Integrate UNIX and Windows 2000 using Windows Services for UNIX 3.0

If you're thinking about using UNIX in your network but you're scared to leave the comfort of your Windows server, you're in luck. Brien Posey shows how Microsoft Windows Services for UNIX 3.0 gives you the best of both worlds.

In the interconnected world that we live in, it’s often necessary to link different types of systems together. It can be a challenge to connect systems that are completely foreign to each other—for example, Windows 2000 and UNIX. In this Daily Drill Down, I’ll explain how to use Microsoft’s Windows Services for UNIX 3.0 to integrate Windows 2000 and UNIX in a way that makes them play nice with each other.

Windows Services for UNIX 3.0
Windows Services for UNIX is a suite of server applications all bundled into a single package. All of the applications and components included in the package are designed to help you to integrate Windows into your existing UNIX environment, or UNIX into your Windows 2000 system.

Windows Services for UNIX has been around for a while, but Microsoft has recently released version 3.0. The biggest difference between 3.0 and the previous version is that Microsoft Interix has been fully integrated. The Interix subsystem allows you to run both Windows and UNIX applications on a single machine.

Basically, Interix provides a true UNIX environment that runs on top of a Windows kernel. This means that UNIX applications and scripts can run alongside Windows applications and scripts. The great thing about this is that if your company previously used UNIX and is migrating to Windows, your existing applications can run on the new Windows servers without needing to be recoded from scratch.

In addition to the Interix environment, Windows Services for UNIX also includes a software development kit (SDK) that supports some 1,900 common UNIX migration tools and APIs. To top things off, Windows Services for UNIX also includes 300 UNIX tools that are designed to function exactly as they would on a true UNIX machine. Some of these tools are the GCC, G++, and G77 compilers, as well as RCS, MAKE, YACC, LEX, C89, CC, NM, GDB, and STRIP. Some other tools included are AWK, GREP, SED, TR, CUT, TAR, and CPIO.

In addition to Interix, the SDK, and all of the UNIX tools, Windows Services for UNIX also includes many other major components. In the following sections, I’ll introduce you to these components.

NFS is the UNIX file system. However, Windows doesn’t natively support the NFS file system. This means that if a Windows client wants to be able to access files and other resources from a UNIX server, the Windows machine will need to be made NFS aware. Windows Services for UNIX provides three different components for accomplishing this task:
  • Client for NFS:The first of the NFS components is the Client for NFS. The NFS client allows Windows 95, 98, Me, NT, 2000, and XP workstations (or servers) to access an NFS share point. There really isn’t a whole lot to the NFS client. It’s similar to the client for NetWare Networks in that it allows a client to authenticate into, and access files from, a foreign file system.
  • Server for NFS:The Server for NFS works in the opposite way to the Client for NFS. The Server for NFS allows a Windows NT 4.0 or a Windows 2000 Server to emulate a UNIX Server. By doing so, UNIX workstations are able to attach to the Windows server in a way that makes the Windows server appear to be a UNIX server. This means that both Windows and UNIX clients can access a share point on a Windows server simultaneously.
  • Gateway for NFS:The Gateway for NFS option offers a great way to make UNIX resources available to Windows users who are unfamiliar with UNIX. It lets a Windows NT or 2000 server act as a UNIX client that is capable of accessing a predetermined set of resources. The Windows server then reshares those resources with the Windows clients.

When you create a share point with Gateway for NFS, Windows users access the share point on the Windows server in the usual manner (using the SMB protocol). Although the files that the Windows workstations access appear to be on the Windows server, they are actually on a UNIX machine. If a Windows workstation requests a file, the Windows server retrieves the file from the UNIX machine and passes it to the Windows workstation.

Although Gateway for NFS is a new feature, it’s very reminiscent of Gateway Services for NetWare (GSNW). What’s nice about this gateway is that it seems that Microsoft has learned from its experience in GSNW and has really beefed up security.

If you’ve ever used GSNW, you know that its biggest weakness is that it relies totally on share-level security. If two shares happen to overlap and a user has different permissions on the two shares, the user could pass through the less restrictive share to gain an unauthorized level of access to the more restrictive share.

Microsoft addressed this problem in the Gateway for NFS component with the creation of client groups. You can create groups similar to Windows 2000 security groups and assign them to UNIX share points. While the entire operation still relies on share-level security, there’s a handy check box you can use to block access to the share’s root level, thus preventing the security problems associated with GSNW.

NIS Server
Another major component of the Windows Services for UNIX is the NIS Server. The NIS Server allows a Windows 2000 domain controller to administer a UNIX network. The Windows domain controller uses Active Directory, while the UNIX network uses the Network Information Service (NIS). The NIS Server component provides the translation between the two environments.

If you’ve used NIS in previous versions of the Windows Services for UNIX, then you’ll be happy to know that Microsoft has made a few enhancements to the NIS Server in version 3.0. The NIS services now support MD5 encryption. Microsoft has also made scalability and performance improvements and has enhanced the logging functionality. In fact, NIS now supports 64,000 users.

The NIS services have also been integrated with another component that’s new to Windows Services for UNIX 3.0, the pluggable authentication module. The pluggable authentication module allows users to maintain a single user name and password across the two operating systems. The module then synchronizes the password, thus ensuring that your corporate password policy is maintained across both operating systems. The best part of the pluggable authentication module is that you can change passwords in Windows or UNIX, and those changes automatically replicate to the other operating system.

Telnet server and Telnet client application
No UNIX interface would be complete without Telnet support. The Windows Services for UNIX includes both a Telnet server and a Telnet client. The server-side component allows Windows 2000 Servers to host Telnet sessions, while the client-side component allows Windows users to access UNIX servers via a Telnet session.

Microsoft has also improved the scalability of the server-side Telnet component and has added IPv6 support. Another change in the Telnet component involves the way that zone checking is done. Now zone checking occurs prior to the issuing of NTLM credentials so that users can’t use the NTLM credentials outside of the authorized zone.

User Name Mapping Server
Another feature that’s new to version 3.0 is the User Name Mapping Server. The User Name Mapping Server supports pooling of redundant name mapping servers. This brings increased performance, scalability, and fault tolerance.

Microsoft has made some other functional modifications to the User Name Mapping Server as well. In previous versions, the maximum number of groups that a user could belong to was hard-coded to match the maximum number of groups supported by the system. The number of groups that a user can belong to is now dynamic. Another improvement is that user names are now truly UNIX compliant in that they can contain non-ASCII characters.

Administrative GUI and command line toolset
Windows Services for UNIX allows administration via the command line or through a GUI interface. If you prefer to take the command prompt approach, you’ll be happy to know that, although the UNIX shell is designed primarily to use UNIX commands, you can actually run Windows applications from the UNIX shell (on the Windows machine). This works because the UNIX shell is built on top of the WIN32 subsystem.

The GUI management interface is based on the Microsoft Management Console (MMC). The Windows Services for UNIX Administration tool, shown in Figure A, allows administrators to manage all of the major components through a single tool.

Figure A
The Windows Services for UNIX Administration tool allows administrators to manage all of the major components through a single tool.

Performance enhancements
One of the problems with previous versions of Windows Services for UNIX is that many performance adjustments required a system reboot. Microsoft has finally realized that this just isn’t acceptable in a performance environment and has made the performance settings more dynamic. For example, when you modify a performance-related registry key in the latest version of Windows Services for UNIX, the program instantly recognizes and applies the change.

The NFS service has also been rewritten for greater performance. Perhaps the most notable difference is that NFS now supports directory caching. So when clients need to browse the directory, they can read the directory contents from the server’s memory rather than from the hard disk. You can even use the Windows Services for UNIX Administration tool to specify how much memory you want to reserve for directory caching. The default setting is 128 KB.

Still another enhancement is the way that Windows Services for UNIX handles case sensitivity. By default, Windows Services for UNIX is configured to preserve case sensitivity. This boosts file performance considerably since no case translation is needed. However, you have the option to translate filenames into upper or lower case, should you wish to. Furthermore, case translation is set individually for the NTFS, FAT, and CDFS file systems. You can see the screen that controls many of the NFS performance enhancements in Figure B.

Figure B
The NFS server component has been rewritten with several performance enhancements.

System requirements
Windows Services for UNIX is designed to operate on Windows NT (Service Pack 6a), Windows 2000 (Service Pack 2 or later), and Windows XP. Windows Services for UNIX runs on both the server and workstation versions of Windows NT and Windows 2000. It’s designed to be compatible with all major versions of UNIX. However, Microsoft only officially supports Solaris 2.7, HP-UX 11, AIX 4.3.3, and Red Hat Linux 7.0. Windows NT Server 4.0 Terminal Server Edition isn’t supported, and neither are Windows 9x, Windows Me, or Windows XP Home Edition.

The Windows machine that Windows Services for UNIX runs on requires 184 MB of free hard disk space, and, according to the Microsoft Web site, 1 MB of RAM, although 16 MB of RAM isn’t even enough to run Windows in most situations. A more realistic recommendation is 256 MB of RAM. I also recommend that your server have at least a 600 MHz processor and at least one NIC that’s configured to use TCP/IP.

Licensing and availability
Windows Services for UNIX is available from any Microsoft distribution channel for about $99 for the full package. Microsoft also offers the software on a try-before-you-buy basis. You can download a 120-day evaluation edition as well. The download file is a hefty 140 MB, so if you don’t have a broadband connection, you might be better off ordering the trial version on a CD. Microsoft supplies trial software CDs for free, although a nominal shipping charge usually applies.

Depending on your individual installation, the software may also require client access licenses. If you install Windows Services for UNIX onto a Windows 2000 or Windows NT Server product, the server will be running in either Per Seat or Per Server licensing mode. If the server is running in Per Seat mode, each device that accesses the server must have a valid client access license. Likewise, if the server is running in Per Server mode, then the maximum number of devices that may access or otherwise use the server is equal to the number of client access licenses that you have.

The good news is that a standard client access license for Windows NT Server 4.0 or for Windows 2000 Server allows the client to also use Windows Services for UNIX. Therefore, as long as a client already has a client access license for the server, an additional license isn’t required.

Windows Services for UNIX also runs on Windows NT Workstation 4.0, Windows 2000 Professional, and Windows XP Professional. These operating systems allow simultaneous access to up to 10 devices. No special licenses are required when running Windows Services for UNIX on a workstation.

Who needs Linux?
Windows Services for UNIX provides a great way to simplify the process of integrating Windows and UNIX environments. You can deploy UNIX without having to learn a completely new operating system or buying new hardware. When you deploy Windows Services for UNIX, you can have the best of both worlds—Windows and UNIX together.

Editor's Picks