|
SCO OpenServer Release 6 Technical White Paper - Part 5
< Previous | Next >
Directory Services
OpenServer Release 6 supports the Lightweight Directory Access Protocol (LDAP), a means for applications to access directory services. LDAP is a directory service protocol defined in RFC 1777, and runs over TCP/IP. Directory entries represent objects such as people, printers, or documents, and are arranged in a hierarchical (tree-like) structure that can span geographic and/or organizational boundaries. All SCO OpenServer Release 6 Editions include a basic LDAP directory server with support for replicated and distributed directory services.
Applications can query an LDAP directory server using this protocol, however there are ways to have the LDAP server act as a gateway to other directory servers such as NDS. One of the applications that use these capabilities is the mail and messaging system. With the Mozilla mail client, which is LDAP enabled, users can locate email addresses of people within the organization using the LDAP server.
LDAP makes it easy to access the X.500 directory, but still requires a full X.500 service to make data available to the many LDAP clients being developed.
SCO OpenServer Release 6 administrators can use the SCO embedded mail server included with all Editions. The mail and messaging subsystem included with SCO OpenServer Release 6 represents a vast improvement over previous versions, with significant enhancements in both Mail Transfer Agent (MTA) and Mail User Agent (MUA) technologies.
SCO continues to support both the Multi-channel Memorandum Distribution Facility (MMDF) and sendmail MTAs. Although MMDF is the default agent, Sendmail can be selected during ISL or post-installation.
Sendmail 8 (version 8.13.3) is the alternative MTA for SCO OpenServer. It handles the transport of messages to and from your system and supports local, networked (SMTP), and dial-out (UUCP) mail delivery. The server also supports multi-homing, which means that it can function as a mail gateway to other servers on the network. Multi-homing enables you to set up multiple virtual domains on your system, so that (for example) you can host several companies or departments (and their associated email addresses) on a single mail server.
A key feature of SCO OpenServer Release 6 is scalable message store. This message store, used by both sendmail and mail user agents, results in higher overall performance of the mail system and enables a single server to support a far greater number of mail clients. Other improvements include support for RFC1123 v8, support for extended SMTP as defined in RFC 1651, RFC 1653, and some support for RFC 1652. The message store also adds performance and scalability to the POP and IMAP servers.
Users have a wide range of character, graphical, and browser-based MUAs, all with the ability to send and receive “rich” data via support for MIME attachments. Mozilla Mail™ and KDE Kmail are supplied as the standard mail agents and readers, along with the command line mail/mailx utilities.
The leading mail access protocols, IMAP4 and POP3, are supported for client connectivity. This enables remote and mobile users to easily read mail from Windows laptops and remote desktops.
System administration facilities are based on SCOadmin, an object-oriented framework written in SCO Visual Tcl Ô. SCO Visual Tcl can be rendered on a character-based display or graphically on an X Windows display, allowing the system to be easily administered from character-based or graphical clients.
SCOadmin includes over 30 graphical managers to easily configure and manage various subsystems as well as system resources and services. For example, using the Filesystem Manager, an administrator can add a new filesystem, establish it as a shared resource and view the mount status via an easy-to-use interface.
The Enhanced Event Logging System (EELS) provides an infrastructure to centralize the logging, management, and reporting of standard UNIX logging systems such as syslog and the auditing subsystem. The system conforms to the Open Group XDAS specification (X/Open Distributed Specification) and offers unparalleled logging and log management services. The infrastructure provides:
- A rich set of APIs for logging both kernel and user-level events
- Database query tools for powerful report generation capability
- Fine-grained control of what events should be logged
- An alert mechanism that enables rapid action to be taken when a specific event occurs
EELS provides this centralized mechanism by intercepting logging information from multiple sources and storing it in one or more databases. EELS analysis tools can then query these databases. In addition, the scripting and alarm generation facilities allow a high degree of control over what action should be taken when particular events occur. For instance, if a user fails more than once to telnet into a system, a script could send e-mail to an administrator or even alert them via pager or phone. Alternatively, an SNMP trap could be sent to a management station.
SCO OpenServer Release 6 also provides the real-time performance monitor (rtpm), an interactive and screen-based utility that provides real-time display of performance metrics. You can also log system activity for capacity planning or performance analysis. This data can be accessed on a special request basis using the sar command, or saved automatically on a routine basis using the sadc tool. SCO OpenServer Release 6 also supports kernel profiling, a mechanism that allows you to determine where the operating system is spending its time during operation.
Source-level instrumentation for runtime events, including DEBUG assertions, memory leaks, memory corruption, lock hierarchy checking and lock statistics is also available. This enables a system administrator to obtain more diagnostic information on what is happening in the kernel while troubleshooting software problems. The crash command includes a batch mode for generating dump summaries, selective dumping, generic storage dumping, and support for large physical memory. The dump command can dump memory selectively for kernel mapped pages and to multiple devices if required. (This is especially useful in large-scale systems with large RAM configurations.)
SCO OpenServer Release 6 includes extremely robust security services for all aspects of the operating environment. It is designed to be C2-certifiable and includes certain B2 extensions (principally, the addition of administrative roles) to meet the most demanding government and enterprise system security requirements.
Setting up security is as easy as choosing among several profiles. A security profile is a set of pre-configured values for parameters that control the security behavior of your system, such as how long passwords are valid, or what privileges are assigned to users. Administrators can select profiles using the SCOadmin Security Profile Manager. Pre-configured levels include:
- High: for systems containing confidential information and accessed by many users
- Improved: systems accessed by groups of users who can share information
- Traditional: compatible with other UNIX systems
- Low: recommended only for systems that are not publicly accessible and those with a small number of users
- The administrator can also alter individual security parameters.
SCO OpenServer Release 6 provides a secure operating environment by means of these key features:
- Identification and authentication
- Least privilege/trusted facility administration
- Network access controls
- Auditing
- Secureware Trusted Computing Base (TCB)
The Secureware tools maintain a database of users and the commands they are allowed to execute. This eliminates the need to place fixed privileges on a command and allows privileges to be assigned on a per-user basis. A trusted system can define administrative roles for selected system administrators. A different administrator may fill each role. This division of administrative duties into separate roles reduces the chances for misuse of administrative privileges.
For added remote access security, the system contains IP packet filtering functionality. IP packet filtering is supported over PPP for remote connectivity and MDI/DDI drivers for LANs. Configuring a packet filter on Internet gateway(s) to control the types of packets in and out of a site's networks significantly increases protection against unauthorized access. The packet-filtering framework is the foundation for more comprehensive and specific security services like firewalls and E-Commerce packages. Account management commands conform to POSIX 1387.3.
SCO OpenServer Release 6 features a new version of ipfilter, which includes such enhancements as fine-grained file locking (improves firewall performance) and support for IP address translation for non session-tracking TCP or UDP rules (provides network address translation NAT and redirection capability).
Additional security features are provided using open source secure shell (OpenSSH 3.7.1) utilities and the Secure Sockets Layer (SSL 0.9.7) protocol built into the Mozilla browser and the Apache Web Server. These features protect Internet communications with:
- Server authentication
- Privacy using encryption
- Data integrity
With SCO OpenServer Release 6, SCO has implemented the most comprehensive set of open system standards with the latest Internet, Java, messaging, and directory standards. Supported binary standards include:
- UNIX 95, XPG4
- SV ABI, iABI, iABI+
- iBCS2
- COFF
- ELF
- ICCCM
- SCO DDI
Other source standards include:
- POSIX.1, POSIX.2
- ISO 9945-1:1990
- IEEE Std 1003.1:1990
- ISO 9945-2:1992
- SVID3
- FIPS 151-2
- ISO/IEC 9899:1990
- XBSS
- NCSC C2
Supported Networking standards include:
- TCPIPv6 APIs
- SMTP
- ISDN support
- DHCP Server
- LDAP
- IMAP4
- POP3
- MIME
- HTTP 1.1
- SNMP v1
- IPSec
In addition to standards support, SCO OpenServer Release 6 provides binary compatibility with the following:
- SCO UnixWare Release 2.1 binaries
- SCO OpenServer Release 5 binaries
- SCO XENIX 386 and SCO UNIX binaries
- UnixWare 7 binaries
- pkgadd and custom formats
SCO OpenServer is internationalized for 8-bit languages in the majority of the software components. It also provides French and German message catalogs and resource files for these components, as well French and German documentation for the runtime system.
The graphical custom installer allows installation of system software, patches and applications in an interactive mode. The system also allows you to spool packages for installation at a later date. Packages and sets can be installed from CD-ROM, cartridge tape, disk, or over a network. SCO OpenServer Release 6 also supports the standard UNIX system installation utility, pkgadd. Widely used in SVR4-based UNIX systems (including Solaris®), pkgadd enables both interactive and non-interactive installation modes. The system also provides utilities to install software designed for other UNIX systems that require the use of tools such as cpio and tar.
Network installation is particularly useful if you must install the same packages on many machines or if your network includes multiple sites. Network installation removes the need to transport media from site to site. The PXEBOOT facility allows the entire SCO OpenServer Release 6 system to be installed over the network without using boot media.
While SCO OpenServer Release 6 provides the ability to install from the network, it does not include the boot images necessary for a network install of the operating system. The boot images will be provided for download shortly after SCO OpenServer Release 6 is released. Please see the following URL for more information:
An install server allows you to `”stage'” software so that other systems in your network can use it to perform a network installation of the operating system or of specific packages. An install server is an SCO OpenServer Release 6 server that has been configured to provide software products and packages to other systems on the network. Once an install server has been configured, subsequent software installation on additional machines can be performed over the network.
SCO OpenServer Release 6 allows you to boot directly from CD-ROM. Bootable CD-ROM support uses the `”El Torito'” extension of the ISO 9660 standard and identifies a boot file on the CD-ROM to load the file and boot the system.
SCO has created an Upgrade Guide to help organizations migrate their systems from previous SCO OpenServer releases. The guide is available for download at:
http://www.sco.com/support/docs/openserver
Topics include:
- Restoring backups from SCO OpenServer Release 5 to SCO OpenServer Release 6
- Migrating accounts with the ap (account profile) command
- Preserving network settings and how to upgrade them to SCO OpenServer Release 6
- A summary of subsystem and command differences
< Previous | Next >
|
