Lesson 1: Providing Interoperability Between Windows 2000 and Heterogeneous Networks
Microsoft offers three services that allow Windows 2000 to provide both authentication and resource access capabilities to heterogeneous networks. They are the following:
- AppleTalk Network Integration Services
- Services for NetWare 5.0
- Services for UNIX 2.0
NOTE
Services for NetWare 5.0 and Services for UNIX 2.0 are add-on products that you have to purchase from Microsoft. You can find more information on them by going to http://www.microsoft.com and searching for "Services for NetWare v5.0" and "Services for UNIX 2.0."
The following sections outline the features that each service provides and describes where to use these services in your network security design to allow secure access between the network systems.
After this lesson, you will be able to
- Identify the additional Windows 2000 services that are required to provide secure access between Windows 2000 and heterogeneous clients.
Estimated lesson time: 30 minutes
AppleTalk Network Integration Services
You can use AppleTalk Network Integration Services to allow Macintosh client computers to securely access resources in a Windows 2000 network. The services that provide this functionality are included with Windows 2000 and are named File Services for Macintosh and Print Services for Macintosh.
NOTE
File Services for Macintosh and Print Services for Macintosh were formerly known as Services for Macintosh. File Services for Macintosh allow Macintosh users to authenticate with the network and access file resources by creating Macintosh-accessible volumes. Print Services for Macintosh allow Macintosh users to access print servers in a Windows 2000 network.
Microsoft Services for NetWare 5.0
Microsoft Services for NetWare 5.0 is an add-on product that allows integration of Windows 2000 and Novell NetWare networks through the following utilities:
- Microsoft Directory Synchronization Services (MSDSS). Allows two-way synchronization between Active Directory and Novell Directory Services (NDS). This synchronization allows users to maintain the same password in the two directory services.
NOTE
MSDSS also allows synchronization between Active Directory and Novell Bindery Services available in NetWare 3.x and older. - Microsoft File Migration Utility. Allows the migration of files from NetWare file resources to a Windows 2000 server. The File Migration Utility translates the NetWare trustee rights to NTFS permissions during the migration process.
- File and Print Services for NetWare (FPNW). Enables computers running Windows 2000 to emulate a NetWare 3.x server and provide file and print services to NetWare clients.
Microsoft Services for UNIX 2.0
Microsoft Services for UNIX version 2.0 is an add-on product that allows the integration of Windows 2000 and UNIX clients in a single network. Services for UNIX 2.0 includes the following components.
- NFS software. Includes an NFS client, NFS server, and NFS gateway.The NFS client allows Microsoft clients to connect to UNIX NFS servers. The NFS server allows UNIX NFS clients to connect to a Windows 2000 server for file access using the NFS protocol. The NFS gateway allows a Windows 2000 server to publish UNIX NFS data as a Windows 2000 share so that Microsoft clients can connect to NFS resources without installing NFS client software.
- Telnet services. Includes a Telnet server that allows up to 64 connections and a Telnet client for connecting to Telnet services on a UNIX computer.
- Management tools. Includes the Services for UNIX MMC console for managing various services for UNIX utilities and the ActivePerl script engine. ActivePerl allows UNIX scripts to take advantage of the Windows Management Instrumentation (WMI) and automate routine network administration tasks.
- Network Information Services (NIS). Includes the NIS to Active Directory Migration Wizard and the Server for NIS. The migration wizard allows the import of UNIX NIS source files into Active Directory to provide a single directory service. Server for NIS allows a Windows 2000 domain controller (DC) to act as a primary server for NIS.
- Two-Way Password Synchronization. Provides the ability to synchronize passwords between Active Directory and UNIX systems.
- User Name Mapping. Allows Windows 2000 account names to be mapped to UNIX User Identifiers (UIDs) so that a user connecting to an NFS resource doesn't have to provide alternate credentials for the UNIX system.
Making the Decision
When designing secure integration between a Windows 2000 network and a non-Microsoft operating system, consider the points shown in Table 16.1 when using additional services to provide interoperability.
Table 16.1 Planning Services for Heterogeneous Connectivity
| Use | In These Circumstances |
|---|---|
| File Services for Macintosh | To allow Macintosh clients to access file resources stored on a Windows 2000 Server To securely authenticate Macintosh users accessing the network |
| Print Services for Macintosh | To allow Macintosh users to print to Windows 2000 hosted print servers |
| Microsoft Directory Synchronization Services | To securely synchronize password information between Active Directory and a NetWare NDS or NetWare Bindery directory |
| File and Print Services for NetWare | To allow NetWare clients to authenticate with a Windows 2000 Server and access resources on the Windows 2000 Server using native NetWare utilities |
| NIS Services | To allow UNIX clients to authenticate with Active Directory when accessing NFS resources To import existing UNIX NIS source files into Active Directory |
| NFS Services | To allow UNIX clients to access Windows 2000 resources using native NFS clients To allow Windows 2000 clients to access NFS resources on a UNIX NFS server directly using the NFS client or indirectly using the NFS gateway |
| Two-Way Password Synchronization | To synchronize user passwords between the UNIX and Windows 2000 environments |
| User Name Mapping | To allow Windows 2000 users to connect to UNIX NFS resources using their Windows 2000 credentials |
Applying the Decision
The Blue Yonder Airlines network requires services to integrate Macintosh, NetWare, and UNIX users into their network while maintaining security.
For Macintosh users, Blue Yonder must use File Services for Macintosh to ensure that Macintosh users have access to the data stored on the BYDATA server by authenticating with the Windows 2000 network.
The NetWare resources at Consolidated Messenger should eventually be migrated to Windows 2000. You can use MSDSS during the premigration stage to ensure that user account passwords between NDS and Active Directory are synchronized. You must install FPNW on the BYDATA server so that NetWare clients at Consolidated Messenger can connect to resources using native NetWare clients.
Deploy the NFS components from Services for UNIX 2.0 to ensure interoper-ability for the UNIX installations. The NFS client allows Windows 2000 users to access scheduling and status reports on the UNIX NFS server. The NFS Server allows UNIX clients to connect to the BYDATA server using UNIX NFS clients. To ensure interoperability, deploy Two-Way Password Synchronization to maintain the same password on both systems and User Name Mapping to allow UNIX UIDs to be associated with Windows 2000 user accounts for providing authorization to data stored on the BYDATA server.
Lesson Summary
A number of services allow Windows 2000 networks to interoperate with heterogeneous networks in a secure manner. By deploying AppleTalk Network Integration Services, Microsoft Services for Netware, or Microsoft Services for UNIX, you ensure that authentication and resource access by heterogeneous clients use the same security model as Windows 2000 clients.
EAN: 2147483647
Pages: 172