[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

Netware - Groupwise Migration

Hello EE
  I have reached a sad day in my career,  I've been tasked to plan the migration from Netware 6/5.1 Edirectory 8 to Microsoft Windows 2003 server utilizing AD.   Here is my question:  I have 3 Netware servers one running NDPS for printing,  the second is a primary File server (part of a SAN),  the third is our GroupWise Email server,  in this scenerio what is the best way to remove Netware as an OS?   The constraints are:  We are keeping GroupWise and running it from a Windows platform.  Our users currently obtain access to network resources via login script delivered mapped drives.  Is it possible to remove Netware completely and run Edirectory from a Windows server for GroupWise administration purposes?  

The literature I get from Microsoft focuses on a GroupWise to Exchage migration (out of scope).   the literature from Novell seems to focus on a migration from Netware to Linux (an avenue I'd rather avoid).  Any information,  white papers or advice would be greatly appreciated.

-Dennis


 
0
dennmaine
Asked:
dennmaine
  • 5
  • 3
  • 2
  • +2
3 Solutions
 
PsiCopCommented:
Dennis,

Sorry to hear your organization is taking this road. The PHBs dictating this to you can look forward to increased IT costs, and decreased reliability.

Have you considered installing Native File Access Protocol support on NetWare v6.5, configuring the NetWare servers to appear as Windoze/CIFS boxes, and simply eliminating Client 32 from the client installs? I'm thinking that if your organization only has 3 servers, then its pretty small, would the PHBs even know the difference once Client 32 was eliminated? You could even reboot the servers in the middle of the day, once in a while, to simulate the usual Windoze BSODs and crashes.

Anyway, congrats on retaining GroupWise. At least you won't have some 16-year-old twerp in Germany able to bring down everything on a whim.

GroupWise doesn't require eDirectory. That's because Novell concentrates on giving you best-of-breed tools that play well with others, as opposed to M$, who mainly concentrates on locking you into their technology. You can run GroupWise agents on Windoze and simply point them to the Windoze LDAP interface for authentication. Or have the users maintain separate mailbox passwords, altho that doubles your administration overhead for GroupWise....but since you're already doubling your environment's administration overhead with AD, will you notice that bit more?

Of course, if you don't want to mention the flexability of GroupWise to the PHBs, and thereby have an excuse to retain eDirectory, well, I think that'd be *very* smart. Why? Because you could then get DirXML (now IdentityManager, see http://www.novell.com/products/nsureidentitymanager/), and use that to make eDirectory the single-point-of-administration for your environment. Create an ID in eDirectory and it gets automatically replicated to AD and GroupWise, complete with Windoze file permissions, group memberships, GroupWise Distribution List memberships, etc. etc. Change a password in eDirectory, its automatically replicated to all the other environments. It'll go a long way towards keeping your network administration burden from spiraling out of control. If you add other environments, like Linux, guess what? IdentityManager will let you do the same thing there - single-point-of-administration for just about every major platform.

Also, keep in mind that AD is not really a Directory Service. Yes, its marketed as one, but its really the same old tired NT4 Domains. All they added was an extensible schema and transitive trust (but its still "trust relationships"). There are a LOT of flaws and pitfalls to AD that you simply do not have in eDirectory. Be prepared to be disappointed at how hard and how bass-ackward it is.

Good luck....I'm afraid you're going to need it. But at least when the next iteration of Phatbot, Netsky, Sasser or MyDoom slams into your network, your E-Mail system (and mebbe your core directory service) will survive.
0
 
ShineOnCommented:
GroupWise DOES require eDirectory, contrary to what Psicop said.  It comes WITH eDirectory, and whatever platform you install it on needs eDirectory installed on it.

It does not require NetWare any more.  eDirectory is still part and parcel of management of GroupWise.

Look for documentation on installing GroupWise in a Windows-only environment.  I don't know that there's any documentation on moving from a NetWare eDirectory environment to a Windows eDirectory environment, with specifics on GroupWise.

What version of GroupWise do you have now, and what version do you plan to be on in the Windows-centric environment (ugh.)?
0
 
PsiCopCommented:
Hmmm....allow me to clarify. GroupWise doesn't need your users to be managed in the same directory service as the application runs. I was offerring that as a contrast to how AD/W2K3/Exchange operates. But I was unclear.
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
dennmaineAuthor Commented:
Thank you ShineOn & PsiCop for your responses.  I currently run GroupWise 6.5 SP 2 and will remain on this version when moving over to Windows.  I did find some documentation on LDAP authentication (we are set this way currently).

-Dennis


 

0
 
ShineOnCommented:
At any rate, ignore the documentation you see from the Microsoft site re: GroupWise.  They don't want you to know how to manage any email/collaboration system that isn't Exchange/Outlook based.

You should look into ways to synch your AD users with eDirectory and vice-versa, to simplify administration.  

You mention using LDAP authentication.  That's too bad - Windows 2003 LDAP services is not fully LDAPv3 compliant.  There are lots of "not fun"  (aka "horror") stories out there of folx trying to get LDAP working properly on Windoze/AD.  You may want to consider an open-source LDAP server to provide LDAP authentication services.
0
 
gjohnson99Commented:
Gorupwise from Netware to windows is a snap.

1. I would recommend installing edirectory on the same windows server is on the email.

2. Copy email directory to a windows volume on the server.

3. Install Groupwise for windows on the server.
     
     Know the ip address you will be using for the new server.



As for migration of edirectory I would get a product from Microsoft called services for netware, This can copy user and group data from netware to AD. It can also sync between the two such as passwords.  It's in $100 range and installs in 10-15 minutes
0
 
PsiCopCommented:
"for migration of edirectory I would get a product from Microsoft called services for netware...can also sync between the two such as password"

I wouldn't. I've used it and its garbage. I'd get DirXML and use the AD connector to sync the passwords and file permissions between the environments.
0
 
dennmaineAuthor Commented:
If the only function being synchronized is the GroupWise/NDS passwords I would think the LDAP implementation would be the cleanest.   ShineOn do you have any recommendations for open source LDAP solutions?  Thank you qjohnson99 for the feedback it's definitely helpful in planning  the actual cutover to a Windows implementation of GroupWise.


-Dennis
0
 
ShineOnCommented:
0
 
DSPooleCommented:
"Is it possible to remove Netware completely and run Edirectory from a Windows server for GroupWise administration purposes?"

Yes.

0
 
ShineOnCommented:
Oh - another note on the LDAP thing - eDirectory is fully LDAPv3 compliant (to my knowledge) and will act as your LDAP server after it's installed on Windoze.  I forgot about that.

Just make sure you set it up to use eDirectory for LDAP authentication services and not the crap LDAP service that comes with AD...  You shouldn't need OpenLDAP.
0
 
gjohnson99Commented:
The Windows LDAP Work fine and has good support.
0
 
ShineOnCommented:
Windows LDAP is not worthy of use.  Since they will have eDirectory, which has excellent support, it makes no sense to use a half-baked LDAP.
0
 
DSPooleCommented:
I agree with ShineOn - Microsoft's implementation of LDAP in AD is pathetic at best.  It's not even LDAPv3 compliant.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now