Compaq Advanced Server for OpenVMS
Server Administrator's Guide


Previous Contents Index

2.3.5 Changing Time Zones or Daylight Savings Time Settings

To properly represent the time in your local environment, you must set up the OpenVMS time zone information before the server is started, as explained in the Compaq Advanced Server for OpenVMS Server Installation and Configuration Guide. If your server is moved to a location in a different time zone, you must set the new time zone information accordingly. If your server system resides in an area that observes daylight savings time, the time zone information must be modified appropriately when daylight savings starts and ends. You can use the OpenVMS SYS$EXAMPLES:DAYLIGHT_SAVINGS.COM procedure to adjust the system time and TDF automatically twice a year.

You check and set the time zone and time differential factor (TDF) settings on your system by running the OpenVMS command procedure UTC$TIME_SETUP.COM. (This command procedure defines the logicals needed by the Advanced Server.) From the SYSTEM account, enter the following command to begin the procedure:


$ @SYS$MANAGER:UTC$TIME_SETUP.COM 

When you elect to change the time zone or TDF setting, or both, the changes are also made clusterwide if your server participates in an OpenVMS Cluster.

If you change any time zone information, you must restart the server for the time to be properly represented.

For more information on running the command procedure and resetting the time zone and TDF, refer to the OpenVMS System Manager's Manual.

2.4 Advanced Server in OpenVMS Clusters

Some servers in your network may be configured in an OpenVMS Cluster environment. Advanced Servers running in an OpenVMS Cluster share the same copy of the user accounts and shares databases and assume a single role, either a primary domain controller, a backup domain controller, or a member server. They operate as a single entity identified by the Advanced Server cluster alias name.

When you change the server role on one member of an OpenVMS Cluster, the role on all cluster members running the Advanced Server is also changed accordingly.

Use the SHOW COMPUTERS command to display a list of all the nodes in the cluster with the server role. Because of the way a Windows NT Server detects the cluster, the information displayed by the Windows NT Server Manager may not reflect the cluster role information accurately when the cluster is a primary domain controller.

The following sections discuss the Advanced Server cluster alias and cluster load balancing in LANs and WANs:

2.4.1 About the Advanced Server Cluster Alias

In an OpenVMS Cluster, an Advanced Server cluster alias name allows all the members of the OpenVMS Cluster that are running the Advanced Server to be addressable as a single entity.

Unlike the DECnet and TCP/IP cluster aliases, the Advanced Server cluster alias is transport independent. (The TCP/IP cluster alias is also referred to as the TCP/IP cluster impersonator name.)

Clients can access resources on the OpenVMS Cluster by connecting to the cluster using the Advanced Server cluster alias or the name of a specific Advanced Server cluster member. Make sure a static entry for the Advanced Server cluster alias is defined in each client's LMHOSTS file, or a static multihomed entry is defined in the WINS (Windows Internet Name Service) database; however, if load balancing and failover are desired for LAN or WAN environments, remove any static entries for the cluster alias from the LMHOSTS file and the WINS database to ensure that the cluster alias is resolved appropriately. Failover occurs when the node to which the client is connected becomes unavailable; the client is reconnected (using the Advanced Server alias) to the cluster member that is least loaded. For more information on load balancing, see Section 2.4.3, Cluster Load Balancing in LANs, and Section 2.4.4, Dynamic Cluster Load Balancing in WANs.

Note

If LMHOSTS is the only method you are using for resolving NetBIOS names, other domain controllers (including the PDC) that are not in the same subnet as the Advanced Server cluster must add an entry for the Advanced Server cluster alias to their LMHOSTS file. The LMHOSTS file does not offer any means for mapping multiple IP addresses to a single NetBIOS name. Therefore, the entry for the Advanced Server cluster alias must be mapped to the IP address of one specific server cluster member. If the Advanced Server is stopped on that cluster member, you must modify the LMHOSTS file to map the cluster alias name to the IP address of a cluster member on which the Advanced Server is still running. On systems running a Microsoft Windows operating system, the NetBIOS name cache must also be reloaded using the command NBTSTAT -R (capital R required).

Due to the LMHOSTS limitations noted above, it is difficult (and perhaps unmanageable) to gain the benefits of load balancing and failover using an LMHOSTS file.

2.4.2 Defining the Advanced Server Cluster Alias

You define the Advanced Server cluster alias name when you run the PWRK$CONFIG configuration procedure. The Advanced Server cluster alias name is a NetBIOS name that is unique among domain names and server names. OpenVMS Clusters running DECnet may have a DECnet cluster alias name defined as well. The DECnet cluster alias name is used by the DECnet transport only. OpenVMS Clusters running TCP/IP may have a cluster alias defined for the purpose of providing failover for Network File System (NFS) clients. The Advanced Server cluster alias can be the same as the TCP/IP cluster alias and/or the DECnet cluster alias; however, Compaq strongly recommends that the Advanced Server cluster alias not be the same as the TCP/IP cluster alias.

Note

Do not use the name of the domain as the Advanced Server cluster alias; if they are the same, the NetLogon service will fail to start.

During the initial configuration process (when you run PWRK$CONFIG.COM), you can accept the default Advanced Server cluster alias name (nodename_ALIAS), or you can specify a different name. For more information about the PWRK$CONFIG.COM command procedure and configuring the Advanced Server alias, refer to the Compaq Advanced Server for OpenVMS Server Installation and Configuration Guide.

When an Advanced Server running on an OpenVMS Cluster joins a domain, a computer account by the name of the cluster alias is created in the domain security database; a separate account is not created for each cluster member running the Advanced Server.

Clients using the Advanced Server cluster alias to obtain Advanced Server services can gain the benefit of load balancing, in which the alias is resolved to the Advanced Server cluster member that has the least load. For more information on cluster load balancing, see Section 2.4.3, Cluster Load Balancing in LANs, and Section 2.4.4, Dynamic Cluster Load Balancing in WANs.

Note that when a client connects to a server using the Advanced Server cluster alias, the connection is associated with the network address of the cluster member to which the client is actually connected. Additional connections made from the same client to the Advanced Server alias are made directly to the same cluster member. Once a client is connected, no further load balancing for that client is done. When the node to which the client is connected becomes unavailable, failover is possible: the client is reconnected (using the Advanced Server alias) to the cluster member that is least loaded.

Note

To perform administrative functions on a particular cluster member, you must connect to that member by using its specific node name, rather than the cluster alias.

The Advanced Server cluster alias is stored in the OpenVMS Registry as value AliasName in the following key:


SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName 

To display the current Advanced Server cluster alias, as defined in the OpenVMS Registry, use the following command:


$ REGUTL SHOW VALUE * ALIASNAME 

For more information about using REGUTL, see Section 7.2.4, Using the PWRK$REGUTL Utility to Manage Advanced Server Parameters in the OpenVMS Registry.

2.4.3 Cluster Load Balancing in LANs

The Advanced Server cluster alias makes load balancing possible for clients that are on the same LAN as the server. To gain the benefits of load balancing and failover, clients must connect to the Advanced Server on the OpenVMS Cluster by using the Advanced Server cluster alias. The clients use the NetBIOS broadcast facility to request resolution of the Advanced Server cluster alias. Only one Advanced Server node in the cluster is designated to respond to the request: the Advanced Server node that is the least loaded of the servers in the cluster. The relative loads of the servers in the cluster are checked periodically, and so the node designated to respond will change from time to time.

Cluster load balancing is not available if clients using Windows Internet Name Service (WINS) to resolve the Advanced Server cluster alias have a static entry for this alias in the WINS database.

2.4.4 Dynamic Cluster Load Balancing in WANs

Dynamic cluster load balancing is available for service requests from WAN clients that are outside the server cluster's LAN. Dynamic cluster load balancing for WAN environments is provided by Compaq TCP/IP Services for OpenVMS (Version 5 or later), and uses a Domain Name System (DNS) server to resolve the Advanced Server cluster alias name, instead of WINS or LMHOSTS. The Advanced Server cluster alias name should be registered as a cluster name (that is, as having multiple A resource records for a single host name) at the authoritative DNS server for the TCP/IP domain to which the cluster belongs. This DNS name server must support dynamic updates (Berkeley Internet Name Domain (BIND) server, Version 8.1.1 or later).

The DNS server associates the Advanced Server cluster alias name with an ordered list of the IP addresses of all, or more typically, a subset of, associated cluster nodes that are running the Advanced Server. The order of the list is based on the relative loads of the servers in the cluster. The DNS name server returns this ordered list to any client querying for the server cluster alias name. Periodically, the cluster load balancing software dynamically updates this cluster alias entry at the DNS server, providing a new ordered list of associated IP addresses, based on the latest relative loads on the servers running in the cluster.

Note

To have DNS resolve NetBIOS names, you must enable NetBIOS name resolution using DNS, as described in Section 7.1.6.2, Selecting NetBIOS Name Resolution. To correctly resolve the Advanced Server cluster alias and gain the benefits of cluster load balancing, all clients and servers should enable NetBIOS name resolution using DNS.

2.4.4.1 Background and Overview: Advanced Server Clusters and Load Balancing

The Advanced Server encompasses many of the features of the OpenVMS operating system, including OpenVMS Clusters and symmetric multiprocessing. Advanced Servers in your network that are configured in an OpenVMS Cluster environment share the same copy of the domain security accounts and shares databases and assume a single role, either a PDC, BDC, or member server.

For Advanced Servers in an OpenVMS Cluster, you must define a server cluster alias so that client workstations and network nodes can address the Advanced Servers in the OpenVMS Cluster as a single entity.

Clients should connect to the Advanced Server using the Advanced Server cluster alias; the client is connected to the least-loaded server in the OpenVMS Cluster. To gain the benefits of load balancing and failover using DNS, remove any entries for the cluster alias from the LMHOSTS file on clients, and remove any static entries for the cluster alias from the WINS database on WINS servers that might be used by clients.

2.4.4.2 The Software for Dynamic Cluster Load Balancing in WANs

The Advanced Server for OpenVMS in conjunction with TCP/IP Services for OpenVMS provides dynamic load balancing through use of the load broker. The load broker is a configurable software component that calculates the relative loads of Advanced Server cluster members so that client requests for services can be distributed appropriately among these members. For information about configuring the load broker, refer to the latest TCP/IP Services for OpenVMS documentation of cluster load balancing with BIND servers.

The load broker periodically polls the Metric Server running on the cluster members to determine the current load on each member and then compiles a list of all cluster members associated with the Advanced Server cluster alias, dropping any systems that are not responding, and ordering the list based on the relative loads. The load broker provides this list when it sends a dynamic update request to a specified DNS server. The DNS server then updates the Advanced Server cluster alias name entry in the DNS name server database.

The DNS name server uses this ordered list to answer client requests for the Advanced Server cluster alias name. In addition, to further balance the load among the server members of the cluster, the name server uses round-robin scheduling. For every consecutive request for resolving the Advanced Server cluster alias, the name server returns a new list, rotated by one (the second server in the preceding list now being the first server in the new list, and so on).

2.4.4.3 Enabling Dynamic Load Balancing Using TCP/IP Services for OpenVMS

To enable dynamic cluster load balancing for service requests from WAN clients, complete the following tasks:

Review the following guidelines:


Chapter 3
Managing Users and Groups

On OpenVMS, you use Advanced Server ADMINISTER commands to manage network user accounts and groups for domains and computers. You can also use the Windows NT server administration tool, User Manager for Domains, to perform these tasks.

The following topics are discussed in this chapter:

Network user accounts and groups are separate and distinct from OpenVMS user accounts and groups. This guide discusses management of network user accounts and groups using Advanced Server.

3.1 Managing Network User Accounts

A network user account contains all the information that defines an Advanced Server user. This includes user name, password, and group memberships. It can also include information such as the user's full name, the user account description, user profile information, a list of logon workstations, and a schedule of authorized logon hours.

3.1.1 Built-In User Accounts

Two predefined, built-in user accounts are provided when an Advanced Server is installed:

Note

Guest users should not create files in their default directory that they do not want other users to access, because all users logged on as Guest access the same default directory.

3.1.2 Types of User Accounts

Every network user account is either a global account or a local account:

3.1.3 User Account Attributes

The user account identifies the user to Advanced Server. The user account is used to authenticate the user both when the user logs on to the domain and when the user requests access to shared resources.

Each user account must have a unique user name in the domain. When you create a user account, you can specify the user account attributes shown in Table 3-1, User Account Attributes.

Table 3-1 User Account Attributes
Attribute Contains
User name The user's account name (up to 20 alphanumeric characters).
Password The password the user enters to log on to the account (up to 14 uppercase and lowercase alphanumeric characters). Passwords entered on ADMINISTER command lines are converted to uppercase unless enclosed within quotation marks.
Full name User's full name, typically more complete than the account name (up to 256 characters).
Description A brief text string describing the account.
Expiration date Date when the account expires.
Type Global or local.
Group names The names of groups of which the user is a member. Determines privileges and access.
Logon restrictions Logon hours and valid workstations.
Logon script A script that is executed when the user logs on.
Home directory A specified location containing files and programs for the user.
User profile Setup information for the user's specific environment.

Advanced Server allows you to integrate OpenVMS user accounts with network user accounts. Network user accounts can be linked (host mapped) to OpenVMS user accounts, simplifying user account management, ensuring password synchronization, and providing automatic access to network administration functions for OpenVMS system manager and operators. See Section 3.1.16.2, Establishing User Account Host Mapping, for more information.

To set account characteristics across all network user accounts, set the account policy, as described in Section 2.2.1, Managing the Account Policy.

User accounts are stored in the domain's Security Account Manager (SAM) database. The SAM database is maintained by the primary domain controller and periodically updated on the backup domain controllers. One of the computers in the domain must be running as a primary domain controller in order for user accounts to be created or modified.


Previous Next Contents Index