OS/2 Warp Server: An Architectural Primer
Reprint Courtesy of International Business Machines Corporation, © International Business Machines Corporation
If you are an existing LAN Server user or are considering moving to a local area network (LAN), IBM OS/2 Warp Server has many appealing features and benefits. This article reviews basic LAN architecture and then discusses unique features of OS/2 Warp Server.
OS/2 Warp Server is built to operate over local area networks, but before discussing this package in detail, let's review the concept and functions of LANs.
A LAN connects machines so that they can share information. Users of LAN-connected machines can collaborate, as well as share printers, files, and modems.
The simplest LAN is known as a peer-to-peer LAN or simply peer LAN (see Figure 1). In a peer-to-peer LAN, each machine can share its files and printers (and some peer LANs can also share modems) with other machines on the LAN. Peer LANs are the simplest to set up and are the least expensive for small LANs of fewer than 10 users.
Figure 1. Peer-to-Peer LAN
To make a workstation operate on a peer LAN, you must be running an operating system, such as IBM OS/2 Warp Connect, Microsoft Windows for Workgroups (WfWG), Windows 95, or NT Workstation, that supports peer-to-peer LAN operation. You can also add the peer capability to an existing DOS or Windows machine with software from Artisoft (LANtastic) or Novell (NetWare Lite).
- 1 Security Issues for Peer-to-Peer LANs
- 2 Why Use OS/2 Warp Server?
- 3 What is OS/2 Warp Server?
- 4 File and Print Services
- 5 Something New in LAN Server 5.0
- 6 New Support for Windows Protocols
- 7 NetWare Goodies
- 8 Getting Information on the Road
- 9 TCP/IP Plus . . .
- 10 Want to Sleep at Night?
- 11 State-of-the-Art Network Operating System
- 12 Acknowledgment
Security Issues for Peer-to-Peer LANs
Each machine in a peer LAN must implement some sort of security to control who can do what. There are two levels of security: share-level and user-level. Share-level security, the weakest security system, (illustrated in Figure 2) does not care who you are, as long as you have the right password to access a resource. Once you have provided the password(s), everything within a resource (a directory or printer) is available to you. (Note: Some systems require two passwords - one for read-only access and another for full access.) Share-level security is the only security available for stand-alone Windows for Workgroups and Windows 95 workstations.
Figure 2. Share-Level Security
User-level security (Figure 3) maintains a database of users and passwords, as well as extensive access control lists based upon users and user groups. User-level security is implemented in IBM OS/2 Warp Connect Peer Services as well as in NT Workstation (but only if NT File System [NTFS] is used). User-level security is the industry standard control system for industrial-strength LANs.
Figure 3. User-Level Security
The problem with a peer LAN is the distributed nature of access control. A user needs an account and/or a password for each machine to which he or she wants to connect. In some peer LANs, such as Microsoft's Windows for Workgroups, the account name is not important for resource (file/printer) usage - only a common valid password is needed for access. (There may be two passwords: one for read-only and another for full access.)
If you change a peer machine password, you must coordinate the change with all users. If a new user is added to a peer LAN, each machine must be administered to allow access for this user. An alternative solution is to use a minimal security system, such as share-level access, and freely give out passwords.
Why Use OS/2 Warp Server?
Instead of having each peer machine share its resources with the other machines in the LAN, OS/2 Warp Server enables you to centralize the LAN resources into a group of machines known as servers. The servers are grouped for administrative purposes into an entity known as a domain with one of the machines in the domain designated as the primary domain controller.
The purpose of the primary domain controller is to hold the master list of users, groups, and passwords for the LAN users in the entire domain. When a user wants to access any of the resources (e.g., servers) within the domain, he or she first logs on to the domain controller or to one of its backups, known as a backup domain controller. Once the domain controller verifies a user's ID and password, the user is given access to all of the servers in the domain, based upon the permissions you set up for that user. (Note: Any OS/2 workstation with the appropriate software can remotely administer the domain controller.) Figure 4 depicts the domain architecture within OS/2 Warp Server.
Figure 4. OS/2 Warp Server Domain Architecture
This architecture is scaleable - it enables the domain to add capabilities by adding more servers, as needed, to the domain. Practical experience with the OS/2 Warp Server architecture shows that a single administrator can handle hundreds, even thousands of users in a single domain using this architecture. Think about the confusion of handling this number of user accounts and passwords in a peer LAN!
What is OS/2 Warp Server?
OS/2 Warp Server is a family of integrated LAN software packages. It contains the OS/2 Warp operating system, LAN Server 5.0, plus a rich set of connectivity and powerful maintenance utilities. To address different user requirements, OS/2 Warp Server comes in two versions: OS/2 Warp Server (the entry version) and OS/2 Warp Server Advanced. There is also a bundle called OS/2 Warp Server First Step, which includes OS/2 Warp Server and 10 licensed client connections.
All versions of OS/2 Warp Server use the client licensing model called use-based features, where individual client connections are purchased from IBM.
OS/2 Warp Server Advanced includes all of the features of OS/2 Warp Server plus HPFS386 (an optimized Ring 0 file system with unlimited access control lists), fault tolerance (disk mirroring and duplexing), user disk limits, and Intel Pentium optimization. OS/2 Warp Server Advanced is designed to handle up to 1,000 concurrent users on a single, powerful server.
What makes this package different from previous versions of LAN Server is the seamless integration of its components. With a pair of kicker diskettes and a CD-ROM, you can install everything in one installation session. You can add, remove, or configure components through a single interface without the need for multiple diskettes, CDs, or different menus - no more searching through a box crammed with different diskettes, CDs, and ServicePaks. The OS/2 Warp Server package is also maintained as a single entity for easy application of ServicePaks when they are needed.
Specific OS/2 Warp Server features include:
- File and print share services (shares disks and printers)
- NetWare file and print gateway services (transparent access to NetWare resources)
- Remote access services (dial-up access to LAN and mainframe)
- Systems management services (IBM SystemView)
- Backup and recovery services (standard and disaster recovery)
- Advanced print services (PostScript printer translation)
- Complete TCP/IP services (for both client and server components)
- Dynamic host connectivity protocol (DHCP) support (automated TCP/IP configuration)
- Dynamic domain name services (DDNS) support (dynamic TCP/IP DNS support)
- Password coordination among different systems
- Artificial intelligence problem resolution database
- All the features of the OS/2 Warp 32-bit operating system
- Unlimited number of access controls (provided when using OS/2 Warp Server Advanced and the optional Distributed Security System [DSS])
- Unlimited number of groups*
- Access controls on all objects, including user-defined*
- Kerberos security system*
- Seamless integration to Distributed Computing Environment (DCE)*
* When using optional DSS components
File and Print Services
A server's core functions are to provide file and print sharing services to the network workstations. File sharing services provide both application and file sharing capabilities. The shared files and applications reside on one or more servers within a domain; in fact, they really reside on the hard disks of the server machines shared among LAN users. Print sharing services share printers attached to the servers within the domain.
In OS/2 Warp Server, file and print services are provided by the LAN Server 5.0 code (an upgrade of LAN Server 4.0) that has been integrated into the total OS/2 Warp Server package. This latest version provides the same easy drag-and-drop graphical administration capability first introduced with LAN Server 4.0. In fact, all of the administration programs work and appear exactly as they did in LAN Server 4.0 (see Figure 5 below.
Figure 5. OS/2 Warp Server File and Print Services Administration Folder
If you have previously set up a LAN Server 4.0 domain, you'll be familiar with the type of information and configuration decisions the file and print services installation requires. The primary difference between installing OS/2 Warp Server and LAN Server 4.0 is that this information is requested through a new common installation program. You will find that OS/2 Warp Server defaults a lot of decisions for you.
To sum it up, file and print services are essentially LAN Server 5.0 under a different name. Isn't marketing wonderful?
Something New in LAN Server 5.0
Having understood that the file and print services function is really LAN Server 5.0, you might have the impression that the only change from LAN Server 4.0 is the installation program. If so, you might be surprised to learn that there are some important new features, including:
- Novell's and Microsoft's network operating systems
- Microsoft Windows for Workgroups, NT Workstation/NT Server, and LAN Manager clients
- DEC PATHWORKS
- AIX and Apple Macintosh clients with add-on software
- NetBEUI, NetBIOS, TCP/IP, IPX/SPX, and SNA client protocols
- Gateway services for NetWare resources using LAN Server and OS/2 Warp Server client software
- Peer services on servers
- Revised OS/2, DOS, and Windows 3.x requesters
- Windows 95 requesters
- Advanced printer support (APS) allowing PostScript jobs to print on non-PostScript and high-speed printers on the LAN
New Support for Windows Protocols
Compatibility with Microsoft's network operating systems (NOSs) was achieved primarily by supporting the protocols within the Windows for Workgroups operating system. (The WfWG network protocols are implemented in Windows 95 and Windows NT.) This support is provided by the new peer support within OS/2 Warp Server. The peer software used in OS/2 Warp Server is based upon the rock-stable peer software in OS/2 Warp Connect. The result is that existing WfWG, Windows 95, and NT systems can connect to OS/2 Warp Server with no changes in their client code. OS/2 Warp Server includes an enhanced requester for Windows 95 that adds LAN Server-unique features, such as public applications and aliases, to a Windows 95 workstation.
OS/2 Warp Server introduces many different solutions for clients that need to connect to NetWare systems.
For clients that need to connect to a NetWare server but have only LAN Server or OS/2 Warp Server client software, OS/2 Warp Server provides the NetWare Gateway Service, which runs on an OS/2 Warp Server machine and connects to existing NetWare Shares. The NetWare Shares are then presented to the OS/2 Warp Server clients as regular OS/2 Warp Server resources.
If you have ever tried to set up multiple protocols and client LAN packages under DOS or Windows 3.1, you can appreciate how much work and memory you can save with OS/2 Warp Server's NetWare Gateway Service. Memory conservation is particularly important on DOS workstations. (In case you are wondering, the NetWare gateway does support NetWare 3.12 and 4.02, including NDS).
Suppose you already have NetWare clients and want to use OS/2 Warp Server. No problem! OS/2 Warp Server can appear just like another NetWare server. It includes the ability to access OS/2 Warp Server resources and applications, as well as to retrieve home directory assignments (if logon is allowed).
OS/2 Warp Server also includes the native NetWare client for OS/2, which supports NetWare 4.02. This software can be loaded onto your OS/2 workstations to support your existing NetWare environment or to access OS/2 Warp Server.
To help you migrate and synchronize users and resources from NetWare, OS/2 Warp Server includes the NetWare Migration Utility, which supports the migration of NetWare 2.1x, 2.2x, 3.x, and 4.x (bindery emulation only) into OS/2 Warp Server. It provides a drag-and-drop interface to move directories, their permissions, and user accounts. Because NetWare's password structure is not compatible with OS/2 Warp Server, the migration utility provides strategies for automatically resetting the passwords of user accounts migrated to OS/2 Warp Server.
Getting Information on the Road
How many times have you gone on a trip and found that you forgot something from your office PC? Wouldn't it be easy to dial into your machine and retrieve that missing file, check your e-mail, and take care of those online jobs you do at the office?
In OS/2 Warp Server, two components make remote work easier: remote access services and file synchronization services.
Packaged in every copy of OS/2 Warp Connect is LAN Distance Client. This software package enables a remote connection to your office's network, provided you install the LAN Distance Server software product.
The LAN Distance Server package is integrated into OS/2 Warp Server and is another component that can be added at installation. This saves money, time, and hassles. The remote access services package is fully compatible with existing OS/2 Warp Server LAN Distance client software. OS/2 Warp Server also includes the remote access client software for Windows. Remote access services provides a complete bridging function that allows the transport of virtually all protocols (NetBIOS, TCP/IP, SNA, DLC, etc.). This remote-access product includes:
- Support for a wide variety of modems and multiport serial port hardware
- Encrypted logon transactions (very comprehensive)
- Optional dial-back support
- Extensive logging and error reporting
- Access restrictions by time of day
The mobile file synchronization runs on OS/2 clients to allow network-attached PCs to synchronize file versions between LAN-based and workstation-based files. For example, you might go into the office, connect to the LAN, download a bunch of documents, and then go on the road. While you are out, you make file changes, and others at your office are changing the same files. When you return and reconnect to the LAN, the file synchronization program tells you which files are newer on the network, and which are newer on your workstation. You are offered the choice, file by file, of updating your machine's version or the LAN's version of the files in question. You still have to keep track of this stuff, but at least the software helps you figure out what is old and what is new.
TCP/IP Plus . . .
The underlying architecture of the Internet is TCP/IP. Even if you do not use the Internet, there is little question that TCP/IP has become the dominant protocol in the world of network computing. OS/2 Warp Server implements a comprehensive suite of the latest TCP/IP technology to make usage and support as easy as possible.
To ease workstation configuration, OS/2 Warp Server now provides dynamic host connectivity protocol (DHCP), as well as dynamic domain name services (DDNS), as shown in Figure 6.
Figure 6. Automatic IP Assignment Using OS/2 Warp Server's DHCP and DDNS
One of the biggest headaches in administering a TCP/IP installation is assigning IP addresses and TCP/IP settings for each workstation. DHCP enables a workstation to simply provide its name (which is simple enough to assign) to the OS/2 Warp Server machine running the DHCP server. Then, like magic, back comes the machine's IP address, subnet mask, gateway address, and domain name server (DNS) address. All of the right settings are returned automatically from the DHCP service with no user or administrator muss or fuss.
Another time-consuming area of TCP/IP administration is looking up TCP/IP names and returning the corresponding IP address. The translation function is normally provided by a fixed file called hosts, or via a DNS. The problem with the DNS is that you have to manually update the database with network changes. The new DDNS provides the same name-lookup function, but can dynamically and automatically update its database as new machines are added to the TCP/IP network via DHCP.
OS/2 Warp Server includes a comprehensive client and server suite of the most common TCP/IP utilities. The TCP/IP package includes the Web and Usenet utilities needed for Internet surfing and supports PPP and SLIP connections. The TCP/IP folder of applications is shown in Figure 7 below.
Figure 7. TCP/IP Application Suite Folder
Want to Sleep at Night?
A lot of companies offer LAN software supposedly designed for enterprisewide installation. Certainly you can install just about any software wherever you wish, but how do you maintain control over thousands of computers on an ongoing basis?
OS/2 Warp Server implements many innovative, yet proven, software components to deal with the enormous job faced by corporate information services organizations. OS/2 Warp Server includes tools to aid in its support: IBM SystemView, electronic software distribution, license management, and backup and recovery services.
The systems management components are one of OS/2 Warp Server's strongest features. These components help you:
- Track hardware and software resources
- Monitor workstation and server operation
- Distribute software across the network
- Logically break up systems in groups for segmenting administration tasks
- Schedule operations into the future
- Back up and restore directories and files to a variety of media
Optional management and support components included with OS/2 Warp Server, but not installed by the integrated installation utility, include:
- Simple network management protocol (SNMP), so that OS/2 Warp Server servers can be managed by SNMP management systems
- Desktop management interface (DMI), which supports systems management using the DMI management systems
- AskPSP, a case-based reasoning system which looks for possible solutions to problems you describe
State-of-the-Art Network Operating System
In today's world, it is essential that a network operating system integrate with existing networking solutions. OS/2 Warp Server is comprehensive in its ability to support the broad range of existing LAN clients and servers, while providing industrial-strength application and resource sharing. IBM OS/2 Warp Server is a single, easy-to-set-up LAN networking solution that scales beautifully from small businesses to the largest enterprises.
I would like to thank Khalil Emami of the IBM LAN Systems Customer Readiness group in Austin, Texas for his assistance in preparing this article.