DCE replacement strategies / [Heinz Johner ... et al.].

Format:

Book

Contributor:

Johner, Heinz.

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

Electronic data processing--Distributed processing.

Electronic data processing.

Application software--Development.

Application software.

IBM software.

Physical Description:

xxii, 432 p. : ill.

Edition:

1st ed.

Place of Publication:

[S.l.] : IBM, International Technical Support Organization, c2003.

Language Note:

English

System Details:

text file

Summary:

This IBM Redbooks publication recommends strategies that you can use to replace the Distributed Computing Environment (DCE) dependencies in your environment and move to new technologies. The following topics are covered: - DCE overview and recap - Replacement technologies - Replacement strategies - Replacement scenarios - Replacement coding examples This book is a valuable information source if you are an executive, administrator, or developer of an IBM customer environment that uses IBM DCE for a distributed systems and application infrastructure. Although strategies for replacing DCE are described, the book does not cover strategies for replacing dependencies to IBM products that use DCE, such as DFS and TXSeries. Please note that the additional material referenced in the text is not available from IBM.

Contents:

Front cover

Contents

Tables

Figures

Notices

Trademarks

Preface

The team that wrote this redbook

Become a published author

Comments welcome

Part 1 Description of the DCE replacement strategies

Chapter 1. DCE review

1.1 Defining DCE

1.2 Who uses DCE

1.3 What DCE does

1.3.1 Threads

1.3.2 RPC

1.3.3 Security core

1.3.4 GSS-API

1.3.5 Directory

1.3.6 Time

1.3.7 Cross component

1.4 The DCE environment

1.5 Application dependencies on DCE

1.5.1 Direct dependencies

1.5.2 Indirect dependencies

1.5.3 No dependencies

1.6 Summary of DCE review

Chapter 2. Replacement technologies

2.1 Criteria for selecting the technologies

2.1.1 Compliance with industry standards

2.1.2 Coverage of predominant DCE services

2.1.3 Ease of migration

2.1.4 Similarity to DCE services

2.1.5 Technologies considered strategic

2.1.6 Support of predominant platforms

2.1.7 Support of predominant programming languages

2.1.8 Availability of IBM implementations

2.2 Technologies for C/C++ applications

2.2.1 aznAPI

2.2.2 CORBA

2.2.3 DCE RPC

2.2.4 DCE UUID

2.2.5 Kerberos

2.2.6 LDAP

2.2.7 Network Time Protocol

2.2.8 Platform auditing

2.2.9 Platform logging and messaging

2.2.10 POSIX 1003.1c threads

2.2.11 Web services

2.3 Technologies for Java applications

2.3.1 J2EE application environment

2.3.2 Standards for the J2EE

2.3.3 DCE services that can be replaced by J2EE

2.3.4 IBM implementation of J2EE: WebSphere Application Server

2.3.5 Additional information on IBM WebSphere Application Server

2.4 Summary

Chapter 3. Replacement strategies

3.1 Replacement strategies for C/C++ applications

3.1.1 Auditing

3.1.2 Authentication

3.1.3 Authorization, PAC, and UUID

3.1.4 Backing store

3.1.5 Configuration.

3.1.6 Delegation, GSS-API, and login

3.1.7 Directory

3.1.8 Extended Registry Attributes

3.1.9 Event management

3.1.10 GSS-API

3.1.11 Host management

3.1.12 Integrated login

3.1.13 Login

3.1.14 Messaging

3.1.15 PAC

3.1.16 Password strength

3.1.17 Protection

3.1.18 Registry

3.1.19 RPC services

3.1.20 Serviceability

3.1.21 Threads

3.1.22 Time

3.1.23 UUID

3.2 Replacement strategy for Java applications

3.2.1 Determining a new architecture

3.2.2 Revising the application environment for the new architecture

3.2.3 Rewriting the DCE applications to the new architecture

3.3 Replacement strategies for mixed applications

3.3.1 CORBA interoperability

3.3.2 Java Native Interface

3.3.3 JCA and JNI

Chapter 4. Using DCE data with IBM Network Authentication Service

4.1 Introduction

4.2 Migrating DCE data to an LDAP directory

4.3 Configuring IBM Network Authentication Service

4.4 Managing the data in a shared environment

4.5 Removing DCE-specific data

4.6 Details about shared data

4.7 Details about non-shared data

Chapter 5. Using DCE objects with IBM Tivoli Access Manager

5.1 Introduction

5.2 Data representation

5.3 Configuration scenarios

5.3.1 Scenario 1

5.3.2 Scenario 2

5.3.3 Scenario 3

5.4 Managing objects in a shared environment

5.4.1 Creating a user with IBM Tivoli Access Manager

5.4.2 Creating a group with IBM Tivoli Access Manager

5.4.3 Adding a member to a group using IBM Tivoli Access Manager

5.4.4 Deleting a user using IBM Tivoli Access Manager

5.4.5 Deleting a group using IBM Tivoli Access Manager

5.4.6 Removing a member from an IBM Tivoli Access Manager group

5.4.7 Creating a principal with DCE

5.4.8 Creating a DCE group

5.4.9 Adding a member to a group using DCE

5.4.10 Deleting a user using DCE.

5.4.11 Deleting a group using DCE commands

5.4.12 Removing a member from a group with DCE commands

5.4.13 Sharing policies

5.4.14 Attaching a DCE policy

5.4.15 Deleting a shared DCE policy

Chapter 6. Binary structure of DCE ERA data in LDAP

6.1 Recap: The DCE to LDAP migration process

6.2 Reading binary DCE ERA data in LDAP

Part 2 Replacement sample scenarios

Chapter 7. Common replacement considerations

7.1 How to read the example scenarios

7.2 Common assumptions in the sample scenarios

7.3 Simplifications in the sample scenarios

7.4 Security considerations

7.5 Performance considerations

7.6 Using an LDAP directory

7.6.1 LDAP security considerations

7.6.2 Availability and performance considerations

7.7 SSL implementation hints

7.7.1 SSL and TLS overview

7.7.2 Uses of SSL

7.7.3 Using SSL in the replacement scenarios

7.7.4 IBM GSKit

7.7.5 Authentication with certificates

7.7.6 Using self-signed certificates

7.7.7 Using certificates from a Certificate Authority (CA)

7.7.8 Additional hints and considerations

Chapter 8. Scenario 1: GSS-API application

8.1 Scenario description

8.1.1 Initial application with DCE dependencies

8.1.2 Revised application without DCE dependencies

8.2 DCE application

8.2.1 Configuring and running the DCE application

8.2.2 Application client

8.2.3 Application server

8.3 Replacement roadmap

8.3.1 Software requirements

8.3.2 Migration of DCE security registry to IBM Directory Server

8.3.3 Configuring IBM Network Authentication Service

8.3.4 Configuring IBM Tivoli Access Manager

8.3.5 Configuring the Windows Kerberos client

8.3.6 Revising the application

8.3.7 Cleaning up the DCE related information in the IBM Directory

8.4 Revised application discussion.

8.4.1 Configuring and running the revised application

8.4.2 Application client

8.4.3 Application server

8.5 Administration considerations and interfaces

8.5.1 Administration during the migration process

8.5.2 Administration after the migration process

8.5.3 IBM Network Authentication Service administration interface

8.5.4 IBM Tivoli Access Manager administration interface

8.6 Discussion and conclusions

Chapter 9. Scenario 2: Non-secure RPC application

9.1 Scenario description

9.1.1 Initial application with DCE dependencies

9.1.2 Revised application without DCE dependencies

9.2 DCE application

9.2.1 Configuring and running the DCE application

9.2.2 Application client

9.2.3 Application server

9.3 Replacement roadmap

9.3.1 Software requirements

9.3.2 Installing and configuring WebSphere Application Server

9.3.3 Revising the application

9.3.4 Removing DCE

9.4 Revised application discussion

9.4.1 Building, configuring, and running the revised application

9.4.2 CORBA IDL file

9.4.3 Application client

9.4.4 Application server

9.5 Administration considerations and interfaces

9.6 Discussion and conclusions

Chapter 10. Scenario 3: Secure RPC application #1

10.1 Scenario description

10.1.1 Initial application with DCE dependencies

10.1.2 Revised application without DCE dependencies

10.2 DCE application

10.2.1 Configuring and running the DCE application

10.2.2 Application interface definition

10.2.3 Application client

10.2.4 Application server

10.3 Replacement roadmap

10.3.1 Software requirements

10.3.2 Installing and configuring IBM WebSphere Application Server

10.3.3 Configuring WebSphere Application Server security

10.3.4 Configuring the application client

10.3.5 Developing the application

10.3.6 Configuring IBM Directory Server.

10.3.7 Assembling the scenario application

10.3.8 Deploying and starting the application

10.3.9 Running the application client

10.4 Revised application discussion

10.4.1 Enterprise bean wrappers

10.4.2 CORBA IDL file

10.4.3 Application client

10.4.4 Application server

10.4.5 Java Native Interface

10.4.6 J2EE Connector Architecture

10.5 Administration considerations and interfaces

10.6 Discussion and conclusions

Chapter 11. Scenario 4: Secure RPC application #2

11.1 Scenario description

11.1.1 Initial application with DCE dependencies

11.1.2 Revised application without DCE dependencies

11.2 DCE application

11.3 Replacement roadmap

11.3.1 Software requirements

11.3.2 Installing and configuring IBM WebSphere Application Server

11.3.3 Configuring WebSphere Application Server security

11.3.4 Configuring the application client

11.3.5 Developing the application

11.3.6 Configuring IBM Directory Server

11.3.7 Assembling the scenario application

11.3.8 Deploying and starting the application

11.3.9 Running the application client

11.4 Revised application discussion

11.4.1 Application client

11.4.2 Application server

11.5 Administration considerations and interfaces

11.6 Discussion and conclusions

Part 3 Appendixes

Appendix A. Scenario 1: Source code listings

Application with DCE dependencies

Makefile for application client

Makefile for application server

DCE dependent application client

DCE dependent application server

Authorization module with DCE dependencies

Utility source of the DCE dependent application

Header file for utility source

Revised application without DCE dependencies

Revised application client

Revised application server.

Authorization module using aznAPI.

Notes:

"June 2003."

Includes bibliographical references and index.

OCLC:

137342228