Grab a free Comcat catalogue today, covering RAS, FAX, CTI and KVM.  Catalogues that educate and help you evaluate.


Special reports - Mar 2000 - Integrating UNIX & NT
Eric Doyle looks at integrating UNIX and NT

Unix has always been a dirty word in Redmond. Microsoft's spurned love affair with Unix through its Xenix product gave way to the NT days when the company tried to pretend Unix didn't exist. It took several iterations of Windows before Microsoft officially acknowledged Unix's presence with the release of Services for Unix. Even then, this add-on pack for NT 4.x appeared to be as a means for accessing an outmoded legacy system rather than as a peer-to-peer connectivity tool.

Don’t ignore Unix

A spin-off from Windows support for the Internet does mean that there is native Unix support with the incorporation of TCP/IP and File Transfer Protocol (FTP) in Windows clients and server support through NT's Internet Information Server (IIS). But this is baseline connectivity and very tedious. Customers' needs and the irresistible pull of the Internet mean that Microsoft can't ignore Unix but the company's apparent reluctance to fully support it within Windows has left the field open for third party solutions. Attachmate, Netmanage, WRQ and Wall Data have all been making healthy profits from TCP/IP suites for Unix integration, but the philosophy behind Windows is ease of use. If Microsoft really is the customer-driven organisation it professes to be, its operating system should slot neatly into existing corporate IT infrastructures with the minimum of fuss. The maturity and wide acceptance of Unix has made it Microsoft's primary target and the rise of Linux has proved that there is still plenty of life in that market.

Closing the features gap

In the corporate business systems field, Unix has been the workhorse that makes Windows look like a Shetland pony in comparison. Over the last decade Microsoft's mission has been to expand the feature list and capabilities of NT to match and, hopefully, surpass those within Unix. With the launch of Windows 2000, Microsoft feels it has closed the features gap – in terms of 32-bit Unix at least – but more than this it sees the addition of Active Directory as the killer feature that will tip the balance to make the enterprise network Windows-centric.

The aim of supplanting Unix has matured from confrontation to infiltration and one of the levers will be Windows Services for Unix 2.0 (SFU2) which is slated to appear in mid-May in the US – two or three weeks later for the European market. In its original form SFU was a gateway for interfacing the dissimilar worlds of Unix and Windows but SFU2 uses Windows 2000's latest features as tools to annex Unix as a satellite of Windows. SFU1 offers the basic tools to support the Unix/Windows interface: file sharing, terminal access through Telnet, unified password management, and a limited Korn Shell to allow automated administration scripts for the Unix network to be executed from Windows. SFU2 consolidates this support but expands password management to allow Unix and Windows accounts to be synchronised by centralising support within Active Directory.

The philosophy behind Active Directory is to consolidate user and resource information to simplify network management. It is a major addition for Microsoft but in the face of competition from Novell Directory Services (NDS) and other LDAP implementations it cannot be effective if it only provides support for Windows 2000. The solution from Microsoft's perspective is to make Windows a focal point for mixed networks. This is apparent through SFU2's account management features.

Unix management is based on its hierarchy of Network Information System (NIS) servers and the Achilles' heel is the primary NIS server at the apex of this pyramid. SFU2 replaces the primary server with a Windows 2000 domain controller and any queries from Unix clients or secondary NIS servers are routed to it. Before Windows can take over the duties of the NIS server, data has to be imported from Unix source files for which a wizard is supplied to find and translate files such as /etc/passwd into Active Directory records. The directory then controls password synchronisation so that any changes made in the Windows NT and 2000 or Unix environments are universally implemented. It also means that Unix and Windows user names can be cross-matched and used as a basis for seamless access to services in either environment.

Synchronising to the Windows environment poses no major problems but the concept breaks down when the more stringent security rules within Unix come into play. Unix passwords are case sensitive and cannot be dictionary words. When synchronisation takes place the Unix server may reject any Windows passwords that don't comply with the latter condition and logons will be rejected if case rules are not stringently followed. In Unix environments, such as Linux, where this is the case, the only solution is to impose Unix rules on Windows platforms which means another clause in the policy document for users to follow.

In use, the SFU gateway has plenty of work to do because any files requested through the Unix NFS (Network File System) have to pass through the Windows 2000 server before delivery to the client. This not only suggests that a dedicated server should be used for the gateway but it also provides a single point of failure, an undesirable feature where mission critical applications are concerned. This could be counteracted by implementing the gateway on clustered servers but, given the workload involved, it would be better if both servers were dedicated to supporting Unix connectivity. UK prices have yet to be announced but in the US the licence cost will be $149 per server. This brings up the question of whether a dedicated cluster can be considered to be a single server or whether Microsoft will insist on strictly imposing its licensing.

In favour of Unix

Windows may be gaining greater interest as an enterprise-wide operating system but many of the larger sites targeted by Windows 2000 are based on a legacy of mission critical applications – and a legacy system is best defined as one that works. These applications have been developed over several years and have won the confidence of their users and support teams. There may be a desire to move to Windows but there is still a perceived risk despite Microsoft's efforts to dispel the reputation of Windows as being unreliable. Unix-centric corporates do not feel a need to stampede into the Windows 2000 environment, if only for the conservative adage "if it ain't broke don't fix it".

Microsoft cannot be blamed for looking at IT through its own end of the telescope especially where Unix integration depends on satisfying specific needs of the wide product range that falls under the umbrella of Unix. For many companies it's not so much a case of integrating Unix with Windows as integrating Windows within Unix, where Unix is the primary system and Windows is the terminal access medium. In this area the third parties excel – and the main operating system is one of the many flavours of Unix supported by manufacturers who are looking after their own investment in the face of Microsoft's onslaught. Many of these "Microsoft-friendly" manufacturers, such as Compaq and Hewlett-Packard, have integration policies and products that take a more realistic view of the corporate world.

SFU2 is an inexpensive patch that provides a bridge but adds little to the first iteration of Microsoft's NFS access suite and nothing to the physical integration of Windows and Unix applications. The main attraction is the addition of management features that take advantage of Active Directory but this will only really help those who wish to access their Unix files as transparently as possible while migrating applications to a Windows environment. If you plan to keep Unix for years to come, look elsewhere.

Please note, part 2 of this article follows shortly.