server for NFS that can be used to provide disk resources from systems running Windows NT and Windows 2000 to any system on your network that supports NFS. To administer Server for NFS, set the following options from the SFU MMC console:

• User Mapping is the name of the mapping server to use.
  
  
• Auditing is the size and location of the logging file and the operations to audit.
  
  
• Locking is the grace period for locks and a list of current locks.
  
  
• Client Groups is used to group client systems for easier setting of permissions.
  
  

UNIX Utilities

Table 7-2 lists UNIX utilities provided with SFU.

Table 7-2. Categories of UNIX Utilities 

Category	Utility
File and directory utilities	basename, cp, diff, dirname, dos2unix, find, ln, ls, mkdir, mount, mv, paste, pwd, rm, rmdir, sdiff, split, tee, touch, uniq, uudecode, uuencode, umount
Text utilities	cat, cut, grep, egrep, fgrep, head, more, printf, sed, sort, tail, tr, vi, wc
Programming utilities	perl, od, sh, strings
Security utilities	chmod, chown, su
Process and general utilities	cron, crontab, date, du, kill, nice, printenv, ps, rcmd, renice, sleep, atr, top, uname, wait, which, xargs

Telnet Server

The Telnet server works optimally for most installations. It accepts logins from a variety of clients, including the Telnet clients shipped with Windows 2000, Windows NT, Windows 95, and Windows 98, as well as a variety of character mode terminal clients from virtually any operating system. In addition, it can be configured to meet specific site requirements such as improving security, simplifying logins, and supporting stream or console mode.

Authentication

The SFU Telnet server supports Windows NT LAN Manager (NTLM) for authentication of client logins. NTLM allows users to be automatically authenticated to the Telnet server based on their Windows NT login. This makes using Telnet completely transparent to users, while ensuring that clear text passwords do not pass over the network. However, NTLM must be supported on the client side of the login as well.

When users are logged in to a system that is using NTLM login, they are restricted to local drives on that system. If they need to map network resources, they can do so by explicitly mapping with full credentials.

Administration

The Telnet server is administered using the SFU MMC snap-in or the tnadmin program.

The following options are available:

• Authentication gives you the choice of NTLM or Username/Password.
  
  
• Auditing enables you to set event logging to a separate log file or to the event log and to specify what events to log.
  
  
• Server Settings enables you to set the following options:
  
  
• Maximum number of simultaneous connections.
  
  
• Maximum number of failed login attempts.
  
  
• Map <Alt> key to <Ctrl><A>.
  
  
• Telnet port.
  
  
• Console or Stream for mode of operation.
  
  
• Default Domain Name is the domain name that is automatically added to the login username. The default is ".", which disables this feature.
  
  
• Idle Session Timeout is the time until an idle session is forcibly disconnected.
  
  
• Terminate all programs when disconnecting or Continue to run programs started with the command bgjob.
  
  
• Sessions allows you to see data about the currently active sessions (such as user, domain, system, and logon date/time) and to either send a message to the session or terminate it.
  
  

Services for UNIX MMC Console

SFU UNIX includes a single MMC for managing all of SFU. The MMC provides a cohesive management interface that allows you to administer all systems on the network from any console. Further, since SFU supports the Windows Management Interface (WMI), management can be scripted from the command line.

You can access the MMC Console by selecting Computer Management under System Management on the Advanced Administration Menu. See "Using the PowerVault Advanced Administration Menu" in "NAS Manager."

ActiveState ActivePerl 5.6

SFU includes ActiveState's ActivePerl 5.6, a full-featured port of Perl 5.6 and Perl Script to Windows Powered operating systems. Among other improvements, ActivePerl 5.6 includes support for fork() emulation at the interpreter level, improving the portability of scripts and modules. ActivePerl also provides full support for the Windows Script Host, making ActivePerl an excellent tool for system administration tasks.

User Name Mapping

User Name Mapping provides mapping of names between the UNIX and Windows environments. You can configure User Name Mapping from the SFU MMC Console or by using the NAS Manager to configure properties for the NFS Sharing Protocol. With User Name Mapping, you can create simple maps between Windows Powered user accounts and corresponding UNIX accounts. You can also use the Advanced Map feature to map accounts with dissimilar names. Given that UNIX user names are case-sensitive, while Windows Powered operating system names are not, the use of User Name Mapping can greatly simplify maintaining and managing accounts in the two environments. User Name Mapping uses Network Information Service (NIS) or local Personal Computer Network File System (PCNFS) user and group files to authenticate users. Also, User Name Mapping supports bidirectional one-to-many mapping, allowing you to map a single UNIX or Windows Powered operating system account to multiple accounts in the other environment. For example, you can map more than one administrative account in a Windows Powered operating system to the UNIX root account.

To create user and group name maps, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. From the NAS Manager, click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click NFS Protocol, and then click Properties.
   
   
5. Click User and Group Mappings.
   
   
6. Use the User and Group Mappings window to define your user and group maps.
   
   

Configuration

To configure the type of server to be used to access UNIX user and group names, perform the following steps:

1. On the User and Group Mappings window, click General.
   
   
2. Click Use NIS server, or click Use password and group files to select the server type.
   
   
3. Depending on whether you use an NIS server or password and group files, perform one of the following steps:
   
   
   • For password and group files, specify the location and filename of the UNIX password file and UNIX group file.
     
     

NOTE: The UNIX password file and group file formats must conform to the UNIX standard for these files.

• For NIS server, type the NIS domain and, optionally, the name of the NIS server.
  
  

4. Click OK to apply the configuration.
   
   

Defining Maps

To define simple maps in SFU, select the Simple Maps check box, and then perform the following steps:

1. In the User and Group Mappings window menu, click Simple Mappings.
   
   
2. Click Enable Simple Mapping.
   
   
3. Specify the Windows Domain.
   
   
4. Click OK to create the maps.
   
   

If you are defining explicit maps, you create user and group maps individually. To create explicit maps, perform the following steps:

1. On the User and Group Mappings window menu, click Explicit User Mapping to create user maps, or click Explicit Group Mapping to create group maps.
   
   
2. Specify the Windows Domain. If the server is configured as PCNFS, go to step 4.
   
   
3. Click List UNIX Users or List UNIX Groups.
   
   

This action refreshes your UNIX users or groups selection.

4. Create map entries by selecting a Windows user or group and a UNIX user (UID) or group (GID) from the list and clicking Add.
   
   
5. Click OK to create the maps.
   
   

Basic Scenarios

For UNIX and Windows NT User Name Mapping, an NIS Server must already exist in the UNIX environment or UNIX user and group files must exist on the PowerVault NAS system. User Name Mapping associates UNIX users and groups to Windows NT users and groups. You can use two types of maps, simple and explicit. Simple maps define a one-to-one relationship between the same user names and groups. Explicit maps define a relationship between dissimilar user names and groups.

Workgroup

In the workgroup scenario, you configure User Name Mapping locally on the PowerVault 715N system. All maps are contained on this system.

Domain

In the domain scenario, you configure NFS Authentication on all domain controllers. The NT Authentication Service installation program must be installed on the domain controller and available in the DomainUtils share on the NAS system.

To install the NT Authentication Service on a domain controller, perform the following steps:

1. Log in to the domain controller as an administrator.
   
   
2. Map the NAS system's DomainUtils share.
   
   
3. Run sfucustom.msi, which is located in the Services for Unix directory.
   
   

Filename Character Translation

Although Windows and UNIX file systems do not allow certain characters in filenames, the characters that are prohibited by each operating system are not the same. For example, a valid Windows filename can not contain a colon (:), but a UNIX filename can. If a UNIX user attempts to create a file in an NFS share and that file contains an illegal character in its name, the attempt will fail.

You can use filename character translation to replace characters that are not allowed in a file system by mapping them to characters that are valid. To enable filename character translation, create a text file that maps Windows to UNIX characters, and then modify the registry entry that specifies the path and name of the translation file.

The filename character translation text file is a list of mapped characters in the following format, such as the following:

0xnn : 0xnn [ ; comment ]

where nn is the hexadecimal value of the character

The entry for a map from the UNIX character ":" to the Windows character "-" in the filename character translation text is as follows:

0x3a : 0x2d ; Map ':' (0x3a) to '-' (0x2d)

To map the character combination "()" to the character "^", add the following entry:

0x28 0x29 : 0x5e ; Map '()' to '^'

To specify the path and name of the filename character translation text file for Server for NFS to use, modify the following registry key to contain the path and filename of the character translation file:

HKLM\SOFTWARE\Microsoft\Server for NFS\CurrentVersion\Mapping\CharacterTranslation

File Server for Macintosh

File Server for Macintosh (FSM) provides the tools needed to integrate Macintosh and Windows networks by leveraging existing Macintosh network resource and expertise. FSM is disabled by default on the NAS system. See "Enabling the AppleTalk Protocol" for information about enabling FSM.

Enabling the AppleTalk Protocol

The AppleTalk protocol is disabled on the NAS system by default. You must enable the AppleTalk protocol for Macintosh clients to access the NAS system.

To enable the AppleTalk protocol, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click AppleTalk Protocol, and then click Enable.
   
   

Adapter Bindings

FSM can bind to only one network adapter. By default, it is bound to the embedded 10/100TX Network Adapter. To change the binding in systems with multiple network adapters, the AppleTalk protocol properties for the network adapter to be used by AppleTalk must be modified to accept inbound connections.

AppleTalk Protocol Adapter Binding

To modify the AppleTalk protocol adapter binding for filers with multiple network adapters, perform the following steps from the NAS Manager:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Network.
   
   
3. Click Interfaces.
   
   
4. Click the radio button next to an enabled adapter to bind the AppleTalk protocol.
   
   

NOTE: The AppleTalk protocol must bind to an adapter that is enabled, regardless of whether the File Server for Macintosh is disabled.

5. On the Tasks menu, click AppleTalk.
   
   
6. Click the check box next to Enable inbound AppleTalk connections on this adapter.
   
   
7. Optionally, if you use AppleTalk zones, select the appropriate zone in the drop-down box.
   
   
8. Click OK.
   
   

Microsoft UAM Volume

A user authentication map (UAM) is a software program that prompts users for an account name and password before they log in to a server. The Macintosh Chooser has a standard UAM built in that uses the clear-text password or Apple's RandNum Exchange method of security.

Microsoft Authentication offers an additional level of security because the password is used as a key to encrypt a random number. If the system administrator has determined that encryption is an important security measure, you may be asked to use Microsoft Authentication in addition to Microsoft UAM authentication.

Requirements

To use Microsoft UAM 5.01, you must have a Macintosh client running AppleShare Client 3.8 or newer or the Mac operating system (OS) 8.5 or newer operating system. If you do not meet the minimum requirements, the Microsoft UAM Installer installs the old Microsoft UAM 1.0 module. If you upgrade your system software, you need to run the Microsoft UAM Installer again.

Installing User Authentication

Log in to the Microsoft UAM Volume on the system to access the MS UAM file, and then drag this file to the AppleShare Folder in your System folder.

To access the Microsoft Authentication files on the system, perform the following steps:

1. Create a user with a password of less than eight characters.
   
   
   1. Log in to the NAS Manager.
      
      

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Users.
   
   
3. Click New.
   
   
4. Complete the information in the Create New User window and click OK.
   
   

NOTE: The password can be no longer than eight characters. Passwords longer than eight characters cannot be used when mapping an Apple share without a UAM.

2. Click Chooser on the Macintosh Apple menu.
   
   
3. Double-click the AppleShare icon, and then click the AppleTalk zone in which the system with Services for Macintosh resides.
   
   

Ask your system administrator if you are not sure of the zone.

4. Select the system from the list of file servers, and click OK.
   
   
5. Click Registered User.
   
   
6. Enter the user name and password you created in step 1, and then click OK.
   
   
7. Select the Microsoft UAM Volume, and then click OK.
   
   
8. Close the Chooser dialog box.
   
   

To install the authentication files on the Macintosh workstation, perform the following steps:

1. Double-click Microsoft UAM Volume on the Macintosh desktop.
   
   
2. Double-click the Microsoft UAM Installer file on the Microsoft UAM volume.
   
   
3. Click Continue in the Installer Welcome screen.
   
   

The installer reports whether the installation succeeded.

If the installation succeeded, Macintosh users of this workstation are offered Microsoft Authentication when they connect to the system.

Restarting Workstation Services

If File Services for Macintosh cannot establish communications to the local RPC service, you may need to restart the Workstation Service.

To restart the Workstation Service, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the NAS system as an administrator.
   
   

NOTE: The default administrative user name is administrator and the default password is powervault.

The Advanced Administration Menu displays. If it does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS appliance.

4. Click System Management, and then click Computer Management.
   
   
5. Click Services and Application.
   
   
6. Double-click Services.
   
   
7. Right-click Workstation in the Services window, and select Restart.
   
   
8. Confirm that you want to restart the Workstation Services.
   
   

Services for Novell® NetWare®

Services for NetWare (SFN) are compatible with Novell NetWare Bindery service for authentication and file access using the internetwork packet exchange/sequenced packet exchange (IPX/SPX) network protocol. Services for NetWare are disabled by default. See "Enabling Services For NetWare."

Enabling Services For NetWare

The NetWare protocol is disabled on the NAS system by default. You must enable the NetWare protocol for NetWare clients to access the NAS system.

To enable the NetWare protocol, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click NetWare Protocol, and then click Enable.
   
   

Configuring the NWLink IPX/SPX Compatible Protocol

To configure this protocol, you need the internal network number, the frame type, and the network number.

Internal Network Number

Internal network numbers are used for internal routing and are generally needed only for servers. You should not need to change this option on your system.

Frame Type and Network Number

Frame types define the packet formats that are used by different networks. It is important that all systems in a network have the same frame type so that they can communicate with the rest of the network.

When you are configuring your system, it attempts to automatically detect the frame type for the client. In most cases, this is successful. However, occasionally the automatic detection feature selects an inappropriate frame type, usually because more than one frame type exists on the network. If this happens, you should manually set the frame type to match the one specified on your NetWare server. Note that if more than one frame type exists, you should select the one that is detected first. For example, if the frame types Ethernet 802.2 and Ethernet 802.3 are bound to the same segment, then configure frame type Ethernet 802.2. The order of detection is Ethernet 802.2, Ethernet 802.3, Ethernet II, and then Ethernet SNAP.

Configuring the IPX Protocol

By default, the IPX protocol is configured on the NAS system to automatically detect frame types. To use the IPX protocol, you must change your NAS system's IPX properties to manually detect frame types.

To configure the IPX protocol to manually detect frame types, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the NAS system as an administrator.
   
   

NOTE: The default administrative user name is administrator and the default password is powervault.

The Advanced Administration Menu displays. If it does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS appliance.

4. Click System Management, and then click Network Properties.
   
   
5. In the Network and Dial-up Connections window, right-click the network adapter used by the NAS system and select Properties.
   
   
6. In the Local Area Connection window, click NWLink/IPX/NetBIOS Compatible Transport Protocol, and click Properties.
   
   
7. In the NWLink/IPX/NetBIOS Compatible Transport Protocol window, select Manual Frame type detection.
   
   
8. Click Add.
   
   
9. In the Manual Frame Detection window, select a frame type and enter a network number for the IPX network.
   
   
10. Click OK.
    
    
11. Click OK to close the Local Area Connection window.
    
    
12. Click OK again to close the Network and Dial-Up Connections window.
    
    

The IPX protocol is now configured on the NAS system to manually detect frame types.

Microsoft Directory Synchronization Services

Microsoft Directory Synchronization Services (MSDSS) allows you to synchronize a wide variety of data stored in the Active Directory service with Novell Directory Service (NDS) and NetWare 3.x binderies.

MSDSS is a highly flexible service that helps Novell users to perform the following tasks:

• Adopt Windows 2000 Server and the Active Directory service
  
  
• Reduce directory management through two-way synchronization
  
  
• Migrate NDS and bindery information to Windows 2000 Server
  
  

MSDSS supports two-way synchronization with NDS and one-way synchronization with NetWare 3.x binderies to provide a complete directory interoperability solution. MSDSS also supports password synchronization and provides a directory migration service.

MSDSS allows NetWare users to deploy Active Directory without having to replace existing directories or bear the cost of managing two separate directories. As a result, users have the flexibility to:

• Consolidate directory management when multiple directories are required
  
  
• Manage accounts from either directory
  
  
• Use directory-enabled applications, devices, and services based on the Windows 2000 Active Directory service
  
  

MSDSS is easy to use and makes synchronization and Active Directory setup easy through its management interface. It is fully featured to allow users a choice of management, synchronization, and migration options.

MSDSS supports all major NetWare platforms and most Novell directories and binderies, and it includes support for IPX/SPX and TCP/IP network protocols.

Windows 2000 MSDSS Domain Controller

To implement MSDSS, you must install the Windows 2000 Server operating system and the MSDSS software (available on the Microsoft Services for NetWare Version 5 CD) on at least one system. In Windows 2000, when you promote a system running Windows 2000 Server to an Active Directory server, it becomes a domain controller. You use this domain controller to configure Active Directory, install MSDSS, and then import information from the existing NetWare environment.

The larger the environment, the more new servers you need. If you are planning to have more than one domain, then you need new hardware for the first domain controller in each domain.

You must also install Novell Client Access software on the MSDSS server or servers. MSDSS uses Novell Client Access to authenticate and to access NDS. While accessing NDS, it authenticates, but does not use a license. MSDSS also uses Novell Client Access to map one directory's contents to another, taking into account the fact that the object classes in Novell's NDS or bindery directories are different from Active Directory object classes. Novell Client Access is also required to use the File Migration utility to migrate files.

You can install Novell Client Access in four modes: IP only, IPX only, IP and IPX combined, and IP with IPX Compatibility Mode. Most NetWare environments still use IPX. MSDSS works in all the modes because it uses Novell Client Access to access the lower layers.

If you are migrating NDS, you can import the user and group information from one NDS server to the MSDSS server because you have one user database per tree. You can then migrate the file system. Remember that each Novell server has its own file system, which is not replicated to other servers (whereas NDS is replicated to other servers). After the files are migrated, you can uninstall NDS from the server to provide more space for the Windows 2000 Server operating system.

Outline of the Deployment Procedure

The next two sections describe the procedures for implementing MSDSS in a smaller (local area network [LAN] only) or larger (wide area network [WAN]) network. You need to adapt the guidelines to suit your environment and goals.

Small Environment

A small company with a LAN-based and uncomplicated network is often a likely candidate for a quick migration. After doing all the preparations described in the previous section, perform the following steps (adjusted, if necessary, to your situation):

1. Back up your NetWare system and user data.
   
   
2. Install and configure a Windows 2000 domain controller (see the documentation that came with your operating system software).
   
   
3. Install the Novell Client for Windows 2000 from the Novell website at www.novell.com/download.
   
   
4. Replace services or applications that require NDS with software that is compatible with Active Directory. (Remove NDS applications before you begin using MSDSS, except for ZENworks, which can be replaced by IntelliMirror at any time.)
   
   
5. Install MSDSS from the system DomainUtils share.
   
   

NOTE: To access MSDSS software, map a network drive to \\Dellxxxxxxx\DomainUtils, where xxxxxxx is the system's service tag number. For example, if your service tag number is 1234567, type DELL1234567. You can find the service tag number on the top cover of your NAS system.

6. Log in to the NDS tree or bindery server as administrator.
   
   
7. Log in to the appropriate Windows 2000 domain as a member of the Domain Admins group.
   
   
8. On the MSDSS server, open the Help files, and then print out the procedures "To perform a one-time migration" and "To migrate files."
   
   
9. Click the Start button, and then point to Programs® Administrative Tools® Directory Synchronization to start MSDSS.
   
   
10. Follow the instructions as described in the Help printout, "To perform a one-time migration." The prompts guide you through the following steps:
    
    
    1. Right-click MSDSS in the console tree, and then click New Session to start the New Session Wizard.
       
       
    2. Specify whether objects are to be copied from NDS or Bindery.
       
       
    3. Click Migration.
       
       
    4. If you plan to migrate files as well as directory objects, click the Migrate Files check box.
       
       

You must also run the File Migration utility.

5. Specify the path to the Active Directory container in which you want to copy items.
   
   
6. Accept the default domain controller in which to store the migration log.
   
   
7. Specify the NDS Container or Bindery Container from which to copy items.
   
   
8. Provide the name and password of the Novell administrative account.
   
   
9. On the Initial Reverse Synchronization page, specify the password options (such as Set passwords to the user name.)
   
   

When you are performing a migration, this page does not include the option to actually perform an initial reverse synchronization, but it is the page where you specify which password option you want to use.

10. Set synchronization mode to default object mapping or to custom object mapping.
    
    
11. If you selected custom object mapping, you are prompted to manually establish one-to-one relationships between pairs of objects.
    
    
12. Click Finish.
    
    

After the user accounts are migrated, you can migrate the file system (migrating the users before the files allows you to migrate file-system permissions). Follow the instructions in the Help printout, "To migrate files." The prompts guide you through the following steps:

• To start the File Migration Utility, click the Start button and point to Programs® Administrative Tools® File Migration Utility.
  
  
• To view mapping relationships, click View Maps.
  
  
• To view mapped access rights for the users, groups, organization units, and organizations to be migrated, click Access Rights.
  
  

The NDS Modify option converts, by default, to Read because it does not have an equivalent NFTS right. You might want to click the Write check box to allow read/write access.

• On the Step 2 — Security Accounts tab, verify that you are logged on with the correct Active Directory, NDS, or Bindery credentials.
  
  
• On the Step 3 — Source and Target tab under Source (NDS/Bindery), click the volume or directories from which you want to migrate files. Under Target (Active Directory), click the shares or directories to which you want to migrate files, click the Map button, and then click Next.
  
  

If the NDS or Bindery volume you selected in the source tree displays Unavailable, then you are not currently logged in to that tree or Bindery server. Log in, and then press <F5> after reselecting the volume to view the directories within the displayed volume.

• On the Step 4 — Log File tab, select your logging options, and then click Next.
  
  
• On the Step 5 — Scan tab, click Scan, and then click Next.
  
  

The utility scans all source volumes and counts and displays the number of directories and files in each. It ensures that proper access has been given to each source volume, directory, and file. If any errors occur, the utility displays them under NetWare scan logs and Windows scan logs, respectively. You can select a number of acceptable errors; if this number is exceeded, the process aborts, allowing you to return to previous steps to correct the errors.

• On the Step 6 — Migrate tab, click Migrate.
  
  

Manually migrate (or use third-party utilities to migrate) object security permissions and system accounts, printer objects, application objects, and other objects that MSDSS does not migrate from Bindery or NDS to Active Directory. (MSDSS migrates NetWare user accounts, groups, and distribution lists for Bindery and NDS, and, for NDS only, MSDSS also migrates NDS organizational units and organizations.)

1. Upgrade your NetWare server(s) to the Windows 2000 Server or Professional operating system.
   
   
2. On each Windows desktop in your NetWare network, uninstall Novell Client Access.
   
   

You must configure the desktops to join the Windows 2000 domain.

3. Optionally, upgrade NetWare clients (workstations) to the Windows 2000 Professional operating system.
   
   
4. Configure all client systems (both Windows and non-Windows), to join the Windows 2000 domain.
   
   

Be sure that the users know how to handle their password the first time they log in (for possible password options, see "MSDSS Password Management" in "MSDSS Deployment: Understanding Synchronization and Migration)" at www.microsoft.com.

Medium-Sized or Large Environment

An organization large enough to have WAN links probably selects to synchronize its networks temporarily while performing a gradual migration over time (up to 3 months for a large network), or it prefers to use synchronization to establish a mixed Novell/Windows 2000 network on a long-term basis. If you plan a staged migration, one-way synchronization is often the appropriate choice.

After doing all the preparation described above, perform the following steps (adjusted, if necessary, to your situation):

1. Back up your NetWare user and system data.
   
   
2. Install and configure a Windows 2000 domain controller (see the documentation that came with your operating system software).
   
   
3. Install the Novell Client for Windows 2000 from the Novell website at www.novell.com/download.
   
   
4. Install MSDSS from the PowerVault 715N system DomainUtils share.
   
   

NOTE: To access MSDSS software, map a network drive to \\Dellxxxxxxx\DomainUtils, where xxxxxxx is the system's service tag number. For example, if your service tag number is 1234567, type DELL1234567. You can find the service tag number on the top cover of your NAS system.

5. Log in to the NDS tree or Bindery server with administrative credentials.
   
   
6. Log in to the appropriate Windows 2000 domain as a member of the Domain Admins group.
   
   
7. On the MSDSS server, open the Help files, and then print out the steps (briefly summarized below) for "To perform a one-way synchronization" or "To perform a two- way synchronization."
   
   
8. Click the Start button, point to Programs® Administrative Tools® Directory Synchronization to start MSDSS, and then allow the prompts to guide you through the following tasks:
   
   
   1. Start the New Session Wizard (right-click MSDSS in the console tree).
      
      
   2. Select Novell Bindery or Novell Directory Services (NDS) for one-way synchronization, or select Novell Directory Services (NDS) for two-way synchronization.
      
      
   3. Select One-way synchronization (from Active Directory to NDS or Bindery) or select Two-way synchronization (from Active Directory to NDS and back).
      
      
   4. Specify the path to the Active Directory container into which you want to copy items.
      
      
   5. Accept the default domain controller in which to store the session database.
      
      
   6. Specify the NDS Container or Bindery Container from which to copy items.
      
      
   7. Provide the name and password of the Novell administrative account.
      
      
   8. On the Initial Reverse Synchronization page, select Perform an initial reverse synchronization.
      
      
   9. Still on the Initial Reverse Synchronization page, specify the password options (such as Set passwords to the user name).
      
      
   10. On the Object Mapping Scheme page, click Default (to accept the default mapping for each source and target directory pair) or Custom (for NDS only), and then click Object Mapping Table (to specify objects for which you want to establish a one-to-one relationship, regardless of the object location in either directory tree).
       
       

MSDSS does not support custom object mapping for Bindery.

11. Still on the Object Mapping Scheme page, click Filters if you want to configure a filter for this synchronization session.
    
    
12. On the Session Name page, accept the default session name or specify a new name.
    
    
13. Click Finish.
    
    

9. If you selected one-way synchronization, you should now perform all user, group, and NDS organizational unit container (OU) object management from Active Directory. If you established two-way synchronization, you can now manage user, group, and OU objects from either Active Directory or NDS.
   
   
10. If you plan long-term coexistence between Active Directory and NetWare, you are now finished, unless you want to migrate a subset of users, systems, and/or files. If you plan to continue by migrating in stages from NetWare to Active Directory, perform the following tasks in the time-frame that is convenient for you:
    
    
    • Install and configure File and Print Services for NetWare (to allow NetWare clients access to files and printers on Windows 2000 servers) and Gateway Services for NetWare (to allow Windows clients access files and printers on NetWare servers).
      
      
    • Replace services or applications that require NDS with commensurate software compatible with Active Directory. Perform large conversions (such as GroupWise to Exchange) as separate projects.
      
      
    • Migrate the pilot group of users and their files (adapt instructions from the migration steps provided in the "Small Environment" section). Get the pilot group's feedback, and then set a schedule to migrate additional groups of users, according to the priorities you have established.
      
      
    • Migrate the rest of the users as appropriate (for example, if you migrate the set of applications they use, it is time to migrate them as well).
      
      

For more information, see the Novell website at support.novell.com/servlet/Knowledgebase and the Windows 2000 website at www.microsoft.com/windows2000.

Using Secure Sockets Layers

This section explains how secure sockets layers (SSL) are used in the NAS system. It also explains how to use your own certificate, if you have one, and how to regenerate your certificate.

Introduction to SSL Certificates

Certificates contain information that is used to establish system identities over a network. This identification process is called authentication. Although authentication is similar to conventional forms of identification, certificates enable Web servers and users to authenticate each other before establishing a connection to create more secure communications. Certificates also contain encryption values, or keys, that are used in establishing an SSL connection between the client and server. Information, such as a credit card number, sent over this connection is encrypted so that it cannot be intercepted and used by unauthorized parties.

Two types of certificates are used in SSL. Each type has its own format and purpose. Client certificates contain personal information about the clients requesting access to your site, which allows you to positively identify them before allowing them access to the site. Server certificates contain information about the server, which allows the client to positively identify the server before sharing sensitive information.

Server Certificates

To activate your Web server's SSL 3.0 security features, you must obtain and install a valid server certificate. Server certificates are digital identifications containing information about your Web server and the organization sponsoring the server's Web content. A server certificate enables users to authenticate your server, check the validity of Web content, and establish a secure connection. The server certificate also contains a public key, which is used in creating a secure connection between the client and server.

The success of a server certificate as a means of identification depends on whether the user trusts the validity of information contained in the certificate. For example, a user logging on to your company's website might be hesitant to provide credit card information, despite having viewed the contents of your company's server certificate. This might be especially true if your company is new and not well known.

For this reason, certificates are sometimes issued and endorsed by a mutually trusted, third-party organization, called a certification authority. The certification authority's primary responsibility is confirming the identity of those seeking a certificate, thus ensuring the validity of the identification information contained in the certificate.

Alternatively, depending on your organization's relationship with its website users, you can issue your own server certificates. For example, in the case of a large corporate intranet handling employee payroll and benefits information, corporate management might decide to maintain a certificate server and assume responsibility for validating identification information and issuing server certificates. For more information, see "Obtaining a Server Certificate From a Certification Authority."

PowerVault 715N Certificate

By default, the PowerVault 715N has a self-generated and self-signed certificate. The configured SSL port is 1279.

NOTE: For non-SSL communication, use port 1278. This port is not a secure port and all text is sent in plain text over the network.

Using a Custom Certificate

If a certification authority is present in the network, the administrator can choose to change the default PowerVault 715N certificate. The administrator must use the wizards to first request a certificate and then apply it to the NAS system.

Obtaining a Server Certificate From a Certification Authority

NOTE: If you are replacing your current server certificate, the Internet Information Server (IIS) continues to use the old certificate until the new request has been completed.

Find a certification authority that provides services that meet your business needs, and then request a server certificate.

NOTE: For the latest list of certification authorities supporting IIS, see the Microsoft Security website. In the By Category list, select Certification Authority Services.

To obtain a server certificate, perform the following steps:

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the NAS system as an administrator.
   
   

NOTE: The default administrative user name is administrator and the default password is powervault.

The Advanced Administration Menu displays. If it does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS appliance.

4. Click System Management, and then from the list, click Internet Information Services.
   
   
5. Navigate to and right-click the Administration site section, and then select Properties.
   
   
6. Under Secure Communications on the Directory Security property sheet, click Server Certificate to access the Web Server Certificate Wizard.
   
   
7. Use the Web Server Certificate Wizard to create a certificate request.
   
   
8. Send the certificate request to the certification authority.
   
   

The certification authority processes the request and sends you the certificate.

NOTE: Some certification authorities require you to prove your identity before processing your request or issuing you a certificate.

9. Use the Web Server Certificate Wizard to install your certificate.
   
   

For more information about SSL, see the Internet Information Server online help.

SNMP Considerations

Your NAS system uses the simple network management protocol (SNMP), which is a set of protocols used by systems to provide information to a central management information database. The NAS Manager provides a method for configuring the community and agent properties.

Configuring SNMP Community Properties

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance, and then click Terminal Services.
   
   
3. Log in to the Terminal Services session as administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

4. From the Advanced Administration Menu, select System Management, and click Computer Management.
   
   

NOTE: If the Advanced Administration Menu does not display, double-click the Advanced Administration Menu icon on the desktop of the NAS system.

5. From the Computer Management console tree, click Services and Applications.
   
   
6. Click Services.
   
   
7. In the details pane, right-click SNMP Service.
   
   
8. From the Action menu, click Properties.
   
   
9. From the Security tab, click Send authentication trap.
   
   

Select this option if you want a trap message sent when authentication fails.

10. Select Accepted community names, and click Add.
    
    
11. Select Community Rights, and select a permission level for this host to process SNMP requests from the selected community.
    
    
12. To view a description of a dialog box item, right-click the item, and then click What's This?
    
    
13. In Community Name, type a case-sensitive community name, and then click Add.
    
    
14. In SNMP Service Properties, specify whether to accept SNMP packets from a host:
    
    
    • To accept SNMP requests from any host on the network, regardless of identity, click Accept SNMP packets from any host.
      
      
    • To limit acceptance of SNMP packets, click Accept SNMP packets from these hosts, click Add, type the appropriate host name, IP and/or IPX address, and then click Add again.
      
      

NOTE: You can make changes to an entry by clicking the entry and then clicking Edit. You can delete a selected entry by clicking Remove.

NOTE: If you remove all the community names, including the default name Public, SNMP does not respond to any community names presented. You can add additional community and host names as necessary.

NOTE: If you change existing SNMP settings, your changes take effect immediately. You do not need to restart the SNMP service for your settings to take effect. If you are configuring SNMP for the first time, you must restart SNMP before the settings take effect.

Configuring SNMP Agent Properties

1. Log in to the NAS Manager.
   
   

See "Logging in to the NAS Manager" in "NAS Manager."

2. Click Maintenance.
   
   
3. Click Terminal Services.
   
   
4. Log in to the Terminal Services session.
   
   
5. Click Advanced Administration Menu.
   
   
6. In the Advanced Administration Menu, select System Management, and click Computer Management.
   
   
7. Click Services and Applications.
   
   
8. Click Services.
   
   
9. In the details pane, right-click SNMP Service.
   
   
10. From the Action menu, click Properties.
    
    
11. Select the Agent tab, select Contact, and type the name of the user or system administrator.
    
    
12. Select Location, and then type the physical location of the system or the contact.
    
    
13. In the Service panel, select the appropriate check boxes for this system, and then click OK.
    
    
14. To view a description of a dialog box item, right-click the item, and then click What's This?
    
    

NOTE: If you change existing SNMP settings, your changes take effect immediately. You do not need to restart the SNMP service for your settings to take effect. If you are configuring SNMP for the first time, you must restart SNMP before the settings take effect.

Back to Contents Page