TCPware TCP/IP for OpenVMS provides the proven security, functionality, dependability, and performance required for running mission-critical
applications.
- Secure communications with SSH v1 and v2, SFTP, and SCP servers and clients
- Investment protection with new feature support on OpenVMS v5.5-2 to v7.3-2
- Increased network performance and reliability with Paired Network Interface
- Complete, reliable DHCP solution: DHCP client and server with Safe-failover
- Ease of management with SMTP and FTP statistics and accounting reports
- Advanced printing and troubleshooting with the IETF standards-based Internet Printing Protocol
- Improved performance and security with NFS v3 server
TCPware for OpenVMS is a full suite of TCP/IP applications and services for HP's OpenVMS VAX and Alpha platforms. It enables OpenVMS systems to
participate as fully functional TCP/IP hosts within an intranet and on the Internet. Leveraging existing OpenVMS resources, TCPware enables a VAX or Alpha system
to take advantage of all the services and applications available on the Internet. OpenVMS users can easily exchange e-mail, as well as access and transfer files and
data securely.
TCPware is a robust and reliable stack for systems administrators that are running mission critical applications. TCPware product enhancements include
Secure Shell v2 (SSH), Secure File Transfer Protocol (SFTP), Secure Copy Protocol (SCP), NFS v3 server, advanced Internet Printing Protocol (IPP), and SMTP and
FTP accounting/statistical reports.
Process Software is the best choice for your OpenVMS TCP/IP requirements. Over 5,000 worldwide customers are using our products for their
mission critical networks. Process Software products incorporate leading edge technologies and are backed with a dedicated customer support organization.
TCPware provides several layers of security to protect against unauthorized network access and intruders from the Internet.
SSH is a protocol that provides strong authentication and secure, encrypted communications over unsecured channels. It protects against a wide variety of
potential security breaches such as spoofing, eavesdropping or hijacking of sessions, and man-in-the-middle attacks. Systems administrators can trust that
user files, e-mails, and data will reach their destination securely.
TCPware 5.6 SSH v2 server and client not only encrypts Telnet sessions, but also a wide variety of applications with its port forwarding feature including POP,
SMTP, Oracle database connections and more. Systems administrators can choose which applications to encrypt based on their corporate security requirements,
avoiding unnecessary network overhead.
SSH v2 is more secure than SSH v1 because it uses a host-based authentication exchange called Diffie-Helmann. Diffie-Helmann provides additional security by
eliminating the need for exchanging private keys over the wire. It also allows users the advantage of continually authenticating throughout the entire session. Security
is achieved through multiple levels of user authentication and strong encryption algorithms, including IDEA, DES, 3DES, ARCFOUR, Blowfish, Twofish, AES-128, and
CAST-128.
The TCPware SSH server is flexible, supporting a wide variety of third-party SSH clients on OpenVMS, UNIX, Macintosh, Linus, and Windows platforms. In addition,
managing SSH authentication is simplified with single sign-on support. TCPware SSH works with existing PKI certificates and Kerberos infrastructure.
TCPware 5.6 increases security with SFTP and SCP support. Both protocols allow SSH users to perform secure file transfers across an unsecured network.
It provides systems administrators with the ability to add, move, copy and delete files securely. SFTP and SCP utilize the SSH server and client as a basis for
accomplishing this advanced level of security (see Figure 1) .
Both SCP and SFTP files can be transferred as ASCII, BINARY, or in OpenVMSformat when implementing SSHfile transfer protocol v4 (IETF draft). Support for this
protocol improves file transfer interoperability between different operating systems.
TCPware's access restrictions provide an additional method of security to the network. TCPware's outgoing access restrictions provide systems administrators with
security by controlling those applications local users can or cannot access (such as restricting Web surfing or access to services like FTP or Telnet). TCPware also
imposes incoming restrictions on the remote hosts' access to local services.
TCPware's token authentication provides a cost-effective, flexible security solution for protecting a user's OpenVMS systems from the Internet, and is the only OpenVMS
solution that supports a variety of tokens.
TCPware's packet filtering capability complements existing firewall security by providing an additional security layer on internal networks. It can prevent your site from
receiving datagrams from certain networks or hosts. Datagrams can be filtered by protocol (IP, ICMP, UDP, or TCP), source and destination address, or source and
destination port.
NFS client and server provides transparent and quick access to remote files and directories. New to TCPware 5.6 is a high performance NFS v3 server (RFC 1813).
The NFS v3 server improves performance over the NFS v2 server by reducing the number of calls made between the client and server. File attributes are now returned
during normal operations, therefore separate calls are no longer required. Other restrictions that have been eliminated in the NFS v3 server include the file storage size
can exceed 2-gigabytes and data transfers can exceed 8 KB.
Security is enhanced with a new access permission procedure. This procedure ensures that no unauthorized client can gain access to a server's file objects. The
NFS v3 server is flexible, supporting many of the NFS v2 and v3 clients on the market today.
TCPware includes a DHCP server based on ISC v3 code. Upgrading to DHCP v3 allows more granular control of the DHCP server with client classing and conditional
behavior. Client classing provides systems administrators with the ability to group users, based on their attributes such as MAC address or a client name. Different
privileges can be assigned to these various groups of users. For example, a remote user may be assigned a shorter lease time of 2 hours versus a local user with an
8-hour lease time.
TCPware's DHCP server includes Safe-failover support, a protocol co-authored by Process Software and Cisco Systems. DHCP Safe-failover provides uninterrupted IP
services to clients during network or server failures so that they can reliably obtain IP addresses to connect to corporate resources without the need for a cluster. It increases
the reliability and availability of DHCP services significantly.
TCPware's DNS server is BIND v8.1.2 compliant. This includes Dynamic DNS (DDNS) updates (RFC 2136), DNS notify support (RFC 1996), and enhanced control.
Dynamic DNS updates allow applications (such as TCPware's DHCP server) to modify resource records dynamically. This TCPware feature simplifies systems
administration management, and saves time because the DNS server maintains an up-to-date record of the address space.
TCPware's DNS notify support feature means that when zone changes occur on the primary server, it notifies the secondary server, which initiates a zone transfer
rather than having to wait for the polling interval to expire. Thus, zone changes propagate much faster through the servers.
TCPware's support for BIND v8.1.2 also provides more granular control over server zone transfers, DDNS updates, queries, etc. Control is available on a zone-by-zone
basis, not just on the entire server.
Paired Network Interface support increases performance and reliability. It allows two or more network interface cards (NIC) with their own unique IP addresses to be
connected to the same virtual cable in order to create network redundancy and optimize throughput. Any number of OpenVMS supported NIC types can be used including
Ethernet, Token Ring, Fast Ethernet, FDDI, and ATM.
See Figure 2.
Paired Network Interface support provides network failover, creating network redundancy without adding a second Alpha or VAX system. If one NIC fails in an Alpha or
VAX, information will be transmitted from the second NIC (see Figure 2). Additionally, multiple NICs can be used to increase throughput if a data communications bottleneck
is suspected from the server.
Areas where Paired Network Interface will improve connectivity include e-commerce applications where there are frequent database transactions, multimedia applications
where there is high bandwidth consumption, and any applications where a single server connection is causing delays for clients.
TCPware 5.6 offers new feature support on OpenVMS 5.5-2 or later. TCPware 5.6 provides users with the unique ability to implement new features, without having to go to the
expense or time to upgrade to the latest OpenVMS release. TCP/IP Services for OpenVMS does not support new functionality unless users are running the latest major OpenVMS
release. Users are forced to upgrade to the most current version in order to implement new TCP/IP Services for OpenVMS functionality.
DHCP client allows you to centralize administration of your VAX or Alpha. A DHCP client is needed in order to receive IP addresses from the DHCP server. The DHCP client
saves you time by enabling you to retrieve changes to the DHCP server automatically, versus having to assign IP addresses and DNS servers manually.
TCPware's unique router failover feature enables the configuration of backup default routers. If the default router in use is down, a backup router is automatically used to
complete the communications without interruption.
TCPware includes support for Network Time Protocol (NTP) from v1.0 to v3.5. NTP synchronizes the time of a computer client or server to another server or reference time
source, such as a radio, satellite receiver, or modem.
With TCPware, systems administrators have the option of continuing to support NTP v1.0, upgrade to NTP v3.5, or perform a rolling conversion from NTP v1.0 to NTP v3.5.
Gateway Routing Daemon provides dynamic routing information in order to determine the best path to use between a source and destination host. It is more efficient than
static routing because the systems administrator does not have to update a host's or gateway's routing table manually. GateD determines the best route for a packet to travel
by gathering and using various standard routing protocol information from OSPF (Open Shortest Path First), RIP2 (Routing Information Protocol), route discovery, and others.
Classless Inter-Domain Router assures large organizations of connectivity to their entire network by allowing expansion of the available IP addresses. This can be critical
given today's complex topologies, high traffic loads, and the explosive growth of the Internet. New scaling problems at an unprecedented rate have occurred, including exhaustion
of Class B network addresses, backbone routing overload, and exhaustion of IP network numbers. This feature implements CIDR RFC 1517, 1518, and 1519. Use of
variable-length subnet masks with CIDR solves these problems by allowing for supernetting and aggregating address assignments.
TCPware includes a spam relay filter and an incoming e-mail spam filter. Spam relay support prevents a third-party from sending e-mail using another entity's mail server
location as their source destination. An SMTP filter in the SMTP server is available in order to eliminate spam relay.
The incoming spam filter eliminates unwanted mail from an outside source. Systems administrators can create and maintain e-mail filter rules in a database with source
/destination address combinations and specific header content.
TCPware's SMTP server also supports MIME encoded messages, letting users send files as base64-encoded MIME messages from OpenVMS Mail.
IMAP4 provides an alternative method of accessing messages from a mail server. IMAP4 lets a client e-mail program access messages stored on an OpenVMS server as
if these messages were local. IMAP4 retains the message on the server, either in the inbox or in a folder that the user creates.
The advantage of retaining e-mail messages centrally (using IMAP4) is that if employees work from multiple locations using multiple computer systems (e.g., home or
branch office), they have access to all their e-mail messages regardless of their location and systems used.
TCPware includes a wide choice of file services to access, transfer, and print networked data.
IPP is an open standard protocol developed by the Printer Working Group (under IETF) for printing over the Internet. IPP provides enhancements over the existing commonly
used LPD protocol including the ability for a user to print to a remote printer using the same methods and operations as if the printer was located locally.
Systems administrators using print protocols such as LPD have had to spend a significant amount of time administering printing tasks with limited troubleshooting capabilities.
For example, a systems administrator receives no information on why a print job fails. The TCPware IPP print symbiont provides a reason for a print job failure. This saves time in
troubleshooting printing problems.
The TCPware IPP print symbiont provides standard commands for advanced printer functionality (e.g., double-sided printing) regardless of what printer is being used. No special
programming or training is required by a systems administrator. In addition, when using the TCPware IPP print symbiont, a user will not need to inquire about the functionality of a
particular printer with a systems administrator because this information is provided automatically.
Line Printer Daemon (LPD) print services are supported allowing UNIX or OpenVMS-based hosts that are on a TCP/IP network to access print queues on Alpha or VAX systems.
In addition, users can print to printers connected to terminal servers as well as print from PC clients to OpenVMS print queues via PCNFSD.
Line Printing (LPR) is a feature that allows users the ability to log onto an OpenVMS system and access a printer connected to a UNIX-based workstation.
TCPware supports a range of terminal types, including X terminals. In addition, access to IBM environments is made simpler with support for TN3270 and TN5250.
|
|
| DHCP v3.0 Server with Safe-failover |
Interfaces (APIs) are supported, |
| DHCP Client |
INCLUDING: |
| Dynamic DNS (DDNS) |
BSD Socket Library |
| DNS BIND v8.1.2 |
DEC C/VAX C Socket Library |
| New feature support for OpenVMS v5.5-2 or later |
TCPware/SRI $QIO Interface |
|
UCX $QIO Interface |
| OpenVMS Galaxy LAN over Shared |
ONC/RPC Interface |
| Memory Device |
DECrpc |
| Paired Network Interface Support |
DCE for OpenVMS |
| GateD (RIP v2, OSPF, etc.) |
|
| CIDR |
|
| XNTP v3.5 |
NFS v3 Server |
| PPP |
NFS over TCP, UDP client/server |
| PathMTU Discovery |
FTP |
| Router Failover |
"R" Services |
|
TELNET |
|
|
| Secure Shell v1 and v2 Server and |
|
| Client (SSH) |
SMTP |
| Secure Copy Protocol Server and |
POP3 |
| Client (SCP) |
IMAP4 Mailserver |
| Packet Filtering |
Spam Prevention |
| Incoming Access Restrictions |
|
| Outgoing Access Restrictions |
|
| Token Authentication |
IPP (Internet Printing Protocol) |
| Secure File Transfer Protocol (SFTP) Server and Client |
LPD (Line Printer Daemon), LPR |
| SSHsingle sign-on with support for Kerberos and PKI
certificates |
|
(Line Printer) and printing terminal servers |
| SMTP and FTP statistics and |
TELNET/Stream Printing |
| Accounting Reports |
|
| Throughput Statistics |
|
| Agent X |
DECnet Phase IV over IP, DECnet Plus |
| Start/Stop Individual Services |
PATHWORKS for OpenVMS |
| Centralized FTP Logging |
(Advanced Server) |
| SNMP Reporting Subagent |
IP over DECnet Training |
| TCP dump, ping, etc. |
|
TCPware includes the ability to generate statistical and accounting reports on SMTP and FTP usage to assist with capacity planning, billing, and troubleshooting. FTP accounting
and statistics are based on the Network Monitoring MIB (RFC 2788). Information that is collected on the FTP server includes: user names logged into the server, client and server session
start and end time, amount of data sent and received, total number of files sent and received, number of active connections, and other operational statistics.
SMTP accounting and statistics is based on the Mail Monitoring MIB (RFC 2789). It records a log of each message sent and received. This includes the record's message date, time,
size, “from” and “to” strings. It also provides a count of detected loops.
Throughput statistics assists systems administrators with trouble-shooting by providing information on system performance. Informa-tion is available on the rate data was transmitted
and received in bytes and packets per second.
TCPware supports RFC 2257. Agent X allows the MIB subagents delivered with HP's Insight Manager to manage Open-VMS using TCPware. Host Resource MIB and other MIBs that
ship with HP software can also be used.
TCPware requires OpenVMS AXP v6 or VAX/VMS v5.5-2 or later. Message Router v3.1 or later is required for Simple Mail Transfer Protocol (SMTP) to ALL-IN-1 gateway capability. In
order to enable Kerberos v5 authentication in the SSH server, the HP Open-VMS Kerberos v5 product must be installed
(see http://h71000.www7.hp.com/openvms/products/kerberos/). This restricts support for Kerberos to OpenVMS
Alpha v7.2-2 and higher.
TCPware for OpenVMS is distributed on CD-ROM. It is also available on 9 track 1600 BPI magnetic tape, 4mm DAT, or TK50 cartridge.
Please contact us for a quotation. | 
