Software Product Description PRODUCT NAME: Distributed Computing Environment (DCE) SPD 43.06.06 for DIGITAL UNIX Version 3.0 DESCRIPTION The Distributed Computing Environment (DCE) for DIGITAL UNIX [TM] provides an interoperable set of the distributed computing functionality specified for The Open Group's (TOG) Distributed Computing Environment, as well as tools for application developers. With DCE, TOG has established a standard set of services and interfaces that facilitate the creation, use, and maintenance of client/server applications. DIGITAL DCE serves as the basis for an open computing environment where networks of multivendor systems appear as a single system to the user. Since DCE makes the underlying networks and operating systems transparent, application developers can easily build portable, interoperable applications. Users can locate and share information safely and easily across the entire enterprise. DIGITAL DCE supplies system managers with a set of tools to administer the entire distributed computing environment in a consistent fashion, while also ensuring the integrity of the enterprise. DCE V3.0 for DIGITAL UNIX supports the TOG DCE R1.2.2 base code. The functionality provided in the Distributed Computing Environment product for DIGITAL UNIX includes: * DCE Remote Procedure Call (RPC) that creates and runs client/server applications. * DCE Cell Directory Service (CDS) that provides location-independent naming for resources * DCE Distributed Time Service (DTS) that synchronizes time in a distributed network environment. * DCE Security Service that provides secure communications and access through authorization and authentication services. * DCE Distributed File Service (DFS) that provides authenticated access to files in a distributed environment. * DCE Interface Definition Language (IDL), a C-like language that provides object oriented client/server bindings for DCE. * DCE Control Program (dcecp), a single common control program that provides the ability to manage and control DCE components. * Lightweight Directory Access Protocol (LDAP) that provides access to the X.500 directory service without incurring the overhead of the full Directory Access Protocol (DAP). LDAP is an optional directory service independent of CDS. * Support for MIT Kerberos 5, enabling authentication and key distribution as provided by TOG DCE R1.2.2. * Private Key Storage Server (PKSS) component that is used to store private keys for user authorization as provided by TOG DCE R1.2.2 * DIGITAL UNIX TruCluster Support, making DCE for DIGITAL UNIX V3.0 more highly available by configuring its core services on a DIGITAL TruCluster Available Server Environment (ASE). In addition, the DCE Threads Service, providing user-context multiprocessing functionality, is supported by a DECthreads[TM] package that is included in the DIGITAL UNIX operating system. The DIGITAL DECthreads package supports POSIX threads Draft 4, as well as the final standard (Draft 10). DIGITAL UNIX supports POSIX ACLs on any file system supported by the operating system, in particular UFS and AdvFS. These ACLs can provide access control even if the file is accessed remotely through DFS, provided that a consistent mapping of DCE principals to local UNIX users is adopted by the system administrator of the DCE cell. As a corollary, only accesses from the local cell can be controlled this way. Restrictions: These ACLs cannot be manipulated by the remote ACL management tools that DCE provides (acl_edit or dcecp). Further, ACLs cannot be manipulated with the UNIX setacl or getacl command on files using the DFS pathnames. The DCE product set for DIGITAL UNIX consists of four layered products, each licensed separately, to provide customers with maximum flexibility for configuring the environment, known as a DCE cell. The products are: * DIGITAL DCE Runtime Services, which is required for all DIGITAL systems participating in the DCE cell. The DCE Runtime Services kit includes DCE administration tools as well as DCE client functions and optional DCE DFS client and server functions. * DIGITAL DCE Application Developer's Kit, which is required for developers of distributed applications, but optional for other users. The DIGITAL DCE Application Developer's Kit provides programmers with an Interface Definition Language (IDL). IDL is an easy-to-use, high-level descriptive language closely resembling the declaration syntax and semantics of ANSI C. The compiler generates stubs that use the C language calling convention. IDL allows DCE programmers to develop interface definitions for client and servers. In order to call remote procedures correctly, an interface definition must exist that declares the set of remote procedure (operations) the server interface offers to clients. This kit also provides the DCE application programming interfaces. The Generic Security Service Application Programming Interface (GSSAPI) is also supported in this kit. GSSAPI lets you extend DCE security to distributed applications that handle network communications by themselves. DIGITAL DCE V3.0 for DIGITAL UNIX, implements the latest IDL implementation, conformant to TOG DCE Release R1.2.2. * DIGITAL DCE Cell Directory (CDS) Server, one of which is required for each DCE cell. The DCE CDS Server is a central repository containing information about the location of resources in the DCE cell. It allows access to resources by a single name, regardless of physical location. * DIGITAL DCE Security Server, one of which is required for each DCE cell. The DCE Security Server protects resources from illegal access and provides secure communications within and between DCE cells. The DIGITAL Distributed Computing Environment V3.0 product-set is an implementation of TOG DCE R1.2.2 for the DCE core services (RPC, Security, CDS, and Time). Using TOG DCE R1.2.2 as a base, DCE V3.0 for DIGITAL UNIX implements such features as: * Distributed File System - Client and server software that presents the DCE with a global view of a set of files and directories (file system), independent of machine boundaries. Included with the DFS runtime software are user-level commands and utilities to help end-users and cell administrator to set up, run, use, monitor, and manage DFS. * Cell Directory Service - Implementation of multi-cell aliasing and hierarchical cells. * Delegation - The ability to pass security authentication through intermediary servers. * The DCE Control Program - The DCE Control Program (dcecp) is a single user interface to all DCE components that is extensible through the TCL utility. * Distributed Computing Environment core services support DIGITAL UNIX V4.0's symmetrical multiprocessing "SMP" capability. * Support of public-key security model. * TOG R1.2.2 offers support for Version 5.0 of the Massachusetts Institute of Technology (MIT) Kerberos authentication and key distribution service. * Performance improvements for servicing large cells. * Availability of global groups. Additional DIGITAL enhancements include simplified installation and configuration, an integrated login with that of DIGITAL UNIX, and IDL support of C, C++, and FORTRAN, as well as IDL development templates to minimize the effort to develop client/server interface definitions. DIGITAL DCE V3.0 is an update to DCE V2.1, which was certified by the Open Software Foundation [TM] to meet all conformance criteria. It interoperates with DCE implementations of other major vendors. In addition, for backwards compatibility, DIGITAL DCE V3.0 has limited interoperability within a single cell, with DIGITAL DCE V1.3, V2.0A & V2.1. YEAR 2000 COMPLIANCE DIGITAL DCE V3.0 bas been updated to ensure that the product meets requirements for Year 2000 compliance. PRODUCT OPTIONS The DIGITAL Distributed Computing Environment functionality is provided in four separately orderable products, designed to provide maximum flexibility in configuring the software to meet the needs of the user's client/server environment. 1. DIGITAL DCE Runtime Services Kit This is a fully integrated set of services that provides applications with the essential capabilities required to use distributed services. The DCE Runtime Services license is included free with the base DIGITAL UNIX operating system. The DIGITAL DCE Runtime Services kit makes the following DCE features available to distributed applications: * Remote Procedure Call Runtime API and Library that includes: * Access to DECthreads. * Use of the DCE Cell Directory Service for locating servers. * Use of DCE Security Service for authentication and data integrity. * RPC event logging monitor to assist in debugging client/server applications. * Distributed Time Service (both client and server), featuring the capability to provide time services to both DECnet/OSI and DCE cells. * Administrative tools to manage the DCE core services. * DCE configuration program (dcesetup) to allow you to configure your DCE environment. * PC name server proxy agent for communication with Microsoft[R] RPC. A group of DCE systems that work together and are administered as a unit is called a cell. Each DIGITAL UNIX system within a DCE cell must run the DIGITAL DCE Runtime Services kit. DCE RPC supports the client/server distribution model that characterizes many applications. The DIGITAL DCE Runtime Services kit provides such client/server applications the ability to interoperate over DECnet/OSI [TM], TCP/IP, and UDP/IP network protocols on the DIGITAL UNIX operating system. Distributed File Service (DFS) The Distributed File Service (both client and server) features full support for the 64-bit DCE DFS architecture. The DCE DFS uses the DCE security, name, remote procedure call, and time services to provide access to file system services over a network. The DCE DFS provides a unified, globally distributed file system with all DCE DFS files accessible from any DCE DFS client. Every user in a DCE cell accesses a given DCE DFS file by the same file name, regardless of which DFS server is storing the file; inter-cell accesses are also supported through the DCE services. The DCE DFS offers advanced data caching to minimize the adverse performance impact of network operations and token management to allow concurrent accesses to file data. The operation and management of DCE DFS are built upon the DCE RPC. DCE naming services allow clients to access files without knowing which server stores the data, and the use of DCE security services protects file data against unauthorized use and provides for the authentication of access requests. The DCE Runtime Services includes the basic DCE DFS client and server software. 2. DIGITAL DCE Application Developer's Kit The DIGITAL DCE Application Developer's Kit includes tools required for the development of distributed applications using remote procedure calls (RPC). It includes: * IDL RPC stub compiler * Time provider routines * Sample applications * All DCE application programming interfaces including GSSAPI support * IDL development templates * UUIDGEN, to allow the generation a 128-bit unique identifier (UUID) used to identify interface definitions The DIGITAL DCE Runtime Services kit is required on each DIGITAL UNIX system in the cell. Users must install the Runtime Services Kit before installing the DIGITAL DCE Application Developer's Kit. 3. DIGITAL DCE Cell Directory (CDS) Server The DIGITAL DCE Cell Directory Server provides a consistent mechanism for naming and locating users, applications, files, and systems within a DCE cell. The DIGITAL DCE CDS Server also includes the Global Directory Agent (GDA). The Global Directory Agent provides a means of linking multiple CDS namespaces via either X.500 or the Internet Domain[R] Name Server (BIND). The DIGITAL DCE Runtime Services kit is required on each system in the cell. Users must install the Runtime Services Kit before installing the DIGITAL DCE CDS Server. Similarly, the DCE CDS Server requires the installation of the DCE Security Server on a system in the same DCE cell. 4. DIGITAL DCE Security Server The DIGITAL DCE Security Server allows users controlled access to information in a distributed computing environment safely and confidentially. The DCE Security Server accomplishes this through the following services: * DCE Authentication Service allows users and resources to prove their identity to each other. The DCE Authentication Service is based on Kerberos [TM], which requires that all users and resources possess a secret key. * DCE Authorization Service verifies operations that users may perform on resources. A DCE Registry Service contains a list of valid users. An Access Control List (ACL) associated with each resource determines valid users, through the Registry Service, and the types of operations a user may perform. * DCE Data Integrity Service protects network data from tampering. Cryptographic checksums automatically generated by RPC enable DCE to determine whether data has been corrupted in transmission. * The addition of the RANDD random number generator, a performance enhancement to security that generates random numbers in advance of security operations that require the use of random numbers to encode client/server communications. The DIGITAL DCE Runtime Services kit is required on each system in the cell. Users must install the Runtime Services Kit before installing the DIGITAL DCE Security Server. Similarly, the DCE Security Server requires the installation of the DCE CDS Server on a system in the same DCE cell. CONFORMANCE TO STANDARDS The TOG DCE is based on several de facto and de jure standards, including: * POSIX 1003.4 Draft 4 POSIX Threads * POSIX 1003.6 Draft Access Control Lists * TOG DCE is compatible with the Network Time Protocol standards HARDWARE REQUIREMENTS Processors Supported DIGITAL DCE V3.0 for DIGITAL UNIX is supported on all hardware configurations that support DIGITAL UNIX V4.x. Reference can be made to the configuration charts listed in the DIGITAL UNIX Operating System Software Product Description (SPD 41.61.xx). Disk Space Requirements (Block Cluster Size = 1): Disk space required for installation: 120M bytes Disk space required for use (permanent): 38M bytes These counts refer to the disk space required on the system disk. The sizes are approximate; actual sizes may vary depending on the user's system environment, configuration, and software options. Additional space is required for the DCE DFS client cache; the minimum recommended size for the client cache is 10M bytes. SOFTWARE REQUIREMENTS DIGITAL UNIX Version 4.x OPTIONAL SOFTWARE DIGITAL C for DIGITAL UNIX (included in the DIGITAL UNIX operating system). DIGITAL Fortran GROWTH CONSIDERATIONS The minimum hardware/software requirements for any future version of this product may be different from the requirements for the current version. DISTRIBUTION MEDIA CD-ROM This product is available on the DIGITAL CD-ROM Software Library for DIGITAL UNIX. ORDERING INFORMATION DCE for DIGITAL UNIX software and documentation (online) are shipped as part of the DIGITAL UNIX Layered Products CD-ROM, order number QA-054AA-H8. DCE Runtime Services for DIGITAL UNIX: Software License: Included Free with DIGITAL UNIX 4.x Operating System Software Media: QA-054AA-H8 Software Product Services: QT-01MA*-** Full DIGITAL DCE Administration Documentation Software Kit: QA-01MAA-GZ DCE Application Developer's Kit for DIGITAL UNIX: Software License: QL-01NA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01NA*-** Full Application Developer's Kit Software Documentation Kit: QA-01NAA-GZ DCE CDS Server for DIGITAL UNIX: Software License: QL-01PA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01PA*-** DCE Security Server for DIGITAL UNIX: Software License: QL-01QA9-AA Software Media: QA-054AA-H8 Software Product Services: QT-01QA*-** * Denotes variant fields. For additional information on available licenses, services, and media, refer to the appropriate price book. Documentation The following online documents are included in HTML format: * DCE for DIGITAL UNIX Product Guide * DCE for DIGITAL UNIX Reference Guide * DCE for DIGITAL UNIX Installation and Configuration Guide * DCE for DIGITAL UNIX DFS Configuration Guide * Introduction to OSF DCE * OSF DCE Administration Guide, Introduction * OSF DCE Administration Guide, Core Components * Application Development - Introduction and Style Guide * Application Development Guide - Core Components Volume 1 * Application Development Guide - Core Components Volume 2 * Application Development Guide - Directory Services * Application Development Reference Volume 1 * Application Development Reference Volume 2 * Application Development Reference Volume 3 * OSF DCE Command Reference The DCE for DIGITAL UNIX documentation can be ordered in hardcopy from DIGITAL. For hardcopies of OSF documentation, contact The Open Group. SOFTWARE LICENSING This software is furnished only under a license. For more information about the DIGITAL licensing terms and policies, contact your local DIGITAL office. License Management Facility Support: This layered product supports the DIGITAL UNIX License Management Facility. License units for this product are allocated on an Unlimited System Use basis. For more information on the License Management Facility, refer to the DIGITAL UNIX Operating System Software Product Description (SPD 41.61.xx) or the DIGITAL UNIX Operating System documentation. SOFTWARE PRODUCT SERVICES A variety of service options are available from DIGITAL. For more information, contact your local DIGITAL office. SOFTWARE WARRANTY Warranty for this software product is provided by DIGITAL with the purchase of a license for the product as defined in the Software Warranty Addendum of this SPD. The above information is valid at time of release. Please contact your local DIGITAL office for the most up-to-date information. TRADEMARK INFORMATION (c) 1998 DIGITAL Equipment Corporation. All rights reserved. [R] Domain is a registered trademark of Apollo Computer, Inc., a subsidiary of Hewlett-Packard Company. [R] Hewlett-Packard is a registered trademark of Hewlett-Packard Company. [TM] Kerberos is a trademark of Massachusetts Institute of Technology. [R] Microsoft is a registered trademark of Microsoft Corporation. [R] Open Software Foundation is a trademark and OSF is a registered trademark of The Open Software Foundation, Inc. [TM] The Open Group is a trademark of Open Software Foundation, Inc. and X/Open Company Limited. [TM] The DIGITAL Logo, Alpha AXP, AXP, DEC, DECthreads, DIGITAL, DIGITAL UNIX, MicroVAX, VAX, VAXserver, and VAXstation are trademarks of DIGITAL Equipment Corporation. All other trademarks and registered trademarks are the property of their respective owners.