Sun Microsystems, Inc.
soldc.sun.com My Sun | Regional Sites | Site Index | How To Buy 
spacer
Home arrow Sun Developer Connection arrow Solaris Developer Connection
  

SOLARIS DEVELOPER CONNECTION - Technical Articles

Plugging Windows NT into a Sun network

Learn the protocols and services required to successfully integrate Windows NT Workstation into a Solaris[tm] operating environment

By Shari L. Jones

Abstract

Integration of Windows NT Workstations into predominantly Sun Solaris[tm] networks is becoming more prevalent as network administrators strive to meet the needs of corporate users. Consultant and journalist Shari Jones examines this trend and provides insight for Unix® administrators seeking to integrate Windows NT Workstations while maintaining Unix-style security and minimizing disruption to network maintenance. (2,750 words)

Windows NT and Solaris integration is on the rise, and the process presents a challenge for system administrators. Though integrating the two environments is by no means impossible, it demands careful planning to ensure success.

As Unix administrators, you must be knowledgeable about the protocols and services required to meet your users' needs. In addition, you need to be able to configure Windows NT Workstation for TCP/IP, DHCP, and NFS services, as well as maintain a high level of security for fundamental system services.

This article focuses on the requirements for successfully integrating Windows NT Workstation into a Solaris[tm] operating environment. While some configuration differences exist between Windows NT Workstation and Windows 95, because both operating systems follow the same Windows network protocol the configuration of a Windows 95 client should be largely the same. Configuring Windows NT Server is beyond the scope of this article.

Why integrate?

Regardless of your support for or rejection of Windows NT, the operating system has made its mark in the desktop market, and its ease of implementation and user-friendly interface contribute to its success. Meanwhile, Unix maintains its solid foundation in reliability, scalability, and security. Each operating system offers its own unique benefits and flexibility within a network; each caters to users with a separate set of computing needs.

Developers in a Solaris environment who require a Windows-based operating system for cross-platform application development can use Windows NT Workstation, for example. They now have the stability of Windows NT and Unix, as well as the ability to utilize Unix's reliability and security. Integrating Workstations into a predominantly Unix environment enables end users to run the latest NT applications and still access files residing on the backend Unix system.

For more details on writing C++ applications for both Solaris and Windows NT, refer to Dave Herdman's "No mirrors and magic here -- You can write common code for Unix and NT" (SunWorld, April 1997). For more information on developing Java applications for Solaris and Windows NT, refer to Steven Gould's "How to avoid potential pitfalls in your Java[tm] application development" (SunWorld, November 1998).

Back to Top

Determining the configuration

Before you begin the integration process, you need to determine the configuration you'll use to integrate Workstations into your network. The configuration you choose depends on the applications your users require and which server is most suited for serving up these applications. For example, some users, particularly at the management level, require the core NT services provided by a Windows NT Server (such as NT file and print services), and don't necessarily need to access a Solaris system directly. More technical users (developers that need the power and reliability of Unix during development), however, may need to directly access the Solaris system to share source code.

To meet the needs of these two sets of users, two primary configurations exist for designing an enterprise network that integrates Windows NT Workstations into a Sun Solaris environment:

  • Two-tier configuration: Windows NT Workstation connected directly to the Solaris network
  • Three-tier configuration: Windows NT Workstation connected to a Windows NT Server machine, which is then connected to the Solaris network

Two-tier configuration: Windows NT Workstation-to-Solaris

Some users using Workstation may need to access files residing on the Solaris network. Technical users such as developers, for example, may need the power and reliability of Unix during development for source code control and file sharing. You can connect them directly to the Unix system via a Transport Control Protocol/Internet Protocol (TCP/IP) connection.

Other users, while requiring direct access to the Solaris network, still may want the ability to run Windows NT file, print, directory, and security services. For this, you would traditionally need Windows NT Server, but Sun's recently announced Project Cascade provides an alternative. Performing like Windows NT Server, Cascade offers the same file, print, directory, and security services as NT, but is more scalable. A Solaris server running Cascade supports 1-64 CPUs versus Windows NT Server's support for 1-8 CPUs. Because it resides on a Sun server, Cascade profits from Unix's reliability and proven security while providing Unix administrators with more flexibility for future network growth.

Cascade allows Sun Enterprise[tm] servers and the Solaris operating system to run in a Windows NT domain. It can either coexist with or replace Windows NT Servers. Using Cascade, Windows NT clients send requests for a Windows NT service, such as printing or security services, to a Sun server using the Microsoft protocol. A Sun server running Cascade understands and interprets the NT service requested and responds to the client's request. Cascade is transparent to both users and NT system administrators.

Solaris's scalability, complemented by Cascade, allows administrators to consolidate multiple Windows NT services onto fewer Sun servers than if they were providing the same services through Windows NT Servers.

Three-tier configuration: Windows NT Workstation-to-Windows NT Server-to-Solaris network

File and print sharing, and other NT services provided by Windows NT Server, often are required for less technical users more familiar with GUIs (graphical user interfaces) than with Unix commands.

When using Windows NT Server to integrate Windows NT Workstations into a Solaris network, the main services are provided by the Windows NT Server and the client application runs on the Workstation. The Workstation is connected via TCP/IP (described in more detail later) to a Windows NT Server connected to the Solaris network.

More technical users, those who use the Windows NT interface for fundamental system services like printing and file sharing, can still access information stored on the backend Unix system. For example, a developer who uses a Workstation running Visual Basic may use the Windows NT Server to access an Oracle[r] database running on Solaris and use a Solaris server running Cascade for NT file, print, directory, and security services. This three-tier approach offers developers all the system functionality needed to efficiently perform their jobs.

Back to Top

Defining protocols and services

To connect a Workstation with a Solaris network, you must be well acquainted with protocols and services that allow for easy integration and management of the network. Transport Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration Protocol (DHCP), and Network File System (NFS) are of particular importance.

To configure a Workstation into a Sun Solaris network you must do the following:

  1. Establish a TCP/IP connection
  2. Configure Dynamic Host Configuration Protocol
  3. Set up Network File System services

Establishing a TCP/IP connection
TCP/IP allows Unix and Windows operating systems to interact at the transport level, so the network administrator must be familiar with TCP/IP and how to establish the connection between the two operating systems. TCP/IP enables the client and the server to communicate at the upper levels ( such as the application level) of the open system interconnection (OSI) model. As the common transport protocol for Unix and Windows, the Workstation must be configured for TCP/IP to communicate with the Unix system, whether through a Windows NT Server or directly with the Unix system.

Adding TCP/IP to a Windows NT Workstation
Configure Windows NT Workstation for TCP/IP as follows:

  1. Double-click the Network icon in the Windows control panel to display the Network window.
  2. On the Protocols tab, which lists the protocols recognized by Windows NT Workstation, click the Add button to display the Select Network Protocol window.
  3. Select TCP/IP Protocol, then click OK to close the Select Network Protocol window.
  4. Click OK to close the Network window.
  5. Restart Windows when prompted to establish the TCP/IP connection between the Workstation and the Unix system, which already is running TCP/IP.

Using Dynamic Host Configuration Protocol
To make the process of assigning IP addresses most efficient, you need to know how to configure Dynamic Host Configuration Protocol (DHCP). The DHCP server dynamically assigns IP addresses to clients that communicate via TCP/IP.

Configuring a DHCP server on Windows NT Server
To configure Windows NT Server to provide DHCP service, define the IP scope and configure leases. The DHCP server is configured using the Windows DHCP Manager, which you access through the Administrative Tools option from the Windows Start menu. Follow the remaining steps to continue the configuration process:

  1. Select the DHCP Manager option to open the DHCP Manager window, which lists the DHCP servers available through that network.
  2. Select the DHCP server.
  3. From the Scope menu, click Create to display the Create Scope window.
  4. In the Start Address and End Address boxes, define the range of IP addresses for DHCP clients.

    Next, you must set the time frame in which the client can use an IP address. The Lease Duration area of the Create Scope window includes two options: Unlimited, which is used if the access time has no limitations; or Limited To, which allows administrators to define the number of days, hours, and minutes in which the DHCP client can use the IP address

    .
  5. Select the appropriate option to configure the lease duration.
  6. Click OK to define the IP scope and configure the lease duration for DHCP.

Configuring a DHCP client on Windows NT Workstation

Follow these steps to configure Windows NT Workstation as a DHCP client from the Windows control panel:

  1. Double-click the Network icon to display the Network window.
  2. On the Protocols tab, select the TCP/IP Protocol option, then click the Properties button to display the Microsoft TCP/IP Properties window.
  3. Select the Obtain an IP Address from a DHCP Server option. A dialog box displays, asking if you want to enable DHCP on the workstation
  4. Click Yes to close the window.
  5. In the Microsoft TCP/IP Properties window, click OK to close the window.
  6. Restart Windows when prompted; this enables DHCP.

After restarting Windows, the DHCP client will obtain an IP address for this workstation from the DHCP server.

Setting up Network File System services
To allow users working from a Workstation access to files residing on the Solaris network, the NT machine that communicates with the Unix system must have Network File System (NFS) services loaded. A third-party vendor typically provides NFS. The end user must have a user ID and password established on the Unix system prior to configuring the Windows NT Server for NFS.

The network configuration determines where the NFS client services are loaded, either on the Windows NT Server or on the Workstation. You should load the NFS service on the Windows NT Server if using the three-tier configuration, and then configure the NT server for NFS. Share-level access should be granted for the Workstation. If using the two-tier configuration, load the NFS client service directly onto the Workstation.

To set up the NFS client on Windows NT Server:

  1. Select the Network option from the Windows control panel to display the Network window.
  2. Select the Services tab.
  3. The software already may be installed on the Windows NT Server, it may be available on the network, or you may need to install it. If the software is available on the network but not yet installed on the server, click the Have Disk button and locate the software. Or type the path for the network resource.
  4. If the software doesn't exist on the network, click the Have Disk button and insert the disk for local installation.
  5. After the NFS software is installed, select it from the list in the Network Services option on the Network window, and click OK.
  6. Restart the workstation when prompted.

Back to Top

Securing the network

When you integrate a Windows NT Workstation into a Solaris environment one of your primary concerns should be security. As the system administrator, you must take precautions to ensure a consistent level of security throughout the network.

The recent invasion of the "Remote Explorer" virus at MCI Worldcom demonstrates the vulnerability of Windows NT to such attacks. The Remote Explorer virus attacks only Windows NT machines with Intel chips running in administrator mode. Unix's security left the Unix systems untouched by the Remote Explorer virus.

For robust security, a firewall should control the flow of communication passing through it by accepting, rejecting, authenticating, and encrypting. The role of the firewall also is to obtain, store, and retrieve information.

End users can directly access the Unix system or go through a Windows NT Server to pass beyond the organization's firewall and access information on the Internet, which leaves the network susceptible to viruses. While no technology is 100 percent secure, the high security of Unix makes it a popular choice for firewall technology, as well as for monitoring the activity of a firewall and information flowing through it. Unix allows you to easily control ports, designate a specific number of scans, and determine the level of detail you require to monitor firewall activity. Unix, unlike Windows NT, doesn't require administrators to download service packs to upgrade the operating system. Unix also has proven to be a stable operating system, meaning the network experiences minimal downtime and the firewall secures the network consistently. However, as a Unix administrator, you must be very familiar with the interworkings of Unix to implement certain firewalls, because specific command-line instructions may be required to perform configuration tasks.

Two main types of firewalls provide optimal security: stateful firewalls and packet filtering firewalls.

Stateful firewalls
Stateful firewalls provide inspections by keeping a dynamic state table. Stateful firewalls inspect packets at the lowest OSI level to determine their validity and whether or not to process packets to the next level of the OSI model. Stateful firewalls provide full application-level security and provide access to raw data via a state table. They also are dynamic, extensible, and scalable.

Packet filtering firewalls
Packet filtering firewalls inspect the first three layers of the OSI model only, and provide no security above the network level. Packet filtering firewalls also provide no stateful inspection. Therefore, stateful firewalls provide the highest level of security.

Final words

Successfully integrating Windows NT Workstations into a predominantly Sun Solaris network isn't really that difficult; it simply requires that you carefully plan the process and execute the steps.

You must be knowledgeable about the protocols and services required for meeting the needs of your users, and have a solid understanding of configuring Windows NT Workstation for TCP/IP, DHCP, and NFS services. In addition, by taking advantage of the benefits of Unix's reliability, security, and scalability you will be able to maintain a high level of security for fundamental system services, as well as minimize the disruption to network maintenance.

Acknowledgements: Thanks to Darrye Skinner, Steven Gould, and Nancy Ussery for contributing to this article.

RESOURCES

About the author

Shari Jones is a consultant for Deloitte Consulting Group/DRT Systems Intl. L.P., focusing primarily on online technical documentation. She is a technical writer and freelance journalist with more than nine years experience writing technical articles and documentation covering all areas of the high-tech industry.

Reprinted with permission from the March 1999 edition of SunWorld magazine, http://www.sunworld.com/. Copyright Web Publishing Inc., an IDG Communications company. Register for editorial e-mail alerts at: http://www.itworld.com/cgi-bin/w3-msql/newsletters/subcontent12.html?.

Back to Top


  

Solaris Developer Connection | Support Options | Technical Articles | Tech Notes | Tools & Software
Training & Tutorials | Driver Development | Discussion Forums | System Administration | Contact Us | Chats | Book Reviews | Audiocasts

       
Copyright 1994-2001 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. All rights reserved.
Terms of Use. Privacy Policy. Feedback