Compaq Software Product Description ___________________________________________________________________ PRODUCT NAME: Distributed Computing Environment (DCE) SPD 43.06.07 Version V3.1 for Compaq Tru64 UNIX DESCRIPTION The Distributed Computing Environment (DCE) for Compaq Tru64[TM] UNIX[R], (formerly DIGITAL UNIX[TM]) provides an interoperable set of the dis- tributed computing functionality specified for The Open Group (TOG[R]) Distributed Computing Environment, as well as tools for application developers. With DCE, TOG has established a standard set of services and interfaces that facilitate the creation, use, and maintenance of client/server applications. Compaq DCE serves as the basis for an open computing environment where networks of multivendor systems appear as a single system to the user. Since DCE makes the underlying networks and operating systems transparent, application developers can easily build portable, interoperable applications. Users can locate and share information safely and easily across the entire enterprise. Compaq DCE supplies system managers with a set of tools to administer the entire distributed computing environment in a consistent fashion, while also ensuring the integrity of the enterprise. DCE for Tru64 UNIX V3.1 sup- ports the TOG DCE R1.2.2 base code. New features for DCE for Tru64 UNIX V3.1 include: o Dataless Management System (DMS)-DCE for Tru64 UNIX V3.1 will be capable of being installed and configured utilizing Tru64 UNIX Data- less Management system (DMS) software. DMS allows multiple client systems to share file systems which reside on a single server sys- tem while still maintaining their own root file system. o R1.2.2 Enhanced DFS client June 1999 AE-PSYZH-TE o Kerberized ftp-A version of FTP (File Transport Protocol) which uses the Kerberos V5 authentication system. o SIA administration tool-The SIA Administration tool is intended to maintain the integrity of login data between the DCE registry and local security information. The tool will aid by reporting incon- sistencies and prompting the user to select a course of action to resolve the problems. o CDS Preferencing-CDS Preferencing allows the user to choose a pre- ferred CDS server on startup of DCE rather than having the system choose which server to access. If the preferred CDS server is un- available, DCE will automatically select another available CDS server to access. o User modified RPC timeout periods- User-selected RPC timeout sup- port will allow the user to determine on a system wide basis what time period an RPC call will wait for a response before issuing a timeout. Currently, the RPC timeout period is a static value. The functionality provided in the Distributed Computing Environment product for Tru64 UNIX includes: o DCE Remote Procedure Call (RPC) that creates and runs client/server applications. o DCE Cell Directory Service (CDS) that provides location-independent naming for resources. o DCE Distributed Time Service (DTS) that synchronizes time in a dis- tributed network environment. o DCE Security Service that provides secure communications and ac- cess through authorization and authentication services. o DCE Distributed File Service (DCE DFS) that provides authenticated access to files in a distributed environment. o DCE Interface Definition Language (DCE IDL) a C-like language that provides object oriented client/server bindings for DCE. o DCE Control Program (dcecp), a single common control program that provides the ability to manage and control DCE components. 2 o Lightweight Directory Access Protocol (LDAP) that provides access to the X.500 directory service without incurring the overhead of the full Directory Access Protocol (DAP). LDAP is an optional di- rectory service independent of CDS. o Support for MIT Kerberos[TM] 5, enabling authentication and key dis- tribution as provided by TOG DCE R1.2.2. o Private Key Storage Server (PKSS) component that is used to store private keys for user authorization as provided by TOG DCE R1.2.2. o Tru64 UNIX TruCluster Support, making DCE for Tru64 UNIX V3.1 more highly available by configuring its core services on a DIGITAL Tru- Cluster Available Server Environment (ASE). In addition, the DCE Threads Service, providing user-context multi- processing functionality, is supported by a DECthreads[TM] package that is included in the Compaq Tru64 UNIX operating system. The DIGITAL DEC- threads package supports POSIX threads Draft 4, as well as the final standard (Draft 10). Tru64 UNIX supports Posix ACLs on any file system supported by the op- erating system, in particular UFS and AdvFS. These ACLs can provide access control even if the file is accessed remotely through DFS, pro- vided that a consistent mapping of DCE principals to local UNIX users is adopted by the system administrator of the DCE cell. As a corol- lary, only accesses from the local cell can be controlled this way. Restrictions: These ACLs cannot be manipulated by the remote ACL man- agement tools that DCE provides (acl_edit or dcecp). Further, ACLs can- not be manipulated with the UNIX setacl or getacl command on files us- ing the DFS pathnames. The DCE product set for Tru64 UNIX consists of four layered products, each licensed separately, to provide customers with maximum flexibil- ity for configuring the environment, known as a DCE cell. The prod- ucts are: o Compaq DCE Runtime Services, which is required for all DIGITAL sys- tems participating in the DCE cell. The DCE Runtime Services kit 3 includes DCE administration tools as well as DCE client functions and optional DCE DFS client and server functions. o Compaq DCE Application Developer's Kit, which is required for de- velopers of distributed applications, but optional for other users. The Compaq DCE Application Developer's Kit provides programmers with an Interface Definition Language (IDL). IDL is an easy-to-use, high- level descriptive language closely resembling the declaration syn- tax and semantics of ANSI C. The compiler generates stubs that use the C language calling convention. IDL allows DCE programmers to develop interface definitions for client and servers. In order to call remote procedures correctly, an interface definition must ex- ist that declares the set of remote procedure (operations) the server interface offers to clients. This kit also provides the DCE appli- cation programming interfaces. The Generic Security Service Appli- cation Programming Interface (GSSAPI) is also supported in this kit. GSSAPI lets you extend DCE security to distributed applications that handle network communications by themselves. Compaq DCE for Tru64 UNIX V3.1 implements the latest IDL implementation, conformant to TOG DCE Release R1.2.2. o Compaq DCE Cell Directory (CDS) Server, one of which is required for each DCE cell. The DCE CDS Server is a central repository con- taining information about the location of resources in the DCE cell. It allows access to resources by a single name, regardless of phys- ical location. o Compaq DCE Security Server, one of which is required for each DCE cell. The DCE Security Server protects resources from illegal ac- cess and provides secure communications within and between DCE cells. The Compaq Distributed Computing Environment V3.1 product-set is an implementation of TOG DCE R1.2.2 for the DCE core services (RPC, Se- curity, CDS, and Time) and the OFS client. Using TOG DCE R1.2.2 as a base, DCE for Tru64 UNIX V3.1 implements such features as: o Distributed File System - Client and server software that presents the DCE with a global view of a set of files and directories (file system), independent of machine boundaries. Included with the DFS 4 runtime software are user-level commands and utilities to help end- users and cell administrator to set up, run, use, monitor, and man- age DFS. o Cell Directory Service - Implementation of multi-cell aliasing and hierarchical cells. o Delegation - The ability to pass security authentication through intermediary servers. o The DCE Control Program - The DCE Control Program (dcecp) is a sin- gle user interface to all DCE components that is extensible through the TCL utility. o Distributed Computing Environment core services support Tru64 UNIX V4.0's symmetrical multiprocessing "SMP" capability. o Support of public-key security model. o TOG R1.2.2 offers support for Version 5.0 of the Massachusetts In- stitute of Technology (MIT) Kerberos authentication and key dis- tribution service. o Performance improvements for servicing large cells. o Availability of global groups. Additional Compaq enhancements include simplified installation and con- figuration, an integrated login with that of DIGITAL UNIX, and IDL sup- port of C, C++, and FORTRAN as well as IDL development templates to minimize the effort to develop client/server interface definitions. Compaq DCE for Tru64 UNIX V3.1 is an update to DCE V3.0, which was cer- tified by the Open Software Foundation to meet all conformance cri- teria and interoperates with DCE implementations of other major ven- dors. In addition, for backwards compatibility, Compaq DCE V3.1 has limited interoperability within a single cell, with Compaq DCE V2.1 and 3.0. YEAR 2000 COMPLIANCE Compaq DCE for Tru64 UNIX V3.1 is Year 2000 ready. 5 PRODUCT OPTIONS The Compaq Distributed Computing Environment functionality is provided in four separately orderable products, designed to provide maximum flex- ibility in configuring the software to meet the needs of the user's client/server environment. 1. Compaq DCE Runtime Services Kit This is a fully integrated set of services that provides applications with the essential capabilities required to use distributed services. The DCE Runtime Services license is included free with the base Tru64 UNIX operating system. The Compaq DCE Runtime Services kit makes the following DCE features available to distributed applications: o Remote Procedure Call Runtime API and Library that includes: - Access to DECthreads. - Use of the DCE Cell Directory Service for locating servers. - Use of DCE Security Service for authentication and data in- tegrity. - RPC event logging monitor to assist in debugging client/server applications. o Distributed Time Service (both client and server), featuring the capability to provide time services to both DECnet/OSI and DCE cells. o Distributed File Service (both client and server) featuring full support for the 64-bit DCE DFS architecture. o Administrative tools to manage the DCE core services. o DCE configuration program (dcesetup) to allow you to configure your DCE environment. o PC name server proxy agent for communication with Microsoft[R] RPC. 6 A group of DCE systems that work together and are administered as a unit is called a cell. Each Tru64 UNIX system within a DCE cell must run the Compaq DCE Runtime Services kit. DCE RPC supports the client/server distribution model that character- izes many applications. The DIGITAL DCE Runtime Services kit provides such client/server applications the ability to interoperate over DEC- net/OSI, TCP/IP, and UDP/IP network protocols on the Compaq Tru64 UNIX operating system. Distributed File Service (DFS) The DCE Distributed File Service (both client and server) features full support for the 64-bit DCE OFS architecture. The DCE DFS uses the DCE security, name, remote procedure call, and time services to provide access to file system services over a network. The DCE DFS provides a unified, globally distributed file system with all DCE DFS files ac- cessible from any DCE DFS client. Every user in a DCE cell accesses a given DCE DFS file by the same file name, regardless of which DFS server is storing the file; inter-cell accesses are also supported through the DCE services. The DCE DFS offers advanced data caching to mini- mize the adverse performance impact of network operations and token management to allow concurrent accesses to file data. The operation and management of DCE DFS are built upon the DCE RPC. DCE naming ser- vices allow clients to access files without knowing which server stores the data, and the use of DCE security services protects file data against unauthorized use and provides for the authentication of access requests. The DCE Runtime Services includes the basic DCE DFS client and server software. 2. Compaq DCE Application Developer's Kit The Compaq DCE Application Developer's Kit includes tools required for the development of distributed applications using remote procedure calls (RPC). It includes: o IDL RPC stub compiler o Time provider routines o Sample applications 7 o All DCE application programming interfaces including GSSAPI sup- port o IDL development templates o UUIDGEN to allow the generation a 128-bit unique identifier (UUID) used to identify interface definitions The Compaq DCE Runtime Services kit is required on each Tru64 UNIX sys- tem in the cell. Users must install the Runtime Services Kit before installing the Compaq DCE Application Developer's Kit. 3. Compaq DCE Cell Directory (CDS) Server The Compaq DCE Cell Directory Server provides a consistent mechanism for naming and locating users, applications, files, and systems within a DCE cell. The Compaq DCE CDS Server also includes the Global Direc- tory Agent (GDA). The Global Directory Agent provides a means of link- ing multiple CDS namespaces through either X.500 or the Internet Do- main[R] Name Server (BIND). The Compaq DCE Runtime Services kit is required on each system in the cell. Users must install the Runtime Services Kit before installing the Compaq DCE CDS Server. Similarly, the DCE CDS Server requires the installation of the DCE Security Server on a system in the same DCE cell. 4. Compaq DCE Security Server The Compaq DCE Security Server allows users controlled access to in- formation in a distributed computing environment safely and confiden- tially. The DCE Security Server accomplishes this through the follow- ing services: o DCE Authentication Service allows users and resources to prove their identity to each other. The DCE Authentication Service is based on Kerberos, which requires that all users and resources possess a secret key. 8 o DCE Authorization Service verifies operations that users may per- form on resources. A DCE Registry Service contains a list of valid users. An Access Control List (ACL) associated with each resource determines valid users, through the Registry Service, and the types of operations a user may perform. o DCE Data Integrity Service protects network data from tamper- ing. Cryptographic checksums automatically generated by RPC en- able DCE to determine whether data has been corrupted in trans- mission. o The addition of the RANDD random number generator, a performance enhancement to security that generates random numbers in advance of security operations that require the use of random numbers to encode client/server communications. The Compaq DCE Runtime Services kit is required on each system in the cell. Users must install the Runtime Services Kit before installing the Compaq DCE Security Server. Similarly, the DCE Security Server re- quires the installation of the DCE CDS Server on a system in the same DCE cell. CONFORMANCE TO STANDARDS The TOG DCE is based on several de facto and de jure standards, in- cluding: o POSIX 1003.4 Draft 4 POSIX Threads o POSIX 1003.6 Draft Access Control Lists o TOG DCE is compatible with the Network Time Protocol standards HARDWARE REQUIREMENTS Processors Supported Compaq DCE for Tru64 UNIX V3.1 is supported on all hardware config- urations that support Compaq Tru64 UNIX V4.0x. Reference can be made to the configuration charts listed in the Tru64 UNIX Operating Sys- tem Software Product Description (SPD 41.61.xx). 9 Disk Space Requirements (Block Cluster Size = 1): Disk space required for 120M bytes installation: Disk space required for 38M bytes use (permanent): These counts refer to the disk space required on the system disk. The sizes are approximate; actual sizes may vary depending on the user's system environment, configuration, and software options. Additional space is required for the DCE DFS client cache; the minimum recommended size for the client cache is 10M bytes. SOFTWARE REQUIREMENTS Tru64 UNIX Version 4.0d, 4.0e, or 4.0f OPTIONAL SOFTWARE o DIGITAL C for Tru64 UNIX (included in the Tru64 UNIX operating sys- tem). o DIGITAL Fortran o Optional software includes the DCE Privacy Option (SPD 63.88.04) for date encryption. GROWTH CONSIDERATIONS The minimum hardware/software requirements for any future version of this product may be different from the requirements for the current version. 10 DISTRIBUTION MEDIA CD-ROM This product is available on the Compaq CD-ROM Software Library for Tru64 UNIX. ORDERING INFORMATION DCE for Tru64 UNIX software and documentation (online) are shipped as part of the Tru64 UNIX Layered Products CD-ROM, order number QA-054AA-H8. DCE Runtime Services for Tru64 UNIX: Software License: Included Free with Tru64 UNIX 4.x Operating System Software Media: QA-054AA-H8 Software Product Services: QT-01MA*-** Full Compaq DCE Administration Software Documentation Kit: QA-01MAA- GZ DCE Application Developer's Kit for Tru64 UNIX: Software License: QL-01NA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01NA*-** DCE CDS Server for Tru64 UNIX: Software License: QL-01PA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01PA*-** DCE Security Server for Tru64 UNIX: Software License: QL-01QA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01QA*-** * Denotes variant fields. For additional information on available li- censes, services, and media, refer to the appropriate price book. Documentation 11 The following online documents are included in HTML format: o DCE for Tru64 UNIX Product Guide o DCE for Tru64 UNIX Reference Guide o DCE for Tru64 UNIX Installation and Configuration Guide o DCE for Tru64 UNIX DFS Configuration Guide o Introduction to OSF DCE o OSF DCE Administration Guide, Introduction o OSF DCE Administration Guide, Core Components o Application Development-Introduction and Style Guide o Application Development Guide-Core Components Volume 1 o Application Development Guide-Core Components Volume 2 o Application Development Guide-Directory Services o Application Development Reference Volume 1 o Application Development Reference Volume 2 o Application Development Reference Volume 3 o OSF DCE Command Reference For hardcopies of OSF documentation, contact The Open Group. SOFTWARE LICENSING This software is furnished only under a license. For more information about the Compaq licensing terms and policies, contact your local Com- paq office. License Management Facility Support: This layered product supports the Tru64 UNIX License Management Fa- cility. 12 License units for this product are allocated on an Unlimited System Use basis. For more information on the License Management Facility, refer to the Tru64 UNIX Operating System Software Product Description (SPD 41.61.xx) or the Tru64 UNIX Operating System documentation. SOFTWARE PRODUCT SERVICES A variety of service options are available from Compaq. For more in- formation, contact your local Compaq office. SOFTWARE WARRANTY Warranty for this software product is provided by Compaq with the pur- chase of a license for the product as defined in the Software Warranty Addendum of this SPD. The above information is valid at time of release. Please contact your local Compaq office for the most up-to-date information. (c) 1999 DIGITAL Equipment Corporation. All rights reserved. [R] Compaq and the Compaq logo are registered with the U.S. Patent and Trademark Office. [R] Domain is a registered trademark of Apollo Computer, Inc., a subsidiary of Hewlett-Packard Company. [R] Hewlett-Packard is a registered trademark of Hewlett-Packard Company. [TM] Kerberos is a trademark of Massachusetts Institute of Tech- nology. [R] Microsoft is a registered trademark of Microsoft Corpora- tion. [R] Open Software Foundation is a trademark and OSF is a regis- tered trademarks of Open Software Foundation, Inc. 13 [TM] The Open Group is a trademark of Open Software Foundation, Inc. and X/Open Company Limited. [TM] The DIGITAL Logo, Alpha AXP, AXP, DEC, DECthreads, DIGI- TAL, DIGITAL UNIX, MicroVAX, Tru64 UNIX, TruCluster, VAX, VAXserver, and VAXstation are trademarks of Digital Equip- ment Corporation. All other trademarks and registered trademarks are the property of their respective owners. 14