SOFTWARE PRODUCT DESCRIPTION

MultiNet® for OpenVMS

The MultiNet Solution All MultiNet components come com- management and allows you to manage plete with the product and you can con- MultiNet security. Using MULTINET MultiNet is the complete networking figure and operate each one indepen- you can: solution for HP Corporation’s VAX, dently. You can also start and stop each Alpha and Integrity systems. MultiNet * Start and stop network interfaces MultiNet component without re-booting turns VAX, Alpha and Integrity comput- the entire system and affecting other * Configure network hosts dynamically ers into powerful application servers in products. multi-platform environments. It inte- * Add and remove services grates OpenVMS systems with virtually * Provide secondary addresses for clus- any other system through industry-stan- Fast and Efficient ter failover dard TCP/IP. MultiNet takes full advantage of the dis- tinct architecture of OpenVMS for VAX, * Display and modify routing tables The MultiNet Services Alpha and Integrity systems. MultiNet implements lower-layer protocols (TCP, * Display network counters and con- MultiNet is a software product that UDP, IP) as an executive image, focus- nections includes several services and utilities, ing on minimal CPU loading. This pro- and provides support for the TCP/IP pro- * Enable gateway and multicasting sup- vides peak performance so that MultiNet tocols. You can configure each product port integrates cleanly into the OpenVMS component on your system in any man- environment. ner that suits your needs. Configuration Support With support extended now to Open- The MultiNet software services include: MultiNet supports VAX, Alpha and VMS versions 5.5-2 through 8.3, Multi- Integrity computers running various ver- * FTP—File transfer services Net supports the OpenVMS Communi- sions of OpenVMS. When each node in cations Interface (VCI), a high-speed * —Virtual terminal services a VMScluster shares a common system interface to , FDDI, and Token disk, the cluster needs to store just one * NFS Client and Server—Network Ring, and ATM and LAN over Galaxy copy of most MultiNet files. You require File System services shared memory drivers, for its TCP/IP only a few system-specific configuration Services. * SMTP—Mail transfer services files on each machine that runs the soft- ware. * SSH—Secure Shell Easy to Install and Operate MultiNet supports Symmetric Multi- MultiNet is easy to install using the Processing (SMP) for OpenVMS. Also The Core Services and Utilities VMSINSTAL installation procedure. It supported by MultiNet are Class A, B, C, At the core of MultiNet are network ser- takes 30 minutes or less to configure all and D (multicast) networks, CIDR and vices (TCP, UDP, IP, and ICMP), TCP/IP services and utilities. A menu-driven IPv6. programming interfaces, and utilities configuration option is available also. that make your VAX, Alpha and Integ- You can control most components in HP Secure Web Server rity computer fully TCP/IP compatible. MultiNet by means of a single utility MultiNet also includes utilities to man- MultiNet supports HP’s secure Web (MULTINET) that simplifies network age and monitor your network. server (Apache). Multiple Interfaces (Paired Network Interface) Support The Core Features of MultiNet... on a Common Ethernet * Provides fast and efficient operation that is designed and optimized for VAX, Alpha Cable and Integrity systems MultiNet supports systems that have multiple interfaces on a common * Installs and operates easily, with no connectivity limitations Ethernet, FDDI, ATM, or Token Ring * Supports most system and hardware configurations, including LAN devices, Fast cable. MultiNet internally links the Ethernet, Serial Line IP, Point-to-Point, and X.25 interfaces together. If an interface fails, a linked interface can be used. If * Follows OpenVMS standards closely for command syntax, basic security, and com- data is to be transmitted on an inter- patibility with standards products, such as TCP/IP Services for OpenVMS face that happens to be busy, MultiNet * Provides access to a wealth of utilities and services, including: assigns the data to the least busy linked interface for transmission. - Domain Name Services (DNS) BIND 9.4.2p (including DDNS) - Berkeley “R” Commands (RLOGIN, RSH, RMT, RCD) and Services, (rlogin, shell, rmt TCP/IP Services for DECnet and ) - Line Printer Services (LPR commands and LPD Server) Applications - Terminal Server Print Services TCP/IP Services for DECnet Applica- - IPP, the Internet Printing Protocol tions (DECnet application services, - SNMP Services, including SNMP Multiplexing (SMUX), and Agent formerly known as Phase IP) lets Extensibility Protocol (AgentX) applications designed to execute over - DECwindows Transport Interface and XDM support DECnet® execute over TCP/IP - Network (NTP) version 4 instead. - TIMED, the Time Synchronization Protocol (TSP) daemon - Master Server Process Dynamic Host Configuration - DECnet over IP (DHCP) v3.0 - PING, TCPDUMP, NSLOOKUP, TALK, and other utilities - FTP and SMTP accounting statistics MultiNet provides a Dynamic Host * Allows additional third-party support via compatibility with HP and other products, Configuration Protocol (DHCP) services, and utilities server that assigns IPv4 network addresses to hosts based on a local * Provides services to maximize network efficiency: reusable pool. DHCP also supports - Dynamic Host Configuration Protocol (DHCP) Server and Safe-failover groups of clients on remote subnets on - Dynamic Host Configuration Protocol (DHCP) Client your network via relay agents. With - Cluster alias failover these features, you can configure local - Multiple gateways, routing, and multi-casting host addresses quickly without relying - Dynamic TCP/IP load balancing on outside sources. DHCP supports - Paired Network Interface support Dynamic DNS (DDNS; see RFC * Provides programming support, including a Socket Library, QIO interfaces, RPC ser- 2136). vices, and TCP/IP Services for OpenVMS compatibility DHCP also includes Safe-failover sup- * Includes security features for Secure Shell (SSH) V1 and V2, Secure Copy Protocol port, which allows for two servers v2 (SCP2), Secure (SFTP), IP Security (IPSEC), access (primary and secondary) to share a restriction, advanced packet filtering, Intrusion Prevention System (IPS), Kerberos configuration and service clients using protocol, and FTP over TLS. the same address pool. The Safe- failover protocol guards against dupli- cation of address assignments during network failures, even if the network is partitioned so the primary and sec- ondary servers cannot communicate and are independently leasing addresses.

2 Dynamic Host Configuration Third-Party Application Network Services (DHCP) Client Support The MultiNet emulation of standard Support The DHCP client resides on the system OpenVMS facilities supports several and dynamically sets the network con- software products developed for compat- Berkeley R Commands and figuration. The MultiNet DHCP client ibility with OpenVMS. For a complete Services communicates with a DHCP server to list of companies and their products, MultiNet incorporates the Berkeley get an IPv4 address and other configura- refer to www.process.com. tion information. It uses this information remote access commands (“R” com- to configure the network parameters of Network Performance mands). These are UNIX client and server facilities for remote access to the system and to start up the network. MultiNet includes services that provide hosts in a TCP/IP network. They include fast and efficient network operation and LAN Devices the RLOGIN remote login command and that minimize downtime. MultiNet operates with standard HP the RSH remote execution command. Ethernet/802.3, FDDI, and Token Ring Gateway Routing Daemon Local users can back up their files on network controllers. DECnet, Local MultiNet includes the Gateway Routing remote (UNIX system) magnetic tapes Area Transport (LAT), and Local Area Daemon (GateD) that consolidates RIP, using the RMT client. Remote users can VMScluster (LAVC) software can share DCN Hello, EGP, BGP, OSPF, and the back up their files on local magnetic these controllers concurrently with Router Discovery Protocol into one dis- tapes using the RMT server. MultiNet. There is also support for ATM tributed routing service. GateD supports controllers by means of the OpenVMS route and protocol masks. GateD The Berkeley R commands use standard Alpha v7.1 (and later) Classical IP over includes a language that is flexible in OpenVMS security facilities plus “host ATM and LAN emulation support. meeting any routing need for IPv4. equivalence” files. For added security, you can use full Kerberos authentication Routing IP-over-X.25 with RLOGIN and RSH. MultiNet supports sending IP datagrams MultiNet includes routing and gateway capabilities for WANs and complex over certain X.25 packet switching net- MultiNet supports RCD which provides LANs. works using HP Computer Corporation’s local users the ability to access remote VAX Packetnet System Interface (PSI) Dynamic TCP/IP Load Balancing CD-ROM drives as if they were local product. You can connect separate TCP/ The Domain Name Services supports drives. IP LANs over packet switching data net- dynamic TCP/IP Load Balancing, pri- works (PSDNs) or other X.25 WANs. marily for TCP-based applications such Path MTU Discovery Serial Line IP (SLIP) as TELNET. This allows the least-loaded Support for Path MTU Discovery You can send IPv4 datagrams over serial systems running MultiNet in a TCP/IP improves performance when large pack- lines using any standard OpenVMS cluster to appear first in response to DNS ets of data are sent over TCP. Path MTU serial line as a SLIP device. Dialup, ded- host name requests. A TCP/IP cluster Discovery causes TCP to segment data icated serial lines, and Compressed SLIP can include independent systems, hosts into the largest datagrams that can be (CSLIP) are supported. anywhere, and several OpenVMS clus- transmitted to the remote host without ters, provided they have TCP/IP connec- fragmentation along the path. Point-to-Point Protocol tivity. MultiNet supports the Point-to-Point Cluster Alias Failover DECwindows Transport (PPP) interface for sending IPv4 data- Cluster Alias Failover lets one node in a Interface grams over serial links. PPP provides cluster take over incoming connection MultiNet contains a DECwindows trans- more enhanced features than the SLIP requests from a client system if the ser- port interface that operates over TCP/IP. interface, such as error detection and vicing node goes down. This lets you run DECwindows applica- automatic negotiation of header com- Cluster Alias Failover is primarily for tions on remote workstations running pression, and supports PAP. UDP applications, such as NFS. How- TCP/IP, and X Window System applica- ever, you can also use Cluster Alias tions on local VAX, Alpha and Integrity PATHWORKS (Advanced Failover with TCP applications, such as workstations. Server), DECnet/OSI Support FTP and TELNET, to establish a connec- MultiNet provides TCP/IP support for tion to the server. X Display Manager Server PATHWORKS (Advanced Server) v5.0 and later, DECnet/OSI v6.0 and later MultiNet provides an X Display Man- through its PWIPDRIVER. ager (XDM) server to manage remote X

3 terminals. When an X display starts, it LPS supports the UNIX commands lpr, tion of system conditions that may need communicates with the XDM server lpq, and lprm, as well as the PRINT attention. The Insight Management through the UDP-based X Display Man- command. LPS includes the LPD server. Agents are available on Alpha systems ager Control Protocol (XDMCP). The with OpenVMS v7.1 or higher, and IPP Print Symbiont XDM server creates a DECwindows Integrity systems. The IPP print symbiont is an OpenVMS login process, which then prompts print symbiont working with the Open- remote X display users to login and cre- VMS printing subsystem to implement Network Time Synchronization ate a DECwindows session. an IPP client. It allows printing over a Facilities network to printers and servers that sup- MultiNet supports two types of time syn- Domain Name Services port the IPP v1.0 network printing proto- chronization between network hosts: MultiNet provides the Domain Name col. The user interface is similar to other Services (DNS) that implement the Ber- print symbionts in that it uses PRINT * version 4 keley Internet Name Domain (BIND) commands or system library calls to sub- NTPv4 is backwards compatible with server standard, version 9.4.2p. You can mit jobs to print queues. The IPP proto- prior protocol versions back to configure DNS for a client or server. col has specific qualifier values and version 2, and version 1 in client/ DNS includes Dynamic DNS (DDNS), queue settings that must be present to server mode. This allows other nodes updates, DNS notify support, and allow the symbiont to function. in the network to be upgraded at a enhanced control. With DNS notify sup- different time with minimal disrup- tion. port, the primary server notifies the sec- SNMP Services ondary servers when zone changes SNMP Services implements the agent * TIMED, the Time Synchronization occur, and the secondary server can then (server) end of the Simple Network Protocol (TSP) daemon immediately initiate zone transfers rather Management Protocol (SNMP). The than wait for the polling interval to agent supports management objects Master Server Process expire. Split views allow a single server defined in the SNMP Management The master server process invokes all to present different translations to inter- Information Base (MIB II), plus sub- server processes, which are present when net (external) and internal users. agents serving private MIBs using an a connection is active. API. Terminal Server Print Services The master server also: SNMP Multiplexing (SMUX) The Terminal Server Print Services * Logs all activity for security monitor- The SNMP Multiplexing (SMUX) pro- allow system managers to configure the ing print queues using standard OpenVMS tocol is an SNMP subagent extension printer operations, including the protocol. Each subagent or peer registers * Can invoke user-written server pro- autostart feature. Users have access to a MIB subtree with the SNMP Agent. cesses IPv4 terminal server-based printers plus Requests for objects residing in a regis- tered MIB subtree are passed from the * Can restrict access to services based printers that connect directly to Ethernet on the source Internet address as they would any other OpenVMS SNMP Agent using the SMUX protocol printer. to the subagent. The subagent passes the result of an SNMP query back to the DECnet over IP Line Printer Services SNMP agent. The DECnet over IP service permits two MultiNet implements the client and machines running DECnet to communi- SNMP Agent X server ends of the BSD 4.4 Line Printer cate using IPv4 links. This is an impor- Agent X is a standardized protocol Protocol for various print devices con- tant service for TCP/IP WANs that might allowing the list of managed objects nected to LPD servers and connected link several local sites running DECnet available from an SNMP agent to be directly to the network. with others that run only TCP/IP. dynamically extended. By using Agent Using LPS, you can: X directly, writers of TCP/IP services Multi-casting MultiNet supports full Class D IP multi- * Print local files on remote printers. can allow the state of the service to be queried and controlled remotely. This casting (IGMP V2 with fallback to * Remove print jobs from remote can be useful if the service does not have IGMP V1) to host groups. Multi-casting queues. a user interface, or runs under batch, or support is available for the UCXDRIVER, INETDRIVER, and * Display job status in remote print as a detached process. The HP Insight Socket Library programming interfaces. queues. Management Agents use the SNMP extensibility provided by Agent X to allow remote examination and notifica-

4 Programming Support * RPCGEN compiler grams, and provides secure encrypted communications between two untrusted * TCP and UDP synchronous trans- hosts over an insecure network. X11 Socket Library ports connections and arbitrary TCP/IP ports MultiNet provides a socket library of C * Broadcast RPC and batch RPC can be forwarded over the secure chan- routines (also accessible from other nel. SSH connects and logs into the spec- * RTL and XDR routines high-level languages) to facilitate appli- ified hostname. cation development. These routines sup- port the UNIX socket functions for raw, Enhanced Security Features The MultiNet SSH v1 implementation is stream, and datagram sockets. Socket The security features in MultiNet pro- based on the version 1.3.7 protocol. The library calls include socket and lookup vide data protection and security over the Secure Shell daemon (SSHD) is the dae- operations, and byte order and Internet network that far exceeds what normal mon program for SSH v1 that listens for address conversion functions. networks offer. This added security is connections from clients. When the important with the ever-increasing num- SSHD daemon starts, it generates a QIO Programming Interface ber of LANs, WANs, and hosts on the server RSA key (normally 768 bits). This network. Network security prevents key is regenerated every hour (the time MultiNet provides a QIO interface for may be changed in the configuration file) application programmers to develop unauthorized use of systems, services, and network information. if it has been used, and is never stored on their own networking programs using disk. A new daemon is created for each the TCP, IP, and UDP protocols. The The SSH2 server and client are compiled incoming connection. The multiple QIO interface includes operations used from unaltered cryptographic source encryption algorithms supported by SSH to open and close connections or ports, which is FIPS 140-2 Level 2 compiliant. v1 are IDEA (the default), DES, 3DES, and to transfer data over a connection or BLOWFISH, and ARCFOUR. port. All high-level languages can use MultiNet offers the following types of this interface. security services: A client program (SSH) is provided with * Secure Shell (SSH) v1 and v2 client MultiNet, but any SSH client that uses Compatibility with TCP/IP and server SSH v1 protocol may be used to access Services for OpenVMS the server. Examples of such programs * Secure Copy Protocol v2 (SCP2) are FISSH and MultiNet SSH on Open- MultiNet is compatible with HP’s TCP/ VMS systems; TTSSH, SecureCRT®, F- IP Services for OpenVMS, allowing * Secure File Transfer Protocol (SFTP) server and client Secure SSH Client, and PuTTY on applications written for products, such as Windows®-based systems; and other DECwindows, PATHWORKS * Outgoing and incoming access SSH programs on UNIX-based systems. (Advanced Server), and DECmcc, to run restrictions transparently on top of MultiNet. The SSH v1 offers the following server sys- interface is the BG device. * Packet filtering tem authentications: rhosts, rhosts-rsa, * Kerberos password authentication rsa challenge-response, and password. INETDRIVER Services * Kerberos v5 Telnet server and client SSH v1 and v2 offer break-in and intru- MultiNet provides the INETDRIVER sion detection, session termination, X11 Services that support the Stanford * IP Security with the Racoon key forwarding, and port forwarding. Research Institute (SRI) QIO interface. exchange daemon Secure Shell (SSH) v2 This provides a one-to-one mapping * SSH Publickey Assistant MultiNet SSH v2 implementation is between the UNIX socket functions and based on the V2 protocol and the the OpenVMS $QIO system services. * CERTENROLL WRQ Reflection for Secure IT 6.1.0.16 * CERTVIEW code base. While SSH v2 is generally RPC Programming Services * FTP over TLS regarded to be more secure than SSH v1, RPC Services is a software development both protocols are offered by MultiNet. tool based on version 4 of Remote Proce- * Intrusion Prevention System (IPS) Although the protocols are incompatible, dure Calls (RPC) developed by Sun Secure Shell (SSH) v1 Client and they may exist simultaneously on a Microsystems, Inc. MultiNet supports Server MultiNet system. The MultiNet server the HP C Socket Library. RPC Services MultiNet SSH (Secure Shell) v1 is a pro- front-end identifies what protocol a cli- include: gram for logging into and executing ent desires to use, and will create an * A shareable runtime library commands on a remote system. It appropriate server for that client. replaces rlogin, rshell, TELNET pro-

5 SOF SOFTWARE PRODUCT DESCRIPTION SOFTWARE PRODUCT DESCRIPTION

The client and server together, using the The final PFX package is encoded with a basic functionality is binary file trans- Diffie-Hellman key-exchange method, HMAC and by default contains one pass- fers. MultiNet supports BINARY and determine a 256-bit random number to word protected safe, which contains all ASCII transfers with SFTP2, and will use as the "session key". This key is used the other objects in an unshrouded for- also transfer VMS file characteristics to encrypt all further communications in mat when the remote system has the capabil- the session. ity. When operating with systems that do Secure Copy Protocol v2 (SCPv2) not support the full range of transfer The multiple encryption algorithms sup- SCP2 is an evolving file transfer proto- mechanisms that MultiNet offers, Multi- ported by SSH v2 are 3DES (the col, and not all implementations will Net uses various methods to improve the default), TWOFISH, BLOWFISH, DES, offer all levels of functionality. The chances that files will be useful upon CAST-128, and ARCFOUR. basic functionality is binary file trans- transfer. fers. MultiNet supports BINARY and SSH v2 includes the following server ASCII transfers with SCP2, and will also FTP over TLS (FTPS) system authentications: host-based, pub- transfer VMS file characteristics when FTPS allows users to establish a secure, lic-key, password, keyboard interactive the remote system has the capability. encrypted connection to the FTP server and Kerberos. When operating with systems that do not for user authentication. File transfers SSH v2 can be integrated with Process support the full range of transfer mecha- can also be secured at the user's option. Software’s VMS Authentication Module nisms that MultiNet offers, MultiNet FTPS offers better performance than to provde LDAP and SecurID authenti- uses various methods to improve the SFTP as only a single process is used for cation for SSH. chances that files will be useful upon encrypting and transferring the data. transfer. FTPS provides more reliable interchange Publickey Assistant of files between dissimilar systems as it The publickey assistant can be used to MultiNet uses the defined extensions in uses the well developed FTP protocol. add, remove, and list SSH v2 public keys the protocol to transfer information that are stored on a remote server. about the OpenVMS file header charac- Advanced Packet Filtering teristics such that when a file is trans- Packet filtering restricts the datagrams a CMPCLIENT ferred between two OpenVMS systems network interface can receive. You can Allows users to enroll certificates by running MultiNet v5.3, the file header filter datagrams by protocol (IP, ICMP, connecting to a CA (certification author- information will also be transferred and UDP, or TCP), source and destination ity) and using the CMPv2 protocol for the file will have the same format on the address, or source destination port (UDP enrolling a certificate. The user may sup- destination system as it had on the source and TCP). In MultiNet V5.3, the packet ply an existing private key when creating system. Also, when a file is transferred to filter definition files are fully IPv4 and the certification request or allow a new a non-OpenVMS system, a method has IPv6 aware. key to be generated. been provided to translate those files that Intrusion Prevention System (IPS) CERTVIEW can be translated into a format that will Components of MultiNet, including Allows users to view and validate certif- be usable on the remote system. Files SSH, ftp, snmp, smtp, telnet, IMAP and icates, and, optionally, to output the that are transferred from non-OpenVMS POP3 have been instrumented to report information from a certificate that is for- systems are stored as stream files on the various failures (“events”) such as matted correctly to use when creating the OpenVMS system, which provides com- invalid login attempts, etc, to a central SSH certificate mapping configuration. patibility for text files from those sys- filter server. tems. CERTTOOL The filter server correlates reported The CERTTOOL utility is used for dif- Secure File Transfer Protocol v2 events via rulesets and may implement a ferent needs concerning X.509 certifi- (SFTP2) packet filter on an interface based on the cates in PKCS#10 and PKCS#12 format. SFTP2 is an FTP-like client that can be results of the event correlation. This can The CERTVIEW tool can be used for used to transfer files over a network. be based on either the source address, certificate viewing and validation. SFTP2 transfers the files through ssh2 essentially blocking all traffic of a partic- connections to ensure that the file trans- For PKCS#10, CERTTOOL creates cer- ular protocol (e.g., IP, UDP, etc) from a port is secure. In order to connect using tificate requests, allowing the user to system; or on the destination address and SFTP2, you need to make sure that sshd2 specify specific keyUsage and extended- port, blocking traffic only to that port. is running on the remote host that you are KeyUsage flags. connecting to. Rules may be implemented such that cer- For PKCS12, CERTTOOL creates a tain source networks or addresses are SFTP2 is an evolving file transfer PKCS#12 package containing any excluded from event correlation, or have protocol, and not all implementations number of private keys and certificates. event correlation applied with different will offer all levels of functionality. The

6 parameters, allowing the same rule to be heterogeneous Kerberos clients and Gateway Routing Daemon applied differently, for example, to inter- servers from different vendors running (GATED) nal versus external network traffic. different operating systems. GATED, based upon GATED Release An API is supplied so that MultiNet The Kerberos server includes a Key Dis- 3.5 from Cornell University, is provided users may incorporate this event report- tribution Center (KDC) and the Kerberos with this version of MultiNet. This ver- ing into their own applications, as well as Administration (KADM) functions also. sion of GATED has support for CIDR implementing the corresponding rulesets and OSPF. GATED provides dynamic Kerberos Administration Server for event correlation for their applica- routing information in order to deter- The Kerberos Administration Server tions in the filter server. mine the best path to use between a provides an administration model so that source and destination host. It is more IP Security (IPSEC) system managers have remote access to efficient than static routing, because the IPSEC is a standards-based technology the Kerberos database and remote users system administrator does not have to that provides a secure tunnel for trans- can change their passwords. update a host’s or gateway’s routing mitting data through an unsecured net- Kerberos User table manually. GATED determines the work, such as the Internet. IPSEC’s Using the Kerberos User (KUSER) best route for a packet to travel by gath- authentication header (RFC 2402) and model, users can obtain and manage Ker- ering and using various standard routing IPSEC Encapsulation Security Payload beros tickets to use with their secured protocol information from OSPF (Open (RFC 2406) are supported in transport applications. Shortest Path First), RIP2 (Routing mode, which secures packets between Information Protocol), route discovery, any compliant hosts. Internet Key Kerberos v5 Telnet Server and and others. Exchange (RFC 2409) allows systems to Client establish and maintain encryption keys MultiNet v5.3 provides strong authenti- Additional Features in a secure environment. cation for client/server applications MultiNet provides the TALK Utility and using secret-key cryptography. After a the TCPDUMP utility. The TALK utility Kerberos Authentication client and server have used Kerberos v5 enables remote users to share terminal MultiNet provides Kerberos v4 authenti- to prove their identity, they can encrypt messages in split windows in real time. cation. Kerberos, an established authen- all of their communications to assure pri- The TCPDUMP utility is a useful mech- tication protocol, relies on a secure vacy and data integrity. It requires Ker- anism for tracking TCP packets by print- server to ensure login security. Kerberos beros for HP OpenVMS (version 2.0), ing information contained in the packet uses data encryption to produce pass- which is available via download on HP’s headers. word “ciphertext” on TCP/IP networks. Website. With Kerberos, hosts prove their identity IPv6 to other systems without transmitting Classless Inter-Domain Router MultiNet 5.3 can operate as an end node “cleartext,” or human-readable pass- (CIDR) in an IPv6 network as well as an IPv4 words. Their systems do not have to rely network. IPv6 services are available to on the network for security. CIDR assures large organizations of con- nectivity to their entire network by both IPv6 and IPv4. DNS Resolver, Kerberos Applications allowing expansion of the available IPv4 SMTP, POP3, IMAP, LPD, stream print- The following MultiNet applications addresses. This can be critical given ing, FTP, Telnet, SSH, NTP, CharGen, allow Kerberos authentication for added today’s complex topologies, high traffic Discard, Echo and Daytime support security: loads, and the explosive growth of the IPv6. IPv6 packets can be transmitted over Ethernet interfaces or tunnelled * RCP command Internet. New scaling problems at an unprecedented rate have occurred, through an IPv4 network. * RLOGIN command and rlogin ser- including exhaustion of Class B network vices addresses, backbone routing overload, * RSH command and rsh service and exhaustion of IPv4 network num- bers. This feature implements CIDR * TELNET-OpenVMS client and RFC 1517, 1518, and 1519. Use of vari- server able-length subnet masks with CIDR To requesting hosts, the Kerberos server solves these problems by allowing for issues tickets that contain keys to lock or supernetting and aggregating address unlock encrypted tickets, which in turn assignments. contain keys to lock or unlock encrypted passwords. The server is available to any

7 FTP

Full File Protection and FTP-OpenVMS provides TCP/IP File FTP-OpenVMS Transfer Protocol networking services Security for OpenVMS computer users that need FTP-OpenVMS uses maximum Open- Features... to transfer files from one computer’s sys- VMS file protection for each user. You * Provides a Client and a Server tem to another. The number of simulta- can limit access for ANONYMOUS neous connections to FTP-OpenVMS is users or CAPTIVE accounts. Network * Handles both UNIX and VMS limited only by the available system managers can log all attempted connec- command interface types in inter- resources. tions to a local host. FTP-OpenVMS active mode, as a single-line com- supports token authentication and full mand, or in command procedures FTP supports RFC 4217 - Securing FTP OpenVMS break-in detection and eva- with TLS, which allows the user to log in sion. * Maintains consistent file protec- over an encrypted connection and for tion and security data to be transferred over an encypted Ease of Use * Supports OpenVMS file types, connection. FTP-OpenVMS provides the same envi- DECnet access, and remote DCL commands Client and Server Support ronment to remote users as if they were logged in locally and supports many fea- * Offers a number of additional fea- FTP-OpenVMS supports a File Transfer tures to make file transfers easy: tures to enhance ease of use in all Protocol client and server. You can trans- modes and functions fer files in both directions between local * Multi-line recall of up to 20 lines and remote systems that implement the * Startup command files * Centralized logging TCP/IP and FTP protocols. The FTP * Records accounting and statistical server no longer lowercases the filena- * Automatic file transfer format deter- information from enabled services mes returned in an NLST command. The mination FTP client now uses SRI encoding for * Record structure transfer support * Supports RFC 4217 - Securing filenames. FTP with TLS. * STRU O VMS and VMS PLUS OpenVMS and UNIX server support Commands * Multi-homed hosts support (if Client- Using the command line interface, you FTP needs to reach a host that has can initiate file transfers using native multiple internet addresses, it tries all OpenVMS commands or equivalent possible addresses) UNIX-style commands interactively or * Centralized logging with command procedures. * Records accounting information from Session Accounting and enabled services Statistics * IPv6 support with the EPRT and MultiNet can record accounting infor- EPSV commands. mation from services that have been enabled. Currently this includes FTP and SMTP. The accounting information includes information about when a net- work session took place and how much data was transferred. The accounting facility is enabled from MULTINET CONFIGURE/SERVER ENABLE ACCOUNTING and reads MULTI- NET:ACCOUNTING.CONF for addi- tional configuration information.

8 TELNET-OpenVMS

Full Password Protection TELNET-OpenVMS provides com- TELNET-OpenVMS plete virtual terminal networking ser- (Kerberos) Features... vices to OpenVMS systems by TELNET-OpenVMS fully supports user- implementing the TELNET and TCP/IP name and password protection by using * Provides a client and a server protocols. TELNET-OpenVMS users the optional Kerberos v4 authentication * Represents a fast, efficient design have immediate access to any remote scheme, provided with the token authen- system (such as UNIX and ) tication security feature. * Permanence of NTY devices that supports TCP/IP and TELNET, TELNET-OpenVMS optionally supports * Supports Kerberos v4 authentication eliminating the need for dedicated termi- Kerberos v5 authentication and encryp- nals and serial ports. tion via the KTELNET_SERVER image. * Provides a familiar interface to UNIX and OpenVMS users Client and Server Support KTELNET_SERVER is configured to run with the TELNET-OpenVMS provides a TEL- * Provides a customizable TN3270 LOADABLE_KTELNET_CONTROL NET client and server. Users on a Multi- mode image invoked from the Master Server. Net system can login to remote systems, KTELNET_SERVER uses FTA devices and users on remote systems can login to Additional Features instead of NTY devices. a MultiNet system via TELNET-Open- TELNET-OpenVMS also offers: VMS. OpenVMS and UNIX Commands * Multi-line recall of up to 20 command Designed for Efficiency You can use native OpenVMS lines Server-TELNET is for high-bandwidth commands or a UNIX-style command * Startup command files applications. MultiNet implements the interface. Server as an OpenVMS device driver, * OpenVMS process spawning operating with minimal CPU overhead. TN3270 Mode * Control character mapping Client-TELNET supports TN3270 Server-TELNET performs processing mode, providing IBM 3270-class termi- * Interactive, online help within a port driver for the TTDRIVER nal emulation for local OpenVMS termi- * Support for multi-homed hosts; if Cli- class driver. This makes the server a nals. Remote IBM hosts must support ent-TELNET needs to reach a host standard OpenVMS terminal device that TELNET Servers. is fully compatible with all TTDRIVER that has multiple internet addresses, it QIOs. Client-TELNET maps the OpenVMS tries all possible addresses keyboard to emulate IBM 3270 key- * Support for X Display Location Permanence of NTY Devices board functions. You can use the default option to set the user’s current X dis- TELNET-OpenVMS provides the option keyboard mappings or customize them. to permanently assign NTY devices, play location on the remote end making NTY setup and operations simi- TN3270 Internationalization * Support for the Remote Flow Control lar to LAT outgoing connections. Client-TELNET supports the conversion option for disabling and enabling of Western European EBCDIC character flow control sets to corresponding OpenVMS charac- ter sets for TN3270 mode.

TELNET Protocol Options TELNET-OpenVMS supports the TEL- NET protocol options BINARY, ECHO, END-OF-RECORD, SUPPRESS-GO- AHEAD, TERMINAL-TYPE, and TRANSMIT-BINARY.

9 NFS Client

NFS-OpenVMS client implements the The client preserves file structures client side of the Network File System across the network, and maintains file NFS Client (NFS) protocol, providing access to file- attributes the NFS protocol does not features... systems on remote NFS servers. Autho- address by using companion data files in rized users on the local Alpha, VAX or FDL (File Description Language) for- * Maintains consistent file protection Integrity system have transparent access mat. Automatic format handling treats and security to remote NFS servers, such as UNIX or existing UNIX files as sequential, vari- * Supports OpenVMS file types using IBM VM machines. able-length, carriage-return-carriage- companion data files to preserve file control files on your OpenVMS system. type information Filesystem Mount Flexibility Filename Mapping * Maps filename characters to pre- Users can obtain access to remote file- Even though OpenVMS uses different serve file naming conventions systems by mounting them. The client conventions for naming files from those between systems provides flexibility so you can mount on an NFS server, special characters are any level of the NFS Server Filesystem not rejected. Instead, the client maps file directory structure onto any level of the name characters between the operating Client Filesystem directory structure, systems. Users in each environment can subject to OpenVMS Record manage- continue to use the naming conventions ment Services (RMS) restrictions. to which they are accustomed, subject to the RMS restrictions on file name length. Complete File Protection The client fully supports system, direc- Flexible Command Interface tory, and file protection. Access confir- You can mount filesystems and display mation to NFS files is through user ID mount information either interactively at mappings. You can add mappings with the DCL or MULTINET level, or by the NFS-CONFIG utility. The client sup- using command procedures. ports Network Lock Manager as well as the standard file locking and sharing pro- The command syntax, shown next, is tocols. convenient and straightforward: NFSMOUNT server::“path” File Format [mount [logical]] The client adheres to NFS file organiza- An example command is: tion and record format specifications so that you can write files back to the server. NFSMOUNT FLOWER::”/usr/ users” NFS1:

10 NFS Server

NFS-OpenVMS server implements the File Format NFS Server server side of the NFS protocol, provid- The server allows clients to read Open- ing access to filesystems on your Open- VMS files in their most commonly used features... VMS host to remote client NFS users. formats, including sequential, variable- * Supports file operations in all forms, The NFS server lets your network share length, and variable with fixed-length including: data among different systems. This min- control (VFC), without having to manu- imizes hardware costs by eliminating ally convert these files. You can use - Create or remove directory data duplication. The server supports OpenVMS disks for information sharing - Create, remove, or rename file NFS over UDP and TCP, and can also as well as file storage. - Get or set attributes export files to MultiNet NFS client sys- - Get filesystem statistics Filename Mapping tems. - Look up file or read directory Even though OpenVMS uses different - Read from or write to file conventions for naming files from those File Operations * Maintains consistent file protection on an NFS client system, special charac- The NFS server supports all normal file and security operations, even those on multi-volume ters are not rejected. The server maps file disks. NFS clients can use the server sys- name characters between the operating * Maps filename characters to pre- tem’s files as if they were local files. The systems. Users in each environment can serve file naming conventions server supports the MOUNT and Port continue to use the naming conventions among systems to which they are accustomed, subject to Mapper protocols and operations. It also * Supports standard protocols for the RMS restrictions on file name length. supports symbolic links and hard links. locking and file sharing across dif- System resources are the only limitations Standard Protocols for File fering systems to the number of simultaneous users. A Sharing multi-threaded architecture provides NFS Server supports these protocols for fast, high-performance service for many file sharing: clients, while keeping processor over- * UNIX Support Protocols: The head to a minimum. server supports the Network Lock Complete File Protection Manager and Status Monitor RPC The server fully supports stem, directory, protocols. These provide advisory and file protection. Access to OpenVMS UNIX System V locking and PC file files is restricted to preapproved clients sharing. This lets you coordinate named in an NFS configuration database access to file and file records using that maps between NFS UID/GIDs and standard methods in a distributed OpenVMS user accounts. The server environment. uses the OpenVMS UIC and user access * PC Support Protocols: The server rights to validate all file access. supports the PCNFSD protocol, pro- To further increase security, the network viding PC users with access to Open- administrator can assign “rights identifi- VMS filesystems and the ability to ers” to NFS users, restrict remote mounts use OpenVMS print queues. to superusers only, and track attempted * Performance Tuning: The server access violations. generates statistics and optionally ODS-5 for NFS Server logs security violations, MOUNT This feature allows for long filenames requests, errors, and other activities to and a mixed-case naming convention. help you tune the performance of the NFS server system. Tuning parame- ters control such things as datagram sizes, cache sizes, and the number of server threads.

11 SMTP SMTP features... SMTP-OpenVMS provides complete Transparent User Interface mail transfer networking services by Users have a transparent interface to the * Provides full SMTP Client and implementing the TCP/IP and Simple SMTP messaging system from within Server Mail Transfer Protocol (SMTP) net- the OpenVMS MAIL utility. All features * Provides IMAP4 Server working standards for OpenVMS sys- of OpenVMS MAIL message processing tems. You can implement mail rejection are available, including: * Provides POP3 Server rules, necessary for blocking mail relay- * Uses standard MX records when ing and adding anti-spamming capabili- * All OpenVMS MAIL commands, using DNS ties to MultiNet. You can also deliver including SET FORWARD files as base64-encoded MIME mes- * Alias names, mailing lists, and special * Supports ARPA-standard formats sages by way of VMSmail. mail headers and addresses, and mail request * Distribution name lists expansion SMTP Client and Server * Automatic notification of incoming * Automatically stores, forward, and Support mail relays mail traffic as needed SMTP provides an SMTP client and * Reading incoming mail using Open- server. Users on a system running SMTP VMS MAIL * Supports performance tuning can send mail messages to and receive * Carbon copy (CC:) recipients parameters mail messages from users on systems * Provides additional functionality, that support SMTP and TCP/IP. Store, Forward, and Relay such as gateway to other mail ser- SMTP-OpenVMS notifies users auto- vices (such as ALL-IN-1) IMAP4 Server matically of incoming or undeliverable The Internet Message Access Protocol mail, defers mail delivery to unavailable * SPAM prevention (IMAP) server lets the mail program of hosts, and can forward mail to a central * Records accounting information your IMAP-compliant client access mail handling machine. You can choose from enabled services (See FTP for remote message storage as if the storage to forward all mail or only mail with details) were local. MultiNet’s implementation is unknown addresses to the central mail based on IMAP version 4, revision 1. handling machine. Mail Exchanger (MX) Records IMAP4 and the ARPA Standard Message SMTP-OpenVMS uses mail exchanger (POP3), described in the next section, Formats (MX) records on systems using DNS. operate differently. IMAP4 retains the SMTP-OpenVMS supports standard MX records specify which hosts can message on the server, while POP3 message formats and addresses used in accept mail for a domain. If the first retrieves the message and stores it offline the ARPA Internet community. attempt to deliver mail fails, SMTP- on the client, thus deleting it from the OpenVMS tries each MX record until it mail server. IMAP4 allows you to access SMTP-OpenVMS user names have the finds a host that can accept the mail. your mail from more than one client format: workstation simultaneously. Performance Tuning SMTP%”address You can set parameters at runtime to cus- POP3 Server [,address[,...]]” tomize and enhance SMTP-OpenVMS The Post Office Protocol version 3 performance. These parameters include: (POP3) multi-threaded server provides a Network mailbox addresses have the * Connection timeout value way for users on remote hosts (such as basic format: * Delivery check and retry intervals PCs) who do not want to maintain their username[@domain] * Maximum message life own message transport systems to retrieve mail from an OpenVMS mail The domain is the name of the destina- Additional Features server’s incoming mailbox. tion host, according to DNS standards. SMTP-OpenVMS also provides the fol- lowing features: * Any user can be the postmaster * SMTP-OpenVMS can function as a gateway between SMTP and DECnet and foreign mail products

12 Standards and RFCs

MultiNet products conform to the following military standards and Internet Requests for Comments.

Military Standard Style Mil-Std 1777 Transmission Control Protocol 1778 File Transfer Protocol 1780 Simple Mail Transfer Protocol 1781 TELNET Protocol and Options 1782

Request for Comments Title RFC No. (STD 6) 768 DARPA Internet Protocol Specification 791 Internet Control Message Protocol 792 Transmission Control Protocol 793 Domain naming convention for Internet user applications 819 Simple Mail Transfer Protocol (STD 10) 821 Standard for the Format of Internet Text Messages (STD 11) 822 An Ethernet Address Resolution Protocol 826 TELNET Protocol Specification (STD 8) 854 TELNET Option Specification (STD 8) 855 TELNET Binary Transmission (STD 27) 856 TELNET Echo Option (STD 28) 857 TELNET Suppress Go Ahead Option (STD 29) 858 (STD 20) 862 (STD 21) 863 Character Generator Protocol (STD 22) 864 Quote of the Day Protocol 865 (STD 25) 867 Time Protocol (STD 26) 868 Domain names plan and schedule (Updated by RFC0897) 881 TELNET End of Record Option 885 Trailer Encapsulations 893 Transmission of IP Datagrams over Ethernet Networks 894 implementation schedule 897 (Updates RFC0881) (Updated by RFC0921) Reverse Address Resolution Protocol 903 BSD EGP 904 Broadcasting Internet Datagrams (STD 5) 919

13 Request for Comments Title (Continued) RFC No. Domain requirements 920 Domain name system implementation schedule - revised 921 (Updates RFC0897) Broadcasting Datagrams in the Presence of Subnets (STD 5) 922 Internet Standard Subnetting Procedure (STD 5) 950 Bootstrap Protocol (BOOTP) 951 DoD Internet host table specification (Obsoletes RFC0810) 952

File Transfer Protocol (STD 9) 959 Mail Routing and the Domain System (STD 14) 974 XDR: External Data Representation Standard 1014 Domain Administrators Guide 1032 Domain Administrators Operations Guide 1033 Domain names - concepts and facilities 1034 (Obsoletes RFC0973, RFC0882, RFC0883) (Obsoleted by RFC1065, RFC2308) (Updated by RFC1101, RFC1183, RFC1348, RFC1876, RFC1982, RFC2065, RFC2181, RFC2308, RFC2535) Domain names - implementation and specification 1035 (Obsoletes RFC0973, RFC0882, RFC0883) (Updated by RFC1101, RFC1183, RFC1348, RFC1876, RFC1982, RFC1995, RFC1996, RFC2065, RFC2181, RFC2136, RFC2137, RFC2308, RFC2535) Standard for IP Datagrams over IEEE 802 Networks 1042 Network Systems HYPERchannel Protocol Specification 1044 Transmission of IP Datagrams over Serial Lines: SLIP 1055 RPC: Remote Procedure Call Protocol, Version 2 1057 TELNET Window Size Option 1073 TELNET Terminal Speed Option 1079 TELNET Terminal-Type Option 1091 NFS: Network File System Protocol Specification 1094 TELNET X Display Location Option 1096 DNS encoding of network names and other types 1101 (Updates RFC1034, RFC1035) U.S. Dep’t of Defense Security Options for Internet Protocol 1108 Host Extensions for IP Multicasting (level 2) (STD 5) 1112 Requirements for Internet hosts - communication layers 1122 Requirements for Internet hosts - application and support 1123 (Updates RFC0822) (Updated by RFC2181) Compressing TCP/IP Headers for Low-Speed Serial Links 1144 Management Information for TCP/IP Internets (STD 17) 1155 A Simple Network Management Protocol (SNMP) (STD 15) 1157 BSD BGP 1163, 1267, 1654 Choosing a name for your computer 1178 Line Printer Daemon Protocol 1179

14 New DNS RR Definitions 1183 Path MTU Discovery 1191 MIB-II 1213 SNMP MUX Protocol and MIB 1227 Tunneling IPX Traffic through IP Networks 1234 BSD Router Discovery 1256 BSD rlogin 1282 Finger User Information Protocol 1288 Network Time Protocol (Version 3) 1305 TCP Extension for High Performance Options 1323 DNS NSAP RRs 1348 Type of Service in the 1349 The TFTP Protocol (Revision 2) (STD 33) 1350 Multiprotocol Interconnect on X.25/ISDN in Packet Mode 1356 TELNET Remote Flow Control Option 1372 Transmission of IP and ARP over FDDI Networks (STD 36) 1390 Using the Domain Name System To Store Arbitrary String Attributes 1464 IP Multicast over Token-Ring Local Area Networks 1469 The US Domain (Obsoletes RFC1386) 1480 Encoding Header Field for Internet Messages 1505 The Kerberos Network Authentication Sevice (V5) 1510 Applicability Statement for the Implementation of Classless Inter-Domain 1517 Routing (CIDR) An Architecture for IP Address Allocation with CIDR 1518 Classless Inter-Domain Routing (CIDR): an Address Assignment and 1519 Aggregation Strategy A Security Problem and Proposed Correction With Widely Deployed DNS 1535 Software Common DNS Implementation Errors and Suggested Fixes 1536 Dynamic Host Configuration Protocol 1541 Classical IP and ARP over ATM 1577 OSPF Version 2 1583 Domain Name System Structure and Delegation 1591 DNS Server MIB Extensions 1611 DNS Resolver MIB Extensions 1612 The Point-to-Point Protocol (PPP) (STD 51) 1661 Assigned Numbers (STD 2) 1700 DNS NSAP Resource Records (Obsoletes RFC1637) 1706 DNS Encoding of Geographical Location 1712 Tools for DNS debugging 1713 DNS Support for Load Balancing 1794 NFS v2 Server and Client 1813 SETKEY Protocol 1827

15 A Means for Expressing Location Information in the Domain Name 1876 System (Updates RFC1034, RFC1035) DNS Extensions to support IP version 6 1886 Common DNS Operational and Configuration Errors 1912 (Obsoletes RFC1537) Address Allocation for Private Internets (Obsoletes RFC1627, RFC1597) 1918 Post Office Protocol—Version 3 (STD 53) 1939 Registration in the MIL Domain 1956 Serial Number Arithmetic (Updates RFC1034, RFC1035) 1982 Incremental Zone Transfer in DNS (Updates RFC1035) 1995 A Mechanism for Prompt Notification of Zone Changes 1996 (DNS NOTIFY) (Updates RFC1035) Operational Criteria for Root Name Servers 2010 A DNS RR for specifying the location of services (DNS SRV) 2052 Internet Message Access Protocol—Version 4 rev 1 2060 Domain Name System Security Extensions 2065 HMAC: Keyed-Hashing for Message Authentication 2104 Dynamic Host Configuration Protocol 2131 DHCP Options and BOOTPD Vendor Extensions 2132 Dynamic Updates in the Domain Name System (DNS UPDATE) 2136 (Updates RFC1035) Secure Domain Name System Dynamic Update (Updates RFC1035) 2137 U.S. Government Internet Domain Names. Federal Networking Council 2146 (Obsoletes RFC1816) Using the Internet DNS to Distribute MIXER Conformant Global Address 2163 Mapping (MCGAM) Resolution of Uniform Resource Identifiers using the Domain Name Sys- 2168 tem Clarifications to the DNS Specification 2181 (Updates RFC1034, RFC1035, RFC1123) (Updated by RFC2535) Selection and Operation of Secondary DNS Servers 2182 Use of DNS Aliases for Network Services 2219 Key Exchange Delegation Record for the DNS 2230 Internet Group Management Protocol, Version 2 2236 Using Domains in LDAP/X.500 Distinguished Names 2247 Negative Caching of DNS Queries (DNS NCACHE) 2308 (Obsoletes RFC1034) (Updates RFC1034, RFC1035) Classless IN-ADDR.ARPA delegation 2317 Domain Names and Company Name Retrieval 2345 A Convention For Using Legal Names as Domain Names 2352 (Obsoletes RFC2240) IP Version 6 Addressing Architecture (Obsoletes RFC1884) 2373 IP Security Protocol 2367, 2411 An IPv6 Aggregatable Global Unicast Address Format 2374 (Obsoletes RFC2073) IPv6 Multicast Address Assignments 2375

16 Naming Plan for Internet Directory-Enabled Applications 2377 Feature negotation mechanism for the File Transfer Protocol 2389 IP Authenication Header 2402 IP Encapsulating Security Payload (ESP) 2406 The Internet IP Security Domain Interpretation for ISAKMP 2407 Internet Security Association and Key Management Protocol (ISAKMP) 2408 The Internet Key Exchange (IKE) 2409 The OAKLEY Key Determination Protocol 2412 FTP Extensions for IPv6 and NATs 2428 Internet Protocol, Version 6 2460 Neighbor Discovery for IP Version 6 2461 IPv6 Stateless Address Autoconfiguration 2462 Internet Control Message Protocol (ICMPv6) for the Internet Protocol 2463 Version 6 (IPv6) Transmission of IPv6 Packets over Ethernet Networks 2464 Building Directories from DNS: Experiences from WWWSeeker 2517 Domain Name System Security Extensions 2535 DSA KEYs and SIGs in the Domain Name System (DNS) 2536 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) 2537 Storing Certificates in the Domain Name System (DNS) 2538 Storage of Diffie-Hellman Keys in the Domain Name System (DNS) 2539 Detached Domain Name System (DNS) Information 2540 DNS Security Operational Considerations 2541 Basic Socket Interface Extensions for IPv6 2553 Internet Printing Protocol/1.0: Model and Semantics 2566 Internet Printing Protocol 2568 Reserved Top Level DNS Names 2606 Extension Mechanisms for DNS (EDNS0) 2671 Non-Terminal DNS Name Redirection 2672 Binary Labels in the Domain Name System 2673 IPv6 Jumbograms 2675 Multicast Listener Discover (MLD) for IPv6 2710 AGENT Extensibility Protocol (AGENTX) 2741 Agent X MIB 2742 A DNS RR for specifying the location of services (DNS SRV) 2782 (Obsoletes RFC2052) Network Services Monitoring MIB 2788 Mail Monitoring MIB 2789 Secret Key Transaction Authenication for DNS (TSIG) 2845 Telnet Authentication Option 2941 Telnet Data Encryption Option 2946 Connection of IPv6 Domains via IPv4 Clouds 3056 Basic Socket Interface Extensions for IPv6 3493

17 IPv6 Global Unicast Address Format 3587 The NewReno Modification to TCP’s Fast Recovery Algorithm 3782 Security Considerations for 6to4 3964 Algorithms for Internet Key Exchange version 1 (IKEv1) 4109 Securing FTP with TLS 4217 The Secure Shell (SSH) Protocol Assigned Numbers 4250 The Secure Shell (SSH) Protocol Architecture 4251 The Secure Shell (SSH) Authentication Protocol 4252 The Secure Shell (SSH) Protocol 4253 The Secure Shell (SSH) Connection Protocol 4254 Generic Message Exchange Authentication for the 4256 (SSH) IP Version 6 Addressing Architecture 4291 IPv6 Node Requirements 4294 The Secure Shell (SSH) Transport Layer Encryption Modes 4344 Improved Arcfour Modes for the Secure Shell (SSH) Transport 4345 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport 4419 Layer Protocol RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol 4432 IPv6 Node Information Queries 4620 The Secure Shell (SSH) Public Key File Format 4716

18 Services, Documentation, and Ordering Information

Technical Services Documentation Hardware and Process Software’s Technical Services Comprehensive documentation for all Program has a well-deserved reputation MultiNet products includes user guides, Software for excellence. Services include consult- installation and configuration informa- Requirements ing, training, software maintenance, sup- tion, management functions and utilities, port, online resources, and 24-hour programming facilities, and network support. In short, everything you need to security. Documentation in HTML and MultiNet requires one or more of the keep your Process Software products and PDF format is included on your product following hardware devices: your network operating at peak effi- CD, and is available in HTML format on * HP Ethernet controller ciency. Process Software’s web site, www.process.com. * HP FDDI controller Consulting You can find Frequently Asked Ques- * HP Token Ring controller (except A comprehensive suite of programs is tions (FAQs) on the Tech Support web DEQRA) available on a host of topics, including page on the Process Software web site * IP-over-x.25 controller MultiNet installation and configuration, (http://www.process.com/techsupport/ MultiNet requires, at a minimum, DNS setup and use, network security, MultiNet.html). troubleshooting, and others. these operating system versions: Ordering Information * VAX/VMS v5.5-2 and later Hot Line Support MultiNet is shipped on CD-ROM and * OpenVMS Alpha v6.2 and later Networking experts are available by tele- TK50. phone, e-mail, or fax. Optional 24-hour * OpenVMS I64 v8.2 and later support is also available. Software Warranty Process Software warrants all products Updates for 90 days from the date of delivery. All maintenance customers with current service contracts receive automatic soft- ware and documentation updates of major releases.

Training A wide range of educational services can be provided at your site, at regional train- ing locations throughout North America, or at our own training facility in Framingham, MA.

19 SOFTWARE PRODUCT DESCRIPTION

About Process Software Process Software Process Software is a premier supplier of communications soft- 959 Concord Street ware solutions to mission critical environments since 1984. With Framingham, Massachusetts 01701-4682 thousands of loyal customers worldwide, including Global 2000 and Fortune 1000 companies, Process Software has earned a Telephone: strong reputation for meeting the stringent reliability and perfor- U.S./Canada (800) 722-7770 mance requirements of enterprise networks. Process Software International (508) 879-6994 products incorporate leading edge technologies and are backed with a dedicated customer support organization. FAX: (508) 879-0042

Web: http://www.process.com

E-mail: [email protected]

The information contained in this document is subject to change without notice. Process Software assumes no responsibility for any errors that may appear in this document.

© Process Software, 2008

The Process Software name and logo are trademarks, and MultiNet, TCP- ware and VMS Authenication Module are registered trademarks of Process Software. The PMDF mark and all PMDF-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries and are used under license. All other company names and product names are trademarks or registered trademarks of their respective holders.

This product includes software developed and copyrighted by the Free Soft- ware Foundation; for details, see the web site http://www.gnu.org/copyleft/ lgpl.html.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

This product includes cryptographic software written by Eric Young ([email protected])

Rev. 5.3 January 2009