`
`NETWARE DIRECTORY
`SERVICES
`T REE
`
`. .
`
`F I G .U R E
`
`5 . 12 .
`
`The maximum number a(
`subordinate containers is 50
`at each level in the tree.
`Beyond this number yau
`should consider adding
`another level in your tree to
`distribute your containers.
`
`F I G U R E
`
`5. 13
`
`Another name for the
`[ROOT] object is
`ACME_TREE
`
`OU =LOCI
`
`OU =LOC2
`
`OU=LOC3
`
`OU=LOC49
`
`OU=LOCSO
`
`For synchronization efficiency do not exceed
`SO contain ers at each level in the tree.
`
`[ROOT]
`
`( ACME_ TREE)
`
`OU=NORAD
`
`rh
`
`OU=RIO rh
`
`OU=CAMELOT
`
`rh
`
`OU=TOKYO
`
`rh
`
`OU=SYDNEY
`
`rh
`
`The name of the tree should be a uniqu e value on the network ,.vire because the tree
`uses SAP to broadcast to the client or workstations where the tree can be found. SAP
`bootstraps clients and all applications requiring NOS to find the NDS database very
`efficiently. If you need to tnstall more than one physical NOS tree make sure that the
`trees have different nam es. An exampl e of this imp ortant point is illustrated in
`Figure 5.14 .
`
`...
`
`209
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 1
`
`
`
`CHAPTER
`
`5
`
`NOVELL'S
`GUIDE T O N ET WAR E
`4 . 1 NETWORKS
`
`..
`
`F I G U R E 5.14
`
`You may have multiple trees
`on your network. Each NOS
`tree must hove a unique
`name such as ACME_ TREE I
`on Server I and
`ACME_ TREE2 on Server2.
`
`AC ME_TREE I
`
`..
`
`ACME _TREE 2
`[Roon---
`
`•
`
`-Server I
`
`•
`
`-
`
`I
`Server 2
`
`The compan y name plu s _TREE is reco mm end ed because it clearly idemifi es the tree
`SAP as an NDS tree when you display serve rs at a conso le. Be ca refu l not to make this
`name too long. Also, the SAP does not supp ort spaces in the nam e , w hich is ad vertised
`via SAP, and the NetWare 4. 1 INSTALL utility will not let you p lace spaces in th e tree
`name.
`
`The NOS tree always starts with the [ROOT] contain e r object. In
`most discussions, however, the [ROOT] object
`is not counted
`as a
`layer in the tree.
`
`is
`that d e fines the [ROOT]
`The object class de finition in the schema
`is the only instance of the
`the object class TOP. The [ROOT] object
`object class TOP and for this reason TOP is known as an effective
`class .
`
`TIP
`
`(
`
`NOTE
`
`210
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 2
`
`
`
`CHAPTERS
`
`NE T WAR E D I RECTORY
`SERV
`I CES
`TREE
`
`The [ ROO T ] object is parent to either the C=Countr y ancl/or 0 =0rg anization . Novell
`Consulting Ser.i ces recommend s that you use the 0=0 rganization below [ROOT] rather
`Lhan the C=Cou nt ry obj ect.
`
`To Use or Not to Use the C=Country Object
`The C=Country designator is used to specify a particu lar country code based on the
`X.500 standa rd. Pub lic network prmiders , such as NetWare Conn ect Services (NCS)
`being offered with the coo peration of Novell, will make use of the Countr y object in
`their tree. Th e qu estion often asked is, "If a compan y wants to connec t to a pub lic
`ser.rice provider, is it requir ed to use the C=Country code in Lhe NOS tree?" Most
`comp anies are not requir ed Lo use Lhe counuy object for their corporate tree . Instead,
`they can create a separate tree used for conn ecting to the public data network or th rough
`a client that can conn ect Lo multip le trees.
`If you cho ose to use the Country object, keep in mind that it will ad d an additional
`layer LO your NOS tree and it will also create some rather odd distingu ished names for
`your objects . Consider the example below in Figure 5.15. lf we were to add the Counny
`object to the ACME tree, which cou ntry do we choose? Do we use multiple count ry
`codes? For our exampl e, ACME is headqu artered p1imarily in CAMELOT; therefore,
`our Country object will be C=UK for England in this example.
`Lets look at some of the users contexts that would be created in othe r locations i.f we
`used only th e C-UK COUNTRY designa tor. Abe Lincoln resides in the RlO location and
`so hi s context would be:
`
`CN=ALINCOLN.OU=AUDIT.OU=ADMIN.OU=RIO.O=ACME.C=UK
`
`User Sherlock Holmes in the TOKYO location would have the following context :
`
`CN=SHOLMES.OU=CRIME.OU=TOKYO.O=ACME.C=UK
`
`Now, if your nam es are supposed to adequ ately desc1ibe and ident ify a user 's location
`in the tree, these examples are a little con fusing and add more leng th to the comexl.
`Also, for some users who work in both the UK and the Uni ted States , it is difficult , if nor
`impossible, to de tenni ne where in the tree they belong.
`lf you have already implemented the Cou nt ry obj ect in your tree , not to worry. ll
`does not cause any serious consequences, but keep in mind the previous consid eration s.
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 3
`
`
`
`CHAPTERS
`.
`.
`.
`NOVELL
`GUIDE TO NETWARE
`4 . I NETWORKS
`
`.
`
`' s
`
`F I G U R E 5.15
`The use of the Country
`objea can create some odd
`contexts in your tree.
`
`[ROOT]
`
`O=ACME
`
`OUaNORAD
`
`O
`
`U=RIO
`
`OU=CAMELOT
`
`~ ,
`OU-T OKYO
`~-
`-·
`
`-·
`
`ii ":~u;;.
`J;~~
`"" OU•C""'
`-ij
`,
`OU•:; ~<N ~ OU•C~ ~
`8 cN~""""
`
`-ij
`
`OU=FAC OU=AUDIT OU=MRKT
`
`~icN-~"'""
`
`. h al Jeast I e
`Name the O=Organixation for Your Company
`oi1e
`Alter the IROOTI object al the top, you will provide the NDS tree wol DS trees. T1.
`0°0 rganization. At least one OaOrganization object is required for all ~organiZau
`00
`subsequent layers in the tree (the OUs) will be placed directly below the 0 -
`. co01P~i1Y
`any na ,
`We recommend that you name the OaOrganization the same name as
`YOU!
`J11e
`b
`or use an abbreviation. Most companies use an abbreviation ror the comp_ comP""
`1
`ecause tt lS easter w en you are tyPing an object'.s context. For exam P ·
`e,Y C•
`· ·
`·
`h
`le ou1
`,,5e,
`l ~~
`d
`.
`.
`.
`.
`lS name A Cure for Mother Eanh, wh,ch " abbreVlated to A CME ln a m
`
`ll
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 4
`
`
`
`lhe Orga~ization layer in lhe tree contains only one 0=0 rganization, wruch gives you a
`single obJecl Lo represent the entire companr Figure 5.16 shows how we have named
`our organization to represent our company name AOv!E.
`
`••i .....
`
`M•i;IMitN
`ACM£· is representative of
`our e · ntire company and is
`.
`used as
`our organization
`nome in our NDS tree.
`
`CHAPTER
`
`5
`
`NETWARE DIRECTORY
`SERVICES
`T REE
`
`[ROOT]
`
`Organization name
`
`OU=NORAD
`
`OU=RIO
`
`OU=CAMELOT
`
`OU=TOKYO
`
`OU=SYDNEY
`
`..
`
`CONSULTING EXPERIENCE
`
`We recommend that you not name the O=Organization the same name that you
`used for the NDS tree. For troubleshooting purposes, the NDS tree should be
`named with the company name plus_ TREE, and the O=Organization should be named
`With just the company name or an abbreviated company name. Th e AC ME
`corporation would therefore be named O=ACME, with a tree name ACME_ TREE.
`
`Your company may want lo use more lhan one 0=0rga nization if your corporation
`has multiple companies that do not share the same network infrastructure. For example,
`the large conglomerate shown in Figure 5.17 uses multiple 0=0 rganization objects
`because there are two separate companies (separate network infrastructures) included
`in a single NOS tree.
`
`13
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 5
`
`
`
`CHAPTERS
`
`NOVELL'S
`GUIDE
`TO NETWARE
`4 . I
`NETWORKS
`
`~
`
`.
`
`F I G U R E
`
`5. 17
`
`A large conglomerate
`company with multiple
`O=Organization objects
`
`[ROOT]
`
`O=ABC_INC
`
`O=XYZ_INC
`
`SFO
`
`DAL
`
`ATL
`
`NYC
`
`woe
`
`BOS
`
`CONSULTING EXPERIENCE
`
`A single NOS tree with t>No or more O=Organization objects is rarely used and is
`not usually recommended. This configuration
`is not often used bec ause one of
`the design goals is to represent the entire corporation
`in the single tree with the same
`organization name.
`
`Small Companies
`ln some cases the tree design can be finished very easily for sma ll companies al this
`point because most servers, users, and other resourc es can be pla ced in th e O rganization
`container without creating any mor e conta iners. If you are th e n etwo rk man ager
`responsible for all users, print ers, and servers, you can simpl y gro up everyo ne in the
`same container, which can be the Organization conlainer .
`Figure 5.18 shows how a tree design can be very simpl e for a small co mp any. If
`ACME had only a few servers in a single location , its tree cou ld appear as shown in Lhe
`figure. You may still want to subdivide the tree a little if you h ave se pa rate gro up s.
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 6
`
`
`
`CHAPTER
`
`5
`
`NETWARE DIRECTORY
`SERV
`ICE S
`TREE
`
`F I G U R E 5. 18
`
`Small companies can group
`all their resources in the
`organization container if they
`have only a single network
`administrator managing all
`resources.
`
`CN=GWashington
`
`CN=KingArthur
`
`CN=ACME-SRV I
`
`CN=ACME-SRV I_SYS
`
`8
`8
`@
`~ a
`~
`~ a
`
`CN=ACME-SRV2
`
`CN=ACME-SRV2_SYS
`
`The Geographic Design:Top Layers of the Tree are the
`OU=Organizational Units
`As mentioned previously, the layer below the 0=0 rganization is the first layer or
`OU==Organizational Units in the NDS tree. This layer of OUs is the most imponant layer
`of the NDS tree because it represents the geographical locations of your company. Using
`your company WAN maps or WAN documentation you can carefully design the contents
`of this layer, which becomes the foundation for the entire tree. This method is often
`referred lO as the geographical design approach because you use your company's
`geographic or location inf01mation for the design at the top of the u-ee.
`The key to designing the top of the u·ee is to match the WAN infrastrncture or locations
`of your company with the first OU layers or containers. Based on our experience at
`many sites, the design of the top of the tree should be completely based on the WAN
`infrastructure. You will have a successful NOS tree design if you follow the guide1ine of
`representing the sites of your company with the top-most OUs. Figure 5 .19 and Figure
`5.20 illustrate how the top layer of the ACME tree is designed based on the physical
`WAN layout of the company
`
`..
`
`JIS __
`
`__.
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 7
`
`
`
`CHAPTER
`
`5
`
`' S
`NOVELL
`GUIDE T O NETWARE
`4 . 1 NETWORKS
`
`1f you are a small company (no WAN, 5 servers or fewer) . you can simpl y use Lhe first
`Organization container you created to name your company . This cornainer will hold all
`your objects includin g p1imers, serve rs, and users . Admini stra tio n of a single conta iner
`is very easy and requires very liule maimenance.
`
`F I G U R E 5.19
`
`Physical WAN layout for
`ACME
`
`Physical WAN Layout for ACME
`
`[ROOT]
`
`OU=NORAD
`
`OU"'RIO
`
`OU"'CA MELOT
`
`OU= TO KYO
`
`O U=SYDNEY
`
`F I G U R E
`
`5.20
`
`Top layer of the tree design
`for ACME. which is based on
`the physical or geographical
`WAN sites
`
`____
`
`2 __ 16
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 8
`
`
`
`C: HAP TE R 5,
`
`NE T WA RE DIRECTORY
`SER V ICES
`TREE
`
`In genera l. it your com panr has mu!Liple geographic sites or locations , you sh ould
`represe nt Lhe locat ions in Lhe NOS tree aL Lhe LOp of you r Lree. The organizational structure
`of depa n mc n Ls, divisions, and workgrou ps wil l b e placed unde r eac h of these loca tions.
`Keep in mind Lha l o ne of our des ign goa ls is Lo design a flexible tree in which changes
`arc.: easily made . As you migh 1 expect , there are a few exce ptions lO rhe p ractice of
`des igning geographica lly:
`
`Com panies wirh a single s ite or camp us-co nn eCLecl network are not dependent
`upon Lhe geogra pllic design approac h . Since this config urati on does n OL have
`physical loca tions Lhat can be placed unde r o r created ns OUs . you \vill ski p the
`geograp hical design approach at the top of the Lree and proceed direct ly w the
`de partme nt al design approach. Some compan ies wiLh few serve rs and u sers
`may not need to create additiona l containe rs. Rath er, Lhey can place all th e NOS
`o~jec ts u nde r the single O=Orga nization.
`
`For compan ies vvith WAN s ites or local.ions connected with very high speed
`links , suc h as T-3 or greater. the locatio n OUs are less importa n t because the
`limitatio n o[ th e \NAN has been removed. Thi s is because WAN speeds are
`approac hing LAN spee ds. For the purpose of NOS tree design, the h igh-speed
`\,VAN connec tions really represen t LAN bandwid ths. However , we still
`reco m mend that you use the geograph ic design approach . See the section
`"Desi on Lhe Bottom I .eve! o[ the Tree'' later in Lhis chapter.
`b
`
`CONSULTING EXPERIENCE
`
`Many companies still choose to use geographic containers even though they have
`very high speed WAN links. One company, for examp le, has a metropolitan area network
`(MAN) running FDDI to connect 12 buildings together across a city. The basis for
`the company's decision to use geographic sites at the top of the tree was twofold .
`First, for administrative purposes, the company wanted a single administrator to support
`each
`site. The
`site s gave
`the
`tree
`a good place
`to break out
`security
`administration. Second, the company was installing an e-mail application on its servers
`at each geographic
`location . So, even though a company has high -speed
`links,
`it may still choose to design geographically.
`
`117
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 9
`
`
`
`C APTER
`
`S
`
`NOVELL'S
`G U JDf TO NETWARE
`4.1
`NETWOP.KS
`
`When considering a campus network layout, such as a research park or univers ity.
`consider first the speed o[ Lhe links between the buildings or l1oors or the campus
`network. The locations in the campus net, ,vork, such as build ings. could be used Lo
`represent rnlnorsite.s in the network infrastructure and in the NDS tree. Th e bui ldings
`in the campus network can be useful container o~jects if they help urganize yo ur net work
`resources and the NDS tree. The ability LO effectively orga n ize network resources is one
`of your design goals. The ACME tree NORAD location as shown in Figure 5.21 has used
`buildings named by function as its organizational units . Either design approa ch is
`acceptab le. You must detennine which one provides
`the best clescnpuon of }' OUr
`environment .
`If your company does not have a WAN infrastruclllre but on ly a LAN network,
`then
`you can skip the geographical design approach and go directly to the departme nt al
`design discussed later in this section.
`
`the Location OUs
`Regional Layer of Org(lnizational Units Helps Distribute
`In some cases, it will be necessary to place regional conta iners direc tly below the
`0=0rganization
`in the NDS tree to more fully distribute the total n urnber of locations or
`geographical sites. Placing Tegional OUs under the 0=0rganization,
`but before the actual
`location OUs, will inCTease NOS operating efficien cy and give th e tree a clo ser pyramid
`shape.
`
`~ ~ .,,,.
`
`Router
`~O
`~ <;11.\(.1!,t.O
`
`'L
`
`F I G U R E 5.21
`
`The ACME NORAD
`organization units are
`named based on their
`funaions, which ore also the
`building names such as
`OU=CHARITY. OU=lABS,
`and OU=PR.
`
`Labs Building
`Includes Re.s:ti.1.rch 2nd
`Dovolopmont (V/R,
`Polluuon,:ind Nudoar) ,nd
`World Hcold, lnde><
`
`-
`
`Router
`~
`NORAD
`f\outrir
`F.DDI
`Backbon: ~ ,.1:~
`
`-Router
`
`__
`
`~. ····· S12KBtoTokyo
`
`R.outc.r
`
`=il=a ~~ -r
`~ Romer
`
`11
`
`Rout.er-
`
`Charicy
`Building
`
`Public
`Relations
`Building
`
`218
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 10
`
`
`
`NETWARE D I RECTORY
`S E RVICES
`TREE
`
`As an e.,-xamplc , consider the com prmy ACM E as we change the \,YAN layom Lo include
`more offices or ciLies around Lhe wo rld . We are changing ACM Es \,VAN infrastructure
`on ly for th 1s exampl e. Figure 5.22 illustrates Lhe oITices or ciLtes thaL are connec Led
`toge ther via 56K links . Each of Lhe cities add ed Lo the VIAN layou t is connec ted LCl its
`apprnpriaLe regiona l hub . Using the WAN inf rnstrncture, \ve ha ve d esigned a new tree ,
`whil h includ es regiona l OUs named North America (NA), South America (SA), Europe
`(EUR), Asia (AS1A), and Austrulia (AUST). these regiona l OUs group the appropriate
`cities and help keep the NOS tree design closer to a pyrami d shape. See Figure 5.23 for
`the new ACME tree based on regiona l comainers. Notice how the physica l vVAN la)' OUL
`in fi gur e 5.22 is dri ving th e tree design in Figure 5.23.
`I [ yc>Ur network utilizes a WAN infrnstm cture ,vi.ch a numb er of physica l sires or
`offices, you may wanL Lo create regional contai ners based on tho se \VAN sites aL [he cop
`layer, w hich will help disuibute the individual offices. Having the regional OUs helps
`th e NOS tree op erat e mo re elTiciemly durin g all phases of operation .
`
`F I G U R E
`5.22
`Example of ACME with
`regions and cities. This ,s
`typically called a "hub
`and spoke" WAN
`infrastructure.
`
`Tokyo
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 11
`
`
`
`CHAPTER
`
`5
`
`NOVELL'S
`GUIDE TO NETWARE
`4.1
`NETWORKS
`
`F I G U R E 5.23
`Example of ACME tree with
`the regions and cities as the
`top layers
`
`. .
`
`[ROOT]
`
`OU =NA
`
`OU=SA
`
`OU =EUR
`
`OU=ASIA
`
`OU =AUST
`
`,
`
`OIJ:O..'£
`
`, ,
`4 ~ ~ ~
`
`OU~EA
`
`OU=Sf0
`
`OU=LA OU=MEX OU=NORAD
`
`OU:CAM
`
`~ ~ ~ °@ 6@ ~
`
`OU=GEN
`
`OU=SYO OU=AUCK OU=Mu.
`
`OU=LON QU:YQI\)(
`
`OU=TOK
`
`OU=HK OU =SEOUL O U=SING
`
`Departmental Des ign:Top Layers Not Based onYourWAN
`The departmental design approac h can be used most efficiently at the top of the tree
`only if your company does not have a WAN infrastructure or othe r locat ions to consider.
`If your company has only a LAN-based network , then you can skip the design of the top
`layers and go directly to the bottom layer design, which is based so lely on Lhe organizat ion
`of the company.
`If you have WAN links you may consider designing your NOS tree by placing the
`departments, divisions, and workgroups al the top of the tree and placing th e physical
`locations at the bottom. This method is often called the departmenta l design approach
`and is not recommended
`for a compa ny with a WAN infra structur e. Having the
`organizations placed at the top of the tree is a less efficient tree design because any
`change to the top organizations will ripple down the entire structure, including the sites
`locations below.
`Consider the example in Figure 5.24 in which we have designed the top of the tree
`organizationally with locations at the bottom. The first question you need Lo ask is
`where do most network changes occur? Most changes will occur in your organiza tion.
`Thats not to say that changes don 't occur in geographic sites as well, but the y are less
`
`
`
`_______ 2=2 ....... 0 ---~
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 12
`
`
`
`CHAPTERS
`
`NETWA RE DIRECTOR Y
`S ER V ICE
`S
`TREE
`
`frequ ent . ll1erefore, whe n you make changes to the tree you want to impact as few
`people as possible. This is the third des ign goal of building flexibility into the tree design.
`ln tenns of other design elements, suc h as admin istration, partitions, rep licas, network
`resource placement , login sc1ipts, and bindery services, it is app arent that the organization
`layers at the bottom of the NOS tree more ade qu ately add ress these features.
`
`F I G U R E
`
`5.24
`
`The ACME tree with
`organizations at the top and
`geographic sites on the
`bottom is a less nexib/e way
`to design a tree in a network
`with WAN links and multiple
`locations. This is not a good
`tree design.
`
`, ,4 ,!, 4 , ..
`
`O U=HR
`
`O U=LABS
`
`OU=OPS
`
`MED
`
`FOOD SHELTER PEACE
`
`DIST
`
`AN
`
`CHARITY
`
`[ROOT]
`
`OU=C RIME
`
`,
`I
`,1, =
`
`WH ITE Bl UE
`
`O U=A DM IN
`
`, ·-
`
`MRKT
`
`PR
`
`AUDIT
`
`N
`
`~
`
`•
`
`•
`
`R&D WH I
`
`-.
`VR POLL NUC
`
`NORAD RIO CAMELOT TOK\'O SYDNEY
`
`NORAD RIO CAMELOT TOKYO SYDNEY
`
`DESIGN THE BOTTOM LEVEL OF THE TREE
`You shou ld design the bottom level of the NOS tree along the organizational li.nes of
`your co mp any by using your company:S organizational charts or similar docume nts.
`The bottom layers of the tree are made up of OU containers, which are based on the
`divisions, departme n ts, workgroup s. and teams under each of the various locations
`defined at the top of the tree. Figure 5.25 shows the ACME organizat ion chart that we
`will use in our tree.
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 13
`
`
`
`CHAPTER
`
`5
`
`NOVELL'S
`GU IDE TO NETWARE
`4.
`I
`NETWORKS
`
`F I G U R E
`
`5.25
`
`The ACME organization
`chart used in our NOS tree
`
`. .
`
`Board of Directors
`forACME
`
`HUMAN
`RIGHTS
`
`~
`
`I OPERATION
`
`ADM INI ST RATION
`
`CRIME
`FIGHTIN G
`
`~
`
`REST OFTHEACME ORGAN IZATIONA L CHART
`GOES HERE
`
`The bottom layers of the tree should repr esent the network reso ur ces locmed in the
`lAN network of the location or site. Since the l.AN supp orts a greater bandwidth or
`throughput of information tha n the WAN, the design of the bouom laye rs is extreme ly
`flexible. You, as the designer and adm inis trator, can shape th e bo u om o f th e tree to meet
`your specific needs.
`We recommend that you design the bottom of the tree based on th e o rganizational
`chan documents because the users and admini strat ors are alrea d y fami liar with that
`type of layout. Remember that the bottom section is flexible if it is designed around
`organizations. You will discover throu gh experience that a tree des igned with the
`organizations at the bottom of the tree can more easily adapt to the changing requ irements
`of the corporation. Figure 5.26 shows the bottom layers o f the ACME tree based on the
`organizational charts for each ACME site.
`During the design of the bottom of the NDS tree, ensure th at th ere is a place for every
`user and network resource curr ently in your compan y Remember th at the prim ary goal
`in designing the NOS tree is to organize the ne twork resour ces, includin g th e users. 1f
`you do not have a place for all the users or network resour ces then you need to adju st
`your tree design. The bottom layers are typica lly the on ly ones affec ted. Refer back to
`Table 5.1 for the ACME resource list. This list has inform ation on serve rs and print ers
`and provides you with helpful infom1ation for placing resources in you r tree .
`
`222
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 14
`
`
`
`C H APTERS
`
`NE T WARE D I REC TO RY
`SER V I C E S
`T R EE
`
`F I G U R E 5.26
`
`The ACME tree with the
`bottom layers of OUs based
`on the organizational charts
`of the company
`
`OU •NOMO
`
`86
`- ~
`
`rd,.,,
`- ~
`
`OUCSYONEY
`
`As mem ioned earlier, the botto m com ainers or OUs in the tree are typica lly the
`d ivisions, depan mems, workgroups, an d teams of your com pany Do no t include as
`comaine rs any individu als that appear as division or departm ent heads in your companys
`orga nizational chan s. You simp ly want to ident ify the fun ctional groups or departm ents;
`the ind ivid uals beco me the users in each container.
`
`The ACME Tree Design
`Not ice in Figure 5.27 that the top layers of the ACME tree are based solely on the
`WAN infrastructure and will remain fairly stable or constant. Once the WAN infrastructure
`for ACME is considere d in the design, the des ign effon shifts to the bottom of the tree.
`The bottom of the tree is based on the organizational chart for ACME. Most of the
`net wo rk resources will be placed in the bottom of the tree. Figure 5 .2 7 illustrates a clear
`divis ion betwee n the top and bottom of the tree design phases in which the top is based
`on locations in the \iVAN and the bottom is based on the companys organ izational
`infor mation after crossing into the LAN infrastructure.
`
`22
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 15
`
`
`
`CHAPTERS
`
`NOVELL'S
`G UIDE T O NE T WARE
`4 .1
`NETWORKS
`
`F I G U R E 5.27
`
`The ACME tree has been
`designed and consists of two
`phases: the top and bottom
`of the tree.
`
`•
`
`TOP
`-based on
`WAN locations
`
`BOTTOM
`- based on
`organization
`
`Placement of Network Resources
`The placement of the network resources, such as serve rs or primers , in the tree cou ld
`affect how you design the bottom layers. As you decide where Lo place the phys ica l
`network resources in the tree, you should consider the needs of the users who \,viii shar e
`these resources . If the network resou rces are orga ni zed according Lo divisions,
`depanments, and workgroup s, they should be placed in the same coma iner with the
`users. However, if the network resources offer services LO mul tiple departments
`in one
`site or location, you should place the resources in the location OU.
`The placement of the netw ork resources is an impottan t design co nsidera tion for th e
`bottom of the tree because the appropriate OUs or cont ainers need Lo exist to place
`resources. If the OUs or containers do not exist then they wi ll need to be created.
`Remember that one of the primary goals for designing the NOS tree is to organ ize yo ur
`network resources.
`With your resource list in hand , you can place your resources in th eir appropriat e
`locations in the NDS tree. Below, we display illustration s of the ACME trees five main
`sites. Included with each of these illustrations are some examp les o f how objects can be
`used in the ACME tree for the greatest impact and efficiency Figur e 5.28 shows the
`NORAD subtr ee with its resources.
`
`224
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 16
`
`
`
`CHAPTER
`
`5
`
`D I R ECTORY
`NETWARE
`TREE
`SERV
`I CES
`
`F I G U R E _ S.28 _
`
`ACME NORAD Site
`
`OU=NORAD
`
`~ le
`El NO R-SRVI
`El NOR-SRVI-SYS
`
`OU=CHARrn'
`
`OU=LABS
`
`OU=PR
`
`i A6nstc tn
`@ LABS-SRVI
`El lABS-SRVI -SYS
`
`~
`OU=WHI
`
`'8l Sir<iJWJ1n
`1:1. N OR-CHR-SRVI
`@ NOR-CHR-SRVI-SYS
`0 NOR-CHR -PSI
`8 HP4SI-PI
`8 HP4SI-PQI
`
`OU=R&D
`
`i LDJVind
`ti. R&D-SRV I
`~ R&D-SRVI-SYS
`El R&D-PSI
`
`i8i DCLtrlce
`l:l NOR-PR-SRVI
`§1 NOR-PR-SRV I -SYS
`El NOR-PR-PS I
`e§:i HP4SI-P I
`8 HP4SI-PQI
`~ CANONBJ-PI
`& CANONBJ-PQ I
`
`i§i CB:ibbage
`i Ad,
`~ WHI-SRVI
`§ WHI-SRVI-SYS
`§1. WHI-SRV2
`g WHI-SRV2-SYS
`§ WHI-SRVJ
`@I W HI-SRVJ-SYS
`El W HI-PSI
`8 CANONBJ-PI
`i§i CANO NBJ-PQI
`
`OU=POLL ta co, rwin
`
`8 HP4SI-PI
`~ HP4SI-PQ I
`
`OU=R&D
`
`ti MCurie
`
`8 HP4SI-P2
`Bi HP4SI-PQ2
`
`O U=VR
`
`~ a !Newt on
`t ~ HP4SI-PJ
`
`~ HP4SI-PQJ
`
`At the NORAD site, as well as all other sites, we have placed a central server at the top
`OU=NORAD. This server will hold the master replica of the NORAD pa rtition and can
`also function as an e-mail server for this location . The same pro cess is repeated at all five
`sites .
`Notice that the namin g standards follow a very simple pattern based on our n amin g
`stand ards document. Servers are always defined by uniq ue names across the entir e tree
`because of th e SAP requir ement. Print ers and print queues, however, can h ave th e sam e
`name as long as they reside in different cont ainers, such as HP4 Sl-P l , found in both
`OU=CHA RlTY and OU=POLL containers.
`
`225
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 17
`
`
`
`CHAPTERS
`
`NOVELL'S
`GUIDE TO NETWARE
`4 . 1 NETWORKS
`
`In Figure 5.29, the RIO location shows the placemenL of resour ces in eac h of the
`departments. It is not necessary to place all users in you r tree using d rawi ngs such as
`these. We have included a user in each location as an exampl e. The prim ary pu rpose in
`placing objects in this fashion is to determine their general placeme nt in the tree. This
`will give you a better under standin g of organizatio ns and their resourc es.
`
`F I G U R E 5.29
`
`ACME RIO Site
`
`~
`lei
`OU =RIO
`
`8 RIQ,SRVI
`0 RIO,SRVI-SYS
`
`OU=ADMIN a GWa1h1ngton
`tl ADMIN,SRVI
`kl ADMIN,SRVl,SYS
`cl ADMIN,SRV2
`tl ADMIN,SRV2,SYS
`D ADMIN,PSI
`t§J CANONBJ ·PI
`eh CANONBJ·PQ I
`
`OU=CHARJTY
`
`filSir-Pf!rvial El RIO,CHR,SRVI
`El RJQ.CHR-SRVI-SYS
`ID RIO,CHR, PSI
`8 HP-ISl,PI
`eb HP4Sl,PQ I
`
`OlJ =PR
`
`a DCl>rl<c
`l:l RIQ .Pf\.SRV I
`El RIO ,PR,SRV I ,SYS
`8 HP4Sl,PI
`8 HP1Sl,PQ I
`8 CANONBJ ,Pl
`8 CANONB J·PQ I
`
`OU =FAC
`
`rJi1 JM:.diwn
`@. FAC,SRVI
`@ FAC,SRVI-SYS
`8 HP-ISi.Pi
`8 HP4Sl,PQ I
`8 HPll/,P2
`~ fAC, PSI
`
`OU=AUDIT
`
`i AUncoln
`g AUDIT-SRVI
`El AUDIT,SRV I ,SYS
`c§i HP4Sl,P I
`8 HP4Sl· PQI
`
`OU=MRK T
`
`i TJcffc~on
`g MRKT,SRVI
`0 MRKT-SRVI-SYS
`8 HPlll,Pl
`Bi HPllf.PQ I
`8 HPlll,P2
`8 HPlll,PQ2
`
`In addition to creating user and server objects, you will want to crea te so me other
`objects as well. For the RIO location , as well as all maj or locat ions, you shou ld consider
`creating an organizational role object as the site admini strator. Grant su perviso r 1ights at
`the site location , such as RIO, to the organiza tiona l role object. Fo r examp le , create a
`
`26
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 18
`
`
`
`CHAPTER
`
`s
`
`NETWARE DIRECTORY
`SERV
`I C E S
`TREE
`
`role called ADM IN_R IO . You can then move a user or two in as occu pants of the role. If
`you have multipl e admini strat ors managing organizations at the same site, you ma y
`wam to create separate roles for each department.
`Since CAMELOT is basically the center of activi ty for the ACME tree, you may want
`Lo maintain contro l ove r the ADM IN user object from this locat ion . Change the password
`frequently an d limit the number of user s vvho kn ow the password . An exa mpl e of the
`CAMELOT site is show n in Figure 5.30.
`
`F I G U R E 5.30
`
`ACME CAMELOT Site
`
`OU=CA MELOT
`
`El CAM-SRVI
`l:l CAM-SRVI-SYS
`
`OU=CHARITY a S,,G,Wud
`El CAM-CHR-SRVI
`El CAM-CHR-SRVI.SYS
`ti. CAM-CHR-PSI
`8 HPS-PI
`8 HPS-PQI
`
`OU=OPS
`
`i KAnh ur
`§ Of'S.SRVI
`B Of'S.SRVI-SYS
`§ OPS-PSI
`8 CANONBJ-PI
`8 CANONBJ-PQI
`
`OU=PR
`
`i DEnelson
`El CAM-PR.SRVI
`§ CAM-PR-SRVI-SYS
`g CAM-PR-PSI
`8 HP~SI-PI
`8 HP~SI-PQI
`
`OU=DIST
`
`a Merlin
`l:l OIST.SRV I
`ti. DIST-SRVI-SYS
`El D1ST-SRV2
`g 01ST-SRV2-SYS
`tl DIST-PSI
`8 HPIII-PI
`8 HPIII-PQI
`
`OU=FIN
`
`a Gumcverc
`l:l RN-SRVI
`l:l FIN-SRVI.SYS
`El FIN-SRV2
`El FIN-SRV2-SYS
`El FIN-SRV3
`@ FIN-SRV3-SYS
`El FIN-PSI El FIN-PS2
`
`8 HP4SI-PI
`8 HP4SI-PQI
`c9i HP4SI-PI
`8 HP4S1-PQ1
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 19
`
`
`
`CHAPTER
`
`5
`
`' S
`NOVELL
`GUID E TO N ETWARE
`4 . 1 NETWORKS
`
`You can also use directory map objects to simpli fy the adminis tration of your users.
`For example, the SYDNEY office uses directory maps in all their conta iner login scripts .
`As versions of their specialized software change, the SYDNEY site administ rato r changes
`only the pointer of the directory map object Lo the new software version. This au to(cid:173)
`matically enables all users in SYDNEY to see the new version of software because all
`container login scripts use the same d irectory map . An example of this site is shown in
`Figure 5.31.
`
`F I G U R E 5.31
`
`ACME SYDNEY Site
`
`OU=CHARITY
`
`i Sirlancelot
`J:l SYD-CHR-SRV I
`Q SYD-CHR-SRVI-SYS
`51. SYD-CHR-PSI
`8 HP4SI-PI
`~ HP4S1-PQ1
`
`~
`~
`OU=SYDNEY
`
`El SYD-SRVI
`fil SYD-SRVI-SYS
`
`OU =HR
`
`OU=PR
`
`i Ghand•
`ID HR-SRVI
`§ HR-SRVI-SYS
`0 HR-SRV2
`lit HR-SRV2-SYS
`0. HR-PSI
`e) HP4SI-PI
`8 HP4SI-PQI
`
`di) MCbM
`ID SYD-PR-SRVI
`El SYD-PR-SRVI-SYS
`l:1 SYD-PR-PS I
`8 HP4SI-PI
`Bi HP4SI-PQI
`
`OU =PEACE
`
`i Buddh a
`fil PEACE-SRV I
`El. PEACE-SRV I -SYS
`8 HP111SI-P I
`~ HPIIISI-PQ I
`
`OU=MEDICAL
`
`i ASchWcitz.er
`~ MED-SRVI
`9. MED-SRVI-SYS
`@. MED-SRV2
`@ MED-SRV2-SYS
`Eb HP4SI-P2
`8 HP4SI-PQ2
`
`228
`
`OU=FOOD
`
`i MTeresa
`lfil FOOD-SRV I
`@ FOOD-SRVI-SYS
`~ HP4SI-P3
`~ HP4SI-PQ3
`
`OU=SHELTER
`
`i FNightingale
`El SHELT-SRVI
`ID SHELT-SRV I-SYS
`ls. SHELT-SRV2
`cl SHELT-SRV2-SYS
`Bi HP4SI-P4
`8 HP4SI-PQ4
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 20
`
`
`
`CHAPTER
`
`5
`
`NETWARE DIRECTORY
`SERV
`ICE
`S
`TREE
`
`The TOKYO office has traveling users as shown in Figure 5.32. We will create an alias
`for th ese users at the top of the tree at O=ACME. With the alias in place a trave ling user
`suc h as DHOLIDAY in th e OU= THEFT onl y has to re me mb er to log in as
`DHOLIDAY.ACME. This makes th e login process mu ch easier for users who travel but
`do not carry their own laptop .
`
`F I G U R E
`
`5.32
`
`ACME TOKYO Site
`
`~
`la!
`
`OU= TO KYO !8~
`
`§ lOK-51\VIS,,
`
`QU irCRIME
`
`OU • PII
`
`i-
`i [)l,'V'J,~on
`8 CRlME-SRVI
`B CRJME-SRVl•ffi
`El CJUME-SAV2
`g CRIME-SRV2-M
`El CR.IMU''SI
`
`8H,.,_,.
`I
`8 HI'S-POI
`
`OU • CHAAfTY
`
`a .. ""
`D TO K.CHR-SRV I
`B TOK-CHP.-SRV1 .m
`El 'TOK-CHR·SRV2
`El TOK-CHR-SRVl·ffi
`1:1 TQK.0,Hl.-P51
`Bl HP-4SI-PI
`& HP<g·PQI
`
`a""" ..
`8 8LUE-SRV1
`El SLUE-SRVI -SYS
`cl BLUE-PSI
`Bi HAIi.Pi
`8 HPlll·PQ I
`
`a -8 WHITE-SRVI
`!:l W'HITT.SPNl-sYS
`8. WHITE-SRVl
`cl V'IHffE -SRVlS Y'S
`8 \.VH1Tf-PSI
`8 CANONSJ -PI
`8 CANONSJ-PQI
`
`a Bt"bttl!'non D \110-SRVI
`8 VIQ.SRVI-S'r'S
`D VlQ..SR\/2
`8 VJO.SRVl-SYS
`Bi HP'4SI-PI
`8 HP'4SI-PQI
`
`OU= THEFT
`
`j oHol,d,y
`D THEFT-SRV I
`8 THITT-SRVI -SYS
`8 HNSI-Pl
`Bl HP 4SI-PQJ
`
`~
`
`t a FRNd ti M"'"°"
`
`OU =RN
`
`i lJom
`§ TOK-AN-SRVI
`§. T0 1(-AN-SRV1-SY'S
`8 HP .. S1-P2
`& HP4SI-PQ2
`
`8HP-4SI
`
`.PJ
`
`c9l HP'4SI-PQl
`
`QU ; CYBER
`
`OU =POL
`
`§ CYBER-SRVI
`§. CYSER-SRVl ,ffi
`8 HP\11,PI
`~ HPIII-PQI
`
`§ POL-SRVI
`§ POL-SRVI-SY'S
`& H~SI-PI
`Bl HP-4St-PQI
`
`229
`
`IPR2017-01290
`Ubisoft EX1008-2 Page 21
`
`
`
`C HAPT
`
`ER 5
`
`NOVELL'S
`G U I DE TO NET WA RE
`4 . 1 N ET WORKS
`
`Creating Common Resource Container s
`Some companies prefer to group similar resources in the same co