home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 14 Text
/
14-Text.zip
/
dce.zip
/
DCEAIX.TXT
next >
Wrap
Text File
|
1994-05-12
|
44KB
|
994 lines
DATA BASE : SMAN - PAGE: 1
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
DOCID 5765-120
REVISED 19931202
STATUS Announced
TYPE Software
TITLE IBM AIX DCE GLOBAL DIRECTORY SERVER/6000 VERSION 1.1
PRODNO 5765-120 5765-259
TOC
IBM U.S. Product Life Cycle Dates . . . . . . . . . . . . . . . . . . . . 23
Program Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Product Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
AIX Distributed Computing Environment Product Family . . . . . . . . . 91
Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Technical Description . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Operating Environment . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Planning Information . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Security, Auditability and Control . . . . . . . . . . . . . . . . . . . 292
Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
----------------
LIFECYCL
PROGRAM MARKETING SERVICE REPLACED
NUMBER VRM ANNOUNCED AVAILABLE WITHDRAWN DISCONTINUED BY
5765-120 - - - - - -
PROGLIST
o 5765-120 IBM AIX DCE Global Directory Server/6000 Version 1.1
o 5765-259 IBM AIX DCE Global Directory Client/6000 Version 1.1
ABSTRACT
Two new members of the IBM AIX* Distributed Computing Environment Product
Family are being made available. Those products are the IBM AIX DCE Global
Directory Server/6000 and the IBM AIX DCE Global Directory Client/6000.
These products comply with the international standard for directory services,
CCITT X.500/ISO 9594 (1988), and provide a distributed, replicated directory
service.
The products can be used in a distributed computing environment as the higher
level directory services to connect multiple DCE cells and allow those
independent cell to interact with one another. They can also be used in
non-DCE environments by applications that require an industry standard
directory service.
The general availability of these global directory programs, based on the
Open Software Foundation's** Distributed Computing Environment Version 1.0.2,
completes the AIX DCE product family suite and provide products based on the
technologies selected by the Open Software Foundation for distributed
computing.
PRODUCT POSITIONING
The AIX DCE Global Directory Server/6000 Version 1.1 and AIX DCE Global
Directory Server/6000 Version 1.1 are designed to be used as part of a
distributed processing environment. These products are integrated and tested
with the other DCE Services (Cell Directory, Security, and the Distributed
File System). Both products can also be used in a non-DCE environment where
customers are planning, developing, and deploying X.500 applications and
those applications do not require the other DCE services.
HIGHLGHT
o Support for industry standard naming services
o Complementary offering for global naming in DCE environment
o Foundation for distributed applications solutions
DESCRIPT
INVESTMENT PROTECTION & OPEN SYSTEMS
Over the years, system vendors have not been very successful in helping
customers maintain their investment in software and applications. As a
result, the Open Software Foundation was formed and challenged with the task
of bringing to market a set of distributed system services that address the
requirements for interoperability across heterogeneous hardware platforms.
IBM has adopted the OSF Distributed Computing Environment technology. This
announcement continues the rollout of DCE function on AIX/6000 and provides
the global directory services for the first time.
AIX DISTRIBUTED COMPUTING ENVIRONMENT PRODUCT FAMILY
The products in this announcement complete the family of AIX DCE products for
the AIX Version 3 operating system. The products are based on OSF DCE
Version 1.0.2. provided by the Open Software Foundation.
DCE DIRECTORY SERVICES
DCE Directory Services provide a naming model throughout the distributed
environment. This model allows users to identify resources by name such as
servers, files, disks, or print queues, and gain access to the resources
without knowing where the resources are located in a network. Users can
continue referring to a resource by the same name even when a characteristic
of the resource changes such as the network address.
The DCE Directory Services consists of:
o Cell directory service
o Global directory service (GDS)
o Global directory agent and an industry standard, common application
programming interface (API), XDS/XOM, for both directory services defined
by X/Open**.
The cell directory service manages a database of information about the
resources in a cell -- an administrative domain. A cell can be a department,
the floor of a building, a whole site or whatever a customer chooses to
manage.
The global directory service unifies multiple cell namespaces under a single
global namespace. A namespace is the hierarchical set of names used by the
directory service. Those names can by typed, names using the X.500 syntax,
or untyped, names using the Domain Name System syntax. The GDS can be used
as the highest level of the directory tree, providing a mechanism for
independent cells to locate and interact with each other.
The global directory agent takes names that are not found in the local cell
and forwards the request to GDS or the Domain Name System (DNS).
The DCE Directory Services provide an industry standard application
programming interface from X/Open, the X/Open Directory Service/ X/Open
Object Management (XDS/XOM). The interface provides an application
programming interface that is independent of the directory architecture and
provides application portability. The XDS/XOM supports functions such as
create, destroy, modify and lookup.
GDS is an implementation of the CCITT X.500/ISO 9594 (1988) international
standard. The X.500 directory service standard was designed to run on top of
the Open Systems Interconnection (OSI) communication protocols.
AIX DCE CELL DIRECTORY SERVER/6000.
The cell directory service manages a database of information about the
resources in a cell. AIX DCE Cell Directory Server/6000 Version 1.2 is
currently available.
AIX DCE GLOBAL DIRECTORY SERVER/6000
The AIX DCE Global Directory Server is a distributed, replicated database
service. The database consists of a hierarchical set of names, the
namespace, with certain attributes. Given a name, its associated attributes
can be looked up in the GDS Server. For example, given the name of a print
server, the GDS Server can return the printer's location. The Global
Directory Server gives distributed system users a central place to store
information, which can be retrieved from anywhere in the distributed system.
The server provides presentation and session layers to run over Open System
Interconnect (OSI) protocols and transport, and network layers to run over
TCP/IP protocols. This release of the server has been tested and supports
TCP/IP protocols.
The Directory Server supports the the following standardized administrative
features as defined by the X.500 standard:
o Objects stored in the directory database can be referred to by names that
are easy for people to understand, for example, "postscript printer".
o A user can query the directory database for a name with specific
attributes and the directory server will return all values that match
those attributes.
o Users can search the directory database for objects with common
characteristics.
o A user can browse the directory database to located objects when a
specific name is not known.
The Directory Server supports the the following extensions to the X.500
standard:
o The ability for objects, schema, and subtrees to be administered
remotely.
o Replication of the directory database and automatic update of those
replicated directories by the master database.
o Each directory object is protected by an access control list which
specifies permission to access the object's attributes.
o Caching of recently accessed directory database objects.
o A user can save, append, move, copy, and delete directory subtrees.
AIX DCE GLOBAL DIRECTORY CLIENT/6000
The AIX DCE Global Directory Client/6000 provides a user-level pthreads
library that conforms to POSIX 1003.4 Draft 4a and a set of administration
tools to manage the directory database. The X/Open XDS/XOM application
programming interface is provided to allow applications to access either the
cell directory or the global directory via a common API. This release of the
client has been tested and supports TCP/IP protocols.
TEXT
TECHNICAL DESCRIPTION
The Global Directory Server provides a CCITT X.500/ISO 9495 compliant level
of directory services. It also includes an X/Open Directory services and
X/Open Object Management Services implementation which provides standard API
access to both the X.500 GDS Directory Services and the DCE Cell Directory
Services.
CHARACTERISTICS
The X.500 Global Directory Agent allows the DCE X.500 Directory Service to
act as the Global Directory Service and integrate multiple cell name spaces
into a single uniform naming environment.
OPERATING ENVIRONMENT
MACHINE REQUIREMENTS
These program products are designed to execute on RISC System/6000*
POWERstation* and POWERserver* configured with a minimum of one supported
display with keyboard and mouse, or one supported ASCII terminal.
Minimum machine requirements may be affected by the application workload
distribution, total system memory and page space available. On HONE, use
ASKQ and search for DCE RAMDASD for the most current and detailed machine
requirements.
AIX DCE Global Directory Services
=================================
Installed (MB)
---------
Client
-------
AIX DCE GDS Client/6000
Client 4.0
User level pthreads library 2.0
Messages .2
XDS/XOM application prog interface 1.3
-----
Installed Total 7.5
Server
-------
AIX DCE Global Directory Server/6000
Server 3.5
-----
Installed Total 3.5
InfoExplorer Publications 15.0
PROGRAMMING REQUIREMENTS
AIX/6000 Version 3.2.4 (5756-030) or higher is required.
Licensed Program Prerequisite Program
================ ====================
AIX DCE Global Directory
Client/6000 -
AIX DCE Global Directory AIX DCE Global Directory
Server/6000 Client/6000
COMPATIBILITY
Not applicable.
LIMITATIONS
The AIX DCE product family message catalogs and publications are available in
U.S. English only. Code page support is restricted to the Open Software
Foundation's DCE portable character set. The DCE portable character set is
equivalent to the graphic characters in the POSIX 1003.2 Portable Character
Set.
PERFORMANCE CONSIDERATIONS
Response time in multiple-system and cross-network environments depends on
various network-load factors and the amount of processing performed by the
application program.
PLANNING INFORMATION
CONVERSION
Not applicable.
SECURITY, AUDITABILITY AND CONTROL
User management is responsible for evaluation, selection, and implementation
of security features, administrative procedures, and appropriate controls in
application systems and communication facilities.
The AIX DCE Global Directory Services products, AIX DCE Global Directory
Server/6000 and AIX DCE Global Directory Client/6000, use their own security
mechanism based on access control lists. This security mechanism is not
integrated with the AIX DCE Security Server/6000 or with the AIX Version 3
operating system security facilities.
PUBLICATIONS
For a current list of publications, refer to the appropriate publications
option on your respective HONE system, or contact your local IBM
representative.
*Signifies a trademark or registered trademark of International Business
Machines Corporation.
**Open Software Foundation is a Trademark of Open Software Foundation,
Inc.
**X/Open is a trademark of X/Open Company Limited.
DATA BASE : SMAN - PAGE: 2
DOCID 96F8690
REVISED 19931124
STATUS Announced
TYPE Software
TITLE
IBM DISTRIBUTED COMPUTING ENVIRONMENT (DCE) FOR OS/2 AND WINDOWS VERSION 1.0
PRODNO 96F8690 96F8691
TOC
IBM U.S. Product Life Cycle Dates . . . . . . . . . . . . . . . . . . . . 27
Program Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Product Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Investment Protection . . . . . . . . . . . . . . . . . . . . . . . . . 223
Growth Enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
User Productivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Business Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Systems Management . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Technical Description . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Operating Environment . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Planning Information . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Security, Auditability and Control . . . . . . . . . . . . . . . . . . . 649
Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
----------------
LIFECYCL
PROGRAM MARKETING SERVICE REPLACED
NUMBER VRM ANNOUNCED AVAILABLE WITHDRAWN DISCONTINUED BY
96F8-690 - - - - - -
PROGLIST
o 96F8-690 (5871-AAA) IBM DCE SDK for OS/2 and Windows Version 1.0 with
User Data Privacy
o 96F8-691 (5871-AAA) IBM DCE Client for OS/2 Version 1.0 with User Data
Privacy
ABSTRACT
IBM Distributed Computing Environment (DCE) for OS/2* and Windows is the
foundation for distributed computing in an open systems environment. IBM DCE
for OS/2 and Windows incorporates the core technologies specified by the Open
Software Foundation (OSF) DCE architecture. IBM DCE for OS/2 and Windows
product family provides a Software Developer's Kit (SDK) and client base
services for OS/2 and Windows. The clients are enduser products that
complement the IBM AIX DCE/6000 Product Family to create heterogeneous
distributed systems. The DCE client for Windows is only available via a beta
program. The application programming interface (API) resides above the
operating system and network transport layers, simplifying application
development, and reducing development time of distributed applications.
Programmers are insulated from the underlying network and operating system
complexities.
The OSF DCE technology has received strong acceptance in the computing
industry from major system vendors, ISVs, and large corporate developers.
DCE is becoming a de facto standard for distributed computing in a
multi-vendor environment. Many of the world's leading hardware and software
vendors, as well as industry groups, have publicly committed to using and
delivering products based on the DCE technology. The DCE is a key part of
IBM's distributed computing strategy. And with this announcement, IBM is
providing access to this powerful environment in the PC-LAN industry.
The IBM DCE for OS2 services consists of:
o Security Services - provide encryption and authentication services to
ensure the privacy and authenticity of the client/server transactions.
o Directory Services - provides a naming model that allows users to
identify resources by name rather than location. This is called the Cell
Directory Services.
o Remote Procedure Call - extends the typical procedure call model by
supporting direct calls to procedures on remote systems.
o Time Services - provides single system-wide time reference.
o Threads - provides a convenient mechanism to provide concurrency by
creating and controlling multiple threads of execution within a single
process.
IBM DCE for OS/2 is designed to interoperate with IBM AIX DCE/6000, IBM DCE
Client for Windows, and other OSF DCE compliant implementations.
The IBM DCE Client for Windows services available in the SDK and via a beta
program consists of the core OSF DCE services necessary to execute a secured
distributed application. The core components are: Remote Procedure Call
(RPC), Security, Threads, and Cell Directory Service (CDS). In addition, some
limited time synchronization services are also provided. IBM DCE Client for
Windows is designed to interoperate with IBM AIX DCE/6000, IBM DCE for OS/2,
and other OSF DCE compliant servers.
IBM DCE for OS/2 and Windows product family offers a Software Developer's Kit
which includes OS/2 Security Services, OS/2 Cell Directory Services, five
OS/2 Clients, five Windows Clients, and application development tools for
OS/2 and Windows. There are DCE Clients for OS/2 and Windows packages that
do not include development tools (Runtime only). The Windows Client is
currently available via a beta program. These packages are offered with User
Data Privacy enablement in the United States and Canada, and without User
Data Privacy enablement outside of the United States and Canada. The User
Data Privacy function allows applications to encrypt user data via remote
procedure calls. There are U.S. government regulations that control the
export of the User Data Privacy packages outside of the Unites States and
Canada. Customers that qualify under U.S. regulations can obtain the
version of the product with user data privacy by submitting a special bid
request.
These layered DCE services offer the application developer high security,
resource location transparency, and a standard programming paradigm across a
heterogeneous computing environment, using an open systems solution. Using
these services, applications can be developed with great confidence of
portability and interoperability. This new IBM DCE offering for OS/2 and
Windows platforms is an addition to IBM's DCE offerings which already
includes AIX DCE Product Family, providing the flexibility for a mixed
client/server environment.
PRODUCT POSITIONING
The IBM DCE for OS/2 and Windows product family is the first PC-LAN industry
standard solution for distributed computing through the evolution and
unification of today's leading technologies. It provides an integrated
approach to timing, security, naming, and interprocess communications. IBM
DCE for OS/2 and Windows will facilitate the development and deployment of
portable, interoperable applications for multi-vendor, heterogeneous
environments. IBM DCE for OS/2 and Windows provides a high-level, coherent
environment for developing and running applications on a distributed system.
The DCE services are integrated and comprehensive. The DCE components are
well integrated, as they use one another's services whenever possible, since
many of the DCE components are distributed applications. IBM DCE for OS/2
and Windows provides management tools for administering all of the services
and many aspects of the distributed environment. The IBM DCE for OS/2 and
Windows architecture allows for different operating systems and hardware
platforms. Along with IBM's already available DCE products for AIX, IBM AIX
DCE Product Family Version 1.2, the IBM DCE for OS/2 and Windows allows for
an open, heterogeneous distributed computing environment. The IBM DCE SDK
for OS/2 and Windows provides the application developer the capability to
develop a complete distributed solution, and the IBM DCE Client for OS/2 and
the IBM DCE Client for Windows beta program, along with the AIX DCE for
RS/6000 provide today, a foundation, for the enduser, for distributed
computing in an open systems environment.
HIGHLGHT
o Industry standard foundation for distributed computing
o Interoperability and portability across heterogeneous platforms
o Leadership in PC-LAN open systems solutions
o Protection of customer's current investment in hardware
o Productivity gains for application development
o Based on DCE technology licensed from the Open Software Foundation (OSF)
DESCRIPT
IBM Distributed Computing Environment (DCE) is the foundation for distributed
computing in an open systems environment. With these products, IBM is taking
a leadership position by offering an Industry Standard solution in the PC-LAN
market. These products will assist our customers by providing the facilities
necessary for a shift from centralized, single operating system environments
to distributed, multi-operating system environments.
The IBM DCE for OS/2 and Windows family of products are based upon the source
code that IBM licenses from the Open Software Foundation (OSF). The OSF's DCE
is a comprehensive suite of integrated, yet modular, technologies to support
transparent interworking and resource sharing. The IBM DCE for OS/2 and
Windows product family consists of a Software Developer's Kit SDK which
enable an application developer to develop distributed applications. The
mixed client/server environment may be developed with OS/2 Security and Cell
Directory Services, as well as a client support for both OS/2 and (DOS)
Windows. There are two end user DCE clients (OS/2 and Windows) available.
The IBM DCE Client for Windows is only available via a beta program. A
customer using other DCE packages such as the IBM AIX DCE Cell Directory
Server/6000 or the IBM AIX DCE Security Server/6000 may use the clients to
create a heterogenous client/server environment. The IBM DCE for OS/2 and
Windows product family consists of:
o IBM DCE SDK for OS/2 and Windows
1. OS/2 Security Services
2. OS/2 Cell Directory Services
3. Five DCE Clients for OS/2 with Remote Procedure Calls (RPC), Threads,
and Time Services
4. Five DCE Clients for Windows with RPC, Threads, and Time Services
5. OS/2 Client/Server Application Development Tools
6. Windows Client Application Development Tools
o IBM DCE Client for OS/2
o IBM DCE Client for Windows beta program
The above products are available with User Data Privacy in the United States
and Canada, and without User Data Privacy outside of the United States and
Canada. The products that have the User Data Privacy allow the user to
access the U.S. Government Data Encryption Standard (DES) encryption
algorithms for encryption of user data via remote remote procedure calls and,
as such, is subject to U.S. government export regulations. Customers that
qualify under U.S. government regulations can obtain the version of the
product with user data privacy by submitting a special bid request. The IBM
DCE for OS/2 and Windows products that do not have user data privacy use the
DES algorithm for password encryption and other control information. Its
distribution is not regulated by the United States.
INVESTMENT PROTECTION
The primary motivations for the OSF DCE initiative is the lack of coherent,
integrated set of industry standard distributed system services to address
requirements for interoperability across heterogeneous hardware platforms.
Many vendors and organizations have developed partial solutions, but the OSF
DCE represents the integration of leading technologies available in the
distributed computing industry. The DCE architecture allows a process
running on one workstation to operate with one or more processes on other
computing platforms, even when they are from different vendors with different
operating systems. In addition, time synchronization, security and directory
services are provided in an integrated environment.
GROWTH ENABLEMENT
Application development and deployment can be performed on any platform
supporting DCE services. Therefore, allowing the flexibility to mix and
match hardware, or reuse existing hardware, to best meet the needs of the
business.
USER PRODUCTIVITY
Today's businesses have not only become dependent on computing resources, but
are relying on them to gain a competitive advantage. A distributed system
that uses the client/server programming model is more reliable and available
than a centralized system and can be tailored to provide specialized
functions optimized for applications and their supporting platforms. For
example, in a distributed system, off-loading the front-end processing of the
user-interface and replicating key functions and data can improve the
availability of the system to the end user.
BUSINESS SOLUTIONS
For IBM customers, the adoption of the DCE by the industry as the fundamental
building blocks of distributed solutions means less time waiting for
applications to be ported to a specific hardware/software platform. The use
of the DCE also means that customers can take advantage of under-utilized
computing resources by harnessing the power of workstations together in a
distributed network.
SYSTEMS MANAGEMENT
The DCE provides services inherent in a distributed system. These services
include management tools for administering the distributed system.
TEXT
TECHNICAL DESCRIPTION
The IBM Distributed Computing Environment for OS/2 and Windows is based on
OSF DCE Version 1.0.2 (OS/2) and 1.0.1 (Windows) provided by the Open
Software Foundation. The IBM DCE for OS/2 and Windows products comprises the
initial delivery of the core components of the OSF's DCE on OS/2 with Clients
for Windows support. Originally implemented by the OSF for UNIX platforms,
the DCE provides a set of industry and international standard APIs and
services to support the development of robust distributed applications for
multi-vendor distributed environments. It's adaptation and delivery on OS/2
and Windows represents a major step towards the incorporation of the DCE
technology base for the PC-LAN Systems.
The IBM DCE for OS/2 and Windows provides a set of basic distributed system
services which provide consistent, secure, integrated environment for the
development of distributed applications and resource managers. This basic
set of services consists of the following:
o Remote Procedure Call: The DCE remote procedure call (RPC) facility
allows individual procedures in an application to run on a computer
elsewhere in the network. The DCE RPC extends the typical procedure call
model by supporting direct calls to procedures on remote systems. RPC
presentation services mask the differences between data representations
on different machines to allow programs to work across heterogeneous
systems. The DCE RPC provides programmers with a number of powerful
tools necessary to build client/server applications. It includes two
major components:
1. An RPC facility developed specifically to provide simplicity,
performance, portability, and network independence.
2. A compiler that converts high-level interface descriptions of the
remote procedures into portable C-language source code. The
resulting remote procedure calls behave in the same way as local
procedure calls.
o Threads Service: The threads service provides a user the ability to
create and control multiple threads of execution within a single process
and to synchronize access to global data within an application. An
application can, for example, create a thread to handle the I/O request
and create another thread for computation.
o Time Service: Many applications need a single time reference to schedule
activity and determine sequencing and duration. Different components of
a distributed application may obtain time from clocks on different
computers. A distributed time service regulates the system clocks in a
computer network so that they are closely synchronized, providing
accurate time for distributed applications. The DCE time service
provides precise, fault-tolerant clock synchronization for systems in
local area networks (LANs) and wide area networks (WANs). The clock
synchronization provided by the DCE time service enables distributed
computing applications to determine event sequencing, duration, and
scheduling.
o Cell Directory Services: Directory Services defines a single,
consistent, global naming model through which resources in the
distributed system are identified and located. This service allows users
to be identified by name resources such as servers, files, disks or print
queues, and gain access to them without needing to know where they are
located in a network. Additionally, users can continue referring to a
resource by the same name even when a characteristic of the resource
changes, such as it's network address.
o Security Services: In most conventional timesharing systems, the
operating system authenticates the identity of users and authorizes
access to resources. Individual workstations in a network are not
necessarily secure. Therefore, in a distributed environment these tasks
fall to independent authentication and authorization services. The DCE
security services provides the network with three services:
authentication, authorization, and user account management. These
facilities are made available through a secure means of communication
that ensure both data integrity and confidentiality.
The user registration service manages user, group, and account
information and provides login services to the cell. The authentication
service allows principals defined as accounts in the user registry to
exchange credentials and establish mutually authenticated communications.
Authorization services are provided by the combination of a privilege
attribute certificate (PACs) that capture privilege currently available
and selected by a principal, and an access control list (ACL) facility.
Each cell has a security server. It is a single logical server that
consists of the registry server, privilege server, and authentication
server.
The IBM DCE for OS/2 part of the products incorporates the IBM Multi-Protocol
Transport Services - Anynet for OS/2 which provides a general solution to
interconnect applications. It allows TCP/IP applications to run on top of
NetBIOS, using the non-native networking feaure of the Multi-Protocol
Transport Services - Anynet for OS/2. It supplies drivers for:
o Common transport semantics
o IBM OS/2 TCP/IP protocol drivers
o Protocol compensation and address mapping for NetBIOS
o Local interprocess communication
In summary, the Multi-Protocol Transport Services - Anynet for OS/2 makes it
possible for applications to communicate over TCP/IP and NetBIOS protocols
"natively", which means that both the transport user and the protocol used to
transport data are from the same protocol architecture. It also makes it
possible for applications to communicate TCP/IP applications over NetBios
non-natively. Currently, the IBM DCE for OS/2 products only use and support
the TCP/IP protocol.
The IBM DCE for OS/2 products are CID (Configuration/Installation/
Distribution) enabled, which means that the installation adhears to a set of
guidelines that allow installation to perform automated and unattended
installs using response files and/or command line parameters. This enables
remote installation also.
IBM DCE for Windows available within the IBM DCE SDK for OS/2 and Windows and
available via a beta program consists of the core DCE services necessary to
execute a secured distributed application as a Windows 3.X application. The
core components are: Remote Procedure Call (RPC), Security, Threads, and Cell
Directory Service (CDS). In addition, some limited time synchronization
services are also provided.
The following is a brief description of the Runtime functional capabilities:
o RPC
IBM DCE for Windows supports client and server RPC and is fully complient
with the OSF/DCE RPC Network Computing Architecture Specification
(Version 2.0).
UDP/IP (Connectionless) protocols are supported. The Name Service
interface to the Cell Directory service is also provided.
The endpoint mapper is supplied in order to allow servers running on the
personal computer to register endpoints for remote clients.
o Threads
The POSIX 1003.4a draft specification of pthreads and CMA exceptions as
implemented by OSF/DCE are provided by IBM DCE for Windows. However,
since the Windows 3.X provides a non-preemptible environment,
applications calling the pthreads interface must take explicit action to
cause a thread to yield.
o CDS
IBM DCE for Windows allows applications to query the CDS name space and
bind to appropriate servers.
The CDS clerk runs on the local personal computer and converses with the
remote name service through which cell name spaces are accessed. The
identity of the Windows DCE client is established and validated by a DCE
login command sequence with a remote security server. After the client
has logged in, the CDS clerk is authorized to use the name service.
Unauthenticated access is also supported and the accessibility to objects
is controlled through the associated Access Control List.
A program is supplied to allow users to set up and access profiles and
groups from the personal computer. Another program is supplied to allow
users to create, modify, and retrieve, from the personal computer,
objects that are catalogued in the name space.
o Security
The DCE security service is included in IBM DCE for Windows. Windows-DCE
applications can access registry and privilege services in order to
establish a principal identity for authentication and to access the name
service. The DCE Kerberos library, which implements the full DCE
encryption protocol on the personal computer, is also provided. Support
for unauthorized access of protected objects is also included.
o Distributed Time Service
IBM DCE for Windows allows the synchronization of the local clock with
the network time.
Sample Programs are provided in the Software Developer's Kit for both OS/2
and Windows in source form, which can be built and run by an application
developer. The sample programs can be used as templates to develop other
distributed applications.
OPERATING ENVIRONMENT
MACHINE REQUIREMENTS
IBM DCE for OS/2 products execute on IBM PS/2*, IBM Industrial Computer and
non-IBM personal computer hardware configurations supported by IBM OS/2
Version 2.0 or higher. IBM DCE for OS/2 products do not require dedicated
hardware. The programs require an Intel-based processor model 80386 with
minimum 20 MHZ or higher.
The RAM/DASD requirements are as follows: IBM DCE FOR OS/2 IBM DCE CLIENT
FOR OS/2 (RUNTIME)
RAM
12 to 14 MB with 64KB HPFS and 64KB FAT for diskcashe,
Multi-Protocol Transport Services - AnyNet for OS/2 MBUF Parameters
set for: Small MBUF = 512
Large MBUF = 64
DASD
OS/2 2.0 or higher 50MB
IBM DCE Client for OS/2 10MB
Swapper Space 16MB
------
Minimum DASD Required 76MB
Recommended DASD 80MB
Required RAM/DASD may vary with local installation/configuration
choices and user application requirements.
CELL DIRECTORY AND SECURITY SERVICES (RUNTIME)
RAM
16 MB with 512 KB HPFS and 64KB FAT for diskcashe,
Multi-Protocol Transport Services - AnyNet for OS/2 MBUF Parameters
set for: Small MBUF = 512
Large MBUF = 64
DASD
OS/2 2.0 or higher 50MB
IBM DCE Client for OS/2 and 15MB
Cell Directory and Security
Services
Swapper Space 16MB
------
Minimum DASD Required 81MB
Recommended DASD 86MB
Required RAM/DASD may vary with local installation/configuration
choices and user application requirements.
Although IBM DCE for OS/2 runs on OS/2 2.0, we strongly recommend
that the CSDs found in the Service Pack for OS/2 2.0 be installed,
or upgrade to OS/2 2.1 with required APAR PJ09481.
IBM DCE SDK FOR OS/2
DASD
OS/2 2.0 or higher 50MB
IBM C-Set/2 Compiler 9MB
OS/2 Toolkit 21MB
IBM DCE SDK for OS/2 25MB
------
Minimum DASD Required 105MB
Recommended DASD 110MB
Required RAM/DASD may vary with local installation/configuration
choices and user application requirements.
IBM DCE FOR WINDOWS INCLUDED IN IBM DCE SDK FOR OS/2 & WINDOWS
IBM DCE CLIENT FOR WINDOWS (RUNTIME)
IBM DCE Client for Windows requires the following hardware environment:
o An IBM-compatible personal computer using an i386 or i486 processor
(Minimum 25 MHZprocessor is recommended)
o Hard disk with at least 5MB of free space
o Network card supported by the TCP/IP package used
o At least 4MB of memory (8 MB recommended)
IBM DCE CLIENT FOR WINDOWS (SDK)
IBM DCE Client for Windows Software Developer's Kit requires the following
hardware environment:
o An IBM-compatible personal computer using an i386 or i486 processor
o Hard disk with at least 5MB of free space
o At least 8MB of memory
PROGRAMMING REQUIREMENTS
The following products are required for the IBM DCE for OS/2 products,
depending upon the communications environment in which you are operating:
1. IBM DCE SDK for OS/2
o IBM OS/2 Version 2.0, or higher
o IBM TCP/IP is not required, but if it is installed, it must be IBM
TCP/IP Version 1.2.1, or higher.
o IBM C SET/2 Version 1.0
o Hardware configured for codepage PC850 or PC437 or any PCS.
o IBM BookManager (TM) READ licensed program to access the online
publications.
2. IBM DCE SDK for Windows included with IBM DCE SDK for OS/2 & Windows
o DOS Version 3.30 (Version 5.0 is recommended)
o Microsoft Windows 3.1
o An ANSI-C compiler that supports for API prototyping (Microsoft C,
Version 7.0 is recommended)
3. IBM DCE Client for OS/2 (Runtime)
o IBM OS/2 Version 2.0, or higher
o IBM TCP/IP is not required, but if it is installed, it must be IBM
TCP/IP Version 1.2.1, or higher.
o Hardware configured for codepage PC850 or PC437 or any PCS.
o IBM BookManager (TM) READ licensed program to access the online
publications.
4. IBM DCE Client for Windows (Runtime) included in IBM DCE SDK for OS/2 and
Windows
o DOS version 3.30, or higher (Version 5.0 is recommended)
o Microsoft Windows 3.1
o One of the following TCP/IP network transports:
- A Windows Sockets V1.1-compliant TCP/IP
- PC/TCP for DOS, Versions 2.05 and 2.11, from FTP Software Inc.
- LAN WorkPlace for DOS, Version 4.1, from Novell Inc.
- TCP with Demand Protocol Architecture, Version 2.0 from 3COM
Corporation.
COMPATIBILITY
Not applicable.
LIMITATIONS
U.S. English only.
PERFORMANCE CONSIDERATIONS
Performance may be affected by total system memory and page space available,
the amount of fixed-storage available and type/performance of the disk
drives. Performance may also be affected by the type and function of the
applications selected and running at the same time.
PLANNING INFORMATION
CUSTOMER RESPONSIBILITIES
Not applicable.
CONVERSION
Not applicable.
SECURITY, AUDITABILITY AND CONTROL
The security services provided by the security server which is part of the
IBM DCE SDK for OS/2 and Windows package will provide the basic building
blocks for securing distributed systems.
User management is responsible for evaluation, selection, and implementation
of security features, administrative procedures, and appropriate controls in
application systems and communication facilities.
PUBLICATIONS
For a current list of publications, refer to the appropriate publications
option on your respective HONE system, or contact your local IBM
representative.
*Signifies a trademark or registered trademark of International Business
Machines Corporation.
- - - E N D O F P R I N T O U T - - -