Software Product Description ___________________________________________________________________ PRODUCT NAME: HP TCP/IP Services for OpenVMS SPD 46.46.22 Version 5.7 DESCRIPTION The HP TCP/IP Services for OpenVMS software product is the OpenVMS im- plementation of the industry-standard TCP/IP protocol suite and In- ternet services for OpenVMS Integrity servers and OpenVMS Alpha sys- tems. The kernel software is ported from the Berkeley Software Dis- tribution (BSD) Versions 4.3 and 4.4, with enhancements from HP. TCP/IP Services installation is integrated with the OpenVMS instal- lation. It provides interoperability between OpenVMS and other oper- ating systems that support TCP/IP, such as UNIX and Microsoft Windows. A comprehensive suite of functions and applications based on industry- standard protocols allow heterogeneous network communications and file sharing, as well as network services such as IP/multicasting, dynamic load balancing, remote login, network file access, remote terminal ac- cess, remote printing, email, application development, remote client booting, domain name system (DNS), and network time protocol (NTP). TCP/IP Services operates in both IPv4 and IPv6 networks, as well as in mixed environments, and provides high availability, performance scal- ability for SMP systems, and secure authentication and data transfer for remote sessions, network applications, and email. March 2010 Licenses For Alpha systems, the following TCP/IP Services for OpenVMS licenses are available: ___________________________________________________________________ License__________Description_______________________________________ Server Provides complete product functionality. Client Provides a subset of the server license. The client license does not include BIND, BOOTP, DHCP, failSAFE IP, TFTP, NFS server, PC-NFS, and the load broker. Client up- Provides a subset of the server license for cus- grade tomers who previously purchased a client license _________________and_now_require_full_functionality._______________ For OpenVMS Integrity servers, the Operating Environment (OE) includes the TCP/IP Services for OpenVMS product and a server license for it. Network Interface Layer Support With support for multiple network interfaces for each physical net- work controller, the TCP/IP Services for OpenVMS software allows OpenVMS systems to connect to individual host computers on different types of networks: o Ethernet for IPv4 and IPv6 (OpenVMS Integrity servers and OpenVMS Alpha) o Fiber Distributed Data Interface (FDDI) for IPv4 and IPv6 (Open- VMS Alpha only) o Token Ring for IPv4 (OpenVMS Alpha only) o Asynchronous transfer mode (ATM) for IPv4 (OpenVMS Alpha only) 2 Individual host computers can also connect with other hosts or net- works over serial communications lines using either the Serial Line Internet Protocol (SLIP or CSLIP) or the Point-to-Point Protocol (PPP). Note: SLIP is supported on Alpha systems only. Internet Layer Support The TCP/IP Services for OpenVMS product supports the following Inter- net layer protocols that work together to move data around the Inter- net: o Internet Protocol (IP) provides a connectionless packet delivery service for IPv4 and IPv6. o Internet Control Message Protocol (ICMP) provides diagnostic func- tions and handles error and control messages for IPv4 and IPv6. o Address Resolution Protocol (ARP) dynamically maps an IP address to a physical hardware address for IPv4. o Neighbor Discovery discovers neighbors in the same link, dynami- cally detects routers, dynamically maps all IP addresses to a phys- ical hardware address for IPv6, and maintains information about the paths to active neighbors. o Path MTU for TCP and UDP calculates the most efficient means of trans- porting data across a network. o Classless Interdomain Routing (CIDR) reduces routing tables and makes more efficient use of the IP address space. o Routing protocols and routing daemons enable gateways to exchange current routing information about hosts and directly connected net- works. Supported protocols include: - Routing Information Protocol (RIP) Version 1 (RFC 1058) and RIP Version 2 (RFC 1388) for IPv4, and RIPng (RFC 2080) for IPv6 - Open Shortest Path First (OSPF) Version 2 (RFC 1583) for IPv4 - Exterior Gateway Protocol (EGP) (RFC 904) for IPv4 3 - Border Gateway Protocol (BGP) (RFC 1163, RFC 1267) for IPv4 - Router Discovery (RFC 1256) for IPv4 - Routing daemons communicate with the kernel to add new routes or to delete or modify existing routes. The following routing daemons are supported: * ROUTED for IPv4 * GATED for IPv4 [1] * ip6rtrd for IPv6 High Availability o failSAFE IP supports IPv6 The failSAFE IP service provides higher availability of IP addresses by removing the NIC as a single point of failure. failSAFE IP is clus- ter aware, so standby IP addresses can be configured within the same node or across a cluster. Typical failures that failSAFE IP guards against include NIC failure, broken cable, failed port on a switch, and node shutdown. Transport Layer Support To provide either connection-oriented or connectionless data trans- mission between two hosts (local or remote), the TCP/IP Services for OpenVMS product supports both TCP and UDP protocols. These protocols form the bridge between the Application layer and the Internet layer: o Transmission Control Protocol (TCP) provides reliable, connection- oriented, sequenced data transfers for applications that must guar- antee delivery of the data. ____________________ The Enhanced Gateway Routing Daemon (GATED) is based on GateD Uni- cast Version 4.0.6, with advanced routing options. 4 o User Datagram Protocol (UDP) provides fast, connectionless data trans- fers for applications that do not require delivery confirmation. The TCP Extensions for High Performance (RFC 1323), and the IETF Wire- less TCP Standards help prevent congestion on low-bandwidth high-delay wireless and satellite networks. The wireless TCP set of standards en- compasses TCP Extensions for High Performance (RFC 1323), SACK (RFC 2018), and Path MTU Discovery for IPv4 (RFC 1191) and IPv6 (RFC 1981). FTP over SSL The Transport Layer Security/Secure Socket Layer (TLS/SSL) feature enables the FTP software to use the security features provided by SSL. When this feature is enabled, FTP provides a secured FTP ses- sion and a secure file transfer. FTP over SSL is compliant with RFC 4217 and RFC 2228. Application Layer Support The TCP/IP Services for OpenVMS product supports numerous Application layer protocols that allow OpenVMS users to: o Run software on remote systems. o Transfer data files between local and remote systems. o Share remote system resources such as disk storage space and print- ers as if they were directly connected to the user's local system. o Send and receive electronic mail messages locally or across the world- wide Internet. o Provide consistent, reliable, and efficient network services to all users on the Internet. Remote Computing Features: o TELNET Upgrade with Kerberos Support o TELNET Server Device Limit 5 With TELNET, an OpenVMS user can log in to remote hosts in the net- work. The TELNET features include: o Simultaneous multiple sessions o IBM 3270 model terminal emulation (TN3270) o Support for both OpenVMS style and UNIX style interfaces o Support for window sizing (rows and columns) and location options o Kerberos authentication The popular UNIX Remote commands, called R commands, let OpenVMS users work in accounts on remote internet hosts that are either UNIX or OpenVMS systems. The TCP/IP Services for OpenVMS software supports the RLOGIN, RSH, REXEC, and RMT/RCD commands. In addition, the secure shell (SSH) command logs into a remote server and provides remote command execution using authentication and data encryption to ensure a secure connection. The FINGER utility enables users to obtain information about each user on local or remote systems. This information includes user name, ac- count name, and the program the user is running. The X Display Manager Control Protocol (XDMCP) allows display devices to request that the login server present a login screen. File Transfer o FTP Anonymous Light New Feature FTP Anonymous Light can be used for restricting user access to par- ticular set of directories. 6 o FTP Performance Enhancements for VMS Plus Mode OpenVMS users transfer data files between local and remote systems through the use of the following components: o File Transfer Protocol (FTP) creates, deletes, and copies files and directories between hosts. FTP supports OpenVMS Extended File Spec- ifications (long file names, deep directories, and extended char- acter sets) for ODS-5 disks. o Trivial File Transfer Protocol (TFTP) transfers files using the UDP protocol and no authentication and is typically used during the boot- strap process of diskless systems. o The remote copy (rcp) command copies files between the local host and a remote host or between two remote hosts. o The secure copy (SCP) and secure file transfer (SFTP) commands en- sure secure file copy operations using authentication and data en- cryption. Resource Sharing Feature: o IPv6 Support for LPD and TELNETSYM The TCP/IP Services for OpenVMS software provides network printing ser- vices through the line printer/line printer daemon (LPR/LPD) and the TELNET print symbiont (TELNETSYM). o LPD provides remote printing services for UNIX and OpenVMS client hosts through local and remote print queues. Once the system man- ager sets up the print queues, OpenVMS client users enter the DCL command PRINT, and UNIX client users enter the lpr command. LPD can be configured for clusterwide availability, providing load balanc- ing and automatic failover for LPD-controlled print queues on the OpenVMS host. o TELNETSYM provides remote print services that enable the use of stan- dard OpenVMS printing features not available with LPR/LPD. 7 Network File System Features: o NFS Client TCP Support o NFS Server Support for Integrity o NFS Symbolic Link Support The Network File System (NFS) server software allows NFS client users to gain transparent access to remote file services. With NFS, when a user accesses files and directories from a remote system, they appear to reside on the local system regardless of operating system, hard- ware type, or architectural differences between the local and remote systems. The PC-NFS daemon provides authentication services to PC-NFS clients. TCP/IP Services provides support for NFS Version 2 and Version 3 in the NFS server. The NFS client is limited to Version 2. The NFS client is supported on OpenVMS Integrity servers and OpenVMS Alpha systems. The NFS server is supported on OpenVMS Alpha systems only. NFS supports IPv4 only. The main benefit of NFS Version 3 is increased maximum file size-up to 1 terabyte for an OpenVMS file system and up to 4 gigabytes for a container file system. Performance gains may result from the improve- ments to file-size processing and the enhanced write performance that allows the NFS server to acknowledge a write operation before the files are actually written to disk. Afterward, the server's response to a commit message confirms that the data has been written to disk. The NFS server supports communication over both TCP and UDP. NFS over TCP offers better support for file access over wide area links than UDP. The NFS client is limited to UDP only. The NFS server and client support OpenVMS Extended File Specifications, including long file names, deep directories, and extended character sets on ODS-5 file structures. 8 Mail Services o Secure IMAP (SSL support) o Secure POP (SSL support) With the Simple Mail Transfer Protocol (SMTP), OpenVMS users can send and receive electronic mail to and from local and remote hosts. The TCP/IP Services for OpenVMS implementation of SMTP uses the OpenVMS Mail facility, which automatically recognizes an SMTP host address in the format smith@widgets.com. SMTP provides support for SFF (Send From File) and outbound alias specification. The following mail systems work with SMTP, providing reliable, server- based mail repositories for clients: o Post Office Protocol (POP) server o IMAP Mail server (Alpha systems only) Note: Secure IMAP and Secure POP require the use of the HP SSL for Open- VMS software. Network Services Features: o BIND 9 Resolver o DNS/BIND V9.3 Server o NTP Security Update (SSL) With the following TCP/IP Services for OpenVMS management components, network and system managers can provide consistent, reliable, and ef- ficient services to their users with minimal interruption: o Simple Network Management Protocol (SNMP) Version 2 includes a mas- ter agent and subagents that allow the OpenVMS system to be man- aged by a management station on the network. SNMP supports IPv4 only. 9 o Network Time Protocol (NTP) Version 4 provides a means to synchro- nize time and coordinate time distribution throughout a TCP/IP net- work. NTP provides accurate and dependable timekeeping for OpenVMS hosts on TCP/IP networks. o Berkeley Internet Name Domain (BIND) is a distributed database sys- tem that distributes and manages host information so that hosts do not need to locally manage the address of every other host on the internet. The BIND 9 server is based on the Internet Software Con- sortium's (ISC) BIND 9.2.1 implementation. It includes dynamic up- dates and BIND server cluster failover, which allows multiple BIND master servers to share a common database, thus providing both re- dundancy and a failover mechanism when one of the servers becomes unavailable. The BIND server is based on the ICS's BIND 9.2.1 implementation, and supports IPv4 and IPv6. The BIND resolver is based on the BIND 8.1.2 implementation. The BIND resolver supports communication over IPv4 only, but it is capable of querying for IPv6 addresses (AAAA records). The BIND server and the BIND resolver are available on OpenVMS Integrity servers and OpenVMS Alpha systems. o Load broker supplies cluster load balancing, round-robin schedul- ing, and automatic failover. o Metric server calculates and reports the DNS load on the local host. It includes dynamic configuration of logical names, which can be defined for CPU rating, compute interval, and debug level, as well as support for multihomed systems to allow load balancing of in- coming traffic across multiple IP addresses. o Portmapper allocates ports so that system managers do not need to preconfigure client applications with port numbers for each ser- vice. 10 o Auxiliary server process is the TCP/IP Services for OpenVMS imple- mentation of the UNIX internet daemon (inetd). The auxiliary server greatly simplifies application writing, manages overhead by reduc- ing simultaneous server processes, provides system security through authentication of service requests, and supports event and error logging. o Dynamic Host Configuration Protocol (DHCP) is a superset of the Boot- strap Protocol (BOOTP). In addition to BOOTP functionality (answer- ing bootstrap requests), DHCP offers robust configuration services, including IP address, subnet masks, and default gateways. The DHCP server can be configured to support BOOTP clients. If BOOTP is en- abled without DHCP, DHCP functionality is not available. o DHCP dynamically updates BIND using a feature that allows DHCP clients to be configured with a registered name. DHCP uses this name to as- sign an address when it updates the BIND database. In addition, this release offers both a DHCP client and server, which provides a cen- tralized approach to the configuration and maintenance of IP ad- dress space. With DHCP server, the system manager can provide dy- namic allocation of IP addresses from an OpenVMS host. Security Feature: o SSH Upgrade with Kerberos Support The TCP/IP Services for OpenVMS product includes the secure shell (SSH) client and server, which provide secure login, remote command execu- tion, and file transfer. TCP/IP Services for OpenVMS 5.6 includes SSH support for Kerberos, the popular network authentication protocol from the Massachusetts Institute of Technology. SSH password authentica- tion method has been enhanced to support Kerberos. 11 Performance and Scalability The TCP/IP kernel has been modified to provide increased performance on symmetric multiprocessing (SMP) systems. This complete redesign of the TCP/IP kernel provides enhanced perfor- mance on SMP systems by removing CPU contention among users. The new kernel uses a dynamic spinlock to lock the main internal database. All processing that requires locking is directed to a designated TCP/IP CPU, thereby eliminating CPU contention with other CPU users. Essen- tially, network I/O becomes a series of asynchronous, transaction-based operations. Packet Processing Engine (PPE) TCP/IP PPE is modeled on the OpenVMS Dedicated Lock Manager. By ded- icating a CPU for processing TCP/IP, performance efficiency can be achieved, but, at the cost of dedicating a CPU for TCP/IP. Management Control Program The TCP/IP Services for OpenVMS product provides the Management Con- trol Program, which is a comprehensive, easy-to-use network manage- ment tool based on familiar OpenVMS DCL command syntax. These commands let system managers configure and monitor the product components lo- cally. The flexible configuration process includes an interactive configu- ration procedure. Startup and shutdown files are provided for individual services, al- lowing system managers to stop and start individual services without affecting the operation of the remaining TCP/IP Services software. Support for both DCL or UNIX management commands provides a choice of methods for configuring and managing the network connections and the TCP/IP Services software. 12 UNIX Network Management Utilities o TCPDUMP Version 3.8.3 for IPv4 and IPv6 The TCP/IP Services for OpenVMS product provides UNIX networking man- agement utilities for system managers who are experienced in manag- ing and troubleshooting the UNIX network subsystem. Supported util- ities include: o arp o finger o ifconfig o netstat o ping o ripquery o route o sysconfig o sysconfigdb o tcptrace o traceroute o tcpdump Subsystems can be configured in the sysconfigtab database. Note that some UNIX flags and parameters may not be supported. Error Message Documentation The TCP/IP Services for OpenVMS product provides online help for er- ror messages for TCP/IP facilities and components. The information is included as part of the OpenVMS Help Message utility (MSGHLP). 13 Application Programming Interfaces (APIs) o libpcap for IPv4 and IPv6 The TCP/IP Services for OpenVMS product provides the following APIs for programmers to develop customized applications: o Berkeley Sockets and Sockets Library provide UNIX like access for TCP, UDP, and raw IP to applications written in the C programming language. The library includes support for: - Both IPv4 and IPv6 basic socket interface extensions for IPv6 (RFC 2553 and IETF updates) - Advanced sockets API for IPv6 (RFC 2292 and IETF updates) o The $QIO interface extends the OpenVMS system services for socket communications, providing access to TCP, UDP, and IP for applica- tions written in supported programming languages. o The SRI $QIO interface translates older, incompatible SRI $QIO in- terfaces into $QIO interfaces. o ONC RPC provides an industry-standard, portable API for program- mers who do not have an in-depth knowledge of networking protocols. This is an efficient alternative to application development using sockets. o Extensible Simple Network Management Protocol (eSNMP) provides rou- tines for building SNMP subagents. PATHWORKS, Advanced Server, and DECnet over TCP/IP The TCP/IP Services for OpenVMS product includes the PATHWORKS IP (PWIP) driver and the PWIP ancillary control process (PWIP_ACP) for improved Advanced Server and TCP/IP integration. The PWIP driver allows communication between OpenVMS systems running either Advanced Server for OpenVMS or PATHWORKS, and TCP/IP Services software, as well as personal computers running PATHWORKS 32 client 14 software. It also enables the DECnet-over-TCP/IP feature, which is in- cluded with the DECnet-Plus for OpenVMS software. (For more informa- tion, see the DECnet-Plus for OpenVMS documentation.) INSTALLATION AND CONFIGURATION System managers install the TCP/IP Services for OpenVMS product us- ing the POLYCENTER Software Installation utility. A menu-driven con- figuration procedure makes it easy to enable either all components and services or only those needed. HARDWARE REQUIREMENTS Supported Processors The TCP/IP Services for OpenVMS product supports central processing units (CPUs) running OpenVMS. TCP/IP Services for OpenVMS Version 5.7 is supported on Integrity servers and Alpha servers that are listed in the OpenVMS Version 8.4 SPD (SPD 82.35.xx) and in the OpenVMS Version 8.4 SPD (SPD 82.35.xx). (For VAX systems, use Version 5.3 of the TCP/IP Services for OpenVMS product.) For a complete list of hardware products, see the Software Product De- scription (SPD) for the specific OpenVMS operating system release. Required Network Controllers The TCP/IP Services for OpenVMS software supports all network devices listed in the OpenVMS Operating System SPD. The TCP/IP Services for OpenVMS software can share an Ethernet inter- face with other HP networking products such as DECnet-Plus for OpenVMS. Memory Requirements The minimum amount of memory required for the TCP/IP Services for OpenVMS product is the same as the requirement for OpenVMS Version 8.2 and Ver- sion 8.2-1. Refer to SPD 82.35.01. 15 Disk Space Requirements The approximate amount of space required on the system disk to sup- port the TCP/IP for OpenVMS software under the client or server li- cense is 150,000 blocks. Actual sizes may vary depending on the sys- tem environment, configuration, and software options. CLUSTER SUPPORT The TCP/IP Services for OpenVMS product is fully supported when in- stalled on any valid and licensed OpenVMS Cluster configuration. SOFTWARE REQUIREMENTS To qualify for a software support contract, the TCP/IP Services for OpenVMS Version 5.7 product requires one of the following OpenVMS op- erating system versions: o OpenVMS Integrity servers Version 8.4 o OpenVMS Integrity servers Version 8.3 o OpenVMS Integrity servers Version 8.2-1 o OpenVMS Alpha Version 8.4 o OpenVMS Alpha Version 8.3 o OpenVMS Alpha Version 8.2-1 o OpenVMS Alpha Version 8.2 Client access requires a system that supports the protocols specified by NFS Version 2 or Version 3, and all TCP/IP application protocols defined by the TCP/IP Request for Comments (RFCs). For Systems Running XDMCP: DECwindows Motif for OpenVMS, Version 1.2- 5 (or later) 16 DISTRIBUTION MEDIA Media and documentation for the TCP/IP Services for OpenVMS product are available on the CD-ROM Software Library for OpenVMS. o To order the DVD for OpenVMS Integrity servers, use order number BA322AA (HP OpenVMS Integrity servers Base Operating Environment (BOE)). The TCP/IP Services for OpenVMS product is included in the BOE. o To order the CD-ROM Software Library for OpenVMS for Alpha systems, use order number QA-03XAA-H8. ORDERING INFORMATION TCP/IP Services for OpenVMS Integrity servers With OpenVMS Integrity servers Version 8.2-1 and higher, the operat- ing system software, layered product software (including TCP/IP Ser- vices), and documentation are delivered together in one media kit. One license is required for each active processor. For license options and order numbers, refer to SPD 82.35.xx. For additional information about HP Operating Environments for OpenVMS Industry Standard 64 for Integrity Servers, see SPD 82.34.xx. TCP/IP Services for OpenVMS Alpha Server Software Licenses: QL-0LXA*-** Software Product Services: QT-0LXA*-** TCP/IP Services for OpenVMS Alpha Client Software Licenses: QL-0M2A*-** Software Product Services: QT-0M2A*-** TCP/IP Services for OpenVMS Alpha Client Upgrade Software License: QL-0PHA*-** Software Product Services: QT-0PHA*-** 17 The asterisk (*) denotes variant fields. For additional information about available licenses, services, and media, refer to the appropri- ate price book. This ordering information was valid at the time of re- lease. Contact your HP representative for current ordering informa- tion. SOFTWARE LICENSING This software is furnished under license only. For more information about HP licensing terms and policies, contact your HP representative. License Management Facility Support The HP TCP/IP Services for OpenVMS product supports the OpenVMS Li- cense Management Facility (LMF). For information about the License Management Facility, see SPD 82.35.01, or consult the OpenVMS documentation. SOFTWARE WARRANTY This software is provided by HP with a 90-day conformance warranty in accordance with the HP warranty terms applicable to the license pur- chase. SOFTWARE PRODUCT SERVICES A variety of service options are available from HP. For detailed in- formation about the service options, contact your local HP office. The product information in this SPD was valid at time of release. For current product information, contact your local HP office. © 2010 Hewlett-Packard Development Company, L.P. 18 Confidential computer software. Valid license from HP required for pos- session, use or copying. Consistent with FAR 12.211 and 12.212, Com- mercial Computer Software, Computer Software Documentation, and Tech- nical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional war- ranty. HP shall not be liable for technical or editorial errors or omis- sions contained herein. Microsoft and Windows are U.S. registered trademarks of Microsoft Cor- poration. UNIX is a registered trademark of The Open Group. 19 20