U.S. Environmental Protection Agency
Office of Administration and Resources Management
Office of. Information Resources Management
Washington, D.C. 20460
INFORMATION
RESOURC
MANAGEMENT
DIRECTIVES
VOLUME 2:
MCC-IBM User's Guide
NCC-VAX User's Guide
LAN Technical Guidiines
-------�
ARCHITECTURAL MANAGEMENT AND PLANNING BRANCH
NATIONAL DATA PROCESSING DIVISION
VS. ENVIRONMENTAL PROTECTION AGENCY
LOCAL AREA NETWORK
TECHNICAL GUIDELINES
VOLUME II
LAN TECHNICAL MANUAL
January. 1988
-------�
Table of Contents - Volume II
APPENDIX E - SITE PREPARATION
E.1 OVERVIEW E-3
E2 CABLING E-3
E3 ELECTRICAL POWER E-ll
E.4 TELECOMMUNICATIONS ACCESS E-15
APPENDIX F - INSTALLATION GUIDELINES
F.I OVERVIEW F-3
F2 SITE PREPARATION F-4
F3 HARD WARE INSTALLATION AND TESTING F-10
F.4 OPERATING SYSTEM INSTALLATION AND TEST F-17
F.5 INITIAL NETWORK SETUP AND VERIFICATION F-35
F.6 APPLICATIONS LOADING AND VERIFICATION F-52
F.7 COMMUNICATIONS TESTS . F-68
F.8 BACKUP F-80
Attachment F/l - NOVELL NETWARE PROCEDURES
F/1.1 INSTALLING AND CONFIGURING SERVER SOFTWARE F/l-1
F/1.2 ADDITIONAL MENU UTILITY FUNCTIONS F/l-5
F/13 MULTI-USER SECURITY VERIFICATION F/l-5
F/1.4 FILER SERVER CONFIGURATION- AT TYPE PCS F/l-9
F/1.5 FILE SERVER HARD DISK FORMAT F/MO
ATTACHMENT F/2 - NOVELL NETWARE COMMAND LINE UnLITIES
F/2.1 COMMANDS WITH DOS EQUIVALENTS F/2-1
F/2.2 USER INFORMATION AND ACCESS COMMANDS F/2-1
F/23 PRINTER COMMANDS F/2-2
F/2.4 ADVANCED COMMANDS F/2-3
F/2.5 SYS:SYSTEM DIRECTORY F/2-3
ATTACHMENT F/3 - LICENSE AGREEMENTS AND COPYRIGHTS
F/3.1 LICENSE AGREEMENTS F/3-1
F/3.2 COPYRIGHTS F/3-2
F/33 PUBLICDOMAIN SOFTWARE F/3-3
-------�
LAN Technical Guidelines
ATTACHMENT F/4 - NOVELL SYSTEM LOGIN SCRIPT
APPENDIX G - LAN OPERATIONS
G.I PURPOSE AND OVERVIEW G-3
G.2FDLE SERVER MANAGEMENT AND MAINTENANCE G-3
G3 PRINT SERVER MANAGEMENT AND MAINTENANCE G-13
G.4 COMMUNICATIONS GATEWAYS MANAGEMENT G-16
G.5 SECURITY MANAGEMENT AND MAINTENANCE G-17
G.6 APPLICATIONS SOFTWARE MANAGEMENT G-17
G.7 TECHNICAL SUPPORT MANAGEMENT G-23
u
-------�
Table of Contents - Volume I
FOREWORD
PREFACE
HOWTO USE THIS MANUAL ii
EXECUTIVE SUMMARY
CHAPTER 1 - INTRODUCTION
1.1 OVERVIEW 1-3
12 PURPOSE 1-3
1J BACKGROUND 1-5
1.4 BENEFITS OF ALAN 1-7
1.5 COSTS OF ALAN 1-9
1.6 ALTERNATIVES TO A LAN 1-12
1.7 OIRM POLICY AND STANDARDS FOR LOCAL AREA NETWORKS
FOR MICROCOMPUTERS 1-14
1.8 SUPPORT CONSIDERATIONS 1-14
1.9 SUMMARY 1-21
NOTES: 1-22
CHAPTER 2 - PLANNING GUIDELINES
Planning Overview
2.1 NEEDS ANALYSIS AND ALTERNATIVES EVALUATION (STEP 1) 2-7
22 NETWORK SYSTEM DESIGN (STEP 2) 2-19
23 SITE PREPARATION (STEP 3) 2-30
2.4 TRAINING (STEP 4) 2-33
2.5 OPERATIONS PLAN (STEP 5) 2-35
2.6 SUPPORT PLAN (STEP 6) 2-38
2.7 NETWORK ADMINISTRATION PLANNING (STEP 7) 2-41
2.8 SUMMARY 2-42
NOTES 2-43
IU
-------�
Volume I - LAN Design A Planning
PLANNING CHECKLISTS
COST ANALYSIS WORKSHEETS
CHAPTER 3 ~ PURCHASE GUIDELINES
3.1 INTRODUCTION 3.3
32 POLICIES AND STANDARDS 3.7
33 PRE-PURCHASE CONSIDERATIONS .3.3
3.4 ACQUISITION PROCESS 3-&
CHAPTER 4 - ADMINISTRATION GUIDELINES
4.1 PURPOSE AND OVERVIEW 4.3
4.2 ATTENDING LAN ADMINISTRATOR TRAINING .4.5
43 PLANNING AND PROCUREMENT 4.5
4.4 SITE PREPARATION 4-7
4.5 INSTALLATION AND TESTING ' . 4.7
4.6 LOCAL POLICIES AND PROCEDURES 4_g
4.7 DAILY OPERATIONS 4_12
4.8 PERFORMANCE EVALUATIONS 4_12
4.9 REPORTING REQUIREMENTS 4_13
4.10 CHANGE CONTROL ......' 4-14
4.11 EXPANSION PLANNING 4_15
4.12 SUMMARY 4.15
APPENDIX A - DRAFT OIRM LAN POLICY
APPENDIX B.1 - DESKTOP PUBLISHING COMPONENTS
APPENDIX B J - DESKTOP PUBLISHING COST SPREADSHEET
APPENDIX B J - DESKTOP PUBLISHING TRAINING
tV
-------�
Table of Contents
APPENDIX C.1 - LAN COMPONENTS
APPENDIX C.2 - LAN COST SPREADSHEET
APPENDIX C3 - LAN TRAINING
APPENDIX C.4 - LAN SERVICES
APPENDIX D - AVAILABLE MODEM CONTRACTS
GLOSSARY
BIBLIOGRAPHY
-------�
APPENDIX E - SITE PREPARATION
Contents
E.1 OVERVIEW E-3
E2 CABLING E-3
£,2.1 Cabling Design
£.2.2 Cabling System Installation
K2.3 Cabling System Testing and Verification
E.2.4 Cabling Installation Summary
E.3 ELECTRICAL POWER E-ll
E.3.1 Site Power Evaluation
E.3.1.1 Power Distribution
E.3.1.2 Power Receptacles
E.3.2 Power Conditioning and Surge Protection
*
E.3.2.1 Power Strips
E.3.2.2 Power Protection Equipment -- Surge Protertor/Noise Filter
E.3.2.3 Uninterruptible Power Supply (UPS)
E.4 TELECOMMUNICATIONS ACCESS E-15
E-1
-------�
Volume II - LAN Technical Manual
Notes:
E-2
-------�
Site Pfeparaffon
E.1 OVERVIEW
In Section 3 of Chapter 2, Planning Guidelines, the general planning requirements
for Site Preparation were discussed. In this appendix we attempt to address the topics of
cabling, electrical power, space requirements, and telecommunications connections in suf-
ficient detail to allow you install these physical "house" components of the LAN and verify
their integrity and performance with the aid of appropriate technicians.
E.2 CABLING
This section is an overview of wiring for the token-ring network designed to allow
you to prepare preliminary plans and to communicate more effectively with consultants.
It is not designed as an exhaustive treatise on the subject of LAN wiring theories or
strategies. Numerous books and publications present the subject in considerably more
technical detail, and several are listed in the bibliography. One suitable source of back-
ground information is the report System Wiring Architecture for Data/Voice Transport Within
Headquarters, EPA, available from NDPD. (Contact Don Worley of AMPB/NDPD for in-
formation. FTS 629-2740) This report provides an introduction to many of the parameters
involved in planning a data communications cabling system.
There are three principal steps to install the cabling for your LAN:
• Lay out the routing of the cabling and the location of the connectors for the
workstations and servers;
• Install the cabling; and
• Test the cabling.
For LANs which will connect more than a single suite of offices, we recommend that
you utilize the planning and support services available through the Agency's LAN contract
with SMA. Recall that throughout this appendix we will use the terms "cabling" and "wiring"
interchangeably, and that both refer to the wires which provide the physical data path be-
tween PCs attached in the network.
The topology of the recommended token-ring network is called a "star- wired ring."
By this is meant a cabling layout that is physically star-shaped while the attached computers
are actually attached serially around a ring. Figure E.I illustrates this concept In the star-
wired ring, the cables from each of the attached computers, also called nodes and worksta-
tions, are routed to a wiring concentrator in a centrally located closet In the token-ring
system this concentrator is called a Multistation Access Unit, or MAU. (The IBM litera-
ture often refers to it solely by its part number, '8228'.) It is a passive device which provides
the physical connections between the nodes.
E-3
-------�
Volume II • LAN Technical Manual
Wiring ConcOTttftor
Attaching
D*vic»
Figure E.1 "Star-wired ring" LAN topology
Although other topologies exist (star, ring, bus, tree, etc), the star-wired ring topol-
ogy has numerous advantages which include:
(1) Allowing problem determination procedures to be accomplished at a single point,
and quick isolation of node cabling runs;
(2) Additional nodes can be added easily without disrupting network operations;
'(3) Workstations can be relocated easily without disrupting the network; and
(4) Because the concentrator is passive (it is not powered), there is no single point
of failure which can bring the whole network down.
The primary disadvantage of the star-wired ring is that it takes considerably more
cable than an equivalent simple ring to connect the same devices at the same locations.
However, the simple ring topology cannot be easily reconfigured or expanded without dis-
rupting network services, and cabling fault isolation can be a real nightmare. The star
topology has two prime disadvantages: (1) the file server is generally located at the hub of
the star, and therefore if it should fail, all network operations would cease; and (2) because
all LAN communications are routed through the star server, it is a significant bottleneck
on a heavily-loaded network.
E.2.1 Cabling Design
All wiring which is done for the installation of LANs within the Agency must con-
form to the following codes: ,
E-4
-------�
Site Preparation
• National Electric and Local Building Codes;
• National and Local Fire Codes; and
• Occupational Safety and Health Act (OSHA).
They must be in compliance with the following standards as they are applicable to a
particular installation;
• Institute of Electrical and Electronic Engineers (IEEE) Standards (802);
• Federal Information Processing Standards (FTPS);
• Federal Communications Commission (FCC) Regulations; and
• Federal Information Resources Management Regulations (FTRMR).
Recall from Chapter 2 that when planning the wiring there are three factors which
must be allowed for:
• utilize existing wiring where feasible;
• document ALL wiring plans and installations; and
• plan for ultimate Agency-wide connectivity.
These factors are discussed below. To begin this phase of the LAN planning, you will
need the following materials, as outlined in Chapter 2:
• Cable Schedules (for pre-installed cabling) or building plans showing conduits
and raceways;
• Floor plans for each area to be linked which indicate the location of wiring closets,
cable troughs (if any), and work areas (scale should be suitable for accurate dis-
tance measurements in feet);
• Worksheets from the IBM Token-Ring books (reproduced here as Attachment
1 to this appendix.
IBM has written a series of excellent manuals which provide all the details of the
token-ring wiring planning. Three books which form the basis for the following brief dis-
cussions, and which we recommend that every LAN Administrator acquire and study are:
• IBM Token-Ring Network Introduction and Planning Guide;
• IBM Token-Ring Network Telephone Twisted-Pair Media Guide; and
• IBM Cabling System Planning and Installation Guide.
These may be ordered through the SMA contract
The computers must be connected together with the two twisted pairs of wires (for
a total of four wires). This can be done either through the use of existing cables or with
new wire. In either case, the planning steps are very similar:
(1) On the floor plans, identify the offices to be included on the network and the ap-
proximate location of the data connector within the office. This should also be
done for future connections. Figure £2 provides a simple example.
(2) Identify the wiring centers where the distribution panels and MAUs will be lo-
cated. Where possible, these should be selected in order to minimize the length
of the ring and the lengths of the individual lobes. Although allowable in some
cases, it is recommended that no lobe be longer than 330 feet ("Lobes" on a star-
E-5
-------�
Volume II • LAN Technical Manual
100
101
m
102
103
104
109
105
111
06
112
113
114
115
117
.1015
1018
1017
118
1018
6001
6002
1019
120
121
122
*
123
124
125
126
t27
128
129
130
131
132
133
134
135
136
137
138
Figure E.2 A Simple ROOT Plan with LAN Components & Cabling
wired ring are the cables which run from the concentrator to the workstations.)
For maximum flexibility and ease of testing and maintenance, it is advisable to
locate the MAUs in groups of three or more rather than scattering them
throughout an office space.
(3) Locate the conduits, raceways, plenums, risers, etc through which the network
cabling will be routed.
(4) Measure and record the lengths of the lobe wiring runs. Don't forget to allow
for vertical drop distances if the wiring is going through the ceilings or between
floors. On the Workstation Inventory (LPC-1), indicate the lobe length and the
number of the ring to which each location will be attached.
(5) Using the IBM Charts at the end of this chapter, and referring to NDPD/RTP
LAN TSR (Appendix H) as an example, accurately document the cabling system
for your LAN. This should include all connections between the MAUs and ihe
offices, as well as all MAU-MAU cables and patch cables,
(6) The IBM TRNIntroduction and Planning Guide provides tables for determining
the maximum "Adjusted Ring Length" (ARL) for various-configurations of wiring
E-6
-------�
Site Preparation
closets and MAUs. The ARL equals the sum of all wiring closet-to-wiring closet
cable lengths minus the length of the shortest wiring closet-to-wiring closet cable.
If the ARL plus the length of the longest lobe in your installation exceeds about
800 feet (for a Type 1 or Type 2 wiring installation), then you are approaching the
allowable limits for the physical length of the ring, and you may need to consider.
a bridge between two smaller physical rings, or a repeater between two wiring
closets. In any case, for a ring of this size the planning is much more critical and
should be done as accurately as possible.
(7) Determine the required components for the ring, utilising the IBM Network Or- >
dering Worksheet. When determining the number of MAUs to install, we
recommend that you connect only six or seven PCs to each MAU, leaving the
eighth connector of each assembly for expansion, testing, and replacement
Where it is demonstrated to be feasible, existing wire should be used. The IBM TRN
Telephone Twisted-Pair Media Guide states on page 2-1,
"Most of the Telephone wiring installed to date throughout the world has been
designed for voice band (03 kHz - 4 kHz), analog phone applications. It was not
designed for high-speed data (1 Mb/s) and is not functionally specified (that is,
guaranteed) for such operation. [Bell System Technical Reference 48007 and
ANSI/ICEA S-80- 576-1983] For example, such critical characteristics as charac- •
teristic impedance, attenuation, and pair-to-pair crosstalk are not quantified in
the frequency range of interest for use in data transmission. Manufacturers of
high- speed communication products must specify these characteristics to ensure
successful operation of their products on telephone wiring.
"However, token-ring transmission at 4 megabits per second is possible in most
cases on telephone wire. With careful planning, IBM Token-Ring Network
products can be operated successfully on a wide variety of telephone twisted-pair
media in many general office environments at an extremely low cost per attach-
ing device."
Many of the Agency's office spaces have the 25 twisted- pair telephone wiring already
in place within the walls and terminating at central wiring closets. The telephone system
generally uses no more than ten of the pairs, leaving the remaining fifteen pairs for expan-
sion. Consequently, cabling installation costs can be minimized if this existing wiring can
be utilized. This cost savings is the primary reason why using the existing telephone wiring
should be considered. At those sites which have adequate conduit space for new wiring,
or which do not require extensive runs, the cost difference between new Type 2 cabling
and existing telephone twisted-pair may represent a very small fraction of the total life-
cycle cost of the LAN. Factors which detract from telephone wire's utility and which may
make it undesirable to use are:
• The telephone wire is unshielded, and therefore more susceptible to interference
from electrical noise sources such as fluorescent lights or induced noise because
of close proximity to high- voltage electrical power lines. Performance can be
degraded because of excessive errors and retransmissions.
E-7
-------�
Volume II • LAN Technical Manual
• A maximum of 72 devices can be attached to a physical ring wired with Type 3
(telephone) cable.
• IBM 8218 Copper Repeaters will be required in the installation to compensate
for the signal loss on the ring wiring if your ring will:
- Pass through more than two wiring closets;
- Have 330 feet lobes and more than one wiring closet; or
- Have two wiring closets that are farther than 390 feet apart.
• The wiring closets may not have adequate room for installation of the necessary
data punch-down blocks and the MAU racks, or they may be inaccessible without
telephone company personnel present
• You may not own the telephone wire, and the building superintendent or
telephone company may be unwilling to allow its use.
• The telephone wiring may be poorly documented, so that it is difficult or impos-
sible to determine lobe lengths and/or possible splice points.
• In any case, Type 3 wire must not be used to connect MAUs in separate wiring
closets together. Type 1 wiring is required for this connection. This means that
telephone twisted-pair wire is best-suited for small LANs which can installed
from a single wiring closet
E.2.2 Cabling System Installation
The cabling system for a token-ring local area network consists of four components:
• Dual twisted-pair wire (preferably IBM Type 2);
• Wiring concentrators (MAUs) and patch cables to attach them to the installed
cables;
• Data connectors which terminate the individual wiring lobes; and
• Flexible data cables to attach PCs to the system at the data connectors.
These are illustrated in Figure EJ, from the IBM Token-Ring Network Introduction
and Planning Guide. With the exception of the Type 2 cable itself, all the components are
available through the LAN contract with SMA.
The first step in the installation is to run the cable. Contracting for the installation
of the cabling or the separation and punch-down of the data pairs of the telephone media
is beyond the scope of this guide. You should utilize the services of electrical or com-
munications contractors who are familiar with the type of installation you will perform.
You should work closely with your building manager during this step.
The next step is to install the data connectors to the cable. These can be permanent-
ly installed in wall or floor face plates, or they may be attached to the loose ends of the
cable for some applications. The installer must pay particular attention to proper connec-
tion of the shielding.
When the connectors have been installed, the MAUs can be attached to the system
with their patch cables. Before the cables are attached to the lobe connectors, each MAU
connector must b* 'conditioned* using the device supplied with the MAU. If you don't per-
form this step now, you will come back, disconnect all the cable, and do it later.
E-a
-------�
Site Preparation
Numbering Attaching
Devices
All attaching devices must be assigned a unique number to assist
in problem determination procedures.
Figure < illustrates the numbering and labeling scheme for the
network components. Sheets of adhesive labels may be ordered
through the IBM Cabling Syittm Catalog.
2001
Daaaa
a a a a
DO ODD
DODDD
3D aaa
Wiring Closet A140
All Pitch Cable*
Within Rick are 8 ft.
Yellow Crossover
Patch Cables
Room 118
PCS7
Figure E.3 Token-Ring LAN Cabling Components
E-9
-------�
Volume II - LAN Technical Manual
E.2.3 Cabling System Testing and Verification
The wiring, for both existing and new installations, must be tested before attaching
any PCs to the network. If new Type 2 cabling has been installed, then it must be tho-
roughly stress tested. If it appears feasible to utilize existing telephone wiring, then that
system should be certified acceptable according to the guidelines recommended by IBM.
A walk-through checklist will help in spotting current or potential problems. Electrical
measurements will assure the cabling is contiguous, and not severed or strained. And final-
ly, as part of the network installation procedure (covered in the Appendix F, Installation.
Guidelines), software diagnostics will verify proper signal transmission from each worksta-
tion and the network file server.
The IBM TRN Telephone Twisted-Pair Media Guide contains information useful in
qualifying telephone cable planned for use on a network. Chapter 3 of the IBM document
contains Guidelines for Site Qualification, and Appendix A of that guide contains a Walk-
Through Site Inspection Checklist As stated there, a qualified telephony consultant
should assist in performing the site evaluation. IBM will perform the service on a fee basis,
and personnel are also available through the Agency's LAN procurement contract with
SMA. For consultation on possible tests, contact NDPD Telecommunications.
One item which the LAN Administrator and his or her technical support personnel
should acquire is the IBM Cabling System Tester Kit. The tester provides installation and
maintenance personnel the ability to verify a new installation and quickly locate faults in
an operating LAN. The tester can identify:
• Data Cable Damage, including opens, shorts, and shielding damage;
• Connector assembly errors;
• Connector shorting bar failure; and
• Tester failure - self-diagnosis.
With a Telephone Attachment Kit, it can also be used to evaluate the unshielded
telephone twisted-pair wiring. The kits come with brief, easy to follow instructions and are
simple to use. Although the tester kit is not available under the SMA LAN contract, it can
be ordered from IBM (IBM PN 4760500) and includes the tester, a data wrap plug, and a
carrying case. The Telephone Attachment Kit is IBM PN 4760509.
E.2.4 Cabling Installation Summary
With proper planning, installing the cable for your LAN can be a straight- forward
process. The IBM guides referred to provide excellent discussions of the necessary pro-
cedures, and the only way to attempt a complete discussion of the topic would be to repeat
them in their entirety here. Key steps which cannot be overlooked if the cabling is to
provide trouble- free linkage of the PCs attached to the network are:
• Carefully plan the installation with the assistance of qualified technical experts;
• Plan for future connectivity rather than for a lowest-cost solution;
• Label all wiring with meticulous fervor and document the layout with equal at-
tention to detail; and
• Test each phase of the installation as it is completed.
E-10
-------�
Site Preparation
E.3 ELECTRICAL POWER
Prior to the installation of the file server(s) and workstations on the network, a sur-
vey of the AC power sources is necessary. This survey will determine if the power avail-
able to the computers is properly conditioned for computer usage. When a personal
computer is operating alone, the state of its electrical grounding is not particularly critical.
However, when PCs scattered throughout a building are linked with a LAN, intermittent
operational problems which are quite difficult to isolate can develop if there is a "floating
ground" - the AC power sources are not properly linked together. A building plan in-
dicating the path and sources of all power outlets should be available from officials at your
site. If possible, enlisting the aid of a building engineer that is familiar with the AC power
system should prove valuable in determining current or potential problems in the power
and cabling for your network.
The monitoring and analysis of power and transmission media requires the use of
specific testing devices for each type of measurement. The actual use of these devices
should be performed by qualified personnel only. If you are not knowledgeable about
electrical measurement devices, engage the services of an electrician or engineer who is
familiar with such devices. Also, it is important that the person performing the testing and
measurements be familiar with the power specifications of computer equipment and of the
transmission media used in the local area network. An example of the tests performed is
contained in the report Site Survey Technical Evaluation for the EPA Region 4 Superfund
Local Area Network Project, prepared in June, 1987, which is included as Appendix I.
E.3.1 Site Power Evaluation
The quality of the AC current powering the network file server and network worksta-
tions is critical to proper operation of the computer equipment The amount of noise, or
interference, from other electrical equipment, can reduce the life expectancy of computer
components, including the power supply. The load on the power feed line for a particular
work area can cause fluctuations in the current available for workstations on that line.
Power outages can cause loss of data and possibly corrupt the hard disk on the file server
or workstations. Additionally, simultaneous application of power to various components
of a computer system can cause power surges which will also shorten the life expectancy
of the equipment, or possibly cause serious damage to the equipment Proper power dis-
tribution and current conditioning techniques will alleviate many of these problems,
Complete floor plans, showing the proposed locations of all network workstations
and file server(s) are required to perform a technical evaluation of the power conditions
for the LAN. The information from this plan will be useful in determining whether the
feed lines being used for the network server and workstations are also being used by other
equipment which may cause interference on the network.
Typical power source situations that can cause problems for network usage include
the following:
• Shortage of power receptacles, resulting in excessive use of extension cords;
• Use of power strips which provide only minimum surge protection;
E-11
-------�
Volume II • LAN Technical Manual
• Daisy-chain feed lines which are unconditioned and highly susceptible to electri-
cally induced noise interference from other equipment; and
• Proximity to fluorescent lighting, fans, typewriters, etc. in work areas, which can
introduce ambient electrical noise into the power supply.
Additionally, lightning-induced surges and momentary power losses or complete out-
ages can cause computer equipment to fail during critical disk accesses. An uninterrup-
tible power supply (UPS) can provide temporary cut- in, or ride-through power, allowing
time for network operations to be completed gracefully in the event of power loss. All net-
work file servers should be attached to a UPS to minimi?* problems.
E.3.1.1 Power Distribution
A comprehensive power distribution study is required to properly plan for the in-
creasing requirements for electrical service. The scope of the power distribution study
should include telecommunications, computer, and other sensitive hardware environ-
ments. Such a study would likely include all power in the building; as this would ultimate-
ly enhance the performance and reliability of a local area network. The technical
requirements for this study include:
• Load requirements, including:
- present circuit loads;
- high density load circuits; and
- equipment load requirements.
• Analysis of the existing power distribution, including:
- existing circuits;
- existing load requirements; and
- planned load requirements.
• A critical or sensitive load analysis that will determine which equipment requires
special attention due to the importance to network operation and performance;
• A power monitoring and quality analysis, with all circuit load events monitored
and analyzed.
The results of such a power distribution study should indicate the extent of recom-
mendations for correcting existing or potential problems. Recommendations that may
result from the power distribution may include:
• New circuits may need to be installed to meed load requirements;
• Computer-grade specification circuit upgrades may be indicated;
• A modified load distribution plan may alleviate current or potential problems by
redistributing the load requirements for any one circuit.
E.3.1.2 Power Receptacle*
The building's electrical site or floor plans should indicate the location of each
electrical outlet to be used by a network workstation, file sever, or peripheral All power
receptacles throughout the network should be of the three-prong grounded type. If not,
an electrician should install a properly grounded circuit
E-12
-------�
Site Preparation
Power receptacles should not simply be added to an existing circuit without verify-
ing that the circuit is capable of carrying the increased load. If the total amperage of equip-
ment that is currently or planned to be connected to the receptacles of a circuit exceed the
rated amperage for the circuit, then an additional circuit should be installed.
Be sure that the number of receptacles available for workstations, peripherals, and
the file server is adequate for current and future needs. Electrical conduits running along
walls or baseboards tend to provide easy access and additional outlets for future expan-
sion. It is possible that the number of outlets available will meet current needs, but may
be insufficient if additional computers or peripherals are added to that workstation area.
Planning for future needs for power receptacles will help to reduce the reliance on power
strips when additional equipment is installed.
E.3.2 Power Conditioning and Surge Protection
The use of a power analyzer (such as an ECOS1023 Power Analyzer) should be used
to determine the quality and conditioning of the commercial power lines going to each
workstation or file server location. It is conceivable that power quality would be adequate
at certain points in the power feed line, but may be inadequate at other points of the power
feed line. This would indicate that electrical interference from other sources is impeding
the quality of the power source. '
Of primary concern to power conditioning are the Common Mode Noise (CMN),
and the verification of proper grounding. Common Mode Noise occurs between the hot
and ground and/or neutral and ground; and influences highly susceptible switching power
supplies found in computers.' Proper grounding is necessary to provide a low impedance
path for load and fault currents to return to the transformer neutral A computer system
requires a zero voltage reference to operate logic circuits. Any voltage above zero on this
reference can introduce false signals and create logic errors in the system.
The significance of these types of problems is the indeterminate nature of the
problem's symptoms. Computer errors are most commonly attributed to hardware or
software problems. If the cause of the problem is actually unconditioned or noisy current,
the errors can be extremely difficult to trace. A proper analysis of the current condition-
ing may help to alleviate these future problems.
Various types of power protection equipment include uninterruptible power supplies
(UPS), voltage spike and surge suppressors, and transient noise protection devices.
Whether voltage spike, surge suppression, or transient noise protection is needed for com-
ponents on the network will depend on the results of the power distribution study. Actual
cause and effect relations should be drawn between power problems and equipment per-
formance. Addi tionally, interviews with personnel concerning their observations of any
irregular or unusual power fluctuations will often help isolate areas of concern. The isola-
tion of actual problems and the application-specific measures of protection for those
problems is the most cost-effective way of implementing power protection.
E-13
-------�
Volume II • LAN Technical Manual
E.3.2.1 Power Strip*
When additional power receptacles are needed at a workstation location, it is quite
easy to plug in a power strip or extension cord to accommodate the added equipment
However, temporary use of power strips or extension cords can easily become permanent
receptacles. Therefore, if possible, ensure that an adequate number of power receptacles
are available before computer equipment is installed.
Many power strips claim to offer surge protection and current conditioning in addi-
tion to providing electrical outlets. Most of these units only provide minimal surge protec-
tion. They only contain one metal oxide varistor (MOV) and should not be depended on
for any significant surge or spike protection.
Additionally, power strips often provide a main power on/off switch which is con-
venient for switching power on or off to some or all of the devices plugged into the strip.
Powering up all computer components at the same time causes a potentially damaging cur-
rent surge that may affect sensitive components. The initial surge appears on the ground
as a raised potential and ultimately affects the low-voltage direct current components. If
printers are included on power strips, power supply interference may be introduced.
Most standard extension cords provide no surge or spike protection and no power
conditioning. Furthermore, some extension cords do not provide a ground plug These
extension cords should not be used at all. The ground is necessary in providing a common
electrical reference for sensitive computer components.
E.3.2.2 Power Protection Equipment - Surge Protector/Noise Filter
Ambient electrical interference can be caused by devices such as copiers, typewriters,
or printers that are physically located near computer equipment, or connected to the same
electrical circuit Electrical interference such as this may introduce noise on circuits used
by computer equipment If testing isolates electrical interference in areas of dense equip-
ment, the use of line conditioners or transient noise protection devices may alleviate cur-
rent problems for the computer equipment Printers, in particular, should be isolated from
circuits used by computers. Alternatively, it may be easier to simply remove or relocate
the offending office equipment or peripherals.
E.3.2.3 Uninterruptible Power Supply (UPS)
Most buildings will at some time or another experience power outages. Even a
momentary loss can cause a personal computer to go down. When this occurs, all work
that has been performed since the data was saved on disk will be lost If a power loss should
occur during a disk write operation, an entire file or even directory may be corrupted, with
consequent major loss of data. Since the most critical piece of equipment on the network
is the file server, installing an uninterruptible power supply represents a sound investment
in providing assurance against a server failure and is strongly recommended by NDPD
The file server runs the network operating system and provides disk storage for all network
users. A UPS will provide users or the network supervisor the time necessary to bring the
system down safely, without loss of data or a head crash; even in the event of a complete
power outage. UPSs are available on the Agency's PC contract However, it should be
E-14
-------�
Site Preparation
noted that the 300 watt output of the UPS, while adequate for the PCs on the contract, is
not sufficient for the servers available on the Agency LAN contract NDPD and SMA staff
can recommend suitable commercially available units, and you should include one for each
server on your network. The UPS should be checked regularly to ensure that proper opera-
tion is available when necessary. (A simple way to do this is to backup the server, make
certain no users are accessing the server, unplug the UPS from the wall, and see what hap-
pens.)
E.4 TELECOMMUNICATIONS ACCESS
If your LAN will provide shared communications ports, these must be planned,
budgeted for, and acquired. The Telecommunication*; Worksheet (LPC-8) provides space
for documenting the hardware and software which will provide these functions. Shared
asynchronous modems require telephone service for the server. The modems can be ac-
quired through existing Agency contracts. Asynchronous communications may also be
available through a dataswitch if your facility has one. The SNA gateway will require a
Telecommunications Service Request (TSR) and connection to the appropriate control-
ler or modem.
E-15
-------�
Attachment E/1 - IBM Token-Ring Network Planning
Sheets
-------�
• Rack Inventory Chart
• IBM 8228 Cabling Chart
• IBM 8218 Cabling Chart
• IBM 8219 Cabling Chart
• Ring Sequence Chart
• Bridge Planning Chart
• Physical Location to Adapter Address Locator Chart
• Adapter Address to Physical Location Locator Chart
• Network Ordering Worksheet
• Rack Inventory Chart Template (in back cover pocket)
Make as many copies of these charts as you need to plan your network. Save the blank originals for
later copies.
You are hereby authorized to copy pages B-2 through B-ll only.
IBM PLANNING PORT'S - 1
-------�
Rack Inventory Chart
Wiring closet number
Rack number
Date
Planner's initials
Instructions
Fill out a Rack Inventory Chart for each
equipment rack.
1.
2.
3.
4.
Enter the wiring closet location
number, the equipment rack
identification number, and the
planner's initials.
Using the template for the
Rack Inventory Chart that came
with this manual, draw an outline
of each component that will be
installed in the rack.
The slots at the bottom of the
distribution panel tempate are
used only for the lowermost
distribution panel in a rack.
The slots indicate that there
are 38.1 mm (1-1/2 in.)
between that panel and the
next unit in the rack.
Write the unit identification
number on each component
on the chart.
Example:
21
IBM PLANNING FORMS - 2
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit
Number
Building •
Location
Rack-mounted LJ Rjng
Wall-mounted LJ
Section 2 Receptacle Connections
Section 3 Ring Connections
A. Connect Rl of this 8228 to:
B. Connect RO of this 8228 to:
IBM PLANNING POFMS - 3
-------�
IBM 8218 Cabling Chart
Section 1
Date
Ring
Unit Number
Building
Location
Rack-Mounted
Wall-Mounted
Section 2
Connect to:
Rl
RO
Yellow
Crossover
Cable
Rl
Connect to:
RO
ssss^ss;
YeJIow
Crossover
Cable
IBM PLANNING FDRMS - 4
-------�
IBM 8219 Cabling Chart
Section 1
Date
Ring
Section 2
Unit Number
Building
Location
Rack-Mounted
Wall-Mounted
o-o
o-o
Yellow
Q Crossover
Cable
or
D Patch Cable
OP or MB
Connections
B-B
*
Receive;
Transmit
Connect to:
fcpKSKKJKKKSSm-
B - Black
O • Orange
MB - Optical Fiber Cable Mounting Bracket
OP • Distribution Panel
Yellow
Crossover
Cable
IBM PLANNING FDIWS - 5
-------�
Ring Sequence Chart
Suggested Abb
nionc
DP • Distribution Panel
P - Pitch Cible
YCP • (Yellow) Crossover Pitch Cable
OFP - Optical Fiber Pitch Cable
— ^ ]
(component)
(location)
J 1
f , J
fr
(component)
(location)
, 'I
fr '
(component)
(location)
, ) \
C f J
fr
(component)
(location)
, ) 1
f f J
fr
(component)
(location)
} \
f . )
(r -
(component)
(location)
) J
1 f
(component)
(location)
1 *•
on page
Page.
FP- Faceplate
MB - Optical Fiber
Mounting Bracket
SS • Surge Suppressor
MSAU • IBM 8228 Multistation ACCOM Unit
RPTR- IBM 8218 Copper Repeiter
OFRPTR - IBM 8219 Optical Fib* Repeater
IBM PLANNING FDRMS - 6
-------�
Bridge Planning Chart
Date
Bridge Identification
Section 1- Bridge Configuration Parameters
Bridge Number (default = 1)
Dump on Error (default = 0) __
Restart on Error (default = 1)
Primary Adapter
Alternate Adapter
. (001) Ring Number (002)
(Default) (Default)
Hop Codnt Limit (Default = 7)
Limited Broadcast (Default = 1)
(D800) Shared RAM (D400)
(Default) ' (Default)
Locally Administered Address _
Section 2 - Physical Connections
Location
Ring No.
Cable No.
8228
Location
8228 Unit No.
Lobe Receptacle
Faceplate
>. k.
ft
-5
*S
1 Alternate
Adapter |
—0-
Cable No. Rin8 No-
Faceplate
Computer No.
8228
Location
8228 Unit No.
Lobe Receptacle
IBM PLANNING FDR'S - 7
-------�
Physical Location to Adapter Address
Locator Chart
Physical
Location
Adapter
Address
Device
Identification
Ring
Number
IBM 8228
Unit No.
IBM PLANNING PDRMS - 8
-------�
Adapter Address to Physical Location
Locator Chart
Adapter
Address
Physical
Location
Device
Identification
Ring
Number
IBM 8228
Unit No.
IBM PLANNING FORMS - 9
-------�
Network Ordering Worksheet
1. Rack-mounted IBM 8228 Multistation Access Units
2. Wall-mounted IBM 8228 Multistation Access Units
Total Number of IBM 8228 Multistation Access Units
(P/N 6091014)
3. Rack-mounted IBM 8218 Copper Repeaters
4. Wall-mounted IBM 8218 Copper Repeaters
Total Number of IBM 8218 Copper Repeaters (P/N 6339532)
5. Rack-mounted IBM 8219 Optical Fiber Repeaters
6. Wall-mounted IBM 8219 Optical Fiber Repeaters
Total Number of IBM 8219 Optical Fiber Repeaters
(P/N 6339535)
7. 8-foot Patch Cables (for lobes)
8. 8-foot Patch Cables (for main ring path)
9. Spare 8-foot Patch Cables
Total Number of 8-foot Patch Cables (P/N 8642551)
10. 30-foot Patch Cables (for lobes)
11. 30-foot Patch Cables (for main ring path)
12. Spare 30-foot Patch Cables
Total Number of 30-foot Patch Cables (P/N 8642552)
13. 75-foot Patch Cables (for lobes)
14. 75-foot Patch Cables (for main ring path)
15. Spare 75-foot Patch Cables
Total Number of 75-foot Patch Cables (P/N 6339134)
16. 150-foot Patch Cables (for lobes)
17. 150-foot Patch Cables (for main ring path)
1 8. Spare 1 50-foot Patch Cables
Total Number of 150-foot Patch Cables (P/N 6339135)
1 9. Crossover Patch Cables
20. Spare Crossover Patch Cables
Total Number of Crossover Patch Cables
(IBM Specification 6339137)
,
i
IBM PLANNING FORMS - 10
-------�
21. Optical Fiber BNC-to-Biconic Patch Cables
22. Spare Optical Fiber BNC-to-Biconic Patch Cables
Total Number of Optical Fiber BNC-to-Biconic Patch Cables
(IBM Specification 6165811)
23. 8-foot Optical Fiber Biconic-to-Biconic Patch Cables
24. Spare 8-foot Optical Fiber Biconic-to-Biconic Patch Cables
Total Number of 8-foot Optical Fiber Biconic-to-Biconic Patch
Cables (IBM Specification 6165812)
25. 45-foot Optical Fiber Biconic-to-Biconic Patch Cables
26. Spare 45-foot Optical Fiber Biconic-to-Biconic Patch Cables
Total Number of 45-foot Optical Fiber Biconic-to-Biconic Patch
Cables (IBM Specification 6825813)
27. Optical Fiber Dual Socket Mounting Clips (IBM Specification 6165847)
28. Component Housings
(one for each wall-mounted IBM 8228) (P/N 6091078)
29. Surface Mounting Brackets
(one for each wall-mounted IBM 8218 or 8219) (P/N 6339140)
30. Rack Mounting Assembly (one for each seven rack-mounted
IBM 8218 or 8219) (P/N 9339139)
31. IBM Token-Ring Network PC Adapter Kits (P/N 6339100)
32. IBM Token-Ring Network PC Adapter II Kits (P/N 67X0438)
33. PC Adapter Cables (P/N 6339088)
34. IBM Token-Ring Network Manager (P/N 6476046)
35. IBM Token-Ring Hardware Maintenance and Service (P/N 6465880)
36. IBM Token-Ring Network Bridge Installation Kit (includes two adapter Us,
diagnostic and bridge software) (P/N 6476041)
37. IBM Token-Ring Network Bridge Program (software only)
(P/N 6403831)
IBM PLANNING FORMS - 11
-------�
APPENDIX F - INSTALLATION GUIDELINES
F.I OVERVIEW F-3
F2 SITE PREPARATION F-4
F.2,1 Ordering and Storage
F.2,2 Coordination of Required Support Personnel and Consultants
F.2.3 Required Hardware/Software Versions
FJ HARDWARE INSTALLATION AND TESTING F-10
F.3.1 File Server Setup and Configuration
F.3.2 Install and Test Server and Workstation Network Interface Cards
F.3.3 Ring Test .
F.3.4 Network Bridge Adapter Installation
*
F.4 OPERATING SYSTEM INSTALLATION AND TEST F-17
F.4.1 Install and Configure Server Software
F.4.2 Exercise Management/Monitoring Utilities
F.4.3 Installing and Configuring Individual Workstations
F.4.4 Test Access of Server Resources From Workstation
F.4.5 NETWARE Basics - Directories, Security, Users, and Croups
F^ INITIAL NETWORK SETUP AND VERIFICATION F-35
F.S.I Create User Access Configuration Tables
F.5.2 Using SYSCON
F.5.3 Using FILER
F.S.4 Prepare Workstation LOGIN Scripts
F.6 APPLICATIONS LOADING AND VERIFICATION F-52
F.6.1 Install Software on Server and Workstations
F-i
-------�
LAN Technical Manual
F.6.2 Applications Software
F.6.3 Loading Applications Software
F.6.4 Initializing Data Bases
F.d.5 Verify Operation of Application, Including Multi-User Access and Resource
Utilization
F.7 COMMUNICATIONS TESTS F-68
F.7.1 Novell Bridge
F. 7.2 Asynchronous Communications Server
F.7.3 SNAISDLC Communications Server (SNA Gateway)
F.8 BACKUP F-80
F.8.1 Installation of Tape Backup Hardware
F.8.2 Installation of SY-TOS Backup Software
F.8,3 Testing the File Server Backup System
F-2
-------�
Installation Guidelines
F.1 OVERVIEW
Local area networks have the potential to provide much greater functionality than a
stand-alone personal computer. Because of this, they are more complex, and the installa-
tion procedures involve many different components. Consequently, two basic tenets of
problem solving reflect the proper approach for installing a local area network: (1) the
right tools for the job, and (2) everything in its place and at its time.
By "the right tools for the job," we mean not only having the correct size screwdriver,
but also that the staff involved in each phase of the LAN installation must possess the right
skills for doing the job. Classes are available on installing local area networks, and all those
involved with the installation process should attend the appropriate course or courses. (See
Chapter 3, Purchase Guidelines, for details.)
By "everything in its place and at its time," we mean the inherent need for organiza-
tion and coordination of installing all physical components of the network. Because some
of the tasks, such as power load distribution analysis and LAN cabling testing may require
skills not possessed within your work group, outside consultant services must be acquired.
The coordination of such services is essential to a successful installation. Organization of
tasks by in-house staff requires special consideration. First, some phases of installation are
dependent upon successful completion of prior phases, and the tasks should be organized
as such. Second, certain installation or testing phases require system resources which may
compete with or directly hinder the performance of personnel working on other phases.
Section F.2 outlines some of the cautions to be observed in coordinating time and resour-
ces during installation.
The information in this appendix not intended to replace the manuals provided with
the hardware and software. It is intended to provide three services:
• Supplement the IBM and Novell manuals with the aspects of a LAN installation
which they don't address;
• Provide a view of how the individual components all fit together; and
• Provide a concise desciption of the relevant procedures by pulling together from
the numerous manuals provided by the vendors. This appendix addresses only the
installation and testing of the LAN. It assumes that you have completed a LAN
TSR, have obtained NDPD approval, and have ordered appropriate components
for your LAN. The appendix is divided into seven major headings. These are:
F.2 - Site Preparation, covering topics such as ordering and storage of LAN components;
coordination of required personnel, and required hardware and software versions.
F3 - Hardware Installation and Testing, which covers the steps necessary for proper in-
stallation and testing of the file server, workstations, and network interface cards.
F.4 - Operating System Installation and Test, which details the steps necessary for install-
ing and testing the Novell NetWare Advanced 286 operating system software on the
network file server, and testing server resources from a single workstation. Most of
the information in this section is available in the various manuals provided by Novell.
F-3
-------�
LAN Technical Manual
Where these manuals provide superfluous information, this document has attempted
to condense this information to the relevant installation steps.
F.5 - Initial Network Setup and Verification provides a detailed description of using the
NetWare utilities to configure the file sever for users, create user login scripts, and
test the configuration from multiple workstations. Again, the information in this
heading is condensed from several of the Novell NetWare installation and planning
manuals.
F.6 - Application Loading and Verification describes the steps involved in loading and con-
figuring some of the more popular applications on the network file server, along with
the initialization and testing of these applications. Additionally, compatibility and
network usage issues of application software are discussed.
F.7 - Communications Testing provides information necessary to install, configure, and
successfully use the NetWare Asynchronous Communications Server package, and
the PCOX 3270 SNA Gateway server on the network.
F.8 - Backup covers the installation of the IBM 6157 Tape Backup System and the SY-TOS
Tape Backup software, as well as covering some pertinent issues involved in proper
network file server backup operations.
F.2 SITE PREPARATION
Many users are blase about installing and maintaining personal computers. This at-
titude is somewhat justified, since stand-alone personal computers can be easily installed
and repaired. When installing a local area network, this situation changes significantly.
LANs are inherently more complex than stand-alone computers. Personal computers can
be moved at will. Network cabling, once installed, is not portable; however, individual
workstations on the network can be moved. Problems on a network can be more difficult
to diagnose. When a stand-alone computer or a single workstation goes down, productivity
of the office is not usually affected that much; however, when a critical network component,
such as the file server or a printer, goes down, everyone dependent on the network may be
affected. Proper preparation and coordination of the installation of a local area network
will have an effect on the network's initial cost, reliability, maintenance, flexibility, and ex-
pandability. The availability and ease of use of the network on a consistent basis will great-
ly determine the users' opinions and use of the resources.
F.2.1 Ordering and Storage
The Agency's Purchase Requisition form 1900-8 used for ordering network com-
ponents should indicate the line item numbers (CLJNs), as listed in Appendices B and C
in Volume L Note that many line items actually contain more than one component For
example, the Network Bridge Processor (NBP) contains the IBM PS/2 Model 60 (with 40
MB Hard Disk) and IBM DOS 330 Program Package. After the network has been or-
dered, a copy of the 1900-8 form and the Agency line item descriptions document should
be kept available for verification of package components when they arrive. As each line
F-4
-------�
Installation Guidelines
item component is received, it should be checked off the copy of the requisition form. For
more information on ordering, refer to the Purchase Guidelines, Chapter 3 of Volume L
Contracts with SMA and FDC stipulate that all orders be shipped in their entirety,
however, the reality is that this may not always be the case. In the event that line items are
shipped according to vendor availability, it becomes critical that components are checked
off upon arrival, and that a secure, temperate area is allocated for storage of network com-
ponents. The preferred method is to ensure that all network components have been
received before proceeding with the installation. In the event of long back-orders of some
components, such as a Network Bridge Server, it is possible to install certain components
of the network, such as the file server, if all components for the file server have been
received. It is not recommended to attempt installation of a network if the primary com-
ponents are not in place.
Please note that all components for a network may be ordered using CLJN numbers
from the Agency Network Ordering Document, except the LAN cable itself. It is the LAN
Administrator's responsibility to acquire and install the appropriate cable that goes in the
wall. Many local firms and national firms, such as Anixter, stock the needed cable. With
the exception of a small, ultra-office network, which can be cabled using the patch cords
available on the contract, this step must generally be coordinated with the building super-
intendent
The components ordered from SMA will arrive fully burned-in and tested. The disk
on the file server unit will be formatted and the Novell operating system software will have
been loaded. In addition, any application software ordered at the same time will have been
loaded by SIV^A. This is an added bundled service that is not generally included with com-
mercial purchases.
F.2.2 Coordination of Required Support Personnel and Consultants
F.2.2.1 Required Personnel
For any LAN installation, several key personnel are to be designated and each will
have certain responsibilities. Additionally, specialists in wiring or consultants experienced
in LAN installations, such as SMA, may be needed for testing, configuring, and guidance
during certain phases of the installation process. Even though vendor support may be con-
tracted or otherwise available, it is best not to depend entirely on such support The local
LAN Administrator must be knowledgeable and understand the installation and opera-
tions of the LAN to manage it on a daily basis. If server installation is purchased from
SMA, training for the LAN Administrator is included.
The key personnel who should be appointed from in-house staff include:
• The SIRMO, whose function is to assign the LAN Administrator and forward the
LAN TSR to NDPD for approval.
• The LAN Administrator, who is responsible for system configuration, repair,
daily operation and maintenance.and ensuring that the goals of network usage
are met
F-5
-------�
LAN Technical Manual
• Electrical installation and testing personnel, who are responsible for installing
and testing the inter-office LAN cabling.
• Qerical Support Staff may be responsible for the daily operation and main-
tenance of specific workstations and servers, such as maintaining the printer or
backing up the servers.
• Advanced technical support staff should be available to respond to specific tech-
nical issues. NDPD generally provides this support with additional support avail-
able from SMA.
Though these roles should be designated to specific staff, it is advisable that more
than one person in the group be capable of performing any single network maintenance
operation. In this way, dependence upon certain people does not diminish the proper
operation of the network during vacations, etc.
Certain network installation functions, such as installing and testing the network
cable and testing the power load distribution, may require expertise that is beyond the skills
possessed by staff members. In these situations, obtaining the support of building staff or
outside consultants is advisable for properly completing the network installation. For some
phases of installation, support of the building electrical maintenance staff may be obtained.
The SMA contract provides a mechanism for organizations to purchase installation and
problem determination services on an as-needed basis. This support is invaluable for first-
time installations or when appropriate personnel resources are limited.
F.2.2.2 Coordination
After the roles described above have been defined for key personnel within your or-
ganization, a critical evaluation of the skills required for network installation and the skills
possessed by those key personnel should be performed. If there are phases of the instal-
lation process which the in-house staff is uncertain about performing, purchase the SMA
installation support for those phases.
It is a fact that there are many distinct functions that must be performed to properly
install a network. Many of these functions are phase dependent; that is, one phase depends
on the completion of previous phases. However, some aspects of installation are inde-
pendent of any other component It is strongly recommended that some type of critical
path phase analysis be performed before actually beginning to install the network. For ex-
ample, while the installation and testing of the network cable and power lines is not de-
pendent on the installation of the network file server operating system software, the server
installation and testing is dependent on the wiring. The planning section of this document
(Chapter 2) provides additional information on this topic
A simple table can be constructed to depict various functions of the installation, their
dependencies, the responsible parties, and the timeframe. Figure F.I is an example of such
a table for a workgroup where Ann is the LAN Administrator and Bob is her primary tech-
nical support person. Note that the status column should be checked off as each phase of
the installation process is completed.
F-6
-------�
Installation Guidelines
Code Function
A.
B.
C
D.
E.
F.
G.
H.
I.
J.
K.
L.
M.
N.
0.
P.
Q.
Power line test
Install LAN cable
Test LAN cable
Test network
file server (NetWare
installed by SMA)
Install/configure
workstations
Test server and
workstation NIC cards
Test network
communications
(Ring tests)
Add users/logon
scripts
Perform multiuser
tests
Load/configure
application software
Configure 3270 ports
On mainframe '
Configure 3270
gateway server
Test 3270 server
and workstations
Configure LAN ACS
server
Test ACS server
and workstations
System backup
User training
Dependency Responsible
Code Party
none
none
B
none
none
A.B.C
A.B.QF
D,E
A-H
A-I
*
none
A-K
A-L
A-J
A-N
A-K
A-P
MAINT
MAINT
MAINT
Ann, Bob
Ann
Bob
Bob
Ann
Ann, Bob
Ann
Bob,
NDPD Telecom
support
Bob
Bob
Ann,Bob
Bob
Ann
Ann,Bob
Time
Frame Status
wkl
wk2
wk2
wk2
wk2
wk2
wk2
wk3
wk3
wk3
wk3
wk3
wk4
wk4
wk4
wk4
wkS
Figure F.I LAN Installation Sequence and Schedule
This is a simplified approach to a LAN phased installation organizational chart
However, it does make clear which functions are dependent upon the completion of other
functions, and the relationships and interactions of the responsible parties for installing
the network. The elements necessary for an efficient network installation are competent
personnel with complementary skills, and a realistic schedule which foregoes installation
bottlenecks and competing efforts. Based on EPA's pilots, installation is an all-consum-
F-7
-------�
LAN Technical Manual
ing process which significantly drains personnel resources for a limited (usually less than
two weeks) time. The time depends on the number of workstations and the complexity of
the network configuration. An example of competing efforts might be when one party is
testing the gateway software while another is configuring or developing file server infor-
mation. If the gateway software causes the system to hang, efforts by the party at the file
server may be lost, or vice versa Coordination of functions in a manner which will mini-
mize competing or conflicting resources, work space, and personnel will enhance the net-
work installation efforts.
Once pre-installation coordination plans have been outlined, it is essential that a
meticulous record of everything done in regard to the LAN installation be made. An ac-
curate record of procedures will often eliminate redundant efforts to resolve problems.
For organizations ordering installation, a special warning is required. When SMA
personnel arrive onsite, it will be assumed that all in-the-wall wiring and electrical circuits
have been installed, tested and are ready for LAN installations. Any problems with these
items could result in SMA personnel charging time but being unable to provide the ser-
vices due to EPA problems. Careful coordination is crucial to make productive use of the
SMA time purchased.
F.2.3 Required Hardware/Software Versions
F.2.3.1 Hard war*
• Workstation Memory Requirements - Hardware requirements for workstations
on a network running Novell Advanced NetWare 286 are 640 KB RAM, the ap-
propriate network interface card, and at least one floppy drive. If you are install-
ing only new equipment ordered from the SMA or FDC contracts, then all of the
workstations will meet the minimum requirements. However, if you plan to
upgrade existing computer equipment to run on the network, those computers
must have 640KB RAM, DOS 3.1 or later, and a network interface card to run
the NetWare workstation software. Memory expansion cards are available to
upgrade existing machines to the required memory.
• Network Interface Card (NIC) - All personal computers on the network must
have a Network Interface Card (NIC) installed. A standard bus AT, such as a
Telex 1280 and Epson Equity m + being used as a file server or workstation must
have a Token- Ring Adapter H card, which is available from the SMA contract
A file server or workstation on the network which has the new micro-channel bus
architecture (the PS/2) is required to have Token Ring Adapter/A cards. These
are included with the Model 80 server, but the other processors require that you
specifically order the adapters.
F.2.&2 Software
• Netware Operating System Software - In most cases, only one version of the Net-
Ware operating system software will be installed: Advanced Netware 286. Based
on experience and technical literature, all servers should be dedicated, such that
the possibility of a user bringing down the network is minimi^ Initially, the
-------�
Installation Guidelines
dedicated Novell 286 Operating System will be used, but when the non- dedicated
version is released, EPA may adopt that version for ease of operation. However,
even with the new version of software, servers will remain dedicated.
• Workstation DOS - NetWare supports different versions of DOS. In fact, dif-
ferent workstations on the network can each log in to the file server with distinct
versions of DOS. In practice however, it is ill advised to mix operating system
versions. System installation, configuration, and management issues increase
when different workstations are using various versions of DOS. A factor which
should be used to determine which version of DOS to use is the highest version
available of DOS which is supported by all of the application software intended^
to run on the network. For proper LAN operation, maintaining the most current
release of DOS is recommended.
• Application Software - The focus of most computer use is in running software,
such as dBase HI Plus. There are approximately 50,000 different software pack-
ages available under MS-DOS on the market as of this writing. However, most
users, even so-called "power users" actually use and obtain proficiency with only
a few of these packages. Additionally, within an organization with many com-
puters and networks, the standardization of use on specific application software
is encouraged for compatibility, support, and procurement reasons. In fact, EPA
policy requires standard programs in four areas: Data base management (dBase
m + ), Spreadsheets (Lotus 1-2-3), Communications (Crosstalk), and Word
Processing (DCA compatible, such as Wordstar, WordPerfect, Multimate, or
Microsoft Word).
For clarification, there are three types of application software, and they will each be
specified when used. Agency standard commerically available software such as Lotus and
dBase will be referred to as "application software." Programs such as the CERCLJS
programs will be referred to as "national application programs"; and programs written in
a higher level programming language, such as dBase, will be referred to specifically as
"dBase application programs."
For many software packages, different versions exist for various purposes or environ-
ments. To determine whether a specific version of application software is needed in your
networking environment, the intended use of the application must be understood. Net-
work software applications can be divided into two primary categories: (1) single user ap-
plications, and (2) multi-user applications.
Single user applications can be described as situations in which the data generated
by one user running a program is totally independent of data generated by another user
using the same program at the same time. Multi user applications can be described as situa-
tions in which data residing on the file server is shared simultaneously among various users
on the network.
Many word processing and spreadsheet applications fall into the single user category.
Slowly these vendors are migrating to true multi-user versions. However, since it is rare
that more than one person will be working on the same document or worksheet at the same
F-9
-------�
LAN Technical Manual
time, this does not present significant problems. It is quite common, however, for com-
mon files to exist on a file server that can be accessed sequentially by different users, and
this usage is supported almost universally.
The most common need for multi-user software is in data base applications. The most
popular data base packages either support network use or have special multi-user versions
available. The Agency standard dBase HI + provides multi-user functionality. Word-
Perfect word processing software also provides a LAN feature. Advantages of using multi-
user versions of application software are that only a single copy of the program needs to
be loaded on the file server which saves disk space, software upgrades require upgrading
only one copy on the file server, and each user can often maintain individual user profiles.
Application software can further be divided into classifications regarding the type of
vendor purchasing arrangements available. Depending on the software and vendor, some
application software must be purchased once for each concurrent user on the network. An
example of this type of software is the Lotus 1-2-3 spreadsheet. Other vendors offer licen-
ses for software usage, which may vary according to number of users allowed or by site. An
example of multiple user license software is dBase HI 4- data base management software.
Some single-user application software, such as Wordstar, runs without modification on a
network, and requires no further licensing from the vendor. Since many data base pack-
ages, such as dBase HI +, are currently supporting network versions of the data base, the
networking use of this software is inherent to the licensed use of the product
The last major category of software discrimination is whether the application is copy
protected or not. Many products that are copy protected simply will not load and run on
a network. Other application packages may be copy protected, but the vendor may offer
different versions, which either have modified copy protection, or no protection at all, avail-
able for network use.
A more complete discussion of different types of licensing, copyrights, and copy
protection can be found in section Attachment 3 to this document Regardless, once the
networking applications have been decided, the most appropriate version of the software
for network use must be obtained. If the software is a new purchase, then ordering net-
working versions, if available, is the most obvious approach. If single user versions of the
software are currently on-site, then contacting the vendor or distributor for information
on upgrading to the appropriate version for network use is necessary. If the software re-
quires specific licensing arrangements for network use, then the vendor licensing arrange-
ment must be completed before users actually begin using the application software on the
network. The SMA contract provides many standard packages and should be the preferred
source for these software packages.
F.3 HARDWARE INSTALLATION AND TESTING
The network cabling (inter-office cable) and power tests are described in the Plan-
ning section of this document It is assumed that the cabling and power sources have been
F-10
-------�
Installation Guidelines
tested, corrected, and certified prior to setting up the network computers. The steps in-
volved in preliminary hardware set up and installations include the following:
• File server set up and configuration
• Install and test token-ring adapter card at the file server and each workstation
• Perform ring tests at each workstation and at multiple workstations
• Install Network Interface Cards at workstations designated as bridges to other
networks
F.3.1 File Server Setup and Configuration
Novell NetWare is a high performance network operating system. It achieves this
performance by use of a proprietary disk operating system, which is installed on the net-
work file server. The network operating system requires a unique disk format, which is
performed with the COMPSURF utility supplied by Novell. If you are purchasing the net-
work file server from SMA, the contract specifies that SMA will perform the necessary for-
matting and bum-in procedures on the file server. If you are purchasing the network file
server from another vendor, such as FDC, or are using an existing PS/2 Model 80, or an
AT or compatible computer as a file server, then Appendix J contains the steps necessary
for proper hard disk formatting and burn- in procedures.
F.3.2 Install and Test Server and Workstation Network Interface Cards
F.3.2.1 Adapter Installation
The file server on the SMA contract is a PS/2 Model 80 (CLIN 50160) and PS/2 Model
60. These are supplied with Adapter/A NICs. The Adapter/A NIC is required for network
operation on all PS/2 Model 50,60, and 80 computers. The Adapter II NIC is required for
network operation on the PS/2 Model 30 and all AT class computers, such as the Epson
Equity HI +. Each IBM Token-Ring Adapter/A or Adapter n card is shipped with an IBM
Token-Ring Network PC Adapter Hardware Reference Library: Guide to Operations (TRN
GTO) manual. This manual provides information relevant to configuring and installing
the network interface card (NIC).
F.3.2.2 Setting TRN Adapter/A Parameters
If you are installing the Adapter/A card in a PS/2 Model 50,60, or 80, then the con-
figuration files supplied with the card must be copied to the IBM Product Two Diskette
(reference disk) for system configuration. After these files have been copied, re-boot the
computer using the Product Two Diskette for configuring the Program Option Select,
which will designate parameters necessary for proper operation with the micro-channel
bus. Refer to the TRN Guide To Operations for detailed instructions on configuring the
micro channel bus for operation with the Adapter/A NIC
F.3.2.3 Setting TRN Adapter/11 Parameter*
For network workstations that have the standard AT type bus, the Adapter TJ must
be installed. These cards contain a series of switches to configure the hardware to work
appropriately with the software and other hardware present in the machine. Refer to the
F-11
-------�
LAN Technical Manual
TRN GTO manual for a detailed description of any switches to determine the proper set-
ting. Figure F2 indicates the purpose and settings for each of the switches.
F.3.2.4 Installing tht Adapter Cards
If a network file server, gateway workstation, or console is purchased along with the
appropriate NIC from the SMA contract, the NIC will be installed in the computer by SMA,
If the NIC is purchased separately, then you will need to install the NIC in the appropriate
computer. The NIC can be installed in any available slot in PS/2s or AT or compatible
computers. If you have any concerns as to the procedure for installing the Adapter card in
a slot, or re-installing the computer cover, refer to the TRN GTO manual
Adapter Card Switch Settings
SWITCH BLOCK 1
GROUP SWITCH ON OFF
A 1 x
2 x
3 x
4 x
5 x
6 x
B 7 x
8 x
SWITCH BLOCK 2
GROUP SWITCH ON OFF
C 1 x
D 2 x
(•On the second TRN NIC in bridges, set to ON.)
GROUP DESCRIPTIONS
A) Switch Block 1: ROM Switches
B) Switch Block 1: Interrupt Level
C) Switch Block 2: Adapter or Adapter n Card
D) Switch Block 2: Primary-Alternate Switch
Attach a label with the following information to the rear plate of the Adapter card
before installation.
• Primary (0) versus Alternate (1) Adapter card. Bridge adapters are considerec
Alternate TRN NICs.
• Ring Number.
• LAN Administrator's phone number
Figure F.2 Token-fling Adapter II Switch Settings
F-12
-------�
Installation Guidelines
F.3.2.5 Checking the Installation of Patch Cable*
Prior to running the IBM Token-Ring PC Adapter (TRN) Diagnostics, the patch
cables connecting each computer's NIC with the inter- office LAN cabling should be check-
ed for proper installation. Section 4 of the Planning and Site Preparation Guide details
the planning and installation of patch cables on the Distribution Panels and 8228 Multi-
station Access Units (MAU). The network planner or supervisor should visually inspect
each of the path cable connections according to the Ring Sequence Chart prepared in Sec-
tion 4. This chart indicates where the patch cables from Ring-In (RI) and Ring-Out (RO)
receptacles of the 8228 should be connected. A visual inspection of the connections should
verify the following:
• Patch cable connections should match the Ring Sequence Chart;
• Connections shown on RI and RO receptacles of the 8228 Cabling Chart should
match those on the Ring Sequence Chan;
• The label at the lobe receptacle end of each patch cable should match the label
at the distribution panel end.
F.3.2.6 Adapter Diagnostic*
It is important to run the TRN Diagnostics on the file server and each of the worksta-
tions. Each computer that will be on the network must be tested separately. Proper inde-
pendent verification of each NIC will make problem determination of network access and
performance easier by eliminating the network functions performed by each NIC The
steps involved in testing NICs installed in each computer attached to the network are
described below.
If the patch cable connections in the wiring closet are verified correctly, the next step
should be to attach the file server to the network. Plug the appropriate end of the adapt-
er cable in the network Adapter installed in the file server. The following procedures
provide a general reference to the use of the TRN Diagnostics.
(1) Turn the power switch on the file server or workstation to OFF.
(2a) If your network uses the IBM Cabling System data grade media, leave the cable
attached to the NIC in the computer, but disconnect the from the network con-
nection (typically at the MAU or wall plate connections). The connectors are
self-shorting when not installed.
(2b) If your network uses telephone twisted-pair media, disconnect the Type 3 Media
Filter from the NIC Install the wrap plug (attached to the Type 3 Media Filter)
onto the NIC
(3) Insert the TRN Diagnostics Diskette into the floppy drive A:, and close the drive
door. If you are using a working copy of the Adapter Diskette, make sure that
F-13
-------�
LAN Technical Manual
the DXMAID.COM file is copied to the TRN Diagnostics Diskette before run-
ning the diagnostics.
(4) Turn the power to the file server ON.
(5) The TRN Diagnostics should load. The Copyright/Diagnostics Option screen
should appear. Follow the instructions on the screen to run the diagnostic
routines.
(6) Select option 0, Run Diagnostic Routines. The screen should then indicate which
Token-Ring Adapter(s) are installed in the computer. Verify whether the list is
correct
(7) You can then select whether to run the tests once or multiple times, or to log er-
rors to a disk file or a printer (if connected). Select an appropriate option to run
the diagnostic routines.
(8) The screen will display the following status information:
- Adapter Address
- Code Level
- Interrupt Level
- ROM Address
Verify that the information above is appropriate for that station's NIC The screen
will prompt for the appropriate cable configuration for your network adapter (PC Adap-
ter Cable, or Modular Telephone Plug). Select the appropriate response and verify that
the adapter cable is not connected to the network.
Beneath the status information, the diagnostics will display any information pertain-
ing to testing status and error messages during the tests. If an error is detected, the error
message is displayed after the testing status message.
If an error does occur, refer to Chapter 3 of the Token Ring Network- Guide To Opera-
tions manual for a detailed description of the error message meanings and the appropriate
actions to take for each type of error.
F.3.3 Ring Test
After the NICs have been installed and tested in the network file server and each
workstation to be attached to the network, a Ring Test should be performed to indicate
proper operation of the connections of all computers attached to the network. The Net-
Ware SYSCHECK utility is used as a diagnostic aid to test for proper communications
among the network interface cards connected to the network. The requirements for using
the SYSCHECK utility are the NetWare 286 DIAGNOSTIC diskette, the
DXMAID.COM and the NETBIOS.COM files from the TRN diskette.
For the file server and each workstation on the network, the following steps should
be completed. Note that the entire sequence of instructions should be completed for each
workstation (or file server) before moving on to the next workstation.
F-14
-------�
Installation Guidelines
(1) Turn the power switch to each computer to OFF.
(2) The computer adapter cable should be attached to the network wall plate.
(3) Insert a copy of the DOS diskette in floppy drive A: and turn the machine on.
When DOS is booted, enter the correct date and time. The screen should display
the A prompt.
(4) Load the Adapter Support Interface program by inserting the TRN diskette in
floppy drive A: and typing 'DXMAED'. The A prompt will return when the Adap-
ter Support Interface has been loaded.
(5) Load the Network Basic Input/Output System program by inserting the shell dis-
kette described above in floppy drive A: and typing 'NETBIOS*. The A prompt
will return when the NETBIOS.COM program has been installed in the
computer's memory.
(6) Load the NetWare SYStem CHECK utility by inserting the NetWare 286 Diag-
nostic diskette in floppy drive A: and typing 'SYSCHECK*. The SYSCHECK
header information will appear on the indicating the program is loading.
(7) A prompt will be displayed similar to the following:
Unique User Information
At this prompt, enter information that will identify the specific computer and distin-
guish it from any other workstation. An example might be "Station #1", or "Bill's Station",
or "Secretary's Station." The important factor is that the identifying information you type
in is unique for each computer.
(8) After entering the user information, the screen will display information similar
to the following:
Unique User
Network Node Information Yr Mo Dy Hr Mn Sc •
OOOOC 0000110 Station #1 87/08/24935:15*
The information displayed includes the Unique User Information described above,
the network and node identifications, and the current date and time. The node identifica-
tion is the physical address assigned to the computer's network interface board. The
asterisk (') at the end of the line indicates that the current line is the workstation you are
currently viewing.
The screen is updated every 15, seconds to indicate the proper time and additional
workstations that have been added to the network.
(9) While the first computer is still displaying the user information, repeat steps 1
through 8 above for the next computer connected to the network. If the worksta-
tions are cabled properly, within 15 seconds the second (or each additional)
F-15
-------�
LAN Technical Manual
computer's screen will be updated to show the user information for all nodes in
a format similar to the following.
Unique User
Network Node Information Yr Mo Dy Hr Mn Sc •
OOOOC 0000110 Station #1 87/08/249:42:10
OOOOC 0000128 Station#2 87/08/24 9:42:10*
The screens of each workstation that is currently running the SYSCHECK utility
should appear the same, indicating all connected workstations. The only difference will
be that the asterisk (•) will appear next to the information line for the current workstation.
Repeat this procedure until all workstations are running the SYSCHECK utility. If proper-
ly cabled, the screen of each workstation should display an information line for every
workstation connected to the network.
If workstations that should appear on the SYSCHECK screen are not all present,
perform the following troubleshooting procedures for isolating network cabling problems.
(1) Check the screen of each workstation to make sure that it is still running SYS-
CHECK, with the screen being updated every 15 seconds.
(2) Check all physical connections between the stations and the file server. Make
sure the network interface cards are cabled properly, and are seated properly in
the bus slots in the workstations and file sever.
(3) Make sure that all additional cards, other than the NIC, the floppy and hard disk
controller cards, and the monitor adapter cards are removed from workstations
that are not appearing on the SYSCHECK screens. This will ensure that there
are no conflicts with competing interrupt usage by foreign adapter cards.
(4) Try another NIC and software from another station known to work. If this fails,
a wiring problem may exist
F.3.4 Network Bridge Adapter Installation
A network bridge is a dedicated computer on the network that connects two or more
physical rings such that all workstations appear to be on the same logical ring. The dedi-
cated computer must have twoTRN NICs installed in order to function as a network bridge.
If you are using an Epson Equity m -I- or other AT-compatible computer as a bridge, the
adapters must be Adapter n cards. This computer is attached by lobes to each of the rings
which it is connecting. The software for network bridge operation is supplied with the net-
work operating system. If you purchase a network bridge computer and NICs from the
SMA contract, they will be property configured with the appropriate adapters and switch
settings.
If you use a computer purchased from FDC, such as the Epson Equity HI + with two
TRN adapters, then you will need to verify proper NIC switch settings. Before installing
F-16
-------�
Installation Guidelines
the Adapter n card in a workstation, the adapter switches should be set to valid settings
for bridge operation. Refer to Section F32 of this chapter for the proper NIC bridge
switch settings. Note that one of the bridge NICs must be designated as the primary adapt-
er, and the second NIC must be designated as the alternate adapter. Section FJ.2 of this
chapter and Chapter 2 of the TRN Guide to Operations provide details for installing the
Adapter n card in the computer cabinet
The Adapter tests described above can be executed on the bridge workstation to in-
dicate proper performance of both the primary and alternate adapters installed.
Procedures for loading the TRN diagnostics tests are described above. Make sure that
both the cards are indicated during the test If not, then re-check the switch settings for
both cards. If the diagnostic test still fails, try using a different adapter card in place of
either the primary or alternate adapter. In such an event, the failed adapter card should
be returned for repair or replacement
F.4 OPERATING SYSTEM INSTALLATION AND TEST
This section describes the installation and testing of the Novell NetWare operating
system. The topics discussed include:
• Installing and configuring the server software;
• Executing file server utilities;
• Installing and configuring a single workstation; and
• Testing the access of server resources from workstations
F.4.1 install and Configure Server Software
Novell NetWare is a more complex product than most other PC networks. NetWare
has its own operating system and file structure, which must be installed prior to establishing
any disk directories, installing user applications, or adding users to the network. The per-
formance advantage offered by NetWare is in large part due to the network software
bypassing many of the disk I/O requests usually handled by PC/MS-DOS. This allows more
information to pass between the server and the workstation with fewer requests. Installa-
tion parameters for NetWare are highly flexible, allowing a wide range of features to be
customized, which may result in optimized performance for a given network environment
If the network server has been purchased from the Agency contract with SMA, the
server should arrive pre-configured with the NetWare software. SMA will configure the
NetWare operating system according to the specifications of the purchase order. If the
server operating system needs to be adjusted for fine tuning the network or to add an in-
ternal bridge, the LAN Administrator may need to reconfigure the network operating sys-
tem. If the network server has been purchased from other sources, the server operating
system will need to be completely generated. Refer to Attachment 1 of this appendix for
detailed instructions for NetWare installation procedures. Attachment 1 also contain*
relevant information necessary for understanding the parameters and limitations of using
the file server. Because of the proprietary and complex nature of the NetWare software,
it is advisable to follow the directions for installation of the software closely. In most situa-
F-17
-------�
LAN Technical Manual
tions the network software will not need to be customized, and installation should be fair-
ly straightforward.
If your file server arrived pre-configured, the vendor should also have supplied
workstation diskettes that were prepared with the GENSH utility. Once the NetWare
operating system has been loaded on the file server, the server can be turned on; or if it is
already on, simply press the CTRL-ALT- DEL keys simultaneously.
The Agency recommends that all file/print servers be dedicated to that task and not
used for workstations. While non-dedicated versions of the operating system may be used,
it is for the convenience of the LAN Administrator or operator only.
If you have a dedicated file server, the server prompt, a colon (":"), should be dis-
played on the server monitor. If you have a non-dedicated file server (i.e., the server could
be used as a workstation), then you must boot the server from floppy diskette. The steps
involved in creating a bootable diskette for the non-dedicated operating system are:
(1) Format a DOS floppy diskette using the FORMAT A: /S command;
(2) Copy the NETSOS.EXE file from the GENOS-3 diskette (prepared during
operating system configuration) to the bootable floppy;
(3) Create an AUTOEXEC.BAT file containing the single line, NETSOS;
(4) Boot the floppy by pressing CTRL-ALT-DEL simultaneously,
(5) To load the workstation shell, at the A prompt, type ANET3;
(6) Type LOGIN SUPERVISOR, and the password;
(7) To use the computer as the network console, type CONSOLE; you will now see
the console prompt, a colon (':'); and
(8) To use the computer as a temporary workstation, type DOS at the colon (':')
prompt
Most application programs will run without problems on a non-dedicated file server
in workstation mode; an exception to this are TSR (Terminate and Stay Resident)
programs such as Sidekick, Superkey, and Ready. Do not use these programs from a serv-
er in workstation mode. If the server / workstation user executes an incompatible program
in DOS mode, the entire network could be brought down, causing other users on the net-
work to lose their work, crashing files and losing important FAT tables. For dedicated ser-
vers, the server PC cannot be used except in the monitor mode.
Deviations from the above guidelines for installing the network server software will
involve additional planning. Future updates in the NetWare distribution disks may follow
a slightly different sequence of events; but the principles for installing the software will
remain the same.
F.4.2 Exercise Management/Monitoring Utilities
Once the network server operating system software has been installed, the functions
of the network console can be exercised. This will ensure that the software is working
F-18
-------�
Installation Guidelines
properly, and allow you to gain some familiarity with the console commands. From the
console prompt (":"), the network console operator is able to monitor and control various
functions that relate to the usage of the network and the allocation of network resources,
such as the printer queue.
F.4.2.1 Network Console Uses
Once the network is up and running, the need to use the server console will be very
limited The LAN Administrator will normally use the server console in his/her manage-
ment of the network and in file server backups. Typical examples of server console use in-
clude the following:
• You wish to inform all network users via BROADCAST that the system will be
shut down (using DOWN) in 5 minutes for system backup;
• You wish to inform a particular workstation (using SEND) that his print job has
been cancelled (via KILL QUEUE) because of its length, and to resubmit it this
evening;
• You need to use STOP PRINTER to change toner cartridges in a network laser
printer. You need to use START PRINTER to resume printing where the printer
was halted;
• You use the QUEUE command to check the status of a print job, and CHANGE
QUEUE to move the status of a particular job to a higher priority,
• You have inserted pre-printed forms in a spooled dot matrix printer, and use
FORM CHECK to print a test pattern for alignment purposes; after the paper is
aligned use FORM SET to set the top-of-form;
• A network printer breaks down, use KILL PRINTER to stop the printer and erase
all jobs from the printer's queue; or use REROUTE PRINTER to change the
destination of all jobs in the queue to another printer;
• Twice a year, daylight savings time causes you to use SET TIME to change the
server's time to the correct time (the server's internal clock should also be reset);
• A workstation is having trouble accessing a file on the server; use the MONITOR
command to display all server requests, transactions made, and the five files most
recently requested by that workstation, and the current status of each file.
F.4.2.2 Server Console Commands
The server console commands and a brief description are listed below. Review them
to obtain an understanding of the types of functions available through the network con-
sole. They are listed here by their category of function to the network. A more detailed
description is available in the Novell NetWare Console Reference manual
MESSAGE COMMANDS
Use:
• The BROADCAST command should be used to warn users about bringing the
server down
F-19
-------�
LAN Technical Manual
• always advising users before clearing or disabling logins
BROADCAST - send messages to all stations logged in or attached to the file serv-
er
CLEAR MESSAGE - clears messages from the bottom of the console screen
SEND - used to send console messages to specific stations (rather than Broadcast to
all)
NETWORK MONITORING COMMANDS
Use:
• checking disk I/O demands for overload
• to see who is using which programs
• checking system CPU utilization
MONITOR - checks the activity of any station attached to the file server; also checks
certain aspects of the server's activity
WORKSTATION ACCESS COMMANDS
Use:
• to make sure everyone is off the server to prevent loss of data when performing
server maintenance
CLEAR STATION - removes a particular workstation's access to the file server
DISABLE LOGIN - disallows additional workstations from logging in to the file serv-
er
ENABLE LOGIN - allows workstations to log in to the file server if they have been
disabled
MISCELLANEOUS COMMANDS
Use:
• display current system configuration
• correcting the server clock, the time commands do not replace the need to set the
server's internal clock
• DOWN is the command to use when preparing to turn the server off
CONFIG - displays the network communication boards currently installed
DOWN - ensures all data is secure before powering off the server
NAME - displays the name of the file server
OFF - turns off the monitor display and clears the console screen
SET TIME - sets the date and time kept by the server
TIME - displays the date and time kept by the server
F-20
-------�
Installation Guidelines
PRINT SPOOLER COMMANDS
Use:
• to manage the network printer resources
• to manage the queued print jobs
CHANGE QUEUE - changes the order in which queued files are printed
FORM CHECK - prints a test pattern for aligning continuous feed, pre- printed
forms in a printer
FORM SET - sets the spooler's top-of-form for continuous feed forms in a printer
KILL PRINTER - stop a specified printer and delete all print jobs from the printer's
queue
KILL QUEUE - allows removal of a specific print job from a printer queue
QUEUE - displays the current jobs in a printer's queue
REROUTE PRINTER - allows the console operator to specify a different printer
for all jobs in a printer's queue
REWIND PRINTER - allows to halt printing, back up a specific number of pages,
then restart printing
START PRINTER • used to restart a printer after a Stop Printer, Kill Printer, or
Reroute Printer command
STOP PRINTER - allows to temporarily halt a printer (for changing ribbons, paper,
etc.) ,
NON-DEDICATED FILE SERVER COMMANDS
Use:
• by executing the DOS command, the server can be used as a temporary worksta-
tion.
CONSOLE - switches from DOS mode to console mode on a non-dedicated file serv-
er, executed from the DOS prompt (e.g. 'A' or 'C)
DOS - switches from CONSOLE mode to DOS mode on a non-dedicated file serv-
er
As indicated, the server console is capable of monitoring workstation activity, con-
trolling workstation access to the server, broadcasting messages to all or selected worksta-
tions, displaying system information, safely bringing the system down for powering off,
switching between modes on a non-dedicated server, and performing a variety of functions
that control the network's printers and printer queues.
F-21
-------�
LAN Technical Manual
F.4.2.3 MONITOR Command Function*
The MONITOR command will display information about the server's operating sys-
tem and six of the currently logged in workstations. It is an easy method to determine ac-
tivity and usage on the server. The display shows:
• the server's operating system version number and release date;
• the transaction status of each logged workstation;
• the last type of request made by any station;
• the five files most recently requested by each workstation, the drive each file is
on, and the current status of each file; for example, program overlays or data files;
• the number of cache blocks that have not yet been written to disk; and
• the percent of file server utilitization.
The MONITOR Display shows six workstations at a time; to display workstations 1-
6, type MONITOR 1; for workstations 7-12, type MONITOR 7; for workstations 13-18,
type MONITOR 13; etc. While the MONITOR display is active, you are still able to in-
voke console commands. The colon prompt appears at the bottom of the screen while the
MONITOR Display is active.
While configuring the network, use of the MONITOR command is helpful in deter-
mining the success of each workstation in accessing files on1 the server. Since the
MONITOR Display is updated in real-time, slight overhead is added to the server perfor-
mance when the MONITOR is active. Once the 'network configuration is established, the
MONITOR Display should be turned off (using the OFF command) whenever the display
is not being used, as this will improve overall system performance, and prevent monitor
screen phosphor burn.
Once the NetWare operating system software has been Listalled, and before any of
the network workstations have been configured and tested, try experimenting with some
of the console commands. Most of them will have an effect only if a workstation is active
on the network. However, several console commands will function with or without
workstations attached. Among them are the MONITOR command, NAME, TIME, SET
TIME, CONFIG, and DOWN. If you use tiie DOWN console command, the server must
be powered off and back on before continuing operations. Refer to the Novell NetWare
Console Commands reference manual for details concerning the syntax of each of the con-
sole commands.
F.4.3 Installing and Configuring Individual Workstations
Before configuring the users on the network server, a single workstation should be
attached to the server to verify whether the network operating system software is working
properly. The procedures described here can then be replicated for each workstation
added to the network. The following discussion presumes that the network interface card
and the network cabling have been installed for both the network server and a worksta-
tion.
F-22
-------�
APPENDIX G - LAN OPERATIONS
Contents
G.I PURPOSE AND OVERVIEW G-3
G.2 FILE SERVER MANAGEMENT AND MAINTENANCE G-3
G.2.1 System Backup, Archiving, and Restoration
G.2.2 Applications Software Access Management
G.2.3 Disk Space Allocation
G.2.4 User Lists
G.2.4.1 Login Name and Password
G.2.4.2 User Profile
G.2.4.3 The Group EVERYONE
G.2.4.4 Login Scripts
G.2.4.5 Login Messages
G.2.4.6 New Users
G.2.5 Periodic Testing
G3 PRINT SERVER MANAGEMENT AND MAINTENANCE G-13
G.3.1 Printer Server Operations
G.3.2 Print Job Management
G.3J Snaring Network Printers
G.3.4 Separating Print Jobs
G.3.5 Managing Production control — Special Forms and Large Jobs
G.4 COMMUNICATIONS GATEWAYS MANAGEMENT G-16
G.5 SECURITY MANAGEMENT AND MAINTENANCE G-17
G.6 APPLICATIONS SOFTWARE MANAGEMENT AND MAINTENANCE . . G-17
G.6.1 Applications Software
G.6.1.1 Application Installation and Initialization
G.6.1.2 Application Sharing
G.6.2 Distribution of Manuals
G-1
-------�
Volume II - LAN Technical Manual
G.6.2 Distribution of Manuals
G.6.3 User Training
G.6.4 Application Administration
G.6.5 Production Control
G.6.6 Software Upgrades
G.6.7 Installing Software Upgrades
G.7 TECHNICAL SUPPORT MANAGEMENT G-23
G.7.2 Hardware
G.7.1.1 File Server Performance
G.7.1.2 Network Printers
G.7.1.3 Communications Gateways
G.7.2 Software
G.7.2.1 User Login Problems
G. 7.2.2 User Access Problems
G.7.3 Cabling
G-2
-------�
LAN Operations
G.1 PURPOSE AND OVERVIEW
The LAN Administrator is responsible for performing the routine duties that are in-
volved in keeping the network reliable, safe, secure, current, and easy to use. Network
resources include file servers, print servers, and communication gateways. The LAN
Administrator's responsibilities include the proper installation and management of these
resources. Installation of the network is covered in detail in Appendix F, LAN Installation
and Testing. This appendix covers the performance of the network resources and the types
of adjustments that might be appropriate to optimize that performance.
There is usually one primary reason for having a LAN: sharing resources. Whether
the resource is a high-speed laser printer, common disk space for departmental data and
documents, or a communications gateway, the LAN Administrator is responsible for
managing and maintaining it The LAN Administrator ensures the regular attention which
the resources require in order to sustain effective services for the LAN users, and thus en-
sures that these hardware and software resources are configured correctly and that they
continue to perform as expected. He or she organizes access to the resources such that
routine jobs can be executed with a minimum of training and frustration. He or she main-
tains the appropriate controls which prevent the users from tying up resources, corrupting
each other's data, and gaining access to restricted resources (such as the operating system
and sensitive data).
Table G.I indicates some of the routine tasks that must be performed or delegated
by the LAN Administrator, and this appendix provides the guidelines for executing these
as well as other routine duties which ensure that the LAN is reliably maintained. All of
these functions are essential to proper LAN management. Additional functions may be
necessary for your particular network. The frequency may also vary, depending on the size
of the network and its usage.
The discussions presented in this appendix assume that the previous sections of these
guidelines: Planning, Site Preparation, and Installation and Testing, have been studied and
implemented for your LAN. The management and maintenance of these major resources
are covered here:
File Server
Print Server
Communications Gateways
Security
Applications Software
Technical Support
G.2 FILE SERVER MANAGEMENT AND MAINTENANCE
G.2.1 System Backup, Archiving, and Restoration
Faithfully backing up the file server is one of the most critical tasks of the LAN Ad-
ministrator. No one plans for a hard disk to go down or to accidentally delete one or more
-------�
Volume II - LAN Technical Manual
TASK
FREQUENCY
Full server hard disk backup
Partial backup
Archive
Check or change login message
Check server disk space use
Check integrity of MENU system
Check integrity of security
Check communications links
Check printer paper
Check supplies: paper, toner, forms
Check print job sequencing
Check server utilization
Upgrade users, software, menus
Weekly
Daily
As needed for storage
or disk space recovery
As needed
Daily
Daily
Once or more per week
Daily
As required by usage
Weekly
Twice or more per day
Periodically
As needed —
Check library documentation Weekly
Table Q.1 LAN Administrator's Responsibilities
important files. The only insurance against an unforeseen disk or file disaster is preven-
tive tape backups. The regularity of making tape backups determines the timeliness of the
data. There are three functional types of backups: (1) ensuring that critical data is not lost
and/or minimising the costs of reconstructing the data; (2) providing an image of the
operating system configuration and directory structure; and (3) providing inexpensive but
convenient off-line archival storage of information.
The best method for backing up data is known as the round-robin approach. We
recommend that five tapes be used, one tape for each day of the week. There are two
reasons for using this method. First, multiple copies of the data are available if one copy
becomes corrupted. Second, a period of time may elapse before a problem with the file
server or missing files becomes known. Having multiple backups provides a reasonable de-
gree of assurance that at least one of the backups contains the uncomipted or missing data.
If your group is using the LAN to perform a great deal of data entry, then you should con-
sider performing twice-daily backups of the data. The primary criteria for determining the
frequency of backup in your particular situation is "What will it cost me to reconstruct the
data I have lost?" This must be measured against the costs of performing the backups.
Using the tape utilities, data is backed up to these daily tapes only if the file has been
modified since the last backup operation. This is done for two reasons: (1) the backup
G-*
-------�
LAN Operations
usually takes considerably less time because much less data will be transferred (no program
or operating system files will be transferred), and (2) fewer tapes will be required to hold
each day's data.
We recommend that a full disk-image ("mirror") be performed on a weekly, or at
least routine, basis. It should always be performed after any major changes to the system
such as adding new users, adding or upgrading an application, or beginning a new project
This is done in order to capture a complete picture of the system configuration at one time.
Trying to reconstruct a menu system and set of user lists from the daily sequential backups
can be an extremely time-consuming action.
Archival storage means that files are backed up to tape and then deleted from the
disk, and it can be performed for one of two reasons. The LAN Administrator may initiate
the procedure because the file server's hard disk has become full and additional free disk
space must be provided for active projects. (This will usually be the case.) Or a user may
request that the data for a completed project be archived so that the space can be re-used.
When archiving mission- critical data, it is wise to create two backups of the archived data
before it is deleted. Why? This provides a backup of the backup. It is always wise to have
two copies of any magnetic data.
* » _
Archiving can actually be performed as a regular service to the LAN users. Users-'
copy or move their files into designated directories on the server. Then, on a daily or
regular basis, the LAN Administrator backs up these directories and deletes all the files in
them. Should a user then have a need for one of his or her files, she can request that the'
file be restored. One caveat that you as LAN Administrator must be aware of is that con-
stant requests for file restoration can rapidly consume inordinate amounts of your time. If
you find that your users are abusing this ability, thei* you must establish a reasonable policy
to protect your time while still providing a useful level of service.
There are at least three situations in which a tape restore may be in order. First, a
full system restore may be needed if the file server's hard disk has become corrupted. In
this case, the hard disk may need to be reformatted, and the NetWare software re-installed.
Care must be taken when restoring a full system because corrupted data files may be writ-
ten to the disk during the restore, depending on the type of disk error. Check the integrity
of files restored on a full restore.
The second restore function occurs when a user indicates panic that certain critical
files have been erased, have mysteriously disappeared, or have become corrupted. In this
case, find out the last date the files were successfully used. Then take the tape backup that
is closest to that date and attempt the restore.
Third, as mentioned above, users may at times request that data or application files
that were previously archived be restored to the file server. When restoring archive tapes,
make sure that enough disk space exists on the file server to successfully restore the ar-
chived tape.
The SY-TOS software included with the EPA LAN Server available from SMA and
used for tape backup is menu-driven. The manual accompanying the software explains the
G-5
-------�
Volume II • LAN Technical Manual
functions and options available using menu choices. It is important for you to become
familiar with the use of the tape hardware and software. Practice backing up to the tape
will not affect data on the hard disk. However, remember that restoring data to the hard
disk will overwrite any existing files with the same file name, if overwrite is allowed in the
SY-TOS configuration. Restore functions should be used with caution. Therefore, when
gaining familiarity with the restore functions, use sample data for practice. When restor-
ing tape backups, be very careful that the file overwrite function is turned on or off, as ap-
propriate to the specific situation.
G.2.2 Applications Software Access Management
The convenience of using and proper functioning of applications is a primary goal
for the LAN Administrator. Correctly installing an application results in its proper
functioning. Convenience of use is related to file placement of the application's executable
and data files and security on the network. Applications software files and directory struc-
tures should be organized using the worksheets accompanying Appendix F.
A network user's convenience in accessing an application can be greatly aided by in-
cluding the application as an option on the system menu. Novell provides a menu program
(called MENU) which can be used for most of the applications functions on the network.
MENU uses a text file to indicate choices on the menu. Figure G.I illustrates the struc-
ture of the text file used for an NDPD LAN test MENU. Indented lines beneath each
menu choice indicate the series of commands to be executed when the immediately preced-
ing item has been selected, similar to batch file operation. Menu titles are indicated by
preceding the menu name with a percent (%) symbol. A functioning Novell menu script,
customized to Agency-standard software comes installed on each server ordered through
the SMA contract
There are three parts to the EPA menu. First users select either local or network
services. If local is selected, the standard EPA menu appears. If network is selected, the
network menu takes control
G.2.3 Disk Space Allocation
Whether on a stand-alone computer or a network file server, users' disk storage even-
tually expands to fill the available disk space. The community of users on a network needs
to understand and agree on the use of file server disk space. Priorities for saving duplicate
information and conventions regarding allocation of disk space must be established. The
LAN Administrator needs to develop a plan for the way space should be used on the file
server's hard disk. Two facets of disk space management must be considered when plan-
ning and operating the network: (1) how much disk space will be required by the users, and
(2) how much disk space will be allocated to each user.
Chapter 2, Planning Guidelines, in Volume I, discusses the need for estimating the
amount of disk space that will be necessary for your network. An estimate of needed disk
space is determined by (1) the number of users on the network, (2) the specific applica-
tions to be accessed, and (3) the volume of data expected to be processed over the net-
work. This estimate can be useful in determining an appropriate plan for disk space
G-6
-------�
LAN Operations
%EPA Region IV LAN Menu, 12,40
WasteLAN
wastelan
MultiMate
multimate
Lotus 1-2-3
%lotus menu
dBASEIIH-
n:
dba
TlmeUne
%tlmellnt menu
IBM Mainframe Terminal
cxiw»
Clout
r
clout
ExKtheLAN
echo off
key-fake 27 13
%Lotut Menu.12,40
Lotus fora MONOCHROME workstation (no color)
echo off
I:
lotus mono
Lotus for a COLOR workstation
echo off
I:
lotus color
Return to LAN menu
echo off
key-fake 27
%TlmeUne Menu.12,40
Run TlmeUne
ti
Run Tutorial
tutorial
Return to LAN menu
echo off
key-fake 27
Figure G.I Novell Menu Text Fie Structure
G-7
-------�
Volume II - LAN Technical Manual
Directory
Root
Lotus
WordStar
dBase
Project 1
Project2
Personal
Personal/John
Personal/Susan
Totals
Steady
Size (Kb)
500
750
500
1500
250
2500
80
1500
500
7.6Mb
Variable
Min(Kb) Max (Kb)
0
0
300
0
100
1500
0
500
100
2.5Mb
100
1000
1250
8000
1500
10000
250
4000
2500
28.6Mb
Table G.2 Disk Space Allocation Estimates
management Average and worst case disk space utilization should be estimated, and al-
ternatives for archival or backup storage of unused files should be specified. Table G.2 is
an outline of a server's disk space budget for a typical network. You should create a similar
table summarizing the needs of the applications and users on your network. If users of
your network have been using stand-alone PCs, their use and consumption of local storage
should indicate the potential use on the file server.
Note that normal usage requires a modicum of space, about 7.6 megabytes. However,
during peak usage periods, the same directories might use over 28 megabytes. Such a varia-
tion in disk space usage can occur when several projects coincide, and each of them re-
quires additional disk space. The point in this is that if your group works on large projects,
the LAN Administrator must be able to accommodate the disk usage requests or be able
to suggest alternative procedures.
The current version of Novell Advanced NetWare (version 2.01) does not allow the
amount of disk space available to users to be controlled. Thus, users can fill the file server's
hard disk at will. Care must be taken that users do not make unnecessary duplicate copies
of large files, or if they do that they be promptly removed.
The LAN Administrator should regularly search all file server directories to deter-
mine where duplicate files and backup files exist Tools are available, such as the Norton
Utilities' FTLEFIND, which can aid in determining the location of duplicate or backup
files. In a similar fashion, the Norton FTLESIZE can show the LAN Administrator which
directories have become "fat" and are consuming excessive disk space. If duplicate or back-
G-6
-------�
LAN Operations
up files exist, the offending user(s) should be reminded or warned of the condition. The
daily login message can also be used to remind users to remove all unnecessary files from
their directories.
Disk space conservation should be a network policy, and must be developed in con-
sultation with all your users. Prompt removal of unnecessary files is a habit that users will
practice if the LAN Administrator guides them into appropriate behavior. The file archiv-
ing service discussed above is one way to avoid the disk space crunch.
A future release of Novell NetWare will allow presetting the amount of disk space
available to each user. When this is possible, the LAN Administrator should prepare a
disk space budget similar to that of Figure G2. The budget should allow enough disk space
for each user for the amount of growth that is predictable during one year's use of the net-
work,
G.2.4 User Lists
EPA networks are generally applications-driven, and it is the users who are behind
the wheel They must be properly "licensed and insured." This means keeping a user list
There are three main components of a user list: (1) the user's name and password, (2) the
user's profile, and (3) the user's login script. The user list for Novell Netware will be up-
dated whenever a new user is added to the network, when a major application is added, or
when a new project is begun. The information maintained within the user list data is used
by the network operating system to communicate with the users, to control their access to
the various directories and system resources, and to protect them from unauthorized use
of their programs and data.
G.2.4.1 Login Nam* and Password
The user login name and password are the first level of security on the network. They
should not be taken lightly. AH other security levels are based upon the privacy of the user
name and password. In other words, if a user's login name and password are known by
other network users, additional levels of access and security accorded to that user will be
available to anyone who knows the correct login name and password.
The user's name is initially set up by the LAN Administrator with a standard
password. The user must be encouraged to change this password initially, and make other
changes during the year. It is the user's responsibility to maintain his/her own password,
and may change it at any time. If the password is forgotten, the LAN Administrator, by
using the SUPERVISOR login, can assign a new password for the user.
G.2.4.2 Us«r Profit*
The user profile is comprised of the total access rights assigned to that user. Access
rights are defined by the user's membership in groups and specific security equivalences
assigned to that user.
A group is a named entity, set up by the LAN Administrator, and assigned one or,
more of eight security rights (READ, WRITE, MODIFY, etc.) that specifies to members
G-9
-------�
Volume II - LAN Technical Manual
of that group the type of access allowed to specific directories on the file server. The LAN
Administrator, using the SYSCON utility, can make any user a member of a group.
Group membership is the most efficient method of assigning access rights to in-
dividual network users. If more than one user is to be assigned a access to specific direc-
tories, then a group should be created with the appropriate security access to those
directories. Users can then be added or removed as members of that group without having
to recreate the security structure. The LAN Administrator should refer to Appendix F for
specifics on creating groups and assigning user members to groups.
A common method for creating groups is to divide the activities of users on the net-
work into projects and/or responsibilities. For example, if duties for members of your
workgroup are primarily word processing, data analysis, and bookkeeping, three groups
could be created: WORDP, DATAANAL, and BOOKKEEP. These three groups could
be assigned security access to the appropriate directories on the file server. Each user can
then be made a member of the relevant group.
LAN Planning CheckUsts-6 and /provide space for these groups to be established,
and they should be updated as changes are made in the system configuration.
G.2.4.3 The Group EVERYONE
A special group called EVERYONE exists under NetWare. This group cannot be
deleted. Also, every user is automatically made a member of this group when the user's
name is added to the user list by the LAN Administrator.
NetWare allows the security access rights for the group EVERYONE to be modified.
However, it is suggested that the access rights for this group not be modified. The reason
for this is that the group EVERYONE represents the minimum rights on the system al-
lowed to any user. If the group EVERYONE is modified to allow extensive rights, then
there would be no straight-forward method to restrict any user's rights.
The LAN Administrator should retain control over directory access on the file serv-
er. By maintaining minimum rights for the group EVERYONE, the he or she will be
capable of restricting access rights to any any user.
G.2.4.4 Login Scripts
As discussed in Appendix F, a login script is a series of NetWare commands that are
executed automatically when a user logs into the file server. There are two login scripts as-
sociated with every login: SYSTEM LOGIN SCRIPT and USER LOGIN SCRIPT.
The SYSTEM LOGIN SCRIPT is a series of NetWare commands that is applicable
to fiYfiixuser that logs into the file server. The SYSTEM LOGIN SCRIPT is the first script
executed when any user logs in. Because it is applicable to every network user, the SYS-
TEM LOGIN SCRIPT should contain the minimal NetWare commands necessary for net-
work functioning.
NetWare supplies a default SYSTEM LOGIN SCRIPT when the system is
generated. The LAN Administrator can modify this default SYSTEM LOGIN SCRIPT
using the SYSCON utility. Refer to Appendix F for details on login script commands and
G-10
-------�
LAN Operations
using the SYSCON utility. The second login script to be executed when a user logs into the
file server is the USER LOGIN SCRIPT. This script is also a series of NetWare com-
mands. The USER LOGIN SCRIPT should contain the commands that customize file
server access for network users. Each user's USER LOGIN SCRIPT can be customized;
however, the degree of customization should be minimal, if at alL Each user can edit
his/her own script, and it is your responsibility as LAN Administrator to see that they un-
derstand the proper uses of this function.
The commands in the USER LOGIN SCRIPT should define the mapping of file serv-
er directories to logical drives, define the directories to be searched to find files, display
the daily login message, and execute the network menu. The LAN Administrator can use
the SYSCON utility to modify each user's USER LOGIN SCRIPT. Additionally, each
user, once logged into the file server, can modify his/own login script The simplest method
of maintaining consistency across all network users is to create a text file which contains
the commands to be included in the USER LOGIN SCRIPT. The only command that
would need to be added to each user's USER LOGIN SCRIPT would then be "#IN-
CLUDE SCRIPT.LOG", assuming the name of the text file is "SCRIPT.LOG."
The sample USER LOGIN SCRIPT in Appendix F is an example of what such a text
should contain. File servers purchased from the SMA contract should already have a copy;
of this text file in the SYS:LOGIN directory of the file server. When adding new users to *
the user list, the LAN Administrator needs only to add the command "^INCLUDE
SYS:LOGIN/SCRIPT.LOGB to the USER LOGIN SCRIPT for each user.
Because the SCRIPT.LOG text file is stored in the SYS:LOGIN directory, each user
will be able to modify his/her own USER LOGIN SCRIPT, but will not be able to modify
the commands in the SCRIPT.LOG text file. The IAN Administrator should login to the
file server using the SUPERVISOR login in order to make changes the SCRIPT.LOG text
file.
G.2.4.5 Login Messages
When users login to the file server, any important or workgroup- specific informa-
tion should be displayed before the network menu is executed. The sample menu provides
a means of accomplishing this by use of the NetWare FDISPLAY program. Messages are
contained in a text file named "MESSAGE-TJCT." In particular, any information that is
relevant to new or changed use of the network should be included in the message text file.
The LAN Administrator should update the MESSAGE.TXT file daily, or as needed, by
editing the file using a word processor. The FDISPLAY program will filter some charac-
ters from the text file, but it is best to save the file as a standard ASCII text file. For ex-
ample, WordStar allows this by editing the file in non- document mode; Word Perfect
allows retrieving and saving the file via the text-in/text-out functions.
G.2.4.6 Ntw Users
Standard procedures exist for adding new users to the network file server. The opera-
tions involved include the following:
• Login to the file server as SUPERVISOR.
G-11
-------�
Volume II - LAN Technical Manual
• Create a personal directory using the DOS MKDIR command. For example, if
Jane is a new user, the commands would be:
CD \PERSONAL
MDJANE
• Use the SYSCON program to perform the following tasks.
- Add the user's name to the user list Note that users with the same names
must be entered with unique names in the user list
- Add the user name as members of the appropriate groups.
- Add the line "^INCLUDE SYS:LOGIN/SCRIPTIXXj" to the user's login
script
- Login under the new user's login name. Test that the login script and direc-
tory and file access works as expected.
- Instruct the new user on login procedures, menu functions, and basic Net-
Ware concepts. Make sure the new user understands which manuals in the
network library will be helpful in diagnosing minor problems.
Appendix F provides specific instructions for user lists, groups, and login scripts. If
you are unsure about procedures, consult the appropriate sections in this guide or the Net-
Ware manuals for instructions.
G.2.5 Periodic Testing
As indicated in the task chart above, the LAN Administrator should periodically test
the integrity of various functions on the file server. The focus for testing applications is the
network MENU system. Once a week, each menu choice should be tested to ensure proper
functioning of the applications.
Additionally, applications that involve usage counters, such as Lotus in the example
above, should be tested to confirm that the number of concurrent copies that can be loaded
performs as expected.
File servers delivered under SMA contract should include a separate network
MENU for the login SUPERVISOR. Functions available under that menu are specific to
network maintenance, such as SYSCON, FILER, QUEUE, SESSION, etc. An addition-
al feature that could be added to the SUPERVISOR network menu would be to clear ap-
plication counter files.
The applications counter works by copying a standard one line text file to a specific
count name when an application is executed. If another user tries to run the application,
the menu system checks to see if the counter file name exists. If it does, execution is denied
for that application number. When the application is exited, the specific count file name
is deleted. Examine the file "NORMAL.MNU" in the SYS:PUBUC directory to see how
this works.
To add a clear count file function to the SUPERVISOR menu, edit the file named
"SUPER.MNU" in the SYS:PUBLIC directory in non-document or ASCII text file format
For example, to add an option for clearing Lotus counter files, the following lines should
be added in the file before the line "%Printer Menu."
G-12
-------�
Installation Guidelines • Attachments
CD..
CLS
TYPE QOMSG.DAT
PAUSE NUL
NCOPYKiCXIUSROTJTjGZiFLAGS NUL
DEL KiCXIUSROTJLG NUL
GOTO EXIT
rem
rERRORl
CLS
ECHO.
ECHO.
ECHO.
ECHO.
ECHO THIS MACHINE DOES NOT HAVE ENOUGH MEMORY TO RUN
THE ECHO WORKSTATION PROGRAM -
ECHO.
ECHO NEED 640K MINIMUM.
ECHO.
ECHO Any questions, contact the LAN Administrator ECHO.
ECHO.
ECHO Press any key to return to LAN menu...
PAUSE NUL
GOTO END
:ERROR2
els
ECHO.
ECHO.
ECHO.
ECHO.
ECHO ALL WORKSTATION SESSIONS ARE IN USE...
F/4-5
-------�
LAN Technical Manual
ECHO.
ECHO Walt a while and try again,
ECHO.
ECHO or contact the LAN Administrator OaExL xxxx
ECHO.
PAUSE
CLS
GOTO END
:EXTT
oderit NUL
:END
z:
echo on
• Region IV has reserved the eighth workstation for administrative use; ergo, the
pool of workstations is seven although eight concurrent workstations can access the
mainframe.
F/4-6
-------�
Installation Guidelines • Attachments
:CXTWS03
IF NOT EXIST Z:FLAGS\CXIUSR03 JTLG GOTO CXIWS04
NCOPY Z:FLAGS\CXRJSRQ3 JLG K: NUL
DEL Z:FLAGS\CXIUSR03.FLG NUL
CDCXIWS03
OOWS03
CD..
CLS
TYPECXIMSG.DAT
PAUSE NUL
NCOPY K:CXIUSR03.FLG P: NUL
DEL ICCXIUSR03.FLG NUL
GOTO EXIT
rem
:CXTWS04
IF NOT EXIST Z:FLAGS\CXIUSR04.FLG GOTO CXTWS05
NCOPY Z:FLAGS\CXIUSR04.FLG K: NUL
DEL Z:FLAGS\CXIUSR04.FLG NUL
CDCXIWS04
CXIWS04
CD..
CLS
TYPECXIMSG.DAT
PAUSE NUL
NCOPY K:CXIUSR04 JLG Z:FLAGS NUL
DEL K:CXIUSR04.FLG NUL
GOTOEXTT
rem
rCXIWSOS
IF NOT EXIST Z:FLAGS\CXIUSR05.FLG GOTO CXIWS06
NCOPY Z:FLAGS\CXIUSR05FUG K: NUL
F/4-3
-------�
LAN Technical Manual
DEL Z:FLAGS\CXIUSR05.FLG NUL
CDCXIWSQ5
CXIWS05
CD..
CLS
TYPE CXIMSG.DAT
PAUSE NUL
NCOPY KiOOUSR05.FLGZ:FLAGS NUL
DEL K:CXIUSR05.FLG NUL
GOTO EXIT
rem
:CXIWS06
IF NOT EXIST Z:FLAGS\CXIUSR06.FLG GOTO CXIWS07
NCOPY Z:FLAGS\CXIUSR06.FLG K: NUL
DEL Z:FLAGS\CXIUSR06.FIjG NUL
CDCXIWS06
CXTWS06
CD..
CLS
TYPECXIMSG.DAT
PAUSE NUL
NCOPY K:CXIUSR06.FLG Z:FLAGS NUL
DEL K:CXIUSR06.FLG NUL
GOTOEXTT
rem
:CXIWS07
IF NOT EXIST Z:FLAGS\CXIUSR07 JLG GOTO ERROR2
NCOPY ZiFLAGSXCXIUSROTJLGK: NUL
DEL Z:FLAGS\CXIUSR07.FLG NUL
CDCXIWS07
CXIWS07
F/4-4
-------�
ATTACHMENT F/4 - NOVELL NETWARE LOGIN
SCRIPT
MAP K: = SYS:\USER\F_LASTNA (F is first name initial
LASTNA is 1st 6 characters of last name)
INCLUDE STAFFLOG.DAT
• STAFFLOGDAT
MAP DISPLAY OFF
DRIVE J:
MAPL: = SYS:APPL/LOTUS
MAP M: = SYS:APPL/MULTIMAT
MAPN: = SYS:APPI7DBASEffl
MAPO:= SYS:APPL/TEMP
MAPP:= SYS:APPL/CXI
MAPS1:=SYS:PUBUC
MAP S2: = SYS:PUBUO%MACHINE/%OS/%OS_VERSION
MAP S3: = SYS:APPL/DBASEm
COMSPEC = S2:COMMAND.COM
DOS SET NAME="STAFF
• CXI BATCH FILE FOR EIGHT* CONCURRENT USERS
• CHWS.BAT
ECHO OFF
CLS
IF NOT EXIST Y:CXI-OK.DAT GOTO ERROR1
TYPE CXIWATTDAT
F/4-1
-------�
LAN Technical Manual
NETBIOS NUL
rem
P:
:CXIWS01
IF NOT EXIST Z:FLAGS\CXIUSR01 JLG GOTO CXIWS02
NCX)PYZ:FLAGS\CXIUSR01.FLGK: NUL
DEL Z:FLAGS\CXIUSR01.FLG NUL
CDQOWSOl
CXIWS01
CD.
CLS
TYPE CXIMSG.DAT
PAUSE nul
NCOPY ICCXIUSR01.FLG Z:FLAGS NUL
DEL K.-CXIUSR01.FLG NUL
GOTO EXIT
rem
:CXIWS02
IF NOT EXIST Z:FLAGS\CXIUSR02.FLG GOTO CXIWS03
NCOPY Z:FLAGS\CXIUSR02.FLG K: NUL
DEL Z:FLAGS\CXIUSR02.FLG NUL
CDCXIWS02
CXIWS02
CD..
CLS
TYPE CXIMSG J5AT
PAUSE nul
NCOPY K:CXIUSR02.FLGZ:FLAGS NUL
DEL KICXIUSR02JLG NUL
GOTO EXIT
rem
F/4-2
-------�
Installation Guidelines • Attachments
Additionally, some copyright notices will state explicitly whether the software may
be used by multiple users on a network, whether only one user may access the software at
a time, or whether the software may be run on only one machine at any time.
F/3.3 PUBLIC DOMAIN SOFTWARE
Many popular application packages and utility programs are available that are public
domain. Basically, this means that the software is passed from user to user, or down-loaded
from public access bulletin boards. Generally, there is little or no charge for the software.
However, to register the software with the author or publisher a small fee is required.
Often, this fee will allow technical support for the software, in addition to making program
upgrades available. Public domain software is not always up to the quality of commercial-
ly available software; but will many times perform the functions that are needed by the
user. Even though the quality of public domain software is increasing, it is preferable to
standardize network usage on commercially available software; because, if data is to be ex-
changed with various organizations, it is more likely that the different users will be using
the same commercial software than the same public domain software. However, if you
decide to use certain public domain software on your network, it is suggested that the
software be registered with the author or publisher so that technical support is available;
as this will likely be needed when attempting to run public domain software on a network.
F/3-3
-------�
ATTACHMENT F/3 - LICENSE AGREEMENTS AND
COPYRIGHTS
F/3.1 LICENSE AGREEMENTS
The use of application software in a network environment raises the issue of license
agreements between the vendor and users. Because most available software is intended
to run only on a single computer, and partly because networks have not been a major fac-
tor in the past, many vendors do not have well defined policies regarding use of their
software on a network. Software that is written specifically to run in a network environ-
ment usually has a specific network licensing policy.
Licensing policies for software that is intended to be run on a network will vary from
vendor to vendor. Some typical vendor policies are described below.
• Some vendors will require that multiple copies be purchased, typically with
progressive discounts.
• Other vendors will offer a one time site license, allowing either limited or un-
limited use of the software.
• Some vendors do not discriminate between their single-user license and a net-
work license, allowing unlimited network use, so long as only one copy of the
software is available on the file server.
• Some vendors do not address the network issue at all, requiring vendor inquiries
before attempting installation of the software on a network.
Quite often, there is a correlation between the ability of a software package to run
in a multi-user environment and the vendor's network licensing agreements. If single-user
versions of an application will run without problems on a network, the vendor is more apt
to be lenient in licensing agreements. However, if modifications to the software were re-
quired for the software to run properly with multiple users, the vendor will likely be more
strict in licensing multiple use versions of that software. Four types of vendor license agree-
ments and their implications for network usage are described below.
F/3.1.2 SINGLE-USER LICENSES
The vast majority of MS-DOS application software available is sold with a single-
user, single-machine license. The software is intended to be used by only one user on one
computer. If you install software with this type of license on a network, it may be used by
only one workstation at a time without violating the license agreement Some licenses fur-
ther require that the software be run on only one machine. In this case, the software my
be run from only one particular workstation in order to conform to the license agreement
F/3-1
-------�
LAN Technical Manual
F/3.1.3 MULTI-USER LICENSES
Some vendors approach the issue of multiple users by charging fees according to the
number of users. Some of these policies are based on an agreement that a maximum num-
ber of users will access the software at any one time. Other vendors provide multi-user
versions of their software which count the number of currently active users and restrict ad-
ditional accesses.
F/3.1.4 SITE LICENSES
The site license arrangement usually requires the user to pay a fixed fee for the right
for an unlimited number of users to use the software at a particular installation. The fees
range from reasonable to very expensive, depending on the vendor. The use of a site license
within an agency or department can save money in the long run, and will make it more like-
ly that a particular application package will become standardized among the network users.
Additionally, adopting a site license for a popular application package will allay any legal
worries concerning multiple users.
F/3.1.5 UNLIMITED LICENSES
A few vendors have taken the approach of allowing users to run their applications on
networks without worrying about multiple user access. Typically, software that falls in this
category will not have problems running on a network. The only restriction may be that
only a single copy of the software may reside on the file server. This type of licensing ar-
rangement is the most convenient and hassle free from a supervisory, legal, and financial
point of view. Often, this type of agreement is not explicitly stated in terms of a license,
but is covered in terms expressed by the vendor's copyright notice.
Some vendors may or may not have special versions of the software allowing network
use; however, many vendors suggest or require that additional manuals be purchased for
the number of users that will be accessing the software on the network.
F/3.2 COPYRIGHTS
Almost all commercially available computer software is protected by the United
States copyright law. Most popular software is further protected by international treaty
provisions. Copyright statements are generally included within the documentation for a
software package. The copyright statement will inform the user of the vendor's legal claim
regarding copying the software and the use of information produced by the software.
Violation of copyright laws is difficult to enforce; however, several vendors have made ex-
amples of large corporations and agencies that have flagrantly violated software
copyrights. In order not to violate copyright laws, you must read the vendor's copyright
**f\t-t <-i^
notice.
F/3-2
-------�
Installation Guidelines • Attachments
SPOOL
Used to direct output to the print queue for network printers. SPOOL is used when
you cannot send a file to a directly to a printer by using the NPRINT command. It is
executed prior to running an application program that will send its output to a printer.
F/2.4 ADVANCED COMMANDS
ATTACH
Used to log in to additional file servers.
CASTOFF
Used to prevent your workstation from receiving messages sent from other worksta-
tions of from the system console (via SEND or MAIL).
CASTON
Used to reverse the effect of the CASTOFF utility.
FLAG
Used to view or change a file's attributes; such as read/write vs. read-only, or share-
able vs. non-shareable).
SALVAGE
Used to recover the file or files marked for deletion with the last ERASE command
issued from your workstation.
SEND
Used to send messages directly to other workstations or to the system console.
SLIST
Used to view a list of file servers attached to the network.
F/2.5 SYS:SYSTEM DIRECTORY
The directory SYS:SYSTEM contains the network operating system
(NETSOSJiXE), along with certain server utilities that only the network supervisor should
be allowed access. These utilities are fully described in the NetWare Supervisor Reference
manual A brief description of the important utilities follows.
HIDEF1LE
Hides a specified file. Hidden files will not show in a directory search, nor can they
be deleted or copied.
SHOWFILE
Makes a file visible. Reverses the effects of HTDFFTTF.
F/2-3
-------�
ATTACHMENT F/2 - NOVELL NETWARE COMMAND
LINE UTILITIES
F/2.1 COMMANDS WITH DOS EQUIVALENTS
CHKVOL (CHKDSK)
Used to determine the amount of disk space allocated to a given volume, and how
much of that space has been used.
USTDIR (TREE)
Used to view the directory structure of a specified volume, drive, or directory. It also
displays the maximum rights mask and the creation date for each directory below a
specified directory.
MAP (PATH)
Used to assign network drives to directories and to display these assignments.
NCOPY (COPY)
Used to copy files from one directory to another. This command is similar to the
DOS COPY command, but is faster, because the copy is made directly on the serv-
er, without being processed by the requesting workstation.
NPRINT (PRINT)
Used as a method of transferring a file to a network printer. NPRINT is the network
equivalent of the DOS PRINT command. However, unlike PRINT, NPRINT allows
several users to print one or more files on shared network printers, by means of "queu-
ing."
SYSTIME (TIME)
Used to view a file server's current time and date, and to synchronize your worksta-
tion clock with the file server clock.
UDIR (DIR)
Used to globally search through a directory or directories for a specified file or files.
VOUNFO (CHKDSK)
Used to see how much space and how many directory entries have been allocated for
each network volume, and how much space and how many directories are available
for use.
F/2.2 USER INFORMATION AND ACCESS COMMANDS
HELP
A facility to receive on-line help in using any of the NetWare command line utilities.
F/2-1
-------�
LAN Technical Manual
LOGIN
Used to identify yourself as an active user on a file server.
LOGOUT
Used to end a session from a workstation. When finished working on a server, you
should always use the LOGOUT command, as the server will then perform main-
tenance operations on any pending open files and erased files.
RIGHTS
Used to view your EFFECTIVE rights in a particular directory.
USERUST
Used to view a list of users who are currently logged into the network, or to view login
information about a specific user or users.
SETPASS
Used to create or change your login password.
WHOAMI
Used to display your username, the file server(s) currently attached, your connection
number, and the date and time of your last login. The connection number is
automatically assigned by the server software to each workstation that logs in to the
server. Numbers from 1 to 100 are used; when one workstation logs out, that num-
ber is placed back in the pool of available numbers.
F/2.3 PRINTER COMMANDS
ENDSPOOL
Used to close and print files saved with the SPOOL utility, when you are ready to ac-
tually print a file.
PURGE
Used to permanently delete files which have been previously marked for deletion.
It only purges files marked for deletion from the requesting workstation. This is dif-
ferent from the ERASE command, which only marks files as being deleted. The
PURGE command actually removes the file's data from the disk.
Q
The Q command allows the user to quickly display the current status of jobs in the
print queue.
QUEUE
The QUEUE command will perform several functions. They are:
• list the print jobs in a printer's queue,
• delete unwanted entries in the print queue,
• display spool information for a specific printer.
F/2-2
-------�
Installation Guidelines • Attachments
CHKDSK program to fix errors that are found in the directory or file allocation
table. If you receive any error messages during execution of the CHKDSK
program, you should go back and re-format the hard disk (starting with Step 1).
Refer to the DOS manual for a more detailed discussion of the FORMAT and
CHKDSK utility programs.
If you have access to the Norton Utilities, a set of utility programs published by Peter
Norton, an additional test of the hard disk integrity may be performed The Norton
Utilities includes a program called 'DISKTEST or 'DT. If you do have access, execute
the program by performing the following actions:
1) Insert the Norton Utilities disk in floppy drive A:;
2) At the C prompt, type 'A:DISKTEST C:' (or alternately, typing 'A:DT C:'.
3) The DISKTEST utility will prompt for whether to check for F)iles, D)isk, or B)oth.
Select B) for both, as this is the more complete test The DISKTEST utility
program tests a disk to ensure that it is not damaged and performs some damage
repair. The D)isk option reads every part of a disk, whether it is in use or not
The F)ile test reads each file and directory, checking only the parts of the disk
which are in use. Every sector of the disk will be read. Any sectors that cannot
be successfully read will be reported as errors.
4) If you encounter any errors at this stage, it would be advisable to go back and re-
format the hard disk as described in the steps above.
If you have any additional hard disk utilities that will verify proper read and write
operations, now is the time to use them. Once the NetWare operating system has been in-
stalled on the hard disk, such utilities will not work correctly on the hard disk, and will like-
ly damage the NetWare operating system and all files residing on the server hard disk.
Each of these tests can be executed several times if you wish. Many times, if new equip-
ment is going to fail, it will do so in the initial period of operation. Therefore, before
proceeding to install the network operating system, perform as many tests on the hard disk
in an attempt to make it fail, if it is going to.
F/M1
-------�
Installation Guidelines • Attachments
2) RENAME TEST - if file creation was successful
Type:
REN TEST1TEST2
Successful file renaming will be indicated by no messages being displayed, the
command line prompt will return. Unsuccessful file renaming will be indicated
by an error message being displayed. Verify whether the user has Modify access
rights to this drive/directory, and if the message was appropriate for these rights.
3) DELETE TEST - if file creation was successful
Type:
DELTEST2
Successful file deletion will be indicated by no message being displayed. Unsuc-
cessful file deletion will be indicated by an error message. Verify whether the user
has Delete access rights to this drive/directory, and if the message was appropriate
for these rights.
E. If an access attempt either works when it should not, or does not work when it
should, login as the SUPERVISOR and execute the SYSCON utility to correct
the inappropriate access rights for that user. It may be that a user is a member of
a group that has incorrect trustee rights. In that case, correcting the group's direc-
tory trustee rights will correct all users that are members of that group. Also, if
you have modified the Maximum Rights Mask for a particular directory, those
rights will take precedence over trustee rights. After correcting trustee or Maxi-
mum Rights Masks, attempt the same access that did not perform appropriately.
F. Repeat steps A through E for each workstation and each user that was created on
the file server.
The tests outlined above are very simple, and take little time to perform. Several
benefits are obtained in completing these tests. Each user's logon script has been verified
as being set up properly. The proper security access of each user to each drive/directory
mapping has been checked. Perhaps most significant is the fact that by performing these
test, you, as the LAN Administrator, have gained valuable experience in using the server
MONITOR program, recognizing NetWare error messages, and taking corrective action.
The value to users is that network configuration problems have been addressed prior to
using application programs on the network.
F/1.4 FILER SERVER CONFIGURATION • AT TYPE PCS
The IBM AT and most AT compatible clones require that the hard disk, system clock,
and I/O devices be configured before the computer can be accessed by any DOS programs.
The process for using the SETUP utility can be found in the instructions accompanying
your computer. General guidelines for configuring your file server with the SETUP utility
are given below (the SETUP options may not appear in the sequence listed below):
F/1-9
-------�
LAN Technical Manual
1) Insert the SETUP utility disk in floppy drive A: and turn the machine on;
2) Set the correct date and time for the system clock;
3) If your hard disk is 32 megabytes or less, select the option to partition the entire
hard disk as one logical drive;
3b) If your hard disk is 32 megabytes or greater, select the option to partition the
hard disk into logical drives of equal size;
4) Verify the correct number of serial and parallel ports installed in the computer
5) Write the SETUP configuration to the computer's non-volitle RAM.
F/1.5 FILE SERVER HARD DISK FORMAT
Formatting the hard disk is the process in which the the physical layout of the disk
media is structured into logical components which are used by the operating system for
storing and keeping track of the location of all information written to the disk. Novell Net-
Ware requires that the server hard disk is configured by a utility provided by Novell (refer
to Section 5 of this document for details). However, before the NetWare operating sys-
tem is installed on the file server, it is a good idea to verify that the server and server hard
disk are operating properly. This can be accomplished by formatting the server hard disk
for normal operation as a single user workstation, using the utilities provided with DOS.
General guidelines for formatting the file server with DOS are listed below:
1) Insert the DOS 32 (or greater) master diskette in floppy drive A: and turn the
machine on;
2) Enter the correct date and time, if they are not correct, when prompted;
3) At the A prompt, type 'FORMAT C: /S'. The FORMAT command will proceed
to format the file server hard disk. The VS' parameter instructs the FORMAT
command to copy the operating system to the hard disk so that you can boot
directly off of the hard disk. Depending on the size of your hard disk, the format-
ting process can take from 10 to 40 minutes.
4) When the formatting is complete, information regarding the hard disk formatted
parameters may be displayed, and you will be returned to the A prompt
5) Open the door to the floppy drive and re-boot the computer by simultaneously
pressing the Control-Alt-Del keys. In a few moments, you should again be
prompted with the date and time. The date and time should be correct If not,
then use the SETUP diskette to reinitialize the system clock.
6) Close the door to the floppy drive and, at the C prompt, type 'COPY A: V. This
will copy the DOS programs to the root directory of the hard disk.
7) At the C prompt, type 'CHKDSK C: /F. This utility will analyze the directories,
files, and the File Allocation Table on the hard disk and produce a disk and
memory status report The VF parameter on the command line instructs the
F/1-10
-------�
Installation Guidelines - Attachments
SYSCON Tasks
Rights
List servers logged in to Any user
Logging in to additional servers Any user
Select the current server Any user
Change to a different user of
current server Any user
Logging out of a server Any user
List known NetWare servers Any user
View NetWare server information Any user
List the server groups Any user
Create/Rename/Delete a server group Supervisor
View a group's full name Any user
Assign/change a group's full name Supervisor
View a group's ID Any user
List a group's members Any user
Add a user to a group Supervisor
Delete a user from a group Supervisor
Assign a group trustee rights in a
directory Supervisor
Modify/delete a group's trustee rights Supervisor
Listing users • Any user
Create a user on a file server Supervisor
Rename/delete a user Supervisor
View your own full name Any user
Assign/change a user's full name Supervisor
View a user's group membership Any user
View/create/modify personal login script Any user
View/create/modify any user's login script Supervisor
View/modify the system login script Supervisor
Change your own password Any user
View/assign/change any user's password Supervisor
View your security equivalences Any user
Assign a security equivalence to a user Supervisor
Delete a user's security equivalence Supervisor
View your trustee assignments Any user
View/assign any user's trustee rights Supervisor
Modify/delete any user's trustee rights Supervisor
View a user's ID Any user
Table F/12 Novdl SYSCON Function*
The MONITOR program (covered in Appendix F of this guide and in the NetWare
Installation Manual) provides a convenient method of monitoring all network access at-
tempts by each workstation on the network. Because the network server and the network
workstations will likely be physically separate, it would be wise to ask the assistance of a
F/1-7
-------�
LAN Technical Manual
co-worker during network testing to view the MONITOR display. The supervisor and as-
sistant should coordinate each access attempt so that the assistant will know whether the
appropriate message is displayed on the MONITOR screen. When an inappropriate mes-
sage does occur, the supervisor should immediately take corrective actions and attempt
the questionable access again. The SEND command can be used to send messages be-
tween the server and workstations to inform each other whether access attempts work as
expected
Prior to performing user tests, create a MESSAGE.TXT file in the SYS:PUBLIC
directory. The simplest way to create this file is to:
• log in as the SUPERVISOR
• use your word processor to create an ASCII file named SYS:PUBLJC\MES-
SAGE.TXT, that contains a sample testing message, such as:
This is a network test verification message.
If you are using WordStar, create this file in non-document mode, Word Perfect users
can save it as a DOS text file.
In performing the server/user access tests, copies of the worksheets created should
be available to both the server monitor and the supervisor as each workstation is checked
out. As each access is attempted, it should be verified against the worksheets to ensure that
the accesss attempt performed as indicated on the worksheet plans.
The outline below should serve as a guide to performing access tests at each worksta-
tion.
A, Login to a workstation as the designated user for that workstation. If workstations
do not have designated users, then sequentially log on various workstations as
each user indicated on the SERVER USERS worksheet
B. Verify that the login message appears, and that the drive/directory mappings are
indicated on the screen as expected.
C. Change the default drive to each mapped drive/directory. This is done by typing
'O:' Return to change to drive O:, 'P:' Return to change to drive P:, etc. The fol-
lowing steps should be completed for each logged drive.
D. For each mapped drive, attempt to perform Create, Rename, Copy, and Delete
access rights on a file. A simple method of performing these tests is as follows.
1) CREATE TEST
Type:
NCOPY SYS J»UBUC\MESSAGE.TXT TEST!
Successful file creation will be indicated by the message '1 file(s) copied*. Un-
successful file creation will be indicated by an error message, such as 'File crea-
tion error1. Verify whether the user has Create and Write access rights to this
drive/directory, and if the message was appropriate for these rights.
F/1-8
-------�
Installation Guidelines • Attachments
sages such as "When you see the above messages, skip to the subheading LOADING NET-
WARE UTILmES ON HARD DISK ZERO." Because the INSTALL utility provides
for various options during installation, depending on the configuration, you will be in-
structed to proceed to one section or another. Presuming you are installing NetWare on
an AT-compatible PC as a dedicated file server, as recommended, the sequence of events
will be:
1) run INSTALL,
2a) select default parameters if not installing a remote workstation, or
2b) select alternate parameters if installing a remote workstation,
A) allocate a partition (initialize),
B) define the server's printers,
C) specify the maximum number of open files,
D) specify the cache buffer size,
E) define the hard disk volume(s),
3) name the file server,
4) load the system and public files (you are prompted to insert the appropriate dis-
kettes),
5) write down install parameters,
6) boot the file server (by simultaneously pressing CTRL-ALT- DEL), installation
is complete.
F/1.2 ADDITIONAL MENU UTILITY FUNCTIONS
Many additional functions are available through both the SYSCON and FILER
utilities other than those listed in Appendix E. Because the SYSCON and FILER
programs are located in the SYStPUBLJC directory, both regular users and the network
supervisor can execute the programs. The tasks a user may perform and the screens shown
in a utility are determined by the user's trustee rights. Some tasks may be performed only
by a supervisor, who has all trustee rights in all directories at all times. The tasks available
for both programs and the required user rights to perform each task are listed in Tables 1
and 2.
F/1.3 MULTI-USER SECURITY VERIFICATION
A practical approach to multi-user and security verification on the network involves
logging in to each workstation under each of the login names created, checking access rights
in each of the directories on the file server, monitoring these access attempts en the net-
work server, and correcting inappropriate accesses as they occur.
F/1-5
-------�
LAN Technical Manual
FILER Tasks Rights
View current directory information Any user
Change directory date and time Supervisor
View effective rights in a directory Any user
View directory Maximum Rights Mask Any user
Change directory Maximum Rights Mask Parental
View a directory's owner Any user
Change a directory's owner Supervisor
Add/delete trustees of a directory Parental
List files Any user
Delete files Delete
Rename files Rename
View file attributes . Any user
Add/delete file attributes Modify
Copy a file Open/Create/Del
View a file's creation date Any user
Change a file's creation date Supervisor
View a file's last accessed date Any user
Change a file's last accessed date Supervisor
View a file's last modified date/time Any user
Change a file's last modified date/time Supervisor
View a file's owner Any user
Change a file's owner Supervisor
View a file's size Any user
View a file's contents Read/Open
View/change the current directory path Any user
Display General Defaults Menu Any user
Specifying file copy/delete confirmation Any user
Specifying file overwrite confirmation Any user
Specifying directory in/exclude patterns Any user
Specifying file in/exclude patterns Any user
Add/delete file search attributes Any user
Rename a group of subdirectory names Modify/Parental
Rename/Delete subdirecties & names Delete/Parental
Add subdirectories Create/Parental
View subdirectory creation date/time Any user
Specify Maximum Rights for multiple dirs Parental
Specify owner for multiple subdirs. Parental
View a subdirectory's Maximum Rights Any user
Change a subdirectory's Maximum Rights Parental
View a subdirectory's owner Any user
Change a subdirectory's owner . Supervisor
Add/Delete trustees of a subdirectory Parental
View volume information Any user
Table F/1.1 Novell FILER Functions
F/1-6
-------�
Installation Guidelines - Attachments
than one partition are: 1) you want to use the server as a workstation when it is in DOS
mode; or 2) you may sometimes wish to use the server as a stand-alone computer. In both
of these cases, some of the hard disk must be set aside as a DOS partition. After installa-
tion is complete, the network partition cannot be changed without destroying the files on
the hard disk (i.e., files must be backed up, the partition reallocated, then the files must be
restored). It is strongly recommended that the entire hard disk be allocated into only one
partition. Allocating a single partition will make the installation process much simpler,
and the performance throughput for the network server will likely be greater.
A partition can be thought of as the physical component of the server's hard disk.
Once a partition has been allocated for NetWare, that partition can be divided into logi-
cal components, called volumes. The logical components, or volumes, can be accessed by
the user as MS-DOS drives. Thus, if a partition is divided into two volumes, then a user at
a workstation would be able to access two drives (F: and G:) on the network server. When
a volume is defined, the volume name and the volume size must be specified. The first
volume on a disk must always be named 'SYS' (and is also known as hard disk 0); addition-
al volumes on a disk must conform to MS-DOS naming conventions, but are otherwise user
selected. The size is specified in terms of the number of megabytes to allocate to a volume.
A volume's size cannot be changed once it has been defined. One reason to specify several
volumes on the hard disk might be for grouping together similar programs or data; however,
the MS-DOS environment provides for the use of directories as a convenient method of
organizing programs and data on a drive (volume). Since NetWare provides security at
the directory level, there is little reason to divide a single hard disk into more than one
volume.
Since NetWare does not act as a device driver for MS-DOS, but rather, is an operat-
ing system unto itself, the methods for storing and accessing information on the volume(s)
must be defined. These parameters include the cache buffer size, maximum number of
open files, the number of directory blocks for a volume, and whether to cache the disk's
directory. Any or all of these four parameters can be modified at a later time without af-
fecting files on the disk. The default settings for these four parameters will most Likely suf-
fice for any particular network environment. However, to clarify their meaning, a brief
description of each parameter follows.
• The cache buffer size determines how much information is transferred on each
disk I/O. On a server PC with 640 kilobytes of RAM, the default buffer size of
4096 bytes will generally improve performance throughput by performing fewer
disk I/O's. On a server PC with only 512 kilobytes of RAM, 2048 bytes of cache
buffer is the largest allowed.
• The maTimnm number of open files will depend on several factors. The number
of workstations on the network, along with the type of application software each
workstation will be running will determine the number of open files required.
File intensive applications such as dBase or many accounting programs will like-
ly need to have several files open simultaneously; while spreadsheet program*
such as Lotus will tend to only be working with one file at a time. Also, since each
open file will consume 40 bytes of memory in the server, the number must be
F/t-3
-------�
LAN Technical Manual
weighed against the cache buffer size. On a server PC with 640 kilobytes of RAM,
Novell suggests starting by allowing 100 open files, and adjusting if necessary. On
a server PC with only 512 kilobytes of RAM, 32 is an acceptable number of open
files.
• Since the difference between the cache size and number of open files is significant
on 512K machines versus 640K machines, it is strongly suggested that your net-
work server be upgraded to 640K, if not already. The price of RAM in a PC is
negligible compared to the investment in the networking hardware and software,
and will greatly improve overall performance on the network.
• The number of directory blocks refers to the amount of disk storage to set aside
as space specifically for directory entries (files). Each directory block will hold
128 files; and Novell suggests that five blocks (or 1024) entries for each two
megabytes of volume size is sufficient Thus, if 40 megabytes were assigned to a
volume, then 100 directory blocks would be appropriate.
• Caching a directory simply means that the directory information will be kept in
the server's RAM memory. This will result in the software being able to locate
any particular file much faster than having to re-read the data from disk.
The network server's shared, or spooled printers will be used by all of the worksta-
tions as if the printers were attached locally to each workstation. Each file server may have
as many as five network printers attached. At most, two of them may be serial printers,
and three of them may be parallel printers. The default settings will allocate all of the net-
work server's serial and parallel ports as printer ports. If you configured your operating
system for remote workstations, then you must reserve the appropriate number of serial
(COM) ports you selected when you configured the NetWare Remote software. For ex-
ample, if your system has two serial and two parallel ports, and you specified one port during
NetWare Remote software configuration, then you would specify one serial port as a
printer port NetWare will automatically assign the parallel ports as printer ports. The
default communication parameters for serial printer ports are outlined above. Most serial
printers have DIP type switches to allow setting the communication parameters. If your
serial printer is unable to be adjusted to these settings, then you will need to modify the
default communication parameters to suit those of your printer(s). The parameters for
each printer may be adjusted individually.
Almost all networks will be able to use the default settings for initializing the net-
work server. The most likely exception will be the case where a remote workstation is
planned to be attached. Whether or not you use the default settings, or customize your
network, when you finish initializing the server and loading the NetWare utilities, the IN-
STALL program will display a screen of the NetWare parameters chosen. You should
write these parameter values on a form (one is provided with the NetWare manual), and
keep this form secure and available for future reference should you ever need to modify
the server or repeat the entire process.
The chapter in the NetWare manual on initializing the network software is a step by
step guide for using the INSTALL utility. It is rather important that you read each word
in the manual as you proceed with the installation. Particularly, at times there will be mes-
-------�
Attachment F/1 - NOVELL NETWARE PROCEDURES
F/1.1 INSTALLING AND CONFIGURING SERVER SOFTWARE
Before you begin installing the network software on your server, please make copies
of all the NetWare distribution diskettes. One of the most exasperating experiences is to
overwrite or ruin one of the original diskettes, and find that you must wait days to receive
new copies of the diskettes before you can proceed.
An INSTALL utility program (on the NetWare 286 Install diskette) is provided that
will automate most of initializing process. There are two methods of using the INSTALL
utility: 1) to use the.recommended default parameters; and 2) to customize the parameters
to your particular hardware environment Using the default parameters is by far the
simplest method of completing the network software initialization process. However,
there are basically two occasions on which you may wish to customize the installation
process. If you intend to add a remote workstation to the network, or if you wish to allo-
cate only part of your server hard disk to the network, then you must customize the instal-
lation by typing the appropriate responses for parameters when prompted by the INSTALL
program.
Three conditions must be met before using the INSTALL program.
A) Your AT-compatible PC (such as the Epson Equiity ffl + available from FDC)
must have already been configured using the SETUP program provided with the computer
and formatted with MS-DOS using the 'FORMAT C: /S' command. To be sure there were
no errors in formatting your hard disk, use the DOS command 'CHKDSK C: /F. If the
CHKDSK command indicates that you have 'Bad' or 'Lost Ousters' then go back and re-
format the hard disk using the 'FORMAT C: /S' command.
B) Your server hard disk must be properly formatted using the NetWare COM-
PSURF utility program. Use of the COMPSURF program is outlined in Chapter 2 of the
NetWare 286 Maintenance manual
C) If you are installing the SFT NetWare 286 (any Level) with the NetWare Trans-
action Tracking System (TTS), you must run the NetWare PREPARE utility program to
allocate space and set up files for the Tracking System, The PREPARE program is out-
lined in the SFT NetWare 286 Installation Supplement
Note that the sequence of events is:
1) use the SETUP utility and format using the DOS FORMAT command,
2) run COMPSURF,
3) run PREPARE (if applicable), and then
4) run INSTALL.
F/1-1
-------�
LAN Technical Manual
Use of the INSTALL utility program is described in Chapter 2 of the NetWare 286
Installation: Part II manual Basically, the INSTALL program will do several things to
prepare the server for network use. These are:
1) allocate a partition for NetWare on the PC/AT hard disk,
2) divide the partition into one or more volumes,
3) initialize the volumes with the directory structures used by NetWare, and
4) define and configure the server's printers.
5) name the file server
6) load the network utilities
When the INSTALL program is run, you will be asked whether-to accept the default
parameters for initializing the network server. If you accept the default parameters, the
entire process will be done for you automatically. If you do not accept the default
parameters, then you must answer questions for each of the parameters. It is strongly sug-
gested that, unless you will be using a remote workstation on the network, accept the default
parameters suggested by the INSTALL program. The NetWare default parameters are:
Partition size - the entire disk
Cache buffer size - 4096 bytes
Number of open files - optimized for available memory
Number of directory blocks - optimized for disk space
Directory caching - yes
Spooled printers
- all serial ports, all settings at:
- 9600 baud
- Parity disabled
- 1 Stop bit
- 8 Data bits (Word length)
- No handshaking (XON/XOFF disabled)
- all parallel ports
The paragraphs below briefly describe the NetWare initialization parameters, and
how they will affect your system's performance. Note that the parameters that do not in-
volve allocation of disk space can be modified at a later time without affecting information
residing on the disk.
A partition on a hard disk is the method by which the operating system, in this case
NetWare knows how much, or what percentage, of that hard disk can be used by the operat-
ing system. This means that more than one operating system can reside on a hard disk. If
that is the case, the hard disk is known as a 'non-dedicated' server, because the entire hard
disk is not 'dedicated* to one operating system. For the purposes of this discussion, the en-
tire hard disk will be allocated into one partition for the purposes of running NetWare;
and will thus become a 'dedicated* server. Two reasons you may desire to allocate more
F/1-2
-------�
Installation Guidelines
through the manuals that accompany these devices to ensure that they have been installed
in the PS/2 according to the instructions.
If purchased from a non-SMA source, the Tape Backup hardware and interface card
should be installed in the file server according to the instructions. Additionally, the Tape
Backup Adapter/A support diskette should contain configuration files for use in configur-
ing the PS/2 Program Option Select feature. These files should be copied to the IBM
Product Two Diskette (reference diskette). The system should then be re-booted from the
Product Two diskette for configuring the micro-channel operation.
F.8.2 Installation of SY-TOS Backup Software
If the file server is purchased from the SMA contract, the software for use with the
IBM 6157 Tape Backup System, SY-TOS, should be pre-installed on the file server. If the
system is purchased from a non-SMA source, the software needs to be copied to a direc-
tory that is available only to users with Supervisor Effective Rights. This software should
not be available to users not responsible for backing up the network. If additional backup
software configuration is required, it may be purchased as a Server Installation service from
SMA.
F.8.3 Testing the File Server Backup System
F.8.3.1 Backing Up to Tap*
The SY-TOS software should be executed only by a person who is familiar with the
network console operation. It should never be executed while other workstations are ac-
tive on the network. The proper procedure for backing up the network file server is to
issue the following commands from the network console:
(1) BROADCAST "Network will be shut down in 5 min. for backup" (followed by
the 5 minute period to allow users to gracefully save work and exit their applica-
tions.
(2) Execute the SY-TOS software to backup the network file server
The SY-TOS software allows two modes of operation: file- by-file backup, and image
copy. The file-by-file copy provides the option to back up only those files modified since
the previous backup. The recommended procedure for system backup is as follows:
(1) A full system backup should be made initially
(2) Two (or preferably three) tapes should be dedicated for file-by-file backup.
These tapes should be alternated in the "grandfather- father-son" method of back-
up. For example, the following scenario might be followed for a three tape
backup procedure.
Week 1 Tape 1
Week 2 Tape 2
Week3 Tape 3
Week 3 Image copy (separate tape)
F-81
-------�
LAN Technical Manual
Week 4 Tape 1
WeekS Tape 2
Week 6 Tape 3
Week 6 Image copy (separate tape)
...and so on.
The tapes themselves should not be stored near the file server unit If a disaster oc-
curred which destroyed the server, the tapes should be available to restore the file server
when replacement equipment is installed.
F.3.3.2 Restoring From Tap*
Two methods are provided with the SY-TOS software for restoring to the file serv-
er, file-by-file and image. The purpose of using either method depends on the need for
restoring.
It is a fact of life that at some point in a hard disk's lifetime, partial or severe corrup-
tion of data or the media may occur. This is the reason for backups. If the file server hard
disk becomes corrupted, a complete image restore, possibly following the reconfiguration
of the NetWare operating system, may be required to bring the system back on line. Image
restores from tape will recreate the file structure on the file server that existed at the time
of the previous image backup. The use of an image restore is usually the last resort in resur-
recting a hard disk, and should only be performed as such.
File-by-file restores can be performed in regard to specific user's needs. For ex-
ample, a user may request that a previous version of a document be restored to recover in-
formation that was deleted accidentally. Also, if file-by-file backups are performed in
order to archive certain data sets, they may be retrieved using the file-by-file restore fea-
ture in order to access the previously archived data.
Backups of data, especially on a file server with multiple users, are a critical part of
system maintenance. Most experienced users agree that it is not if your hard disk goes
down, but rather when it goes down. Consistent and frequent backups provide a sense of
security, not only for the LAN Administrator, but for all users on the network.
We hope that you will not need to use the tape restore frequently. However, due to
the critical nature of the backup, it is recommended that a test of the backup system be
performed on a regular basis. Even if the backup/restore system works when initially in-
stalled, it is possible for one or more of the hardware or software components to malfunc-
tion. A simple test, performed periodically consisting of copying some files into a dummy
directory, backing them up on tape, deleting the files from die server, then restoring them
from tape, will ensure the proper operation of the backup system on a continuing basis.
F-82
-------�
Installation Guidelines
Alternate methods for sharing the available Work Authorization Disks among a
greater number of users are available and involve maintaining the IWSKEY.BIN and flag
files in a public directory rather than in the user's private disk space. The method used in
Region 4 works satisfactorily. It depends upon several criteria being satisfied first. The
LAN Administrator must construct the appropriate LAN disk hierarchy, create user login
scripts which will map the first search drive to SYSrPUBLIC and the second search drive
to the DOS corresponding to the user's personal computer, build batch files, and include
a STAFFLOG.DAT file in the login script Attachment 4 provides a facsimile of the
Region 4 files. These files can be readily adapted to the specific configuration of the LAN.
• Test SNA/SDLC Gateway
The arduous preparation of the gateway begins with the planning and development
of the TSR and culminates with this the testing phase. If the procedures for configuring
and loading the hardware and software have been followed, the test procedure will proceed
rapidly and without problems. Before attempting to test the gateway, the LAN status
should be rechecked. If the gateway is to be installed on a new LAN, it is advisable to begin
the gateway testing with only the file server, the gateway server, and one workstation. Until
the gateway and one workstation have been successfully tested, it is not advisable to con-.
figure the remaining workstations. -y
The first step should be to confirm with telecommunications that the gateway has
been configured as specified in the TSR. This step should be accomplished in advance of
the testing and telecommunications should be alerted to the gateway testing schedule.
The second step is to configure the software for the gateway server and workstation
control programs as discussed earlier. This is followed by loading the software onto the
file server as indicated. Determining the best implementation for the specific LAN in-
cludes adapting/adopting a method of invoking concurrent workstation users without
violating the copyright of the software. The Region 4 batch files have been included to
demonstrate one method of implementation. The LAN administrator may determine that
all workstations are to be treated equally; i.e, there is no administrative workstation. He
can also decide to bypass copying some workstation files into the user's directory such as
the profile save and restore files. The particular LAN configuration can have other than
one host and one printer session per workstation. Once these factors have been deter-
mined and the software configured and loaded, the hardware installation can proceed.
Note that the installation must conform to the TSR,
There is only one hardware item to be installed on the LAN - the SNA adapter. It is
recommended that this be installed in a dedicated workstation. When configured, the LAN
administrator assigned an interrupt for the adapter. Usually interrupt level 3 is chosen (in-
terrupt level 2 is reserved for the token-ring adapter required for the LAN). Configure
the adapter switches to reflect the interrupt level selected and install the adapter. Con-
nect the adapter to the modem or to the null-modem to provide the data path to the LMF
or IBM 3090 mainframe. This step likewise requires planning and a TSR for proper im-
plementation. A special IBM cable will be required if the installation is directly connected
F-79
-------�
LAN Technical Manual
to the LMF without modems (see INSTALL THE PCOX REMOTE INTERFACE
BOARD above).
Telecommunications should be called to have them at ready to bring the telecom-
munication line up. The next step is to load and execute the gateway software. Telecom-
munications personnel will verify that the gateway has been established and that the line
is active. If problems occur, telecommunications will be able to assist in detecting and cor-
recting the problems. NetView will be used to monitor the line, determine the status of
the emulated controller, and inform the LAN administrator when the workstation is being
polled. The CXI PCOX gateway thoroughly emulates an IBM 3274 controller; it must be
treated as one which means that occasionally the line has to be dropped, the controller
reset, and on rare occasion, the power must be turned oft. Corresponding actions with the
gateway software include having the telecommunications personnel drop the line, reac-
tivate the line, and having the LAN administrator reboot the gateway server. Normally,
the gateway PC remains up and running, as does the file server. When the gateway has
been turned off or rebooted, the gateway must be restarted before any workstations are
brought up. If workstations are connected when the gateway is taken down, these also must
be reinitialized by rebooting and executing the Workstation Control Program.
When a good line is established, the first workstation's software can be loaded and
executed. Assistance as described in the preceding paragraph may be required to estab-
lish the line the first time. Thereafter, this process will be routine and transparent to the
workstation users. Following successful mainframe connections with the first workstation,
the remaining workstations should be activated to ensure that concurrent operations (to
the limit of the license) can be performed. The PCOX software has tutorial software which
will enable the LAN administrator and workstation users to familiarize themselves with
the software before the gateway is installed. This software does not require the physical
link to execute the tutorials.
F.8 BACKUP
One of the benefits of using a network as described in this document is that backing
up the programs and data that is stored on the file server involves only one operation; as
opposed to performing a similar operation for each workstation. However, if workstations
also have a hard disk, programs and data on the workstation's disk drive(s) should also be
backed up. Backing up information resident on local workstation drives is outside the
scope of this document, and users should refer to the appropriate documentation for back-
up procedures.
F.8.1 Installation of Tape Backup Hardware
The IBM 6157 Tape Backup System and IBM Tape Backup Adapter/A comprise the
hardware components of a tape backup system that is DC-600 compatible. The hardware
should arrive with all jumpers and switches pre-configured for LAN operation.
If the file server package is purchased from the SMA contract, the IBM 6157 Tape
Backup System and Adapter/A interface card should arrive pre- configured by SMA. Read
F-80
-------�
Installation Guidelines
the customizing screens will indicate choices that depend on the settings for the host con-
nection. For example, the SDLC encoding, normally NRZ, depends on the configuration
of the 3705/3725 port Table F.I indicates relevant information for various screen panels
and shows EPA recommended settings.
• Install and Configure Workstation Users' Disks
Files on the Workstation Users' Disks allow the following functions to be performed.
(1) Operation of the gateway Workstation Control Program, which includes:
- Loading the Workstation Control Program;
- Unloading the Workstation Control Program;
- File Transfer between Workstations and Host Sessions.
(2) Support of resident applications in the workstations, in particular
- PCOX 3270 Series Application Program Interface (API);
- CXI subset of the IBM 3270 API;
- IRMASUBS BASIC Subroutine Interface.
Only one executing copy per Workstation Authorization diskette is allowed.
To install the Workstation User's Disks for use on the network, the Workstation Con-
trol Program files must be copied to a public directory on the LAN file server. The files
that need to be copied to the public directory are:
CXIWS70S.EXE Workstation Control Program (no print)
or
CXIWS70P.EXE Workstation Control Program (with print)
(The difference between the "S" and "P" versions is that "S"=no printer session, and
"P"=with printer session).
CXISTD l.MAP U.S. English Keyboard/Display File
CXTOSTD1.XLT U.S. English EBCDIC/Buffer Code Table
CXIPSTD1.XLT U.S. English EBCDIC/ASCII Table
After the files have been copied, the Workstation Control Program must be cus-
tomized.
The PCOX Workstation Control Programs are much easier to configure than the
Network Server Control Program. There is no hardware interface customization, as all of
these are controlled by the Network Server Control Program. Instead, there is a Worksta-
tion Customization panel, used to define the workstation to server connectivity. Worksta-
tions can be customized for a PC session, up to two notepads and one to five host sessions.
Host sessions can be 3278/79 display sessions (LU Type 2), or 3287 printer sessions (LU
Type 1).
To customize the Workstation Control Program, enter the command CXICFIG
program-name, where program-name is the name of the Workstation Control Program
F-75
-------�
LAN Technical Manual
Settings
Comments
• Hardware Customization Panel
Interrupt Level for Interface Board 3
SDLC Encoding NRZ
I/O Port Address 380
Memory/Plus Board in PC Yes
• SDLC Control Unit Option Customization Panel
Invalid Codes Return as Op Chk Yes
SDLC Control Unit Address 01
PUID 00000
• Network Server Customization
Unique Server (Node) Name GS1
Total Number of Host Sessions 16
Number of Polling Dispatch Cycles 2000
Network Transmission Timeout (in sees) 60
Number of NCBs to Reserve 8
IfTRNisl
Per Telecom
IfTrue
Per Telecom
Per Telecom
Per Telecom
Arbitrary
Per package
Per Telecom
Per CXI
• Local Address Type Definition Panel
Local Address Type (2 = display, 1 = printer)
Model (for Type 2, the 3270 emulation mode)
Access Code (maintained by the customization program)
• Configure Workstations
WS1, WS2, WS3, WS4, WS5, WS6, WS7, WS8 as Model 2 Displays with one Hos
Session and one Host Printer Session. Ergo, the following:
ACCESS LOGICAL UNIT
CODE ADDRESSES
WS1 02 03
WS2 04 05
WS3 06 07
WS4 08 09
WS5 OA OB
WS6 OC OD
WS7 OE OF
WS8 10 11
Table F.I CXI Configuration Parameters
F-76
-------�
Installation Guidelines
The LAN Administrator should configure the eight authorized workstation files as "WS01",
"WS02", etc. rather than individual user names.
Table F2 shows the display panels and parameters necessary for completing a single
workstation customization procedure; the other workstation customizations are similar.
• Workstation User Files
Each user on the network should have a private directory set up, either on the LAN
file server, or on local hard disk, in order to access files and data particular to each user's
host sessions. The following files should be copied to each user's private directory.
CXISAVE.REC These files contain the user's
CXISAVE.AUT saved Autokey recordings, notepad,
CXISAVE.NOT and screen profiles.
CXISAVE.SCR
IWSKEY.BIN Unique Workstation Authorization file
The following files should be copied to the common, public directory that will be ac-
cessed by all gateway users.
CXIEXIT.EXE Workstation Unload Command
CXISAVE.EXE Screen/Notepad/Autokey Save Command
CXIRSTR.EXE Screen/Notepad/Autokey Restore Command
IWSCTRL.EXE Workstation Control Initialization Overlay
FTP.EXE File Transfer Program
FTBFG.EXE File Transfer Batch File Generator
SEND.EXE IBM-compatible SEND Command
RECEIVE.EXE IBM-compatible RECEIVE Command
PCRESET.EXE LAN Adapter Reset Command
PCSTAT.EXE Workstation LAN Adapter Status Command
CXIWS70S.EXE Workstation Control Program (no print)
CXIWS70P.EXE Workstation Control Program (with print)
IKYBD.EXE CXI Standard Keyboard Driver
Additionally, batch files should be created for each user that will automate the fol-
lowing procedures:
• Change to the appropriate private directory;
• Load the correct Workstation Control Program; and
• When finished, unload the Workstation Control Program.
F-77
-------�
LAN Technics! Manual
Settings
Comments
Workstation Customization
Unique Workstation (Node) Name
Up to 4 server names
S01(...WS08)
GS1
Access Code for Server Local Device Pool WS1
Is a Memory/Plus Board installed? No
(..WS8)
If True
General Session Customization
Is PC Session desired
Number of Notepads desired
Number of Host Sessions desired
PC Session Name
Notepad 1 Session Name
Notepad 2 Session Name
Yes
Two
Two
A.PC
B.NOTEPAD1
QNOTEPAD2
(One Printer)
Host Session n Customization (n = session number)
Session Logical Unit Type (1 or 2) LU Type 2
Host Session Name D.HOST1
Session Screen Size (Model Number) Model 2 (24x80)
Host Session n Customization (n = session number)
Session Logical Unit Type (lor 2) LUTypel
API Interrupt Customization
Interrupt Number for API 111
Character Translation Customization
Language for keyboard character set CXI
Source of Keyboard translation tables U.S. English
Printer Customization Panel
Enter LPT1 Escape Sequence:
Enter LPT2 Escape Sequence:
Enter LPT3 Escape Sequence:
Enter COM1 Escape Sequence:
Enter COM2 Escape Sequence:
6 Line/In:
8 Line/In:
6 Line/In:
8 Line/In:
6 Line/In:
8 Line/In:
6 Line/In:
8 Line/In:
6 Line/In:
8 Line/In:
EBCDIC/ASCH Translation Table File Name: CXDPSTDl.XLT
* Generally the default value can be accepted; the printer to be used determine
hese values.
Table F.2 PCOX Workstation Customization Parameters
F-78
-------�
Installation Guidelines
F.7.3.1 Install, Configure, and Test the SNA/SDLC Communications Server (SNA Gateway)
• Generate and Configure 3274 Port on Mainframe
The configuration of the 3274 port is dependent upon local needs and associated
hardware. The presence and number of host print sessions, the number of concurrent ses-
sions to be active per workstation, the total number of sessions available with the gateway,
and the number of concurrent workstation users determine the configuration. A typical
EPA configuration for the LAN 3270 gateway is eight users, each of which has a mainframe
host session and a printer session. In addition to the elements of session configuration, the
method of connecting the gateway port to the mainframe is an important consideration.
The connection can be a remote connection via a synchronous modem using telephone
services or it can be directly attached to a local mainframe (LMF) via a modem eliminator
and attendant cabling. The planning activity includes the preparation of a TSR for the
gateway. This must be done by the LAN designers/planners. The TSR must be submitted
with the LAN Plan so the proper interfaces will be available when the LAN is installed
Telecommunications will gen the gateway controller from the TSR.
• Install and Test SNA/SDLC Communications Gateway
The CXTs PCOX gateway product consists of a hardware component and a number
of software components. The hardware component is an interface board, which resides in
a workstation whose role will be that of Gateway Network Server. The interface board al-
lows attachment of the server as an IBM 3174 or 3274 controller remotely to an IBM 3725
FEP. It can be attached via communications link or modem to a remote IBM or compatible
host
• Install the PCOX Remote Interface Board
The CXI interface card is designed to reside in any slot on an AT type compatible
bus. Current CXI interface cards are self- configuring, require no jumper settings, and
conform to the existing hardware in the gateway server. The interface card may require
an I/O address setting via a DIP switch. Refer to the CXI documentation for appropriate
DIP switch settings.
The CXI gateway is supplied with a modem cable. If not connecting the board to a
modem (DCE device), a null-modem cable may be necessary to attach to another DTE
device. To directly connect to a LMF (Logical Mainframe), IBM Type A PN # 7837395
(ECOA 39478) cable must be separately ordered. After connecting the cables to the ap-
propriate devices, the board installation is complete.
• Install and Configure Gateway Software
The PCOX software is distributed as two sets of disks. These include the LAN
Administrator's Disks, and the Workstation Users' Disks. A set of Workstation Users'
Disks is provided for each port; i.e. from the SMA contract, eight sets of Workstation Users'
Disks are provided. The installer should verify the contents of each of the diskettes
provided by checking the files listed in the documentation with those on the diskettes.
F-73
-------�
LAN Technical Manual
Please note that each Workstation package includes a single diskette, containing a unique
and encrypted User Authorization file. Thus, software for each workstation must be in-
dividually configured and have a unique workstation name and access code. The LAN ad-
ministrator will be responsible for configuring the workstation unique files so that eight
simultaneous users can be active without regard to which workstation authorization file is
associated with what user. (Region 4's implementation follows later in this section).
Nota Bene: Currently installed 3270 SNA gateways using CXI PCOX software have
known software problems which have attendant patch diskettes. Release 12 of the
PCOX/GATEWAY-16 control software and Release 13 of the PCOX/GATEWAY-16
workstation software require PATCH 017, all diskettes. Releases after 12 require patches
to the workstation products and the miscellaneous files software but not to the control
software. Therefore, do not use the PATCH 017 diskette labeled "Gateway-16 Fix for use
with Novell 12A- Affected Products: PCOX/GATEWAY-1612" for later releases. Con-
tact SMA or NDPD before using these or other early CXI PCOX gateway releases.
• LAN Administrator's Disks' Functions
Files on the LAN Administrator's Disks allow the following functions to be per-
formed.
(1) Customizing the gateway Network Server Control Program.
(2) Operating the gateway Network Server Control Program, including:
- Loading the board-level code;
- Establishing sessions with the host and workstation;
- Monitoring the operation and status of gateway; and
- Unloading the board-level code.
Only one executing copy of the Gateway Network Server Control Program is allowed
by the license agreement for each copy of the gateway package.
• Install and Configure the LAN Administrator's Disks
The LAN Administrator should logon the network as the network supervisor to per-
form the following functions. All of the files on the LAN Administrator's Disks should be
copied to the network file server. An appropriate common or public directory should be
set up to contain these files. An example of such a common directory might be:
SYS:PUBLJC/CXI. Details of customizing the Network Server Control Program can be
found in Chapter 12 of the PCOX 3270 Series Administrator's Guide. The following dis-
cussion should be viewed as an overview of the functions of the installation procedure.
Enter the command CXINSFIG CXIGS74A; where CXIGS74A designates the name
of the Control Program to be customized. A copyright screen will indicate the version of
the program running, and prompt for a *Y* to continue.
Upon continuing, the next screen screen displays the hardware customization panel
Additional screens for various functions relating to the network file server, gateway serv-
er, communications link, and host configuration will be displayed. Each of these requires
parameters which should be specified according to the particular configuration. Some of
F-74
-------�
Installation Guidelines
- PCOX/REMOTE Synchronous Serial Interface;
- PCOX3270-FT Software;
- Eight copies of PCOX/ONE LAN Version, for use with eight simultaneous
users on the network.
• Additionally, the SMA contract allows for single copies of the following software
to be purchased:
- PCOX-ONE LAN Version;
- PCOX3270-FT Utility.
Through emulation hardware and software a workstation on the network can per-
form the same functions as the 3270 terminal Additionally, the network workstation can
receive and store files from the host computer, modify or reformat display data, run local
application programs, and send the output to the host computer.
The host computer for an IBM 3270 emulation session can be a IBM System 370,
IBM 308X, or IBM 43XX processor. The 3270 LAN gateway operates over a local or
remote SDLC line and appears as an IBM 3274 controller to the host Because the 3270
emulation is a type of gateway, virtual circuits are established between the host and the
network workstations.
The emulation software allows the network workstation to look as either the 3278 or
3279 terminal The 3278 Model 2 display is compatible with the normal PC display, with
24 lines by 80 characters. The 3278 Model 3 has a 32-line display; and the Model 4, a 43-
line display. To handle more lines or columns than will fit on the workstation display, the
emulation software provides scrolling with the cursor control keys. EPA recommends con-
figuring the workstations as IBM 3278 Model 2 terminals although EGA monitors are
capable of handling the screen capacities of Model 3 and Model 4 terminals.
The 3279s are color terminals. The 3279 display resolution is higher than typical per-
sonal computer display resolutions. Therefore, to use the 3279 emulation on a network
workstation, the 3279 text mode should be used instead of the graphics mode. Alterna-
tively, a 3270 Personal Computer monitor can be attached to the network workstation.
All of the keyboard functions of the 3278/3279 terminals are provided on network
workstations. The gateway software includes keyboard template overlays which facilitate
function key usage.
• The Mainframe SNA Gateway
Although gateways are available to support the X^S and asynchronous communica-
tions protocols, the SNA gateway is the primary LAN to mainframe link. The PCOX 3270
SNA SDLC gateway consists of one hardware component, the gateway's interface board,
and several software components. The PCOX/REMOTE is a synchronous serial interface
board with an RS-232C interface that connects a LAN via synchronous modem to an IBM
3705 or 3725 communications controller. In this capacity, the interface emulates an a
SNA/SDLC IBM 3174 or 3274 cluster controller. The gateway server software,
PCOX/G W-3270, converts the micro-to- mainframe hardware into a LAN gateway. This
makes it possible for PCs on a LAN to communicate with a mainframe. Any number of
F-71
-------�
LAN Technical Manual
gateways can be installed on one LAN and there is virtually no limit to the number of users
on a LAN who can connect concurrently with a mainframe. The workstation software,
PCOX/ONE LAN Version, gives the user access to mainframe applications and files
through 3278/79 terminal emulation; one host session and one DOS session are available.
PCOX/TWO LAN Version supports a host printer session in addition to the same
capabilities as the PCOX/ONE. An additional product provided under the SMA contract
is the file transfer utility software, PCOX/3270 FT. This product allows users to upload
and download data between the PC and the mainframe.
Workstations on the LAN can initiate a 3270 session with the mainframe through the
gateway. To start the session, the workstation simply loads the emulation software. No spe-
cial hardware is necessary at the workstation; the hardware resides in the 3270 gateway
server attached to the network.
Gateways have a fixed number of ports, each of which supports a mainframe session.
Remote gateways come in configurations of from 5 to 64 port versions. The PCOX gateway
on the SMA contract is a 16 session version. One of the gateway's advantages is that as
many as 5 simultaneous mainframe sessions can be active on a single workstation. Depend-
ing upon the user profiles, each session may take up the entire screen or be displayed in
concurrent windows, and users can switch from one session to another. Eight simultaneous
workstation users can use the gateway.
The LAN mainframe gateway requires only one connection between the LAN and
the mainframe. In addition to the significant cost saving incurred over workstation emula-
tion boards and mainframe ports for each connecting workstation, the gateway permits bet-
ter management of communications and mainframe processing resources. The number of
simultaneous sessions from the LAN to the mainframe is limited by the total number of
gateway ports available. As needs for additional mainframe connectivity grows on a net-
work, additional gateways can be added to the network.
• Advantages of 3270 Workstations
Numerous advantages exist for attaching a networked computer as a mainframe 3270
workstation. Among these are:
• The ability to switch back and forth between PC application software on the LAN
and mainframe sessions.
• The ability to capture a complete mainframe session, for later review or analysis.
• The ability to extract mainframe information and manipulate it locally on the
LAN workstation. Small computational work is downloaded to the local level,
reducing the workload on the mainframe.
• The ability to manipulate downloaded mainframe data with personal computer
application programs. Not only does this save in mainframe costs and resources,
but PC applications are typically easier to use and are often more sophisticated
for specific applications.
F-72
-------�
Installation Guidelines
option for the other. Two operating system configuration numbers are available for each
configuration - 0 and 2 for primary, and 1 and 3 for alternate. No two token ring adapters
to be installed in the same file server or bridge may have the same configuration number.
Switch settings for these configurations are indicated in the Novell NetWare Installation
Supplement for IBM PC Token-Ring Network.
If you are installing a network adapter other than Token-Ring, you will need to refer
to the instructions for the adapter as well as the Novell Netware Installation Supplement
for that particular adapter.
The NetWare operating system will now have to be reconfigured using the GENOS
utilities. Detailed instructions on configuring the NetWare operating system are given in
Chapter 2 of the NetWare 286 Installation Manual. Care must be exercised during this
process to specify the correct configuration numbers for the different boards installed, and
to select a configuration option that provides the same Interrupt Request, Base I/O Ad-
dress, etc. that have been set on each of the adapters. Once this process is completed, the
newly-configured NetWare operating system (the NETSOS.COM file) will have to be in-
stalled in the server (bridge) using the INSTALL routine provided with NetWare.
Testing of the internal bridge can be accomplished by accessing from a workstation
on each network the servers on the other networks. Messages can also be sent from a
workstation in one network to workstations in other networks connected by the bridge.
It must be noted that the internal bridging capability that is currently available in
Novell NetWare is restricted to bridging networks which operate under Novell NetWare
but use different networking hardware. If, for instance, the server (bridge) is connected
to a network which operates under a different networking software, then access to that net-
works server would not be possible. However, any workstation on that non-Novell net-
work can be made a workstation on the Novell network, by rebooting it with a Novell
workstation shell (specially gen'ed for the networking hardware in the workstation).
External bridging is accomplished by running special bridge software in a worksta-
tion, and connecting the networks you wish to bridge to that workstation. Each external
bridge can be can connect up to four networks. More information on this will be made
available in future updates of this document
F.7.2 Asynchronous Communications Server
The asynchronous communication server (ACS) is a dedicated personal computer
with adapter cards that provide both incoming and outgoing asynchronous services to all
network users. An ACS controller board can have four or more ports available to users.
The principle use of the ACS is to provide access to the Agency E-Mail System. A secon-
dary use is to pool communications resources; fewer modems and communications lines
serve more users.
The ACS connects with another computer through its ports by use of modems and
dial-up telephone services or by an RS-232 serial cable, using the modem eliminator wiring
F-69
-------�
LAN Technical Manual
convention. Equipment involved in asynchronous communications on a network includes
the following:
• An asynchronous communications server, which is typically a dedicated worksta-
tion on the network;
• RS-232 serial ports. Up to three ACS cards, each with four serial ports may be
installed and used simultaneously on dedicated ACS server by other workstations
on the network;
• The Novell ACS package. This software allows terminal emulation and file trans-
fer on network workstations to other computers connected to the dedicated ACS
server.
Several types of terminals, including the DEC VT100 series and the IBM 3101, are
widely used. If a workstation desires to connect to a host computer to run an application
that interfaces with a VT100 terminal, the workstation can configure the ACS software to
emulate this type of terminal to communicate interactively with the host The ACS through
NetWare ASCOMIV software can emulate VT100, VT52, VIEWPT, ADM3A, DASHER,
HAZ1500, TV1912, and IBM 3101 terminals. Dial-in capability is provided by PC
ANYWHERE and ATERM software in conjunction with the Asynchronous Communica-
tions Server. . ,
F.7.2.1 Install, Configure, and Test Asynchronous Communications Server
The asynchronous gateway on the SMA contract is Novell's ACS. This product has
been installed in Region IV and has severe deficiencies in the current release. The outgo-
ing communications (supported 'by ASCOMTV) is relatively solid. The incoming com-
munications, for all intent and purpose, does not work. The Agency is evaluating this
situation and the vendor of the ACS on the SMA contract, Novell, has announced a re-
placement package. When a final decision has been reached regarding the asynchronous
communications software, installing, configuring, and testing will be addressed in this docu-
ment
F.7.3 SNA/SDLC Communications Server (SNA Gateway)
The most popular type of mainframe terminal is the full screen 3270 series from IBM.
The 3270 terminals are used in on-line, interactive sessions with an IBM type host com-
puter. The Agency mainframe host is an IBM 3090 and the distributed hosts are IBM 4381
processors. The most efficient terminal access to these systems is the 3270 full screen,
synchronous terminals. This service is provided to network users via the 3270 SNA com-
munications gateway. The hardware and software available through the SMA contract for
3270 type communications on a network includes the following.
• A dedicated 3270 SNA communications server. The gateway on the SMA Con-
tract currently requires an AT-compatible bus. This gateway server is not suited
to be used as a user workstation on the network because of memory and process-
ing requirements. Also, there is a potential problem of a user hanging the serv-
er PC and crashing all terminal sessions to the mainframe.
• CXI PCOX 3270 Communication Server Package:
- PCOX/GW-3270 IAN Gateway Software;
F-70
-------�
Installation Guidelines
the alternate printers. Print the sample document on each of the alternate net-
work printers.
(7) Repeat steps 1 through 6 for each workstation and user (or user login from each
user group) that will have access to the network.
(8) Use the FLAG command on a file to provide Non-sharable Read-Write security
(e.g. "FLAG file name.txt NSRW). Have users at two workstations attempt to
access the FLAG~ged file concurrently. NetWare should provide the second user
an error message.
If any problems are diagnosed, use the guidelines outlined above, and consult the
program's documentation to correct the problem and attempt the file or resource access
again. Repeat these procedures until all file, printer, or other resource accesses work as
expected. If you cannot resolve a problem, contact NCC User Support. They will route
you to the person who can best help you.
• Data Base Management Systems
(1) Log on each successive workstation as a different user.
(2) At each workstation, and under each user logon name, load the database program.
(3) If application programs are available for the database program, run each of those
application programs in turn. If an application program is not available, then
create a simple database for testing purposes, preferably in a directory created
for the purposes of storing database files.
(4) Because databases are more fixed to a particular directory than document or
worksheet files are, you need to only check whether records can be added to the
database and written to disk in the default database directories. Check that only
users that have been granted write access have the capability to update records,
and that users with read/only access are denied the ability to update records.
(5) If running an application program, select the print option to print the sample data
entered to the default network printer. If creating a sample database outside of
an application, use the appropriate command line syntax to re-route the output
to the default printer.
(6) If there is more than one printer attached to the file server, use the QUEUE com-
mand to change the default network printer, or re-route printer output to one of
the alternate printers. Print the sample data on each of the alternate network
printers.
(7) Repeat steps 1 through 6 for each workstation and user that will have access to
the network.
If any problems are diagnosed, use the guidelines outlined above, and the database
or program application documentation to correct the problem and attempt the file or
resource access again. Repeat these procedures until all file, printer, or other resource ac-
cesses work as expected.
F-67
-------�
LAN Technical Manual
F.7 COMMUNICATIONS TESTS
Connectivity among all Agency computer resources is a strategy goal for the Agen-
cy. Connectivity to a mainframe and the Agency E-Mail System is considered an integral
part of establishing networks within the EPA environment A network should not be set
up just to establish connectivity with Agency mainframes, but if there are valid justifica-
tions for networking, the Network Installation Plan should include consideration of the
best method for establishing mainframe connectivity.
The purpose of this section is to configure and test the telecommunications links that
will exist on the local area network. The different links that can exist on the LAN include
the following:
• Novell LAN-to-LAN Bridge
• Asynchronous Communications Server
• SNA/SDLC Communications Server
F.7.1 Novell Bridge
Bridges make separate physical networks look as one logical network. Bridges link
one physical local area network with another physical local area network. Bridges can have
several configurations: bridges can be internal or external and bridges can be local or
remote.
Internal and external relate to the subject LAN topology. Internal indicates that the
bridge shares the same processor as the file server. External indicates that the bridge
resides on a separate workstation. External bridges can either be on a workstation dedi-
cated to that bridge, or they can be on a non- dedicated workstation, implying that the
bridged computer is sometimes used as a network workstation, EPA recommends that all
external bridges be on dedicated workstations. Multiple physical networks can be inter-
nally bridged in a single physical personal computer.
Remote and local bridges indicate the type of communication between networks.
Local bridges link networks that are physically close enough to be linked by cable, either
coax or twisted pair (Type 1 or Type 3 cable). Remote bridges link networks through
regular telephone service via modems or through leased lines such as Tl carriers.
The Agency recommends the use of external bridges for large networks since the file
server functions are generally critical to the performance of a network and are impacted
by sharing the processor with a bridge's functions.
F.7.1.1 Install, Configure, and Test Novell Brtdg*
Internal bridging is accomplished by putting multiple network boards (up to 4) in one
file server. This allows one to connect up four like or unlike networks simultaneously. No
additional software besides Novell's Advanced NetWare (Version 2.0 or above) under
which the server operates is necessary.
If you are installing two Token-Ring adapters in the same file server or bridge, you
must use a primary configuration option for one adapter and an alternate configuration
F-68
-------�
Installation Guidelines
mand sequence, such as the SET ALTERNATE command at the dot prompt while the
program is running.
If dBase applications are to be loaded on the file server; they should be copied into
the appropriate public directories. Read the application documentation for information
regarding whether directory location of applications can be configured from within the ap-
plication program, or whether the application will assume that both the dBase program
and the application program files must co-exist in the same directory.
Many dBase applications programs require that default directories for data files be
designated, and that the databases for the application be initialized prior to using the ap-
plication. Consult the dBase application documentation for specific directions for initialig-
ing databases.
Of primary concern when running dBase applications on a network is whether the
application itself was written intentionally for running on a network. dBase in Plus in-
cludes commands in its programming language designed to provide record LOCKing and
UNLOCKing functions. Any dBase application program written prior to the introduction
of dBase m Plus could not be written specifically for network usage. If the application
programs allow modification to the source code record locking can be added to them. Use
of database applications, or any database in command mode under dBase, that does not
make use of record locking should be governed cautiously. Simultaneous record updates
by multiple users, or modification of database structures can quite easily result in a cor-
rupted database. Additional information for application developers is available in the Ap-
plication Engineering Guide.
F.8.4.3 Application Program end Data File Security
After all application programs have been loaded, configured and initialized, file .
security for sharable and non-sharable files should be set up. The NetWare FLAG com-
mand provides a means by which individual files' or entire directories' attributes can be
specified. A complete description of the FLAG command can be found in the NetWare
User Reference, Part III: Command Line Utilities manual. Use the FLAG utility with cau-
tion; never change a file's attributes while another user is using this file. The parameters
available for use on files or directories with the FLAG command include (the letters in
brackets indicate acceptable abbreviations for the command parameters):
• [N] NORMAL - File attributes will be Non- Shareable, Read/Write. These are
the default attributes of a network file. This is the default security.
• [S] SHAREABLE - More than one user may access the file at a time.
• [NS] NON-SHAREABLE - Only one user may access the file at a time. (Default
- implied by [N])
• [RW] READ/WRITE - Users may read the file and write to, or modify the file.
(Default - implied by [N]; exclusive from [RO])
• [RO] READ/ONLY - Users may only read the file; they cannot modify it (Ex-
clusive from [RW])
F-65
-------�
LAN Technical Manual
Examples of each follow.
• FLAG/LOTUS/".* SRO - makes all files in the /LOTUS directory shareable,
and read-only.
• FLAG /PROJECT1/V N - makes all files in the /PROJECTl directory non-
shareable, with read-write access.
Note that if a user's Effective Rights do not allow access to a directory, then the file's
attributes will not have any significance for that user. However, if a user does have com-
plete rights to files in a directory, the file's attributes will take precedence over the user's
Effective Rights.
F.6.5 Verify Operation of Application, Including Mum- User Access and Resource
Utilization
After all application programs have been loaded, configured, and initialized, and the
appropriate file attributes have been specified, a systematic check of application program
functions and resource access should be made prior to general use of the applications by
network users.
The steps involved in verifying proper application and printer access functioning are
somewhat tedious, but do not require a great deal of time and effort, especially when com-
pared to the time, effort, and frustration that can result from tracking down an application
problem once users are using the network. The procedures for checking out program func-
tions for each of the three types of applications described in this document are summarized
below. For verification of multi-user file access, it will be easier if you obtain the help of
a co-worker so that each can us a workstation, and any error messages can be reported.
• Word Processing and Spreadsheets
(1) Log on each successive workstation as a different user.
(2) At each workstation, and under each user logon name, load the word processing
program. If may users are on the user list, then one user login from each user
group would be a sufficient test
(3) Create a simple document for testing purposes.
(4) Save the test document in each of the public, shared, and private directories avail-
able on the network. Check to be sure that the document saves correctly in the
directories that user has appropriate rights to; and that the document is not saved
in the directories for which that user does not have write access.
(5) Print the sample document to the default network printer and to a local printer,
if available.
(6) If there is more than one printer attached to the file server, use the QUEUE com-
mand to change the default network printer, or re-route printer output to one of
F-66
-------�
Installation Guidelines
accommodate the needs of different workstation displays and display adapters. If this is
done, each workstation can access separate copies of the program configured specifically
for the appropriate workstation display type.
Obviously, loading multiple copies of software is more costly and takes up valuable
disk space. When an application allows, create multiple versions of configuration or setup
files with different names. When and application is to be loaded, copy the appropriate con-
figuration or setup file to the valid name expected by the application using DOS batch files.
The standard EPA menu system provides an example of application batch file execution.
• DATA BASE MANAGEMENT SYSTEMS
dBase requires no special configuration per se. However, before the program can
be executed, a program called "ID" must be executed. On the first copy of dBase, enter the -
owner as the EPA. This program will also prompt for the serial number off of the distribu-
tion diskettes. Existing Agency copies can be used; simply load the software on the file
server and enter the existing serial number. This procedure ensures that you have pur-
chased original copies of the distribution diskettes, and configures the program to indicate
the owner of the application. Note that these copies should not be used on other PCs.
Other database management programs may have separate configure utilities that re-
quire more specific information regarding program file directories. Consult the installa- \
tion documentation for the application program you have loaded on the file server for
detailed instructions.
F.6.4.2 Program Initialization
In addition to running a configure program prior to executing an application, many
packages have "setup" options which allow the specification of certain default parameters
that pertain to normal program usage. These parameters are loaded as the current
parameters each time the application is executed. Applications that do not have particular
menu items specified for "setup" often have default selection procedures built into different
program aspects. A general discussion of the initialization procedures for each of the three
types of applications covered in this document; word processors, spreadsheets, and
database managers, are described below.
• Word Processors
The most prevalent default configuration option specified for word processing
programs is the printer type. A separate "printer install" program is included for some ap-
plications; for others, the printer is defined during the initial configuration program, or op-
tions may be built into the program to allow specification of the current default printer(s).
Depending on your word processor, one or more printers may be selected from a list of
available printer drivers to be used as the default printer configuration. Only one printer
can be specified at a time to be the current printer for any .program, though additional
printers may be specified as alternate printers with some word processors. Other
parameters that may be available for printer configurations include:
- Page length
- Top and bottom margins
- Page number type and positions
F-63
-------�
LAN Technical Manual
- Justification
- Widows (minimum number of lines from a paragraph allowed at the top of a
page)
- Orphans (minimum number of lines from a paragraph allowed at the bottom
of a page)
Additionally, some word processors allow the page format and other command
keyboard sequences to be defined by the user. If a standard set of keyboard command se-
quences has been specified for use on your network, these keyboard sequences should be
configured prior to network use of the program.
If current documents, boilerplates, or style sheets are needed for use on the network;
they should be loaded into the appropriate shared, public, or private directories.
• Spreadsheets
Lotus and other spreadsheets require little printer configuration; they are designed
to work with most printers. Any printer control sequences that are necessary for print for-
matting are entered in the Printer Setup menu options. Most of the other global configura-
tion options are set to valid default values upon initial program execution.
Users with Write Access to the spreadsheet program directory can update the default
printer setup control sequences at any time. As different network printers are specified
on the file server, the network supervisor or network users may need to specify different
printer setup control sequences. Program and configuration files can be protected against
corruption by use of the FLAG utility (refer to the section on Application Program and
Data File Security below, section 5 of this guide, and the NetWare Command Line Utilities
manual).
As with word processors, if any worksheet data files currently exist that will be used
on the network, they should be loaded into the appropriate shared, public, or private serv-
er subdirectories. As describe in the section on Application Program and Data File
Security and the section on Application Software Categories, the FLAG command can be
used on files in public or shared directories to protect against multiple concurrent acces-
ses of the same file.
• Database Management Systems
dBase ffl Plus requires no menu configuration for default printer, directories, or
other parameters. Unlike most word processors and spreadsheets, dBase can be driven by
either a menu, via the Assist function, or the command line, by typing commands at the
"dot" prompt.
The default configuration that is used when the program is initially loaded into
memory is read from a file called "CONFIG.DB" in the current directory. This file con-
tains information used by dBase which indicate the default values for parameters such as
the program editor to be used, the state of the status and indicator lines, the state of the
application generator, and various other parameters. A complete description of the op-
tions available to be included in the "CONFIG.DB" file can be found in the dBase IE
reference manual. Other options, such as output routing can be specified by typing a com-
F-64
-------�
Installation Guidelines
EPA requires that if the dBase application was developed outside of your installa-
tion, then the application must allow that the application program files and database files
can be stored in directories separate from the dBase program itself.
F.6.3 Loading Applications Software
When installing an application program on the server, make sure that no other users
are on the network. Because the proper installation of application programs is a critical
step, it is best not to have other users accessing the file server which may add unnecessary
complications. The LAN Administrator must establish a software install and upgrade pro-
cedure that will minimiTg interference with normal network use.
"
For example, if installing a new version of an accounting system, and other network
users are using the old version of that software during the install procedure, data could be
lost due to copying new configuration files during the installation.
There are basically two procedures for loading software onto a file server. Some ap-
plications either require or suggest the use of a provided "install" utility. This "install1
program will typically perform functions such as creating the necessary directories, copy
the appropriate files to the directories, and perform some application configuration. Other
application packages provide no "install" program, but rather require that the programs on
the distribution diskette(s) be copied to the appropriate directories on the hard disk (file
server).
Before attempting to load an application program on a file server, read the program's
documentation. Typically, a section is provided explicitly for installing the software on a
hard disk and/or network. It is usually best to follow the installation instructions provided
in the manual. Also, the documentation should indicate whether the program files need
to be loaded into a specific directory. Most applications that do require specific directories
will also provide an "install" utility to aid in ensuring the appropriate directories are created,
and files are loaded in the correct hard disk directories. None of the programs mentioned
in the section above (WordStar, WordPerfect, MultiMate, DisplayWrite IV, Lotus, or
dBase HI Plus) require that the program files reside in any specific directory.
To load an application on the file server, the following steps should serve as a guide.
(1) Log in to the network as the user SUPERVISOR, or as a user with appropriate
directory trustee rights,
(2) Change to the appropriate directory, using the DOS command "CD \direc-
tory_name". This directory should already exist on the file server (refer to Section
5 of this document and the NetWare Basics manual for information on designing
and creating the server directory structure).
For programs without auto-install procedures:
(3a) Insert the first program disk in floppy drive A; and type the DOS command
"COPY AiV". This will copy all of the files from the floppy to the currently
logged file server directory.
(4a) Repeat step 3 for each program distribution diskette for the application.
F-61
-------�
LAV Technical Manual
For programs with auto-install procedures:
(3b) The program documentation should indicate the name of the program to run to
initiate loading the application on the hard disk. Typical install program names
are "INSTALL" or "HINSTALL". Not all programs on distribution diskettes
named "INSTALL" will actually copy the files; certain applications have "IN-
STALL" programs intended for configuration of the application after it has been
copied to hard disk. Read the installation documentation to be sure. Some in-
stall programs require that the logged drive be changed to floppy, while other
programs require that the hard disk be the currently logged drive. Additionally,
some install programs will require command line parameters, typically to indi-
cate the target drive for installation. An example of this might be: "AjINSTALL
C". Also, certain install programs, when executed will prompt for the target drive
and directory.
(4b) Generally, most install programs will simply copy the appropriate files to the
hard disk. When required, the install program will prompt for you to insert the
appropriate distribution diskettes in the floppy drive to complete the copying of
files to the hard disk.
F.6.4 Initializing Data Bases
F.8.4.1 Initial Application Configuration
Most application programs, when first loaded to a hard disk, require that a configura-
tion program be run prior to actually executing the application. The programs mentioned
in this document (word processing, spreadsheet, and database management) all have dif-
ferent configuration needs. Refer to the program's installation documentation for the
name and instructions for the configure program.
• WORD PROCESSORS
Word processors typically need to be informed of the types of printers available for
the document Some word processors allow for multiple printers to be configured for the
application, and the user can select among those available at print time. Other word
processors allow specification of the default document directories. For use on a network,
when default directories are required, public directories may be the easiest method of
maintaining document storage compatibility among users. Certain word processors include
utility programs that will perform specific tasks, such as speeding up the keyboard. Note
that some of these utility programs will hinder proper functioning of the word processor
over the network. Fore example, MultiMate Advantage is shipped with the keyboard
speedup enabled. You must change this default for MultiMate Advantage to work over
the network.
• SPREADSHEETS
Lotus as well as other spreadsheet programs requires that a configuration program
be run prior to executing the application. The most important function of Lotus' configura-
tion program is to install the correct screen drivers for use with the application. This means
that if monochrome and color graphics adapters are on different workstations, multiple
copies of the Lotus program or setup files may need to be loaded on to the file server to
F-62
-------�
Installation Guidelines
propriate current printer. Users may also have the rights to temporarily route print output
to alternate printers with the QUEUE facility.
Also, the EPA MENU facility includes an option for user to specify the SPOOLING
output to be routed to any of the attached network printers. The SPOOLed output can be
reassigned from the NetWare MENU system.
F.6.1.4 Printer UM and Maintenance
One final consideration deals with the networked printers themselves. Printers will
regularly run out of paper. Laser printers require special consideration, because of the
small amount of paper typically allowed in the input paper tray. Laser printers have an ad-
ditional problem: the output tray also has a limited capacity. Paper jams can occur in any =
type of printer, and ribbons or toner cartridges will need regular replacement on printers.
When used as local printers, it is obvious when one or more of these problems occur; but
when used on a network, the problems can exist for a long time before network users be-
come aware of them. The NetWare QUEUE facility display indicates which print job(s)
are in progress and which jobs are in queue. If, by examination of the QUEUE display, it
appears that any one job is taking too long to print, then printer problems may be suspect
F.6.2 Applications Software
There are three primary classifications of software that will be loaded on a network
file server. They are: word processors, spreadsheets, and data base management systems.
Additionally, data base management system applications, such as the CERCLIS Wastelan
program may be loaded on the network file server. ,.
F.6.2.1 Word Proceaaore
One of the most common uses of personal computers is word processing. It is rare
that more than one person would need to update the same file at the same time. If it is
questionable whether more that one person may access a document simultaneously, the
document can be protected against corruption by using the NetWare FLAG facility. For
this reason, the use of single-user word processors on a network should work without
problems.
The network file server should be used to store the program files for the word proces-
sor, and the document files created by each user. The placement of the program files may
be dictated by the application program itself, but more likely the location can be deter-
mined by the server directory structure designed by the network supervisor. Document
files should be stored either in user private directories on the network, in shared data direc-
tories on the network, or on the user's personal system, depending on the document. If
multiple users will be using documents stored in public directories, the documents can be
protected by using the NetWare FLAG command (refer to Section 5 of this guide and the
NetWare Command Line Utilities manual). If the FLAG command is executed with Non-
Sharable Read-Write (NSRW) prior to working with a document, the first user will have
normal access to the document, but subsequent attempted accesses by other users will
receive a NetWare message indicating the file is in use. After the original user finishes
with the file, another user can access the file.
F-59
-------�
LAN Technical Manual
Several different word processors are available to run on the Novell network. Those
available on the EPA SMA contract are: WordStar (MicroPro), WordPerfect (Word-
Perfect Corporation), MultiMate (Ashton- Tate), DisplayWrite 4 (IBM), and Leritype
Plus. These word processors will be supported by EPA,
Some word processors make use of style sheets, or boilerplates, useful in preparing
documents in a common format If available, style sheets should be placed in common, or
shared directories, so that different users can have access to them. This will enforce more
consistency among users for document formats.
Quite often, users on a network will work on preparing documents by storing them
in private directories. When documents are completed, they can be placed in a common,
or shared directory for final review by the appropriate users.
F.6.2.2 Spreadsheets
The agency standard for spreadsheet use is Lotus 1-2-3 (Lotus Development Cor-
poration). This program has set the standard by which all other spreadsheets are judged.
The Lotus program files should be loaded in the Lotus directory, and worksheet files should
be stored in separate private or public data directories or on the user's personal system.
Use of a spreadsheet program on a network may be similar to that of word proces-
sors. Individual users may prepare worksheets in private or public subdirectories; then
perhaps share the worksheets with other users for review or additional modifications by
placing them in shared directories. Refer to the paragraphs above on Word Processing for
information on file protection.
Additionally, shared directories will allow commonly used spreadsheet templates
and macros to be available to other users. These shared templates or macro routines can
save users a lot of time by having access to commonly used functions. More and more fre-
quently, applications are allowing the incorporation of Lotus worksheet data directly or
through special DIP files. The use of data shared between applications can be made easier
by storing such data in shared, or public directories.
F.6.2.3 Data Base Management Systems
The most popular database application development system available on microcom-
puters is dBase (Ashton-Tate). Many single-user Agency applications have already been
developed to run under dBase. Additionally, dBase allows development in a networking
environment
Beginning with the version of dBase called dBase m Plus, special distribution dis-
kettes (the Administrator diskettes) are provided by the vendor to allow use of dBase on
a network. dBase m Plus allows multi-user access including updates todata files, with
record locking, across a network.
If a dBase application is being developed internally, then the application developer
can stipulate, either through configuration options, or by direct coding, which directories
the developed program code, application programs, and data files are to be stored.
F-60
-------�
Installation Guidelines
Novell NetWare provides sharing of printers connected to the file server. There can
only be up to three serial ports and two parallel ports. These printers are known to the
operating system as COM1: through COM3: and LPT1: through LPT2:. PC/MS-DOS also
recognizes the PRN: syntax as the default print device. NetWare redirects print output
from an application by routing the output through the spooler and to the appropriate
printer port. The default printer port is configured in the NetWare QUEUE command;
but output can also be routed by a user to another printer port (refer to Section F.4 of this
chapter, and to the NetWare Command Line Utilities manual).
(1) Direct Hardware Access
Most application programs will send output directly by an PC/MS-DOS call to the
PRN: or LPTx: device. Some application programs send output to the print device by ac-
cessing the printer via low-level BIOS system calls. NetWare is capable of intercepting
these low level calls and routing them to the appropriate printer. However, if an applica-
tion directly access printer port hardware on a local workstation, there is little that can be
done to get that application to use a network printer. Typically, applications access local
hardware printer ports when configured to work with serial printers (COM1:...COM3:),
but use standard MS-DOS or BIOS interface calls when configured to work with parallel
printers. Even if a serial printer is designated as the current printer on the file server, it is
possible to get the application to work by configuring for a parallel printer, and reassign-
ing the printer port on the server by use of the NetWare QUEUE command (refer to the
NetWare Command Line Utilities manual).
(2) Application Buffering
Occasionally, an application software program will have its own print spooler. For
example, many word processors will buffer output while allowing the user to continue edit-
ing a document These programs will sometimes check the hardware directly for printer
status information that is not available from MS-DOS or BIOS. If the application allows
disabling the print spooler (or print buffer), doing so may alleviate any possible problems.
The network printers are controlled by the NetWare Spool program, so buffered printing
is automatic when printing on networked printers.
Some applications allow printing to either a printer or a file. If you are having trouble
printing to a printer, try printing to a file; then copy the printed file to the network printer.
After the application has printed to a file, this can be done by typing: 'NPRINT file_nameff
or by issuing the 'COPY file_name LPT1:' command. More preferably, users can use the
NetWare SPOOL command to send files directly to the network spooler by typing: 'SPOOL
file name' (refer to the NetWare Command Line Utilities manual).
(3) Network Filtering of Control Codes
If an application program sends control codes to a printer in order to perform spe-
cial functions, some of these codes may have special significance to the NetWare queue
facility. This occurs most frequently when attempting to print graphics images or use sper
rial printer functions (such as microspacing, superscript, or subscript) on a network printer.
Graphics images and special printer functions send a variety of control codes, and it is pos-
F-57
-------�
LAN Technical Manual
sible that strange effects may occur if specific character sequences are sent to a networked
printer. If you experience problems, try the problem print commands on a local printer
attached to a workstation. If the printing works correctly, then the problem is likely to be
control code interference over the network. NetWare does not perform much print com-
mand filtering and this type of problem should be minimal, if at all; however, several com-
mand sequences do control the queue parameters for networked printers.
(4) NetWare Formatting Conflicts
An additional problem can occur when a print job is not formatted correctly. This
can be caused by unmatched print parameters between the NetWare QUEUE facility, the
networked printer settings, and the application program settings for printing. Most ap-
plication programs will attempt to control the print output format internally; therefore, the
easiest solution is to reset the network printer to default configuration parameters, such
as single space, page length, etc If problems still persist, the application program print
parameters can be adjusted to accommodate the network printer's settings. Typical
parameters that can cause problems if the settings are in conflict include:
- Page length (66 lines for an 11 inch page is standard);
- Line length (80 character lines are standard); and
- Margins, Borders, and Page Offset (the printer and spooler should be set to
the physical limits of the paper being used; e.g. top and bottom margins of 0,
left and right borders of 0, and page offset of 0).
(5) Application Conflict in Printer Parameter Setting
A major concern of the use of shared network printers is an application's use of spe-
cial printer functions. Many application programs, such as word processors will send the
printer special codes to indicate boldface, condensed print, or other special features. Most
printers, once a special mode has been set, will remain in that mode until either explicitly
reset with another control code, or physically reset by turning the printer off and back on.
When an application does not reset special printer functions, another user may attempt to
print, only to find that the output is not formatted correctly due to the prior print format-
ting commands. While this is true for standalone computers, it is more of a problem in a
networked environment
The most common type of application that frequently uses special printer commands
is the word processor. Spreadsheet programs, like Lotus, will also allow users to send spe-
cial printer commands, such as condensed print, in order to print more information on a
page. Database programs, such as dBase ffl Plus, allow special printer control commands
to be sent, but are seldom used in database applications.
Most application programs will send a minimum of print formatting commands to
printers. In order to accommodate different types of printers, most applications contain a
configure utility or menu which allows the selection of the type of printer currently being
used. If a network server has several different types of printers attached, then many of the
application programs may need to be re-configured to operate correctly with the ap-
F-58
-------�
Installation Guidelines
when attempting to adapt single-user application software to run under the NetWare
operating system. These include:
(1) Copy protection (including Lotus versions 1 and 2 as described above);
(2) Simultaneous file updates;
(3) Disk accesses; and
(4) Printer and resource sharing.
Several problems exist when attempting to run a single user application on a network.
They are:
- Concurrent access and update to data files
- Sequential program configuration or profile updates
- Application temporary file information updates
The first problem involves updating a data file that two or more users are working
on simultaneously. If the application program was net designed for multiple users, chan-
ges made by one user can be lost if the file is later written to disk by another user. The
typical scenario might be: User 1 and user 2 both load an application program; both users
also load the same data file or document; user 1 makes changes to the file and writes it to
disk; user 2 makes changes to his copy of the original file and later writes it to disk, over-
writing the file as modified by user 1. User 1's changes are lost
The solutions to this problem in a networking involvement center around organiza-
tion. When files are to be shared by single user applications, communication between users
about current work files becomes critical. The use of the FLAG facility to make data files
Non-Sharable is crucial
The second problem involves application programs that load configuration files upon
initiation. For example, a program may behave differently if configured with a monochrom ?
versus color monitor. Some applications allow users to configure default parameters or _
user profiles that will be in effect upon subsequent loads of the program. There are three
methods of handling this type of situation. First, if the applications allows specifying dif-
ferent configuration or profile file names, then each user can set up a separate configura-
tion or profile file in the application directory, and load the configuration file when the
program is up and running. Second, if the application will load and run successfully if ex-
ecuted from a directory other than the application directory, then each user may be able
to save the default configuration or profile file in a working subdirectory, and when the ap-
plication is loaded the configuration file is read from the current directory. Third, each
user can be provided with his or her own copy of the software in a private network direc-
tory. The last recourse is the least preferable; it may not be possible due to licensing restric-
tions, and it will consume extra file server disk space.
The third problem exists with certain application programs that write temporary files
to disk during execution of the program. If two or more users are accessing this type of ap-
plication simultaneously, then one user's temporary file can become corrupted by another
user. Two possible solutions to this problem include:
F-55
-------�
LAN Technical Manual
(1) If the application allows specification of data file directories, then each user can
specify different directories after the program is loaded (or in the configuration
parameters at discussed above).
(2) Access to the program can be restricted to one user at a time.
If you are not sure if a particular application program writes information to disk
during execution, conduct an experiment by loading the application into a read-only or
write-protected subdirectory on the file server, and run the application. If the program
functions without problems, it does not need to write to the disk, and can be shared over
the network among multiple users, within license and copyright provisions.
If the suggestions above fail to solve multi-user access for a particular application,
the problem can usually be avoided by loading separate copies of the application on the
user's workstation disk drive. This is not recommended for most applications. If licensing
and technical issues can be resolved, having one copy of an application on the file server
is the preferred method because less disk space is consumed by the application and main-
taining application revisions and updates is less complicated.
F.6.1.3 Printer Sharing
Spooling is the method by which multiple print jobs can be submitted to a shared net-
work printer. As each job is submitted, it is placed in a queue. Print jobs can be added and
removed from the queue, and the print job's priority can be changed.
Novell provides "SPOOL," a resident program which intercepts normal printer out-
put from programs and routes it to the network printer. Routing stops when the
"ENDSPOOL" command is issued.
Most applications, whether or not they are shared applications, will work with the
network print method described above. The problem areas that can occur, depending on
how the application communicates with the printer, include the following:
• Direct hardware access by the application (uses non- standard DOS print func-
tions);
• Network software filtering of control codes (application print formatting com-
mands are not passed by the NetWare print facilities);
• Network software interjection of control codes (NetWare printer commands con-
flict with the application formatting commands);
• Conflict between the network and application print buffering (an application that
uses non-standard DOS functions to buffer output may conflict with the NetWare
spooler);
• Non-release of shared printers by the application (an application does not issue
the ENDSPOOL command necessary to release the spooler for subsequent print
jobs); and
• Setting of printer parameters by different applications (one user sets the printer
to condensed print, does not reset the printer at the end of the job, and the next
person's memo is printed in condensed instead of normal type).
F-56
-------�
Installation Guidelines
This will differentiate them from standard application programs, such as Lotus, MultiMate,
and dBase.
Differences in single user versus network usage of any particular application software
program should be documented and if necessary, users should be given a demonstration
or training on the use of applications on the network. Additionally, the network supervisor
should be responsible for ensuring that application software copyright or licensing agree-
ments are not violated by multiple users accessing a single copy of certain software.
Benefits of using application software on a network include sharing data files and system
resources, such as printers, and having to pay for fewer copies of some software. It is the
supervisor's responsibility to ensure that multi-user data files and shared printers and other
resources can be properly accessed by all network application software packages.
F.6.1 Install Software on Server and Workstations
After directories, users, passwords, and rights are defined, the application files you
plan to use (word processors, spreadsheet programs, etc.) must be loaded into the ap-
propriate directories. File rights, if necessary, should be set up. Issues of concern to the
network supervisor include:
• Vendor and publisher agreements that pertain to the number of users accessing
an application program simultaneously. ,
• Whether or not the application software is designed to be used in a multi-user
environment
• Actual installation and configuration of application software on the file server.
• Modification of multi-user software file rights to allow application files to be
shared.
F.6.1.1 Vendor and Publisher Agreements
Software vendors have always tried to protect their investment in developing applica-
tion software. This is accomplished by imposing either physical or legal methods which re-
quire that their software is used as intended. The physical method of protection is known
as copy protection. Two legal methods of protection are license agreements and the
copyright laws. One additional type of vendor-user arrangement that has become
prevalent is the "shareware." Though not as strict as licenses, shareware software and some
public domain software generally requires that users pay a small fee register use of software
in order to obtain software upgrades and support from the vendor.
• Copy Protection
The use of copy protection in the MS-DOS arena has been declining, most of the best
selling MS-DOS software packages are not copy protected. Some methods of software
copy protection and their use in a network environment are described below. In general,
it is best to avoid copy protected software altogether, unnecessary problems often result
from its uses, especially in a network environment However, in some situations, suitable
non-protected software may not be available, and use of copy-protected may be un-
avoidable.
• Key Disk Schemes
F-53
-------�
LAN Technical Manual
Some copy protected software allows the software to be loaded onto a hard disk, even
a network file server; but requires insertion of a "key disk" in the local floppy drive before
the application will run. Since the "key disk" cannot be copied, only one user can run the
software at a time. Some vendors may allow users to purchase additional "key disks" which
would allow multiple users to run the software simultaneously. Generally, vendors will
supply additional "key disks" only if they agree to have their software used over the net-
work. Otherwise, entire packages have to be purchased for each user or the key disk(s)
must be passed around.
• Hard Disk Protection Schemes
As hard disks became more popular, users complained about the use of "key disks"
in running applications. Vendors began to use a form of copy protection that loaded the
application software onto a hard disk and did not require the use of "key disks." Such
protection methods generally employ some form of physical protection related to the struc-
ture of the hard disk media. Such protection methods use low level details about the hard
disk organization that may not be duplicated on a file server. For example, the protection
scheme may directly access the hard disk controller, bypassing the operating system and
not allowing the NetBIOS software to work correctly; or may depend on the exact place-
ment of the protected programs on the hard disk, which would be endangered if the file
server were backed up and later restored. Because of this, use of software that employs
this type of copy protection is strongly discouraged. Some software in this category may
function properly on a network. However, a burden still exists on the network supervisor
to enforce the single user, single machine license restriction. If it is necessary to attempt
installation of such software on a file server, it is always best to do so before other applica-
tions have been loaded, and prior to database initialization or other network usage. Spe-
cial care must be taken when backing up a server containing this type of software.
• Site License Agreements
License agreements from software distributors range from the simple to the very
complex. Several large businesses and agencies, have been successfully sued for failure to
comply with these license agreements It is therefore critical that you understand the exact
nature of licensing for the particular software you use. Appendix K of this guide contains
a more complete discussion of the types of the licensing agreements available.
F.8.1.2 Application Sharing Concerns
Most application software currently available was designed to run on single user ap-
plications. Some software vendors have either re-written their software to run on net-
works, or have special versions available for network use. However, since network
hardware was developed before network application software, the network operating sys-
tem software was designed to allow most existing POMS-DOS software to be adapted to
network use without modifications. Several considerations must be taken into account
F-54
-------�
Installation Guidelines
For the first user login script:
(1) Select the User Information option on the SYSCON menu. A list of users on the
file server will be displayed.
(2) Position the cursor bar and select the user on the list whose script you wish to
create. The T Tser Information menu will be displayed.
(3) Select the T rtpin Script option on the T Tsgr Information menu. The ReaHTrtgin
Script for User entry box will be displayed. It contains the name of the user
selected in specified in step B. Press RETURN to accept the current user's name.
A screen for creating and editing login scripts will be displayed.
(4) Type in the user login script Your system will likely have some variaion to the
EPA standard directory structure and parameters than the one described above.
In this case, you will need to modify the sample script above to suit your particular
needs. Refer to the NetWare Supervisor Reference manual for a complete
description of login script commands and their usage.
If you are using the EPA distributed sample login script, it should be in the
SYS:PUBLIC directory. Then the only line that needs to be entered under SYSCON is:
SINCLUDE SYS:PUBUC/SCRIPT.EPA i
(5) When the login script is complete, press the ESCAPE key. A confirmation box
will ask if you wish to save this login script. Respond by selecting "YES".
To copy the first login script to other users:
(1) Repeat steps A through B above, selecting the next user for which you wish to
prepare a login script
(2) Select the Login Script option on the T Jser Information menu. The Read Login
Script for User entry box will be displayed. It contains the name of the user just
selected from the list of users. To copy the script created above, use the BACK-
SPACE key to erase the name in the box, and type in the name of the user for
which the login script was created above.
(3) If the script for this user needs to be modified, then make the changes. After any
modifications to the script, or if none are necessary, press the ESCAPE key and
verify that you do wish to save the login script
(4) Repeat steps (1) through (3) for each user that you wish to create a login script
Note that if scripts for users are created in this manner, changes to all user's scripts
may be implemented by making changes only to the included SCRIPT.EPA file. Your
users should be advised against removing the SCRIPT.EPA file from their individual
scripts.
F.5.4.4 Supervisor's (LAN Administrator) Password
A password must be assigned to the user SUPERVISOR. Some users on the net-
work will experiment with all of the network functions available. Even with good inten-
tions, an untrained user can foul up the server or user configuration tables, creating work
F-51
-------�
LAN Technical Manual
for the supervisor in sorting out and restoring the server configuration. The name "SU-
PERVISOR" is not secure from any user that has access to the NetWare manuals. Adding
a password to SUPERVISOR may be appropriate in order to restrict access to the
supervisor's functions. It is very important that you maintain access to the
SUPERVISOR'S password at all times. It is also important that at least one other person
either know or have access to that password. The SUPERVISOR password must be writ-
ten down and stored in a secure place. Remembering a password when it is created may
seem trivial; however, remembering a password several months later may be impossible.
If other users' login names are added to the system that have security equivalences to the
SUPERVISOR, then the same rules should apply to those users.
F.5.4.5 Multi-User Testing and Adjusting System Parameters
After the server directory structure has been created, users have been added, and
user security assigned, the access to server directories on all network stations by all user
logins should be tested. The easiest method is to simply determine if the system works
properly after applications have been loaded and users are accessing the network.
However, if a problem develops with the "wait-and-see" method, it would probably be more
difficult for the LAN Administrator to determine the phase at which the problem occurred
and take corrective action. Therefore, it is essential to take the time to verify each step of
development as it occurs, whenever possible.
Attachment 1 provides step-by-step instructions for testing the login and security
functions on the network. The tests described in the appendix are very simple. In addition
to verification of the network configuration, practical experience in monitoring network
activity will assist in future network problem solving.
Several parameters that pertain to the actual performance of the network, such as
the number of file buffers, and the number of open files will also need to be monitored and
adjusted. These parameters are modified as part of the operating system installation pro-
cedure (covered in Section F.5). However, assessing performance of these parameters
depends primarily on the performance of the application programs on the file server.
Therefore, additional testing of operating system parameters will need to be performed
after the application software has been loaded on to the file server.
F.6 - APPLICATIONS LOADING AND VERIFICATION
The focus of work on either a single-user workstation or a network is the use of ap-
plication software. It is the job of the network supervisor to load application software, con-
figure and initialize the software, and ensure that the users have the appropriate access to
the application software. Network users will, for the most part, presume that application
software being used on the network will perform in a manner similar to using that software
on a standalone workstation.
Because of the use of applications that have been developed using an application
programming language, as in dBase, such uses will be refered to as dBase applications.
F-52
-------�
Installation Guidelines
VISOR, it will be to perform system main tenance tasks; and as such will most likely need
to perform such operations from the SYS:SYSTEM directory.
Remark: Set search paths
MAP S1: = SYS:PUBLIC; S2: = C:\DOS; S3: = SYS:\DBASE;
S4: = SYS:WORDSTAR
The next REMARK statement indicates that the following MAP command will
specify search paths for network use. A search path is the network equivalent of the DOS
PATH command Search paths will be checked, in numerical order (SI through S16),
whenever a command needs to open a file that isn't on the current drive. Search paths are
checked by any Open File request In the example above, two search paths are specified
using one MAP command line, separated by a semicolon. The first assigns SYS:PUBLJC
to SI; and the second assigns C:\DOS to S2. The reason for these two maps are that
SYS:PUBLJC contains the network command line and menu utilities that are available to
network users; and the C:\DOS will allow the user to execute DOS or other commands
that are located in the DOS directory (if it is set up, as per the standard EPA configuration
recommen dataions) on the local hard disk (drive C:).
REMARK: Display today's login message
FDISPLAY SYS:PUBLJC/MESSAGE.TXT
PAUSE
The next REMARK indicates that a login message will be displayed. This is ac-
complished by using the script command FDISPLAY. It will search for a file called MES-
SAGE.TXT in the SYS:PUBLJC directory (it can be any valid name); and if found, will
display the contents of that file on the workstation's screen, This is very convenient for dis-
playing important reminders for network users or information regarding system usage. The
message file (MESSAGE.TXT) can be created using any word processor or text editor.
The file should be plain ASCII, without special control characters. After the message is
displayed, the PAUSE command will display the message "Press any key to continue" and
wait for the user to strike a key before continuing.
DOS SET PROMPT = "$P$G"
The next line, is included so that the command line prompt will indicate the worksta-
tion default drive and directory. This convention is useful in reminding the user of the cur-
F-49
-------�
LAN Technical Manual
rently logged drive and directory. Refer to the DOS manual for a description of valid
PROMPT parameters.
MAPDISPIAYON
MAP
The next line turns the screen display of MAP information back on; one of the pre-
vious commands had turned it off. Then a MAP command without any parameters will
display all of the current directory/drive and search drive mappings on the workstation
screen.
EXIT program_name
The last line of the login script, "EXIT program_name" is a method of terminating
execution of the login script command file and executing a command or program.
"Program_name" can be any valid DOS command, batch file, or executable program file
(COM or EXE). An example of automatic program executions might be to execute the
MENU program (the script line would read "EXIT MENU"). If a program name is not
specified, the script file simply exits.
The MENU utility is a program provided by NetWare that integrates many of the
command line utilities and menu utilities so that users can execute NetWare commands
from a pop-up menu system. The MENU utility also allows custom development of menus
for applications on the network. An advantage to using the MENU utility is that users will
not need to remember lengthy syntax required for executing certain application programs.
Disadvantages of using the MENU utility are that if users become accustomed to using
MENU, then they will not be as eager to develop skills required for using DOS commands;
and proficient users on the network may feel that the MENU utility slows them down.
A sample disk containing a user login script and customized menus for the MENU
utility should arrive on the server when shipped from SMA.
F.5.4.3 Creating th« UMT Login Scripts
The SYSCON menu utility is used to create user login script files. SYSCON provides
the ability to copy one user's login script to another user, thereby eliminating the need to
re-type the same login script for multiple users. A complete description of the use of SYS-
CON for preparing login scripts can be found in the NetWare Supervisor Reference
manual The process of preparing a single user script and copying it for use by other users
follows.
F-50
-------�
Installation Guidelines
login scripts. An description of each line in the script will explain the use of these com-
mands.
WRITE 'Good %GREETING_TIME, %LOGIN_NAME.'
WRITE "You are logged in as workstation '^TATION
These first two WRITE lines make use of a valuable feature in the login script com-
mand set, that of using identifier macros.
By using combinations of the WRTTE command with macro identifiers, very infor-
mative and specific messages can automatically be displayed when each user logs in to the
network. The macro identifiers can also be used with some other login script commands,
such as the IF..THEN construct; an example of which follows later in the script
For example, if a user logs in at 9 o'clock in the morning with the command "LOGIN
BILL" on workstation 3, the system will respond to the login command with:
Good morning, BILL.
You are logged into station 3
MAP DISPLAY OFF
MAP ERRORS OFF
The next two lines, MAP DISPLAY OFF and MAP ERRORS OFF, simply ensure
that subsequent MAP commands or MAP errors will not be echoed on the display as they
are executed.
REMARK: Set 1st network drive to 1st letter after LASTDRJVE
REMARK: Set drive P: to be the home directory for each user
The lines that begin with "REMARK:.." are inserted simply to comment the inten-
tion of commands which follow the remarks. "REMARK" is a valid script command.
MAP P:=SYSJ»ERSONA1V%LOGIN_NAME
F-47
-------�
LAN Technical Manual
MAP •!: = SYS:WORDSTAR
MAP «2: = SYS:PUBUC
MAP«3: = SYS:DBASE
MAP«4: = SYS:LOTUS
MAP-5: = SYS:TEMP
The next six script command lines assign directories on the network drive to logical
drives for the user. Note that the first maps assign the personal directory to a specific drive
letter (P). Since everyone will have a personal directory, the mneumonic convention will
always exist, and the map can be specific. The conventions of "•!", "*2" indicate the first
and second available drives for network use. If the CONFIG.SYS file on each workstation
has been set up with the "LASTDRIVE = M" parameter, then the first available network
drive will be I:; and "• 1" will be the same as drive I:, ""2" for drive J:, etc.
For consistency, all workstations should have application directories mapped to the
same drive letters. Therefore, in our example, the first MAP command specifies that the
user's home directory (for private files) be mapped to drive P:. The subsequent MAP com-
mands specify that the SYS:PUBLIC directory be mapped to drive I:, the SYS:WOR-
DSTAR directory to drive J:, the SYSrDBASE directory to drive K:, the SYS:PROJECT1
directory to drive L:, and the SYS:PROJECT2 directory to drive M:.
The NetWare manuals are somewhat ambiguous over the use of DOS directories and
paths. There is a provision for specifying the directory paths (DOS SET PATH = ) in the
login script command language; however, Novell warns that certain normal DOS com-
mands will not work properly under network use; among them are COPY and PATH. Be-
cause of this, it is suggested that directories on the network drive (s) be mapped to logical
drives, as shown in the example above. Another reason for the validity of this approach is
that certain application programs do not work particularly well with DOS subdirectories.
An example of this type of program is dBase. In dBase, it is much easier to specify a search
path as a drive instead of a default directory. Other application program, such as Lotus,
provide an easy method of working with subdirectories, but will just as easily work with
drive specifications for data files. Overall, the presiding reason for mapping network direc-
tories to logical drives is the fact that NetWare may not work correctly with directories
when running certain DOS commands or application programs.
IF "%!' = 'SUPERVISOR' THEN MAP P: = SYSrSYSTEM
The next command in the sample login script is a conditional "IF-THEN" branch.
This lines specifies that if the first parameter on the LOGIN command line (e.g. LOGIN
name) is the user name "SUPERVISOR", then map the SYS:SYSTEM directory to the
first network drive. The purpose for this is that most often when a user logs in as SUPER-
F-48
-------�
Installation Guidelines
to monitor directory entry availability. If there is a need to remove trustee assignments to
create more space for files, then certain steps must be followed to ensure the operating
system integrity. They are:
(1) Delete trustees;
(2) Bring the server down (via BROADCAST/DOWN); and
(3) Reboot the file server.
These steps will inform the operating system of a change in the parameters for free
directory entries, and additional files may then be added to directories. Also, the best time
to perform this action is at night, after everyone has logged off the network. :
F.5.4 Prepare Workstation LOGIN Scripts
A standard EPA login script should be installed on file servers purchased from SMA.
This script is contained in a file named SCRIPT.LOG in the SYS:PUBLIC directory. The
commands in the standard EPA login script can be included for each user by use of the IN-
CLUDE directive, which is described below.
A login script is a series of special NetWare commands that are executed automati-.
cally each time a user logs in. A system login script is automatically created when the v t
operating system initialized. This system script can be customized by anyone having su-.
pervisor rights. Additionally, each user can have a unique login script, cus tomized for par-
ticular applications or uses. The system login script exists for all users, and is executed
when users first log in to the file server. If a user login script exists, it is executed after the
system login script. Each user can modify his/her own user login script by using the SYS-
CON utility.
Some of the login script commands allow conditional execution of commands,
depending on the parameters specified on the LOGIN command line (e.g. login name, ,
login password, and other optional parameters on the command line). It is the LAN
Administrator's responsibility to prepare a login script for each user on the network ini-
tially; however, users may later modify their login scripts if desired. Login scripts are
created and modified by using the SYSCON utility. In order to create login scripts for each
user, you must be logged in to the network as the SUPERVISOR.
Login scripts can include commands which will automate many functions necessary
for proper use of the network, and provide the users with useful information as to the cur-
rent status of the network. Some features of login script commands include:
Mapping directories to be accessed as logical drives;
Mapping directories to be searched for program execution;
Informing the user of the current workstation number other network and operat-
ing system parameters;
Displaying text messages reminding users of important network information; and
Executing batch files or programs upon termination of the login script;
F-45
-------�
LAN Technical Manual
F.5.4.1 identifier Macro*
Identifier macros are variables that the script language recognizes and substitutes the
appropriate values for the macros in their place. The identifier macros available for the
WRITE and other login script commands are:
• DATE AND TIME IDENTIFIERS
HOUR Hour of day or night (1-12).
HOUR24 Hour (00-23).
MINUTE Minute (00-59).
SECOND Second (00-59).
AM_PM Day or night (am or pm).
MONTH Month number (01-12).
MONTH_NAME Month name (January, June, etc.) .
DAY Day Number (01-31).
NDAY_OF_WEEK Weekday number (1-7, Sunday is 1).
YEAR • Year in full format (1983, '1987,
SHORT_YEAR Year in short format (83, 87, etc.
DAY_OF_WEEK Day of week (Monday, Friday, etc.)
• OTHER IDENTIFIERS
LOGIN_NAME User's unique login name.
FULL_NAME User's full name (from SYSCON file
STATION Workstation number.
P_STATION Physical station (12 hex digits)
GREETING_TIME Morning, afternoon, or evening.
SHELLJTYPE Shell type number (0, 27, 3, etc.)
OS The workstation's operating system
OS_VERSION The version of the workstation's D
MACHINE The machine for which the shell wa
written:e.g.IBM_PC).
SMACHINE Short machine name (e.g. IBM).
F.5.4.2 EPA Standard Login Script
The following EPA login script, which corresponds with the example directory struc-
ture (in section F.5.1), outlines some of the more useful commands available in preparing
F-46
-------�
Installation Guidelines
following subdirectories could be created: \PERSONAL\JOHN, \PERSONAL\BILL,
\PERSONAL\LOU1SE, \PERSONAL\JANE, and \PERSONAL\DAN. Using this
structure, the appropriate program and data files would be installed in their respective
directories, and each user would have his/her own personal directory to store private files.
F.5.3.2 Specifying Maximum Rights For Subdirectories
The process of adding or removing rights from the Maximum Rights Mask for a direc-
tory is as follows.
(1) Select the Select Current Directory option on the FILER main menu.
(2) A window for typing the new path will be displayed containing the current direc-
tory. Use the backspace key to delete the directory information displayed and
type the directory name for which you will be setting Maximum Rights.
(3) Select the Current Directory Information option on the FILER main menu.
(4) The Current Directory Information menu will be displayed for the directory you
entered. Select the Maximum Rights option on this menu; the Maximum Rights
list for the current directory will be displayed. It lists the rights that may be ex-
ercised in the current directory.
(5) To add a right to the list, press the Ins key. The Other Rights list will be displayed.
(6) Select the right you wish to add; the right will be added to the Maximum Rights
Mask.
(7) To delete a right from the Maximum Rights Mask, select the right to remove from
the Maximum Rights list and press the Del key. The Revoke Right confirmation
box will be displayed. Confirm whether this right is to be deleted.
The eight security rights (refer to Section FJ for an explanation of security rights)
that may be granted or revoked, are available as Trustee Rights and Directory Rights. As-
signing Maximum Trustee Rights is described in the section on SYSCON. Specifying Max-
mimum Rights for Subdirectories refers to the ability to grant or revoke the eight security
rights that may be exercised in a directory. Even though a user or group may have certain
trustee rights, a directory must also grant those rights for the user or group to have Effec-
tive Rights.
For example, if the group ADMIN is granted READ-WRITE rights to the
SYS^DBASE directory, but the directory's Maximum Rights Mask specifies READ-
ONLY, then the group ADMIN's Effective Rights in that directory are READ-ONLY.
The Maximum Rights for a directory can also be displayed by typing "RIGHTS" at
the DOS prompt while in that directory. Anyone having Parental rights in a specific direc-
tory may set Directory rights by editing the directory's rights mask using the FILER utility.
F-43
-------�
LAN Technical Manual
F.5.3.3 Specifying Trustees of • Directory (Groups and Users)
The process of adding or removing trustees of a directory is as follows.
(1) Select the Select Current Directory option on the FILER main menu.
(2) A window for typing the new path will be displayed with the current directory
shown. Use the backspace key to delete the directory information displayed.
Type the directory name for which you will be specifying trustees, or press the Ins
key and select from a list of available directories.
(3) Select the Current Directory Information option on the FILER main menu.
(4) The Current Directory Information menu will be displayed. Select the Trustees
option on the menu.
(5) The Trustee Name/Trustee Type/Rights list will be displayed. If the list is blank,
then no trustees have been added to the directory yet
(6) To add a trustee, press the Ins key. A list of the available users and groups will
be displayed. Select the user or group you wish to make a trustee. For public
programs and data directories, it is easiest to select the group EVERYONE as
the directory trustee. For private and/or restricted directories, select each user as
a trustee of that directory.
(7) To delete a trustee, position the cursor over the directory trustee you wish to
delete and press the Del key. The Delete Trustee From Directory confirmation
box will be displayed. Confirm whether the trustee should be deleted from the
directory.
(8) Repeat steps (2) through (7) for each of the directories that were created.
Specifying Trustee of a Directory is functionally the opposite of assigning Group
Trustee Rights in a Directory, which is described above under SYSCON. Using the S YS-
CON method, a group is first selected, then directories are added to that group's trustee
rights. The current FILER method specifies that a directory is first selected, to which users
or groups are added as trustees.
Trustee basically means "having rights to". Which rights are determined by the Max-
imum Rights Mask for the group and for the directory.
F.5.3.4 Directory Limitations
Certain limitations should be noted when creating directories and assigning trustee
rights to directories. When the operating system was installed, the number of directory
blocks for directory entries was specified. By default this number was maximized accord-
ing to available disk space. Each directory block allocated will hold 128 file entries. When
a trustee is assigned to a directory, the information is stored on the server as part of a direc-
tory entry. Each five trustee assignments take up one directory entry. Normal assignment
of trustee rights will not usually cause a problem, but if your particular configuration in-
volves an unusually high number of trustee assignments, then it would be wise to monitor
the number of free directory entries. This is done by using the command line utility
VOLINFO. On such configurations, regular usage of VOLJNFO will allow the supervisor
F-44
-------�
Installation Guidelines
list of available directories will be displayed from which you may choose the ap-
propriate directory.
(6) Repeat step (5) until all of the necessary directories have been added for the
group.
(7) Repeat steps (3) through (6) for each of the groups on the file server.
For example, suppose the group we created above, ADMIN, required access to
several directories, \BUDGET, \WORDSTAR, and \AIRDATA; and the group AIRQ
required access to the \DBASE and \AIRDATA directories. Steps (3) and (4) would first
be executed for the ADMIN group; step E would then be repeated to add the \BUDGET,
\WORDSTAR, and \AIRDATA directories to that group. Then Step (3) and (4) would
be executed for the AIRQ group, and step (5) would be repeated to the \DBASE and
\AIRDATA directories to that group.
F.5.2.4 Assign • User to • Group
All users are automatically assigned membership to the group EVERYONE.
However, users must be manually assigned membership to special groups, as described
above. The process of assigning a user membership to a group is as follows.
(1) Select the firnnp Information option on the SYSCON main menu.
(2) The current groups on the file server will be dis played.
(3) Position the cursor and select the appropriate group. The firnnp Information
menu will be displayed.
(4) Select the Member T.ist option on the menu; the current group members will be
displayed.
(5) To add a user to a group, press the Insert key. The Not Group Members list will
be displayed. This is a list of all users on the file server that are not currently
members of that group.
(6) Position the cursor over and select the user to be added. The user will then be-
come a member of that group. Optionally, if you know the login name of the user
to add, that name may be typed instead of selecting the name from the list.
(7) Repeat these steps to add users to each appropriate group.
To continue with our example, the ADMIN group would be selected in step (3).
Steps (5) and (6) would be repeated to add John, Bill, and Louise to the ADMIN group.
The AIRQ group would then be selected as in step (3); and Jane and Dan can be add as
members of the AIRQ group.
The SYSCON program is sensitive to a user's trustee rights. That is, any user can ex-
ecute SYSCON, but the program will only allow the user to add, delete, or modify infor-
mation at a level equal to or lower than those of the user. Thus, every user can modify
his/her own login script and password, but is only able to modify trustee rights to those
directories for which that user is the owner. Ownership of directories is discussed below.
F-41
-------�
LAN Technical Manual
F.5.3 Using FILER
The FILER program is used to control volumes, directories, subdirectories, and files
on a file server. A complete description of the operation of FILER can be found in the
NetWare User Reference, Part II- Menu Utilities manual. FILER is a menu driven program
and is very easy to use. Basically, the use of FILER involves selecting options on layers of
pop-up menus until the action you desire is displayed on one of the menus.
FILER implements many of the NetWare command line utilities in addition to
providing a few unique services of its own. Like SYSCON, the user must have appropriate
trustee rights for that function in order to use the FILER functions to add, delete, or modify
many of the parameters. Various functions require trustee rights equivalent to those of
the user SUPERVISOR, Parental rights to that directory, or appropriate Open, Read,
Write, Modify, Create, or Delete rights where indicated. A complete list of functions and
rights requirements can be found in Attachment 2.
F.5.3.1 Creating Directories
Note that SMA will create the standard EPA directory structure on file servers and
much of the following discussion will pertain to additional directories to enhance the EPA
standard directories. The process of creating new directories and subdirectories on the
file server is as follows.
(1) Select the Select Current Directory option on the FILER main menu.
(2) A window for typing the new path will be displayed. Use the backspace key to
delete the directory information displayed. Type 'SYSr/*. This will ensure the
current directory is the root directory. ;
(3) From the FILER main menu, select the Subdirectory Information option on the
menu
(4) A list of Subdirectories will be displayed. The directories that were created when
the operating system was installed should be displayed; they are PUBLIC, MAIL,
SYSTEM, and LOGIN.
(5) Press the Ins key. A window for typing the new directory name will be displayed.
Repeat this step for each of the directories you wish to create directly off of the
root directory.
(6) To create subdirectories, change the current directory to the directory which will
contain the subdirectories (step B); then repeat the steps for adding directories
as outlined in steps (3) through (5).
The DOS command function MKDIR can also be used to create new directories, and
the RMDIR command can be use to remove directories. If you are proficient in the use
of DOS, these commands may be somewhat easier and faster to implement a directory
structure than use of the FILER program.
The basic EPA directory structure is shown in Figure F3 above. For example, fol-
lowing directories could be created off of the SYS: root directory: \WORDSTAR,
\DBASE, \LOTUS, \TEMP and \PERSONAL. Under the \PERSONAL directory, the
F-42
-------�
Installation Guidelines
Details of preparing the system and user login scripts can be found in Section F.6 of this
appendix.
Because most application programs, including WordStar and dBase, do not need to
write to files in the application directories during execution, all files in the application
directories should be flagged as Read-Only/Sharable. This will allow multiple users to ac-
cess programs simultaneously, but will prevent users from accidentally modifying the
program files. The FLAG command is also discussed further in Section F.6.
That is all there is to it Once the types of application programs, the public and private
data, and the users have been described, then all of the information is ready for creating
directories and assigning user rights. The real value in preparing worksheets is that when,
you sit down at the computer to begin work, referring to the worksheets for organization
will simplify the task.
F.5.2 Using SYSCON
The SYSCON program is used to control users, groups, directories, and file server
access. A complete description of the operation of SYSCON can be found in the NetWare
User Reference, Part II - Menu Utilities manual and the NetWare Supervisor Reference
manual. Basically, the use of SYSCON involves selecting options on layers of pop-up
menus until the action you desire is displayed on one of the menus.
SYSCON is a powerful program that integrates many of the NetWare command line
utilities in addition to providing a few unique services of its own. Many of the functions
available in SYSCON will allow the user to display the current parameters for a topic. In
order to use the SYSCON functions to add, delete, or modify many of the parameters, the
user must have trustee rights equivalent to those of the user SUPERVISOR. A complete
list of functions and rights requirements can be found below in the section labelled Addi-
tional Menu Utility Func tions. To use the utility, just type SYSCON from the DOS
prompt
F.5.2.1 Adding and Deleting User*
The process of adding new users and removing existing users from the file is as fol-
lows.
(1) Select the User Information option on the SYSCON main menu.
(2) The current users on the file server will be dis played. Initially, only the users SU-
PERVISOR and GUEST will appear in this list
(3) To add a new user, press the Insert (Ins) key. The Usemame entry box will be
displayed. By typing a new user's name, the user will be created on the file serv-
er. New users are automatically assigned as members of the group EVERYONE.
(4) To delete a current user, position the cursor over the user to be deleted on the
list of file server users. Press the Delete (Del) key. The user's profile and access
rights will be deleted from the file server.
For example, suppose John, Bill, and Louise need to be given access to the file serv-
er. Steps (1) and (2) would be followed exactly as described above. Step (3) would then
F-39
-------�
LAN Technical Manual
be repeated three times, once for each new user. In other words, all new users could be
added by pressing the Ins key, then typing the user's name, once for each new user, as
described in Step (3).
F.5.2.2 Creating • Server Group
In many cases, it will suffice for users to belong only to the group EVERYONE, which
i« assigned automatically. However, if you wish to assign users to a group, and use the group
trustee rights to restrict or grant access to particular directories, then a unique group can
be created, and the appropriate users assigned membership to that group. The process of
creating a Server Group follows.
(1) Select the Group Information option on the SYSCON main menu.
(2) The current groups on the file server will be dis played. To add a group, press the
Insert key. The Group Name entry box will be displayed.
(3) After typing the group's name, the group will be created on the file server.
For example, if John, Bill, and Louise are all part of the division's administrative staff,
a group name ADMIN might be created on the server. Further, Jane and Dan perform
technical analysis related to Air Quality studies. A group named AIRQ might be created
for these users. In the next step, ADMIN can be assigned access rights to particular direc-
tories that pertain only to administrative functions; and AIRQ can be be assigned access
rights pertaining to Air Quality research. Later, John, Bill, and Louise can be added to the
group ADMIN; and Jane and Dan can be added to the AIRQ group.
F.5.2.3 Assign Group Trustee Rights In • Directory
All users are assigned to the group EVERYONE; the group EVERYONE should
be given trustee rights to all public directories. In those cuses where it is appropriate to
define a special group for restricted access to directories, the group may be assigned trus-
tee rights to particular directories and the appropriate users made members of that group.
Note that it is only necessary to assign group trustee rights to those directories that will
have restricted access. If users are members of the group EVERYONE, then all direc-
tories available under EVERYONE will also be available to those users. The process of
assigning Group Trustee Rights in a directory is as follows.
(1) Select the Group Information option on the SYSCON main menu.
(2) The current groups on the file server will be dis played.
(3) Position the cursor and select the appropriate group. The Group Information
menu will be displayed.
(4) Select the Trustee Assignments option on the menu. The group's current trustee
assignments will be displayed.
(5) To add a directory to the group's trustee rights, press the Ins key. A window for
typing the directory name will appear. If you know the directory name to add,
simply type it in. If you are not sure of the directory name, press the Ins key; a
F-40
-------�
Installation Guidelines
• Accounting
• Other
In many instances, several users on a network will frequently use the same applica-
tion programs, but will be working on fundamentally different projects. An additional
division of work functionality can further help organize the storage of data on the network
server. On a simple level, work function divisions can be initially defined something like
the following:
Shared documents
Private documents
Shared databases
Private databases
Shared other
Private other
Because there will often be shared and private files that are used with one type of ap-
plication, a method must be developed to maintain the appropriate security. When users
must access shared files, a directory should be created specifically for those files. A shared
data directory could be defined in terms of the application program used to work with those
files, or in terms of a multi-person project that will use several application programs in ^
preparation of reports and documents.
Each user on a network will need to maintain a directory of files to which only that
user will normally have access. These personal directories can be grouped together in a
single directory called PERSONAL (or any appropriate name), under which users can have
subdirectories named as their login ID. Optionally, each user could own directories
created directly off the root directory. However, if a large number of users are on the net-
work, the root directory could quickly become cluttered with user directories. Therefore,
in the EPA environment, users will have subdirectories off the directory PERSONAL, and i
all user files must be in that directory. Shared files will be in subdirectories for the specific
application or a single directory called TEMP. TEMP will be an area in which all users will
have Read/Write access. This area will be erased and purged on a regular basis.
If the suggested guidelines are put into an example, the directory structure for a small
set of applications and users might be structured like the example in Figure F3. Note that
this example does not show the system directories (SYSTEM, PUBLIC, MAIL, LOGON)
created when the operating system is installed.
«.
In this example, the program files for dBase and WordStar are each put in their own
directories, and all appropriate users have read-only access to them. Since both John and
Jane are working with files for Project 1 and Project2, the files are kept in directories created
for that purpose. Files which are not intended for other users to read can be stored in per-
sonal directories. In the example above, JOHN would not be able to read files stored in
the SYS:\PERSONAL\JANE directory. Access to personal directories should not be as-
signed to user groups, but rather to individual users.
F-37
-------�
LAN Technical Manual
SYS:\(ROOT)
1
1
\DBASE
1
1
files
for
dBase
1
\WORDSTAR
1
1
files for
WordStar
1
1
1
\PROJECT1 \PROJECT2 \PERSONAL
1
1
shared
data
files
1
1
shared
data
files
1 1
1 1
\JOHN\JANE
1 1
private private
files files
Figure F.3 Example Directory Structure
Your particular server directory structure should facilitate your particular needs.
The purpose of planning the directory structure is to avoid users haphazardly creating files
in unrelated directories, making them difficult to locate; and to restrict access to private
files and to allow access to shared files. Careful planning will greatly aid in the ability to
locate particular files (particularly older files), and make the day to day maintenance of
file security an easier task. -'
You may wish to assign a common password for each user at this time. Users should
change their passwords after they have begun using the network. Pay particular attention
to the column labelled User Rights. Entries in this column will define what access rights
each user will have to the directories. A more complete discussion of access rights can be
found in the User Reference, Port 1: NetWare Basics manual, and in the NetWare/286 In-
stallation manual.
F.5.1.2 Servtr Files
The Server Files worksheet specifies that the following information be filled in:
• Program Name
• Type (Application or Data)
• General Category
• Directory
The WordStar and dBase directories contain the files necessary for running the ap-
plications. Both of these applications consist of numerous files such as overlays, configura-
tion files, and help files. NetWare provides a SEARCH command (similiar to the DOS
PATH command) which allows specification of particular drives and directories to be sear-
ched for loading applications. A SEARCH command should be specified for each direc-
tory containing public applications, and should be made a part of the system login script
F-38
-------�
Installation Guidelines
password and grant security rights (trustee assignments and security equivalences). When
you feel very comfortable with the SYSCON utility and its uses, delete all practice users
and groups you created.
It is very important that the supervisor for your network become familiar with all
aspects of both the FILER and the SYSCON utility programs before actually setting up
the hard disk with real directories and real users and user groups. If you attempt to learn
how to use these utilities while setting up the actual directory structure and users, you will
likely find that many decisions you make will be incorrect, and additional work will be
created by attempting to rectify your mistakes. The concepts involved in creating a direc-
tory structure and users are not difficult; and they are perhaps best learned by using the
FILER and SYSCON programs on practice data. EPA has identified a file and directory
structure to be used on each server, and familiarity with this structure is equally important
F.5 INITIAL NETWORK SETUP AND VERIFICATION
The success of many network installations depends largely upon the degree of com-
fort users experience in their initial sessions on the network. Some factors influencing this
are the proper performance of the network, the ease of use in performing daily tasks, and
the competence of the network supervisor. Proper network performance means that when
users attempt to perform basic computer tasks, such as running an application program or
printing a file, the system operates as expected, and in a timely manner. Proper prepara-
tion in allowing a user to log in to a network with an appropriate default configuration will
minimise the number of commands a user must remember to perform basic tasks, and thus
enhance the ease of use. The competence of the network supervisor will be recognized by
users based partly upon the appropriateness of any written or verbal instructions, the ability
to answer questions and solve problems, and timely communications between users and
the network supervisor. The supervisor's own confidence and competence will grow with
experience.
F.5.1 Create User Access Configuration Tables
After the network operating system software has been installed and prior to loading
application programs, the structure of file organization and user access and security must
be specified. Just as planning the network topology is an essential step in installing net-
work cabling and hardware, planning the server file organization and user access is a neces-
sary part of the successful installation of application software. The steps involved in
preparing the server for application software and user operation include:
(1) Planning;
(2) Creating a directory structure on the file server;
(3) Creating user profiles, including passwords; and
(4) Specifying user, directory, and file security.
The requirements for completing these four steps are a thorough understanding of
DOS directory structures and the NetWare programs FILER and SYSCON. Directories
F-35
-------�
LAN Technical Manual
provide the means by which to organize program and data files on the file server. The
FILER is a menu-driven- program used to create and manage directories on the file serv-
er. The DOS MKDIR command can be used to create and remove directories instead of
the FILER utility. Users are added and given access to certain directories by using the
SYSCON program.
DOS directory structures are covered in detail in both the DOS manual and the Net-
Ware Basics manual In general, directories can be thought of as having a tree or hierar-
chial structure. That is,, there is a root directory, from which branch directories, each of
which may contain additional subdirectories, and so on. The advantage of this type of or-
ganizational structure is that it allows program and data files for a particular application
program to be kept separate from files that belong to a different application. Instead of
searching through a long; list of files from a variety of applications, locating a file involves
changing to the appropriate subdirectory and searching through files that are relevant only
to a particular application. Additionally, from a networking point of view, directories
provide a means of assigning and restricting access to groups of files, by means of trustee
rights, security equivalences and directory Maximum Rights Masks, which are described
in more detail later in this section.
You should develop a written plan before actually beginning to set up directories,
users, and security. Volume I, Chapter 2, Planning Guidelines, provides information which
should be reviewed andworksheets for preparing the server for use. LAN Planning Check-
lists-6 and 7 provide space, for establishing your users' access rights and group member-
ships. After the planningis: completed, use the SYSCON utility tp add user lists and groups
and to define user rights^and the FILER utility to create directories.
F.5.1.1 Server Users
Typically, a networfrenvironment will be correlated with a lab, group, or division staff
of workers. Each worker wHl have a generally defined role, in terms of the type of work
the employee normally performs. If the employee is currently using a personal computer,
then some of the programs that employee will need to access on the network are already
defined. If the employee is new to computing, then that person's role must be specified in
terms of the type of applications to be used on the network. The various roles network
users assume generally comprise the user groups that will be created. User groups might
correspond with job responsibilities, such as Secretary, Scientist, Technician, Data Process-
ing, etc.
Even though access:to various applications may overlap, the network security will be
set up according to the group(s) to which users belong. Typical application program
divisions can be defined such as:
Spreadsheets
Data base and data analysis
Graphics
Word processing
Communications
F-36
-------�
Installation Guidelines
while other utilities are network counterparts to their DOS equivalents. This means that
some of the normal DOS commands should not be used, or their use may be restricted,
while nmning under the NetWork shell. The DOS commands which do not work proper-
ly on network drives are: ASSIGN, CHKDSK, COPY, DIR, LABEL, PATH, and PRINT.
Novell provides network equivalents for these commands.
A detailed description of all PUBLIC commands can be found in the NetWare User
Reference, Part III: Command Line Utilities, and in the NetWare User Reference, Part II:
Menu Utilities. A brief description of each of the commands in the PUBLIC directory, or-
ganized by functions, are included in Attachment 2 to this appendix. The functional groups
of utilities include:
• Commands with DOS equivalents
• User Information and Access Commands
• Print Spooler Commands
• Advanced Commands
(2) SYS:SYSTEM Directory
The directory SYS:SYSTEM contains the network operating system
(NETSOS.EXE), along with certain server utilities that only the network supervisor should.
be allowed access. These utilities are fully described in the NetWare Supervisor Reference
manual Brief descriptions of the important utilities are also included in Attachment 2.
The user SUPERVISOR has full access rights to the SYSTEM directory. The user
GUEST, and all users created as members of the group EVERYONE, have no rights to
this directory.
(3) SYSiOGIN Directory
The LOGIN directory is created by the operating system during installation. Initial-
ly, there are only two files residing in the LOGIN directory: LOGIN.COM and
SLJST.EXE. The LOGIN.COM file is the program which is executed when you type
'LOGIN name* at a workstation. It functions to provide the initial right to access the file
server by verifying the user name and password that was entered with a valid name in the
server user access table. The SLIST.EXE file is a program that lists all servers and their
names that are currently attached to the network (Le. Server LIST).
The user SUPERVISOR has full rights to this directory. The user GUEST and all
users created with security equivalence to the group EVERYONE have read-only rights
to this directory. The LOGIN directory is unique in this respect, and certain applications,
such as special menus, may be installed in this directory. This feature allows users to ex-
ecute programs that they have been told about, while denying them the ability to search
the directory and then possibly execute programs and commands which they should not
F.4.5.4 MENU Utilities
NetWare provides two programs, FILER and SYSCON that are the primary means
of performing all directory and user maintenance operations. These two programs will be
used most frequently by the LAN Administrator. Other users may be run these programs,
F-33
-------�
LAN Technical Manual
but with restricted functionality. They are described in detail in Section 6 of this docu-
ment. A brief discussion of each follows.
(1) FILER
The FILER program is a menu driven utility that is used to create a directory struc-
ture. It is the primary means by which all directories are created and deleted from the net-
work server. It is very important that LAN Administrator or the person responsible for
managing the network structure be familiar with all aspects of using the FILER utility.
Management functions accomplished with FILER are discussed in greater detail in Sec-
tion F.53. FILER is executed by typing FILER at the network command prompt (e.g. at
the N prompt, type 'FILER'). The program will load and display a menu of available func-
tions which will be similar to the following:
Current Directory Information
File Information
Select Current Directory
Set Defaults
Subdirectory Information
Volume Information >
Carefully study the information presented on the FILER program in the NetWare
Menu Utilities manual. After reading all the information on FILER, practice using it
Create several practice directories. Once you feel very comfortable with the FILER, delete
all practice directories you created.
(2) SYSCON
The SYSCON program is a menu Utility used to create objects (users and groups)
and to assign security rights to those objects. It is the method by which new users are added
to the network, and old users are removed. It is also the method by which trustee rights
are granted to users and groups, and the method by which a user is made a member of a
group. It cannot be stated strongly enough, that the network supervisor should become
very familiar with using the SYSCON utility. It is the one program which controls what ac-
cess rights users will have on the network.
The SYSCON utility is executed by typing SYSCON at the netware command
prompt The program will load and display a menu of available functions, which will be
similar to the following:
Change Current Server
Filer Server Information
Group Information
System Login Script
User Information
Carefully study the information on the SYSCON utility presented in the NetWare Su-
pervisor Reference manual. After you have read all of the information on the SYSCON
program, practice using it Create several practice users and groups, and assign them a
F-34
-------�
Installation Guidelines
The chart below indicates how users rights might be distributed over several direc-
tories.
DIRECTORY RIGHTS USER
SYS:SYSTEM All rights LAN Administrator or equivalent
Read only Barbara
SYS:PUBUC Read only All users
SYS:DBASE Read only Jim, Paul, Sue
Read/Write Barbara, John
F.4.5.2 User Groups
As mentioned above, the network supervisor can define various user groups. Each
user group can have a specific set of trustee rights granted allowing access to various direc-
tories. The utility of creating user groups becomes evident when one or more directories
are created, and you wish to assign trustee rights to several users for those directories. In-
stead of individually assigning each user trustee rights to each directory, you can simply
create a user group with the appropriate trustee rights, then make users a member of that
group. Likewise, if you wish to add or remove access of all those users to the same or ad-
ditional directories, you can simply change the user group's trustee rights, and all users that
are members of that group will automatically have their trustee rights modified.
In the example above, three groups could be created to account for the various levels
of security for all users. A group, SLJPER2, could be created with restricted access to
S YS:S YSTEM. Users in this group would likely perform certain system maintenance tasks.
A second group, DBASE_RW, could be created for users that need Read and Write ac-
cess to the SYS:DBASE directory. The third group, DBASE_R, would allow members of
that group only read access to the SYS:DBASE directory.
When the NetWare server software is installed on a file server, the INSTALL utility
automatically configures the server for initial use. It does this by.
A) creating four directories, which are:
1) SYS:SYSTEM
2) SYS:LOGIN
(Users are allowed Read but not Search access rights)
3) SYS:PUBUC, and
4) SYSiMAIL
("SYS:" is always the name of the first file server on a network);
F-31
-------�
LAN Technical Manual
B) adding two users, SUPERVISOR and GUEST; and
C) adding one group, EVERYONE.
NetWare refers to users, groups, and servers as objects. Thus, the objects that are
automatically created by the server's operating system are the users SUPERVISOR and
GUEST, and the group EVERYONE.
(1) The User SUPERVISOR
The user SUPERVISOR is permanent It cannot be deleted or renamed Further-
more, the user SUPERVISOR always has ALL rights in all servers and directories. The
SUPERVISOR'S rights cannot be revoked. If desired, additional users can be added that
have a security equivalence to user SUPERVISOR, in that such users will have full rights
to all servers, volumes, and directories. However, note that the proliferation of users with
SUPERVISOR security equivalences can quickly lead to confusion and contradictions in
implementing network security.
(2) The Group EVERYONE
The group EVERYONE is created by the operating system as a special group to
which all new server users are assigned as members. The group EVERYONE is made a
trustee of the SYS:PUBUC directory with Read, Open, and Search rights in that direc-
tory. All users, as members of the group EVERYONE, are given rights to run the Net-
Ware user utilities, which reside in the PUBLIC directory. Assigning all users as members
of the group EVERYONE is also a convenient method of maintaining the trustee rights
for all users on the network. The group EVERYONE can be deleted, but it is strongly
recommended not to do so. If it is deleted, then the supervisor will need to manually grant
trustee rights for each directory to each current network user.
(3) The User GUEST
The network operating system automatically creates the user GUEST. The purpose
of GUEST is for anyone who needs temporary access to a file server. It circumvents the
need to add a new user and then remove the user after short term use. The user GUEST
is automatically given the security equivalence of the group EVERYONE. If the
EVERYONE group is later modified to allow read, write, delete, and create access to cer-
tain directories, you might consider creating your own "guest" user name that restricts ac-
cess, so that the "guest" will not be able to change or delete files.
F.4.5.3 Default Directories
The four directories created by NetWare are permanent directories, they cannot be
deleted Each of these directories has a specific purpose, contains certain files, and is as-
signed specific trustee rights for the group EVERYONE and the user SUPERVISOR.
(1) SYSiPUBLIC Directory
The first directory which is automatically created by the operating system during in-
stallation is the PUBLIC directory. The PUBLIC directory contains all of the NetWare
user utilities. Some of these utilities are specific to network management and information,
F-32
-------�
Installation Guidelines
• Some directories will contain programs that will be shared by all users on the net-
work, and all users will have at least read access to those directories. Note that
some application programs write to files in the program directory, necessitating
that the users also have write access to those directories. EPA will generally
create directories for software such as dBase m Plus that allow users the right to
read, etc, but will not allow copying.
• Some directories will contain data that will need to be read by some or all users,
but only selected users should be allowed to write (update or modify) that data.
For example, Bill and John may be given Read access rights, and Sue may have
Read and Write access to a directory.
• Some directories will contain programs and/or data that will be accessed by only
selected users on the network. Only the selected users will have read and/or write
access to these directories. All other users will not be granted any trustee rights
for these directories. This would be a good use of creating a special group for
users to allow access to a particular directory. The group would be given access
rights to the directory. To restrict access to other users, simply do not add them
to the group.
• Users with restricted trustee read/write access rights should also have restricted
parental rights. Only users that need to have the ability to add and delete direc-
tories, or grant other users trustee rights should be given parental rights to any
directory.
NetWare also allows the LAN Administrator to assign trustee rights to a user group.
When a user is made a member of a group, the access rights applicable for the group are
assigned to the user. This is known as a security equivalence. Assigning a user the security
equivalence of that a group eliminates the need to assign individual directory rights to each
user. If several users on a network will have similar access rights, then it is much easier to
first assign trustee rights to a group, then give the user a security equivalence to that group.
One user or user group may have up to 32 security equivalences.
For example, two groups could be created, DATA_ENTRY and DEVELOP. The
DATAJENTRY group is assigned access rights to a directory for entering data, and the
DEVELOP group is given access to the directory containing source code under develop-
ment The data entry personnel, Sue, Fred, and John could simply be made members of
the group DATA_ENTRY, and Barbara and John could be made members of the
DEVELOP group.*Note that John can belong to both groups, whereas Barbara is restricted
to DEVELOP, and Sue and Fred are restricted to DATA_ENTRY.
A user's trustee rights are calculated as the rights assigned directly to the user plus
the trustee rights assigned to any user group with which the user has a security equivalence.
Thus, if Sue were also given individual rights to SYS:BUDGET, a directory containing
budget information, then her trustee rights would include those of the DATA_ENTRY
group and the SYS:BUDGET directory.
F-29
-------�
LAN Technical Manual
Carefully examine the rights a user has before giving another user equivalent rights.
Also note that if rights of the first user are changed, the same changes would apply to the
second user.
(3) Directory Security
NetWare allows the supervisor to assign a "Maximum Rights Mask" to each direc-
tory. These rights are similar to the eight trustee rights, but they supercede the trustee
rights in any given directory. This allows the supervisor to edit the marimtim rights mask
for a directory, restricting access by trustees of that directory, without actually changing
the users' trustee rights to that directory. Directory security applies only to one specific
directory. It does not extend to succeeding subdirectories as do trustee rights.
Directory rights should be restricted only in special situations. In most cases, trus-
tee rights should suffice to restrict access for users to various directories. However, if the
need arises to restrict directory rights, then users with trustee rights to that directory should
be informed. Otherwise, the network supervisor may end up calming panicked users that
normally would have access to that directory. For example, if John has all eight directory
access rights to the directory SYS:\DEVELOP, and the LAN Administrator changes the
maximum rights mask to that directory to disallow Write access, then John will be able to
Read but not Write to the SYS:\DEVELOP directory.
Note that directory maximum rights mask does not take the place of directory access,
or trustee rights. If a user does not have directory access, then it doesn't matter to that user
what the maximum rights mask is for that directory.
(4) File Attributes Security
File attributes security refers to the ability to control whether an individual file has
read-only, or read-write access by all users. File level security takes precedence over all
other forms of security. The primary reason for making a file read-only is to prevent ac-
cidental erasure of that file. Typically, files which are read by many users (public files),
might be restricted as read-only, so that a user will not accidentally change or erase the in-
formation in that file. If users flag files as read- only, they need to understand that they will
not be able to rename the file or save changes to it until they change the flag back to write-
enabled.
(5) Effective Rights
NetWare terms EFFECTIVE RIGHTS to be those rights a user may exercise in a
given directory. EFFECTIVE RIGHTS for a given directory are determined by a user's
trustee rights and the Maximum Rights Mask for that directory; The Maximum Rights
Mask having precedence over the trustee rights, but only if the user has directory access
rights in the first place. In all cases, a file attributes right of read-only will take precedence
over a user's EFFECTIVE RIGHTS.
F-30
-------�
Installation Guidelines
DOS prompt will indicate that the default drive is N: (if the 'LASTDRTVE = M* com-
mand in CONFIG.SYS was used), and the current directory is \LOGIN (the prompt will
be 'N:\LOGIN*).
F.4.5 NETWARE Basics - Directories, Security, Users, and Groups
Prior to running any of the network management software, you should understand
how DOS directories are organized, the basics of NetWare security, and the concepts of
users and user groups.
The DOS manual provides information about directory organization. The NetWare
User Reference, Part 1: NetWare Basics manual provides additional information about net-.
work directories, network security, and users and user groups. The information in this
manual is essential for proper management of the file server and users, and you should
familiarize yourself with it before proceeding any further.
F.4.5.1 Network Security
Security, or the ability to control who may access particular information (directories
and files) is crucial in a multi- user environment NetWare provide four levels of security
access on the network. They are:
(1) Login/Password Security
(2) Trustee Security
(3) Directory Security
(4) File Attributes Security
On a typical network with several users a combination of these security methods will
be in effect
(1) Login/Password Security
Login/Password security determines who may access a particular file server; and thus
access information on the server. Login security applies to all users. Each user must have
a login or ID that has been assigned by the network supervisor. Typically, a user's first in-
itial and last name is used as a login name. The user login name gives the user the access
right to the file server. Passwords should be assigned or setup for each user. Each user
can change his/her own password. Users should be encouraged to change their passwords
at least every three months. When LOGIN is performed, the name and password are asked
for. If either is incorrect, the LOGIN fails. However, the errant user doesn't know which
is incorrect, and both the name and password must be resubmitted. Although this can cause
consternation, it also provides a little more security.
(2) Directory Access (Trustee) Security
Trustee security is Novell's terminology for directory access security. Directory ac-
cess security enables or disables a user to access a directory and the files within that direc-
tory. Using a combination of the trustee rights for each user and each directory, the
majority of the security required for most networks can be achieved.
F-27
-------�
LAN Technical Manual
Without access rights a user may be able to access the server but will not be able to
access anything on the server. The network supervisor is the most powerful user on any file
server, having access to all directories on the server. Therefore, the network supervisor
typically grants users access to individual directories. Access rights can be granted to in-
dividual users, or to a group (defined below) to which the user belongs. Access to a direc-
tory gives access to all subdirectories within that directory.
Because most users will have their own directories on the server and each user will
generally be using the server for specific applications, granting trustee rights is the simplest
and most direct method of granting and restricting access to directories and applications.
The NetWare menu utility SYSCON allows the SUPERVISOR to assign the various
access rights to be assigned to users and groups. Eight different types of access rights allow
a variety of combinations for directory security. These different rights include:
R- Read from open files
W - Write to open files
O- Open existing files
C- Create new files
D - Delete existing files
P - Parental, which allows the trustee to:
a) Create, rename, and erase subdirectories of the directory 4
b) Set trustee and directory rights in the directory
c) Set trustee and directory rights in the subdirectories
S- Search the directory
M - Modify file attributes
Any combination of the eight access rights can be assigned to a user. However, cer-
tain combinations of the access rights will not make sense. For example, it would be use-
less to assign a user Create access if the user did not also have Write access. However,
Read access without Search access would mean that a user can run a program that he has
been informed or instructed about, but cannot perform a directory listing to see what is
available in that directory. If a user is given trustee rights in a directory, those rights ex-
tend through all subdirectories of that directory, until the rights are redefined at some lower
level
On a typical network, trustee rights can be described as falling into the following
categories.
• All users will have all eight access rights within their own, private directories.
F-28
-------�
Installation Guidelines
Novell NETBIOS.COM and ANET3.COM were generated for your workstation(s)
during the operating system generation. They can be found on the GENSH1 diskette. To
use them, they need to be copied to your working disk: the NETWORK BOOT FLOPPY
(for floppy based system); or to drive C: (for hard disk systems). These files should be
placed in the root directory of the appropriate disk. To do so, insert the GENSH1 diskette
in floppy drive A:, and type:
• for floppy based systems -
COPY AiNETBIOS.COM B:
COPY AiANETS.COM B:
(inserting the NETWORK BOOT FLOPPY when needed)
• for hard disk based systems -
COPY AiNETBIOS.COM C:\
COPY A:ANET3.COM C:\
The LAN Administrator can create one copy of the the NETWORK BOOT FLOP-
PY and distribute it for all workstations, either to use or to copy to hard disks. When copy-
ing to hard disks, be sure that if a CONFIG.SYS file already exists, any necessary lines in
the old file are retained in the new copy of CONFIG.SYS.
F.4.3.3 Starting (Booting) the Workstation
There are two methods of loading the network shell software. If you plan on using
the workstation for tasks that do not involve the network server, then you can manually
load the network shell software on an as needed basis. If you intend to use a particular
workstation solely for network use, then it is a good idea to automate the loading of the
network shell software. The EPA network MENU system will prompt users through the
login procedures. However, the manual loading method should be known to all network
users.
The procedures for installing the necessary levels of interfaces are different for the
two types of personal computers that we have within the Agency. The Epsons and other
PC/AT-compatibles which are running DOS 3.1 or 32 will have a program called TOK-
REUI loaded as part of the AUTOEXEC procedure. The PS/2 servers and bridge proces-
sors available through the SMA contract run DOS 33, and they require a slightly dlffernet
setup. The interfaces for them, part of what's called the IBM LAN Support Program, are
installed in the CONFIG.SYS file automatically by running a program called DXMAHX
To manually load the network shell software, you need to first run the NIC driver
program, the NETBIOS.COM program, then the ANET3.COM program. This is done
simply by typing:
DXMAID (or TOKREUI) (Enter)
NETBIOS (Enter)
ANET3 (Enter)
You should see the network shell being loaded.
F-25
-------�
LAN Technical Manual
To automate loading the network shell software, you need to create a file named
AUTOEXECBAT in the root directory of the boot disk. The AUTOEXEC.BAT is a DOS
batch file; a batch file is a text file containing commands that are executed in sequence as
though they were typed at the keyboard. The AUTOEXECBAT is a special batch file that
is automatically run (if it exists) each time DOS is booted. Use the Wordstar nondocu-
ment feature to create a file containing the following lines.
(TOKREUI - for PC/AT-compatibles. Omit for PS/2 systems where you have run
DXMAID.)
NETBIOS
ANET3
Thus, to load the network shell, DXMAID (TOKREUI), NETBIOS and ANET3
must be executed. To run them manually, simply type the program names. To automati-
cally run the network shell each time DOS is booted, create the AUTOEXECBAT con-
taining the shell program names.
F.4.4 Test Access of Server Resources From Workstation
In order to test the access of server resources from a workstation, you will need to:
(1) boot the network server; and (2) run the network shell software on a workstation. Once
these two conditions are satisfied, the workstation is said to be attached to the server.
However, to access the server resources, the workstation user must 'login' to the server.
The process of logging in to the network server performs several functions. When a
workstation logs in the server, the server assigns a number to the workstation. This num-
ber is assigned dynamically; the sequence of workstations logging in to the server has more
to do with determining the workstation number that the physical location of the worksta-
tion. The workstation number is one method that the network server uses to keep track
of where information is coming from and where it is being sent The other method is deter-
mined by the network interface card address, which is stored on a read-only memory chip
on the network interface card. Each network interface card has a unique address, and for
practical purposes cannot be modified.
The process of logging in to the server is accomplished by executing the command
'LOGIN name* (where name is the network user access name). If you do not specify a
name on the command line, then a prompt will ask you to enter a name. Only valid names
which have been configured on the network server are allowed. When the network operat-
ing system was installed on the server, NetWare configured two users. The names of these
two users are SUPERVISOR and GUEST. The SUPERVISOR logon name is intended
for use by the person who has the responsibility to manage and maintain network usage.
Because the SUPERVISOR has complete access on the network, use should be restricted
to the LAN Administrator and his/her backup only. The GUEST logon name is intended
for use by persons that will only access the network on an occasional basis, and should have
very limited access rights.
To log in to the network, type 'LOGIN SUPERVISOR.' NetWare will display mes-
sages which describe the current drive/volume configuration. After logon is complete, the
F-26
-------�
Installation Guidelines
The procedure for installing and configuring an individual workstation consists of:
(1) Starting the network server,
(2) Booting DOS from a workstation;
(3) Creating or modifying the CONFIG.SYS file for the workstation to adapt it for
the network operating environment;
(4) Loading ANET3 from the GENSH1 diskette to the workstation boot disk(ette);
and
(5a) running ANET3, or
(5b) creating an AUTOEXECBAT file to load network shell, and rebooting the
workstation.
If the network operating software has been properly installed, then booting the net-
work server is as simple as turning it on.
F.4.3.1 TTie CONFIG.SYS Fife
When a PC is powered on (or rebooted suing CTRL-ALT-DEL), DOS reads a spe-
cial file in the root directory which tells it how to configure the system for the desired opera-
tions. The number of open files, the number of buffers available to DOS, and the last local
drive are among many parameters which can be modified by editing this file.
Many programs that run under the DOS environment often require that several files
be open simultaneously. Additionally, the network shell running on a workstation requires
added file access. The default DOS number of open files is 8. A value between 20 and 40
will result in better performance for network use.
DOS will also allocate a specific number of buffers to be used in storing the most
recently transferred data between memory and the disk. The more buffers DOS has, the.
more data is in memory, and the fewer disk I/O requests are necessary. The default DOS
number of buffers is 2. A value between 16 and 30 is appropriate for most network use,
depending on the applications which will be run from the workstation. If a user complains
of poor network disk access performance, you should increase these values.
Normally, the number of local drives on a workstation would not affect the name of
the first network drive. The default man'mnm local drives is E:. Thus, the first network
drive is called, by default, F:. If, however; a workstation has a number of peripherals (drives
or RAM disks) that extend to drive letter F: or beyond, the first network drive would be
shifted down (e.g. to L:) to accommodate the local drives. In order to make the network
access more consistent across all workstations, it is appropriate that the first network drive
be accessed by the same drive letter at all workstations. One approach to standardizing on
the network drive would be to name it N: (for network). In order to do this, you need to
tell DOS what the maximum letter for local drives is; this wfll determine where the net-
work drive letters will begin. To name the network drive N:, the last local drive letter must
be M:, accomplished by the command LASTDRIVE=M in the CONFIG.SYS file.
F-23
-------�
LAN Technical Manual
The CONFIG.SYS file is a standard text file. Use the Wordstar nondocument for-
mat, or the WordPerfect text in/out feature to create a standard ASCII text file which con-
tains the following command lines:
FILES = 24
BUFFERS = 20
LASTDRIVE = M
Note that the CONFIG.SYS file must reside in the root directory of the drive from
which the system booted (A: if a floppy system, or C: if a hard disk system). The parameters
and use of the CONFIG.S YS file are explained in detail in the DOS manual. Refer to the
index for CONFIG.SYS. The workstation must be re-booted (with CTRL-ALT-DEL) for
DOS to recognize the changes made in the CONFIG.SYS file.
CONFIG.SYS can also contain commands which load special files, called "device
drivers" into memory, making them part of DOS. Examples of this type of file are
ANSI.SYS and VDISK.SYS which come with DOS. ANSI.SYS, when loaded, allows
programs to send a standard set of control sequences to the screen, which in turn affect the
characters and attributes which are displayed. This is particularly useful for applications
such as communications programs which may have originally been written for some other
computer. The VDISK.S YS file makes part of RAM memory appear to the user as if it
were a disk drive. Other uses include print spoolers, special graphics display protocols,
and communications interfaces.
The network interface card is a communications device, allowing the PC to "talk" at
4 million bits per second with other PCs on the LAN. Suffice it to say that getting infor-
mation from an application program to the LAN is quite complex (otherwise we wouldn't
have had to bother with this manual at all). There are essentially three layers
F.4.3.2 The Novell Netware Shell
After the CONFIG.SYS file has been created, the last step involved in configuring a
workstation for network use is to copy the Novell network basic input/output system (NET-
BIOS.COM), the network shell (ANET3.COM), and the NIC driver program to the boot
disk. On the PS/2 Models 50 through 80, the NIC driver program is named
DXMAID.COM, on the PS/2 Model 30 and AT class machines (such as the Epson Equi-
ty m +) the NIC driver program is named TOKREUI.COM. The NIC driver is a program
^at provides a means to communicate between NETBIOS and the network interface card
The NETBIOS.COM file and the ANET3.COM files are programs that run concurrently
with DOS on a workstation. They determine if workstation commands require network ac-
cess, and perform the appropriate action if necessary.
The NIC driver is distributed on the IBM NETWORK SUPPORT SOFTWARE dis-
kette, and should be copied to the boot disk by inserting the diskette in drive A:, and typing:
. for floppy based systems - COPY A:TOKREUI.COM B: (inserting the NET-
WORK BOOT FLOPPY when needed)
• for hard disk based system - COPY A:TOKREULOOM C:\
F-24
-------�
LAN Operations
Clear Lotus Files
DEL \PUBUC\LOT1
DEL \PUBUC\LOT2
DEL \PUBUC\LOT3
The number of DEL commands should equal the number of concurrent copies al-
lowed. Note that this command should never be executed when other users are on the net-
work.
As LAN Administrator, you should become familiar with these and similar functions
available under the MENU system. Mastering the MENU system can greatly simplify the
use and management of the entire network.
G.3 PRINT SERVER MANAGEMENT AND MAINTENANCE
Accessing files on a network disk server is generally considered straight-forward by
most users because it is done just like local disks once the login scripts have been adapted
to each user's particular needs. Likewise, file server management will require only a small
portion of the LAN Administrator's time during routine operations. A shared printer, on .
the other hand, will require regular, frequent attention, and variations in its use can be :
much more noticeable to the users than loading differences on the network disks. Users'
rancor will demonstrated when they are waiting for output or discover that a big job has
not printed because the printer was out of paper. Service that the printer requires includes:
• Regular checking of the printer paper in tray for laser or letter quality printers;
• Regular checking of the paper box level for dot matrix continuous form printers;
• Regularly separating the print jobs from the printer's paper out tray, and storing '
each user's print jobs in appropriate out baskets located in the printer room; *
• Regular checking of the toner level indicator on laser printers. Visual inspection
of print quality may help determine the status of toner in laser printers;
• Regular checking print ribbons for letter quality or dot matrix printers; and
• Printer supplies inventory should be checked weekly for paper, toner, ribbons,
and special forms. Extra paper, toner, ribbons and forms should be stocked at all
times.
Routing output to the printer server will cause the users some initial concern, and
many of the LAN Administrator's routine user-assistance duties will involve the printer. •
Some management considerations and strategies are discussed here.
G.3.1 Printer Server Operation*
NetWare provides for five standard printers on a file server, two are parallel, and up
to three serial printers. Appendix F discusses the parameters for standard and custom con-
figuration for each of the network print devices.
Additionally, network workstations may have local printers attached. These local
printers can be used in the normal way, even while a user is logged into the network. The
G-13
-------�
Volume II- LAN Technical Manual
usual commands for printing through DOS, the Print Screen function, or application print-
ing will send output to the local printer.
To use a network printer, the SPOOL command must be executed. The SPOOL
command tells NetWare to intercept any print job and send it to the network print spooler,
which is a special area on the file server hard disk. Multiple print jobs are stored in the
spool area in a sequence called the "queue." Care most be taken to execute the SPOOL
command prior to entering an application program if you want print jobs from the ap-
plication to be rooted to a network printer. Without parameters, the SPOOL command
routes output to the default network printer. Network printers are numbered beginning
with 0 (zero). "Zero" is the first and the default network printer. Thus, issuing the SPOOL
command by itself sends data to network printer 0. To send print output to network printer
1, the command would be SPOOL/PI, network printer 2 would be SPOOL/P2, and so forth.
Several other parameters can be specified on the SPOOL command line. For ex-
ample, the command SPOOL/P2/C4/NB directs the system that 4 copies be printed on net-
work printer 2, without banner pages printing. The banner page will print unless otherwise
specified, as in the example. The banner page is useful in separating user print jobs.
Once the SPOOL command has been issued, the application can be used for print-
ing just as in a single-user environment Output from the application is sent to the network
spooler on the file server hard disk. However, the NetWare spooler will not release the
print job for printing until the spooler receives the ENDSPOOL command. When Net-
Ware receives the ENDSPOOL command, the print job is executed. The most effective
way to implement these required functions is either in DOS .BAT files or as pan of a
MENU selection. •
An alternative method of releasing a print job for printing is to specify the TIMEOUT
parameter on the SPOOL command line. For example, the command
SPOOL/TIMEOUT=30 informs the spooler that the print job is finished after a 30 second
interval with no information received from the workstation. The spooler will automatical-
ly send the data to the network printer after the time has expired. The amount of time to
wait can be specified according to the particular application being executed.
TIMEOUT = 15 is sufficient for WordStar because it sends its printout in a steady stream,
and this is actually an effective way to separate print jobs without having to leave and re-
enter WordStar. NDPD experience has shown that TIMEOUT should be set to a mini-
mum of 30 for dBase UL
Note that all parameters for the SPOOL command should be executed on one com-
mand line. SPOOL/C2/NB/nMEOUT=45 is a valid command. If SPOOL/C2 is issued
followed by SPOOL/TIMEOUT=45, then the latter command is the only one in effect
The ENDSPOOL command is also used to finish all network printing activity at a
workstation. After the ENDSPOOL command is issued, subsequent print jobs will be
routed to the local printer.
G-14
-------�
LAN Operations
G.3.2 Print Job Management
Once print jobs have been sent to the network spooler, the QUEUE command can
be executed from workstations to list or delete print jobs from the print queue. Each user
can only affect his or her jobs. The file server console provides additional functions for
managing the spooler. The command REROUTE PRINTER allows print jobs to be
redirected from one network printer to another. KILL PRINTER 2 stops network printer
number 2 and erases all print jobs from the printer's queue. KELL QUEUE 13 removes
the third print job from the print queue for network printer number 1.
Special file server console commands are available which aid in the management of
forms for networked printers. "FORM CHECK 1" causes a row of asterisks to be printed
at the top of of form in printer number 1. This command is useful when various forms are
used and a printer must be repeatedly adjusted. "REWIND PRINTER 15" stops printer
number one, backs up 5 pages in the file being printed, then restarts the printer. This com-
mand is useful when paper has become jammed in the printer, and part of the output needs
to be reprinted.
G.3.3 Sharing Network Printers
Many networks will have more than one printer attached to the file server available
to users. In most situations, one of the printers will be a high quality output device, such *
as a laser printer, and another printer will likely be a draft quality device, such as a dot
matrix printer.
Since the output of a laser printer is much better than that of a dot matrix printer and
it is much faster than a daisy-wheel printer, most users, if given the choice, will opt to print
on the laser printer. Dot- matrix or daisy-wheel printers may be used to print special forms
such as continuous-form labels or multi-part forms.
The LAN Administrator should determine if networked printers are becoming bot-
tlenecked by regularly looking at the print job status with the QUEUE program. If most
print jobs are regularly scheduled for printing on only one printer, a second printer may be
needed, or a faster printer may be needed.
G.3.4 Separating Print Jobs
Even on small networks, simultaneous print jobs end up stacked together in the paper
out tray of printers. The easiest method of separating different print jobs is to use the Net-
Ware spooler banner page, which is printed by default The banner page prints the user
login name in large stylized letters, along with the date and time of printing.
Laser printers require regular paper feeding; the capacity is 100 to 200 sheets at a
time, although a high-capacity printer is available from the SMA contract that holds up to
500 sheets at a time. This means constantly checking and filling the printer's paper-in tray.
Network printers will most likely live and work in or near someone's office, possibly that
of a secretary. It is easy to presume that the secretary can be responsible for keeping paper
in the printer. However, most secretaries have other tasks to perform and a heavily used
printer could require attention that would degrade other office duties. Also, a variant of
Murphy's Law states that a designated paper changer will not be in his/her office when the
G-15
-------�
Volume II • LAN Technical Manual
paper runs out One simply policy would request that, since most people take regular
breaks from their work to visit the water fountain or restroom, a detour past the printer to
check the printer status light would not only keep the printer fed, but would allow users to
get a little exercise and contribute to the efficient operation of the LAN.
A simple but effective practice for handling output is to install paper-out trays in the
printer room for all network users. The person checking the printer could then separate
the print jobs in the appropriate paper out trays. If a continuous forms printer is being
used, the print jobs for that printer could be handled in a similar manner.
G.3.5 Managing Production control - Special Forms and Large Jobs
The handling of special form paper requires that the standard paper be unloaded,
the special form loaded, a test pattern may need to be printed, the forms print job sub-
mitted, the printing checked, and the standard forms reloaded.
Network printing on special forms requires special attention to the print queue. Be-
cause the spooler continuously prints queued jobs, printing special forms intermixed with
regular print jobs in the queue is a haphazard, if not pointless task. When printing special
forms on the network, the print job should be the only queued job in the spooler. The
beginning and end of the day may be the best time to attempt printing special forms. Al-
ternatives would be to print the special form job on a local workstation printer, or if a net-
work printer can be devoted to one task, a dedicated special forms printer could be
available on the network at all times.
Large print jobs create their own problems, particularly when a number of people
share a single printer. User frustration and loss of productivity result when writers find
themselves parked beside the printer waiting for their output For this reason, long reports
or lengthy documents should be held for designated "printing windows." If user demand
is great, the simplest solution to this problem is probably acquiring a second high- speed
printer and designating one to be an "express" printer with no jobs SPOOLed to it that are
greater than 10 pages long.
G.4 COMMUNICATIONS GATEWAYS MANAGEMENT AND MAIN-
TENANCE
Once the communications links have been installed and tested, very little main-
tenance should be necessary to keep the links functioning property. Reconfiguration to
add new users or to optimise performance would follow the procedures described in Ap-
pendix F.
The two types of links that may exist on your network are the Asynchronous Com-
munications Server and an SNA gateway. As part of the on-going daily operations, these
links should be tested to confirm they are working property at the beginning of each day.
This task can be assigned to someone who would normally be using the gateway. The onty
duty would be to report any problems to the LAN Administrator.
G-16
-------�
LAN Operations
G.5 SECURITY MANAGEMENT AND MAINTENANCE
Security has been defined in Chapter ^Administration, as system reliability and data
confidentiality and integrity. System reliability is maintained by conforming to these
guidelines, particularly in the areas of site preparation, installation and testing, and file
server backup. Without properly installed LAN components and cabling, erratic network
behavior is almost guaranteed.
Data integrity, data that is correct, is maintained in similar fashion — by adhering to
these guidelines as they instruct you in the areas of applications programs installation and
testing. Data confidentiality is directly proportional to the vigor with which user passwords
and access rights are guarded and managed. One tool which the LAN Administrator has
available for monitoring data access on the network is LANTrail from the SMA contract
This package can provide you with a log of all system accesses, and therefore can be ex-
tremely valuable as an aid in detecting unauthorized access.
Your most potent weapon in this arena, however, is effective training for and adver-
tising to your users. They wUl contribute to your efforts only to the degree that you make
them understand and respect its importance.
»
G.6 APPLICATIONS SOFTWARE MANAGEMENT AND MAIN-
TENANCE
Software on the network can be divided into two types: applications software and sys-
tem software. Commercial applications software includes packages such as WordStar,
Lotus, dBase, FOCUS, and SAS. User developed applications include programs written
in programming environments such as dBase HI Plus. Syste'm software is the Novell Net-
Ware file server operating system, workstation shell programs, and network menu and
command line utilities. Users of the network will work directly with applications software,
but will not have direct interaction with the system operating system or workstation shell
programs, other than to assure they are loaded before attempting to login to the file serv-
er. Network users will, however need to understand the basics of using NetWare menu
and command line utilities.
The LAN Administrator is responsible for ensuring that applications and system
software perform as expected, that users have proper documentation and training on the
use of the software, and that users have access to technical support for specific questions
regarding the software.
G.6.1 Applications Software
The responsibilities of the LAN Administrator concerning network use of applica-'
tions software include the installation and initialization of applications software and
databases, and ensuring the integrity of applications sharing.
G-17
-------�
Volume II • LAN Technical Manual
G.6.1.1 Application Installation and Initialization
Information regarding how to configure the file server directory structure for applica-
tions, install applications on the file server, and initialize applications data files has been
discussed in Appendix F and in Section G2 of this appendix.
Any application that is intended for use by normal, non-SUPERVISOR, network
users should be given access through the NetWare MENU program. Section G2 discus-
ses the use of the MENU program to automate applications loading. Additionally, the
sample MENU script at the end of this chapter should be used as a reference for modifica-
tion that may be needed to the MENU script as supplied by SMA.
The LAN Administrator must be cognizant of licensing agreements on specific
software. For example, if three copies of Lotus have been purchased by your workgroup,
then the MENU script should check that only three copies of Lotus are in use simultaneous-
ly by network users. The sample MENU script contains a specific example of how this is
accomplished, using Lotus to illustrate the technique.
If personal programs, or other applications exist that should not be listed on the net-
work MENU system, the LAN Administrator should install the programs in appropriate
directories and train the users on using the programs from the DOS command line prompt
Access can be restricted by adding individual or group trustee rights for the appropriate
users.
If applications exist on the MENU system, but restricted access to those programs is
desired, the LAN Administrator can simply create a special group allowing access rights
to the applications directories and adding the appropriate users as members of that group.
Group membership is discussed in detail in Appendix F and in Section G.2 of this chap-
ter.
G.6.1.2 Application Sharing
In terms of using applications software on the network, there are basically two types
of software: single-user applications and multi- user applications. The distinction between
the two types of software is in how data files are used. If the data files are used by only one
person at a time, the application is single-user. If more than one person can use the same
data file at the same time, the application is multi-user.
Some vendors sell network specific versions of their software, but these are still
primarily single-user applications. For example, word processors, and spreadsheets are in-
herently single-user; only one user should be working with a single document or spread-
sheet at a time. The difference between single-user and network specific versions of word
processors and spreadsheets is that the network specific versions usually include a section
of code that is resident on the file server to control various user configurations and to per-
form the file server I/O.
True multi-user applications, such as dBase HI Plus, execute on each user's worksta-
tion, but control simultaneous access to records in a data base stored on the file server
through file and record locking processes.
G-18
-------�
LAN Operations
Most of the single-user software packages recommended by the Agency will allow
multiple users to execute the application simultaneously. It is therefore up to the user and
the LAN Administrator to restrict access to data files used by these applications to a single
user at a time.
The NetWare FLAG utility allows temporarily restriction of file access for user ap-
plications. The FLAG utility can be executed via menu batch commands for each applica-
tion, allowing the file locking procedures to be transparent to the user. Files are normally
created as Non-Shareable/Read- Write. If they are to be shared, FLAG is needed, if not,
the protection is there by default However, due to the nature of multiple users, it would
be safest to not assume the condition of files other users may have left The Novell MENU
script, available from SMA or NDPD, includes an example of the use of FLAG from the
network menu.
G.6.2 Distribution of Manuals
An important issue, often overlooked during LAN implementation, is documenta-
tion for using applications software and network utility programs. Users will doubtless
have questions concerning the use of applications and network utilities. Since the majority.
of questions can be answered by reading documentation, it is of special interest to the LAN
Administrator to ensure that access to appropriate documentation is available to all users.
Otherwise, undue time will be spent by the LAN Administrator answering questions, or
worse, showing users what an index or table of contents is, and how they are used.
All single-user applications packages are sold with only one copy of documentation.
Some multi-user applications packages are sold with several copies of documentation. The
Novell NetWare documentation contains only one copy of each manual per installation.
Some software vendors allow the purchase of multiple copies of the documentation.
MicroPro, for example, allows users to buy the documentation for WordStar at a greatly
reduced priced. The solution then, is to create a library for applications and NetWare
documentation so that all users are allowed common access. If needed, and if the vendor
complies, multiple copies of documentation for specific applications can be purchased.
Depending on the number of users, multiple copies can either be distributed, or stored in
the common library. Ideally, a log should be kept, so that users can sign out for documen-
tation to take back to his/her own office, which is where it is most likely needed. The dif-
ficulty of such a system is in getting users to return the documentation to the common
library. If a policy is established and users adhere to that policy, such a system can be ex-
tremely effective.
G.6.3 User Training
There are two areas of concern to the LAN Administrator regarding user training
First, users must be competent in the use of the network MENU system, NetWare menu
utilities, and NetWare command line utilities. Second, users must be aware of the differen-
ces in running applications on the network, whether they are single-user or multi- user ap°~
plications.
G-19
-------�
Volume II - LAN Technical Manual
It is obvious that the LAN Administrator will be asked, from time to time, for help
on specific problems. However, a great many of the "start-up" problems inherent to new
network users can be overcome by demonstrating the use of the network in a class environ-
ment.
Because of the number of issues involved in networking, it is best not to cover all
aspects of using the network in a single class. Instead, a separate one or two hour class
should be devoted to each topic. This not only helps keep the user's attention, but doesn't
overload them with too much information at one time.
Possible topics for separate classes include:
Signing on and using the network MENU utility
Printer functioning and maintenance
NetWare command line utilities
NetWare menu utilities
Managing public and private data files
Communication gateway functioning and management
Use of specific applications software on the network
Additionally, copies of this guide could be distributed to each network user. Though
much of this guide contains information not relevant to daily use of the network, users will
benefit by having access to the information. As a LAN Administrator, it is better to have
informed users than ignorant users. Informed users will be better able to assist you in keep-
ing the file server organized and functioning properly.
G.6.4 Application Administration
Appendix F and Section G2 of this chapter provide instructions and tips for install-
ing and initializing applications for use on the network file server. The primary daily task
of the LAN Administrator concerning applications is to ensure that the programs work as
expected.
In this regard, the LAN Administrator should verify each of the items in the follow-
ing checklist on a regular basis.
• Menu choices should work as expected; applications load and when exited, the
network menu should reappear.
• Menu choices that invoke applications with copy counters should be tested on
multiple workstations to confirm that the menu script works as expected.
• Applications that are not on the network menu should load and work as expected.
• Applications that load by executing the FLAG command for program and/or data
file security should be tested by attempting simultaneous access. The worksta-
tion attempting access second should receive a message indicating the non-ter-
rible status of the files.
• Applications that share data files (true multi-user programs) should be tested to
confirm data integrity during multiple access of the same data file and/or records.
G-20
-------�
LAN Operations
If any problems exist in regard to applications functionality, the program's configura-
tion should be checked. Appendix F and section G2 and section G.5 of this chapter provide
information concerning how applications should be installed to conform to the appropriate
access methods.
When removing applications from the network, the following checklist should be
used as a guide.
• All program and data files should backed up to tape.
• The program and data files (if appropriate) should be deleted from the file serv-
er.
• The directories for the applications should be removed from the file server using
the DOS "RMDIR diraame" command.
• The MENU script file should be edited to reflect the removed application.
• Trustee rights and security equivalences for the applications directories should
be deleted or edited to reflect the change.
• Drive and Search mappings should be edited in both the SYSTEM LOGIN
SCRIPT and USER LOGIN SCRIPTS (the SCRIPT.LOG include file) to reflect
the removed application.
• Standard logins should be tested to confirm that drive/search mappings, direc-
tories, group and trustee security, and the network menu function as expected.
G.6.5 Production Control
A "job" in this discussion is meant to indicate any program execution submitted by a
user. There are two classifications for identifying jobs on the network. First, jobs can be
classified as production work or development work. Second, jobs can be classified accord-
ing to the type of resources they use. The resource tasks used by jobs can be further defined
as being compute intensive, disk intensive, and print (or other I/O) intensive.
Almost all network jobs can be classified as production type. This means they are
part of the normal "producing" of information. Development jobs are part of the process
of testing out programs and datasets, correcting problems, and resubmitting them until
they work as desired.
Development jobs must usually be performed during the normal work day. Whatever
resources are compromised as part of the development process are the prices that must be
paid. If possible, development work can occur outside of production work hours.
However, the LAN Administrator should be prepared to compromise network resources
during the development phases of tasks.
Production jobs should be monitored by the LAN Administrator for possible net^
work resource competition. If a single production job tends to take over the file server, or
if the printer is tied up for one or more hours, the rest of the network suffers. A solution
to large production jobs is to schedule them, if possible, to run at the end of normal work-
ing hours, on weekends, or during designated hours on designated days.
G-21
-------�
Volume II - LAN Technical Manual
G.6.6 Software Upgrades
All commercial applications software and network software should be registered with
the vendor as soon as it is verified that the software functions properly. Vendors will then
inform registered owners of any upgrades available.
When notices concerning upgrades for software are received, the LAN Ad-
ministrator should review the enhanced functionality gained by ordering the upgrade. If
the enhancements are of value to network users, the upgrade should be ordered and in-
stalled on the network, If the enhancements are not pertinent for your installation, the
LAN Administrator may choose to wait for future upgrades.
However, the best rule is to maintain the latest version of software whenever pos-
sible. If technical support from the vendor is requested, the vendor will generally assume
you are working with the latest version. Once it is clear you are working with a previous
version, the vendor support person will promptly suggest that you get the upgrade; it may
solve your problem. Right?
Compatibility with other users is another reason to maintain the latest version of
software. When data needs to be exchanged, it is safest to presume that other users will
also be maintaining the latest version of software.
One other reason for keeping your software upgraded is the degree of difficulty in
upgrading beyond single increments in software versions. If you skip minor release
upgrades and later decide to upgrade for a major software release, the technical difficul-
ties may be greater than they would have been if the software had been kept upgraded.
G.6.7 Installing Software Upgrades
Software upgrades for network use fall into several classifications. They include:
• Operating system upgrades;
• Server-based applications, which can be either single-user upgrades, or multi-
user (LAN) upgrades; and
• Workstation based applications upgrades.
The following checklist should serve as a guide when making server-based software
upgrades.
• Always make a archive tape backup of the old software and data files associated
with the software before upgrading.
• Make sure all other users have logged off the file server before beginning the
upgrade procedures.
• Most software packages contain an install utility or instructions for performing
upgrades from previous to current releases. Always follow the install instructions
to the last detail
• If upgrading from single-user to multi-user versions of software, check whether
a conversion needs to be run on the application's data files. If so, then proceed
as per the instructions.
G-22
-------�
LAN Operations
• If upgrading operating system software, verify that all operations perform as ex-
pected after the file server has been rebooted.
• If upgrading applications software, check that it performs as expected. Also,
check that the network menu works properly, some software upgrades may in-
volve name changes for the executable files.
Software upgrades for programs that reside on workstations should always be per-
formed when the workstation is in standalone mode, Le. not logged into the file server.
(E.g., WordStar changed from WS.COM in its 331 release to WS.EXE in 4.0. This has
caused problems for users of the EPA BASIC Menu System.)
Information about upgrading EPA-developed custom applications can be obtained
by contacting support personnel at NDPD.
G.7 TECHNICAL SUPPORT MANAGEMENT
In isolating problems and finding solutions, the guidelines below should be reviewed.
If the suggestions provided do not resolve your problem, contact support personnel at
NDPD for corrective actions.
G.7.1 Hardware
Hardware problems may involve the network file servers, printers, communication
gateways, and workstations. The following discussions are provided to aid in determining
possible problem areas for each type of hardware device.
«
G.7.1.1 File Server Performance
• Problem: Network Runs Slowly
Check the server MONITOR program. If the server utilization is running high
(80%), check each workstation's MONITOR window. If any of the workstations appear
to constantly attempt redundant I/O, ask the user to exit the suspicious task. If perfor-
mance improves, aid the user in determining the reasons for the program operating in a
degrading manner.
Ask users to log off the file server. Use the server MONITOR program. Look for
the server utilization figures. If the server is running constantly above nominal levels
(around 10%), try bringing the server DOWN, and rebooting.
Check the network cabling system. If any new electrical devices such as fluorescent
lights, copy machines, or typewriters have been installed, turn those devices off to see if
performance improves. If necessary, the cable may be shielded, or the other equipment
moved.
Check the network print queue. If too many jobs have been submitted, the system
could bog down in management of those print jobs. Delete some of the jobs from the queue
and ask the user to resubmit.
6-23
-------�
Volume II • LAN Technical Manual
• Problem: File Access or Loading Errors
The file server hard disk may occasionally develop bad spots. When these occur, the
best temporary solution is to attempt to copy the offending file, then rename it
"BADBLK.XXX". This keeps the disk sectors from being used. Then load a fresh copy of
the file from the original disk or backup.
Commercial and public utilities that attempt to lock out bad sectors may have dis-
astrous effects on a NetWare COMPSURF formatted hard disk. These utilities should be
avoided on the file server. However, if a workstation's disk develops similar problems,
utilities such as MACE or the Norton Utilities may be used to recover or mark damaged
disk sectors.
• Problem: Workstation Locks Up During Use
Some programs, especially older ones, do not inform the user that the program is
performing computing or I/O operations. Always allow ample time, depending on the ap-
plication, for a program to complete its functions. Otherwise, the workstation may need to
be re-booted.
• Problem: File Server Does Not Boot
First, check that the power cord, monitor cables, and keyboard are all plugged in.
Next, check that the server power supply is running. If necessary, remove the cover
to the file server (with the power turned off). Turn the machine on. The power supply fan
should be spinning. If not, then the problem is a faulty power supply. This is not major. It
simply means replacing the old supply with a new one. Contact support personnel at SMA
for replacement information and instructions.
If the power supply appears to be working, turn the machine off. Check the cables
leading from the power supply to the computer's motherboard. Next check the cables lead-
ing from the power supply to the disk drives. Make sure all cables are secure. Turn the
machine back on.
If the file server still refuses to boot, try to reboot with a floppy diskette. The file
server may need to be reformatted. Refer to Appendix F for instructions on formatting
and installing the NetWare operating system. (This will demonstrate why you make back-
ups!)
If reformatting does not work, or if you prefer, call support personnel at SMA or
NDPD for instructions on repair, or for return authorization.
The big questions is: Did you back it up yesterday? If you answer "no" to this ques-
tion, then you have a problem. If you answered "yes," then you may be frustrated, but the
problem can be resolved.
If you have to send the file server back for repair, consider removing the tape back-
up from the file server first This way, if the repair time is greater than you can wait, an op-
tion would be to install the tape drive in another computer. To prepare the new computer
G-24
-------�
LAN Operations
for use, refer to Appendix F for instructions. After NetWare is operational on the new
computer, the latest tape backup can be restored.
If you have received a repaired file server, first check to see if it boots. Then check
to see if all files are on the hard disk. Sometimes, repair involves either reformatting the
disk or replacing the drive. If it appears as though your files are missing from the returned
drive, install the tape software, then restore your files from the latest full system tape back-
up.
G.7.1.2 Network Printers
All network printers should be checked at the start of each work day for proper
functioning. In the event a network printer does not work, the following tests should be
performed:
• Check that the printer power cable is plugged in.
• Check the printer parallel or serial cable is properly connected to the file server
port
• Check that the printer power-on or self test works properly.
If, after performing these tests, the printer still fails to work, the LAN Administrator
should call the appropriate server representatives for repair.
G.7.1.3 Communications Gateways
If either the SNA or ACS gateways fail to connect properly to host computers, the
LAN Administrator should perform the following functions to test possible link failures
on the network.
• If using dial up services, check that the phone connection is working.
• Check that the gateway cabling is properly connected, and that cable plugs are
seated properly in the machine ports.
• Check that the appropriate communications drivers are accessible from worksta-
tions.
• Check that modems are plugged in and working.
• Check that the switch settings for the modems and for the communications boards
are properly configured.
• Check that the configuration for the communications software is property set for
the appropriate host connection.
• If the communications software indicates an attempt to access the host computer,
the problem may reside at the host end of the connection. Call support person-
nel in User Services for the appropriate host connection to request a line status
report If the host line is at fault, then you must wait until the host connection is
available. If the host line is reported to be operational, then repeat steps 1
through 6 above.
6-25
-------�
Volume II • LAN Technical Manual
G.7.2 Software
Problems with software are often related to incorrect drive mappings, incorrect login
script commands, and security inconsistencies. Consult Appendix F for information and
instructions on using the NetWare SYSCON and FILER utilities.
G.7.2.1 User Login Problems
Check the user information in the SYSCON utility. If necessary, the user can be
deleted from the system and added again.
G.7.2.2 User Access Problems
Check the system and user login script commands for drive/search mappings. Drive
mappings should be consistent across all network workstations. Also check that the search
paths are valid for all appropriate directories.
If a user has added additional equipment at his/her workstation, check that the
LASTDRIVE parameter in the local CONFIG.SYS file matches the appropriate number
of local devices.
If a user has trouble accessing certain programs or data files, check that the user has
appropriate access granted via groups or individual access rights using the SYSCON utility.
If a user experiences problems with a program crashing while attempting to access
certain data files, check whether other users are accessing the same program/data com-
binations. If so, then verify that the FLAG utility is being executed properly for all of the
appropriate files.
If a NetWare error message indicates the directory entry limit is being exceeded,
several actions may take place. The size of the directory entry table may be expanded.
Refer to Appendix F for instructions on this procedure. Additionally, unneeded files can
deleted, some of the files can be moved to a less crowded directory, and the number of
groups or users granted access to that directory can be reduced. All of these actions will
increase the available space in the directory entry table for that directory.
If applications do not work as expected, check that the program has been properly
configured and data files initialized, if necessary.
If a user experiences an error message regarding COMMAND.COM not being
found, copy the DOS COMMAND.COM file to the application directory. Some applica-
tions, particularly those that allow a user to exit to DOS during the program execution, re-
quire that a copy of COMMAND.COM is available either in the current directory, or in
the root directory of the boot drive.
If a message stating Incorrect DOS Version appears, it is likely that the user has
booted from a disk containing an incompatible version of DOS. Though NetWare will
function with different versions of DOS, it is desirable to have all workstations working
with the same version. Different versions of DOS require different versions of many of
the DOS utilities, thus increasing the management overhead for the LAN Administrator.
G-26
-------�
LAN Operations
G.7.3 Cabling
Cabling problems can be the most elusive of all network problems. Always first check
that cable plugs are installed and secure.
If any new electrical devices such as fluorescent lights, copy machines, or typewriters
have been installed, turn those devices off to see if performance improves. If necessary,
the cable may need to be shielded, or the other equipment moved.
If local building personnel installed the cable, check with them to see if any recent
changes have been made in the cabling route. If so, find out what they were. If electrical
interference is suspected, attempt to resolve the interference problems by rerouting the
cabling or, better, by removing the cause of the electrical interference.
G-27
-------�
Appendix H - NDPD LAN TSR
-------�
MEMORANDUM
Monday, June 15, 1987
SUBJECT: Detailed Plans and Recommendations for NDPD Token-Ring
Network Installation
FROM: John Shirey
TO: Carolyn Chamblee
Attached is the document you requested. I hope it fills the
bill. Items of detailed planning which it does not address are
minor:
o Specifics of the TSR for the cabling and the contract
with the electricians to install the wall connectors.
o Approval, if required, for the installation of the two
data racks in Rooms A313 and A338.
o Exactly where to place the data connector wall plates
(location on wall and height above floor).
o Specific cable identification and labeling.
o Anixter has sent me catalogs which should arrive mid-
week.
-------�
Local Area Network
Recommendations and Installation Details
for
NDPD/RTP
Prepared for: Architectural Management and Planning Branch
National Data Processing Division
U.S. Environmental Protection Agency
Research Triangle Park, NC
Prepared by: CRC Systems, Incorporated
4501 Alexander Drive
Research Triangle Park, NC 27709
-------�
NDPD-TRN 6-15-87
Page 1
OVERVIEW
NDPD has determined a need for connecting its workgroup
personal computers with a local area network for pilot evaluation,
information sharing, and anticipated future applications. This
document briefly describes the required hardware and software for
the immediate installation of the core system including cabling
for all offices and connecting the personal computers presently
installed.
The pilot network to be installed is the IBM Token-Ring
Network (TRN) with the Novell Advanced Netware/286 network
operating system running on a dedicated IBM PC/AT server. The
token-ring network, as the name implies, has a ring topology.
However, for improved performance, reliability, ease of problem
determination, and orderly expansion, the physical layout is what
is referred to as a "star-wired ring," with the actual cables being
routed to wiring concentrators (called Multi-Station Access Units,
or MAUs, by IBM). The cables will be routed under the raised
flooring to wall outlets in each office. Connections to the 2nd
floor will pass through the conduit located in room A332.
This pilot installation includes all the EPA NDPD staff
offices on the 3rd floor of the ERC, as well as one office, A209,-
on the 2nd floor, which is occupied by CRC personnel involved with
local area network planning and evaluation. A207 will be
established as an equipment evaluation suite for personal
computers, peripherals, and other local area networks. It will ,
house a standalone TRN which may be bridged 'to the NDPD TRN for '
testing. The offices will be connected from three MAU clusters.
Two are located on opposite corners of the 3rd floor in rooms A313
the supplies storage room, and A338, a telephone wiring closet.
The 3rd MAU will be located in room A209
to accommodate the 2nd floor staff offices.
AMPB presently has a 14-node PC Network installed. The file
server is located in the Technical Library, A324, and a shared
laser printer is located in A322 (Cotty Potter's office) and
attached to an IBM PC/XT. Because the Novell Advanced Netware/286
operating system and server software runs only on a 80286 computer
(e.g., IBM PC/AT, Epson Equity IXI+), an additional PC/AT must be
acquired for the file/print server to be located in A222. The
existing PC/AT in the Technical Library will provide the SNA
gateway to the 3090 mainframe.
Expansion of the network to include the Unisys offices on the
3rd floor can be accomplished easily by installing a 4th MAU in an
appropriate location on the wing and running the drop cables to the
workstations to be included. When such a step is anticipated,
server performance should be closely monitored over a period of
time to determine the need for implementing other file and/or
-------�
NDPD-TRN 6-15-87
Page 2
print servers to meet the anticipated additional demands.
performance and/or security considerations may dictate that a
^£ara*em£ing,be estabHshed with a bridge connection between the
two. A TRN ring established for the 2nd floor SDC offices could be
dfd??^J°r>?e^PD ring siailany- Each bridge requires a
™iS£?\.PCwWJ?1 tW° Token-Rin* Adapter Us installed, and with
appropriate bridge software running.
REQUIRED
description, the numbers in parentheses
in the component order list, Table 1.
* dia9ramaatically the components required for the
«of the TRN fo* NDPD. Each PC contains an adapter
M 5 con.nected to the wall outlet with a flexible
Under-floor shielded, dual-twisted-pair cable(io) which
e IBM MType in Cable specification runs from each
!a4Cfnnect?r (3'4) to the MAUs(5) in the wiring
twifted-pair cables are actually terminated in
the ^ connections
The network operating system and server software, Novell
? Netware/286 (17), will be running on the EpsoA Equity
},£fle^?fln? S6rver located in A222. A LAN version of dBase
,19) will also be available on the server. This data base
management system will allow utilization by up to five simultaneous
^T ^C?SWhe 3°9° mainfran* ^r tho.S users who require 1?
can be obtained via the CXI PCOX/Gateway 16(13), which will allow
up to 8 simultaneous sessions in the configuration ordered.
An accurate inventory of cabling and MAUs is maintained in
order to facilitate problem diagnosis and expansion. IBM has
provided numerous guidance documents and materials to assist with
this effort. Attachments to this document provide the detailed
labeling and ring planning for the NDPD Token-Ring Network.
-------�
r Type 2 Cables
Use Type 1
Cables between
Wiring Closets
oo
do oao
oa aoa'
aaaa
aaaa
ODD
aaa
a
aaaa
aaa
aoa
aaa
aaoa
a aao
Wiring Closet
This figure shows only
how the cables are
connected, not how
they should be routed.
Wiring Closet
All Patch Cables
Within Racks Are
8 Feet
Work Area
Figure 1-4. Multiple-Whinf .Closet Installation Assumptions
- For conversion factors for IBM Cabling System types 6, 8,
and 9, see Appendix A. :
— For information on using IBM Cabling System type 5
optical fiber cable, see "Using IBM 8219 Optical Fiber
Repeaters" later in this chapter.
FIGURE It DIAGRAMMATIC COMPONENT DESCRIPTION
-------�
NDPD-TRN 6-15-87
Page 4
Table 1: Local Area Network Configuration Required Components
No | Description
(Part
(Vendor (Number |Price|Qty|Total (Notes
1|PC Token Ring Adapter
2 (PC TRN Adapter Cable
3 (Data Connector
4 j Data Connector Faceplate
5 (Multistation Access Unit
6 | Distribution Rack 72"
7 j Distribution Panel
8 (Grounding kit for Panel
9 (Component Housing
10 j Shielded twisted-pair wire
11 (Patch Cable - 8' (MAU panel)
12 (Epson Equity III+ Server PC
13 (CXI PCOX/Gateway 16
14 j Identification Labels
15 j Location Chart
16 (Data Test Plug
17 (Advanced Netware 286
18 (dBase III Plus upgrade
19 j dBase III Plus LANpack
20 | TRN HW Maint. & Serv. Manual
| IBM (63391001 452 1
| Anixter |8892 51 | 35|
j Anixter (07584 9 | 9)
| Anixter (07 5852 j 3|
| IBM (6091014 j 429 |
| Anixter (050032 | 210 |
j Anixter j 07 5 8 57 j 206|
| Anixter (075861 | 7)
| IBM (6091078) 64 |
| Anixter j (below) j 274 j
| IBM (86425511 34 |
| FDC j 10010 I2.9Q5I
| TSI |
j Anixter J 075869
| Anixter (075868
| Anixter (079627
(Novell |
I TSI |
I TSI |
1 IBM (Z270024
|1,704|
1 20|
5)
1 34)
U, 954|
851
i **•* i
612
1 0|
40|
39 |
39)
39 |
8|
2|
2)
2|
3|
48|
i
•*• I
H
H
4|
11
1
2
* i
11
18,080) 3
1,365) 7,10
351| 7,10
117) 7,10
3,432) 3
420J 3,7
412) 3,7
14) 3,7
64) 3,9
822 | 8
1,632| 6
1,704|
20) 7
5 j 7
136 (-7, 11
1,954(^4
85 | 2,5
1224 1 9 <»
, **•» | & , o
0|
TOTAL =>
$34,832)
Table 2: Manuals recommended for an IBM Token Ring Installation with
DESCRIPTION
Part
(Vendor (Number |Price|Qty|Total|Notes
IBM Token-Ring Local Area i
Network Introduction and
Planning Guide
IBM Token Ring Network
Installation Guide
IBM Token-Ring Network
Administrator's Guide
IBM Token-Ring Network
Problem Determination Kit
IBM Local Area Network (LAN)
Cabling System Planning and
Installation Guide
IBM
IBM
IBM
IBM
GA27-3677
GA27-3678
GA27-3748
SX27-3710
IBM IGA27-3361
Netware User's Guide, Vol.1 (Novell j
i
i
1
17
— i
j
1
16)
1
j
i
7
• 1
j
60
1
i
i
13
I
20)
i
1
11
* i
i
1
1
— i
j
I
11
* i
l
i
1)
^ 1
j
I
j
l
1
• 1
i
1
171
•* • l
I
1
161
O.W |
1
1
71
' 1
j
601
WW |
1
1
1
1
13 1
200) 4
TOTAL
$313
-------�
NDPD-TRN 6-15-87
Page 5
(Assumptions and Notes)
1. No installation costs are included.
2. TSI, Technology Services Incorporated, is a firm specializing
in providing PC hardware and software to the government on a
mail order basis. They have a GSA schedule and usually
favorable pricing. They carry products such as the Ashton-
Tate dBASE ill* LANpack software. TSI's phone number is FTS
202-631-1177 (Commercial area code - 703). Their address is
14130-B Sullyfield Circle, Chantilly, VA 22021.
3. Each user and server PC requires a token ring adapter. Each
MAU supports 8 device adapters and therefore a minimum of 5
are required for this pilot of 36 systems. The NDPD LAN will
use 7 in order to allow for redundancy and expansion. The
component housing will be used in A207, where a rack will not
be installed. The distribution rack and panel are recommended
as it is easier to administer the LAN with these components.
4. Netware comes with one set of manuals. Volume 1 of the User's
guide is the only manual that all users need access to. The
actual number of manuals required must be determined by the
NOPO users.
5. Only the file server needs dBase III Plus and with the LANpack
a total of five concurrent users are supported.
6. Patch cables will be needed in two locations: from the wall
plates to each attached PC, and from the twisted-pair
termination panels to the MAUs in each wiring concentrator.
Patch cables are required to connect MAUs. IBM sells longer
patch cables for applications which may require them.
7. Anixter is a supplier of IBM Cabling System components. IBM
does not supply many of the components of the IBM Cabling
System. Anixter has an office in Morrisville, North Carolina.
Their phone number is 919-469-8303, and Gray Durham is a
contact person.
8. The shielded dual twisted-pair wire available from Anixter
meets IBM specification 4716748 (non-plenum, PVC jacket) and
is part number 317-036-2202-IBM, with a cost of $274/1000 ft.
The plenum cable with teflon jacket meeting IBM specification
4716749 is Anixter part number 325-023-2202-IBM, with a cost
of $868/1000 ft. Any length may be ordered at these prices.
Table 3 demonstrates a need for 2,955 feet of the wire. We
presently have 500 feet on hand, thus the order for an
additional 3,000 feet to allow for waste during installation.
9. The MAU located on the 2nd floor will not be rack-mounted, but
rather will be installed in the component housing supplied by
-------�
NDPD-TRN 6-15-87
Page 6
IBM.
10. Each PC attached to the network, except those in room A209,
will be connected via the PC adapter cable running from the
token-ring adapter in the computer to the wall-mounted data
connector. This cable is 6 feet in length. The patch cords
discussed in Note 6 above can be used to extend this cable if
required for a particular office. The connector on the PC
adapter is a 9-pin "D" connector, as opposed to the TRN data
connector found on the patch cables.
11. The Data Test Plug is required for testing the cables. Four
have been ordered in order to facilitate the testing process.
12. The CXI Gateway will support up to 16 sessions. As priced, we
£E?«.?r°VJd*2 f?r * license for the minimum 8 user stations.
Additional stations can be added up to a total of 16
CABLING STTMMAPY
£K ?T rd f^°°r ?ffices is attached to this document
™ v.f100r plan shows the approximate locations of the
ring and drop cables and possible locations for the wall outlets.
The cable runs are made in groups and under the corridors as much
as possible in order to facilitate maintenance of the wiring.
Communications hardware specialists should be consulted to
determine if there is any concern about crosstalk with existing
cables beneath the corridors.
The suggested locations for the wall plates reflect current
office setups. The EPA Project Officer should poll the staff
members to determine if the proposed locations are suitable.
Should alternate locations be agreed to, each new position should
be measured to determine if additional drop cabling will be
required. Flexible patch cables in lengths up to 30 feet are
available from IBM, so that a future office rearrangement will not
present a difficult reconnection problem.
**< Table 3 shows the office locations, the MAU to which each
office will be attached, and the approximate distance from the MAU
to the office's wall outlet. The distances indicated reflect the
height of the MAU and the wall plate above the floor, and the
height of the raised flooring above the concrete subfloor, uoon
which the cables will lie. These factors add an estimated 10 feet
to the actual lateral floor run for each cable, and this fact has
been taken into account for the amount of twisted-pair wiring to
order.
-------�
NDPD-TRN 6-15-87
Page 7
Table 3: NDPD Staff Locations and MAU Connections
Office
Staff Member
Approximate
MAU Cable Length
A301
A302
A303
A304
A305
A307
A309
A3 10
A3 12
A3 14
A324
A325
A326
A332
A333
A3 16
A318
A3 19
A320
A321
A322a
A322b
A323
A327
A329
A330
A331
A334
A335
A335
A336
A337
A341
A342
A343
A344
A345
A332
A209
A209
A207
Ted Harris
Maureen Johnson
Dennis Schur
Don Fulford
Sherry Birk
Billie Vick
Evelyn Sauerbier
Joan Bivins
John Coggin
Tom Clemmer
Tech Library
Ernie Watson
Wade Harris
Bruce Almich
Tom Rogers
Conference Room
Bob Denny
Jerry Slaymaker
Joan Swain
Tom Birk
Cotty Potter
Jean Murray
Don Worley
??
Small Conference Rbom
George LaForest
Walt Shackelford
Mickey Cline
Carolyn Chamblee (a)
Carolyn Chamblee (b)
Jon Clark
Bill Rackley
Jim Obenschain
Bob Lewis
Kathy Krizek
Aline Rolaff
Maurgerite Horton
AB MAU Connector
2nd Floor MAU Drop
John Shirey
Mike Gurkin
Testing Lab
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
B
B
B
. B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
A
C
C
C
45
50
60
70
90
100
90
65
40
35
60
70
80
70
85
95
95
90
95
65
70
85
85
70
60
65
70
70
60
60
45
30
40
65
75
60
55
120
100
0
0
0
(dual-cable run)
(dual-cable run)
(patch cords only)
(patch cords only)
(patch cords only)
Total Type 1 shielded twisted-pair wire: 2,955 feet
-------�
NDPD-TRN 6-15-87
Page 8
™«r,~ reflectf cabl« lengths for lobe drop cables and MAU
connector cables from wiring closets in Rooms A3 13 and A3 3 8 at
opposite corners of the 3rd floor office spaces of NDPD. These are
?Ji2nf 6St suited for installation of the racks for the
Presently a wiring closet for the telephone system.
rack may re9uire minor relocation of the
space vouid need to
TNSTAT.TATIQN
INSTALLATION SCHEDULE SUMMARY
Action «j Pre~ Responsible
° requisites staff
1. Funding approval NOW None
2. Order components !
3. Locate outlet boxes NOW None staff
4. install outlet boxes 23 ftaff'
Receipt Almich (TSRs)
_ connectors 4.5 ? .
7. Configure server 2 r>,a»v,i^
8. install/test workstation cards Receipt Unisys
9. Configure workstations 8 rh™vo«
10. Distribute user IDs 9 ChamhT*
11. User training seminar(s) 10
CONFIGURATION AND TNSTAT.TATION NOTES
o Access to A313 and A338, the wiring closets. Both are
locked. I'm not certain who has keys to A338, other than
General Services people.
o A contractor must be hired to install the outlet boxes
and then connect the wiring to the faceplate outlets. It
is assumed that Unisys/SDC will run the cabling, as
requested via an appropriate TSR.
o There is no gateway to the 3090 or the Prime computers
included in the installation described. It is assumed
that everyone requiring a connection to them has the
necessary hardware and software presently. Installation
of a gateway can be performed at any time.
-------�
(AMI)
209.25 so.rr
IfD MABBIt
(AJ04)
2«.o son.
OOMALO ruuom
off u
-------�
Ring Sequence Chart
Ring Number
cable from
on page _
I
Date
ef/2^7
(component)
(Iocatioo)
77
(component) Af 5/4 ^ 3/ P 3?>\
(loe«ion>
(component)
(location) A 3 13 ~
It
(oomponm)
OP - DettritHition Pcnel FP - Feeeplne
I9E • O'cllow) Crooovw Patch Catta Megntina Brat±at
OFP - Optical Ffear Patch Cabie SS - -—IT?[ana»
r.
T,
77
Page J_ of 2-
cableto
WM 9339 Muhaatkm Aceaaa Unft
OFRPTR - IBM t2H OpticeHRbeT Ra
B-6 IBM Token-Ring Network Introduction and Pluming Quid*
-------�
Ring Number
cable from
•
on page L
DP.Dtotata
Pj_Pweh CiMe
Ifiber
Ring Sequence Chart
f oat. 6-12-87
(component) M$AU, 3303
Creation)L*,*- 0i
7
IT
(component)
(location)
2301
(component)
(teeation)^^7
f
(component)
(location)
K
( component)
(location)
f
(component) t)P3ll
<>ocrton> A3Sft-3tl- Al
P&
(
(location)
Page.
of
f-
MB - OptM Fiber
SS
MSAU • IBM <228 Mudtoden
R^TM-IBM 8218
orarm -
Unfe
B-6 IBM Tokea-Riof Network Introduction and Plmnninf Quid*
-------�
Rack Inventory Chart
A 3/3
NSAR
MSAU
Wiring closet number
Rack number
Date
Planner's initials
Instructions
Fill put a Rack Inventory Chart for each
equipment rack.
1.
2.
Enter the wiring closet location
number, the equipment rack
identification number, and the
planner's initials.
Using the template for the
Rack Inventory Chart that came
with this manual, draw an outline
of each component that will be
installed in the rack.
The slots at the bottom of the
distribution panel tempate are
used only for the lowermost
distribution panel in a rack.
The slots indicate that there
are 38.1 mm (1-1/2 in.)
between that panel and the
next unit in the rack.
Write the unit identification
number on each component
on the chart
Example:
B-2 IBM Token-Ring Network Introduction and Planning Guide
-------�
Rack Inventory Chart
: • .
3IPI
fASAU
3102-
3103
Wiring closet number
Rack number
Date
Planner's initials
Instructions
Fill put a Rack Inventory Chart for each
equipment rack.
' *
2.
3.
Enter the wiring closet location
number, the equipment rack
identification number, and the
planner's initials.
Using the template for the
Rack Inventory Chart that came
with this manual, draw an outline
of each component that will be
installed ii'i the rack.
The slots at the bottom of the
distribution panel tempate are
used only for the lowermost
distribution panel in a rack.
The slots indicate that there
are 38.1 mm (1-1/2 in.)
between that panel and the
next unit in the rack.
Write the unit identification
number on each component
on the chart
Example:
B-2 IBM Token-Ring Network Introduction and Planning Guide
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit
Number
Building.
Location
Rack-mounted
Wall-mounted
Ring
Section 2 Receptacle Connections
Receptacle
6
6
8
Connect to:
A&&
3/y-
44
5/1
A6
311*
AS38
AS38-
A?
Device
Section 3 Ring Connections
A. Connect RI of this 8228 to: DP &U ~ A 2-
B. Connect RO^f this 8228 to: M5A14 ~ 3fO ?-
Appendix B. Pluming Form* B-3
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit lln'L, Building ffftfc
Number JtQT^ Location ***
Rack-mounted ET
Wall-mounted D
Section 2 Receptacle Connections
Receptacle
6
8
Connect to:
5/X-
er
3*1-
M38-
in-
C7
Vff
Device
A527
A334-
Section 3 Ring Connections
A. Connect Rl of this 8228 to:
B. Connect RO $1 this 8228 to:
3101
3/03
Appendix B. Flanaiaf Pom* B-3
-------�
IBM 8228 Cabling Chart
Date
'87
Section 1 Identification
Unit o j -3 Building -£K£~ . ,.
Number *(" ^ \ fKjfT'on A33&
Section 2 Receptacle Connection*
Receptacle 1234
AJty" AW8~ A^^f" A?5
Connect to: ?//- ///— 3'/- 3I^/-
P6 P7 ^"4 £"f
n . fi&St> A356 A 33? A5
Device
•
*
Section 3 Ring Connections
A. Connect Rl of this 8228 to: 3/OZ
B. Connaet RO *f this 8228 to: 2>P~ 3// ~
Rack- mounted
Wall-mounted
6 B
ft' A?35- A?38~
3it- 3V-
r e& £7
41 A342 A343
A/ fSo 7>f32
tf
Q Rm(
"•
7
3H-
F4
A34 +
1)
i
1 — 1 —
8
l*£r
A**
t
\
•1
Appendix B. Planning Form* B-3
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit
Number
Building-
Location All*
Rack-mounted Ud D.
Wall-mounted D Rl"8
Section 2 Receptacle Connections
Receptacle
8
Connect to:
43/3-
A4
fif
A?
Device
A30I
WL
A203
A3o+
A3of
*3o?
Section 3 Ring Connections
A. Connect Rl of this 8228 to: T)P~ 32/~ At (fa**
B. Connect R0$f this 8228 to:
Appendix B. Planning Form* B-3
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit
Number
Building f-ajw-
Location A 3 13
Rack-mounted \S R.
Wall-mounted D 9
Section 2 Receptacle Connections
Receptacle
Connect to:
1
m-
Bt>
2
AM-
w~
87
3
*$:
C +
4
A*}-
C5
5
w*
c&
6
«*:
C7
7
8
Device
w
A3/o
A3t2.
A3I+
&5&
AH*
Section 3 Ring Connections
A. Connect Rl of this 8228 to:
B. Connect RO $f this 8228 to:
Appendix B. Planning Forma B-3
-------�
IBM 8228 Cabling Chart
Date
Section 1 Identification
Unit JlffSdt Building
Number **W
Rack-mounted
Wall-mounted
Section 2 Receptacle Connections
Receptacle
Connect to:
1
r&
2
P30
3
AZof-
4
A209-
5
6
7
8
Device
Z/Ai-
PC*
SIM-
PC.
*&•
PC.
&
Section 3 Ring Connections
A. Connect Rl of this 8228 to: 2301" VP'321
B. Connect RO of this 8228 to:
Appendix B. Planning Forms B-3
-------�
Physical Location to Adapter Address
Locator Chart
Device '
Identification
B-8 IBM Token-Ring Network Introduction and Pl«anin» Guid*
-------�
Physical Location to Adapter Address
Locator Chart
Physical
Location
A 324
Adapter
Address
A 32 5"
A 326
A327
A 329
A330
A337
A34I
A344-
Device
Identification
A-331
A33Z
A 333
A 334-
.
Ring
Number
/
IBM 8228
Unit No.
3292.
B-8 IBM Token-Ring Network Introduction and PUaninf Guid*
-------�
Physical Location to Adapter Address
Locator Chart
Physical
Location
Adapter
Address
Device
Identification
Ring
Number
IBM 8228
Unit No.
3/03
2ioo
A2o7fc
Z/cr
2 id
A20<}1>
B-8 IBM Token-Ring Network Introduction and Planning Guide
-------�
Adapter Address to Physical Location
Locator Chart
Adapter
Address
Physical
Location
Device
Identification
Ring
Number
IBM 8228
Unit No.
Appendix B. Planning Forma B-9
-------�
Network Ordering Worksheet
1
1. Rack-mounted IBM 8228 Multistation Access Units
2. Wall-mounted IBM 8228 Multistation Access Units
Tnfal Miimhar nt IBM 8228 Multistation ACCBftS Unit*
(P/N 6091014)
3. Rack-mounted IBM 8218 Copper Repeaters
4. Wall-mounted IBM 8218 Copper Repeaters
Total Number of IBM 8218 Copper Repeater* (P/N 6339532)
•
5. Rack-mounted IBM 821 9 Optical Fiber Repeaters
6. Wall-mounted IBM 8219 Optical Fiber Repeaters
Total Number of IBM 8219 Optical Fiber Repeater*
(P/N 6339535)
7. 8-foot Patch Cables (for lobes)
8. 8-foot Patch Cables (for main ring path)
9. Spare 8-foot Patch Cables
Total Number of 8-foot Patch Cables (P/N 8642551)
10. 30-foot Patch Cables (for lobes)
1 1 . 30-foot Patch Cables (for main ring path)
1 2. Spare 30-foot Patch Cables
Total Number of 30-foot Patch Cables (P/N 8642552)
1 3. 75-foot Patch Cables (for lobes)
14. 75-foot Patch Cables (for main ring path)
15. Spare 75-foot Patch Cables
Total Number of 75-foot Patch Cables (P/N 6339134)
16. 150-foot Patch Cables (for lobes)
17. 150-foot Patch Cables (for main ring path)
18. Spare 1 50-foot Patch Cables
Total Number of 160-foot Patch Cables (P/N 6339135)
20. Spare Crossover Patch Cables
Total Number of Crossover Patch Cables
(IBM Specification 6339137)
£
/
rr
f
•
0
?
*e>
&
•2-
4f>>
1
0
1
z
0
¥
0
B-10 IBM Token-Ring Network Introduction and Planning Guide
-------�
21. Optical Fiber BNC-to-Biconic Patch Cables
22. Spare Optical Fiber BNC-to-Biconic Patch Cables
Total Number of Optical Fiber BNC-to-Biconic Patch Cables ~*
(IBM Specification 6165811)
23. 8-foot Optical Fiber Biconic-to-Biconic Patch Cables
24. Spare 8-foot Optical Fiber Biconic-to-Biconic Patch Cables
Total Number of 8-foot Optical Fiber Biconic-to-Biconic Patch
Cables (IBM Specification 6165812)
•
25. 45-foot Optical Fiber Biconic-to-Biconic Patch Cables
26. Spare 45-foot Optical Fiber Biconic-to-Biconic Patch Cables '
Total Number of 45-foot Optical Fiber Biconic-to-Biconic Patch
Cables (IBM Specification 6825813)
27. Optical Fiber Dual Socket Mounting Clips (IBM Specification 6165847)
28. Component Housings
(one for each wall-mounted IBM 8228) (P/N 6091078)
29. Surface Mounting Brackets
(one for each wall-mounted IBM 8218 or 8219) (P/N 6339140)
30. Rack Mounting Assembly (one for each seven rack-mounted
IBM 821 8 or 821 9) (P/N 9339139)
31. IBM Token- Ring Network PC Adapter Kits (P/N 6339100)
32. IBM Token-Ring Network PC Adapter II Kits (P/N 67X0438)
33. PC Adapter Cables (P/N 6339088)
34. IBM Token-Ring Network Manager (P/N 6476046)
35. IBM Token-Ring Hardware Maintenance and Service (P/N 6465880)
36. IBM Token-Ring Network Bridge Installation Kit (includes two adapter Us,
diagnostic and bridge software) (P/N 6476041)
37. IBM Token- Ring Network Bridge Program (software only)
(P/N 6403831)
-------�
ADDENDUM TO NDPD LAN PLAN DATED 6-15-87
DECEMBER 20, 1987
THIS ADDENDUM PROVIDES "AS-BUILT" INFORMATION FOR THE TOKEN-RlNG
LOCAL AREA NETWORK INSTALLED IN THE OFFICES OF THE NATIONAL DATA
PROCESSING DIVISION. MAJOR CHANGES INCLUDE:
o FLOOR PLANS INDICATE THE ACTUAL ROUTING OF THE TEFLON-
COATED TYPE I CABLE INSTALLED BENEATH THE RAISED FLOORING
AT NDPD.
o CABLING (AND SYSTEMS) HAVE BEEN INSTALLED WITHIN THE
UNISYS SPACES ON THE 2ND AND 3RD FLOORS OF THE A-WING OF
THE ERC, IN ACCORDANCE WITH THE RECOMMENDED EXPANSIONS OF
THE JUNE MEMO.
O MAUS WERE INSTALLED IN GROUPS BENEATH THE FLOORS FOR TWO
PURPOSES:
- TO SHORTEN THE OVERALL RING LENGTH
- BECAUSE SPACE IN AND ACCESS TO THE PROPOSED WIRING
CLOSETS WERE BOTH LIMITED AND PROBLEMMATIC.
0 IN ACCORDANCE WITH THE REQUIREMENTS OF THE LAN TSR
PROCESS, STEVE STONEMAN HAS BEEN IDENTIFIED AS THE LAN
ADMINISTRATOR FOR THE NDPD LAN. BRIAN AUSTIN is HIS
BACKUP. BOTH HAVE ATTENDED THE NOVELL. "SYSTEMS AND
SUPPORT" COURSE IN PROVO, UTAH. IN ADDITION TO SERVING
AS THE LAN ADMINISTRATORS, BOTH ARE ON THE UNISYS
NATIONAL LAN SUPPORT STAFF.
o AN IBM PS/2 MODEL 80 LAN SERVER, ORDERED FROM THE SNA
CONTRACT, HAS BEEN SET UP AS THE FILE SERVER FOR THE
SYSTEM. A 115MB HARD DISK HAS BEEN ORDERED TO SUPPLEMENT
ITS 70MB DRIVE. AN HP LASERJET 500 WILL BE ATTACHED AS
PRINTER 0 AND LOCATED IN THE NDPD MAILBOX AREA ON THE
THIRD FLOOR.
o ACCOMPANYING PLANNING CHECKLISTS IDENTIFY THE USERS WHO
WILL BE ATTACHED TO THE LAN AND DEMONSTRATE MANY OF THE
PLANNING CONCEPTS DISCUSSED IN THE TEXT OF THE LAN
GUIDELINES.
-------�
IK'\
itt&V* Mi/wfrf/
In-
stall
ROOM Staff Noter Oat*
System Space*:
1§t Floor Cooputtr ROOB
Ml* S«rv*r 1 87
Fil* Server 2 Futur*
Steve Stonann 87
• I*|*M AIM tit* 9CT
•rleVi AUVllrl Q*
T. Tracy Mow
network Control
HCF PC f 1 MOM
MCF PC 02 MOM
MCF PC n MOM
NCF PC M Now
CXI 3270 Gateway PC MOM
Novell ACS PC U
EPA Office*:
AVAf T«w4 U*iff*f»f «l U«MJ
AJUI ICQ nornv HOW
A302 Maureen Johnson MOM
A303 Dennis Schur Future
A304 Don Fulford Now
A303 Joan Blvtns 88
A307 Billie Vlek Now
A309 Sherry 81 rk Future
A310 Sherrie Jameson 88
A312 Becky Patrick Now
A3U Ton Cleaner Now
A316 Conference Roc* Future
A318e Barbara Dagger Now
A3186 Jean Murray Now
A319 Jerry Slsynsker Now
A320 Joan Swain Futur*
A321 Tom 1 irk Now
A322a Cotty Potter Now
A3226 John Coggln Future
A323 Don Uorley Now
A32& Jcdin Shirav U|Wv
XT
XT
Epson
Pri«*
XT
3279
XT
AT
AT
Epson
AT
Epson
Spec
AT
Epson
Epson
Epson
Approx
Lob*
NAU Length
24
26
22
rf
mf
U
2
2
2
2
2
2
5«
3*
5 35
S 38
5 37
10 53
10 39
9 25
5 29
4 11
4 23
9 20
9 23
10 20
10 24
10 22
10 19
18
13
24
if
^ •
34
35
25
26
24
15
32
29
22
99
££
20
26
40
38
31
52
48
7 56
11 40
12 17
11 17
11 22
11 20
11 31
12 38
12 38
11 20
12 55
Applications needs:
D
•
W S N
XXX
X X
X X
X X
X
X X
X X
X
X
X X
XXX
X X
X X
XXX
XXX
X
X
X X
XXX
X
XXX
X
X X
X X
X X
X
X
X
XXX
E A Hosts: F
N S 3 P 0
1 M 9 N I A U A M
XXX
X X
X X
X
X
X
XX X XXX
XX X XXX
X
X
X
X
X
X
X
X X
X
X
X X
X X
XX X
X X
X
X
X
X X
XX X
XX X
X X
XX XX
XXX
XX X
XX X
X X
X X
XX XXX
XX XX
XXX
X X
XXX
XXX
X X
X X
X X
X X
X X
X X
X X
X X
X X
XXX XXXXX
G P 0
R R T
P G E
XXX
Xw
A
XXX
XXX
X X
X X
X
XXX
X
X
XXX
X X
X X
X 8
-------�
UDRKSTATION CONFIGURATION INFORMATION
EPA LAN PLANNING CHECKLIST • 2
ORGANIZATION: • VIS7"L>
BATE; /«g-/-/37
CONFIGURATION / USER NAME:
Personal computer vendor ft
DOS Version f:
Video Adapter(s):
^^^ PvA MonocnroMV
CCA Color/graphic*
^X EGA Enhanced graphics
Hercules
Ef>$»fl
l:
Epson
.3* 2*-
NCCAdBM PS/2 Nodtl 30)
VGA (PS/2 Nodtl 50/60/80)
Othcrt
KCtss Mory (RAM):
X 640Kb 512Kb 256Kb Kb
Mb EMS (Lotus/Intel/MfcroSoft txpwvfed •anory)
Mb Extended (•ddrmsed abovt XMOOOO')
Monltor(s)t
M^^p^fc^^
^^^ MOnOC
Color
X-
Multisync
Others
Disk itorege:
Floppy disks: 5. 25 -/360Kb 5.2SV1.2Mb 3.5"/720Kb 3.5-/1
A: _ .X _ _
~
, _
Herd Oisk(s): C: drive 3O_ Mb
0: drive _ Kb
Additions! drive(s):
Bernoulli drives: _
Other (specify):
10*10
20*20
Nuifcer of Ports: Serial (RS-232C)
Parallel Printer
Peripheral
Manufacturer
Model *
CspacIty/Speed/Etc.
Mb
Tape Backup
Printer
Mouse
baud
Workstation Software Package
Publisher
Version
word Processing
Integrated Spreadsheet
Data Base Manay merit
Async. Ca»icat1ons Cfextbll Xtfl
+0
f
/•I
3*61
-------�
IMPLEMENTATION OBJECTIVES
EPA LAN PLANNING CHECKLIST - 3/1
ORGANIZATION:
DATE: /O-/-67
1. What It the objective you wish to acconpllsh with the Installation of thU LAN7
2.
Quantities of personal computers and terminals do you have fn place and planned?
NOW NEXT ft W/IN 3 TRS
PC* •
PC/XT
PC/AT-co*Mtfbl«
Colu^lts (not LAN<
Macintosh Plu»/SE/II
Ltxltrons
Othtr
3278/79 tcrainal*
Prioe Terainals
VT 100/200 DEC VAX Ttralruls
to
3. Wh«t fona of infonmtlon •hiring/distribution do you roquiro? Indicatt nu^tr of user* requiring access to tach rnourc*
Conmctlvity
E-Mail
Other Async Hosts
NDPO Mainframe
Regional LMF
PriM
Laboratory VAX
Other LANs
Resource sharing
Laser printer
Plotter
CD-RON reference
Other high-cost
Data sharing
TOTAL
IMMEDIATE .......
SIMULTANEOUS
FUTURE
NO
Local sultl-user data base
Local eultl-user spreadsheet
Local scheduling/project sent
national application database
&raoh if f
•gfl.
LPC-3/1
-------�
IMPLEMENTATION OBJECTIVES
EPA LAN PLANNING CHECKLIST - 3/2
4. ttiat PC application* aofttare do you need to chare?
-— NLMBEI Of USERS
TOTAL SIMULTANEOUS
Uord ProcMBtng
Spreadsheet
Data la»e Management Syati
Graphic* Preparation
Project Management
FOCUS
SAS
Natural Connection
/fr
IQ
5. What alternative* have you evaluated?
Mo (mediate Need TES ^ NO
Prime Office automation YES S NO
VAX terninal* YES */ NO
3270 tenainala for aainfrm YES r NO
LPC-3/JL
-------�
APPLICATIONS
EPA LAN PLANMIHC CHECKLIST - 4
ORGANIZATION:
DATE:
JOB DESCRIPTION
PACKAGE
USERS (GROUPS)
4. O
RFP
~Ekb Use
"D/tfrihuticn
XDP0M
LPC-4
-------�
APPLICATIONS SOFTWARE WORKSHEET
EPA LAN PLANNING CHECKLIST • 5/1
ORGANIZATION:
DATE:
Program Nam:
Vendor:
Alt* TET +
Version:
WoricstBtion Requirements;
Nfcroco»puter: }£__ PC/AT-coppetibl«
DOS Version: Lowntt 2. • \
Display ft Adapter:
Apple Macintosh SE/I I
ry (RAM): Required
256Kb
512 Kb
640 Kb
Kb
EMS expanded Mb */*r KflUgfP
Extended Mb MOT unutr»
Rec
Acceptable
Disk storage: (Indicate Required/Recannended/Acceptable as
applicable for each)
Floppy disk A: 5.25"/1.»b
3.5"/720Kb
Floppy disk B: 5.25"/1.»b *
3.5"/720Kb \
Hard Disk(s):
C: drive l& Mb
D: drive */ Mb
Additional drivc(s):
S.ZS-/360Kb
3.5"/1.UMb
S.Z3V360Kb
BemoulU drives: 10*10 _ 20*20
Other (specify): e»**y 3fa**~4t«-t
DOS
RecoRnended CONFIG.SYS parameters:
FILES » _2£
BUFFERS • l&
DEVICE » AM-
Printers Scpportad: (Manufacturer and Nodal i's as appropriate for your systea)
Other rsqulred/supported peripherals:
LPC-5/1
-------�
APPLICATIONS SOFTWARE WORKSHEET
EPA LAN PLANN1HC CHECKLIST - 5/2
Prograsi Mm: Jfatt Tlf + Version: A/
Server Requirement!:
Dedicated Servers Reojjlred »sfcsMiiieJ * tfo
•cent •Mory:
Shared Marys ^ Kb
Un»h«red •Bfjs ^ Kb
Disk storage:
Shared read-only: t°& Kb
Shared read/write: ^^__ Kb
Unshared read-only: __^_ Kb
Unshared read/writes ____ Kb
Muter of files used:
Program and configuration files: /^*
Files per user application: U*/i~,'/t4
Printers:
FORMS DEMAND (X of Capacity)
P1
n
P3
P4
P5
Other shared peripherals:
Modem:
Plotter: »JO
Others:
LPC-5/Z
-------�
3RD FLOOR ERC BLDG ( 78-WING )
-------�
DRAFT
3RD FLOOR A-WING ( 8 —/ING) OF E.R.C, BLDG
-------�
SECOND FLOOR SYSTEMS AREA (A-260) ('81 WING )
-------�
! ICOMMCN.IIMU
A200 - A237 WING ("74 WING SECOND FLOOR)
-------�
SECOND FLOOR COMPUTER ROOM (A-240) f'78 WING )
-------�
VA/'
SUPPLY & HARDWARE STAGING ROOM
CJiLLLJJ
srhH
PRINT ROOM
COMMUNICATION SUPPORT AREA
^^m
SS
I/O CONTROL ROOM
UPS ROOM
COMPUTER MAINFRAME AREA
FIRST FLOOR COMPUTER ROOM (A140) ('78 WING )
-------�
Appendix I - Region 4 Site Survey
-------�
SITE SURVEY TECHNICAL EVALUATION
FOR THE
EPA REGION 4
SUPERFUND LOCAL AREA NETWORK
PROJECT
CRC PROJECT NO.: 8450.106
Presented to:
Environmental Protection Agency
Region 4
345 Courtland Si, N.E.
Atlanta. Borgia 30365
Prepared by:
CRC Systems, Inc.
11242 Waples Mill Road
Fairfax, Virginia 22303
(703)359-9400
June 16,1987
&EPA
TIM Sytttmi SpicMlttt
-------�
The Systems Specialists
CflC Systems Incorporated
11242 Waples Mill Road, Fairfax, Virginia 22030
(703) 359-9400
June 16,1987
Mr. Jack Sweeney
Branch Chief for
Information Resource Management
Environmental Protection Agency
Region 4
345 CourtlandSt., N.E.
Atlanta, Georgia 30365
Super fund LAN On-site Survey
Dear Mr^S^eeney:
Please find enclosed four copies of the results of CRC
System s June 2 and 3, 2987 on-site engineering survey. This document details
the conditions found in the Region 4 building where the Super fund LAN
project is to be installed.
We sincerely appreciate the time and effort of your staff in
assisting our efforts. Their cooperation was invaluable. If you have any
questions, please feel free to contact me or Drew Nowak at the number above.
Sincerely,
Aichard E. Carlson
' Director, Distributed Networks
Division
REC/dn
-------�
TABLE OF CONTENTS
SECTION DESCRIPTION PAGE
TASK DESCRIPTION
1.1
1.2 PURPOSE
2.2 ON-SITE SYSTEMS SURVEY
3.1 GENERAL Disnifisinisj
4.1 POWER DISTRIBUTION STUDY
POWER PROTECTION EQUIPMENT
43 TRANS5nSSION MEDIA ._
M
TECHNICAL EVALUATION PROCEDURES __ 2-1
2.1 LAN DOCUMENTATION _ _
2 J PERSONNEL BRIEFING ___ 2-6
TECHNICAL EVALUATION FINDINGS— _ 3.1
POV^TR SYSTEM ANALYSIS _ _ 3.2
3J TRANSMISSION MEDIA ANALYSIS _ ,3.3
3^ INDIVIDUAL WORKSTATIONS ANALYSIS _ M
RECOMMENDATIONS _ ___ _
-------�
TABLE OF CONTENTS
SECTION DESCRIPTION PAGE
4.4 SUMMARY
-------�
LIST OF EXHIBITS
EXHIBIT DESCRIPTION PAGE
EXHIBIT 2-1
REGION 4 GROUND FLOOR PLAN 2-2
EXHIBIT 2-2
REGION 4 FIRST FLOOR PLAN 2-3
EXHIBIT 2-3
REGION 4 SECOND FLOOR PLAN 2-4
-------�
CRC-EPA-4450.106
SECTION 1
TASK DESCRIPTION
U GENERAL
CRC Systems, Inc. is under task with the Environmental Protection
Agency (EPA) - Region 4 to design and configure a Local Area Network (LAN) for
installation in the EPA Region 4 Superfund Project offices. The LAN is to consist of
an IBM Token Ring using Novell Netware and file servers. The network will
connect 13 PCs (including 2 file servers), a gateway to an IBM 3090 mainframe, and
an asynchronous gateway using a dedicated PC
L2 PURPOSE
The first step of this task is performing a subtask to verify the
preparations made for the LAN at the EPA site. This subtask, called a technical
evaluation, consists of the following step:
o Examining available LAN documentation;
o Performing a two-day engineering site survey; and
o Briefing EPA on the state of the site.
The main feature of this subtask is the engineering site survey. The
engineering site survey is a technical evaluation conducted on-site that examines
power supplies, operating environment, transmission media, and overall plan. This
document is a report of the findings of this subtask - the technical evaluation.
1-1
-------�
CRC-EPA-8450.106
SECTION 2
TECHNICAL EVALUATION PROCEDURES
Three steps were performed in this subtask, as mentioned in Section 1.
2.1 LAN DOCUMENTATION
Two documents were obtained from EPA Region 4 personnel They
included:
o Complete floor plans, showing the proposed locations of the
LAN workstations; and
o IBM Token-Ring Network/ Telephone Twisted-Pair Media
Guide.
The floor plans are shown as Exhibits 2-1 through 2-3. They indicate
11 LAN workstation locations. This includes 10 user workstations and 1 system
administrator workstation. The 11 locations are distributed throughout the ground,
first, and second floors. The numbering of the workstations as shown on the floor
plans will be used throughout this document. The computer room where the two file
servers will be located is on the ground floor.
2.2 ON-SITE SYSTEMS SURVEY
CRC Systems engineers performed a technical evaluation, at each
workstation location, as well as two alternative locations, including the computer
room. The workstation locations were examined f on
o Commercial and/or conditioned power sources;
o Quality of the transmission media to be used on the LAN;
o Environmental conditioning;
o Interviews with key personnel; and
o Overall site plan.
2-1
-------�
CRC-EPA-*450.106
ft. TOYMI*
N. MAKSM
0. KLUCSNE*
113
E
ter.
At HAMKC .
G.
K. DAO
A. DAVIS
P. AMOCKtOM
REGION 4 GROUND FLOOR PLAN
EXHmiT2-l
2-2
-------�
CRC-EPA-S450.106
LJ Woco Pcoctc=. UMIT
1^1 WP UMir OK LAN
UW.T Ow LAM
tcy
SSL
Q
v.
<••—«»•». &T|
s: *•*•>'' I
m?
*• Jorr I
fr —^* I
tr,*f-**fr) I
r
F
^•C
W.
•
a. **•**+
. -/
iJ
luacrci
HA CeTi
•«|T •«!€•
REGION 4 FIRST FLOOR PLAN
EXHIBIT 2-2
2-3
-------�
CRC-EPA-8450.106
7. WIAVI.
8. SXAVC*
me.
s®
X Y
PIU.
^.
EM*.
EM*.
A»MIM,
f. BAIWITT
C. WAlftCM
'**.
C3C
CSC
PKC.
. Moiw.il
*.. CA«A.T.«
0. MA— ,.^
CMF.
(VA^AWT)
P. Or*iu
"v®
t.»««.-
coc
S. &AKOMCJL
'**•
*""»*
CM*.
C. TACU.M
ADMIX.
A. Si-lvcuS
ADMIW.
« Cot*
C. Ovu
'KM.
C.
(Mm
L. STACT
*.. TbWKBAM
C.
C.
5". "
Ovr.tc
a
REGION 4 SECOND FLOOR PLAN
EXHIBIT 2-3
2-4
-------�
CRC-EPA-8450.106
The on-site engineering survey plan used for Region 4 by CRC
Systems engineers is in complete accordance with the preinstallation portion of the
guidelines established in Appendix B of the IBM Token Ring Telephone Twisted-.
Pair Media Guide. These guidelines describe:
o Power line tests;
o Telephone wire safety, ground, and resistance tests; and
o Telephone wire characteristics.
Of primary concern during the on-site survey were the following areas:
o Any presence of alternating current (AC) on the twisted-pair
wmng; *
o Common Mode Noise (CMN) occurring between the hot and
ground and/or neutral and ground, which influences highly
susceptible switching power supplies in computers; and
-
(Mpr
tp
° Xerifi^fc£x°/ P.r°P" grounding, as per National Electrical
Code (NEC) Article 250, to provide a low impedance path for
load and fault currents to return to the transformer neutral. A
computer system requires a zero voltage reference to operate its
logic circuits. Any voltage above zero on this reference can
introduce false signals and create logic errors in the system.
To perform the power and transmission media testing, the following
equipment was used:
° ECOS 1023 Power Analyzer; $100.
o ECOS 7106 Ground/Circuit Tester,
o Hewlett/Packard Digital Multimeter;
o IBM Analog Multimeter, and
o Amperage Tester.
PERSONNEL BRIEFING
- On the last day of the on-site survey, CRC Systems engineers briefed
EPA personnel from Region 4 and RTP on the results of the survey. The lurvey
results that were discussed are contained in Section 3. The EPA personnel included:
2-5
-------�
CRC-EPA-8450.106
o Jack Sweeney;
o . Randall Davis;
o Carolyn Chamblee (RTF); and
o Paul Vincent (SDC).
2-6
-------�
CRC-EPA-8450.106
SECTIONS
TECHNICAL EVALUATION FINDINGS
The technical evaluation performed essentially two functions:
o A checfc of the commercial power sources supplied to the
workstation locations; and
o An evaluation of the unshielded twisted-pair wiring to be used as
the LAN transmission media.
3.1 GENERAL DISCUSSION
The general condition of the preparations made by Region 4
personnel for the LAN is excellent. Considerable effort has been put forth by key
personnel to create a suitable operating environment. The following personnel are
commended on their efforts for maintaining a professional environment and for
their assistance during this project:
o Rick SheckeD;
o John Keefer, and
o RickyFelton.
Mr. Keefer, as the LAN system administrator, is highly motivated in
achieving a successful LAN implementation. Mr. Felton completed a highly
professional installation of the unshielded twisted-pair wiring to be used for the
LAN.
The history of (he EPA Region 4 headquarters does not indicate
system or persistent hardware problems. However, in discussion with a number of
personnel in both the information management and user community, a consistency
existed in the opinion that they were experiencing power or power-related problems
occasionally, but have accepted these problems as "part of the environment"
- Although some power-related problems have occurred and been
noticed, no formalized study has been made to measure the effects of these
problems. Generally, they have not been severe enough to cause a major impact on
the operations of the Region 4 systems.
3-1
-------�
CRC-EPA-S450.106
3.2 POWER SYSTEM ANALYSIS
The commercial power supplied to Region 4 headquarters, including
the proposed LAN workstation locations, is generally unprotected or conditioned.
The computer room where the file servers are to be located has a Liebert power
transformer. In general, the following areas of concerns exist with the workstation
power supplies:
™t, *"?* 8upP]y CU*8) ejdsts tor data
protection, even in the computer room. Frequent
thunderstorms, causing power outages in the area, make this an
even more important concern. The l.iebert isolation
transtormer, in the computer room, only provides the proper
final utilization voltages. No useful energy ;b stored in it, §o no
extension of nde-through is provided by the Liebert during a
power input interruption. Ride-through energy storage requires
supplemental apparatus; M«««
™«tr^ta!!°nS*u re p,nmarily Powered from a daisy-chained feed
contained in the cubicle/partitioned system. The cubicle power
teed from floor risers, is unconditioned and highly susceptible to
electrically-induced noise interference; uw,epuwc «o
A general shortage of power receptacles, resulting in an
excessive use of extension cords;
A distribution problem exists throughout the entire building,
especially in the northwest corner of the second floor where
power supply characteristics found were unacceptable;
Use of fluorescent lighting, fans, typewriters, etc. in work areas
is introducing significant noise into the power supply; and
Use of power strips throughout the buildings for computer
equipment. These units only provide minimal surge protection.
They only contain one metal oxide varistor (MOV) and should
not be depended on for any significant surge/spike protection.
Also of concern is the habit of powering up 3l components from
the strips main power switch. Powering up all computer
components at the same time causes a potentially damarinff
current surge that may affect sensitive components. The initial
S«8ia?pe^s on ?e 8round M a raisedpotential and ultimately
affects the low-voltage direct current (DC) components. Alsa
*C0>mtOT O *' f°9m *****
3-2
-------�
CRC-EPA-8450.106
3.3 TRANSMISSION MEDIA ANALYSIS
The transmission media to be used for the Token-Ring LAN is
unshielded twisted-pair telephone wire. This wiring has been recently installed for
this purpose. In general, its installation is ideal Uninterrupted wiring runs are
strung between the Type 66 connection block in the computer room to each
individual workstation area. These runs are strung through telephone closets and
risers to reach their particular locations.
The unshielded twisted-pair wiring, as the name implies, is highly
susceptible to electrically-induced interference. The wiring was found to be
acceptable, except for one workstation location. Workstation #3 (telephone jack
#208), has a high, fluctuating reading that often exceeded 100 ohms. This indicates.
the contact along the twisted-pair run with an AC field, probable a high frequency
source such as a fluorescent lighting fixture.
3.4 INDIVIDUAL WORKSTATIONS ANALYSIS
The following breakdown summarizes the results of the site-survey at
each workstation, alternate workstation, and computer room. The workstations are
identified by the number given for it on the floor plans, as well as the number of the
telephone jack used for the twisted-pair.
Workstation #1 (Jack #57)
Power - Acceptable (Note: An adjacent cubicle which has its
power from a ceiling feed has a neutral-ground short)
Twisted-pair - Acceptable
Workstation #2 (Jack #6)
. Power-High 6.2 VAC CMN
Twisted-pair - Acceptable
Workstation #3 (Jack #208)
Power • No power
Twisted-pair - Very high and unacceptable impedance (CMN),
in excess of 100 ohms. *
Workstation #4 (Jack #224)
Power - Acceptable
Twisted-pair - Acceptable
3-3
-------�
CRC-EPA-8450.106
Workstation #5 (Jack #217)
Power - Acceptable
Twisted-pair - Slightly high impedance (CMN) at 21 ohms.
Workstation #6 (Jack #234)
Power-Acceptable
Twisted-pair - Acceptable
Workstation #7 (Jack #176)
Power - High 6 VAC impedance (CMN)
Twisted-pair - Acceptable
Workstation #8 (Jack #250)
Power - Acceptable
Twisted-pair - Not installed yet
Workstation #9 (Jack #143)
Power • Acceptable
Twisted-pair - Acceptable
Workstation #9A
Power - Open ground fault, faulty fixture.
Twisted-pair - None. .
Workstation #10 (Jack #127)
Power - High 6.2 VAC impedance (CMN) .
Twisted-pair - Acceptable
Workstation #11 (Jack #122)
Power - High 7.0 VAC impedance (CMN)
Twisted-pair - Acceptable
Workstation #11A
Power - Riser power, High 7.0 VAC CMN. Power strip power,
acceptable e *
Twisted-pair - None
Computer room and Type 66 Connection Block
Power-Liebert isolation transformer for computer components.
No UPS protection. Temporary power strip from commercial
power by Type 66 block has High 6.2 VACCMN.
Twisted-pair - All LAN twisted-pair runs terminate on Type 66
connection block. File servers will interface here. Acceptable.
3-4
-------�
CRC-EPA-8450.106
SECTION 4
RECOMMENDATIONS
Based on the technical evaluation of the Region 4 Headquarters, the
following recommendations are offered. These recommendations reflect a "total
system" approach to defining, isolating, and correcting system problems.
4.1 POWER DISTRIBUTION STUDY
A comprehensive power distribution study is required to properly plan
for the increasing requirements for electrical service throughout the Region 4
building. This is especially true in the microcomputer high density areas. The scope
of the power distribution study should include telecommunications, computer, and
other sensitive hardware environments. A significant goal of this study should be to
eliminate the excessive use of extension cords and power strips, circuit contention,
and noise interference problems. This study wfll take into account all power in the
building, ultimately enhancing the performance and reliability of the Superfund
LAN project To properly accomplish the power study, the following technical
requirements must be met:
o A load requirements study detailing the following:
• present circuit loads,
• high density load circuits, and
• equipment load requirements;
o An analysis of the existing power distribution system including:
- existing circuits,
• existing load requirements, and
• planned load requirements;
A critical/sensitive load analysis that wfll define those items of
due w ** tapoltance to
o A power monitoring and quality analysis with an events recorded
and analyzed. This session should be no longer than 5 working
OBYS.
4-1
-------�
CRC-EPA-S450.106
From the power distribution study, precise recommendations for.
improving the electrical environment of Region 4 should be provided: These
recommendations should include:
o New circuits requirements to meet load requirements;
o Computer-grade circuit specifications; and
o Load distribution plan.
42 POWER PROTECTION EQUIPMENT
Initial indications from the technical evaluation show that there is a
need for power protection, especially for the LAN file servers. Power protection
equipment includes, but is not limited to, unintemiptable power supplies (UPS),
voltage spike and surge suppressors, and transient noise protection devices.
Presently, the computer room only offers a Liebert isolation transformer system.
However, before specific power protection measures are
recommended, the results of the power distribution study must be evaluated and the
actual cause and effect relationships between power problems and equipment
performance must be isolated. In this manner, the measure of protection applied
will fit the actual problem. This is the most cost-effective way of accomplishing'
power protection.
4J TRANSMISSION MEDIA
The transmission media to be used for the LAN is unshielded twisted-
pair. This twisted-pair is generally acceptable for use on the LAN. Its inherent
limitations may affect future LAN workstation installations and performance.
Currently, the twisted-pair run to workstation #3 is unacceptable. The interference
measured on this particular run, caused by high-frequency AC, must be corrected. It
may be corrected by merely identifying the source of the high frequency interference
and relocating the wiring, or restringing the run with a length of shielded twisted-
pair. In the future, the use of unshielded twisted-pair in adding LAN workstations ?
will more than likely increase interference and performance problems. A LAN is a
4-2
-------�
CRC-EPA-8450.106
highly sensitive electrical network, reflecting interference and noise problems along
the entire network. It is recommended that all future LAN workstations locations
use shielded twisted-pair to minimize any interference, noise and subsequent
performance problems. It is also recommended that, if in the future, the original
unshielded twisted-pair workstation locations are found to be causing network
problems, that they be retrofit with shielded twisted-pair wiring.
SUMMARY
With one exception (a twisted-pair run), the current operational
environment is within acceptable tolerances for use of the Token-Ring LAN. The
interference experienced on the twisted-pair run to Workstation #3 must be
corrected. However, there are problems that do exist which may influence the
performance of the LAN. The most serious of these problems is the condition of
power supplied to the workstation areas. The Common Mode Noise measured at
several locations may cause that particular station or the entire LAN to fail. The
basis of the power problems is a lack of available electrical service to critical areas,
causing an extensive use of power strips and a severe contention for electrical
service. There are no computer-grade circuits for LAN workstations. Ideally,
NEMA 5-15 (IG) type receptacles and dedicated circuits with separate ground and
neutral should be installed for LAN workstations. From an operational standpoint,
the contention for electrical service among sensitive hardware and noise producing
equipment such as printers, typewriter, heaters, and fans may cause serious
reliability problems.
• ** m°St C08t cffective solution for surge suppression and noise
ft,- isolation, use of an ISOBAR AC line filter receptacle unit is recommended. The
ISOBAR is oneofjhe most effective electronic filters on the market They cost
approximately($68 Qfwiece. It provides:
*£&" ° Complete common and transverse mode surge and spike
^ protection; * F
. o Complete capacitive and transformer filtering of RFI and EML
. End
5'*" r>
t,o*<*u* ° Complete isolation between adjacent receptacles to prevent
f feedback from peripherals, such as printers. P
C M */•'*< /»* kt£i) /» 3 »»J
4-3
-------�
CRC-EPA-8450.106
If installed now, the LAN would operate; however, excessive errors
and retransmissions are .predicted. The recommendations are essentially low cost
solutions to significantly enhance reliability and system performance. After the
Token-Ring LAN is operational is is further recommended the performance of the
LAN is monitored and tested
After the installation, the following procedures, given in Appendix B
of the IBM Token-Ring Telephone Twisted-Pair Media Guide, will provide the first
step in identifying any environmental conditions still hampering the LAN's
performance. They include:
o Functional testing with the Token-Ring Network, involving
running the IBM Token-Ring Network PC Adapter Advanced
Diagnostics on an IBM PC with a Token-Ring Adapter installed
and connected to the wire loop; and
o Error rate tests. If the Advanced Diagnostics program runs
successfully, a data error rate monitor test is performed.
Finally, the Region 4 personnel involved in the planning, preparations,
and installation for the Superfund LAN should be commended. Working within the
limitations of budget and the existing environmental conditions, they have helped
insure a smooth and successful LAN implementation.
4-4
-------�
Appendix J - NDPD LAN Support Roles
-------�
** Q \ UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
\ ^\$- * Research Triangle Park. NC 27711
January 15, 1988
OFFICE OF
ADMINISTRATION
AND RESOURCES
MANAGEMENT
MEMORANDUM
SUBJECT: National Data Processing Division (NDPO) Support for LANs
FROM: Donald W. Fulford. Director
Natlonal Data Processing Division (MD-34)
TO: PC Site Coordinators
OIRM Division Directors
The Agency 1s now poised to Integrate personal computer local area
networking (LAN) as an Integral part of the Agency computing resources. The
following document Identifies the NDPD support structure for these local area
networks (LANs). The roles of various NDPD staff members are shown. Addition-
ally, we have anticipated six (6) user questions and have Included our response
to these Items.
This support structure, combined with our NDPD Technical Guidelines to
be released this month, should provide a good resource for Program Offices
Interested 1n using this technology. Please feel free to contact those
Identified with any questions you may have regarding their areas.
Attachments
cc: Ted Harris
Maureen Johnson
Dennis Schur
Charlie Webb
Bob Denny
Jerry Slaymaker
Don Worley
Carolyn Chamblee
Bruce Almlch
Bob Lewis
Ernie Watson
M1ke Stein
Denny Daniel
Dwlght Rodgers
-------�
Roles of Organization 1n LAN Implementation and Support
NDPD/AMPB
Don Worley:
Coordinate LAN requests with AOPOHB
Unisys
Define Acceptable Class of Service (ACS) for LANs
Develop long-range plans for LAN support of the Agency telecom-
munications system
Develop 1nter-LAN backbone architectural plans
Provide review and approval for LANs not meeting the Accepted
Class of Service (ACS) under TSRs
Carolyn Chamblee:
Develop proposed policies, standards, and guidelines
Conduct pilot studies as appropriate
Continue technology assessment 1n this arena
Develop guidance documents
Develop Agencywlde contracts to cover LAN technology
Provide consultation to other groups as needed
NDPD/ADPOMB
Bruce Almlch
Review all LAN TSRs with regard to facility wiring and connectivity,
Identification of a LAN Administrator, and the configuration
1ayout
Coordinates Washington LAN TSRs with the WIC
Responding to telecommunications requests to connect LANs to
other Agency resources
Coordinating NDPD resources needed for any LAN Installations
Develop and manage TSR process for LANs
Manage the distribution and testing of the network operating
system.
Unisys
Troubleshooting network and telecommunications.problems with LANs
Court of last resort for network wiring (not applications) problem
resolution
Provide operating system support to Include menu development,
software distribution, testing of new releases of the network
operating system with notification to LAN Administrators that
they should upgrade their operating system copies, and supporting
" older versions of the operating system for a period not to
-------�
exceed six months after notification to LAN Administrators to
upgrade.
Respond to LAN Administrator questions regarding LAN software
problems
NDPD/PMSB
Bob Lewis
Provide training function utilizing SMA contract. Information
Centers, Unisys, and/or other sources
Unisys
Provide management, scheduling, registration, and evaluation for
courses offered centrally
Provide the user support function for non-telecommunications
problems specifically Including the micro to mainframe communi-
cations area
Direct Incoming LAN Administrator questions and problems to
Network Support Group and/or Telecommunications for resolution
Ernie Watson
Provide Project Officer for LAN contract who will coordinate all
procurement Issues with PCMD and SMA, serve as management
Hason for the contract, set priorities, conduct quality
assurance reviews, develop contracting procedures, develop
communications with the LAN Administrators as a group, and
oversee all aspects of the contract
NDPD/ICB - Each Information Center's Staff
Provide application support for Lotus, dBASE, etc., as 1s currently
done for standalone PCs
Provide the LAN Administrator services for organizations on a
cost basis as documented and approved 1n the Operation Service
Agreement (OSA)
NDPD/ICB/HIC
Hike Stein
Principal point of contact for LANs 1n Washington, DC
Denny Daniel
Provide application support for Lotus, dBASE, etc. In Washington,
DC as Is currently done for standalone PCs
Provide the LAN Administrator resources for Washington, DC organizations
on a cost basis as documented and approved 1n the Operation
Service Agreement (OSA)
Dwlght Rogers
.Review all Washington, DC LAN TSRs with regard to facility wiring
and connectivity, Identification of a LAN Administrator, and
the configuration layout.
-------�
Coordinates Washington LAN TSRs with NDPD 1n Research Triangle
Park as required
Responding to Washington, DC telecommunications requests to
connect LANs to other Agency resources
Coordinating NDPO resources needed for any Washington, DC LAN
Installations
Develop and manage the Washington, DC TSR process for LANS In
concert with the national NOPD TSR process
Unisys
Troubleshooting Washington, DC network and telecommunications
problems with LANs
-------�
From a User's Viewpoint:
1. If a user organization wants a LAN but does not know how to begin their
plan, whom do they call?
There are several points of contact for users needing Information and
assistance. The local Information centers are good resources. Also,
Bryon Griffith of OIRM, NCC Telecommunications, Dan Johnston of SMA,
Ernie Watson, Carolyn Chamblee 1n AMPB, etc. are all able to provide the
users Initial Information. NDPO Is requiring a TSR for each LAN. A good
starting point would be to complete the TSR outlining briefly what your
Interests and requesting support. The TSR would go through NDPO TSR
processing procedures and support would be provided. One outcome of the
TSR process may be to recommend that the user organization contract with
SMA to provide planning and design services.
2. If a national program office 1s planning to provide or require LAN systems
1n the Regional Offices, who should they contact (other than the Regional
Office ADP Coordinator) to coordinate the planning?
The National Program Project Manager should coordinate with Bryon Griffith
in OIRM and and the Regional ADP Branch Chief. LAN TSRs'must be submitted
to NDPD regarding these LANs.
3. Who does a user call for support?
The user must always contact the local LAN Administrator for help. The
LAN Administrator may resolve the problem, refer the user to the Information
Center when applicable, contact NCC User Support at FTS 629-7862 or
Telecommunlcatons at FTS 629-4506 to request LAN support. NCC User
Support will register the call and contact the Systems Support Group
or Telecommunications Support to resolve the problem.
4. Who does a LAN Administrator call for support?
The LAN Administrator calls NCC User Support who will register the call
and then contact the Network Support Group (Steve Stoneman) or Telecommuni-
cations Support to resolve the problem. LAN Administrators can also call
Telecommunications Support at FTS 629-4506 for support. If the LAN
Administrator Is 1n Washington, the call will be forwarded to WIC Telecom-
munications when appropriate.
5. Can user organizations contact SNA directly for help in planning and/or.
resolving problems?
User organizations can contact SMA directly for help 1n planning. For
problems, users should work through their LAN Administrator. The LAN
Administrator will contact NDPD on problems that can not be solved at the
local level.
-------�
6. How much time Mill the LAN Administration duties require?
The following 1s our estimate of the manpower required for the Installation
and ongoing operation. The time shown 1s based on the LAN Administrator
Installing cards 1n PC to be connected, as well as the servers. If
multiple people are available, the calendar time will be less. Note that
after Installation, the time will not generally Involve e fixed number of
hours each week. When problems occur, the LAN Administrator may need to
devote full time until the problem 1s resolved. Also, these numbers do
not Include the time required to develop applications for users or to
provide user support for applications. These numbers may be revised
after more experience 1s gained with the technology. During Installation,
the LAN Administrator must be available on a full-time basis.
ESTIMATE OF MANPOWER FOR LAN ADMINISTRATORS
Nodes Installation 1st 3 months Ongoing
(manweeks) (%) (%)
<10
10-25
25-100
100+
2
3
3-12
12 .
35-50
50-75
50-100
100
10
50.
50-100
100
-------�
APPENDIX K - PHONE NUMBERS FOR LAN
ADMINISTRATORS
SOURCE
CONTACT
FTS
COMMERCIAL
ORDERING QUESTIONS, ACQUIRING SERVICES, & TRAINING
SMA 919/544-6311 (NC)
800/356-7813
PRINCIPAL POINT OF CONTACT
National Bruce Almich
HQ Mike Stein
629-3306 919/541-3306
202/488-5981
CONTRACT PROBLEMS
Ernie Watson
629-2143 919/541-2143
LAN SUPPORT & TROUBLESHOOTING:
National User Support
LANSYS
HQ WIC
629-7862 919/541-7862
629-2804 919/541-2804
202/488-5900
TELECOMMUNICATIONS!
Initiatives
National Bruce Almich
HQ Dwight Rodgers
Problems
TELECOM
629-3306 919/541-3306
202/382-2075
629-4506 919/541-4506
NON-'ACCEPTED CLASS OF SERVICE" LANS:
Carolyn Chamblee 629-2553
919/541-2553
-------� |