Document revision date: 5 July 2000

Order Number: AA--PV4FE--TE

This guide provides an overview of the Compaq Distributed Computing Environment (DCE) for OpenVMS VAX and OpenVMS Alpha and describes value-added features provided with Compaq DCE.

Revision/Update Information: This guide supersedes the Compaq DCE for OpenVMS VAX and OpenVMS Alpha Product Guide Version 1.5.

Operating System: OpenVMS VAX Version 6.2 or higher
OpenVMS Alpha Version 6.2 or higher

Software Version: Compaq DCE Version 3.0

Compaq Computer Corporation
Houston, Texas

© 2000 Compaq Computer Corporation

Compaq, VAX, VMS, the Compaq logo, and the DIGITAL logo Registered in U.S. Patent and Trademark office.

OpenVMS is a trademark of Compaq Information Technologies Group, L.P.

Microsoft, MS-DOS, Windows, and Windows NT are trademarks of Microsoft Corporation.

OSF/1 and UNIX are trademarks of The Open Group.

All other product names mentioned herein may be the trademarks or registered trademarks of their respective companies.

Confidential computer software. Valid license from Compaq required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Compaq shall not be liable for technical or editorial errors or omissions contained herein.

The information in this publication is subject to change without notice and is provided "AS IS" WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK ARISING OUT OF THE USE OF THIS INFORMATION REMAINS WITH RECIPIENT. IN NO EVENT SHALL COMPAQ BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING SHALL APPLY REGARDLESS OF THE NEGLIGENCE OR OTHER FAULT OF EITHER PARTY AND REGARDLESS OF WHETHER SUCH LIABILITY SOUNDS IN CONTRACT, NEGLIGENCE, TORT, OR ANY OTHER THEORY OF LEGAL LIABILITY, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

The limited warranties for Compaq products are exclusively set forth in the documentation accompanying such products. Nothing herein should be construed as constituting a further or additional warranty.

ZK6532

The Compaq OpenVMS documentation set is available on CD-ROM.

Contents

Index

The Compaq DCE for OpenVMS VAX and OpenVMS Alpha Product Guide provides users of the Compaq Distributed Computing Environment (DCE) with the following information:

• An overview of DCE and the contents of the Compaq DCE product.
• The differences between using DCE of OSF/1 and on OpenVMS systems.
• The value-added features provided with Compaq DCE.

Intended Audience

This guide is intended for:

• Experienced programmers who want to write client/server applications.
• Experienced programmers who want to port existing applications to DCE.
• System managers who manage the distributed computing environment.
• Users who want to run distributed applications.

Document Structure

This guide is organized as follows:

• Chapter 1 provides an overview of the Compaq DCE product and describes its contents, restrictions, and additional features.
• Chapter 2 describes the DCE system configuration utility.
• Chapter 3 describes interoperability and compatibility issues.
• Chapter 4 discusses using the kit with DECnet networks.
• Chapter 5 discusses authenticating RPC using Microsoft's NT Lan Manager.
• Chapter 6 provides information about the names of DCE files and directories.
• Chapter 7 provides information about developing applications on OpenVMS VAX and OpenVMS Alpha systems.
• Chapter 8 provides information about Integrated Login.
• Chapter 9 provides tips on intercell naming.
• Chapter 10 describes the Enhanced Browser for viewing the CDS namespace.
• Chapter 11 describes general enhancements to the IDL compiler.
• Chapter 12 describes debugging support for RPC applications.
• Chapter 13 contains information for developing distributed VAX FORTRAN programs on OpenVMS systems.
• Chapter 14 provides checklists and troubleshooting hints.
• Chapter 15 describes the example programs supplied with the Application Developer's Kit.
• The appendix describes the namespace editor (NSedit), a system management tool.

Related Documents

For additional information about OpenVMS products and services, access the following World Wide Web address:

http://www.compaq.com/

For DCE specific documentation, access the following World Wide Web address:

http://www.compaq.com/commercial/dce/dce_index.html

Reader's Comments

Compaq welcomes your comments on this manual. Please send comments to either of the following addresses:

Internet	openvmsdoc@compaq.com
Mail	Compaq Computer Corporation OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698

How To Order Additional Documentation

Use the following World Wide Web address to order additional documentation:

http://www.compaq.com/

If you need help deciding which documentation best meets your needs, call 800-282-6672.

Conventions

VMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references in this document to OpenVMS Clusters or clusters are synonymous with VMSclusters.

The following conventions are also used in this guide:

Ctrl/ x	A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.
italic text	Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where device-name contains up to five alphanumeric characters).
UPPERCASE TEXT	Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.
Monospace type	Monospace type indicates code examples and interactive screen displays. In the C programming language, monospace type in text identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.
Case-sensitivity	OpenVMS operating system commands do not differentiate between uppercase and lowercase. However, many DCE commands do make this distinction. In particular, the system configuration utility interprets names in a case-sensitive manner.

Distributed computing services, as implemented in the Compaq Distributed Computing Environment (DCE), provide an important enabling software technology for the development of distributed applications. DCE makes the underlying network architecture transparent to application developers. It consists of a software layer between the operating system/network interface and the distributed application program. It provides a variety of common services needed for development of distributed applications, such as name and time services, and a standard remote procedure call interface.

Compaq DCE for OpenVMS VAX and OpenVMS Alpha provides a means for application developers to design, develop, and deploy distributed applications. This release supports both the OpenVMS VAX and OpenVMS Alpha operating systems.

1.1 Kit Contents

Compaq DCE for OpenVMS VAX and OpenVMS Alpha consists of the following distributed computing technologies:

• DCE Remote Procedure Call (RPC) --- Allows you to create and run client/server applications.
• DCE Cell Directory Service (CDS) --- Provides location-independent naming for servers.
• DCE Distributed Time Service (DTS) --- Provides synchronization of time in distributed network environments.
• DCE Security Service --- Provides secure communications and controlled access to resources.
• Threads --- Provides user control and synchronization of multiple operations.
• Interface Definition Language (IDL) Compiler --- Provides the compiler required for developing distributed DCE applications.

Compaq DCE for OpenVMS has four kits available:

• Runtime Services Kit
• Application Developer's Kit
• CDS Server Kit
• Security Server Kit

Note that the right to use the Runtime Services Kit is included as part of the OpenVMS license. The other kits each require a separate license. You must install a kit on each system that will use DCE services.

The following sections list the contents of each of these kits.

1.2.1 Runtime Services Kit

The Runtime Services provide the basic services required for DCE applications to function. The Runtime Services Kit contains the following:

• Authenticated CDS Advertiser and Client Support
• CDS Browser
• CDS Control Program (cdscp)
• Authenticated DCE RPC runtime support (supports DECnet, TCP/IP, and UDP)
• RTI (Remote Task Invocation) RPC for Compaq's ACMSxp TP product
• Security Client Support
• Integrated Login
• A DCE_LOGIN tool for obtaining credentials
• A RGY_EDIT tool for registry maintenance functions
• KINIT, KLIST, and KDESTROY Kerberos tools
• An ACL_EDIT tool for access control lists (ACLs) for DCE objects
• RPC Control Program (rpccp)
• Native Kerberos
• XDS Directory Services
• XDS Object Managment
• NTLM Security support
• New APIs which support impersonation
• DCE Control Program (dcecp)
• Authenticated RPC runtime support (supports DECnet, TCP/IP, and UDP using NTLM security protocol on OpenVMS Alpha Version 7.2-1 and higher.)
• LDAP client support for nsid and gda

The Application Developer's Kit is used by developers to build DCE applications. The Application Developer's Kit contains the following:

• The above contents of the Runtime Services Kit
• Required DCE application development header files
• Interface Definition Language (IDL) compiler
• Object-Oriented RPC
• Generic Security Service (GSSAPI)
• LSE Templates for IDL
• Include (.H) files and .IDL files for application development
• Sample DCE applications
• An aid for porting MS RPC applications to DCE RPC applications

The CDS Server kit provides the naming services necessary for DCE clients to locate DCE server applications. The CDS Server kit includes the following:

• CDS server (cdsd)
• Global Directory Agent (GDA)
  The Global Directory Agent (GDA) lets you link multiple CDS namespaces using the Internet Domain Name System (DNS), X.500, or LDAP.
• Name Services Interface Daemon (nsid); also known as the PC Nameserver Proxy

The Security Server kit provides the security services necessary for authenticated RPC calls between DCE client and server applications to function. The kit includes the following:

• Security server (secd)
• Tool used to create the security database (sec_create_db)
• Security server administrative tool (sec_admin)
• Auditing support

Compaq DCE is supported on OpenVMS VAX Version 6.2 or higher and on OpenVMS Alpha Version 6.2 or higher.

This version of Compaq DCE provides RPC communications over the following network protocols:

• UDP/IP
• TCP/IP
• DECnet Phase IV or DECnet/OSI

DCE on OpenVMS allows the user to select specific network protocols rather than defaulting to any on the supported list. You may restrict DCE to one or more specific protocols by setting the systemwide logical name RPC_SUPPORTED_PROTSEQS to a list of network protocols, delimited by colons. The following example restricts DCE to only TCP/IP and UDP/IP protocols (disabling DECnet):

$ define/system/exec RPC_SUPPROTED_PROTSEQS ncacn_ip_tcp:ncadg_ip_udp

1.4 Online Help and Online Manual Pages

Compaq DCE provides online help for both the management of DCE services and the development of distributed applications. This DCL help is organized to maintain the reference page categories established in the OSF DCE documentation and online reference pages. These categories are user commands (1), application development support (3), driver and networking support (7), and administrative support (8).

To access the DCE reference information, use the HELP command. You can get extensive help on the following DCE top-level topics:

DCE_CDS DCE_DTS DCE_IDL DCE_INTRO DCE_RPC DCE_SECURITY DCE_THREADS

For example, to get help on DTS, enter the following command:

$ HELP DCE_DTS

1.5 Restrictions When Using Compaq DCE

Compaq DCE Version 3.0 for OpenVMS VAX and OpenVMS Alpha does not provide all the functions of the full OSF DCE. The following components are not included in this DCE product; however, the full OSF documentation is included.

• DCE Distributed File Service (DFS)
• DCE Diskless Services

The threads interface is an important part of the architecture for DCE, and the DCE services rely on it. POSIX Threads Library (formerly DECthreads) is provided as part of the OpenVMS VAX and OpenVMS Alpha operating systems.

Refer to the Guide to DECthreads in the OpenVMS operating system's documentation set for information about threads.

1.7 Using RPC Without CDS or Security

To use RPC only, you begin a configuration as follows:

$ @SYS$MANAGER:DCE$SETUP.COM CONFIGURE or $ @SYS$MANAGER:DCE$RPC_STARTUP

The DCE Configuration Menu is displayed. From this menu, choose the RPC_Only option. This option lets you use DCE RPC without a DCE cell. This option requires applications to use string bindings instead of the name service to find servers.

To communicate with an RPC server, an RPC client needs the server binding information. The server binding information includes the protocol sequences that the RPC server supports and the location (node name or node address) of the RPC server. When the RPC server is started, it registers its endpoints with the RPC daemon. It also exports the binding information to the name server if the name server exists. The RPC client then gets the binding information from the name server. When the name server is not available, the binding information must be provided to the RPC client through other mechanisms.

Users can incorporate in their RPC server code a mechanism for broadcasting the binding information on the network. However, this may not be a desired short-term solution. An easy workaround is for the users to pass the string binding to the RPC client and have the RPC client call the RPC routine to convert the string binding. In this case, the users who are running the RPC client need to know two things:

• Protocol sequences that the RPC server supports. For example: ncacn_ip_tcp, ncadg_ip_udp, and ncacn_dnet_nsp.
  Note that the RPC client may encounter a communication error if it picks a transport that is not supported by the server.
• Location of the RPC server (the node on which the RPC server runs). For example: DECnet node name, DECnet address, Internet address, and so on.
  You can get this information by executing the following commands on the server system after the RPC server is started.

  $ RUN SYS$SYSTEM:DCE$RPCCP RPCCP> SHOW MAPPING

See the Test1 example program for an example of using RPC without CDS and DCE Security servers.

1.8 Unsupported Network Interfaces

DCE on OpenVMS supports the user deselection of network interfaces on each system in a DCE cell. Use the logical RPC_UNSUPPORTED_NETIFS, which points to a list of network interfaces delimited by a colon (:) that you do not want to use.

RPC at initialization parses the list of network interfaces defined with the logical RPC_UNSUPPORTED_NETIFS, and builds a global list of network interfaces for deselection by RPC. The global list of network interfaces is parsed to ignore the deselected interfaces.

1.9 Supported Network Addresses

DCE on OpenVMS supports the user selection of network addresses on each system in a DCE cell. Use the logical RPC_SUPPORTED_NETADDRS to point to a list of network addresses delimited by a colon (:) that you want to use.

At initialization, RPC parses the list of network addresses defined with the logical RPC_SUPPORTED_NETADDRS, and builds a global list of network addresses for selection by RPC. The global list of network addresses is parsed to use only the selected addresses.

1.10 Impersonating a Client

DCE Version 3.0 allows a server to impersonate a client. This means that the server may run with the security credentials of the client. The capabilities of the client belong to the server. Table 1-1 lists the APIs that have been added to support this functionality.

Table 1-1 APIs Used to Impersonate a Server

API	Description
rpc_impersonate_client(binding_handle, *status)	Called by the server to act as a client application with the appropriate rights granted to the server.
rpc_revert_to_self(*status)	Called by the server to revert back to its original security context after impersonating a client.
rpc_revert_to_self_ex(binding_handle, *status)	Called by the server to revert back to its original security context after impersonating the client.

1.11 Features of Compaq DCE Not Included with the OSF DCE

Compaq DCE for OpenVMS VAX and OpenVMS Alpha provides the following value-added features to help users develop and deploy DCE applications:

• CDS Enhanced Browser
• IDL compiler enhancements
• RPC Event Logger utility
• Name service interface daemon (PC Nameserver Proxy Agent)
• DCL interfaces to DCE tools
• Integrated Login
• Object-Oriented RPC
• NTLM Security
• Impersonation

The CDS Enhanced Browser contains additional functions beyond those contained in the OSF DCE Browser. See the Enhanced Browser chapter for more information.

1.11.2 IDL Compiler Enhancements

The Compaq DCE IDL compiler includes the following features beyond those documented in the OSF DCE documentation:

• By default, the IDL compiler does not generate stub auxiliary (AUX) files, thus saving space.
• DCE IDL implements an extended array syntax.
• DCE IDL generates runtime routine templates.
• DCE IDL supports the use of Compaq Fortran.

See Chapters 12 to 15 for more information about IDL.

1.11.3 The RPC Event Logger Utility

Compaq provides the RPC Event Logger, which records information about operations relating to the execution of an application interface. See the chapter titled Application Debugging with the RPC Event Logger for details.

1.11.4 Name Service Interface Daemon (nsid) for Microsoft RPC

Compaq provides the name service interface daemon (nsid), also known as the PC Nameserver Proxy Agent, to allow RPC communication with personal computers running the DCE-compatible Microsoft RPC. The nsid enables an RPC application on MS-DOS, MS-DOS Windows, and Windows NT to perform name-service operations that are available through RPC, as if the RPC applications on the PC are directly involved in the full CDS namespace.

For more information on using PCs with DCE, refer to Distributing Applications Across DCE and Windows NT by Teague and Rosenberry.

Beginning with Compaq DCE for OpenVMS Version 3.0, you can use LDAP to access the name service interface daemon in addition to the previous communication methods. To use nsid with LDAP, you must configure the proper DCE environment using the DCE$SETUP.COM configuration program. Refer to the Compaq DCE for OpenVMS VAX and OpenVMS Alpha Installation and Configuration Guide for information on configuring DCE.

	privacy and legal statement
6532_DCE_PG_PRO.HTML