HP UX SNAplus2 snapwinsec off, snapwinsec domain

Managing SNAplus2 Clients

Managing Win32 Clients

Win32 Client Security

SNAplus2 provides a facility for validating the user name and password of any Win32 client running on Windows 95 and attempting to contact a server running SNAplus2. This enables you to ensure that only authorized Windows users are able to access the SNAplus2 system. On Windows NT no validation is performed (the fact that the user had to enter a password to access the desktop is considered to provide sufﬁcient security).

By default, Win32 client security is not active, so that any computer with the Win32 client software installed can access SNAplus2 servers. To enable Win32 client security, use the following procedure:

Step 1. Agree on a user name and password with each Win32 client user who is authorized to access the SNAplus2 system.

Step 2. On all servers that this client can access, deﬁne this user name and password to the HP-UX system as a system user name.

Step 3. After enabling the SNAplus2 software on a server, use the following command:

snapwinsec domain

This command enables Win32 client security on all servers in the SNAplus2 domain. You do not need to repeat the command when enabling the SNAplus2 software on other servers.

When a Win32 client starts up and tries to access a server on which Win32 client security is enabled, the client software displays a pop-up message requesting a password. This password from the Registry is checked against the user names deﬁned to the HP-UX system on the server. If the Win32 client user does not specify a password, or if the user name and password cannot be matched with a user name and password on the server, the server rejects the client's access attempt.

To stop using Win32 client security, so that any Win32 client user can access SNAplus2 servers without having to specify a password, use the following command:

snapwinsec off

This command removes Win32 client security on all servers in the SNAplus2 domain. You do not need to repeat the command on other servers.

256	Chapter 11

Contents

HP-UXSNAplus2 Administration Guide Warranty Restricted Rights Legend Copyright Notices Trademark Notices Page Page 2. Introduction to SNAplus2 3. Administering SNAplus2 4. Basic Conﬁguration Tasks 5. Deﬁning Connectivity Components 6. Conﬁguring Dependent LUs 7. Conﬁguring APPC Communication 8. Conﬁguring User Applications 9. Conﬁguring Passthrough Services 10. Managing SNAplus2 from NetView 11. Managing SNAplus2 Clients A. Conﬁguration Planning Worksheets B.APPN Network Management Using the Simple Network Management Protocol C. Conﬁguring an Invokable TP Using snaptpinstall D. Using SNAplus2 in a High Availability Environment Page Page Page Page Table Typographic Conventions Special Element Sample of Typography opcode; LU name ioctl For UNIX For Windows End of Section Page Page Page Page SNA Terms and Concepts NOTE Overview Systems Network Architecture Basic SNA Concepts Node Types in a Subarea Network Page Figure SNA Subarea Network Node Types in a Peer Network Page Physical Units Logical Units Page Control Points Session Types Primary and Secondary LUs Dependent and Independent LUs Multiple and Parallel Sessions Multiple and Parallel Sessions Communication between Transaction Programs and Logical Units SEND Page Page Basic APPN Concepts Portion of a Sample APPN Network APPN Network Nodes APPN End Nodes LEN Nodes Page Resource Names Directory Services LEN Node Directories End Node Directories Network Node Directories Network Node Directory Topology and Routing Services Page Network Topology Database in Network Nodes Topology Database Updates Route Selection in an APPN Network Intermediate Routing Direct Connectivity APPN Network Using a Shared-AccessTransport Facility APPN Connection Networks Page Figure 1-11Deﬁnitions Needed for Direct Links Using a Virtual Node Page Accessing Subarea Networks from APPN Networks Introduction to SNAplus2 Page What Is SNAplus2 Page Example Conﬁgurations Standalone SNAplus2 Node That Communicates Directly with a Host SNAplus2 Nodes in an APPN Network SNAplus2 Node Providing PU Concentration and DLUR SNAplus2 Node Conﬁgured for TN Server SNAplus2 Client/Server Conﬁguration SNAplus2 Components Components of SNAplus2 PU Concentration PU Concentration Dependent LU Requester TN Server TN Server 3270 Emulation 5250 Emulation RJE Workstation Daemon Page APPC API CPI-CAPI CSV API HLLAPI LUA API MS API NOF API Windows APIs Page Beneﬁts of Client/Server Operation Master Server and Backup Servers Page HP-UXClients Windows Clients SNAplus2 Resources DLCs Ports Link Stations Connection Networks Page Dynamic Deﬁnition of Dependent LUs LU Pools Default LUs Page SNAplus2 Administration Step Motif Administration Program xsnapadmin & Command-LineAdministration Program command Remote Command Facility Conﬁguration Files awk sed NOF Applications Diagnostic Tools snaphelp Simple Network Management Protocol Support Administering SNAplus2 Page Planning for SNAplus2 Conﬁguration Page Enabling and Disabling SNAplus2 on the Local System /opt/sna/bin/snap start /opt/sna/bin/snapadmin query_node_all /opt/sna/bin/X11/xsnapadmin snap start [ -s] [ -mkernel_memory_limit] [ -t] snap start -m kernel_memory_limit Page snap stop Using the Motif Administration Program Page Domain Window SNAplus2 Domain Window Node Window Node Window Page Resource Items Tool Bar Buttons SNAplus2 Tool Bar Page Sample Dialog number Description Sample Status Dialog Sample Help Window ASCII Administration Program snap2adm Using the Command-LineAdministration Program status define define delete Page Basic Conﬁguration Tasks Page Conﬁguring Client/Server Functions query_sna_net add_backup delete_backup Conﬁguring the Node define_node APPN support Control point name Control point alias Node ID Conﬁguring Logging tail •set_central_logging •set_global_log_type •set_log_type •set_log_file Page Page Deﬁning Connectivity Components Page Page Page Deﬁning Ports, DLCs, and Connection Networks SNA port name Adapter card number Port number Initially active Additional Port Parameters for SDLC Line details Type Link role Encoding NRZI Dial string (6)AT &&D3 &&Q1 DT7,012345678 Additional Port Parameters for Token Ring, FDDI and Ethernet Local SAP number Deﬁne on connection network CN name Additional Port Parameters for X.25 (QLLC) Additional Port Parameters for Implicit PU Concentration Maximum active template instances Conﬁgure downstream LUs for implicit PU access Deﬁning Link Stations define_type_ls Common Link Station Parameters Name Activation LU trafﬁc Additional Link Station Parameters for SDLC ADDR STNADR Line encoding Additional Link Station Parameters for Token Ring, FDDI and Ethernet Additional Link Station Parameters for X.25 (QLLC) Parameters for Independent LU Trafﬁc Remote node name NETID SSCPNAME Remote node type Parameters for Dependent LU Trafﬁc Local node ID IDBLK IDNUM EXCHID Remote node role Deﬁning DLUR PUs define_internal_pu PU Name DLUS Name PU ID Reactivate PU after failure Page Conﬁguring Dependent LUs Page Deﬁning LU Types 0–3 define_lu_0_to_3 define_lu_0_to_3_range LU name Host LS/DLUR PU LU numbers LU type LU in pool Pool name Deﬁning LU Pools define_lu_pool Assigned LUs Page Conﬁguring APPC Communication Page Page Deﬁning Local LUs define_local_lu LU alias LU number Member of default pool Page Deﬁning Remote Nodes define_directory_entry define_partner_lu Node's SNA network name Deﬁning Partner LUs define_adjacent_len_node define_directory_entry Partner LU name Wildcard partner LU name A.F Alias Uninterpreted Name Supports parallel sessions Location Page Deﬁning TPs Issue the snapadmin define_tp command snaptpinstall TP name Parameters are for invocation on any LU/on speciﬁc LU Multiple instances supported User ID Group ID Route incoming Allocates to running TP Full path to TP executable TPname Arguments Conversation level security required Restrict access Security access list Restrict access Deﬁning Modes and Classes of Service Standard Mode and COS Names Mode Associated Purpose COS Name define_mode define_defaults define_cos Session limits Initial session limit Minimum contention winner sessions Minimum contention loser sessions Auto-activatedsessions Receive pacing window Initial window size Maximum window size Session timeout Maximum RU size Page Deﬁning CPI-CSide Information define_cpic_side_info Local LU Local LU alias Use default LU Partner LU Partner TP Security Password Page Conﬁguring APPC Security define_lu_lu_password Session Security Conﬁguration Parameters Additional Conﬁguration define_userid_password Conversation Security Conﬁguration Parameters define_security_access_list Security Access List Conﬁguration Parameters Users in access list Page Page Conﬁguring User Applications Page Page Page Conﬁguring 3270 Users and Sessions define_emulator_user Emulation User and Group Conﬁguration Parameters User Name Group Name Style File Style ﬁle access Sessions 3270 permissions 3270 Session Conﬁguration Parameters Session name Display or Printer LU/Pool name Session base name Number of sessions Conﬁguring 5250 Users Page Conﬁguring RJE Workstations define_rje_wkstn Workstation name Run on computer UNIX user name UNIX group name Page Conﬁguring Passthrough Services Page Conﬁguring TN Server define_tn3270_access TN Server Access Record Conﬁguration Parameters TN3270 client address hostname Support TN3270E TCP/IP port number telnet Display LU assigned Printer LU assigned Allow access to speciﬁc LU define_tn3270_association TN Server Association Record Conﬁguration Parameters Display LU Printer LU Conﬁguring PU Concentration Downstream LU name Upstream LU name Fake logon Allow timeout Conﬁguring DLUR Page 10Managing SNAplus2 from NetView Page Using the Host NetView Program input input n runcmd sp=spname, appl=component, commandtext runcmd sp , appl Page Using Escape Characters in RCF Commands Characters to Produce Input \a\bcd \\a Using SPCF query_node query set delete add remove init_node Using UCF runcmd sp=spname, appl=unix, HP-UX_command HP-UX_command cat ﬁlename ﬁlename1 ﬁlename2 grep Temp [ab]*.c >TEMP.out kill ux-cancel runcmd sp=myspname, appl=unix, ux-cancel Page Page 11 Managing SNAplus2 Clients Page Client Networking Requirements nnnn lan_access_timeout query_central_logger query_node_all •The NOF verbs query_central_logger or query_node_all servername Managing Win32 Clients Page snapwinsec domain snapwinsec off Page Conﬁguration domain snagroup invoked_tps broadcast_attempt_count server_lost_timeout client_start_timeout Servers Server1 Server2–Server10 Server2 Server3 Server10 Logging exception_logging_enabled audit_logging_enabled log_directory error_ﬁle audit_ﬁle backup_error_ﬁle error_ﬁle_wrap_size audit_ﬁle_wrap_size succinct_errors succinct_audits API_tracing ﬁle1 ﬁle2 ﬂip_size truncation_length all_api appc nof cpic csv rui MSG_tracing fmi CS_tracing trace_ﬂags admin_msg datagram data send receive Appl_Name APPCLLU APPCTPN CSV_data CSVTBLG Managing Win16 Clients Page snauser Page Page [Conﬁguration] Page Page [Servers] [Logging] Page Page Page [API_tracing] Page [MSG_tracing] Page [CS_tracing] [Appl_Name] [CSV_data] Managing HP-UXClients snap start [ -t] domain_name Page server names Page Page A Conﬁguration Planning Worksheets Page Node Worksheets Your Motif Field Valid Entry/Notes Implementation Motif FieldValid Entry/Notes Implementation Client/Server Conﬁguration: Conﬁguration server Application Conﬁguration: Page SDLC Port Dialog SDLC card Duplex Setting Physical link type SDLC Link Station Dialog Remote node Downstream PU name Upstream DLUS Page Page Page Page Remote node ID Downstream PU name Upstream DLUS name Page Page Page Page Page Downstream PU name Upstream DLUS name Adapter/port number Subnet ID Passthrough Services Worksheets Motif FieldValid Entry/NotesImplementation Node Conﬁguration: DLUR PU: PU name Reactivate PU after failure Local LU and Application Conﬁguration: LU Pool Dialog LU lists TN Server Access Dialog Page User Application Support Worksheets Local LU Dialog: LOCADDR Support syncpoint Disable password substitution Restrict to speciﬁc Page Session Security Dialog: TP Invocation Dialog: Restrict to speciﬁc LU Multiple instances supported Conversation level security required Conversation type Sync level PIP allowed APPC Conﬁguration: See “APPC” CPI-CDestination Dialog Symbolic destination Partner TP name Emulator User and Emulator Group Dialogs User name or group LU Type 0–3Dialog Style ﬁle name 3270 Session Dialog Single session or Multiple sessions Session type RJE Workstation Dialog Page B APPN Network Management Using the Simple Network Management Protocol Page Introduction to SNMP Figure B-1 Overview of SNMP SNAplus2 APPN SNMP Subagent snasnmp APPN Management Information Base (MIB) C Conﬁguring an Invokable TP Using snaptpinstall snaptpinstall -a ﬁle_name snaptpinstall -r -t TP_name -l LU_alias snaptpinstall -r -t TP_name snaptpinstall -q -t TP_name -l LU_alias snaptpinstall -q -t TP_name File Format for snaptpinstall PATH ARGUMENTS TYPE TIMEOUT USERID GROUP LUALIAS SHOW SECURITY_TYPE CreateProcess StartService SERVICE_NAME SECURITY_TYPE is SERVICE Page D Using SNAplus2 in a High Availability Environment Page What is High Availability single point of failure Figure D-1 SNAplus2 client/server network Page SNAplus2 High Availability Features Figure D-2 LU Pools Page Figure D-3 Applications using multiple servers Table D-1 Component Primary Server Backup Server Figure D-4 SNAplus2 on Primary and Backup Servers snapadmin start_port, port_name=HAPORT snapadmin start_ls, ls_name=HALS Figure D-5 Using SNAplus2 with MC/ServiceGuard clusters packages Figure D-6 SNAplus2 environment with ServiceGuard Page halt run Page Table D-2 Suggestions for Deﬁning the SNAplus2 Package Item Suggestion snapmon snapmon Page SNAplus2 Client/Server LAN Connections Figure D-7 SNAplus2 in Client/Server Conﬁguration SNA LAN Connections Figure D-8 SNAplus2 Server connected to remote system via LAN TN Server LAN Connections Figure D-9 SNAplus2 Server Running TNServer Using the LAN to Access Standalone Servers Figure D-10Accessing SNAplus2 Server via LAN Modifying the PATH variable Adding Customer Deﬁned Functions snapadmin init_node LANS Figure D-11Client/Server conﬁguration using Token Ring LAN DLC QLLC card0 Figure D-12Client/Server Conﬁguration Using X.25 DLC SDLC Figure D-13Client/Server Conﬁguration Using SDLC DLC Advanced Conﬁguration Techniques DLC Figure D-14Standalone Server using Token Ring Primary DLC and SDLC Backup DLC