www.novell.com dave horne esolutions deployment mgr novell, inc. [email protected] designing and...
TRANSCRIPT
www.novell.com
Dave HorneeSolutions Deployment MgrNovell, [email protected]
Designing and Managing Novell DirXML™ Deployments
Designing and Managing Novell DirXML™ Deployments
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Designing and Managing DirXML™ Deployments—Agenda
• Know Your Stuff• Understanding DirXML• Demo• DirXML Process Flow• Debugging DirXML• Project Management• Use Real-Life Examples• Recap
Know Your Stuff—The 4 Knows
• Know Your Business Processes
• Know Your Data
• Know Your Resources
• Know Your DirXML
Know Your Business Processes
• When are e-mail, NOS, and other accounts created for a new person?
• What kind of access needs to be granted?• Who is involved in creating/authorizing
access?• How are different processes tied together?• When do accounts get de-activated?• Who gets notified when these events occur?
Know Your Data
• What data elements need to be synchronized?• What are the data elements going to be used
for?• Are there dependencies on any data element?• Are there pre-requisites on any data element?• Does the data need to be transformed?
Birthdate 02/01/1960 ---> February, 01, 1960
Know Your Resources
• The “Do You Have”s
• Do you have all of the equipment you need?• Do you have access to the software you
need?• Do you have all the necessary people you
need?
Know Your DirXML
• How many systems are you connecting?
• Is there a pre-configured DirXML Driver available?
• Have you received the appropriate DirXML training?
• Have you engaged a DirXML deployment partner?
NovelleDirectory™
DirXML
DirXMLEngine
DirXML DriverShim
Novell eDirectory
Server
Application
Subscriber Channel
Publisher Channel
Rules and Stylesheets
Rules and Stylesheets
Understanding DirXML 1.1 Technology Review
DirXMLEngine
NovelleDirecto
ry
DirXML
DriverShim
Rules and Stylesheets
Rules and Stylesheets
Subscriber Channel
Publisher Channel
DirXML
DriverShim
NovelleDirecto
ry
Rules and Stylesheets
Rules and Stylesheets
DirXMLEngine
Publisher Channel
Subscriber Channel
Understanding DirXML 1.1eDirectory-to-eDirectory Data Flow
Using SSL and KeysUsing SSL and KeysIssued by a singleIssued by a single
Certificate AuthorityCertificate Authority
NovelleDirecto
ry
ERP DirXML DriverERP DirXML Driver e-Mail DirXML Drivere-Mail DirXML Driver
Understanding DirXML 1.1Application to Application
NovelleDirecto
ry
DirXMLEngine
DirXML
DriverShim
Rules and Stylesheets
Rules and Stylesheets
Subscriber Channel
Publisher Channel
DirXML
DriverShim
DirXMLEngine
Rules and Stylesheets
Rules and Stylesheets
Publisher Channel
Subscriber Channel
E-MailApplication
ERPApplication
Application Server
DirXML Architecture— The Remote Loader
NovelleDirectory
Novell eDirectory
Server
Application
DirXML
DriverShim
Remote
LoaderShim
Rem
ote
Load
er
Serv
ice
DirXML
DirXMLEngine
Rules and Stylesheets
Rules and Stylesheets
Subscriber Channel
Publisher Channel
DirXML 1.1Publisher Channel
DirXML Process FlowDirXML Objects
DirXMLDriver Set
Object
3 DifferentDirXML Drivers
DirXML Process FlowDirXML Objects
Publisherand Subscriber
Channels
MappingRule
ERP Driver
DirXML Process FlowDirXML Objects
MatchingPlacement
TransformationCreateRules
DirXML Process FlowDirXML Objects
Mapping Rule
Matching Rule
Placement Rule
Create Rule
Zero
MergeMergeattributesattributes
One
ModifyModifyapp objectapp object
YES
Create NDSCreate NDSobjectobject
NO
ApplyApplymatchingmatching
rulerule
Query NDSQuery NDS
Query appQuery appModify NDSModify NDS
objectobject
YES
NO
ErrorError
Multiple
ApplyApplycreatecreaterulerule
ApplyApplyplacementplacement
rulerule
WriteWriteassociationassociation
Query NDSQuery NDS
Modify NDSModify NDSobjectobject
Desiredapp event
occursDoes this
object have an association?
Does this object have an
association?NumberNumber
of matchesof matchesDo weDo we
have all have all requiredrequired
attributes?attributes?
DirXML Process FlowPublisher Channel
DirXML 1.1Subscriber Channel
ApplyApplymatchingmatching
rulerule Number ofNumber ofmatchesmatches
One
QueryQueryAppApp
Zero NO
YES
ErrorError
Multiple
YES
NO
DesiredNDS event
occursApplyApplycreatecreaterulerule
QueryQueryNDSNDS
ModifyModify NDS objectNDS object
WriteWriteassociationassociation
MergeMergeattributesattributes
ApplyApplyplacementplacement
rulerule
CreateCreateApp ObjectApp Object
ModifyModifyapp objectapp object
ModifyModifyapp objectapp object
Does this object have
an association?
Do weDo wehave all have all requiredrequired
attributes?attributes?
MarkMarkassociatiassociati
ononpendingpending
DirXML Process FlowSubscriber Channel
DirXML Process FlowDirXML Event Processing
Eventto
XML
EventTransformation
AssociationProcessor
AddEvent?
SchemaMapper
OutputTransformation
MatchingRule
CreateRule
PlacementRule
MatchingRule
CreateRule
PlacementRule
Subscriber Add ProcessorPublisher Add Processor
AddEvent?
AssociationProcessor Input
TransformationSchemaMapper
EventTransformation
PublisherFilter
SubscriberFilter
EventCache
XMLto
NDS
no
yes
no
yes
The DirXML Engine
CommandTransformation
CommandTransformation
Debugging DirXML
• Deployment Tips Get the right debug information from the Driver
Set
DS Trace
Change the Driver Trace LevelChange the Driver Trace LevelEqual to 3Equal to 3
Debugging DirXMLSetting DS Trace
Debugging DirXMLSetting and Viewing the Log
Debugging DirXMLSetting and Viewing the Log
• Make sure that your driver has the appropriate access
• Always exclude the Admin User(s) from being associated with the driver
• If you have forgotten to do this, go to the DirXML tab of the driver object and select “Excluded Users”
Debugging DirXMLSecurity Settings
Debugging DirXMLSecurity Settings (cont.)
• Shutdown and restart eDirectory upon the installation of a new .JAR file
Unload Java (NetWare®) Shutdown from eDirectory Console
(WinNT/Win2000) ndsd stop (Solaris, Linux, Tru64)
• Due to the way the JVM works, it must be reinitialized in order to read the new .JAR file
Debugging DirXMLJava Drivers under DirXML 1.0
• No Shutdown and restart of eDirectory required
Dynamic Java Loader
Debugging DirXMLJava Drivers under DirXML 1.1
• There may be several challenges standing between you and a working driver—it depends on your skill level
• Authentication errors are the most common• Remember that authentication is possible
for Application User Driver password Certificates (eDirectory driver)
Debugging DirXMLDriver Authentication
Debugging DirXMLDriver Authentication
• Save your work• Export your Driver Object• Remember that deleting the Driver Object
results in the disassociation of all objects connected to it
• Export Associations prior to deleting a Driver Object
Debugging DirXMLBackup and Recovery
DirXML 1.1Backup and Recovery
• Many systems want to own data, control its origination and manage its changes
• DirXML allows for Authoritative Data Sources
Subscriber filters eDirectory rights assigned so changes occur
only via the Publisher channel
Debugging DirXMLAuthoritative Ownership of Data
DirXML
DriverShim
DirXMLEngine
Subscriber FilterSubscriber Filter
Publisher FilterPublisher Filter
Debugging DirXMLAuthoritative Ownership of Data
NovelleDirectory
Application
Publisher Channel
Subscriber Channel
• Controlling the order of execution is possible with the creative use of attributes
Extending the Schema Using existing unused attributes
• Use Create rules to populate attributes with default values
Or use natural attribute population by the disparate application to accomplish the same goal
• Use Create rules to selectively choose events
Debugging DirXMLAuthoritative Ownership of Process
• Process Sequencing• Use Required Attributes that are dependent from other driver
processing• ERP --> NOS --> e-mail
<?xml version="1.0" encoding="UTF-8"?><create-rules>
<create-rule class-name="User"><required-attr attr-name="preferredName"/><required-attr attr-name="cn"/><required-attr attr-name="L">
<value><![CDATA[San Jose]]></value></required-attr>
</create-rule></create-rules>
Debugging DirXMLAuthoritative Ownership of Process
Provided fromERP application
Came fromNOS
application
DirXML 1.1Authoritative Processing
• How big is the project?
• Are you focused on the enterprise?
• Do business processes need to change?
• Does change need to be made to the infrastructure?
Personica1002
Tracks resume, job openings,offer letters etc.
PeopleSofta1001
New "Regular"Employee
Documents
HR Departm ent Em ployeeT erm ination(T erm )
Notification Process Via E-Mail
(Em T erm )(HR Line 1)
InfoSourcea1008
(W orkForce Data)
Maxim oa1011
(O ld FacilitiesApplicaton)
B IG (Requests byPhone 1-6000(F irst Phase)
Vantive(Help Desk)(HD)
NW Adm in. (Tool that facilitates account
creation, activation etc.)
NDS(Novell D irectory
Services)
G roupW ise
i1001Reg. Employee Inf.
Reg
ular
New
Hire
Inf. Regular New Hire Inf.
Regular New Hire Inf.
TerminationInf.
InfoSource E-m ailO r
Help Desk(HD)Personnel E-Mail
TerminationInf.
Termination Inf.V ia E-Mail (W eekly Report)
Termination Inf.V ia E-Mail (Daily Notification)
Security Personnel or Access Utah/SJF
Term. Inf.via e-mail
(weekly report) P
eriodic
Term.
Report via e-m
ail
Adm inistrators &Managers
Work Order Requests
Budget Analysts orFinancial Planning
Analysis (FP&A)
Oraclea4001
Request entered intoO racle W ebRequisitions
HardwareRequest
Arc
hib
us D
ata
Syn
c/M
anu
al
Fac
ility
req
uest
sfo
rwar
ded
Request Module for lights, heat, ac,p lum bing, boxes for m ove, furniture
m oves, to ilet p lugs, paper products, SJFkeys, vending requests, equipm ent
service requists
Notification to Que on Web
Call requests to HD forEm ployee Account
T erm ination
TerminationInf.
Notification to Vantive(Creates Vantive incident)
HD deactivates accountsin Infosource
(No incident is created)
Subscribers T oT erm ination Data
(W eekly Report)FromHum an Resources
Term. Inf.
via e-mail
(weekly report)
Vantive notifies HD foraccount activation/
deactivation
Acc. created or
deactivatedin NDS
Acc. created or
deactivated via
GroupWise Snap-in
Build ing T echs, CachValley Elect.,
Com puCom , HR &BayQ uality, AccessFor Incidents/W ork
O rders
Notification to
Building Technician
UNS(Unique Nam e
Search)(Searches NDS,G W & Alliases in SMT P
Agent 86
Check to insure
unique name
Check to insure
unique name
W estinghouseAccess Control
System
EPI(Security Badgecreation App.)
W orkForce AccessApplication
filled out & approvedby Manager Application Inf.entered
Application Inf.
entered
ID Badge CreatedW ith "AccessRequirements
Number"
Badge created & Bar Coded(Bar Codes are linked to Employee ID,
but said linkage is not being used)
Requests fordeactivation of
badges
Badge # forwarded forAccess Right Assignment off ofapplication
Badge activated with Access R ights
Adm inistrators &Managers
Requests for badge deactivation
via phone or e-mail
ContingentW orkforceDocuments
Contingent Workforce Inf.
Oracle, Equity Edge, Metlife,ADP, Etc.
(401k, Health, Stock etc.)
Work Force Data
file tra
nsfer
IS-NDS & G .W .G ateway U tility
Dept. Name, First-Last Name, Phone#, Fax, Job Title, MailStop, InfoSource ID, Workforce ID (Every 30 Min.)
T elecom m unications(Telephone # Ext. are
entered into Infosourceby Admins)(Telecom
Personnel sync jack#'sinto Infosource)(Audix# 's& Names entered Man.)
(K1) Single office keys cut(K2) Keys cut w ith Security approval
Facilities Move/Preventive Maintenance/Cushm an & W akefield
Bon Appe'tit
W eb(Browser Access)
Archibus DB(Located in Phoenix AZ)(DB used by BIG)(Will be
used to house CADdrawings)
Request
for K2
(Maste
r Key)
Security Approval forK2 (Master Keys)
No Special Approvalfor O ffice Keys
(K1)(Key Info Stored inKeyCode Sybase DB)
K2 Req.Forwarded
T hanksG iving Point (Landscape &G ardening)
Wor
k or
der
appr
oved
by F
ac. I
n Q
ue,
then
PB
X P
hone
# E
xt.
retu
rned
to V
antiv
e.
PBX
Phone Ext.RetrievedFrom PBX
16411 AuxilliaryPhone System
Extract For 16411 System &
Cell Phone Billing
Extract For16411
Entered
Jack# entered and sync'd with Room# in InfoSource
Daily Downloads of MailStop, Name, Phone# to Archers ARISTO DB
Archer Managem ent(Account Codes, Em p
Status, Pref. Nam e,Adm in Info checked in
InfoSource)(Som em ailstop correctionsm ade to InfoSource)
ARIST O DB(DB used byArcher, m ail
delivery)
MailStop, Name,Phone# Info Checked
Account Codes, Emp Status, Preferred Name, Admin Info Checked (Changes to MailStop Made)
O utsourced W ork F low& W ork O rders for
Contractors w ith BIGw eb queue
Maximo Account Work Order Notification (Primarily Name Plates & Signs)
Admins get phone #
off phone or call PBX &
enter it in InfoSource
W eb(Browser Access For
Incident and W ork O rdercreation in Vantive)
Incidents or W ork Requestsentered via Innerweb
NDSDis. Name, Dep. Name, F irst-Last Name, Phone#,Fax, Job T itle, Mail Stop, Infosource ID , W orkForce ID
CorporateD irectory
Sync
i1032 (Mail Stop/Domain, PostOffice,GroupWise User ID 'e-mail name'
Busness phone, Fax#, Full Context)
Preferred Nam e or Legal Nam e(if Preferred is b lank), Business T itle,
Status, Account Code, Manager ID ,W orkforce ID , Regular-T em porary
G.W. DN, Post Office, B.W. ID(e-mail name), NDS Dist. Name (Update Only)
Dept. Name, First-Last Name, Phone#, Fax, Job Title, MailStop, InfoSource ID, Workforce ID (Every 30 Min.)
Manager F ills out Job Req InfoW orkforce
Data
Resumes form withatttached resumes
scanned intoPersonic
Project ManagementProject Scope
• How many systems are involved?• Should there be a phased implementation?• Is the network stable?• Is there a mixed OS environment?• Are there global considerations?• Should there be only one directory?• How is the directory going to be used?• What standards need to be applied?
Project Management Real-Life Project Questions
• Is the new design complete?
PeopleSoft
NDSInfrastructure
Tree
D irXM L Interface
D irXM L Interface
GroupW ise
DirXML
D irXM L
PBX
NDSW orkforce
T ree
B.I.GOtherApps
NDSAuthentication
Tree
W estingHouse
e-Guide
Oracle/SeibelBay Qaulity/Vantive Etc.
W ITS(Mail Delivery
System )
D irXM L EPI
NO V Inc.
WebSelf Service Forms
C onflic ts D isclosure Form , Inte llectual P roperty Agreem ent,L icensing T echnologyD oc., I-9 Form , W -4 Form , Individual Inform ation
& Background Sum m ary, Benefic iary D esignation Form ,Basic U s R egulatory G uidelines, C ode of Business E thics
Form , Benefits Form s, N ew H ire,Job R eq,Em ployee Adm inistration Form s....
N ew E m ployeeW ho's s igned O ffe r Le tte r
E m ployee fills ou t& subm its
requ ired fo rm son web
D irXM L/LDAP
M anageraccesses W eb to do
M anager S e lf S erviceP rocesses
Enterprise Inform ation DataStore
Applicable DataTransfered
Data not in NDS Applications i.e.
eTrade, ADP, etc.
Project Management Real-Life Project Objective
• Does it meet business objectives?
• Is there a single project sponsor?• Has a project manager been assigned?• Is the project team well represented?• Does the project have enterprise-wide support?• Is funding for the project adequate?• Does the project have a well-defined scope?• Is the timeline of the project appropriate?• Do you have the skills necessary to do the
project?
Project Management Real-Life Project Structure
• Preparation• Understanding the requirements• Working out the details• Managing the deployment when things go
wrong• Understanding how solutions can be built
around DirXML• Keeping current on latest driver
developments and style sheet examples
Project Management Real-Life Project Success
• Applying all rules in a test environment with real data
• NOT connecting your test environment to your production environment via an eDirectory-to-eDirectory driver
• Stepping back and analyzing the situation when things go wrong
• Looking at configuration, rules, and XSLT; mis-configuration is generally the source of the problem
Project Management Real-Life Project Success Includes
• Understanding the authoritative source of data elements (defining filters appropriately)
• Knowing what events cause other events to be triggered
• Configuring rules to enforce prerequisite and dependency policies
• Knowing and understanding your data• Completeness in rule configuration; don’t
code with the option of “When Other…Do”
Project Management Real-Life Project Success Includes
Use Real-Life ExamplesMany Systems to Connect
eDirectory
Use Real-Life ExamplesMany ERP Systems to Connect
Multiple AuthoritativeMultiple AuthoritativeSourcesSources
Multiple AuthoritativeMultiple AuthoritativeSourcesSources
Multiple AuthoritativeMultiple AuthoritativeSourcesSourcesMultiple AuthoritativeMultiple Authoritative
SourcesSources
Satellite Link
DirXML
Use Real-Life ExamplesVarious Connectivity Issues
RecapNovell DirXML Bundle
• DirXML 1.1 Bundle includes Engine eDirectory driver Active Directory driver LDAP driver Exchange 5.5 driver Notes driver NT Domain driver Delimited Text driver GroupWise® driver
RecapAdditional Drivers
• DirXML Driver for PeopleSoft• DirXML Driver for SAP• DirXML Driver for JMS• DirXML Driver Password Sync
DirXML Training
• DirXML Beginner—Course 992• DirXML Advanced Technical Training
Architecture overview XML, Rules, Filters Advanced XDS Rules and XSLT Utilizing XSLT style sheets for DirXML
www.novell.com/registernow or
call 800.233.educ option 4
DirXML Sessions at BrainShare 2002DirXML Engine
• IO118—Introduction to Novell DirXML
• IO119—DirXML Competitive Comparisons
• TUT235—Understanding Novell DirXML Technology
• DL303—Novell DirXML Commands, Events, and Transformations
DirXML Sessions at BrainShare 2002Driver Deployment
• TUT236—Configuring DirXML Drivers for JDBC, iPlanet, and Delimited Text
• TUT237—Configuring DirXML Drivers for eDirectory, Active Directory and Windows NT Domains
• TUT238—Configuring DirXML Messaging Drivers (Exchange, Notes, GroupWise)
• TUT239—Configuring DirXML Drivers for ERP Systems (SAP and PeopleSoft)
DirXML Sessions at BrainShare 2002Driver Development
• DL302—Custom DirXML Driver Development
• DCB330—DeveloperNet® University: Developing DirXML Drivers
