SVR312 Windows and UNIX Interoperability and Migration A Demonstration of Windows and UNIX Integration Chris Green René J Michau UNIX Integration and Migration Specialist Microsoft Australia [email protected] Manager Platform Services National Australia.
Download ReportTranscript SVR312 Windows and UNIX Interoperability and Migration A Demonstration of Windows and UNIX Integration Chris Green René J Michau UNIX Integration and Migration Specialist Microsoft Australia [email protected] Manager Platform Services National Australia.
SVR312 Windows and UNIX Interoperability and Migration A Demonstration of Windows and UNIX Integration Chris Green René J Michau UNIX Integration and Migration Specialist Microsoft Australia [email protected] Manager Platform Services National Australia Bank [email protected] This Session … is not a UNIX vs Windows argument session is not a UNIX to Windows business case session is about integration of infrastructure and apps is a practical session with demos is about Services for UNIX 3.5 available for free from http://www.microsoft.com/unix Microsoft and Open Standards Interoperability Network Management NetWare Novell NDS, Exchange, Services UNIX NIS, Services for Active iPlanet, NetWare Directory Standards Novell IPX Kerberos Groupwise, Macintosh Lotus TCP/IP LDAP Identity Notes Services Integration for DHCP HTTP Server Macintosh PKI Host DNS Integration IBM, Server Amdahl, Services for Hitachi UNIX XML WBEM BizTalk Sun Solaris, HP/UX, Linux, Tru64, IBM AIX Data App services: OLE DB, ADO,ODBC, XML,SOAP SQL Server, Oracle, Informix, IBM DB2 XML/ SOAP web services Application What We Will Cover… A Series of Demonstrations User Environment Development Environment File Systems UNIX Interoperability and Migration What’s New in R2 Systems Management Identity Management What We Will Cover… A Series of Demonstrations User Environment The SFU UNIX Environment UNIX Architecture (simplified) POSIX ANSI Shells, utils, applications /usr/lib System Call API Loadable modules UNIX Kernel drivers • Simple user/kernel mode architecture • Standards for • API and shell environment (POSIX) • C Libraries (ANSI) • Kernel design vendor independent • Extensible with loadable modules and drivers Windows Architecture and UNIX Architecture UNIX APIs >2,000 pthread X11R6 Tools >350 POSIX OS/2 Session Mgrr Security Input / Output Services For UNIX 3.5 Shell: ksh, tsh, >350 utils, cron, inetd, etc IdM: username map, passwd Synch, NIS NFS: client, server 1 Apache 1.3.29.1 43 FVWM 2.4.15.1 85 2 Apache 2.0.50 44 gd 2.0.33 86 3 atk 1.6.0 45 gdbm 1.8.3.1 87 4 autoconf 2.59.1 46 getopt 1.1.1 88 5 automake 1.9.5 47 gettext 0.14.1.5 89 6 awk 5.4.24 48 Ghostscript 8.15 90 7 bash 3.00 49 GIMP 2.0.0 91 8 bdes 1.0.1 50 glib 2.4.0.2 92 9 biff 1.00 51 gmake 3.80.1 93 10 bind 9.2.3.6 52 GMP 4.1.3 94 11 bison 1.875.1 53 gnuplot 4.0.0 95 12 bsd_pkg 2.4.3 54 grep 1.00 96 13 bzip2 2-1.0.3 55 gSOAP 2.60 97 14 cabextract 1.10 56 groff 1.17.2.2 98 15 caesar 1.10 57 GTK+ 2.4.1 99 16 cat 1.10 58 gzip 1.3.3.10 100 17 catman 1.70 59 Indent 1.00 101 18 cbrowser 0.80 60 install 1.00 102 19 ccache 2.40 61 Jam 2.3.5 103 20 chcase 1.0.1 62 joe 3.30 104 Ascolrm well as other standards built1.00 in… 105 21 1.00open63 Jot 22 Comsat 3.3.8 64 jove Kerberos, 4.16.0.61LDAP, 106 DNS, PKI, DHCP, TCP/IP, 23 ClamAV 0.86 65 jpeg 6b.3 107 WS-*, … 24 cpio 2.5.1 66 Lam 1.00 108 API: POSIX compliant, BSD/AT&T blend Dev: gcc, g++, g77, Visual Studio Downloads: 160+ utilites Lynx 2.8.5 LZO 1.08 man 1.00 m4-gnu 1.4.3 md5 1.1.1 mesg 1.0.1 Midnight Cmndr 3.3.8 mkstr 1.00 mktemp 1.00 mtree 1.00 mutt 1.4.2 mv 1.00 NcFTP 3.19 NEdit 5.40 OpenSSH 4.10 OpenSSL 0.9.8 Pango 1.2.1.1 Pax 1.5.2 PCRE 4.50 pdomain 1.00 Perl 5.8.3 PHP 4.3.6 HTTP, XML, HTML, Pine 4.33.1 pkg-config 0.15.0.1 127 shed 1.10 128 sort 1.0.1 129 sqid 2.5.10 130 stat 1.00 131 su 1.20 132 sudo 1.6.6.8 133 Syslogd 1.1.1 134 texinfo 4.6.1.1 135 tar-gnu 1.13 136 Tcl 8.4.6 137 Tk 8.4.6 138 TkMan 2.2.1 139 tcsh 6.14.0.0 140 TIFF 3.7.2 141 trek 1.0.1 142 units 1.80.1 143 unixODBC 2.2.8 144 unzip 5.52 145 UUCP 1.07 146 Vacation 1.00 147 vim 6.3.78 148 wall WBEM, 1.0.1 SOAP, 149 wget 1.10 150 whatis 1.00 What We Will Cover… A Series of Demonstrations File Systems Demonstration Environment (192.168.1.7x Local only) Linux 2.4 (RedHat 9) AD client NFS client Solaris 10 NIS client NFS server Virtual PC 2005 XP SP2 Dell Latitiude D600 1.6Ghz, 1.5GB, 40GB WS2003 MOM Contoso.com DC DNS SFU 3.5 NFS Client/Server NIS master Administrator bill BILL WS2003 streetmarket.net linus root LINUS RedHat9 File Systems - NFS Client - NFS Server - Security root scott SCOTT Solaris10 NFS – Tips Security Approximations and Mismatches NTFS ACLs rule Big endian vs Little endian NTFS doesn’t recognise UNIX symbolic links NFS Client Avoid hard mounts (default is soft – ensure developers understand) Avoid using PCNFS weak passwd encryption NFS Server Avoid anonymous access – use User Name Mapping Use host, file and directory permissions on NFS shares Limit “Everyone” access on new NTFS drives used for NFS shares Protect audit logs with appropriate NTFS ACLs NFS Server Cluster Better service for hard mounts More detailed information at http://microsoft.com/sfu What We Will Cover… A Series of Demonstrations Identity Management Consolidating User Accounts Interop/migrate Capabilities Username mapping Password Synch NIS Master Kerberos LDAP AD client (Vintela, Centrify) May require AD schema extensions May require agent deployed to UNIX User Name Mapping - Tips UNM Service Install UNM service on DCs to reduce network traffic Use DNS round robin to create a UNM service pool Remember to refresh maps when users are added to systems Backup the mapping files Use the /Mapper/.maphosts file to restrict access to the UNM maps Secure UNIX style /etc/{passwd,group} files if stored on Windows systems Ensure UNIX and Windows group mappings contain the same users/groups Specify the NIS server as well as the domain to avoid NIS master spoofing Migrating NIS maps to AD Use the “Do not migrate (log only)” option first and check warnings Are there any non-standard NIS maps? Understand structure Do not migrate the same NIS domain to multiple AD domains Use Windows to change passwords - disable yppasswd Integrating UNIX and Windows Authentication 2 demos: 1. AD as a NIS Server 2. Vintela Authentication Service What We Will Cover… A Series of Demonstrations Systems Management SMS MOM Systems Management & Monitoring Management Some basic SMS network level discovery OOTB Better SMS with third party products e.g. Vintela VMX Monitoring System Logs UNIX syslogd, syslog(), logger Windows EventLog, EventWrite(), Logevent.exe Capabilities MOM 2005 can monitor UNIX syslogs ISV MOM mgmt packs from: eXc Software, AppMind, Tidal extend MOM for: SAP, Oracle, Linux, Solaris, … Can use MOM regex matching to raise alarms System Monitoring Sys Monitoring Demo Direct UNIX syslog to MOM Confirm events received Define and alarm Confirm alarm raised Further Information http://www.microsoft.com/mom http://www.excsoftware.com http://www.appmind.com http://www.tidalsoft.com/Public/products_horizon_for_sap.html Create a MOM syslogd provider http://support.microsoft.com/default.aspx?scid=kb;en-us;297443 What We Will Cover… A Series of Demonstrations Development Environment Porting Shell scripts Differences \ /; C:\ /dev/fs/C; /dev/… OS specific commands such as format and newfs etc. System configuration paths e.g. /etc/system Kernel level utilities such as snoop, iptrace, etherfind, etc. Capabilities Unix STDOUT/IN Windows STDIN/OUT {interix cmd} | {windows command} {windows command} | {interix command} Common NTFS file system ps –efw|sed ‘s/ */,/g’ > /dev/fs/C/tmp/file.csv; excel c:\\tmp\\file.csv More information http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnucmg/html/ucmglp.asp Porting C code to Interix Capabilities POSIX compliant SVR4 and BSD libraries ANSI ‘C’ pthread support Shared memory support GNU tools included Typical configure, make, make install cycle Tips Often need the “–D _ALL_SOURCE” to open up the preprocessor name space to override the default _POSIX_SOURCE Interix process cannot link in Win32 DLLs Win32 apps can start Interix processes (eg wrapping) Further Information http://www.microsoft.com/unix http://www.microsoft.com/windowsserversystem/migrate/unix/resources/default.mspx Porting to Interix (it’s just another UNIX) Re-platform UNIX to Windows? Source code exists? ISV Windows version exists? Y Port, re-write or wrap UNIX to Interix? Source code understood, documented, maintained? Y Source code POSIX ANSI C? N Y Been ported before? N N Y Plan to enhance? N N Y Continue to run host platform? Y Consider Interix port Consider .Net re-write Consider .Net/ SOA wrapper Is the source available? Is the app dev or maintenance? Is the source ANSI/ISO C? Does the source use POSIX libraries? Planning to exit the platform? Demo Public domain UNIX source configure, make, run Porting to Interix Eg. Build & Run Apache Download the Apache HTTPD Server UNIX source from apache.org httpd-2.0.53.tar.gz Use this command line to set build vars CPPFLAGS="-D_ALL_SOURCE -I/usr/local/include" \ CXXFLAGS="-D_ALL_SOURCE -I/usr/local/include" \ CFLAGS="-D_ALL_SOURCE -I/usr/local/include" \ LDFLAGS="-L/usr/local/lib" \ ./configure --prefix=/opt/apache Add "|| defined(__INTERIX)" to the #if defined... line in the server/mpm_common.c file to avoid the _setgroups undefined error message while linking #if defined(QNX) || defined(MPE) || defined(BEOS) || defined(_OSD_POSIX) || defined(TPF) || defined(__TANDEM) || defined(OS2) || defined(WIN32) || defined(NETWARE) || defined(__INTERIX) make install Change "User nobody" to a valid Windows account name (preferably one with low privileges in {INSTALLDIR}/conf/httpd.conf {INSTALLDIR}/bin/appachectl start Migrating UNIX C to Win32 Differences fork()/exec() CreateProcess() Signals events/messages pthread_create() CreateThread() /etc/passwd AD File mode bits security Object ACL based security Syslogd Event Log Daemons Services Capabilities Shared memory through mmap files Wrap UNIX app with System.Diagnostics.Process.Start(ProcessStartInfo psi) Further Information Chapter 9 of the UNIX Migration Guide http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnucmg/html/UCMGch09.asp Extending UNIX Apps With .Net Why? An option for stable UNIX code with delicate or mysterious source code No change to existing application Expose an existing application as a service How? System.Diagnostics.Process.Start(ProcessStartInfo psi); and System.Forms; or System.Web.Services Another demo!.. We have a Hands On Lab From this to this… $ tide -location Seattle Seattle, Washington Units are feet High Tide: 2004-02-25 Low Tide: 2004-02-26 High Tide: 2004-02-26 Low Tide: 2004-02-26 High Tide: 2004-02-26 Low Tide: 2004-02-27 High Tide: 2004-02-27 Low Tide: 2004-02-27 High Tide: 2004-02-28 Low Tide: 2004-02-28 High Tide: 2004-02-28 Low Tide: 2004-02-28 High Tide: 2004-02-29 Low Tide: 2004-02-29 High Tide: 2004-02-29 Low Tide: 2004-02-29 High Tide: 2004-03-01 Low Tide: 2004-03-01 High Tide: 2004-03-01 Low Tide: 2004-03-01 High Tide: 2004-03-02 $ 9:10 2:25 8:25 3:26 10:30 3:16 8:56 4:20 12:07 4:25 9:34 5:21 1:37 6:03 10:24 6:24 2:42 7:45 11:27 7:22 3:28 PM AM AM PM PM AM AM PM AM AM AM PM AM AM AM PM AM AM AM PM AM PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST PST 9.07 5.30 10.65 1.85 8.94 6.56 10.11 1.66 9.13 7.58 9.62 1.45 9.66 8.15 9.23 1.15 10.28 8.15 9.01 0.74 10.82 … COM wrapper with no UNIX source code changes Extending UNIX Apps with .NET What We Will Cover… A Series of Demonstrations What’s New in R2 UNIX Interop functionality in R2 “Services for UNIX” Top-level OCM Components (optional install) Windows Subsystem for UNIX-based Applications (SUA) Active Directory Services Interix Subsystem User/Name Mapping NFS Server Administration Components Password Synchronization Server For NIS Other Network File and Print Services Microsoft Services for NFS NFS Client NFS Gateway Enhanced Telnet Tools/Utils/SDK Deprecated AS Perl NFS Gateway PCNFS CDFS, FAT, FAT32 support NIS schema and Kerberos authentication extensions Identity Management for UNIX Password Sync Server for NIS Next generation of Interix functionality Mapping Server NFS AdminUI NFS client NFS server Portmap RpcXdr Server for NFS Authentication Web Download Utilities and SDK for UNIX-based Application Base Utilities SVR-5 Utilities Base SDK GNU SDK GNU Utilities UNIX Perl Visual Studio Debugger Add-in UNIX Interop functionality in R2 What’s new in the R2 Subsystem for UNIX Applications (SUA) x64 Support Full 64bit support Not Itanium Visual Studio integration for SUA apps Full compile/debug support Can compile C and C++ apps Requires Whidbey WS-Federation Web Single Sign On ADFS Mixed-mode processes Ability to link to Windows DLLs from SUA processes Resulting mixed-mode process can make both SUA and Windows API calls in the same process Easier evolution path for ported UNIX applications and tighter integration with Windows development tools What We Have Covered A Series of Demonstrations User Environment Development Environment File Systems UNIX Interoperability and Migration What’s New in R2 Systems Management Identity Management Integrating UNIX and Windows Sys Admin Teams René J Michau Manager Platform Services National Australia Bank [email protected] Summary SFU is a full-featured UNIX running in parallel to Win32 on the NT Kernel. Migrating a UNIX Application to SFU is generally no more difficult than migrating to another flavor of UNIX (i.e. Linux). SFU facilitates Consolidation of UNIX and Windows Servers to mainstream x86 (x64) hardware. Interoperability between the two Platforms may add Value to UNIX Applications Pricing ($0) and integration into R2 reflects Microsoft’s commitment to interoperability and making it available to all Windows customers. Your To Do List Download and install SFU 3.5 http://www.microsoft.com/unix Familiarise yourself with the interop capabilities http://www.microsoft.com/unix http://www.microsoft.com/interop http://www.windowsforunixpros.com http://www.interopsystems.com Get to know and understand the “other” guys Understand common problems/requirements Share solutions Demonstrate capabilities Make a difference Consolidate systems, processes and teams Save your company some money Update your resume Contact [email protected] if you need help We invite you to participate in our online evaluation on CommNet, accessible Friday only If you choose to complete the evaluation online, there is no need to complete the paper evaluation [email protected] http://blogs.msdn.com/chris.green © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.