best practices for administering novell groupwise 8

Best Practices for Administering

Novell® GroupWise® 8

Robin RedgraveWorkgroup Technical Specialistrredgrave@novell.com

Tim HeywoodCTO, NDS8tim.heywood@nds8.co.uk

Agenda

• System Administration

• Using GWCheck

• Moving users

• Monitoring the system

System Administration

New in Novell® GroupWise® 8

• Some defaults changed

– More appropriate settings

• Maximum mailbox size

– Currently 4 GB

– Will rise to 4 TB

• Training and Tutorials URL

– Can be customised to point at an internal resource

• First appearance of admin SOAP interface

System Operations

• Only make system changes from the primary domain

• Regularly check on pending operations

– From each administration domain

• Lock out older administration snapins

– Can cause problems

• Restrict system operations to the primary domain

Why Restrict System Operations

• Local administrators can not make system changes

– GWCheck scheduled events

– User LDAP authentication Override

– Internet addressing

– Trusted applications

System Operations

• Enable Novell® eDirectory™ synchronisation

– Chose LDAP server and credentials carefully

– Look at the active log for users

– Check rights and the post office membership

• Enable auto create Nickname on a user move

– Avoid D101 errors

– Expire after a few days (28)

System Operations

• Lightweight Directory Access Protocol (LDAP) Authentication

– Uses Novell® eDirectory™ password to access Novell GroupWise®

– Always use SSL over the wire

• Set access rights automatically

– Needed to find the post office

– Does not assign file access rights

Domain

• Ensure adequate disk space– Novell® eDirectory™ and Novell GroupWise® will get corrupted if

you run out of space• Ensure an administrator is defined for each domain

– No error messages delivered– No Novell GroupWise Check logs delivered

• Define alternate Internet Agent– Will automatically route messages to the alternate if the primary

is unavailable– Needs Message Transfer Protocol (MTP) to the Novell

GroupWise Internet Agent (GWIA)

Message Transfer Agent

• Reduce attach retry

– The new default is 60 seconds which is good

– Older Domains will have a setting of 600

• Enable Priority Scanners

– Additional threads for queues 0/1 and 2/3 (Now default)

• Have settings in ConsoleOne® if possible

– Not in the startup file – can cause confusion

• Enable Hypertext Transfer Protocol (HTTP) monitoring– Ensure that there are authentication details set– Make sure that Secure Sockets Layer (SSL) is enabled

• Logging– Have logging set at normal

> Don't keep log files too long

> 7 days at most

– Use verbose logging> When trouble shooting

> If needed by third party monitoring software

• Message logging– Useful for tracking messages through the system

> Available from MTA HTTP Monitor

> Available from Novell® GroupWise® Monitor

– Required by some third party monitoring tools> Do not keep logs forever

» Delete after 14 days or so

– Turn off if not being used

– Clear out MSLOCAL\MSGLOG directory> Check even if not enabled

Post Office

• Ensure adequate disk space– Novell® eDirectory™ and Novell GroupWise® will get

corrupted if you run out of space – Disk check event

• Access mode– Use “Client/server only” not “Direct” or “C/S and Direct”

• Enable intruder detection– Someone can try a brute force attack

Post Office

• Security

– Should be set to high (Now default)

– With low intruders may get access to a mailbox without the need for a password

• Check membership

– Needed for Novell® eDirectory™ synchronisation

– Use a spreadsheet to compare numbers

Post Office Agent

• Logging– Have logging set at normal

> Don't keep log files too long, 7 days is fine

– Use verbose logging> When trouble shooting> If needed by third party monitoring software

– Have a common directory to place all logs in• Set up proxy server address

– Used for external access to the system– Optionally add SSL for external access

Post Office Agent

• QuickFinder™ indexing– Once a day is enough, unless using

document management

– Don't turn off

– Check for issues

> Look in the logs

> Check the directory for temporary files

> Enable quarantine

– Recreate occasionally

Link Configuration

• Use Message Transport Protocol (IP) links everywhere– Domain to domain

– Domain to post office> Even when on the same server

– Domain to Novell® GroupWise® Internet Agent

– Use a meshed, routed, or mixed infrastructure> Balancing act

> Always use direct links to and from the primary to all secondary domains

• Can set maximum size limit for slow links– Can set a delay size limit

Client Options

• Some can be set through ConsoleOne®

– Use client options

• Some can be set through the registry– HKEY_CURRENT_USER\Software\Novell\GroupWise

– HKEY_LOCAL_MACHINE\Software\Novell\GroupWise

• Some settings cannot be set by the administrator at all– Need to be set through the client

– Need to be authenticated as the user

Gateways:Novell® GroupWise® Internet Agent

• Disable features that are not used– Post Office Protocol (POP)– Internet Message Access Protocol (IMAP)– LDAP– iCalendar (iCal)

• Monitor accounting file– Can give useful information

• Use MTP– Enables alternate Internet agent

Gateways:Novell® GroupWise® Internet Agent

• Avoid Gateway aliases

– Use the Internet Addressing override instead

> Updates the Novell GroupWise address book

> Updates Novell eDirectory™

– Gateway Alias Migration utility> Will migrate aliases to Internet Addressing override

> Available on the Novell GroupWise Utilities menu in ConsoleOne®

Email Address Publishing

• Email Addresses

– By default, only a user's preferred e-mail address is published to Novell® eDirectory™

• In Novell GroupWise® 8

– Can now select which Internet addressing formats to publish

– Can publish Nickname Internet addresses

– Can publish aliases (but you wont)

New in Novell® GroupWise® 8 SP2

• Restrict the number of recipients

– No more unauthorised mail messages sent to all

• Limit the attachment types of mail messages

– No more exe or mp3 files

• Access control to specified distribution lists

– No unauthorised sending

• Teaming + Conferencing options

– Scheduling and saving

Gateways: WebAccess

• Disable features that are not needed– Document management– LDAP address book

• Secure your web server– Use HyperText Transport Protocol Secure (HTTPS)– Use a valid certificate– Can mint your own

• Customise with your corporate branding– Adjust date format if required

Tuning the Server

• Optimise the server settings where required

• Choose the best file system

• Ensure sufficient disk I/O

• Be careful with virtualisation

File System

• Turn Compression off– Novell® GroupWise® compresses all files itself

• Purge immediate on– WPCSIN, WPCSOUT and MSLOCAL and other queues

• Disable atime and diratime• Turn off file-based virus checking of

Novell GroupWise– There is no point as files are encrypted

Good House Keeping

• Domain and post office directories– Tidy up / Delete stuck messages from queues

• Remove users that have left– Security issues

• Clear out old records– Can see on the 'Record Enumerations' screen

> X.400 records / Administrators

• Remove unused objects from the system– Domains, post offices, gateways

System Synchronisation

• Regularly check the system synchronisation

– Connect to each domain and check system information

• If out of synchronization try manually synchronizing the missing object

• If the problem persists initiate a top down rebuild

– Remember to synchronize primary with secondary for all domains first

Novell® eDirectory™

• Ensure that Novell GroupWise® and Novell eDirectory are synchronised

– Novell GroupWise to Novell eDirectory object

– Novell eDirectory to Novell GroupWise object

– Post office member list

– Check invalid users in ConsoleOne®

• If in doubt graft the objects

• Avoid having Novell eDirectory replicas on GW servers

Standardise

• Standardise as much as possible

– Directory paths

– Domain, post office, MTA & POA configuration

– Start up files

– Server settings

• Have full documentation on configuration with screen shots to help with the configuration of new objects

Local Administration

• Try to keep central control of the system components– Keep central control of

> Post offices/POA> Domains/MTA> Gateways

• Local administrators should only have rights to administer users, resources & distribution lists

– See TID 2928483• Can cause political problems

How to Set QuickFinder™ Indexing

• POA Startup file– QFLevel

> 0 – Index a maximum of 1000 at a time

> 1 – Index 500 items at a time on a low priority thread (default)

> 2 – Index 1000 items at a time on a medium priority thread

> 3 – Index 2000 items at a time on a high priority thread

> 999 – index constantly until all databases indexed

– QFNoPreProc> Suppress creation of word list, use if there are no libraries

– QFDeleteOld> Delete old versions to keep disk space usage down

Using GWCheck

Novell® GroupWise® Check

Scheduled events– Default Daily Maintenance Event

> Structural check

– Default Weekly Maintenance Event> Contents check (attclip option is available)> Audit

» Reports inactive mailboxes

» The client versions and platforms are reported

– Weekly Reduce

– Default Disk Check Event, ensure thresholds are reasonable> Threshold for actions > Threshold to stop message processing

Novell® GroupWise® Check

• Optional checks– Library– Expire/reduce

• Check the log files– Resolve any issues encountered

• GWCheck options file– Now uses the same XML format across NetWare®, Linux,

and Windows– Can write option files for batch processing

Moving Users

• Run a GWCheck first– Attclip

– DelDupFolders

– Clear all issues

• Ensure that you are using the live move functionality• If moving many users or large mailboxes

– Increase threads and percentage for priming and moves

• Monitor with move user status and POA log– Can now get an inventory of messages not moved

Monitoring

Monitor Your Environment

• Use Novell® GroupWise® Monitor

– Comes free with GroupWise

– Ensure all agents monitored

– Set up thresholds – See the best practices guide

• Needed for Novell GroupWise High Availability (GWHA)

Monitor Your Environment

• Use third party monitoring software

IntelliReach Controlhttp://www.intellireach.com/products/control.asp

GWAVA Redlinehttp://www.gwava.com/products/redline_overview.html

Questions

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Additional GWCheck Options

GroupWise® Check Support Options

• AttClip

– Removes references of lost attachment files

• DelDupFolders

– Deletes .dup folders

• SubjectPurge - (alias ItemPurge)

– Purge items if subject matches

• AttachPurge (alias AttFindPurge)

– Deletes attachments that match the specified file name

Support Options 1

• AttClip– Removes references of lost attachment files

• StoreDrop (alias CleanSC)– Force stores to be dropped

• DelDupFolders– Deletes .dup folders

• ProxyMinReset– Removes all minimum user access records

Support Options 2

• SubjectPurge (alias ItemPurge)– Purge items if subject matches

• AttachPurge (alias AttFindPurge)– Deletes attachments that match the specified file name

• FolderReset (alias ResFldr)– System folder reset mode

• ResetMaintFlag – Removes the maintenance flag (ie file lock) for a database

Support Options 3

• CheckJobList

– Checks the jobs in the ngwcheck.db

• MAPICleanup

– MAPI cleanup

• TestMode (alias WPTest)

– Halt states and other debug flags

Support Options 4

• PabSkip (alias SkipPab)– Skip personal address book check

• NoSubjectPurge– Purges LIN_RECORD if it doesn't have a SUBJECT_TEXT

• PabGroupFix– Changes group if another non-case-sensitive group exists

• PabOnly– Stop check after personal address book verification

Support Options 5

• ResetMove– Check the user store for move in progress flag in

VERIFICATION_RECORD and clip.

• SubjectList– List all subjects in message databases, creates

file SUBDUMP

• NoMsgDB (alias NoMDB)– Don't validate pointers to message databases

Support Options 6

• ResequenceFolders (Alias Resequence)– Re-sequence all folders (at all levels)

• SystemCategoryReset (Alias Ressyscat)– Reset (clear) all system category names

• PabPurge– Delete specified PAB entries

• PabFix– Fix bad addresses

Support Options 7

• PabDelDupRec

– Cleans up duplicate personal groups in a personal address group

• VerifyMode (Alias vrfixup)

– Verification mode (force repairing verification record)

• CleanUpGWEventsKey

– Delete/remove all event and event-definition records containing the specified key string

Support Options 8

• Bypass_DigestRetention

– Allows items to be expired (removed) even when the digest retention setting is in effect

• Bypass_Retention (Alias ByPassRetention)

– Allows items to be expired even when retention is active

• ByPass_SmartPurge (Alias ByPassSmartPurge)

– Allows items to be expired even when smart purge is active

Support Options 9

• ClearTZ

– Delete the WebAccess timezone information from the user settings

• ForceClean

– Forces deletion based on expire/reduce options

• DelAllSubscribeRecords

– Deletes all of the users SUBCRIBE_TO_RECORD and SUBSCRIBER_RECORD

Support Options 10

• ResetMaintFlag – Removes the maintenance flag (ie file lock) for a database

• StoreLowerCase– Convert the file names and directory names stored inside

GroupWise® databases in the post office to lower case

– Useful when migrating to a Linux environment

• DelSubscribeRecords – Deletes the users SUBCRIBE_TO_RECORD and

SUBSCRIBER_RECORD

• resetfutureapptcreatedates resetcreatedates

Support Options 11

• ResetDocAuthor

– Reset the document author and creator to the values found in the activity log

• UnHideFolders

– Unhide all hidden folder records

• ClearMoveInventoryList

– Clear any remaining inventory list items from moving this user

Support Options 12

• ProxyFix

– Removes all duplicate user from proxy access lists created by 5.2 to 5.5 upgrade

• SetupMode (alias SetOnly)

– Setup mode

best practices for administering novell groupwise 8

Technology

blackberry enterprise server for novell groupwise - 4.1 - o2

ebook - the groupwise developer's guide - novell

novell groupwise → microsoft exchange/outlook …...

groupwise migration utility 2.1 for microsoft exchange...

groupwise disaster recovery - novell...groupwise disaster...

blackberry enterprise server for novell groupwise - 4.1

microsoft exchange 2000 and novell groupwise coexistence...

open horizons magazine 13 - novell · open horizons...

groupwise 2014 r2 installation guide - novell · pdf file9...

groupwise 2014 r2 installation guide...8 contents 21using...

novell groupwise windermere[1]

novell groupwise 8 - radicati.com … · novell ®...

securing novell groupwise through ssl and s/mime

vmware zimbra vs. novell groupwise

groupwise 8 support pack 3 - novell is now micro...

microsoft exchange 2000 and novell groupwise coexistence and...

novell data synchronizer mobility pack installation...

novell groupwise mobile server, · using groupwise mobile...

novell groupwise migration utility for microsoft* exchange

blackberry enterprise server for novell...