MultiNet is a leading TCP/IP for OpenVMS software solution. In addition to providing a reliable backbone for
running mission critical applications, MultiNet also includes:
MultiNet TCP/IP for OpenVMS provides reliability, advanced functionality, and security for running mission-critical applications.
- Secure communications with IP Security (IPSEC) protocol support, SSH v1 and v2 protocol support, SFTP and SCP servers and clients, and Kerberos
v5.0 TELNET server and client
- Investment protection with new features support on OpenVMS v5.5-2 or later, and the ability to run DECnet applications without modification directly over
- Increased reliability and network performance with Paired Network Interface
- New features available on OpenVMS v5.5-2 or later
- Ease of management with SMTP and FTP accounting and statistical reports
- Advanced printing and troubleshooting with the IETF standards-based Internet Printing Protocol
- Complete reliable DHCP solution: DHCP client and server with Safe-failover
MultiNet for OpenVMS is a full suite of TCP/IP applications and services for HPís VAX and Alpha platforms. It enables OpenVMS systems to participate as fully
functional TCP/IP hosts. Leveraging existing resources, MultiNet enables a VAX or Alpha system to take advantage of all the services and applications available
on the Internet. OpenVMS users can easily exchange e-mail, as well as access and transfer files and data securely.
MultiNet is the preferred TCP/IP stack for systems administrators that are running mission critical applications. Process Software provides the most secure,
reliable, and feature-rich TCP/IP stack for OpenVMS. MultiNet offers advanced security and functionality not available in HP's TCP/IP Services. MultiNet v5.0 product
enhancements include IPSEC, SFTP server and client, Kerberos v5 TELNET server and client, GATED, CIDR, ODS-5 for NFS server, and NTP v4.1.1.
Process Software is the best choice for your OpenVMS TCP/IP requirements. We have a proven track record of success within many Global 2000 companies
running mission-critical applications using OpenVMS. Process Software products incorporate leading edge technologies and are backed with a dedicated customer
MultiNet provides several layers of security to protect against unauthorized network access and intruders
from the Internet.
SECURE SHELL V1, V2 (SSH):
SSH is a protocol that provides strong authentication and secure, encrypted communications
over unsecured channels. This transport layer protocol provides server authentication, confidentiality, and integrity with perfect forward secrecy.
MultiNet offers SSH v1 and v2 servers and clients the ability for users to simultaneously use both protocols. SSH v2 uses a more secured host-based
authentication exchange called Diffie Hellman. Diffie Hellman provides additional security by eliminating the need for exchanging private keys over the wire. It also
allows users the advantage of continually authenticating throughout the entire session. Security and flexibility are achieved through multiple levels of user authentication
and strong encryption algorithms, including IDEA, DES, 3DES, ARCFOUR, Blowfish, Twofish, AES-128, and CAST-128.
The MultiNet SSH server and client are flexible, supporting a wide variety of third-party SSH servers and clients on OpenVMS, UNIX, Macintosh, Linux, and Windows
In addition, managing SSH authentication is simplified with single sign-on support. MultiNet SSH works with existing PKI cetificates and Kerberos infrastructure.
SECURE FILE TRANSFER PROTOCOL (SFTP) AND SECURE COPY PROTOCOL (SCP):
MultiNet increases security with SFTP and SCP support.
Both protocols provide a secure mechanism for transferring, copying, or deleting files over networks. SFTP and SCP utilize the SSH server and client as a basis for
accomplishing this advanced level of security (see Figure 1).
Figure 1: SFTP, SCP and SSH Operation
Both SCP and SFTP files can be transferred as ASCII, BINARY, or in OpenVMS format when implementing SSH file transfer protocol v4 (IETF draft). Support for
this protocol improves file transfer interoperability between different operating systems.
IP SECURITY (IPSEC):
IPSEC is a standards-based technology which provides a secure tunnel for transmitting data through an
unsecured network, such as the Internet. IPSECís authentication header (RFC 2402) and IPSEC Encapsulation Security Payload (RFC 2406) are supported in transport
mode, which secures packets between any compliant hosts.
KERBEROS V5.0 TELNET SERVER AND CLIENT:
MultiNetís v5.0 Kerberos TELNET server and client provides strong authentication for
applications by using secret-key cryptography. Once a client and server have used Kerberos to prove their identity, all communications are encrypted to assure privacy and
data integrity. MultiNet runs with Kerberos for HP OpenVMS which is available on the HP website.
INCOMING/OUTGOING ACCESS RESTRICTIONS:Figure 2: Paired Network Interface
MultiNetís access restrictions provide an additional method of security to the network. MultiNetís outgoing
access restrictions provide system administrators with additional security by controlling those applications local users can or cannot access (such as restricting Web surfing
or access to services like FTP or TELNET). MultiNet also imposes incoming restrictions on the remote hostsí access to local services.
PACKET FILTERING AND
ADDITIONAL SECURITY LAYERS:
MultiNetís packet filtering capability complements existing firewall security by providing an additional security layer on internal
networks. It can prevent your site from receiving datagrams from certain networks or hosts. Datagrams can be filtered by protocol (IP, ICMP, UDP, or TCP), source and destination
address, or source and destination port.
ROBUST IP STACK
PAIRED NETWORK INTERFACE
Paired Network Interface support increases
performance and reliability. It allows two or more network interface cards (NIC) with their own unique IP addresses in a VAX or Alpha system to be connected to the same
virtual cable in order to optimize throughput and create NIC redundancy. Any number of OpenVMS supported NIC types can be used including Ethernet, Token Ring, Fast Ethernet,
FDDI, and ATM (see Figure 2).
Network Interface support provides network reliability and increased throughput without the use of additional systems.
Paired Network Interface support provides network
failover, creating network redundancy without adding a second Alpha or VAX system. If one NIC fails in an Alpha or VAX, information will be transmitted from the second NIC. Additionally,
multiple NICs can be used to increase throughput if a data communications bottleneck is suspected from the server. Areas where Paired Network Interface will improve connectivity
include e-commerce applications where there are frequent database transactions, multimedia applications where there is high bandwidth consumption, and any applications where
a single server connection is causing delays for clients.
GATEWAY ROUTING DAEMON (GATED)
GATED provides dynamic routing information in order to
determine the best path to use between a source and destination host. It is more efficient than static routing, because the system administrator does not have to update a hostís or
gatewayís routing table manually. GATED determines the best route for a packet to travel by gathering and using various standard routing protocol information from OSPF (Open Shortest
Path First), RIP2 (Routing Information Protocol), route discovery, and others.
CLASSLESS INTER-DOMAIN ROUTER:
CIDR assures large organizations of connectivity to their entire network by allowing expansion of the available IP addresses.
This can be critical given todayís complex topologies, high traffic loads, and the explosive growth of the Internet. New scaling problems at an unprecedented rate have occurred,
including exhaustion of Class B network addresses, backbone routing over- load, and exhaustion of IP network numbers. This feature implements CIDR RFC 1517, 1518, and 1519.
Use of variable-length subnet masks with CIDR solves these problems by allowing for supernetting and aggregating address assignments.
NEW FEATURE SUPPORT ON OPENVMS V5.5-2 OR LATER:
MultiNet offers new feature support on OpenVMS v5.5-2 or later. MultiNet provides users with the unique
ability to implement new features, without having to go to the expense or time to upgrade to the latest OpenVMS release. TCP/IP Services for OpenVMS does not support new functionality
unless users are running the latest major OpenVMS release. Users are forced to upgrade to the most current versions in order to implement new TCP/IP Services for OpenVMS functionality.
TRANSACTION HASH TABLE:
MultiNet includes a hash table that can more than double throughput performance . This hash table creates ma n y smaller look-up
tables and uses mathematics to calculate the lookup process. F or e xample, tests h a v e indicated that a table with 14,077 entries requires the system to look up only 28 connection entries.
SERVERS AND CLIENTS
MultiNet includes a DHCP server based on the Internet Software Consortiumís (ISC) v3. DHCP v3
allows more granular control of the DHCP server with client classing and conditional behavior. With client classing, clients can be assigned to classes based on information sent in packets,
such as MAC address, the client name, etc. Then address assignments can be made based on the clientís class. For example, a remote user may be assigned a shorter lease time of 2
hours versus a local user with an 8-hour lease time.
This high-performance server also offers Dynamic DNS (DDNS) support and a powerful configuration file format.
MultiNetís DHCP server includes Safe-failover support, a protocol co-authored by Process Software and Cisco Systems. DHCP Safe-failover
provides uninterrupted IP services to clients during network or server failures so that they can reliably obtain IP addresses to connect to corporate resources. It increases significantly the
reliability and availability of DHCP services.
DHCP client allows you to remotely centralize administration of your VAX or Alpha. A DHCP client is
needed in order to receive IP addresses from the DHCP server. The DHCP client saves system administrators time by enabling them to retrieve changes to the DHCP server automatically,
versus having to assign IP addresses and DNS servers manually.
DNS SERVER WITH DYNAMIC DNS:
MultiNetís DNS server is based on BIND
v8.2.4. This version includes DNSSEC and incremental zone transfer. DNSSEC (RFC 2065) provides security when updates are made to the DNS server via zone transfer or DDNS.
DNSSEC ensures that the information is coming from a legitimate source by using authentication.
Incremental zone transfer (RFC 1995) or IXFR improves the performance of a DNS environment. Until BIND v8.2.4, an entire zone was transferred when changes were made to a single
zone record. With incremental zone transfer, the name server (or DNS server) only transfers the changes in a zone, e.g., add or delete a record. Reducing the size and length of zone transfers
is important where there are large zones (e.g., .com) or dynamic environments (e.g., DDNS) for DNS server efficiency.
This version of DNS also supports Dynamic DNS (DDNS)
updates (RFC 2136), DNS notify support (RFC 1996), and enhanced control. Dynamic DNS updates allow applications (such as DHCP) to modify resource records dynamically. This feature
simplifies systems administration management, and saves time because the DNS server maintains an up-to-date record of the address space.
MultiNetís DNS notify support feature
means that when zone changes occur on the primary server, it notifies the secondary servers, which can initiate immediately a zone transfer rather than having to wait for the polling interval to
expire. Thus, zone changes propagate much faster through the servers.
MultiNetís support for BIND provides granular control of which servers are allowed to do zone transfers, DDNS
updates, queries, etc. Control is available on a zone by zone basis, not just on the entire server.
INTERNET PRINTING PROTOCOL (IPP):
IPP is an open standard protocol developed by the
Printer Working Group (under IETF) for printing over the Internet. IPP provides enhancements over the existing commonly used LPD protocol including the ability for a user to print to a remote
printer using the same methods and operations as if the printer was located locally.
System administrators using print protocols such as the LPD print protocol have had to spend a
significant amount of time administering printing tasks with limited trouble- shooting capabilities. For example, a system administrator receives no information on why a print job fails. The MultiNet
IPP print symbiont provides a reason for a print job failure. This saves time in troubleshooting printing problems.
The MultiNet IPP print symbiont provides standard commands for
advanced printer functionality (e.g. double-sided printing) regardless of what printer is being used. A system administrator requires no additional training or programming to use IPP. In addition,
when using the MultiNet IPP print symbiont, a user will not need to inquire about the functionality of a particular printer with a system administrator because this information is provided automatically.
LINE PRINTER DAEMON (LPD):
LPD print services are supported, allowing LPR clients that are on a TCP/IP network to access print queues on Alpha or VAX systems.
LINE PRINTING (LPR):
LPR is a MultiNet feature allowing users to print to an LPD printer server residing on a TCP/IP network.
MultiNet supports a range of
terminal types, including X terminals. In addition, access to IBM environments is made simpler with support for TN3270 and TN5250.
STATISTICS AND ACCOUNTING REPORTS:
New to MultiNet is the ability to generate statistical and accounting reports on SMTP and FTP usage to assist with capacity
planning, billing, and trouble-shooting. FTP accounting and statistics are based on the Network Monitoring MIB (RFC 2788).
Information that is collected on the FTP server includes: user
names logged into the server, client and server session start and end time, amount of data sent and received, total number of files sent and received, number of active connections, and other
SMTP accounting and statistics is based on the Mail Monitoring MIB (RFC 2789). It records a log of each message sent and received. This includes the recordís
message date, time, size, From: and To: strings. It also provides a count of detected loops.
Throughput statistics assists system administrators with trouble- shooting by providing information on system performance. Information is available on the rate data was transmitted and
received in bytes and packets per second.
EASE OF MANAGEMENT:
MultiNet also simplifies network management and configuration by offering a single management
utility. It provides options for installation as a standalone system or on a cluster-wide basis.
MultiNet supports RFC 2257. Agent X allows the MIB subagents
delivered with HPís Insight Manager to manage OpenVMS using MultiNet. Host Resource MIB and other MIBs that ship with HP software can also be used.
The SNMP Subagent provides users with the ability to write their own custom MIBs.
IMAP4 provides an alternative method of accessing messages from a mail server. IMAP4 lets a client mail program access messages stored on an OpenVMS server as if these messages
were local. IMAP4 retains the message on the server, either in the in-box or in a folder that the user creates.
The advantage of retaining e-mail messages centrally (using IMAP4) is that
if employees work from multiple locations using multiple computer systems (e.g., home or branch office), they have access to all their e-mail messages regardless of their location and systems
Moving your OpenVMS systems from DECnet to TCP/IP is
seamless with MultiNet. The DECnet Application Programming Interface (API) for TCP executes applications designed to run over DECnet transparently across TCP/IP. Because no DECnet protocols
are involved, there is no need to run DECnet. No user retraining or applications recoding is necessary. System administrators can perform a rolling conversion from DECnet to TCP/IP at their own
pace while users continue to work uninterrupted.
your OpenVMS systems from DECnet to TCP/IP is seamless with MultiNet. The DECnet Application Programming Interface (API) for TCP executes applications designed to run over DECnet
transparently across TCP/IP. Because no DECnet protocols are involved, there is no need to run DECnet. No user retraining or applications recoding is necessary. Systems administrators can
perform a rolling conversion from DECnet to TCP/IP at their own pace while users continue to work uninterrupted.
MULTINET V5.0 - FEATURES AT A GLANCE
BSD 4.4 Kernel
Paired Network Interface
New Feature Support for OpenVMS v5.5-2 or later
OpenVMS Galaxy LAN over Shared Memory Device
SERVERS AND CLIENTS
DHCP Server with Safe-failover
DHCP Server v3.0
Dynamic DNS (DDNS)
DNS BIND v8.2.4
SMTP and FTP
Statistical and Accounting Reports
Throughput Statistics Start/Stop Individual Services
DECnet Phase IV over IP
DECnet Applications over IP
IP over DECnet Tunneling
Secure Shell v1, v2 (SSH) clients and servers
Secure Copy Protocol (SCP) client and server
Secure File Transfer Protocol (SFTP) client and server
IP Security (IPSEC)
SSH single sign-on with support for Kerberos and PKI certificates
Incoming Access Restrictions
Outgoing Access Restrictions
NFS over UDP or TCP
ODS-5 for NFS Server
SEVERAL APPLICATION PROGRAMMING INTERFACES (APIS) ARE SUPPORTED, INCLUDING:
Socket Library (v4.3 BSD)
DEC C/VAX C Socket Library
MultiNet/SRI $QIO Interface
UCX $QIO Interface
DCE for OpenVMS
IPP (Internet Printing Protocol)
LPD (Line Printer Daemon)
LPR (Line Printer)
MultiNet requires OpenVMS AXP v6.2 or VAX/VMS v5.5-2 or later. Message Router v3.1 or later is required for Simple Mail Transfer Protocol (SMTP) to ALL-IN-1 gateway
capability. In order to enable Kerberos v5 authentication in the SSH server, the HP OpenVMS Kerberos v5 product must be installed
(see http://h71000.www7.hp.com/openvms/ products/kerberos/). This restricts support for Kerberos to OpenVMS Alpha v7.2-2 and
MultiNet is distributed on CD-ROM. It is also available on a TK50 cartridge.
Please contact us for a quotation.