Installing Multilanguage User Interface (MUI) Support
Dell™ PowerVault™ 715N NAS Appliance System Administrator's Guide
Installing Multilanguage User Interface
(MUI) Support
Installing and Configuring Support for Other Languages
Microsoft Directory Synchronization Services
Defragmenting a Volume Containing Persistent Images
This section includes descriptions of advanced features that cannot be performed from the Dell™ PowerVault™ NAS Manager menus. The following topics are discussed:
To perform the procedures in this section, you must use the Terminal Services Advanced Client. To access the Terminal Services Advanced Client, perform the following steps.
 |
NOTE: To use the NAS Manager, you must be logged in as administrator. The NAS Manager default administrator user name is administrator and the default password is powervault. |
|
NOTE: Installing the MUI for your language automatically installs the appropriate language locale. |
The PowerVault 715N NAS appliance allows you to change languages for its Microsoft Windows® Powered operating system's user interface. The MUI allows the PowerVault 715N to display Windows Powered operating systems menus, dialogs, and help files in multiple languages. The supported MUI languages are simplified Chinese, traditional Chinese, Dutch, English, French, German, Italian, Japanese, Korean, Spanish, and Swedish. You must install a language MUI from the Multilingual Support CD before it is available for use on the system. When you receive a PowerVault 715N NAS appliance from Dell, the root directory of the C: hard drive contains a localization directory, which contains all of the files included in the Multilingual Support CD. If you have performed the reinstallation procedure, this directory does not exist, and you must install a language MUI from the Multilingual Support CD.
|
NOTE: Installing and configuring the operating system MUI does not affect the language used by the NAS Manager. |
After a MUI language has been installed, you can apply it to any user by performing the following steps:
|
NOTE: Only install additional language locales if your preferred language is not available with MUI support or you need additional locale support. |
The Windows Powered operating system that comes installed in the PowerVault 715N can be configured to support the ability to read and write documents in a number of languages. To install the software required to support a specific language, perform the following steps:
|
NOTE: For more information, see the Microsoft Windows Powered operating system's online help. |
Network adapter teaming allows the system to use the combined throughput of multiple network ports in parallel to increase performance or to provide fault tolerance. Network adapter teaming on your NAS appliance supports the following technologies:
ALB is a simple and efficient method for increasing the NAS appliance's network transmission throughput. The ALB software continuously analyzes transmission loading on each adapter and balances the load across the teamed ports as needed. Adapter teams configured for ALB also provide the benefits of adapter fault tolerance. To use ALB, the Ethernet ports on the NAS appliance must be linked to the same Ethernet switch.
AFT provides the safety of an additional backup link between the appliance and the hub or switch. If a hub, switch port, cable, or Ethernet port fails, you can maintain uninterrupted network performance. AFT is implemented with a primary adapter and a backup, or secondary, adapter. If the link to the primary adapter fails, the link to the secondary adapter automatically takes over.
Link aggregation is a performance technology developed by Intel and others to increase your system's network throughput. Unlike ALB, link aggregation can be configured to increase both transmission and reception channels between your system and switch. Link aggregation works only with compatible Intel switches. To use link aggregation, the Ethernet ports of the NAS appliance must be linked to the same Intel Ethernet switch.
FEC is a performance technology developed by Cisco Systems to increase your system's network throughput. Unlike ALB, FEC can be configured to increase both transmission and reception channels between your appliance and switch. FEC works only with compatible Cisco switches. To use FEC, the Ethernet ports of the NAS appliance must be linked to the same Cisco FEC-compatible switch.
IEEE 802.3ad is a performance technology standard that increases your system's network throughput. It is similar to the FEC standard developed by Cisco. However, whereas FEC works only with FEC-compatible Cisco switches, IEEE 802.3ad works with switches that support IEEE 802.3ad. To use IEEE 802.3ad, the Ethernet ports of the NAS appliance must be linked to the same IEEE 802.3ad switch.
Create network teams through the Network Teaming utility, Intel PROSet II. To access the Network Teaming utility from the NAS Manager, perform the following steps:
The Network Teaming utility, Intel PROSet II, displays.
The Teaming Wizard displays.
The types of team include Adapter Fault Tolerance, Adaptive Load Balancing, Fast EtherChannel*/Link Aggregation, and IEEE 802.3ad.
Remove network teams through the Network Teaming utility, Intel PROSet II. To access the Network Teaming utility from the NAS Manager, perform the following steps:
The Network Teaming utility, Intel PROSet II, displays.
Remove an adapter from a network team through the Network Teaming utility, Intel PROSet II. To access the Network Teaming utility from the NAS Manager, perform the following steps:
The Network Teaming utility, Intel PROSet II, displays.
Change the network team mode through the Network Teaming utility, Intel PROSet II. To access the Network Teaming utility from the NAS Manager, perform the following steps:
The Network Teaming utility, Intel PROSet II, displays.
The types of team include Fault Tolerance, Load Balancing, Fast EtherChannel*/Link Aggregation, and IEEE 802.3ad.
Services for UNIX (SFU) provides the tools needed to integrate UNIX and Windows networks by leveraging existing UNIX network resource and expertise. SFU includes more than 60 of the most common UNIX command line utilities to provide a familiar environment for UNIX users and administrators.
Server for NFS allows you to leverage your existing UNIX network resources for UNIX clients.
SFU provides important tools to enhance and simplify the administration of your network.
SFU provides a robust Server for NFS that can be used to provide disk resources from your systems running Windows NT and Windows 2000 to any system on your network that supports NFS. To administer Server for NFS, set the following options from the SFU MMC console:
Table 6-1 lists UNIX utilities provided with SFU.
|
Category |
Utility |
|---|---|
File and directory utilities | basename, cp, diff, dirname, dos2unix, find, ln, ls, mkdir, mount, mv, paste, pwd, rm, rmdir, sdiff, split, tee, touch, uniq, uudecode, uuencode, umount |
Text utilities | cat, cut, grep, egrep, fgrep, head, more, printf, sed, sort, tail, tr, vi, wc |
Programming utilities | perl, od, sh, strings |
Security utilities | chmod, chown, su |
Process and general utilities | cron, crontab, date, du, kill, nice, printenv, ps, rcmd, renice, sleep, atr, top, uname, wait, which, xargs |
The telnet server works optimally for most installations. It accepts logins from a variety of clients, including the telnet clients shipped with Windows 2000, Windows NT, Windows 95, and Windows 98, as well as a variety of character mode terminal clients from virtually any operating system. In addition, it can be configured to meet specific site requirements such as improving security, simplifying logins, and supporting stream or console mode.
The SFU telnet server supports Windows NT LAN Manager (NTLM) for authentication of client logins. NTLM allows users to be automatically authenticated to the telnet server based on their Windows NT login. This makes using telnet completely transparent to users, while ensuring that clear text passwords do not pass over the network. NTLM must be supported on the client side of the login as well, however.
When users are logged in to a system that is using NTLM login, they are restricted to local drives on that system. If they need to map network resources, they can do so by explicitly mapping with full credentials.
The telnet server is administered using the SFU MMC snap-in or the tnadmin program.
The options available are:
SFU UNIX includes a single MMC for managing all of SFU. The MMC provides a cohesive management interface that allows you to administer all systems on the network from any console. Further, since SFU supports the Windows Management Interface (WMI), management can be scripted from the command line.
SFU includes ActiveState's ActivePerl 5.6, a full-featured port of Perl 5.6 and Perl Script to Windows Powered operating systems. Among other improvements, ActivePerl 5.6 includes support for fork() emulation at the interpreter level, improving the portability of scripts and modules. ActivePerl also provides full support for the Windows Script Host, making ActivePerl an excellent tool for system administration tasks.
User Name Mapping provides mapping of names between the UNIX and Windows environments. You can perform User Name Mapping either from SFU or by clicking NFS on the Services page of the NAS Manager.
With User Name Mapping, you can create simple maps between Windows Powered user accounts and corresponding UNIX accounts. You can also use the Advanced Map feature to map accounts with dissimilar names. Given that UNIX user names are case-sensitive, while Windows Powered operating system names are not, the use of User Name Mapping can greatly simplify maintaining and managing accounts in the two environments. User Name Mapping uses Network Information Service (NIS) or local Personal Computer Network File System (PCNFS) user and group files to authenticate users. Also, User Name Mapping supports bidirectional one-to-many mapping, allowing you to map a single UNIX or Windows Powered operating system account to multiple accounts in the other environment. For example, you can map more than one administrative account in a Windows Powered operating system to the UNIX root account.
In SFU, the Username Mapping Service and NT Authentication Service can be installed from the NAS appliance's share, DomainUtils.
To create User and Group Name Maps, access the SFU Administration window by performing the following steps:
The SFU Administration Console displays.
The User Name Mapping on Local Computer window displays. You can use this window to define your user maps.
To configure the type of server to be used to access UNIX user and group names, perform the following steps:
|
NOTE: The UNIX password file and group file formats must conform to the UNIX standard for these files. |
To define simple maps in SFU, select the Simple Maps check box, and then perform the following steps:
If you are defining advanced maps, you create user and group maps individually. In the NAS Manager, select Show User Maps or Show Group Maps. To create advanced maps in SFU, deselect the Simple Maps check box and perform the following steps:
This action refreshes your UNIX and Windows users and groups selection.
You can maintain your maps from the User Name Mapping tree of the SFU window. Map maintenance allows you to save currently defined maps and to restore saved maps.
To back up the currently defined maps, perform the following steps:
To restore the previously backed up set of maps, perform the following steps:
For UNIX and Windows NT Username Mapping, an NIS Server must already exist in the UNIX environment or a UNIX user and group file must exist on the PowerVault NAS appliance. Username Mapping associates UNIX users and groups to Windows NT users and groups. You can use two types of maps, simple and advanced. Simple maps define a one-to-one relationship between same name users and groups. Advanced maps define a relationship between dissimilar names and groups.
In the Workgroup scenario, you configure Username Mapping locally on the PowerVault 715N system. All maps are contained on this system.
In the Domain scenario, you configure Username Mapping on the domain controller. The Username Mapping Service and the NT Authentication Service must be installed on the Domain Controller. If multiple Domain Controllers are present, NT Authentication Service must be installed on each Domain Controller.
File Server for Macintosh (FSM) provides the tools needed to integrate Macintosh and Windows networks by leveraging existing Macintosh network resource and expertise.
A user authentication map (UAM) is a software program that prompts users for an account name and password before they log on to a server. The Macintosh Chooser has a standard UAM built in, which uses the clear-text password or Apple's RandNum Exchange method of security.
Microsoft Authentication offers an additional level of security because the password is used as a key to encrypt a random number. If the system administrator has determined that encryption is an important security measure, you might be asked to use Microsoft Authentication in addition to Microsoft UAM authentication.
To use Microsoft UAM 5.01, you must have a Macintosh client running AppleShare Client 3.8 or newer or the Mac operating system (OS) 8.5 or newer operating system. If you do not meet the minimum requirements, the Microsoft UAM Installer installs the old Microsoft UAM 1.0 module. If you upgrade your system software, you need to re-run the Microsoft UAM Installer.
Log on to the Microsoft UAM Volume on the system to access the MS UAM file, and then drag this file to the AppleShare Folder in your System folder.
To access the Microsoft Authentication files on the system, perform the following steps:
Ask your system administrator if you are not sure of the zone.
To install the authentication files on the Macintosh workstation, perform the following steps:
The installer reports whether the installation succeeded.
If the installation succeeded, Macintosh users of this workstation are offered Microsoft Authentication when they connect to the system.
FSM can bind to only one network adapter. By default, it is bound to the embedded 10/100TX Network Adapter. To change the binding in systems with multiple network adapters, the AppleTalk Protocol Properties for the network adapter to be used by AppleTalk must be modified to accept inbound connections.
To modify the AppleTalk protocol adapter binding for Filers with multiple network adapters, perform the following steps from the NAS Manager:
Services for NetWare (SFN) are compatible with Novell NetWare Bindery service for authentication and file access using the internetwork packet exchange/sequenced packet exchange (IPX/SPX) network protocol.
To configure this protocol, you need the internal network number, the frame type, and the network number.
Internal network numbers are used for internal routing and are generally only needed for servers. You should not need to change this option on your system.
Frame types define the packet formats that are used by different networks. It is important that all systems in a network have the same frame type, so that they can communicate with the rest of the network.
When you are configuring your system, it attempts to automatically detect the frame type for the client. In most cases, this is successful. However, occasionally the automatic detection feature selects an inappropriate frame type, usually because more than one frame type exists on the network. If this happens, you should manually set the frame type to match the one specified on your NetWare server. Note that if more than one frame type exists, select the one that is detected first. For example, if frame type Ethernet 802.2 and Ethernet 802.3 are bound to the same segment, then configure frame type Ethernet 802.2. The order of detection is Ethernet 802.2, Ethernet 802.3, Ethernet II, and then Ethernet SNAP.
Microsoft Directory Synchronization Services (MSDSS) allows you to synchronize a wide variety of data stored in the Active Directory service with Novell Directory Service (NDS) and NetWare 3.x binderies.
MSDSS is a highly flexible service that helps Novell users:
MSDSS supports two-way synchronization with NDS and one-way synchronization with NetWare 3.x binderies to provide a complete directory interoperability solution. MSDSS also supports password synchronization and provides a directory migration service.
MSDSS allows NetWare users to deploy Active Directory without having to replace existing directories or bear the cost of managing two separate directories. As a result, users have the flexibility to:
MSDSS is easy to use and makes synchronization and Active Directory setup easy through its management interface. It is fully featured to allow users a choice of management, synchronization, and migration options.
MSDSS supports all major NetWare platforms and most Novell directories and binderies, and it includes support for IPX/SPX and TCP/IP network protocols.
To implement MSDSS, you must install the Windows 2000 Server operating system and the MSDSS software (available on the Microsoft Services for NetWare Version 5 CD) on at least one system. In Windows 2000, when you promote a system running Windows 2000 Server to an Active Directory server, it becomes a domain controller. You use this domain controller to configure Active Directory, install MSDSS, and then import information from the existing NetWare environment.
The larger the environment, the more new servers you need. If you are planning to have more than one domain, then you need new hardware for the first domain controller in each domain.
You must also install Novell Client Access software on the MSDSS server or servers. MSDSS uses Novell Client Access to authenticate and to access NDS. While accessing NDS, it authenticates, but does not use a license. MSDSS also uses Novell Client Access to map one directory's contents to another, taking into account the fact that the object classes in Novell's NDS or bindery directories are different from Active Directory object classes. Novell Client Access is also required to use File Migration utility to migrate files.
You can install Novell Client Access in four modes: IP only, IPX only, IP and IPX combined, and IP with IPX Compatibility Mode. Most NetWare environments still use IPX today. MSDSS works in all the modes because it uses Novell Client Access to access the lower layers.
If you are migrating NDS, you can import the user and group information from one NDS server to the MSDSS server because you have one user database per tree. You can then migrate the file system. Remember that each Novell server has its own file system, which is not replicated to other servers (whereas NDS is replicated to other servers). After the files are migrated, you can uninstall NDS from the server to provide more space for the Windows 2000 Server operating system.
The next two sections describe the procedures for implementing MSDSS in a smaller (local area network [LAN] only) or larger (wide area network [WAN]) network. You need to adapt the guidelines to suit your environment and goals.
A small company with a LAN-based and uncomplicated network is often a likely candidate for a quick migration. After doing all the preparations described in the above section, perform the following steps (adjusted, if necessary, to your situation):
|
NOTE: To access MSDSS software, map a network drive to \\<Dellxxxxxxx>\DomainUtils, where <Dellxxxxxxx> is the name of the PowerVault 715N system. |
You must also run the File Migration utility.
When you are performing a migration, this page does not include the option to actually perform an initial reverse synchronization, but it is the page where you specify which password option you want to use.
After the user accounts are migrated, you can migrate the file system (migrating the users before the files allow you to migrate file-system permissions). Follow the instructions as described in the Help printout, "To migrate files." The prompts guide you through the following steps:
The NDS Modify right converts, by default, to Read because it does not have an equivalent NFTS right. You might want to click the Write check box to allow
read/write access.
If the NDS or Bindery volume you selected in the source tree indicates Unavailable, then you are not currently logged on to that tree or Bindery server. Log on, and then press <F5> after reselecting the volume to view the directories within the displayed volume.
The utility scans all source volumes and counts and displays the number of directories and files in each. It ensures that proper access has been given to each source volume, directory, and file. If any errors occur, the utility displays them respectively under NetWare scan logs and Windows scan logs. You can select a number of acceptable errors; if this number is exceeded, the process aborts, allowing you to return to previous steps to correct the errors.
Manually migrate (or use third-party utilities to migrate) object security permissions and system accounts, printer objects, application objects, and other objects that MSDSS does not migrate from Bindery or NDS to Active Directory. (MSDSS migrates NetWare user accounts, groups, and distribution lists for Bindery and NDS, and, for NDS only, MSDSS also migrates NDS organizational units and organizations.)
You must configure the desktops to join the Windows 2000 domain.
Be sure the users know how to handle their password the first time they log on (for possible password options, see "MSDSS Password Management" in "MSDSS Deployment: Understanding Synchronization and Migration)" at http://www.microsoft.com.
An organization large enough to have WAN links probably selects to synchronize its networks temporarily while performing a gradual migration over time (up to 3 months for a large network), or it prefers to use synchronization to establish a mixed Novell/Windows 2000 network on a long-term basis. If you plan a staged migration, one-way synchronization is often the appropriate choice.
After doing all the preparation described above, perform the following steps (adjusted, if necessary, to your situation):
|
NOTE: To access MSDSS software, map a network drive to \\<Dellxxxxxxx>\DomainUtils, where <Dellxxxxxxx> is the name of the PowerVault 715N system. |
For more information, see the Novell website at http://support.novell.com/servlet/Knowledgebase and the Windows 2000 website at http://www.microsoft.com/windows2000.
This section explains how secured socket layers (SSL) are used in the NAS appliance. It also explains how to use your own certificate, if you have one, and how to regenerate your certificate.
Certificates contain information that is used to establish system identities over a network. This identification process is called authentication. Although authentication is similar to conventional forms of identification, certificates enable Web servers and users to authenticate each other before establishing a connection to create more secure communications. Certificates also contain encryption values, or keys, that are used in establishing a Secure Sockets Layer (SSL) connection between the client and server. Information, such as a credit card number, sent over this connection is encrypted so that it cannot be intercepted and used by unauthorized parties.
Two types of certificates are used in SSL. Each type has its own format and purpose. Client certificates contain personal information about the clients requesting access to your site, which allows you to positively identify them before allowing them access to the site. Server certificates contain information about the server, which allows the client to positively identify the server before sharing sensitive information.
To activate your Web server's SSL 3.0 security features, you must obtain and install a valid server certificate. Server certificates are digital identifications containing information about your Web server and the organization sponsoring the server's Web content. A server certificate enables users to authenticate your server, check the validity of Web content, and establish a secure connection. The server certificate also contains a public key, which is used in creating a secure connection between the client and server.
The success of a server certificate as a means of identification depends on whether the user trusts the validity of information contained in the certificate. For example, a user logging on to your company's website might be hesitant to provide credit card information, despite having viewed the contents of your company's server certificate. This might be especially true if your company is new and not well known.
For this reason, certificates are sometimes issued and endorsed by a mutually trusted, third-party organization, called a certification authority (CA). The certification authority's primary responsibility is confirming the identity of those seeking a certificate, thus ensuring the validity of the identification information contained in the certificate.
Alternatively, depending on your organization's relationship with its website users, you can issue your own server certificates. For example, in the case of a large corporate intranet handling employee payroll and benefits information, corporate management might decide to maintain a certificate server, and assume responsibility for validating identification information and issuing server certificates. For more information, see "Obtaining a Server Certificate From a Certification Authority."
By default, the PowerVault 715N has a self-generated and self-signed certificate. The configured SSL port is 1279.
|
NOTE: For non-SSL communication, use port 1278. This port is not a secure port and all text is sent in plain text over the network. |
If a CA is present in the network, the administrator can choose to change the default PowerVault 715N certificate. The administrator must use the wizards to first request a certificate, and then apply it to the appliance.
|
NOTE: If you are replacing your current server certificate, the Internet Information Services (IIS) continues to use the old certificate until the new request has been completed. |
Find a certification authority that provides services that meet your business needs, and then request a server certificate.
|
NOTE: For the latest list of certification authorities supporting IIS, see the Microsoft Security website. In the By Category list, select Certification Authority Services. |
To obtain a server certificate, perform the following steps:
The CA processes the request and sends you the certificate.
|
NOTE: Some certification authorities require you to prove your identity before processing your request or issuing you a certificate. |
For more information about SSL, see the Internet Information Services online help.
Your NAS appliance uses the simple network management protocol (SNMP). The NAS Manager provides a method for configuring the community and agent properties.
Select this option if you want a trap message sent when authentication fails.
|
NOTE: You can make changes to an entry by clicking the entry, and then clicking Edit. You can delete a selected entry by clicking Remove. |
|
NOTE: If you remove all the community names, including the default name Public, SNMP does not respond to any community names presented. You can add additional community and host names as necessary. |
|
NOTE: If you change existing SNMP settings, your changes take effect immediately. You do not need to restart the SNMP service for your settings to take effect. If you are configuring SNMP for the first time, you must restart SNMP before the settings take effect. |
|
NOTE: If you change existing SNMP settings, your changes take effect immediately. You do not need to restart the SNMP service for your settings to take effect. If you are configuring SNMP for the first time, you must restart SNMP before the settings take effect. |
Console redirection allows you to maintain a NAS appliance from a client system by re-directing keyboard input and text output through the serial port. Graphic output is not redirected. This section describes the simplest connection possible: connecting to a system with a null modem cable.
To use console redirection, you must have the following ports:
|
NOTE: Console Redirection is enabled by default in the NAS appliance BIOS. |
To set up console redirection to manage your NAS appliance, perform the following steps:
You can now use your client system to manage your NAS appliance. If you need to configure your BIOS settings, see "Entering the BIOS Setup Utility" in your User's Guide.
Because of ANSI limitations, not all keys can be used with console redirection. Table 6-2 shows keystroke combinations used for the version of Windows on your client system.
|
Normal Keys (As They Appear on the Keyboard) |
Keys Used for Windows 2000 Prior to Service Pack 2 |
Keys Used for All Other Windows Operating Systems |
|---|---|---|
Home | <Esc><h> | <Esc><h> |
End | <Esc><k> | <Esc><k> |
Insert | <Esc><+> | <Esc><+> |
Delete | <Esc><-> | <Esc><-> |
Page Up | < Esc><?> | <Page Up> |
Page Down | <Esc></> | <Page Down> |
F1 | <Esc><1> | <F1> |
F2 | <Esc><2> | <F2> |
F3 | <Esc><3> | <F3> |
F4 | <Esc><4> | <F4> |
F5 | <Esc><5> | <Esc><5> |
F6 | <Esc><6> | <Esc><6> |
F7 | <Esc><7> | <Esc><7> |
F8 | <Esc><8> | <Esc><8> |
F9 | <Esc><9> | <Esc><9> |
F10 | <Esc><0> | <Esc><0> |
F11 | <Esc><!> | <Esc><!> |
F12 | <Esc><@> | <Esc><@> |
Up arrow | <Esc><w> | Up arrow |
Right arrow | <Esc><a> | Right arrow |
Left arrow | <Esc><d> | Left arrow |
Down arrow | <Esc><x> | Down arrow |
<Ctrl><Alt><Delete> | <Esc><Shift><r> <Esc><r> <Esc><Shift><r> OR <Esc><Shift><b> | <Esc><Shift><r> <Esc><r> <Esc><Shift><r> OR <Esc><Shift><b> |
 |
NOTICE: Defragmenting a volume containing persistent images without using the following procedure can delete your persistent images and degrade your system performance. |
|
NOTE: If you do not have persistent images on your volume, this procedure does not apply. |
|
NOTE: To defragment a volume, you must delete all persistent images on that volume. |
To defragment a volume containing persistent images, perform the following steps:
The Defragmentation window displays.
You are notified when defragmentation is complete.