Open Enterprise Server 2018 SP2 Highlights

Micro Focus released Open Enterprise Server 2018 SP2 in late May 2020. Whether you’ve already deployed it in your OES environment or considering it, read on for how the update helps you.

As an OES customer, you are entitled to a host of supporting products from Micro Focus to help improve usability. I am leaving a list at the end of this article for your reference.

If you are new to OES, then, here is a quick recap. OES provides you with file and print services in an identity-centric manner. Apart from file and print, identity is also an essential aspect of OES that includes eDirectory and Domain Services for Windows. The file services include the in-house access control-rich hybrid file system, NSS, and a group of file access protocol implementations to ensure access to files on NSS to every desktop/server operating system and device.

The print services provide an enterprise-class self-service printing capability that is easy to deploy and use. It allows you to print from anywhere and on any device.

I hope that is clear. Now let’s review the changes in the latest OES 2018 SP2 release. The key highlights of this release, include:

  • Cloud Integrated Storage(CIS) enhancements (Insights, Desktop clients, Dry Policy runs)
  • NSS enhancements (Thin provisioning, Security)
  • NSS for AD enhancements (NFARM and NURM)
  • NCP enhancements (Encryption and Multi-factor authentication)
  • SMB/CIFS enhancements (Performance)
  • Domain Services for Windows (DSfW) enhancements (Schema and infrastructure updates)
  • Numerous other bug fixes, enhancements, and performance improvements
  • All the above run on top of SUSE Linux Enterprise Server 12 SP5 and eDirectory 9.2.x
  • iPrint Advanced (formerly iPrint for OES) is now an OES install pattern (this simplifies distribution, upgrades, and patching)
  • Updated Micro Focus Subscription Management Tool (SMT) for patching OES etc.

Cloud Integrated Storage (CIS) Enhancements
We shipped production-ready CIS in the last release (OES 2018 SP1). The CIS implementation helps you extend NSS to the cloud to manage your storage securely. It is a data-tiering solution to help you manage and migrate the less frequently used data to any S3 compatible cloud storage without disrupting user access.

To further improve CIS experience, we introduced capabilities that help administrators as well as users. The CIS Insights page now includes a Top Cold Data Users section which allows administrators to evaluate the top hot or cold data storage consumers. (Figure 1).

Figure 1: CIS Insights with Top Cold Data Users

Improving the administrator experience is important, so we are adding support for two dry policy runs – Free Space Calculation and Storage Space Estimation. These dry runs help your administrator identify the storage requirements when migrating files between on-premise and cloud storage (Figure 2).

Figure 2: CIS Policy Type and Migration Schedule

The agents running on your OES servers gather metadata information which is then used by the central CIS server to provide the administrator an overview of the storage consumption, which helps in refining policies. These agents ran at a pre-configured (or hard-coded) interval to run a full scan against the NSS volumes up until the last release. We have now enabled administrators to schedule the scan to run at any time of the day and interval that suits your organisation’s needs. You can also specify whether each run should scan all files or only the changes since the last run – an incremental scan. Besides the agents are intelligent enough to pick up from where they left the previous run, which we refer to as a differential scan.

We are introducing CIS clients for Windows and macOS to improve the user experience. The primary goal of the CIS client is to prevent the unwarranted download of cloud files on macOS. Apart from this, the CIS client for Windows also uses cloud overlay icons on the files in the cloud to let the user know the file origin (Figure 3). More features for the CIS client will be released in future.

Figure 3: CIS Cloud overlay icons on the files stored in the cloud

Did you know? You can migrate your existing NSS DST pair to a CIS volume and take advantage of rich CIS policies. You don’t need to purchase cloud storage to deploy CIS for testing.

NSS Enhancements
NSS is the file system of choice due to rich access control support and built-in high availability through OES cluster integration. Additional noteworthy features include native 4kn support, encryption, salvage, rich file attributes, distributed file system (DFS) etc.

We are adding support for Thin Provisioning in NSS to help you optimise the utilisation and get more accurate reporting of storage consumption. A thin-provisioned NSS volume allocates blocks of data on-demand. The storage allocated to a thin-provisioned NSS volume is written/consumed only when a user uploads data to it.

When you delete the data, the free space is released to the storage system. If you have enabled salvage on NSS volume, then, the storage is returned only after purging the salvaged files. This feature is available only on VMware storage. Support for KVM and XEN will come with future releases.

The security aspect of the file system is enhanced in the form of AES-256 bit encryption support. There are also numerous usability and performance improvements in all of the file system and clustering components.

Apart from encryption, OES auditing (known as Vigil) is another crucial security feature of NSS. OES auditing now supports audit output in Common Event Format (CEF). It enables a host of CEF compatible auditing solutions to consume and report on NSS auditing. Support for Micro Focus ArcSight integration is coming soon.

Did you know? The pools are limited to 8 TB for NSS32 and 8 EB for NSS64. While the additional storage provisioning on NSS64 saves you administration time, it can be faster to backup smaller NSS32 volumes.

NSS for AD Enhancements
NSS for AD lets you take advantage of your organisation’s needs to adopt Active Directory as an identity source. It enables Active Directory users to access and manage NSS volumes similar to eDirectory users.

We built NFARM or OES File Access Rights Management clients to help Active Directory users manage rights and quota as well as salvage and purge files on NSS volumes.

The NFARM client for Windows now supports the management of eDirectory as well as Active Directory users’ rights and quota (Figure 4). It takes away the need for deploying the client for OES to manage eDirectory users rights and quota.

The NFARM client on macOS now supports the management of Active Directory users rights and quota.(Figure 5).

Figure 4: NFARM client on Windows
Figure 5: NFARM client on macOS

NCP Enhancements
The improved Client for OES integration with NetIQ Advanced Authentication provides a secure and seamless login experience to Windows for your users.

Numerous government regulations may require your organisation to encrypt all network traffic. We took note of this and added support for encrypting NCP traffic between Client for OES on Windows and NCP servers to enhance security further (see Figure 6). As with the multi-factor authentication you may enforce encryption of NCP traffic as required.

Did you know? You can deploy Client for OES with multi-factor authentication alongside ZENworks agent to enforce DLU policy.

Figure 6: NCP network traffic diagram

SMB/CIFS Enhancements
We are adding support for oplock leases in the OES implementation of the SMB protocol. Leases are an enhancement to traditional oplock, which facilitates improved file caching by the clients and thus enhances the overall performance (by up to 35% in lab tests).

Apart from oplock leases, Zerocopy support introduced in this release allows for faster transfer of data between the file system and network buffers, thereby improving performance.

Did you know? SMB encryption provides secure SMB data transfer with minimal impact in performance.

Domain Services for Windows Enhancements
Domain Services for Windows (DSfW) emulates AD and supports enterprise applications requiring AD-style authentication. You can join and enforce group policies on Windows workstations.

Support for macOS workstations joining DSfW domains is coming soon.

We updated the SMB and Kerberos stack for enhanced stability, security, and interoperability. Further interoperability improvement includes AD 2016 schema and functional level support.

Some customers have requested support for NSS AD and DSfW deployment in the same tree. It is now possible to deploy NSS AD against DSfW in the same tree by tweaking the CIFS configuration on OES --map-adsessions-to-edir which allows users to authenticate as an AD user while authorising an equivalent eDirectory user.

An additional fallback option to this configuration enables AD users in a DSfW domain having a trust with one or more AD forests to access NSS AD volumes.

Did you know? With the help of health script, you can periodically monitor the health of DSfW servers . The script also suggests quick fixes and knowledge articles when something is not right.

iPrint Advanced
As an OES customer, you are entitled to iPrint for OES with advanced desktop printing capabilities. iPrint for OES is now known as iPrint Advanced and available as an OES pattern in the OES media. We did so to simplify the deployment and deliver the updates through a single OES patch channel.
We also single-sourced the iPrint Advanced and iPrint appliance source so that in future we can deliver features and fixes simultaneously on both platforms. There is no change in the licensing of iPrint desktop and mobile.

OES Entitlements
As an OES customer, your entitlement list includes these products:

  • Filr Standard (including the recently refreshed web client UI) (with upgrade to Advanced at a special price)
  • iPrint Desktop (Appliance)
  • iPrint Advanced (capabilities like walk-up printing, Chromebook printing at no additional cost)
  • Cluster Services: 2 node
  • Identity Manager Bundle Edition (IDM BE)
    Up to 250,000 authentication only users in eDirectory
  • SLES subscription to host OES (Refer OES EULA)
  • Self Service Password Reset (SSPR) (indirect entitlement via IDM BE)
  • Advanced Authentication Limited

Upgrading to the latest version
OES 2018 SP2 comes packed with enhancements to cater for your requirements. We support direct upgrades from OES 11 SP3 and above to OES 2018 SP2. If you are already on OES 2018 SP1, we support channel upgrade to SP2 with minimal downtime.

Figure 7. Supported Upgrade Paths to OES 2018 SP2

To conclude

I would strongly recommend looking at how you can improve the stability, security, and take advantages of the enhancements by upgrading to OES 2018 SP2.

Leave a Reply