SlideShare a Scribd company logo

Cl309

Download as ODP, PDF
Juliette Ponnet, profile picture
Juliette Ponnet

The document provides an overview of Novell Storage Services features and architecture when implemented on Linux using Novell Open Enterprise Server. It discusses features such as trustee models, quotas, compression. It describes the architecture which uses components like EVMS, NSS storage subsystem, NCP server, and VFS. It also covers tuning, troubleshooting, and clustering aspects of Novell Storage Services on Linux.

Technology
1 of 72
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Novell Storage Services ™ File System Performance, Clustering and Auditing in Novell ® Open Enterprise Server on Linux Marcus Gould Premium Support Engineer Novell, Inc. [email_address] Bart Schoofs WorldWide Support Engineer Novell, Inc. [email_address] Adam Jerome Senior Software Engineer Novell, Inc. [email_address] Vijai Babu Madhavan Filesystem Engineer Novell, Inc. [email_address]
Agenda Novell Storage Services ™ Feature and Architecture Review
Novell Storage Services and NCP ™ Tuning and Troubleshooting
Novell Storage Services Auditing (Vigil)
Novell Storage Services ™ Feature and Architecture Review
Novell Storage Services ™ Features Trustee Model Inherited Rights
Visibility Salvage
Directory Quotas
User Quotas
Compression
Data Shredding
Immediate Flush
Novell Storage Services ™ Features Multiple Name Spaces
Distributed File Services (DFS)
Multiple Server Activation Prevention
Archive / Versioning enabled
Logical Volumes and Pools
Encryption
Pool Snapshot
File Snapshot (COW)
Architecture: Novell Storage Services ™ on Linux User Kernel Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
Architecture: Novell Storage Services ™ on Linux Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
EVMS (Enterprise Volume Management System) Allows NSS pools to be moved between NetWare ® and OES Linux Without modification
NetWare-created pools can mount on Linux
Linux-created pools can mount on NetWare
Must stick to iManager and nssmu Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
Novell Storage Services ™ NSS automatically mounted in NCP ™ Disable NCP via Remote Manager e.g. Shadow Volumes Mounted in Linux file system /media/nss/<Volume_Name> novell-nss kernel module
All features work as NetWare ® Except non-LUM modifier, archiver and deleter of files show as root Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
eDirectory ™ eDirectory users can access NSS
Local users require LUM NSS uses eDirectory GUIDs internally
Linux uses UIDs internally
Linux passes UIDs to NSS
LUM links GUID to UID via eDirectory NSS maintains multiple ID caches G2I, I2G and SEV caches Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) Registers NSS as a normal Linux file system POSIX rwx attributes represent NetWare ® attributes Read: NetWare Hidden attribute
Write: Set unless file is read-only
Execute: NetWare Execute attribute (cannot copy) or subdirectory Most access to NSS is via VFS (POSIX Layer)
Some access to NSS directly via zAPI e.g. SMS, AFP Trustee rights are enforced Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 Client NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme Client LUM NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships (4) NSS does normal trustee checking based on users and groups returned by eDirectory Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server Communicates with NSS Via VFS Runs as part of eDirectory ™ (ndsd)
No standalone NCP daemon /etc/opt/novell/ncpserv.conf
/var/opt/novell/log/ncpserv.log ncp2nss daemon /etc/opt/novell/ncp2nss.conf
/var/opt/novell/log/ncp2nss.log Also uses Extended Attributes and _admin
Processes NEB events from NSS Maintains own trustee store Synchronised with NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server Can make Linux volumes available via NCP Can mount native Linux file systems ncpcon create volume NCP does not require LUM, but... OES1 Owner, modifier, archiver and deleter are all root
User quotas and salvage will not work OES2 Owner will be correct and user quotas will work OES2 SP2 (& OES2SP1+Patches) Owner, modifier, archiver and deleter will work
User quotas and salvage will work Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server (1) User and Group information for the connection joe.acme is using NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root (5) Change owner to joe.acme (by GUID) NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
Tuning Novell Storage Services ™
Linux Memory Recap Kernel Memory Low memory directly addressable by the kernel
Bottom 1GB on 32 Bit Linux (can be customised)
All memory on 64 Bit Linux User Memory aka HiMem High memory used by applications
Kernel has to map it to use it 0 1 4 GB 2 3 User Kernel
Novell Storage Services ™ Caching Files Objects in memory (Beasts / inodes)
Packed on disk in 4K Blocks (Metadata Blocks) Metadata 4K Pages in Memory
Unpacked into Objects User Data 4K Pages in Memory
Saved on disk as 4K Blocks (User data Blocks)
Novell Storage Services ™ Caching on Linux 32 Bit NSS Metadata cached in HiMem Private: Memory dedicated to, and managed by, NSS (default)
Linux: Memory shared with, and managed by, Linux
nss /HighMemoryCacheType=Private|Linux|None NSS User data integrated into Linux cache 64 Bit No HiMem memory constraints
Metadata cache configurable nss /MinBufferCacheSize NSS User data integrated into Linux cache
Previous Versions of Novell Storage Services ™ on Linux Open Enterprise Server (OES) All user and metadata in kernel memory OES SP1 NSS Metadata cached in kernel memory
NSS user data integrated into Linux cache OES SP2 NSS Metadata cached in HiMem nss /HighMemoryCacheType NSS User data integrated into Linux cache
Previous Versions of Novell Storage Services ™ on Linux OES2 64 bit OES2 SP1 Enhanced version of OES2 OES2 SP2 Improved Read-ahead algorithm (Stepping Window) OES2 SP3 Improved I/O Scheduler interactions

More Related Content

ODP
Cl219
Juliette Ponnet
 
ODP
Cl115
Juliette Ponnet
 
ODP
Cl116
Juliette Ponnet
 
PPT
Cl107
Juliette Ponnet
 
ODP
Cl310
Juliette Ponnet
 
ODP
Cl207
Juliette Ponnet
 
ODP
Cl221
Juliette Ponnet
 
PPT
Active directory installation windows 2003 1
tameemyousaf
 
Cl219
Juliette Ponnet
 
Cl115
Juliette Ponnet
 
Cl116
Juliette Ponnet
 
Cl107
Juliette Ponnet
 
Cl310
Juliette Ponnet
 
Cl207
Juliette Ponnet
 
Cl221
Juliette Ponnet
 
Active directory installation windows 2003 1
tameemyousaf
 

What's hot (20)

PDF
Domain Services for Windows: Best Practices for Windows Interoperability
Novell
 
DOC
Server interview[1]
sourav nanda
 
PDF
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVA
 
PDF
Novell Open Enterprise Server for Beginners
Novell
 
PDF
Novell Storage Manager: Your Secret Weapon for Simplified File and User Manag...
Novell
 
PPT
Distributed Filesystems Review
Schubert Zhang
 
PDF
Preparing forfirstconnectionsinstall
Gabriella Davis
 
PPTX
New File Server Features Of Windows Server 2008
Microsoft TechNet
 
PPTX
Deep Dive Into Windows Server 2012 Hyper-V
Lai Yoong Seng
 
PPTX
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
DOC
Lesson 4 intro to advanced o perating systems
Jo Ko
 
PPTX
Failover cluster
Chinmoy Jena
 
PDF
Introduction to failover clustering with sql server
Eduardo Castro
 
PPT
OSCh16
Joe Christensen
 
PPTX
Windows Server 2008 R2 Overview
Steven Wilder
 
PPT
Coda file system tahir
Mohammad Faizan
 
PPTX
Windows Server 2008 R2
Rishu Mehra
 
PPTX
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Amit Gatenyo
 
PPTX
Windows Server 2008 Management
Hi-Techpoint
 
PDF
Server 2008 r2 ppt
Raj Solanki
 
Domain Services for Windows: Best Practices for Windows Interoperability
Novell
 
Server interview[1]
sourav nanda
 
GWAVACon 2013: Novell Open Enterprise Server - Roadmap and Future
GWAVA
 
Novell Open Enterprise Server for Beginners
Novell
 
Novell Storage Manager: Your Secret Weapon for Simplified File and User Manag...
Novell
 
Distributed Filesystems Review
Schubert Zhang
 
Preparing forfirstconnectionsinstall
Gabriella Davis
 
New File Server Features Of Windows Server 2008
Microsoft TechNet
 
Deep Dive Into Windows Server 2012 Hyper-V
Lai Yoong Seng
 
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
Lesson 4 intro to advanced o perating systems
Jo Ko
 
Failover cluster
Chinmoy Jena
 
Introduction to failover clustering with sql server
Eduardo Castro
 
OSCh16
Joe Christensen
 
Windows Server 2008 R2 Overview
Steven Wilder
 
Coda file system tahir
Mohammad Faizan
 
Windows Server 2008 R2
Rishu Mehra
 
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Amit Gatenyo
 
Windows Server 2008 Management
Hi-Techpoint
 
Server 2008 r2 ppt
Raj Solanki
 
Ad

Similar to Cl309 (20)

PDF
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
 
PDF
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
 
PDF
Life without the Novell Client
Novell
 
ODP
Practical Tips for Novell Cluster Services
Novell
 
PDF
File Access in Novell Open Enterprise Server 2 SP2
Novell
 
PDF
Xen server storage Overview
Nuno Alves
 
PPTX
VMware Advance Troubleshooting Workshop - Day 4
Vepsun Technologies
 
PPTX
VMware vSphere 6.0 - Troubleshooting Training - Day 4
Sanjeev Kumar
 
PDF
Access Network Attached Storage in RHEL - RHCSA (RH134).pdf
RHCSA Guru
 
PDF
Securing Your Linux System
Novell
 
PPT
Chapter 05
cclay3
 
PPT
Vmware Command Line
lifeit
 
PPT
Nfs
tmavroidis
 
PPTX
Linux network file system (nfs)
Raghu nath
 
PPT
NFS.ppt shshsjsjsjssjsjsksksksksksisisisisi
mukul narayana
 
PDF
GWAVACon 2013: Novell Open Enterprise Server Best Practices
GWAVA
 
PPT
Ch18 system administration
Raja Waseem Akhtar
 
PPT
Distributed System by Pratik Tambekar
Pratik Tambekar
 
PDF
VMWare VSphere4 Documentation Notes
Grit Suwa
 
PDF
Presentation integration vmware with emc storage
solarisyourep
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
 
Life without the Novell Client
Novell
 
Practical Tips for Novell Cluster Services
Novell
 
File Access in Novell Open Enterprise Server 2 SP2
Novell
 
Xen server storage Overview
Nuno Alves
 
VMware Advance Troubleshooting Workshop - Day 4
Vepsun Technologies
 
VMware vSphere 6.0 - Troubleshooting Training - Day 4
Sanjeev Kumar
 
Access Network Attached Storage in RHEL - RHCSA (RH134).pdf
RHCSA Guru
 
Securing Your Linux System
Novell
 
Chapter 05
cclay3
 
Vmware Command Line
lifeit
 
Nfs
tmavroidis
 
Linux network file system (nfs)
Raghu nath
 
NFS.ppt shshsjsjsjssjsjsksksksksksisisisisi
mukul narayana
 
GWAVACon 2013: Novell Open Enterprise Server Best Practices
GWAVA
 
Ch18 system administration
Raja Waseem Akhtar
 
Distributed System by Pratik Tambekar
Pratik Tambekar
 
VMWare VSphere4 Documentation Notes
Grit Suwa
 
Presentation integration vmware with emc storage
solarisyourep
 
Ad

More from Juliette Ponnet (8)

ODP
Cl210
Juliette Ponnet
 
ODP
Cl210 lab
Juliette Ponnet
 
ODP
Cl302
Juliette Ponnet
 
ODP
Cl212
Juliette Ponnet
 
ODP
Cl306
Juliette Ponnet
 
ODP
Cl105
Juliette Ponnet
 
ODP
Cl117
Juliette Ponnet
 
ODP
Cl104
Juliette Ponnet
 
Cl210
Juliette Ponnet
 
Cl210 lab
Juliette Ponnet
 
Cl302
Juliette Ponnet
 
Cl212
Juliette Ponnet
 
Cl306
Juliette Ponnet
 
Cl105
Juliette Ponnet
 
Cl117
Juliette Ponnet
 
Cl104
Juliette Ponnet
 

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Cloud computing and distributed systems.
kkkkkhan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 

Cl309

  • 1. Novell Storage Services ™ File System Performance, Clustering and Auditing in Novell ® Open Enterprise Server on Linux Marcus Gould Premium Support Engineer Novell, Inc. [email_address] Bart Schoofs WorldWide Support Engineer Novell, Inc. [email_address] Adam Jerome Senior Software Engineer Novell, Inc. [email_address] Vijai Babu Madhavan Filesystem Engineer Novell, Inc. [email_address]
  • 2. Agenda Novell Storage Services ™ Feature and Architecture Review
  • 3. Novell Storage Services and NCP ™ Tuning and Troubleshooting
  • 4. Novell Storage Services Auditing (Vigil)
  • 5. Novell Storage Services ™ Feature and Architecture Review
  • 6. Novell Storage Services ™ Features Trustee Model Inherited Rights
  • 13. Novell Storage Services ™ Features Multiple Name Spaces
  • 21. Architecture: Novell Storage Services ™ on Linux User Kernel Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 22. Architecture: Novell Storage Services ™ on Linux Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 23. EVMS (Enterprise Volume Management System) Allows NSS pools to be moved between NetWare ® and OES Linux Without modification
  • 24. NetWare-created pools can mount on Linux
  • 25. Linux-created pools can mount on NetWare
  • 26. Must stick to iManager and nssmu Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 27. Novell Storage Services ™ NSS automatically mounted in NCP ™ Disable NCP via Remote Manager e.g. Shadow Volumes Mounted in Linux file system /media/nss/<Volume_Name> novell-nss kernel module
  • 28. All features work as NetWare ® Except non-LUM modifier, archiver and deleter of files show as root Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 29. eDirectory ™ eDirectory users can access NSS
  • 30. Local users require LUM NSS uses eDirectory GUIDs internally
  • 31. Linux uses UIDs internally
  • 33. LUM links GUID to UID via eDirectory NSS maintains multiple ID caches G2I, I2G and SEV caches Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 34. VFS (Virtual File Services) Registers NSS as a normal Linux file system POSIX rwx attributes represent NetWare ® attributes Read: NetWare Hidden attribute
  • 35. Write: Set unless file is read-only
  • 36. Execute: NetWare Execute attribute (cannot copy) or subdirectory Most access to NSS is via VFS (POSIX Layer)
  • 37. Some access to NSS directly via zAPI e.g. SMS, AFP Trustee rights are enforced Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 38. VFS (Virtual File Services) Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 39. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 Client NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 40. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme Client LUM NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 41. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 42. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships (4) NSS does normal trustee checking based on users and groups returned by eDirectory Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 43. NCP ™ Server Communicates with NSS Via VFS Runs as part of eDirectory ™ (ndsd)
  • 44. No standalone NCP daemon /etc/opt/novell/ncpserv.conf
  • 45. /var/opt/novell/log/ncpserv.log ncp2nss daemon /etc/opt/novell/ncp2nss.conf
  • 46. /var/opt/novell/log/ncp2nss.log Also uses Extended Attributes and _admin
  • 47. Processes NEB events from NSS Maintains own trustee store Synchronised with NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 48. NCP ™ Server Can make Linux volumes available via NCP Can mount native Linux file systems ncpcon create volume NCP does not require LUM, but... OES1 Owner, modifier, archiver and deleter are all root
  • 49. User quotas and salvage will not work OES2 Owner will be correct and user quotas will work OES2 SP2 (& OES2SP1+Patches) Owner, modifier, archiver and deleter will work
  • 50. User quotas and salvage will work Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 51. NCP ™ Server Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 52. NCP ™ Server (1) User and Group information for the connection joe.acme is using NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 53. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 54. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 55. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 56. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root (5) Change owner to joe.acme (by GUID) NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
  • 57. Tuning Novell Storage Services ™
  • 58. Linux Memory Recap Kernel Memory Low memory directly addressable by the kernel
  • 59. Bottom 1GB on 32 Bit Linux (can be customised)
  • 60. All memory on 64 Bit Linux User Memory aka HiMem High memory used by applications
  • 61. Kernel has to map it to use it 0 1 4 GB 2 3 User Kernel
  • 62. Novell Storage Services ™ Caching Files Objects in memory (Beasts / inodes)
  • 63. Packed on disk in 4K Blocks (Metadata Blocks) Metadata 4K Pages in Memory
  • 64. Unpacked into Objects User Data 4K Pages in Memory
  • 65. Saved on disk as 4K Blocks (User data Blocks)
  • 66. Novell Storage Services ™ Caching on Linux 32 Bit NSS Metadata cached in HiMem Private: Memory dedicated to, and managed by, NSS (default)
  • 67. Linux: Memory shared with, and managed by, Linux
  • 68. nss /HighMemoryCacheType=Private|Linux|None NSS User data integrated into Linux cache 64 Bit No HiMem memory constraints
  • 69. Metadata cache configurable nss /MinBufferCacheSize NSS User data integrated into Linux cache
  • 70. Previous Versions of Novell Storage Services ™ on Linux Open Enterprise Server (OES) All user and metadata in kernel memory OES SP1 NSS Metadata cached in kernel memory
  • 71. NSS user data integrated into Linux cache OES SP2 NSS Metadata cached in HiMem nss /HighMemoryCacheType NSS User data integrated into Linux cache
  • 72. Previous Versions of Novell Storage Services ™ on Linux OES2 64 bit OES2 SP1 Enhanced version of OES2 OES2 SP2 Improved Read-ahead algorithm (Stepping Window) OES2 SP3 Improved I/O Scheduler interactions
  • 74. NSS File Caching Novell Storage Services ™ on NetWare ® nss /ClosedFileCacheSize Maximum Number of “notInUse” Files in memory
  • 75. Based on the available memory in the system
  • 76. NSS does its own balancing Novell Storage Services on Linux nss /ClosedFileCacheSize
  • 77. Linux Memory Pressure inodes in memory
  • 78. /proc/slabinfo lsa_inode_cache Linux will influence the total number of files in memory
  • 79. Novell Storage Services ™ ID Cache ID Cache Tuning Parameters Per server
  • 80. Reset various ID caches nss /ResetIDCache Modify the reset intervals of ID caches nss /IDCacheResetInterval=value ( Default: 25 hours) Modify the size of ID caches Requires latest patches for SP1/SP2
  • 81. nss /IDCacheSize=value (Default: 16384) OES2SP3 Monitor ID cache statistics
  • 82. Performance Always apply latest OES2 patches New parameter: nss /noUnplugAlways XEN Guest Change default noop Scheduler to cfq Modify Read Ahead Blocks based on access pattern Default ReadAheadBlks on NetWare ® & OES1 was 2
  • 83. Higher is not necessarily better
  • 87. Can be set persistently /opt/novell/nss/conf/nssstart.cfg
  • 88. ravsui Put Pool in maintenance state nsscon nss /poolMaintenance=<POOLNAME> ravsui verify <POOLNAME> Verify a pool
  • 89. ravview vbfn <POOLNAME> Parses xml log file and shows the results from verify ravsui rebuild <POOLNAME> Rebuild a pool
  • 90. ravview rtfn <POOLNAME> Parses xml log file and shows the results from rebuild
  • 92. NCP ™ Improvements NCP Server Engine Largely Rewritten No IPX Support
  • 94. NCP on Linux can outperform NCP on NetWare ®
  • 95. NCP Directory Cache Tuning Monitor usage and evictions LOG_CACHE_STATISTICS /var/opt/novell/log/ncpserv.log Configure based on working set and available memory MAXIMUM_CACHED_FILES_PER_VOLUME (Default: 20000)
  • 98. Cache Entry memory usage: ~216 bytes + Full path name Additional Information http://www.novell.com/documentation/oes2/file_ncp_lx/data/bc06ts8.html
  • 99. TID 7004888 – NCP Performance Tuning on OES2 Linux
  • 100. ncpcon
  • 101. Performance Horses for Courses Do you need NSS functionality?
  • 102. Do you need all that metadata? Think It Through GroupWise ®
  • 105. Troubleshooting Novell Storage Services ™ and NCP ™ Slow File Access Apply ALL the SP1/SP2 Patches Optimized for NSS volumes mounted in LONG name space
  • 106. Optimized for both LUM and non-LUM users access
  • 107. Reduced memory usage Tune NSS ID Cache
  • 108. Tune NCP Dir Cache
  • 109. Process of elimination (NCP, NSS, etc...)
  • 111. Tracing and Debugging Novell Cluster Services ™ Edit /opt/novell/ncs/bin/ldncs Uncomment appropriate lines Use at command line e.g. echo -n &quot;TRACE CRM ON&quot; > /proc/ncs/cluster
  • 112. Output: /var/log/messages See TID 7005837 for more information # echo -n &quot;TRACE ON&quot; > /proc/ncs/vll # echo -n &quot;TRACE SBD ON&quot; > /proc/ncs/vll # echo -n &quot;TRACE GIPC ON&quot; > /proc/ncs/vll # echo -n &quot;TRACE MCAST ON&quot; > /proc/ncs/vll # echo -n &quot;TRACE CVB ON&quot; > /proc/ncs/cluster # echo -n &quot;TRACE CSS ON&quot; > /proc/ncs/cluster # echo -n &quot;TRACE CRM ON&quot; > /proc/ncs/cluster # echo -n &quot;TRACE CMA ON&quot; > /proc/ncs/cluster
  • 113. Troubleshooting Novell Cluster Services ™ Resource Migration Hangs Check unload.out file /var/opt/novell/log/ncs/<resource_name>.unload.out Stack dump of user space processes (gstack) adminusd, ndsd, ncp2nss Stack dump of kernel threads echo 1 > /proc/sys/kernel/sysrq
  • 114. echo t > /proc/sysrq-trigger Core (user-space processes and kernel) if necessary
  • 115. Novell Storage Services ™ Auditing (Vigil)
  • 116. NCP Handling ...(w/o auditing) User-address space Kernel-address space eDirectory Engine POSIX System Call Table VFS NSS NCP Engine NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 117. NCP Handling ...(vigil_nss.ko) User-address space Kernel-address space eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 118. NCP Handling ...(vigil.ko) User-address space Kernel-address space eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko vigil.ko NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 119. NCP Handling ...(vigil.ko API) User-address space Kernel-address space eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko sysfs API vigil.ko NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 120. NCP Handling ...(libvigil) User-address space Kernel-address space eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko sysfs API vigil.ko libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 121. NCP Handling ...(Auditing Client) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated)
  • 122. NCP Handling ...(Multiple Auditing Clients) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 123. NCP Handling ...(Identity Issue) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream User=root
  • 124. NCP Handling ...(Process Metadata) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 125. NCP Handling ...(Process Metadata Table) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream Process Metadata Table
  • 126. NCP Handling ...(Process Metadata Logging) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil Linux Process NCP/NDS Client Metadata NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 127. NCP Handling ...(Process Metadata Retrieval) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil Linux Process NCP/NDS Client Metadata NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 128. NCP Handling ...(Internal NCP Engine Event handling) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil Lazy-Close Dup-Open Events Linux Process NCP/NDS Client Metadata NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 129. NCP Handling ...(vigil_ncp.ko) User-address space Kernel-address space SIGIO eDirectory Engine POSIX System Call Table VFS NSS NCP Engine pmd.ko Process Meta- data Table vigil_nss.ko vigil_ncp.ko sysfs sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil Lazy-Close Dup-Open Events Linux Process NCP/NDS Client Metadata NCP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only NCP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 130. CIFS Handling User-address space Kernel-address space SIGIO POSIX System Call Table VFS NSS CIFS Engine pmd.ko Process Meta- data Table vigil_nss.ko vigil_cifs.ko sysfs sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil Lazy-Close Dup-Open Events Linux Process NCP/NDS Client Metadata CIFS_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only CIFS_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream
  • 131. AFP Handling User-address space Kernel-address space SIGIO POSIX System Call Table VFS NSS vigil_nss.ko sysfs API vigil.ko Audit Clients Filter(s) Audit Stream Audit App. libvigil NSS zAPIs AFP_REQEST: OpenFile User: Joe File: fs1/sys:usr/Joe/readme.txt Mode: read_only AFP_REPLY: OpenFile Status : 0 (OK) Handle: 21 (NCP Generated) Filter(s) Audit Stream Filter(s) Audit Stream Filter(s) Audit Stream AFP Engine
  • 132. Auditing Client Applications Blue Lance – LT Auditor+ 9 for SUSE ® Linux NetVision – NVMonitor Version 7.0 Novell ® Sentinel ™ – Log Manager Novell Open Enterprise Server – vlog
  • 133. <AUDIT vlogRecNo=&quot;2&quot; vigilRecNo=&quot;2&quot; pid=&quot;11442&quot; TimeStamp=&quot;2010-03-04 09:46:25.416900&quot; Type=&quot;3 NSS&quot;> <NSS Event=&quot;64 MODIFY&quot; TaskID=&quot;0&quot; Zid=&quot;1C2E&quot; ParentZid=&quot;9A&quot; OpRetCode=&quot;0&quot; FileType=&quot;3 NAMED_DATA_STREAM&quot; FileAttributes=&quot;0x40000021 0-READ_ONLY 5-ARCHIVE 30-ATTR_ARCHIVE&quot; VolID=&quot;B87E55ADF559DE018000D7BDDBFE9C09&quot; VolDn=&quot;VOL1&quot; UserID=&quot;03000000000000000000000000000000&quot; UserDn=&quot;Supervisor&quot; Uid=&quot;0&quot; Uid_name=&quot;root&quot; Euid=&quot;0&quot; Euid_name=&quot;root&quot; Suid=&quot;0&quot; Suid_name=&quot;root&quot; Fsuid=&quot;0&quot; Fsuid_name=&quot;root&quot; Gid=&quot;0&quot; Gid_name=&quot;root&quot; Egid=&quot;0&quot; Egid_name=&quot;root&quot; Sgid=&quot;0&quot; Sgid_name=&quot;root&quot; Fsgid=&quot;0&quot; Fsgid_name=&quot;root&quot; Comm=&quot;ndsd&quot;> <PATH Type=&quot;1 target&quot; NameSpace=&quot;2 unicode&quot;>VOL1:/ajerome/myFile</PATH> <MODIFY_INFO ModifyInfoMask=&quot;0x00000021 0-FILE_ATTRIBUTES 5-METADATA_MODIFIED_TIME&quot; modifyTypeInfoMask=&quot;0x21&quot; /> <FILE_ATTRIBUTES FileAttributes=&quot;0x00000000&quot; FileAttributesModMask=&quot;0x4000000B&quot; /> <METADATA_MODIFIED_TIME Time=&quot;03/04/2010 09:46:25&quot; /> </NSS> </AUDIT> <AUDIT vlogRecNo=&quot;3&quot; vigilRecNo=&quot;3&quot; pid=&quot;11442&quot; TimeStamp=&quot;2010-03-04 09:46:25.417052&quot; Type=&quot;3 NSS&quot;> <NSS Event=&quot;4 OPEN&quot; TaskID=&quot;0&quot; Zid=&quot;1C2E&quot; ParentZid=&quot;9A&quot; OpRetCode=&quot;0&quot; FileType=&quot;3 NAMED_DATA_STREAM&quot; FileAttributes=&quot;0x40000020 5-ARCHIVE 30-ATTR_ARCHIVE&quot; VolID=&quot;B87E55ADF559DE018000D7BDDBFE9C09&quot; VolDn=&quot;VOL1&quot; UserID=&quot;03000000000000000000000000000000&quot; UserDn=&quot;Supervisor&quot; Uid=&quot;0&quot; Uid_name=&quot;root&quot; Euid=&quot;0&quot; Euid_name=&quot;root&quot; Suid=&quot;0&quot; Suid_name=&quot;root&quot; Fsuid=&quot;0&quot; Fsuid_name=&quot;root&quot; Gid=&quot;0&quot; Gid_name=&quot;root&quot; Egid=&quot;0&quot; Egid_name=&quot;root&quot; Sgid=&quot;0&quot; Sgid_name=&quot;root&quot; Fsgid=&quot;0&quot; Fsgid_name=&quot;root&quot; Comm=&quot;ndsd&quot;> <PATH Type=&quot;1 target&quot; NameSpace=&quot;2 unicode&quot;>VOL1:/ajerome/myFile</PATH> <OPEN key=&quot;0x9552AE6B440F959&quot; RequestedRights=&quot;0x00000013 0-READ_ACCESS 1-WRITE_ACCESS 4-SCAN_ACCESS&quot; Accessed=&quot;03/04/2010 09:46:25&quot; Created=&quot;02/05/2010 14:35:01&quot; Modified=&quot;02/05/2010 14:35:01&quot; MetaDataModified=&quot;03/04/2010 09:46:25&quot; /> </NSS> </AUDIT> <AUDIT vlogRecNo=&quot;4&quot; vigilRecNo=&quot;4&quot; pid=&quot;11442&quot; TimeStamp=&quot;2010-03-04 09:46:25.417154&quot; Type=&quot;3 NSS&quot;> <NSS Event=&quot;64 MODIFY&quot; TaskID=&quot;0&quot; Zid=&quot;1C2E&quot; ParentZid=&quot;9A&quot; OpRetCode=&quot;0&quot; FileType=&quot;3 NAMED_DATA_STREAM&quot; FileAttributes=&quot;0x40000020 5-ARCHIVE 30-ATTR_ARCHIVE&quot; VolID=&quot;B87E55ADF559DE018000D7BDDBFE9C09&quot; VolDn=&quot;VOL1&quot; UserID=&quot;03000000000000000000000000000000&quot; UserDn=&quot;Supervisor&quot; Uid=&quot;0&quot; Uid_name=&quot;root&quot; Euid=&quot;0&quot; Euid_name=&quot;root&quot; Suid=&quot;0&quot; Suid_name=&quot;root&quot; Fsuid=&quot;0&quot; Fsuid_name=&quot;root&quot; Gid=&quot;0&quot; Gid_name=&quot;root&quot; Egid=&quot;0&quot; Egid_name=&quot;root&quot; Sgid=&quot;0&quot; Sgid_name=&quot;root&quot; Fsgid=&quot;0&quot; Fsgid_name=&quot;root&quot; Comm=&quot;ndsd&quot;> <PATH Type=&quot;1 target&quot; NameSpace=&quot;2 unicode&quot;>VOL1:/ajerome/myFile</PATH> <MODIFY_INFO ModifyInfoMask=&quot;0x00000021 0-FILE_ATTRIBUTES 5-METADATA_MODIFIED_TIME&quot; modifyTypeInfoMask=&quot;0x21&quot; /> <FILE_ATTRIBUTES FileAttributes=&quot;0x00000001 0-READ_ONLY&quot; FileAttributesModMask=&quot;0x4000000B&quot; /> <METADATA_MODIFIED_TIME Time=&quot;03/04/2010 09:46:25&quot; /> </NSS> </AUDIT> <AUDIT vlogRecNo=&quot;5&quot; vigilRecNo=&quot;5&quot; pid=&quot;11442&quot; TimeStamp=&quot;2010-03-04 09:46:25.417323&quot; Type=&quot;2 NCP&quot;> <NCP Event=&quot;16 OPEN&quot;> <WHO_LINUX Uid=”0” UidName=”root” Euid=”0” EuidName=”root” Suid=”0” SuidName=”root” Fsuid=”0” FsuidName=”root” Gid=”0” GidName=”root” Egid=”0” EgidName=”root” Sgid=”0” SgidName=”root” Fsgid=”0” FsguidName=”root” Comm=”ndsd” /> <PMD_NCP ConnID=&quot;12&quot; TaskID=&quot;4&quot; Guid=&quot;A053F649CB3CD94AE5A3A053F649CB3C&quot; Dn=&quot;.CN=ajerome.O=novell.T=AJEROME-OES2-64-TREE.&quot; /> <NCP_LOCAL__OPENFILE searchAttributes=&quot;0x26&quot; DesiredAccessRights=&quot;0x01&quot; LinuxPath=&quot;/media/nss/VOL1/ajerome/myFile&quot; Status=&quot;0&quot; FileHandle=&quot;000037623030&quot; FileAttributes=&quot;0x00000021 0-READ_ONLY 5-ARCHIVE&quot; FileExecuteType=&quot;00&quot; FileLen=&quot;14&quot; CreationDate=&quot; 5/02/2010&quot; LastAccessDate=&quot; 4/03/2010&quot; LastUpdateDate=&quot; 5/02/2010&quot; LastUpdateTime=&quot;14:35:00&quot; /> </NCP> </AUDIT> <AUDIT vlogRecNo=&quot;6&quot; vigilRecNo=&quot;6&quot; pid=&quot;11442&quot; TimeStamp=&quot;2010-03-04 09:46:25.423618&quot; Type=&quot;2 NCP&quot;> <NCP Event=&quot;32 CLOSE&quot;> <WHO_LINUX Uid=”0” UidName=”root” Euid=”0” EuidName=”root” Suid=”0” SuidName=”root” Fsuid=”0” FsuidName=”root” Gid=”0” GidName=”root” Egid=”0” EgidName=”root” Sgid=”0” SgidName=”root” Fsgid=”0” FsguidName=”root” Comm=”ndsd” /> <PMD_NCP ConnID=&quot;12&quot; TaskID=&quot;4&quot; Guid=&quot;A053F649CB3CD94AE5A3A053F649CB3C&quot; Dn=&quot;.CN=ajerome.O=novell.T=AJEROME-OES2-64-TREE.&quot; /> <NCP_LOCAL__CLOSEFILE FileHandle=&quot;0x000089007B00&quot; Status=&quot;0&quot; /> </NCP> </AUDIT>
  • 134. <AUDIT VlogRecNo=&quot;3&quot; VigilRecNo=&quot; 3 &quot; Pid=&quot; 11442 &quot; TimeStamp=&quot; 2010-03-04 09:46:25.417052 &quot; Type=&quot; 3 NSS &quot; > <NSS Event=&quot; 4 OPEN &quot; TaskID=&quot; 0 &quot; Zid=&quot; 1C2E &quot; ParentZid=&quot; 9A &quot; OpRetCode=&quot; 0 &quot; FileType=&quot; 3 NAMED_DATA_STREAM&quot; FileAttributes=&quot; 0x40000020 5-ARCHIVE 30-ATTR_ARCHIVE&quot; VolID=&quot; B87E55ADF559DE018000D7BDDBFE9C09 &quot; VolDn=&quot;VOL1&quot; UserID=&quot; 03000000000000000000000000000000 &quot; UserDn=&quot;Supervisor&quot; Uid=&quot; 0 &quot; Uid_name=&quot;root&quot; Euid=&quot; 0 &quot; Euid_name=&quot;root&quot; Suid=&quot; 0 &quot; Suid_name=&quot;root&quot; Fsuid=&quot; 0 &quot; Fsuid_name=&quot;root&quot; Gid=&quot; 0 &quot; Gid_name=&quot;root&quot; Egid=&quot;0&quot; Egid_name=&quot;root&quot; Sgid=&quot; 0 &quot; Sgid_name=&quot;root&quot; Fsgid=&quot; 0 &quot; Fsgid_name=&quot;root&quot; Comm=&quot; ndsd &quot; > <PATH Type=&quot; 1 target&quot; NameSpace=&quot; 2 unicode&quot;> VOL1:/ajerome/myFile </PATH> <OPEN Key=&quot; 0x9552AE6B440F959 &quot; RequestedRights=&quot; 0x00000013 0-READ_ACCESS 1-WRITE_ACCESS 4-SCAN_ACCESS&quot; Accessed=&quot; 03/04/2010 09:46:25 &quot; Created=&quot; 02/05/2010 14:35:01 &quot; Modified=&quot; 02/05/2010 14:35:01 &quot; MetaDataModified=&quot; 03/04/2010 09:46:25 &quot; /> </NSS> </AUDIT>
  • 135. <AUDIT VlogRecNo=&quot; 4 &quot; VigilRecNo=&quot; 4 &quot; Pid=&quot; 11442 &quot; TimeStamp=&quot; 2010-03-04 09:46:25.417154 &quot; Type=&quot; 3 NSS &quot; > <NSS Event=&quot; 64 MODIFY &quot; TaskID=&quot; 0 &quot; Zid=&quot; 1C2E &quot; ParentZid=&quot; 9A &quot; OpRetCode=&quot; 0 &quot; FileType=&quot; 3 NAMED_DATA_STREAM&quot; FileAttributes=&quot; 0x40000020 5-ARCHIVE 30-ATTR_ARCHIVE&quot; VolID=&quot; B87E55ADF559DE018000D7BDDBFE9C09 &quot; VolDn=&quot;VOL1&quot; UserID=&quot; 03000000000000000000000000000000 &quot; UserDn=&quot;Supervisor&quot; Uid=&quot; 0 &quot; Uid_name=&quot;root&quot; Euid=&quot; 0 &quot; Euid_name=&quot;root&quot; Suid=&quot; 0 &quot; Suid_name=&quot;root&quot; Fsuid=&quot; 0 &quot; Fsuid_name=&quot;root&quot; Gid=&quot; 0 &quot; Gid_name=&quot; root &quot; Egid=&quot; 0 &quot; Egid_name=&quot;root&quot; Sgid=&quot; 0 &quot; Sgid_name=&quot;root&quot; Fsgid=&quot;0&quot; Fsgid_name=&quot;root&quot; Comm=&quot; ndsd &quot; > <PATH Type=&quot; 1 target&quot; NameSpace=&quot; 2 unicode&quot;> VOL1:/ajerome/myFile </PATH> <MODIFY_INFO ModifyInfoMask=&quot; 0x00000021 0-FILE_ATTRIBUTES 5-METADATA_MODIFIED_TIME&quot; ModifyTypeInfoMask =&quot; 0x21 &quot; /> <FILE_ATTRIBUTES FileAttributes=&quot; 0x00000001 0-READ_ONLY&quot; FileAttributesModMask=&quot; 0x4000000B &quot; /> <METADATA_MODIFIED_TIME Time=&quot; 03/04/2010 09:46:25 &quot; /> </NSS> </AUDIT>
  • 136. <AUDIT VlogRecNo=&quot;5&quot; VigilRecNo=&quot; 5 &quot; Pid=&quot; 11442 &quot; TimeStamp=&quot; 2010-03-04 09:46:25.417323 &quot; Type=&quot; 2 NCP &quot; > <NCP Event=&quot; 16 OPEN &quot; > <WHO_LINUX Uid=” 0 ” UidName=”root” Euid=” 0 ” EuidName=”root” Suid=” 0 ” SuidName=”root” Fsuid=” 0 ” FsuidName=”root” Gid=” 0 ” GidName=”root” Egid=” 0 ” EgidName=”root” Sgid=” 0 ” SgidName=”root” Fsgid=” 0 ” FsguidName=”root” Comm=” ndsd ” /> <PMD_NCP ConnID=&quot; 12 &quot; TaskID=&quot; 4 &quot; Guid=&quot; A053F649CB3CD94AE5A3A053F649CB3C &quot; Dn=&quot;.CN=ajerome.O=novell.T=AJEROME-OES2-64-TREE.&quot; /> <NCP_LOCAL__OPENFILE SearchAttributes=&quot; 0x26 &quot; DesiredAccessRights=&quot; 0x01 &quot; LinuxPath=&quot; /media/nss/VOL1/ajerome/myFile &quot; Status=&quot; 0 &quot; FileHandle=&quot; 000037623030 &quot; FileAttributes=&quot; 0x00000021 0-READ_ONLY 5-ARCHIVE&quot; FileExecuteType=&quot; 00 &quot; FileLen=&quot; 14 &quot; CreationDate=&quot; 5/02/2010 &quot; LastAccessDate=&quot; 4/03/2010 &quot; LastUpdateDate=&quot; 5/02/2010 &quot; LastUpdateTime=&quot; 14:35:00 &quot; /> </NCP> </AUDIT>
  • 137. <AUDIT VlogRecNo=&quot;6&quot; VigilRecNo=&quot; 6 &quot; Pid=&quot; 11442 &quot; TimeStamp=&quot; 2010-03-04 09:46:25.423618 &quot; Type=&quot; 2 NCP &quot; > <NCP Event=&quot; 32 CLOSE &quot;> <WHO_LINUX Uid=” 0 ” UidName=”root” Euid=” 0 ” EuidName=”root” Suid=” 0 ” SuidName=”root” Fsuid=” 0 ” FsuidName=”root” Gid=” 0 ” GidName=”root” Egid=” 0 ” EgidName=”root” Sgid=” 0 ” SgidName=”root” Fsgid=” 0 ” FsguidName=”root” Comm=” ndsd ” /> <PMD_NCP ConnID=&quot; 12 &quot; TaskID=&quot; 4 &quot; Guid=&quot; A053F649CB3CD94AE5A3A053F649CB3C &quot; Dn=&quot;.CN=ajerome.O=novell.T=AJEROME-OES2-64-TREE.&quot; /> <NCP_LOCAL__CLOSEFILE FileHandle=&quot; 0x000089007B00 &quot; Status=&quot;0&quot; /> </NCP> </AUDIT>
  • 138. Reference NCP ™ Tuning http://www.novell.com/documentation/oes2/file_ncp_lx/data/bc06ts8.html Novell Storage Services ™ Tuning http://www.novell.com/documentation/oes2/stor_nss_lx_nw/data/btbkjyi.html Auditing http://developer.novell.com/wiki/index.php/NSS_Auditing_SDK TIDs TID#7004888 - NCP Performance Tuning
  • 139. TID#7004877 – NSS takes time to load and slow access
  • 142.  
  • 143. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Editor's Notes

  • #48: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #49: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #50: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #51: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #52: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #53: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #54: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #55: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #56: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #57: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #58: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #59: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #60: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #61: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #62: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
  • #63: The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.