DATA BASE : SMAN - PAGE: 1 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ DOCID 96F8690 REVISED 19931124 STATUS Announced TYPE Software TITLE IBM DISTRIBUTED COMPUTING ENVIRONMENT (DCE) FOR OS/2 AND WINDOWS VERSION 1.0 PRODNO 96F8690 96F8691 TOC IBM U.S. Product Life Cycle Dates . . . . . . . . . . . . . . . . . . . . 27 Program Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Product Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Investment Protection . . . . . . . . . . . . . . . . . . . . . . . . . 223 Growth Enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 User Productivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Business Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Systems Management . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Technical Description . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Operating Environment . . . . . . . . . . . . . . . . . . . . . . . . . . 452 Planning Information . . . . . . . . . . . . . . . . . . . . . . . . . . 641 Security, Auditability and Control . . . . . . . . . . . . . . . . . . . 649 Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659 ---------------- LIFECYCL PROGRAM MARKETING SERVICE REPLACED NUMBER VRM ANNOUNCED AVAILABLE WITHDRAWN DISCONTINUED BY 96F8-690 - - - - - - PROGLIST o 96F8-690 (5871-AAA) IBM DCE SDK for OS/2 and Windows Version 1.0 with User Data Privacy o 96F8-691 (5871-AAA) IBM DCE Client for OS/2 Version 1.0 with User Data Privacy ABSTRACT IBM Distributed Computing Environment (DCE) for OS/2* and Windows is the foundation for distributed computing in an open systems environment. IBM DCE for OS/2 and Windows incorporates the core technologies specified by the Open Software Foundation (OSF) DCE architecture. IBM DCE for OS/2 and Windows product family provides a Software Developer's Kit (SDK) and client base services for OS/2 and Windows. The clients are enduser products that complement the IBM AIX DCE/6000 Product Family to create heterogeneous distributed systems. The DCE client for Windows is only available via a beta program. The application programming interface (API) resides above the operating system and network transport layers, simplifying application development, and reducing development time of distributed applications. Programmers are insulated from the underlying network and operating system complexities. The OSF DCE technology has received strong acceptance in the computing industry from major system vendors, ISVs, and large corporate developers. DCE is becoming a de facto standard for distributed computing in a multi-vendor environment. Many of the world's leading hardware and software vendors, as well as industry groups, have publicly committed to using and delivering products based on the DCE technology. The DCE is a key part of IBM's distributed computing strategy. And with this announcement, IBM is providing access to this powerful environment in the PC-LAN industry. The IBM DCE for OS2 services consists of: o Security Services - provide encryption and authentication services to ensure the privacy and authenticity of the client/server transactions. o Directory Services - provides a naming model that allows users to identify resources by name rather than location. This is called the Cell Directory Services. o Remote Procedure Call - extends the typical procedure call model by supporting direct calls to procedures on remote systems. o Time Services - provides single system-wide time reference. o Threads - provides a convenient mechanism to provide concurrency by creating and controlling multiple threads of execution within a single process. IBM DCE for OS/2 is designed to interoperate with IBM AIX DCE/6000, IBM DCE Client for Windows, and other OSF DCE compliant implementations. The IBM DCE Client for Windows services available in the SDK and via a beta program consists of the core OSF DCE services necessary to execute a secured distributed application. The core components are: Remote Procedure Call (RPC), Security, Threads, and Cell Directory Service (CDS). In addition, some limited time synchronization services are also provided. IBM DCE Client for Windows is designed to interoperate with IBM AIX DCE/6000, IBM DCE for OS/2, and other OSF DCE compliant servers. IBM DCE for OS/2 and Windows product family offers a Software Developer's Kit which includes OS/2 Security Services, OS/2 Cell Directory Services, five OS/2 Clients, five Windows Clients, and application development tools for OS/2 and Windows. There are DCE Clients for OS/2 and Windows packages that do not include development tools (Runtime only). The Windows Client is currently available via a beta program. These packages are offered with User Data Privacy enablement in the United States and Canada, and without User Data Privacy enablement outside of the United States and Canada. The User Data Privacy function allows applications to encrypt user data via remote procedure calls. There are U.S. government regulations that control the export of the User Data Privacy packages outside of the Unites States and Canada. Customers that qualify under U.S. regulations can obtain the version of the product with user data privacy by submitting a special bid request. These layered DCE services offer the application developer high security, resource location transparency, and a standard programming paradigm across a heterogeneous computing environment, using an open systems solution. Using these services, applications can be developed with great confidence of portability and interoperability. This new IBM DCE offering for OS/2 and Windows platforms is an addition to IBM's DCE offerings which already includes AIX DCE Product Family, providing the flexibility for a mixed client/server environment. PRODUCT POSITIONING The IBM DCE for OS/2 and Windows product family is the first PC-LAN industry standard solution for distributed computing through the evolution and unification of today's leading technologies. It provides an integrated approach to timing, security, naming, and interprocess communications. IBM DCE for OS/2 and Windows will facilitate the development and deployment of portable, interoperable applications for multi-vendor, heterogeneous environments. IBM DCE for OS/2 and Windows provides a high-level, coherent environment for developing and running applications on a distributed system. The DCE services are integrated and comprehensive. The DCE components are well integrated, as they use one another's services whenever possible, since many of the DCE components are distributed applications. IBM DCE for OS/2 and Windows provides management tools for administering all of the services and many aspects of the distributed environment. The IBM DCE for OS/2 and Windows architecture allows for different operating systems and hardware platforms. Along with IBM's already available DCE products for AIX, IBM AIX DCE Product Family Version 1.2, the IBM DCE for OS/2 and Windows allows for an open, heterogeneous distributed computing environment. The IBM DCE SDK for OS/2 and Windows provides the application developer the capability to develop a complete distributed solution, and the IBM DCE Client for OS/2 and the IBM DCE Client for Windows beta program, along with the AIX DCE for RS/6000 provide today, a foundation, for the enduser, for distributed computing in an open systems environment. HIGHLGHT o Industry standard foundation for distributed computing o Interoperability and portability across heterogeneous platforms o Leadership in PC-LAN open systems solutions o Protection of customer's current investment in hardware o Productivity gains for application development o Based on DCE technology licensed from the Open Software Foundation (OSF) DESCRIPT IBM Distributed Computing Environment (DCE) is the foundation for distributed computing in an open systems environment. With these products, IBM is taking a leadership position by offering an Industry Standard solution in the PC-LAN market. These products will assist our customers by providing the facilities necessary for a shift from centralized, single operating system environments to distributed, multi-operating system environments. The IBM DCE for OS/2 and Windows family of products are based upon the source code that IBM licenses from the Open Software Foundation (OSF). The OSF's DCE is a comprehensive suite of integrated, yet modular, technologies to support transparent interworking and resource sharing. The IBM DCE for OS/2 and Windows product family consists of a Software Developer's Kit SDK which enable an application developer to develop distributed applications. The mixed client/server environment may be developed with OS/2 Security and Cell Directory Services, as well as a client support for both OS/2 and (DOS) Windows. There are two end user DCE clients (OS/2 and Windows) available. The IBM DCE Client for Windows is only available via a beta program. A customer using other DCE packages such as the IBM AIX DCE Cell Directory Server/6000 or the IBM AIX DCE Security Server/6000 may use the clients to create a heterogenous client/server environment. The IBM DCE for OS/2 and Windows product family consists of: o IBM DCE SDK for OS/2 and Windows 1. OS/2 Security Services 2. OS/2 Cell Directory Services 3. Five DCE Clients for OS/2 with Remote Procedure Calls (RPC), Threads, and Time Services 4. Five DCE Clients for Windows with RPC, Threads, and Time Services 5. OS/2 Client/Server Application Development Tools 6. Windows Client Application Development Tools o IBM DCE Client for OS/2 o IBM DCE Client for Windows beta program The above products are available with User Data Privacy in the United States and Canada, and without User Data Privacy outside of the United States and Canada. The products that have the User Data Privacy allow the user to access the U.S. Government Data Encryption Standard (DES) encryption algorithms for encryption of user data via remote remote procedure calls and, as such, is subject to U.S. government export regulations. Customers that qualify under U.S. government regulations can obtain the version of the product with user data privacy by submitting a special bid request. The IBM DCE for OS/2 and Windows products that do not have user data privacy use the DES algorithm for password encryption and other control information. Its distribution is not regulated by the United States. INVESTMENT PROTECTION The primary motivations for the OSF DCE initiative is the lack of coherent, integrated set of industry standard distributed system services to address requirements for interoperability across heterogeneous hardware platforms. Many vendors and organizations have developed partial solutions, but the OSF DCE represents the integration of leading technologies available in the distributed computing industry. The DCE architecture allows a process running on one workstation to operate with one or more processes on other computing platforms, even when they are from different vendors with different operating systems. In addition, time synchronization, security and directory services are provided in an integrated environment. GROWTH ENABLEMENT Application development and deployment can be performed on any platform supporting DCE services. Therefore, allowing the flexibility to mix and match hardware, or reuse existing hardware, to best meet the needs of the business. USER PRODUCTIVITY Today's businesses have not only become dependent on computing resources, but are relying on them to gain a competitive advantage. A distributed system that uses the client/server programming model is more reliable and available than a centralized system and can be tailored to provide specialized functions optimized for applications and their supporting platforms. For example, in a distributed system, off-loading the front-end processing of the user-interface and replicating key functions and data can improve the availability of the system to the end user. BUSINESS SOLUTIONS For IBM customers, the adoption of the DCE by the industry as the fundamental building blocks of distributed solutions means less time waiting for applications to be ported to a specific hardware/software platform. The use of the DCE also means that customers can take advantage of under-utilized computing resources by harnessing the power of workstations together in a distributed network. SYSTEMS MANAGEMENT The DCE provides services inherent in a distributed system. These services include management tools for administering the distributed system. TEXT TECHNICAL DESCRIPTION The IBM Distributed Computing Environment for OS/2 and Windows is based on OSF DCE Version 1.0.2 (OS/2) and 1.0.1 (Windows) provided by the Open Software Foundation. The IBM DCE for OS/2 and Windows products comprises the initial delivery of the core components of the OSF's DCE on OS/2 with Clients for Windows support. Originally implemented by the OSF for UNIX platforms, the DCE provides a set of industry and international standard APIs and services to support the development of robust distributed applications for multi-vendor distributed environments. It's adaptation and delivery on OS/2 and Windows represents a major step towards the incorporation of the DCE technology base for the PC-LAN Systems. The IBM DCE for OS/2 and Windows provides a set of basic distributed system services which provide consistent, secure, integrated environment for the development of distributed applications and resource managers. This basic set of services consists of the following: o Remote Procedure Call: The DCE remote procedure call (RPC) facility allows individual procedures in an application to run on a computer elsewhere in the network. The DCE RPC extends the typical procedure call model by supporting direct calls to procedures on remote systems. RPC presentation services mask the differences between data representations on different machines to allow programs to work across heterogeneous systems. The DCE RPC provides programmers with a number of powerful tools necessary to build client/server applications. It includes two major components: 1. An RPC facility developed specifically to provide simplicity, performance, portability, and network independence. 2. A compiler that converts high-level interface descriptions of the remote procedures into portable C-language source code. The resulting remote procedure calls behave in the same way as local procedure calls. o Threads Service: The threads service provides a user the ability to create and control multiple threads of execution within a single process and to synchronize access to global data within an application. An application can, for example, create a thread to handle the I/O request and create another thread for computation. o Time Service: Many applications need a single time reference to schedule activity and determine sequencing and duration. Different components of a distributed application may obtain time from clocks on different computers. A distributed time service regulates the system clocks in a computer network so that they are closely synchronized, providing accurate time for distributed applications. The DCE time service provides precise, fault-tolerant clock synchronization for systems in local area networks (LANs) and wide area networks (WANs). The clock synchronization provided by the DCE time service enables distributed computing applications to determine event sequencing, duration, and scheduling. o Cell Directory Services: Directory Services defines a single, consistent, global naming model through which resources in the distributed system are identified and located. This service allows users to be identified by name resources such as servers, files, disks or print queues, and gain access to them without needing to know where they are located in a network. Additionally, users can continue referring to a resource by the same name even when a characteristic of the resource changes, such as it's network address. o Security Services: In most conventional timesharing systems, the operating system authenticates the identity of users and authorizes access to resources. Individual workstations in a network are not necessarily secure. Therefore, in a distributed environment these tasks fall to independent authentication and authorization services. The DCE security services provides the network with three services: authentication, authorization, and user account management. These facilities are made available through a secure means of communication that ensure both data integrity and confidentiality. The user registration service manages user, group, and account information and provides login services to the cell. The authentication service allows principals defined as accounts in the user registry to exchange credentials and establish mutually authenticated communications. Authorization services are provided by the combination of a privilege attribute certificate (PACs) that capture privilege currently available and selected by a principal, and an access control list (ACL) facility. Each cell has a security server. It is a single logical server that consists of the registry server, privilege server, and authentication server. The IBM DCE for OS/2 part of the products incorporates the IBM Multi-Protocol Transport Services - Anynet for OS/2 which provides a general solution to interconnect applications. It allows TCP/IP applications to run on top of NetBIOS, using the non-native networking feaure of the Multi-Protocol Transport Services - Anynet for OS/2. It supplies drivers for: o Common transport semantics o IBM OS/2 TCP/IP protocol drivers o Protocol compensation and address mapping for NetBIOS o Local interprocess communication In summary, the Multi-Protocol Transport Services - Anynet for OS/2 makes it possible for applications to communicate over TCP/IP and NetBIOS protocols "natively", which means that both the transport user and the protocol used to transport data are from the same protocol architecture. It also makes it possible for applications to communicate TCP/IP applications over NetBios non-natively. Currently, the IBM DCE for OS/2 products only use and support the TCP/IP protocol. The IBM DCE for OS/2 products are CID (Configuration/Installation/ Distribution) enabled, which means that the installation adhears to a set of guidelines that allow installation to perform automated and unattended installs using response files and/or command line parameters. This enables remote installation also. IBM DCE for Windows available within the IBM DCE SDK for OS/2 and Windows and available via a beta program consists of the core DCE services necessary to execute a secured distributed application as a Windows 3.X application. The core components are: Remote Procedure Call (RPC), Security, Threads, and Cell Directory Service (CDS). In addition, some limited time synchronization services are also provided. The following is a brief description of the Runtime functional capabilities: o RPC IBM DCE for Windows supports client and server RPC and is fully complient with the OSF/DCE RPC Network Computing Architecture Specification (Version 2.0). UDP/IP (Connectionless) protocols are supported. The Name Service interface to the Cell Directory service is also provided. The endpoint mapper is supplied in order to allow servers running on the personal computer to register endpoints for remote clients. o Threads The POSIX 1003.4a draft specification of pthreads and CMA exceptions as implemented by OSF/DCE are provided by IBM DCE for Windows. However, since the Windows 3.X provides a non-preemptible environment, applications calling the pthreads interface must take explicit action to cause a thread to yield. o CDS IBM DCE for Windows allows applications to query the CDS name space and bind to appropriate servers. The CDS clerk runs on the local personal computer and converses with the remote name service through which cell name spaces are accessed. The identity of the Windows DCE client is established and validated by a DCE login command sequence with a remote security server. After the client has logged in, the CDS clerk is authorized to use the name service. Unauthenticated access is also supported and the accessibility to objects is controlled through the associated Access Control List. A program is supplied to allow users to set up and access profiles and groups from the personal computer. Another program is supplied to allow users to create, modify, and retrieve, from the personal computer, objects that are catalogued in the name space. o Security The DCE security service is included in IBM DCE for Windows. Windows-DCE applications can access registry and privilege services in order to establish a principal identity for authentication and to access the name service. The DCE Kerberos library, which implements the full DCE encryption protocol on the personal computer, is also provided. Support for unauthorized access of protected objects is also included. o Distributed Time Service IBM DCE for Windows allows the synchronization of the local clock with the network time. Sample Programs are provided in the Software Developer's Kit for both OS/2 and Windows in source form, which can be built and run by an application developer. The sample programs can be used as templates to develop other distributed applications. OPERATING ENVIRONMENT MACHINE REQUIREMENTS IBM DCE for OS/2 products execute on IBM PS/2*, IBM Industrial Computer and non-IBM personal computer hardware configurations supported by IBM OS/2 Version 2.0 or higher. IBM DCE for OS/2 products do not require dedicated hardware. The programs require an Intel-based processor model 80386 with minimum 20 MHZ or higher. The RAM/DASD requirements are as follows: IBM DCE FOR OS/2 IBM DCE CLIENT FOR OS/2 (RUNTIME) RAM 12 to 14 MB with 64KB HPFS and 64KB FAT for diskcashe, Multi-Protocol Transport Services - AnyNet for OS/2 MBUF Parameters set for: Small MBUF = 512 Large MBUF = 64 DASD OS/2 2.0 or higher 50MB IBM DCE Client for OS/2 10MB Swapper Space 16MB ------ Minimum DASD Required 76MB Recommended DASD 80MB Required RAM/DASD may vary with local installation/configuration choices and user application requirements. CELL DIRECTORY AND SECURITY SERVICES (RUNTIME) RAM 16 MB with 512 KB HPFS and 64KB FAT for diskcashe, Multi-Protocol Transport Services - AnyNet for OS/2 MBUF Parameters set for: Small MBUF = 512 Large MBUF = 64 DASD OS/2 2.0 or higher 50MB IBM DCE Client for OS/2 and 15MB Cell Directory and Security Services Swapper Space 16MB ------ Minimum DASD Required 81MB Recommended DASD 86MB Required RAM/DASD may vary with local installation/configuration choices and user application requirements. Although IBM DCE for OS/2 runs on OS/2 2.0, we strongly recommend that the CSDs found in the Service Pack for OS/2 2.0 be installed, or upgrade to OS/2 2.1 with required APAR PJ09481. IBM DCE SDK FOR OS/2 DASD OS/2 2.0 or higher 50MB IBM C-Set/2 Compiler 9MB OS/2 Toolkit 21MB IBM DCE SDK for OS/2 25MB ------ Minimum DASD Required 105MB Recommended DASD 110MB Required RAM/DASD may vary with local installation/configuration choices and user application requirements. IBM DCE FOR WINDOWS INCLUDED IN IBM DCE SDK FOR OS/2 & WINDOWS IBM DCE CLIENT FOR WINDOWS (RUNTIME) IBM DCE Client for Windows requires the following hardware environment: o An IBM-compatible personal computer using an i386 or i486 processor (Minimum 25 MHZprocessor is recommended) o Hard disk with at least 5MB of free space o Network card supported by the TCP/IP package used o At least 4MB of memory (8 MB recommended) IBM DCE CLIENT FOR WINDOWS (SDK) IBM DCE Client for Windows Software Developer's Kit requires the following hardware environment: o An IBM-compatible personal computer using an i386 or i486 processor o Hard disk with at least 5MB of free space o At least 8MB of memory PROGRAMMING REQUIREMENTS The following products are required for the IBM DCE for OS/2 products, depending upon the communications environment in which you are operating: 1. IBM DCE SDK for OS/2 o IBM OS/2 Version 2.0, or higher o IBM TCP/IP is not required, but if it is installed, it must be IBM TCP/IP Version 1.2.1, or higher. o IBM C SET/2 Version 1.0 o Hardware configured for codepage PC850 or PC437 or any PCS. o IBM BookManager (TM) READ licensed program to access the online publications. 2. IBM DCE SDK for Windows included with IBM DCE SDK for OS/2 & Windows o DOS Version 3.30 (Version 5.0 is recommended) o Microsoft Windows 3.1 o An ANSI-C compiler that supports for API prototyping (Microsoft C, Version 7.0 is recommended) 3. IBM DCE Client for OS/2 (Runtime) o IBM OS/2 Version 2.0, or higher o IBM TCP/IP is not required, but if it is installed, it must be IBM TCP/IP Version 1.2.1, or higher. o Hardware configured for codepage PC850 or PC437 or any PCS. o IBM BookManager (TM) READ licensed program to access the online publications. 4. IBM DCE Client for Windows (Runtime) included in IBM DCE SDK for OS/2 and Windows o DOS version 3.30, or higher (Version 5.0 is recommended) o Microsoft Windows 3.1 o One of the following TCP/IP network transports: - A Windows Sockets V1.1-compliant TCP/IP - PC/TCP for DOS, Versions 2.05 and 2.11, from FTP Software Inc. - LAN WorkPlace for DOS, Version 4.1, from Novell Inc. - TCP with Demand Protocol Architecture, Version 2.0 from 3COM Corporation. COMPATIBILITY Not applicable. LIMITATIONS U.S. English only. PERFORMANCE CONSIDERATIONS Performance may be affected by total system memory and page space available, the amount of fixed-storage available and type/performance of the disk drives. Performance may also be affected by the type and function of the applications selected and running at the same time. PLANNING INFORMATION CUSTOMER RESPONSIBILITIES Not applicable. CONVERSION Not applicable. SECURITY, AUDITABILITY AND CONTROL The security services provided by the security server which is part of the IBM DCE SDK for OS/2 and Windows package will provide the basic building blocks for securing distributed systems. User management is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities. PUBLICATIONS For a current list of publications, refer to the appropriate publications option on your respective HONE system, or contact your local IBM representative. *Signifies a trademark or registered trademark of International Business Machines Corporation. - - - E N D O F P R I N T O U T - - -