Compaq Computer Corporation

                              Service Tool Description



          1  PRODUCT NAME

          This paper describes the DSNlink Version 3.0 for Compaq
          Tru64[TM] UNIX software. For convenience, the full name is
          abbreviated to DSNlink.


          1.1  DESCRIPTION

          DSNlink is a service tool that allows customers with service
          contracts to receive product support electronically from their
          Customer Support Center. Using DSNlink, customers submit and
          track service requests, copy files, perform searches of techni-
          cal support databases, and send mail pertaining to products for
          which they have service contracts. Compaq specialists respond
          electronically to service requests. If granted permission by the
          customer, specialists can also log in to the customer's system
          to diagnose and correct problems remotely.

          DSNlink provides the communications software necessary to con-
          nect to and maintain connections between a customer's DSNlink
          system and the Compaq host.


          1.2  REQUIREMENTS FOR USING DSNlink

          This service tool is available to entitled customers who have
          direct connections to Compaq via one of these network trans-
          ports:

          o  TCP/IP-Direct connection capabilities such as Telnet access
             are required. Mail-only access is not sufficient.

          o  A public X.25 network-The X.25 transport is not available
             from all Customer Support Centers.

          o  DECnet[TM]/OSI

          o  A modem transport over PSTN or ISDN lines

          Customers must meet any non-commercial use requirements imposed
          by their network.







                                                                         1

 






          1.3  WHO CAN USE DSNlink?

          To use DSNlink, customers must have a service contract with
          Compaq that meets the requirements of their Customer Support
          Center. There is no additional charge for the DSNlink software.
          However, customers must register to use DSNlink.


          1.4  APPLICATIONS

          DSNlink has these applications:

          o  Service Request

          o  Interactive Text Search

          o  File Copy

          o  DSNlink Mail

          o  Remote Login

          The following is an overview of the applications.

          The Service Request Application

          The Service Request application allows the customer to get prod-
          uct support from a specialist at the Customer Support Center.
          The customer performs the following operations electronically
          using the Service Request application:

          o  Send a service request to Compaq

          o  Add information to an existing service request

          o  Review the work on a service request

          o  Obtain lists of open and closed service requests

          o  Obtain the list of products with service contracts

          o  Obtain a list of routing codes for their supported products

                                        NOTE

             Some Customer Support Centers cannot provide lists of
             closed service requests and supported products.








          2

 






          The Interactive Text Search Application

          The Interactive Text Search application (ITS) allows customers
          to perform searches on the technical support databases related
          to their supported products. The databases contain engineering
          change orders (ECOs), articles on solved problems, Software
          Product Descriptions, new product information, and so forth.
          ITS allows customers to perform operations such as searching
          databases, reading and extracting articles, and copying ECOs to
          their systems.

          The File Copy Application

          The File Copy application supports file copying to and from the
          customer's system and the Compaq host. The files usually pertain
          to service requests or are submitted for analysis. Files can be
          in text or binary format.

          The DSNlink Mail Application

          The DSNlink Mail application allows customers and Compaq to
          exchange mail. Some Customer Support Centers process service
          requests in DSNlink Mail rather than the Service Request appli-
          cation.

          Compaq uses DSNlink Mail to send these types of communique mail
          to customers:

          o  Flash mail has urgent product information, such as announcing
             software engineering change orders (ECOs).

          o  Information mail is general product information.

          o  Business mail explains new products and services and provides
             information about updates to existing products and services.

          o  Survey mail requests customers' opinions on Compaq services
             and product quality.

          Customers can specify which types of communique mail they want
          to receive and the recipients. Additionally, customers can
          specify recipients for all mail from Compaq.

          1.5  UTILITIES and MAINTENANCE FEATURES

          DSNlink has these utilities and maintenance features:

          o  A local authorizations file allows the system administrator
             to specify which local users have access to DSNlink applica-
             tions.

          o  A remote authorizations file allows the system administra-
             tor to specify which remote users have access to DSNlink
             applications such as the Remote Login application.

          o  A history log keeps a usage history of DSNlink applications.

                                                                         3

 






          o  The DSNlink Setup utility allows the system administrator
             to modify various DSNlink communication attributes, create
             mailing lists for Compaq mail to customers, display the
             version number of DSNlink images, and perform several other
             administration tasks.

          o  The Network Exerciser utility tests the connections be-
             tween your system and Compaq. It provides troubleshooting
             for DSNlink much like "ping" does for IP and "ncp loop node"
             does for DECnet. DSNlink also uses it for installation veri-
             fication procedures.

          o  DSNlink creates server log files for each connection Compaq
             makes to customers' systems.

          Customers can modify the supplied configuration file to auto-
          matically supply default values required by the applications.
          These default values appear in the window and dialog box fields.
          In the command line interface, DSNlink automatically supplies
          values from the configuration file. Users can override these
          default values if desired.


          1.6  SECURITY

          This section explains the security features of DSNlink.
          1.6.1  Encryption

          There are two DSNlink Version 3.0 kits:

          o  DSNlink Version 3.0 (includes encryption as described in this
             section)

          o  DSNlink NE Version 3.0 (has no encryption software)

             This kit is intended for customers who cannot install en-
             crypted software.

          Customers can determine which version they have by using the
          dsnversion command.

          DSNlink encrypts communications between customers' systems and
          Compaq. The customer's system and the Compaq host negotiate
          which cipher to use from among these ciphers:

          -  Triple DES (TDES) using a 168-bit key

          -  RC5 using a 128-bit key (RC5_128)

          -  RC4 using a 128-bit key (RC4_128)

          -  Data Encryption System (DES) using a 56-bit key

          The default is the strongest cipher, Triple DES.

          4

 






          DSNlink encrypts all communications by DSNlink applications,
          including System-Initiated Call Logging (SICL) (which is not
          included with DSNlink).

          Both the Compaq host and customers' systems must install DSNlink
          Version 3.0 for communications to be encrypted.

          1.6.2  Authentication

          To prevent impersonation and unauthorized access, DSNlink con-
          nections undergo a rigorous cryptographic authentication and
          authorization process. For authentication, DSNlink Version 3.0
          uses hash-based message authentication code (HMAC) functions to
          combine the message to be sent and the authentication key. The
          result is hashed with message digest algorithms to produce the
          signature.

          The HMAC functions in DSNlink Version 3.0 are:

          o  RMD160 uses the RIPEMD cryptographic hash function, which
             produces a 160-bit signature.

          o  SHA1 uses the SHA-1 (Secure Hash Algorithm) cryptographic
             hash function, which produces a 160-bit signature.

          o  SR160 uses both the SHA-1 and RIPEMD-160 hash functions and
             produces a 160-bit signature. SR160 is the default.

          SR160, RIPEMD-160, and SHA-1 meet RFC 2104 guidelines.

          MD5, which produces a 128-bit signature, is also provided for
          backwards compatibility with DSNlink Version 2.

          Customers can request new authentication keys from their Cus-
          tomer Support Center that provide 160 bits of entrophy, compared
          to the 80 bits of entrophy provided by MD5 keys.

          1.6.3  Export Restrictions

          Because DSNlink contains encryption algorithms, it is subject to
          U.S. Export Administration Regulations pertaining to encryption
          items. DSNlink has been granted Retail status under License
          Exception ENC by the Bureau of Export Administration, U.S.
          Department of Commerce. For questions regarding restrictions
          associated with this classification, contact the U.S. Export
          Office.









                                                                         5

 






          1.6.4  SECURITY FOR APPLICATIONS

          The following sections explain the security measures for each
          DSNlink application.

          o  All applications create log files on both the customer's and
             Compaq's systems which record activity by the applications.

          o  The Name Services Directory application performs connection
             forwarding and redirecting services in the DsnGateway layer.
             This application accesses only the route map database. It
             never accepts a DsnSession layer connection.

          o  The File Copy application transfers files between a vendor
             and a customer. Compaq cannot copy files to or from a cus-
             tomer's system unless the customer's remote authorizations
             file permits access by Compaq. If access is allowed, Compaq
             is restricted to copying files to and from specific incoming
             and outgoing directories.




































          6

 






          o  The DSNlink Mail application sends mail messages between
             systems. The customers' remote authorizations file must per-
             mit access by the DSNlink Mail application. The DSNlink mail
             server interacts only with the mail agent on the customer
             system.

          o  The Interactive Text Search (ITS) application allows a
             customer to access articles in Compaq's technical support
             databases. This is a customer-to-Compaq connection only.
             DSNlink cannot connect to a customer's system using ITS.

          o  The Remote Login application allows a Compaq specialist to
             log in to a customer's system. In addition to the authentica-
             tion performed by the DsnSession layer, a Compaq specialist
             needs a valid user name and password to log in. Additionally,
             the DSNlink kit's default remote authorizations file dis-
             allows this application; it must be manually enabled by the
             customer.

          o  The Network Exerciser application performs simple loopback
             tests. The Network Exerciser accesses only its log file on
             the customer's system. Customers can control access by the
             application with the remote authorizations file.

          o  The Service Request application allows customers to send
             electronic service requests to Compaq. Specialists reply
             using DSNlink Mail. Compaq cannot connect to a customer's
             system with the Service Request application.

          1.7  USER INTERFACES

          DSNlink has two user interfaces for each application:

          o  The DECwindows Motif interface

          o  A command line interface

          1.8  DISK SPACE REQUIREMENTS

          The following table shows the free space required to install
          DSNlink.

          ________________________________________________________________
          Kit_Size________/usr____________/var____________________________

          22_MB___________21_MB___________1_MB____________________________









                                                                         7

 






          1.9  SOFTWARE and HARDWARE REQUIREMENTS


          Software Requirements

          The supported versions of the operating system are Tru64 UNIX
          Versions 4.0d, 4.0e, 4.0f, 5.0, 5.0a, and 5.1.
          Clusters running Tru64 UNIX Version 5.0a or 5.1 are supported
          with these restrictions:


          o  Customers can use only the TCP/IP transport.

          o  Customers must supply the cluster alias name for the DSNlink
             node name during the installation procedure.

          o  The installation makes all nodes in the cluster either A
             nodes or B nodes, depending on which node type is specified
             during the installation.

          The necessary software for Tru64 UNIX is the DEC OSF/1 Base
          System (OSFBASE), which must be loaded on the system where
          DSNlink is installed.

          Netscape is required to display the online help.

          Hardware Requirements

          DSNlink runs on Alpha[TM] systems.

          If a DECserver is used, DECserver 700 systems are supported.

          Diskless workstations are not supported.



          1.10  MEMORY REQUIREMENTS

          The minimum supported memory for this application running in
          a standalone DECwindows environment with both the client and
          server executing on that same system is 32 MB.














          8

 






          1.11  DSNlink COMMUNICATIONS

          The following sections provide a high-level overview of the
          communication mechanisms used within DSNlink:

          o  An architectural overview

          o  Domain and node identifiers

          o  Protocols used by the DSNlink communication software

          o  Details about the use of DSNlink applications over a TCP/IP
             network such as the Internet

          1.11.1  DSNlink Architectural Overview

          DSNlink provides secure communications even in a hostile net-
          working environment. The architecture, a client/server model,
          defines five layers: DSNlink Application, DsnSession, DsnGate-
          way, DsnTransport, and the networks.

          o  The DSNlink Application layer provides services for a spe-
             cific application.

          o  The DsnSession layer provides data security through compres-
             sion and a three-way cryptographic challenge-response hand-
             shake. A secret key method is used for signing the handshake
             messages. The DsnSession layer assumes that the underlying
             layers provide no security. An established connection at this
             layer guarantees the identity of the client and server to
             each other.
























                                                                         9

 






          o  The DsnGateway layer allows an unlimited number of systems to
             communicate using heterogeneous protocols.

             The DsnGateway layer uses a routing database called the route
             map to manage connections.

          o  The DsnTransport layer selects the appropriate transport
             and resolves differences between message-oriented network
             protocols such as X.25 and stream-oriented protocols such
             as TCP/IP by providing a stream-oriented interface to the
             DsnGateway layer.

          o  The host operating system provides the networks.



          1.11.2  DSNlink Domains and Nodes

          DSNlink uses domain and node names to identify individual sys-
          tems.

          A DSNlink domain name is an enterprise-wide name used for secu-
          rity and obligation purposes. Compaq uses a customer's access
          number, obligation identifier, hardware model number, or con-
          tract number as the DSNlink domain name. Compaq uses the word
          "digital" as its DSNlink domain name. Authentication keys are
          identified based on this source domain and destination domain
          relationship.

          A DSNlink node name identifies a system within a DSNlink domain.
          This relationship allows multiple nodes running DSNlink to use
          the same domain name. A DSNlink node may exist in more than one
          DSNlink domain, which allows one DSNlink node to choose among
          multiple access numbers. Usually the DSNlink node name is the IP
          host name or DECnet node name of the system.

          1.11.3  Protocols

          The Application, DsnSession, and DsnGateway layers each use
          their own protocols to provide the necessary services. The
          DsnTransport layer does not add any protocol to the underlying
          raw transport.

          o  The DsnGateway protocol performs redirecting and forwarding
             functions, which provide connection failover and hopping from
             one network protocol to another.

          o  The DsnSession protocol provides a session context with
             source and destination identities. Each identity consists
             of a domain, node, and user tuple.





          10

 






          o  Each application has its own protocol which includes an au-
             thorization check. Because the identities have been validated
             by the DsnSession layer, the application server uses the
             client's domain, node, and user DsnSession attributes.



          1.11.4  Configuring Firewalls to Use TCP/IP with DSNlink
                  Applications

          Customers must configure their firewalls to permit communica-
          tions between their systems and Compaq. DSNlink uses a single
          TCP/IP port, 2370, for the Name Services Directory application.


          1.12  SOFTWARE LICENSING INFORMATION

          This service tool software is furnished under the licensing
          provisions of Compaq Computer Corporation's Proprietary Service
          Tool Software license. For more information about licensing
          terms and policies, contact your local Compaq office.


          1.13  ORDERING INFORMATION

          Contact your Compaq Account Support Representative or call your
          local Customer Support Center. The part numbers to order DSNlink
          on a CD-ROM are as follows:

          o  QA-6FRAB-H8 - DSNlink Version 3.0 (with encryption)

          o  QA-3RUAA-H8 - DSNlink NE Version 3.0 (without encryption)


          1.14  DISTRIBUTION SOURCES

          Once customers have been authorized to use DSNlink and have an
          access number, the location of their Customer Support Center,
          and an authentication key, they can prepare to install DSNlink
          by copying the compressed kit from these sources:

          o  This Compaq DSNlink Web site:

             http://www.support.compaq.com/dsnlink/kit_unix_v30.html

          o  This FTP directory:

             ftp.support.compaq.com

             Set default to public/DSNlink/unix

          © 1989, 2000 Compaq Computer Corporation.



                                                                        11

 






          Compaq, DECnet, and the Compaq logo Registered in U.S. Patent
          and Trademark Office.

          Alpha and Tru64 are trademarks of Compaq Information Technolo-
          gies Group, L.P.

          Motif and UNIX are trademarks of The Open Group.

          All other product names mentioned herein may be trademarks or
          registered trademarks of their respective companies.



          The MD5 software contained in this product is derived from the
          RSA Data Security, Inc. MD5 Message-Digest Algorithm.

          Confidential computer software. Valid license from Compaq re-
          quired for possession, use or copying. Consistent with FAR
          12.211 and 12.212, Commercial Computer Software, Computer Soft-
          ware Documentation, and Technical Data for Commercial Items
          are licensed to the U.S. Government under vendor's standard
          commercial license.

          Compaq shall not be liable for technical or editorial errors
          or omissions contained herein. The information in this document
          is subject to change without notice. The warranties for Compaq
          products are set forth in the express limited warranty statement
          accompanying such products. Nothing herein should be construed
          as constituting an additional warranty.

          Exports of this product are subject to U.S. Export Administra-
          tion. Regulations pertaining to encryption items and may require
          that the exporter obtain individual export authorization from
          the U.S. Department of Commerce.





















          12