MultiNet Product Information
|
|
|
|
 |
SECURITY SERVICES
ADVANCED SECURITY
MultiNet provides several layers of security to protect against unauthorised network access and intruders
from the Internet.
SECURE COPY PROTOCOL (SCP):
MultiNet 4.4 increases security with SCP support. SCP allows SSH users to perform secure file transfers across an insecure network. SCP utilises the SSH server and client as a basis for accomplishing this advanced level of security.
SCP performs similar functions to SFTP (Secure FTP) such as copying files in both directions, and optionally deleting files after they are copied.
SECURE SHELL V1, V2 (SSH):
SSH is a protocol that provides strong authentication and secure, encrypted communications over insecure channels. This transport layer protocol provides server authentication, confidentiality, and integrity with perfect forward secrecy.
MultiNet v4.4 offers SSH v1 and v2 servers and clients and the ability for users to simultaneously use both protocols. The new SSH v2 uses the more secure host-based authentication exchange called Diffie Helmann. Diffie Helmann provides additional
security by eliminating the need for exchanging private keys over the wire. It also allows users the advantage of continually authenticating throughout the entire session. Security and flexibility are achieved through multiple levels of user authentication and strong encryption algorithms, including IDEA, DES, 3DES, ARCFOUR, Blowfish, Twofish, and CAST 128.
INCOMING/OUTGOING ACCESS RESTRICTIONS:
MultiNet’s access restrictions provides an
additional method of security to the network. MultiNet’s outgoing access restrictions provide systems administrators with additional security by controlling those applications local users can or cannot access (such as restricting Web surfing or access to services like FTP or TELNET). MultiNet also imposes incoming restrictions on the remote hosts’ access to local services.
TOKEN AUTHENTICATION:
MultiNet’s token authentication provides a cost-effective, flexible security
solution for protecting a user’s OpenVMS systems from the Internet, and is
the only OpenVMS solution that supports a variety of tokens.
PACKET FILTERING AND ADDITIONAL SECURITY LAYERS:
MultiNet’s packet filtering capability complements existing firewall security by providing an additional security layer on internal networks. It can prevent your site from receiving datagrams from certain networks or hosts. Datagrams can be filtered by protocol (IP, ICMP, UDP, or TCP), source and destination address, or source and destination port.
Back to top
ROBUST IP STACK
PAIRED NETWORK INTERFACE:
Paired Network Interface support increases performance and reliability. It allows two or more network interface cards (NIC) with their own unique IP addresses in a VAX or Alpha system to be connected to the same virtual cable in order to optimise throughput and create NIC redundancy. Any number of OpenVMS supported NIC types can be used including Ethernet, Token Ring, Fast Ethernet, FDDI, and ATM.
MultiNet’s Paired Network Interface support provides network reliability without adding additional systems and increased throughput.
Paired Network Interface support provides network failover, creating network redundancy without adding a second Alpha or VAX system. If one NIC fails in an Alpha or VAX, information will be transmitted from the second NIC. Additionally, multiple NICs can be used to increase throughput if a data communications bottleneck is suspected from the server. Areas where Paired Network Interface will improve connectivity include e-commerce applications where there are frequent database transactions, multimedia applications
where there is high bandwidth consumption, and any applications where a single server connection is causing delays for clients.
OPENVMS V7.3 SUPPORT:
MultiNet v4.4 supports OpenVMS v5.5-2 and after, including v7.3. MultiNet 4.4 offers users the unique ability to implement new features, without having to go to the expense or time to upgrade to the latest OpenVMS release. TCP/IP Services for OpenVMS does not support new functionalityunless users are running the latest major OpenVMS release. Users are forced to upgrade to version 7 in order to support new TCP/IP Services for OpenVMS functionality.
DHCP CLIENT:
DHCP client allows you to remotely centralise administration of your VAX or Alpha. A DHCP client is needed in order to receive IP addresses from the DHCP server. The DHCP client saves you time by enabling you to retrieve changes to the DHCP server automatically, versus having to assign IP addresses and DNS servers manually. Some networking parameters that update the DHCP client automatically include:
- IP address of system
- IP address of name server
- IP address routing information
- Host name
- Domain name
TRANSACTION HASH TABLE:
MultiNet includes a hash table that can more than double throughput performance. This hash table creates many smaller look-up tables and uses mathematics to calculate the lookup process. For example, tests have indicated that a table with 14,077 entries requires the system to look up only 28 connection entries.
Back to top
SERVERS
DHCP SERVER:
MultiNet v4.4 includes a DHCP server based on the Internet Software Consortium’s (ISC) v3. DHCP v3 allows more granular control of the DHCP server with client classing and conditional behavior. With client classing, clients can be assigned to classes based on information sent in packets, such as MAC address, the client name, etc. Then address assignments can be made based on the client’s class. For example, a remote user may be assigned a shorter lease time of 2 hours versus a local user with an 8 hour lease time.
This high-performance server also offers Dynamic DNS (DDNS) support and a powerful configuration file format.
DHCP SAFE-FAILOVER:
MultiNet’s DHCP server includes Safe-failover support, a protocol co-authored by Process Software and Cisco Systems. DHCP Safe-failover provides uninterrupted IP services to clients during network or server failures so that they can reliably obtain IP addresses to connect to corporate resources. It increases significantly the reliability and availability of DHCP services.
DNS SERVER WITH DYNAMIC DNS:
MultiNet’s DNS server is based on BIND v8.2.4. This version includes DNSSEC and incremental zone transfer. DNSSEC (RFC 2065) provides security when updates are made to the DNS server via zone transfer or DDNS. DNSSEC ensures that the information is coming from a legitimate source by using authentication.
Incremental zone transfer (RFC 1995) or IXFR improves the performance of a DNS environment. Until BIND v8.2.4, an entire zone was transferred when changes were made to a single zone record. With incremental zone transfer, the name server (or DNS server) only transfers the changes in a zone, e.g., add or delete a record. Reducing the size and length of zone transfers is important where there are large zones (e.g., .com) or dynamic environments (e.g., DDNS) for DNS server efficiency.
This version of DNS also supports Dynamic DNS (DDNS) updates (RFC 2136), DNS notify support (RFC 1996), and enhanced control. Dynamic DNS updates allow applications (such as DHCP) to modify resource records dynamically. This feature simplifies systems administration management, and saves time because the DNS server maintains an up-to-date record of the address space.
MultiNet’s DNS notify support feature means that when zone changes occur on the primary server, it notifies the secondary servers, which can initiate immediately a zone transfer rather than having to wait for the polling interval to expire. Thus, zone changes propagate much faster through the servers.
MultiNet’s support for BIND provides granular control of which servers are allowed to do zone transfers, DDNS updates, queries, etc. Control is available on a zone by zone basis, not just on the entire server.
Back to top
FLEXIBLE AND ROBUST PRINTING OPTIONS
INTERNET PRINTING PROTOCOL (IPP):
IPP is an open standard protocol developed by the Printer Working Group (under IETF) for printing over the Internet. IPP provides enhancements over the existing commonly used LPD protocol including the ability for a user to print to a remote printer using the same methods and operations as if the printer was located locally.
Systems administrators using print protocols such as the LPD print protocol have had to spend a significant amount of time administering printing tasks with limited troubleshooting capabilities. For example, a systems administrator receives no information on why a print job fails. The MultiNet IPP print symbiont provides a reason for a print job failure. This saves time in troubleshooting printing problems.
The MultiNet IPP print symbiont provides standard commands for advanced printer functionality (e.g. double-sided printing) regardless of what printer is being used. No special programming or training is required by a systems administrator. In addition, when using the MultiNet IPP print symbiont, a user will not need to inquire about the functionality of a particular printer with a systems administrator because this
information is provided automatically.
LINE PRINTER DAEMON (LPD):
LPD print services are supported allowing LPR clients that are on a TCP/IP network to access print queues on Alpha or VAX systems.
LINE PRINTING (LPR):
LPR is a MultiNet feature allowing users to print to an LPD printer server residing on a TCP/IP network.
MultiNet supports a range of terminal types, including X terminals. In addition, access to IBM environments is made simpler with support for TN3270 and TN5250.
Back to top
MANAGEMENT SERVICES
STATISTICS AND ACCOUNTING REPORTS:
New to MultiNet is the ability to generate statistical and accounting reports on SMTP and FTP usage to assist with capacity planning, billing, and troubleshooting. FTP accounting and statistics are based on the Network Monitoring MIB (RFC 2788). Information that is collected on the FTP server includes: user names logged into the server, client and server session start and end time, amount of data sent and received, total number of files sent and received, number of active connections, and other operational statistics.
SMTP accounting and statistics is based on the Mail Monitoring MIB (RFC 2789). It records a log of each message sent and received. This includes the record’s message date, time, size, From: and To: strings. It also provides a count of detected loops.
Throughput statistics assists systems administrators with trouble-shooting by providing information on system performance. Information is available on the rate data was transmitted and received in bytes and packets per second.
EASE OF MANAGEMENT:
MultiNet also simplifies network management and configuration by offering a single management utility. It provides options for installation
as a standalone system or on a cluster-wide basis.
AGENT X:
MultiNet supports RFC 2257. Agent X allows the MIB subagents delivered with Compaq’s Insight Manager to manage OpenVMS using MultiNet. Host Resource MIB and other MIBs that ship with Compaq software can also be used.
SNMP SUBAGENT:
The SNMP Subagent provides users with the ability to write their own custom MIBS.
Back to top
E-MAIL SERVICES
IMAP4 SERVER: IMAP4 provides an alternative method of accessing messages from a mail server. IMAP4 lets a client mail program access messages stored on an OpenVMS server as if these messages were local. IMAP4 retains the message on the server, either in the in-box or in a folder that the user creates.
The advantage of retaining e-mail messages centrally (using IMAP4) is that if employees work from multiple locations using multiple computer systems (e.g., home or branch office), they have access to all their e-mail messages regardless of their location and systems used.
Back to top
COMPLETE INTRANET AND INTERNET FILE, PRINT, AND TERMINAL SERVICES
MultiNet includes a wide choice of file services to access, transfer, and print networked data. Network File System (NFS) client and server provides transparent and quick access to remote files and directories. The NFS server provides access to the OpenVMS file system from the NFS client. The NFS client allows OpenVMS users and applications access to any system running an NFS server, including UNIX systems. Additionally, MultiNet provides File Transfer Protocol (FTP) client and server functionality for transferring files.
Back to top
SEAMLESS EXECUTION OF DECnet APPLICATIONS OVER TCP/IP WITHOUT
MODIFICATION
Moving your OpenVMS systems from DECnet to TCP/IP is seamless with MultiNet. The DECnet
Application Programming Interface (API) for TCP executes applications designed to run over DECnet transparently across TCP/IP. Because no DECnet protocols are involved, there is no need to run DECnet.
No user retraining or applications recoding is necessary. Systems administrators can perform a rolling conversion from DECnet to TCP/IP at their own pace while users continue to work uninterrupted.
Back to top
PREREQUISITE SOFTWARE
MultiNet requires OpenVMS AXP v6.2 or VAX/VMS v5.5-2 or later. Message Router v3.1 or later is required for Simple Mail Transfer Protocol (SMTP) to ALL-IN-1 gateway capability.
Back to top
MEDIA
MultiNet is distributed on CD-ROM. It is also available on 1600 BPI magnetic tape or TK50 cartridge.
|
|
|
|
© Copyright 2002 - 2008 Scientific Software and Systems Limited
|
