SolutionBase: Integrate UNIX and Windows environments with Services For UNIX 3.5

Learn how to make UNIX and Windows play nice together with this free utility from Microsoft.

Look no further than Star Trek if you want to see my vision of the perfect IT world. Need to connect to an alien computer you've never seen before and download all of the data on the system? No problem! Just punch a few buttons on your console and several terabytes zip through subspace into your computer, where it's always mysteriously readable in your own language. When you've finished saving the Enterprise from near disaster, you can spend a few hours relaxing on the Holodeck, wondering why all these alien races have never heard of security or encryption.

All right—so those days are probably a long way off. In today's less-than-perfect world, system integration is a lot more difficult. Interoperability often means tying systems running UNIX or Linux into the same network as those running Windows servers and clients, and enabling those systems to exchange data. Although accomplishing that interoperability takes more than just punching a few buttons, you can make it almost seamless to your users thanks to Services For UNIX. In this Daily Drill Down, I'll explore the latest release of Microsoft's UNIX integration suite.

Who needs it?
Services For UNIX 3.5 builds on the major revisions Microsoft implemented in version 3.0. The performance improvements alone are worth the upgrade. The many usability changes considerably simplify and improve the user's experience, and the integration with Windows Server 2003-specific features will be an important addition if you're planning a move to Windows Server 2003 or have already made that move.

At about $99, the previous edition of Services For UNIX was certainly not expensive. Coupling that with the fact that a standard Windows Client Access License (CAL) legally allows client access to the tool makes Services For UNIX a very attractive interoperability option from a cost standpoint.

With the latest release, Services For UNIX 3.5, Microsoft has eliminated the cost altogether. You still need to consider server licensing for Windows Server 2003 itself, but in most scenarios your clients will need Windows Server CALs anyway for file access, print sharing, and other general server resources. Therefore, in most situations there is no cost associated with adding Services For UNIX 3.5 to your servers.

You can obtain Services For Unix 3.5 directly from Microsoft's Windows Services For UNIX Web site. The only thing you need to download the program is a Passport account. The file, SFU35SEL_ENU.EXE, is over 200 MB in size, so make sure you have a high-speed connection before downloading it. Alternatively, you can order a copy of Services For UNIX on CD, but you'll have to pay for shipping.

What's in Services For Unix 3.5?
Services For UNIX 3.5 comprises a handful of core services targeted at enabling cross-platform communication between UNIX and Windows environments. Services For UNIX's component applications enable you to integrate UNIX servers in your Windows environments and vice versa.

One of the biggest changes in Services For UNIX came with the previous version, 3.0, which fully integrated the Interix subsystem. Interix provides a native UNIX environment that runs on top of the Windows kernel, enabling UNIX scripts and applications to run on Windows Servers where Services For UNIX is installed. (Interix also runs on top of Windows XP and Windows 2000.) Interix, therefore, makes for easy migration of UNIX applications to Windows platforms.

In addition, Services For UNIX includes a software development kit that supports over 2,000 UNIX APIs and migration tools such as make, rcs, yakk, and others, as well as the gcc, g++, and g77 compilers. Windows Services For UNIX 3.5 also includes over 300 UNIX tools that function under Windows Server just as they would under UNIX, further supporting easy migration and giving experienced UNIX administrators a familiar world in which to work. Interix includes the Korn and C shell environments, as well as Perl 5.6.1 to provide a common and familiar scripting environment for administrators.

Another important change in Services For UNIX 3.5 is support for a single rooted file system for both shells, eliminating the need for administrators to modify scripts to incorporate drive letter syntax. For example, a 3.0 script might point to C:/Windows/system32/drivers/etc/hosts, while the 3.5 script can point to the more familiar UNIX equivalent of /etc/hosts. With the single rooted file system, the colon character reverts to its normal UNIX meaning as a field separator. In addition, shell configuration files, such as .profile and .kshrc or .login and .cshrc, retain their UNIX names under Interix and enable users to maintain a single configuration across multiple environments.

The Interix subsystem sees several other improvements in Services For UNIX 3.5, beginning with the inclusion of a full set of pthread APIs to support POSIX-compliant threads for multi-threaded applications. The Interix SDK adds almost 100 new APIs to support pthreads and semaphores. Also in version 3.5 is support for multibyte characters in many utilities and in the SDK. Services For UNIX 3.5 supports additional locales, creation of user-defined locales, and double-byte character strings. Overall, the tool has been streamlined to provide substantial performance improvements in a range of areas including combined fork and exec performance, pipe bandwidth, file I/O, and fstat latency. For example, Microsoft claims over 100-percent improvement in file I/O, bringing performance to within 10 percent of the Win32 subsystem's performance.

In addition to its Interix components, Services For UNIX 3.5 also includes some key services that address specific integration needs. The first of these is NFS.

Services For UNIX 3.5 includes three components to support interoperability with UNIX file systems. These NFS components enable Windows clients to access file systems on UNIX hosts, and UNIX hosts to access files on Windows systems. These three components include the following:
  • Client For NFS: This component enables Windows clients and servers to access an NFS share point.
  • Server For NFS: This component enables Windows Server to share its file system for NFS clients, making that file system available to UNIX hosts. Windows clients can continue to access the server's file system as well, enabling simultaneous access by both Windows and UNIX clients to the same file system.
  • Gateway For NFS: This component enables Windows Server to serve as a gateway for Windows clients to access NFS share points on UNIX hosts. After configuring the resources available to the server, the server then makes those remote UNIX resources available as if they were hosted locally on the server. Windows clients can then access those resources using standard Windows file sharing (SMB), eliminating the need for an NFS client on the Windows workstations.

There are several improvements in the Client For NFS component of Services For UNIX 3.5. For example, version 3.5 now supports setuid, setgid, and sticky bits, as well as the capability to create symbolic links. Version 3.5 also supports the mount and file system traversal syntax supported by both UNIX and Linux, further improving usability. Client For NFS also now provides directory caching at the client to improve perceived performance, support for case sensitivity to improve performance in UNIX share access, and updated international character set support.

Server For NFS also sees several improvements in Services For UNIX 3.5, the first of which is an overall performance boost. In addition, Server For NFS is now cluster-aware, supporting active-active NFS sharing and the capability to upgrade non-clustered shares to clustered NFS share resources. Server For NFS has also been updated to support Windows Server 2003 features such as volume shadow copy, which creates hidden backup copies of files that can be recovered to enable document reversion. Server For NFS is also integrated with the Windows Server 2003 Active Directory. Version 3.5 can now authenticate users against the Active Directory, eliminating the need to install the NFS Authentication component on all domain controllers.

Another change that comes in handy, particularly when fine-tuning settings, is that Server For NFS recognizes most changes to performance settings dynamically, eliminating the need to reboot the server to apply the changes. As with the Client For NFS, Server For NFS supports setuid, setgid, and sticky bits. It also incorporates improvements in translation of permissions between Windows and UNIX and expanded internationalization through support of additional character sets for file name translation.

Gateway For NFS also incorporates many of the same improvements, including support for Japanese, Korean, and Chinese character sets; clustering improvements; improved command-line and GUI tools; and usability improvements.

Server For NIS
Server For NIS is another of the core components in Services For UNIX 3.5. Server For NIS provides translation between the Active Directory in the Windows environment and its UNIX counterpart, the Network Information Service (NIS). In effect, Server For NIS enables a Windows 2000 Server or Windows Server 2003 computer to function as a master NIS server for administering a UNIX NIS domain via the NIS 2.0 protocol. Server For NIS supports UNIX-based subordinate NIS servers and UNIX-based NIS clients.

Server For NIS integrates UNIX users, groups, and hosts into Windows-based equivalents in the Active Directory. You can use Active Directory tools such as the Active Directory Users And Computers console to manage these UNIX objects. The NIS Migration Wizard simplifies migration of UNIX NIS domains to Active Directory domains. Services For UNIX 3.5 also provides password synchronization between the two environments, enabling a user to change his password either in Windows or UNIX and have that change automatically replicated to the other environment, considerably simplifying password management. Administrators can specify which users' passwords should be synchronized and which should not. Server For NIS and password synchronization in Services For UNIX 3.5 support MD5 encryption of passwords for enhanced security. Performance has also been improved.

User Name Mapping Server
Another key component of Services For UNIX 3.5 is the User Name Mapping Server, which provides bidirectional one-to-one and unidirectional many-to-one mapping between UNIX UIDs/GIDs and Active Directory users and groups. (Many-to-one mapping is limited from UNIX-to-Windows, enabling multiple UNIX identities to map to a single Windows identity, but not vice versa.) The NFS components in Services For UNIX rely on the User Name Mapping Server to equate Windows Security IDs (SIDs) with UNIX UID/GID pairs. The Client For NFS and Gateway For NFS rely on the User Name Mapping Server to determine access by Windows users to NFS resources, and the Server For NFS relies on User Name Mapping Server to control access by UNIX clients to NFS resources hosted by the Windows server.

User Name Mapping Server incorporates several key features that give it flexibility. For example, the User Name Mapping Server can retrieve user names from an NIS domain or PCNFS passwd and group files, and on the Windows side from Windows domain controllers. By default, User Name Mapping Server maps Windows and UNIX users with the same names, but administrators can create advanced mappings to map non-identical names or map multiple Windows users to a single UNIX user. The service can also map groups between Windows and UNIX, mapping SIDs to GIDs and vice versa. Finally, the service supports the capability to squash a Windows or UNIX user's identify, effectively causing the user to be treated as an anonymous user.

As in version 3.0, the latest version supports pooling of redundant User Name Mapping servers, which provides failover capability for improved availability. The service is also more scalable and cluster-enabled. As in version 3.0, the latest version does not statically limit the number of groups to which a use can belong.

Telnet server and client
Services For UNIX 3.5 includes a Windows-based Telnet server as well as an Interix-based Telnet server. Both servers provide essentially the same capabilities, but the former is targeted at administrators familiar with the Windows environment and the latter is targeted at administrators who prefer a Telnet server that functions and is managed like a standard UNIX Telnet daemon. The Windows Telnet server and client both support the VTNT terminal type to enable all Windows command console functions, in addition to ANSI, VT100, and VT52 support. The Telnet server also supports dumb terminal for handhelds. It supports NTLM authentication as well as plain-text logon, and offers both console mode and stream mode support. In addition, both the client and server support the IPv6 protocol.

System requirements and licensing
Services For UNIX 3.5 runs on Windows Server 2003, Windows XP with Service Pack 1 or later, Windows 2000 with Service Pack 3 or later, and Windows 2000 Professional with Service Pack 3 or later. Unlike previous versions, this latest version does not support Windows NT Workstation or Windows NT Server.

The computer on which Services For UNIX 3.5 is running requires a minimum of 16 MB of RAM above the minimum requirements for the operating system, but a practical minimum is 256 MB. The computer needs a minimum of 20 MB of disk space for a minimal installation, and 360 MB for a complete installation. You'll need a CD-ROM drive unless you install from a downloaded copy. Services For UNIX also requires Internet Explorer 5.0 or later.

There are a handful of other requirements depending on the file system and services you're installing. Services For UNIX 3.5 no longer supports the FAT file system, so you must install it on NTFS. If you upgrade a previous version on a system containing a FAT file system, the file system must be converted to NTFS prior to the upgrade. If you will be using NFS, know that Client For NFS and Gateway For NFS cannot be installed on the same computer. In addition, Server For NIS must be installed on an Active Directory domain controller.

As I mentioned at the beginning of this article, Services For UNIX 3.5 is now free. However, you still need to consider the requirements for Windows Server Client Access Licenses (CALs) for the clients that will be accessing the server(s) running Services For UNIX. You don’t need any special CALs for Services For UNIX; a standard Windows Server CAL makes you legal. Determine the necessary number of CALs based on the per-seat or per-device licensing mode of the server, the number of CALs already assigned, and the number of new concurrent connections to be supported through Services For UNIX.

Administration tools
When you install Services For UNIX 3.5, Setup adds an administration console called Services For UNIX Administration. This Microsoft Management Console, shown in Figure A, provides a single point of administration for all of the Services For UNIX components installed on the computer. For example, you can configure a variety of settings for Server For NFS, configure file permission and performance settings for Client For NFS, manage the Telnet server, configure user name mapping, and configure other settings.

Figure A
You can manage Services For UNIX 3.5 from an MMC.

In addition to the console, Setup also adds the C shell and Korn shell to the system. Starting either of these from the Start menu opens a console window with the specified shell as the interface. You can execute a broad range of UNIX commands and utilities from these shells and can also launch Windows processes. You can open multiple consoles as needed.