Chapter 7 - VINES System Software and Special Applications
VINES system software includes VINES services, which let users access network resources. Banyan services are programs that run on a Banyan server and perform functions required by network users. They identify, manage, and coordinate all the physical and logical components of the network.
Given the proper access, any workstation user anywhere in the network can use these services to interact with any workstation user, printer, minicomputer, mainframe computer, or file service in the network. Services also communicate with one another to share information. For example, the StreetTalk naming service communicates with other services to locate items on the network.
Some services have two parts: service software that runs on the server and client software that runs on the workstation or server. For example, to use a print service, users run the client program on their workstations. The client software communicates with the service software to let users print documents on printers connected to the network.
When major elements of the network are in place, administrative duties include managing services, which run on Banyan servers. Some services require little management, others more.
Services fall into one of the following categories:
Utility services Special services Resource-sharing services Optional services
The sections that follow describe these services. Chapter 9 and Chapter 10 describe in detail the file and print services, which are resource-sharing services. Chapter 11 describes all the VINES optional services.
This section describes the utility services provided with the base VINES and base StreetTalk for Windows NT software. These services manage other services, hold system software, provide security, or coordinate the system time on the server. These services are automatically created when native VINES and StreetTalk for Windows NT software is started. These services are briefly described in Chapter 4.
Each server contains a service called the Server Service. Its StreetTalk name is SS@servername@Servers where servername is the name of your server.
This service handles communications within the server, monitors the status of services on the server, and automatically restarts services if a problem occurs. The Server Service creates and deletes other services. The MSERVICE and OPERATE programs are the client programs of the Server Service. For native VINES, you can view service status from the operator console attached to the server or from a DOS workstation. For StreetTalk for Windows NT, StreetTalk Explorer and the Windows NT Services Manager in the Control Panel show the status of StreetTalk services. Server Service on a StreetTalk for Windows NT service polls services at fixed intervals and attempts to restart those services that have stopped abnormally (crashed). The polling interval can be configured. The default polling interval is 5 minutes.
See Banyan Server Operations Guide for more information on the Service Monitor display and ways to access it from the console and from a workstation. See the StreetTalk for Windows NT Installation Guide for more information on monitoring StreetTalk services on Windows NT.
The Server Service also coordinates network time on a native VINES server. Network time ensures that servers operate with a standard time across all time zones. Chapter 4 described setting time on network servers.
Your only management task is to reset the time from the server console as needed. When the Server Service is running on your server, changing the time on the server also changes the network time. This can affect scheduled activity, such as backups or temporary links, on servers across the network.
When you reset the time on the server, users at their workstations do not see the new time until the next time they log in.
VINES Security Service
On each native VINES and StreetTalk for Windows NT server, the VINES Security Service authenticates user logins to provide security. The StreetTalk name of the Security service is VS@servername@Servers where servername is the name of your server.
VINES security checks user profiles and access rights when users access file and print services. It makes sure that users can log in from their workstations and that they comply with security requirements. For example, this service forces users to change their passwords if you have specified that they should.
To control the VINES Security service, you can specify security settings for groups or for individual users or you accept VINES defaults. Chapter 6 described the settings you can assign with the MGROUP and MUSER programs.
VINES Files contains client programs that let users access and use network resources. It contains VINES executable programs, program messages, and help files. This software is on the VINES file volume, a special network file volume - VINES Files@servername@Servers, where servername corresponds to the nearest network server with the same software revision as the workstation.
VINES Files is automatically set to drive Z and placed automatically in the search path for all DOS and OS/2 users. It is available to users when they log in to the network. You can use the SETDRIVE command in the user profile to change this default.
You can select to install VINES Files on a StreetTalk for Windows NT server.
Directory Structure of VINES Files
The root directory of each server's VINES Files service can have DOS, OS/2, and WIN32 subdirectories if both are installed. During the login process, software in a VINES workstation attaches to the appropriate VINES Files directory automatically.
The OS/2 directory contains OS/2 protected-mode versions of VINES programs; the DOS directory contains DOS versions of VINES programs; the WIN32 directory contains 32-bit Windows versions of VINES programs.
The DOS, OS/2, and WIN32 directories mirror one another. All have the same subdirectories and support multiple language types. Figure 7-1 shows the DOS and OS/2 directories.
The first-level directories designate the operating system that a VINES workstation is running. The second-level directories designate a location. Location refers to a language version of Multilingual VINES Files on drive Z.
USA (English) is the default location version. If a multilingual DOS version of VINES were installed on a server, drive Z might have a
or \GERMANY or \SPAIN directory.
Every language directory contains a complete set of VINES programs, such as SETDRIVE and SETPRINT, and a PCINIT subdirectory containing some software that is installed at the workstation. A translated directory structure is the same as that shown in Figure 7-1. The applications, however, are in a new location. The new location name is usually the country of the translated language (for example, France, Germany, or Spain).
Some VINES program files are in Z: while others are in the Z:\PCINIT subdirectory. VINES program files have corresponding help and message files in the HLPFILES and MESSAGES directories, respectively. The directory structure of the default USA location is illustrated in Figure 7-2.
Directories and Subdirectories on Drive Z
The HLPFILES directories contain help (.HLP) files. Users running a VINES application can display help files when they press F1.
The MESSAGES directories contain message binary (.MSB) files. These files contain text for VINES menus and client error and program messages. Programs that you run from drive Z, such as NEWREV or SETDRIVE, display menus and client messages.
The SYSERROR directory contains error (.ERR) files and help files. (You cannot see the SYSERROR directory if the VINES Files service is mapped to drive Z.) The error files contain messages that VINES services such as StreetTalk, the Security Service, or the print service display. The help files contain service error messages that users display on-line when they enter the VNSERR command from DOS.
During the login process, VINES maps drive Z to the operating system type (DOS, OS/2, WIN32) and then to the language. Users are automatically mapped to a client-specific, language-specific subdirectory contained in VINES Files.
If you log in to VINES at a DOS or Windows 3.1 workstation, you view the contents of DOS\USA as the root of Z:. If you log in to VINES at an OS/2 workstation, you view the contents of OS2\USA as the root. If you log in to VINES at a Windows 95 or Windows NT workstation, you view the contents of DOS\USA as the root.
If you have the appropriate administrative access rights to VINES Files, you can view the entire directory structure, regardless of the workstation type you are using. You use the SETDRIVE command and map any drive letter other than Z to the VINES Files service of your choice. For example:
SETDRIVE X "VINES FILES@USCHI001@SERVERS"
lets you see the directory structure of VINES Files on the server USCHI001.
You can modify the directory structure of VINES Files, but unlike other file services, you cannot create or delete this file service.
After logging in to the network, a DOS, Windows, or OS/2 user sees a display of all the network resources provided by the user's profile. Potentially, any user can use all the features of VINES and any application programs stored on the network. As an administrator, you limit user access to maintain the security and integrity of network resources.
A user who has logged out of VINES sees the files and directories in the PCINIT subdirectory on drive Z. Drive Z is always mapped to VINES Files. The PCINIT subdirectory is client-specific (DOS, OS/2, or WIN32), and language specific (English, French, et al.). The LOGIN program is in the PCINIT directory.
Users can view the contents of the PCINIT directory. After the login process is complete, the user is in the parent directory as specified in the user's profile.
Modifying Access Rights to Drive Z
You have a great deal of flexibility in managing VINES Files because drive Z is open. This means that as a member of the appropriate AdminList, you can control and change the access to VINES programs on drive Z. You can create subdirectories and move VINES programs to them. You can remove any commands that you do not want users to access, or you can customize help files.
The default access rights list (ARL) that protects VINES Files lets users search the directory or subdirectory for a name and open a directory or file for reading. You can change this default ARL to any ARL that you want. (Chapter 9 describes ARLs in detail.)
Keep in mind, however, that if you make the ARL less restrictive (providing Write or Delete access), users can add files to and delete files from these directories. If you make access more restrictive by denying Search or Read access, users cannot execute commands. If you accidentally remove access rights protecting VINES Files, you stop users from logging in.
Therefore, it is strongly recommended that you keep the default access rights to the directories that contain VINES Files.
Customizing Drive Z
If you do not want to modify the default VINES Files volume provided with the system, you can set a user's drive Z to a volume (file service) that you create.
If you decide to modify VINES Files, you must follow certain rules and take special precautions. For example, you are not allowed to move some VINES files or rename VINES programs and directories. You must be careful not to change the access rights to the VINES Files directories so that users can add files to them or delete files from them.
It is not recommended that you modify the VINES file volume unless you have a very good reason for doing so. Changing VINES files can make the task of managing your system more complex.
For example, the native VINES Backup Restore program does not prevent you from inadvertently restoring an older version of VINES Files in place of a later revision. To preserve a customized Z drive, you must restore it manually. Therefore, backing up and restoring VINES system and network files becomes more complicated if they have been changed.
Remember, too, that you are responsible for maintaining the integrity of the VINES Files volume when you receive a VINES software upgrade. Upgrading software and preserving modifications is not a straightforward task. You must maintain detailed records of any customized file volume you use as a drive Z for network users.
Guidelines for Modifying VINES Files
Keep these points in mind if you modify VINES Files:
Do not remove default access rights from drive Z. Do not delete any files from drive Z. Deleting files can prevent VINES from operating properly. To prevent users from executing some VINES programs, you can move VINES executable files to a subdirectory on drive Z. Then use the SETDRIVE command with the /ROOT switch to keep them out of Z:\. Identify the subdirectory in their profiles with the PATH command. You can also run StreetTalk Explorer or the MUSER program to stop users from editing their own profiles. You can create subdirectories and move files between directories in VINES Files. However, some VINES programs execute other VINES programs using the PATH command. Therefore, if you move a VINES program, you must move any programs associated with it. Managing VINES Services has a list of these programs. Some files must not be moved. For example, do not move help or message files from HLPFILES or MESSAGES subdirectories. Do not rename the PCINIT directory, or the HLPFILES, or MESSAGES subdirectories. If you rename these subdirectories, VINES Files does not work correctly and users may not be able to log in. Do not change the names of programs in the VINES Files volume. If you want users to execute a VINES command under another name, create a batch file that refers to the VINES program file. For example, a batch file named MENU.BAT could invoke MUSER.COM. Keep a record of any VINES program files that you have moved or modified. You need this information when you back up and restore VINES Files. Do not add any non-commercial software to VINES Files or any other file service unless you have tested the software on a stand-alone (non-networked) workstation. Develop guidelines for adding non-commercial software and distribute those guideline to all administrators and users.
Managing VINES Services has more information about the VINES Files volume.
This section describes the special services that are included with the base VINES software.
These services include:
Netbios service STDA
You can start, stop, or reconfigure these services at any time. You can set up user access through the user profile, through DOS batch files, or by having users run VINES or DOS commands.
Netbios services let DOS users run application programs that require the Netbios protocol. These services do not need any special hardware.
A Netbios service consists of workstation-resident Netbios emulation software and a service on the native VINES server. For proper addressing, all users of a given program that requires the Netbios interface must use the same Netbios service. They can do so from any workstation, anywhere on the network.
To manage a Netbios service for DOS users, you add it to a group, configure user workstations to load a resident program, then make it available to users. Netbios requires no configuration or day-to-day management. For more information on Netbios for DOS users, see Managing Workstations.
VINES supports OS/2 user applications that are based on the Named Pipe interface or DOS Netbios applications that run in a DOS session.
The Named Pipe interface is a distributed application interface that requires each participating network workstation to use a unique name to identify itself.
The Named Pipe interface uses the Universal Naming Convention (UNC) to assign unique computer names and to translate them into network addresses in a way that is transparent to the application. The UNC identifier originates from the Netbios Name Space standard.
In a Banyan network, you create a central name registration service on a VINES server. One registration service can be used by Netbios and Named Pipe applications concurrently, as illustrated in Figure 7-3.
Netbios name registration is a service type, and like other VINES service types (such as file services), you may assign the service a name of your choice. You can create up to two Netbios name services per VINES Server.
Workstations that need to share data managed through a Netbios or Named Pipe application (or some combination of them) must use the same registration service. Workstations can use only one service at a time.
With VINES, the service that provides the Netbios Name Space is not restricted to a particular LAN segment. The workstations that use the service can be located anywhere on the network.
The Netbios name registration service emulates the Netbios Name Space on a Banyan network. The Netbios Name Space allows for 16 names per machine (or workstation). Netbios can register up to 16 names. A Named Pipe application registers only the machine name.
StreetTalk Directory Assistance (STDA) is a service that allows users and administrators to look up the names of users, lists, file, print, and other services located on their Banyan network. STDA contains a subset of the information that the StreetTalk naming service contains.
STDA is very useful for administrators who want to add or manage services. For example, you can run STDA from within StreetTalk Explorer or the MSERVICE program when you are adding or searching for a service name. To run STDA from within MSERVICE, load STDA with the STDIRECT command, run the MSERVICE program, and enter the STDA hotkey on the appropriate screen to display a list of services on the network.
Chapter 8 presents ideas, planning information, and a check list for setting up STDA. The User's Guide for DOS and OS/2 explains how to use STDA. Managing Users and StreetTalk describes how to configure STDA.
Resource Sharing Services
This section describes the resource sharing services. Note that some optional services described in Chapter 11 also provide resource sharing.
AppleTalk Filing Protocol (AFP) Service File services Print services
The AFP service is enabled on a native VINES server when you purchase the VINES Option for Macintosh. File and print services are provided with base VINES software.
Note: StreetTalk for Windows NT does not support the AFP Service.
AppleTalk Filing Protocol (AFP) Service
To support Macintosh users, a native VINES server must run the AppleTalk Filing Protocol (AFP) service. This service comes up automatically when VINES is installed and AppleTalk is started and configured. It lets Macintosh users access files stored on a server. The AFP service communicates with the VINES Security Service and VINES file services to let Macintosh users access a Banyan network and mount file volumes stored on a native VINES server.
A VINES AFP service lets a server operate like an AppleShare file server for Macintosh computers on a Banyan network. AppleShare is a service on an Apple file server that lets Macintosh users access files on the server. Both VINES and AppleShare use the AppleTalk protocols as a base.
The AFP service has a configuration program that lets you map a DOS file extension to a Macintosh icon and enable or disable Guest Logins.
In addition to the AFP service, you must start a VINES file service for Macintosh users to access a file volume on a native VINES server.
If your network does not have any Macintosh computers, you should stop the AFP service to save server memory. If your network has Macintoshes but your server is only acting as a router, you should also stop the AFP service. If AppleTalk protocols are not started on your server, the AFP service automatically becomes inactive after two hours.
If you need to run AFP, monitor how much memory it uses.
File services provide a full-function, multi-user file system on server disks. To a user, these services appear to be fixed disks in a workstation.
On a network that includes Macintosh computers, an AppleTalk Filing Protocol (AFP) service must also be running so that Macintosh users can access files controlled by the file service.
Chapter 9 presents ideas, planning information, and a check list for setting up file services.
VINES print services allow users to share printers connected to servers or workstations on the network. Users can select specific printers at any time or establish default printers in their profiles to handle their requests.
Chapter 10 presents ideas, planning information, and a check list for setting up print services.
Naming and Assigning Services
You should give each special service an item name that describes what it does and add it to a group of related items. Use care when adding a service to a group because how you do this influences network performance for users. Services that you must name include the file and print services, described in Chapter 9 and Chapter 10.
Chapter 3 discussed how resources are named in a Banyan network. The next section discusses the importance of choosing the proper location for the services that you create. (Special considerations apply to STDA, which is described in Chapter 8).
Note that some services (for example, StreetTalk and the VINES Security Service) have a name when they start. You do not have to assign them a name and you cannot change their names.
Each service belongs to a group that a particular server maintains. That server is involved whenever someone uses the service. Services also use resources, such as disk space, on a particular server. You choose the server when you add the service to the system.
Whenever possible, add a service to the server that maintains its StreetTalk group. If the service and its group are on one server, VINES can find out everything about the service from the server on which it resides. Figure 7-4 shows this arrangement.
If the service and its group are located on two different servers, VINES has to look in two places for information. First it has to look up the name on one server and then it has to go to the other server to access the information it needs.
Figure 7-5 shows how this process adds traffic to the network and reduces efficiency.
If a service and its group are on different servers and the connection between the two servers is broken, StreetTalk Explorer or the MSERVICE and OPERATE programs may display the service status as "inconsistent." Always put a service and its group on the same server to avoid this situation.
Worksheet for Service Planning
You can use the Service Planning Worksheet, shown in Figure 7-6, to identify any file, print, STDA, or optional services that you start and configure. The worksheet is in Appendix A. You might want to read Chapter 8, Chapter 9, and Chapter 10 and Managing VINES Services before you fill in the worksheet.
Macintosh Naming Rules
As a general guideline, you should create file or print service names that are less than 31 characters long. Names longer than 31 characters can't fit in the Chooser, which displays them. If the service names are longer than 31 characters, the AFP and PostScript print services truncate the names automatically. To avoid name collisions on the network, the services also make the names unique.
To minimize confusion for Macintosh users, either use short names or give users a list of the service names and their truncated counterparts. Note, however, that if the names are longer than 31 characters, the user's ability to access the service is not affected.
Administrator's Check List
Complete the tasks in this list to ensure that you have properly planned for managing Banyan software:
Decide what access users will have to drive Z, the volume that stores VINES Files. In a multilingual environment, make sure that all necessary locations are available to users. If you intend to modify VINES Files, begin to plan those modifications. Think about where you will put special services, especially file and print services, that you will require. Stop the AFP service on a native VINES server if your network does not have any Macintosh computers. Monitor its memory usage if you must run it. Read Chapter 11, which describes other optional services (for example, Asynchronous Terminal Emulation and 3270/SNA) you might require.
When you finish reading this chapter, you should be familiar with these terms:
Logging in - The process of initiating entry into a Banyan network. A user must provide a valid StreetTalk name and password.
Netbios Service - VINES software that provides a directory of machine names. The service enables an application client to locate an application server.
Server Service - A standard Banyan utility service, named SS@servername@Servers, that is created automatically on each server. This service handles communications internally within the server, maintains the status of services on the server, and automatically restarts services if a problem occurs. It also coordinates network time throughout the network.
STDA (StreetTalk Directory Assistance) - A Banyan directory service that lets users look up the names of users, lists, and services located on their Banyan network. STDA software has a terminate-and-stay-resident (TSR) program that lets DOS and Windows 3.1 users access STDA from anywhere in a Banyan network.
VINES Files Service - A Banyan service containing programs that let administrators and users access network resources. The full name of the service is VINES Files@servername@Servers, and it is automatically mapped by VINES to drive Z.
VINES Security Service - Banyan software that enforces network security and authenticates all requests to access or modify information. This service is automatically created when VINES or StreetTalk for Windows NT is installed.
For more information on the topics discussed in this chapter, see the following books in the VINES documentation set: