Service Tool Description

PRODUCT NAME

This paper describes the Compaq DSNlink Version 3.0 for OpenVMS^tm software. For convenience, the full name is abbreviated to DSNlink.

DESCRIPTION

DSNlink is a service tool that allows customers with service contracts to receive product support electronically from their Customer Support Center. Using DSNlink, customers submit and track service requests, copy files, perform searches of technical support databases, and send mail pertaining to products for which they have service contracts. Compaq specialists respond electronically to service requests. If granted permission by the customer, specialists can also log in to the customer's system to diagnose and correct problems remotely.
DSNlink provides the communications software necessary to connect to and maintain connections between a customer's DSNlink system and the Compaq host.

REQUIREMENTS FOR USING DSNlink

This service tool is available to entitled customers who have direct connections to Compaq via one of these network transports:

TCP/IP---Direct connection capabilities such as Telnet access are required. Mail-only access is not sufficient.
A public X.25 network---The X.25 transport is not available from all Customer Support Centers.
DECnet^tm
A modem transport over PSTN or ISDN lines

Customers must meet any non-commercial use requirements imposed by their network.

WHO CAN USE DSNlink?

To use DSNlink, customers must have a service contract with Compaq that meets the requirements of their Customer Support Center. There is no additional charge for the DSNlink software. However, customers must register to use DSNlink.

APPLICATIONS

DSNlink has these applications:

Service Request
Interactive Text Search
File Copy
DSNlink Mail
Remote Login

The following is an overview of the applications.

The Service Request Application
The Service Request application allows customers to get product support from the Customer Support Center. Customers can perform the following operations electronically using the Service Request application:

Send a service request to Compaq
Add information to an existing service request
Review the work on a service request
Obtain lists of open and closed service requests
Obtain a list of their supported products
Obtain a list of routing codes for their supported products

Note
Some Customer Support Centers cannot provide lists of closed service requests and supported products.

The Interactive Text Search Application
The Interactive Text Search application (ITS) allows customers to perform searches on the technical support databases related to their supported products. The databases contain engineering change orders (ECOs), articles on solved problems, Software Product Descriptions, new product information, and so forth. ITS allows customers to perform operations such as searching databases, reading and extracting articles, and copying ECOs to their systems.
The File Copy Application
The File Copy application supports file copying by customers to Compaq and from Compaq specialists to customers. The files usually pertain to service requests or are submitted for analysis. Files can be in text or binary format.
The DSNlink Mail Application
The DSNlink Mail application allows customers and Compaq to exchange mail. Some Customer Support Centers process service requests in DSNlink Mail rather than the Service Request application.
Compaq uses DSNlink Mail to send these types of communique mail to customers:

Flash mail has urgent product information, such as announcing software engineering change orders (ECOs).
Information mail is general product information.
Business mail explains new products and services and provides information about updates to existing products and services.
Survey mail requests customers' opinions on Compaq services and product quality.

Customers can specify which types of communique mail they want to receive and the recipients. Additionally, customers can specify recipients for all mail from Compaq.

UTILITIES and MAINTENANCE FEATURES

DSNlink has these utilities and maintenance features:

A local authorizations file allows the system manager to specify which local users have access to DSNlink applications.
A remote authorizations file allows the system manager to specify which remote users have access to DSNlink applications such as the Remote Login application.
A history log keeps a usage history of DSNlink applications.
The DSNlink Configuration utility allows the system manager to reconfigure DSNlink transport attributes, add, remove or correct access numbers, change Support Centers, stop and start DSNlink, rebuild the route map, and deinstall DSNlink.
The Network Exerciser application tests and troubleshoots the connections between customers' systems and Compaq. DSNlink also uses it for installation verification procedures.
DSNlink creates server log files for each connection Compaq makes to customers' systems.
The Modem Testing utility tests customers' modem components.
The SRQ utility allows customers to create a database of their supported hardware and then access items in the database when they want to submit a service requests for the hardware. The SRQ utility provides prompts for information about the service request and submits it when customers complete the information.
The VT Menu provides a menu interface to the DSNlink command line interface. Instead of starting DSNlink applications by typing commands at a system prompt, customers choose items from menus.

Customers can modify the supplied configuration file to automatically supply default values to the applications. These default values appear in the window and dialog box fields. In the command line interface, DSNlink automatically supplies values from the configuration file. Users can override the default values if desired.

SECURITY

This section explains the security features of DSNlink.

Encryption

There are two DSNlink Version 3.0 kits:

DSNlink Version 3.0 (includes encryption as described in this section)
DSNlink NE Version 3.0 (has no encryption software)
This kit is intended for customers who cannot install encrypted software.

Customers can determine which version they have by using the DSN SHOW VERSION command.
DSNlink encrypts communications between customers' systems and Compaq. The customer's system and the Compaq host negotiate which cipher to use from among these ciphers:

Triple DES (TDES) using a 168-bit key
RC5 using a 128-bit key (RC5_128)
RC4 using a 128-bit key (RC4_128)
Data Encryption System (DES) using a 56-bit key

The default is the strongest cipher, Triple DES.
DSNlink encrypts all communications by DSNlink applications, including System-Initiated Call Logging (SICL) (which is not included with DSNlink).
Both the Compaq host and customers' systems must install DSNlink Version 3.0 for communications to be encrypted.

Authentication

To prevent impersonation and unauthorized access, DSNlink connections undergo a rigorous cryptographic authentication and authorization process. For authentication, DSNlink Version 3.0 uses hash-based message authentication code (HMAC) functions to combine the message to be sent and the authentication key. The result is hashed with message digest algorithms to produce the signature.
The HMAC functions in DSNlink Version 3.0 are:

RMD160 uses the RIPEMD cryptographic hash function, which produces a 160-bit signature.
SHA1 uses the SHA--1 (Secure Hash Algorithm) cryptographic hash function, which produces a 160-bit signature.
SR160 uses both the SHA-1 and RIPEMD-160 hash functions and produces a 160-bit signature. SR160 is the default.

SR160, RIPEMD-160, and SHA-1 meet RFC 2104 guidelines.
MD5, which produces a 128-bit signature, is also provided for backward compatibility with DSNlink Version 2.
Customers can request new authentication keys from their Customer Support Center that provide 160 bits of entrophy, compared to the 80 bits of entrophy provided by MD5 keys.

Export Restrictions

Because DSNlink contains encryption algorithms, it is subject to U.S. Export Administration Regulations pertaining to encryption items. DSNlink has been granted Retail status under License Exception ENC by the Bureau of Export Administration, U.S. Department of Commerce. For questions regarding restrictions associated with this classification, contact the U.S. Export Office.

Security for Applications

The following sections explain the security measures for each DSNlink application.

All applications record their activities in log files on both the customer's and Compaq's systems.
The Name Services Directory application performs connection forwarding and redirecting services in the DsnGateway layer. This application accesses only the route map database. It never accepts a DsnSession layer connection.
The DSNlink Mail application sends mail messages between systems. The customer's remote authorizations file must permit access by the DSNlink Mail application. The DSNlink mail server interacts only with the mail agent on the customer's system.
The Interactive Text Search (ITS) application allows a customer to access articles in Compaq's technical support databases. This is a customer-to-Compaq connection only. DSNlink cannot connect to a customer's system using ITS.
The Remote Login application allows a Compaq specialist to log in to a customer's system. Before logging in, the customer provides the specialist with a user name and password and changes the DSNlink remote authorizations file to enable the Remote Login application. The DsnSession layer performs authentication.
The Network Exerciser application performs simple loopback tests. The Network Exerciser accesses only its log file on the customer's system. Customers can control access by the application with the remote authorizations file.
The Service Request application allows customers to send electronic service requests to Compaq. Specialists reply using DSNlink Mail. Compaq cannot connect to a customer's system with the Service Request application.
The File Copy application transfers files between a customer's system and the DSNlink host system. Compaq cannot copy files to a customer's system unless the customer's remote authorizations file permits it. If access is allowed, Compaq copies files to a specific incoming files directory only.

SOFTWARE and HARDWARE REQUIREMENTS

Software Requirements:

OpenVMS Version 6.2, 7.1, or 7.2 on VAX^tm or Alpha^tm systems, VMS Version 5.5-2 on VAX systems only
The C/C++ Run-Time Components (AACRT060.A) on systems running VMS Version 5.5-2.
Motif Version 1.2-4 or higher for systems that use the DECwindows Motif interface
Netscape (to display the online help)
Network software for the chosen transport:
- DECnet (Phase IV or DECnet/OSI)
- TCP/IP software:
  Digital TCP/IP Services for OpenVMS Version 3.3 or higher
  MultiNet Version 4.2 or higher
  TCPware Version 5.4 or higher
- X.25 (DECnet/OSI)
Modems must use MNP (Microcom Networking Protocol) class 5 error checking and data compression software

Hardware Requirements:

An Alpha or VAX system
If a modem is used, it must be dedicated to DSNlink
If a DECserver is used, the DECserver 700/MC systems are supported

USER INTERFACES

DSNlink has two user interfaces for each application:

The DECwindows Motif interface
A command line interface

DISK SPACE REQUIREMENTS

The following table shows the space required by the kits.

Platform Kit Size

Alpha 18,000 blocks

VAX 17,000 blocks

Uncompressed combined kit 39,000 blocks

Platform	Kit Size
Alpha	18,000 blocks
VAX	17,000 blocks
Uncompressed combined kit	39,000 blocks

DSNlink COMMUNICATIONS

The following sections provide a high-level overview of the communication mechanisms used within DSNlink:

An architectural overview
Domain and node identifiers
Protocols used by the DSNlink communication software
Details about the use of DSNlink applications over a TCP/IP network such as the Internet

DSNlink Architectural Overview

DSNlink provides secure communications even in a hostile networking environment. The architecture, a client/server model, defines five layers: DSNlink Application, DsnSession, DsnGateway, DsnTransport, and the networks. The layers are arranged as shown in Figure 1.

DSNlink Communications Layers

The DSNlink Application layer provides services for a specific application.
The DsnSession layer provides data security through encryption and a three-way cryptographic challenge-response handshake. A secret key method is used for signing the handshake messages. The Session layer also compresses data, which improves network throughput. The DsnSession layer assumes that the underlying layers provide no security. An established connection at this layer guarantees the identity of the client and server to each other.
The DsnGateway layer allows an unlimited number of systems to communicate using heterogeneous protocols. Figure 2 shows gateway nodes connecting heterogeneous protocols between client and server nodes.
Gateways and Heterogeneous Network Protocols

The DsnGateway layer uses a routing database called the route map to manage connections.
The DsnTransport layer selects the appropriate transport and resolves differences between message-oriented network protocols such as X.25 and stream-oriented protocols such as TCP/IP by providing a stream-oriented interface to the DsnGateway layer.
The host operating system provides the networks.

DSNlink Domains and Nodes

DSNlink uses domain and node names to identify individual systems. A DSNlink domain name is an enterprise-wide name used for security and obligation purposes. Compaq uses a customer's access number, obligation identifier, hardware serial number, or contract number as the DSNlink domain name. Compaq uses the word "digital" as its DSNlink domain name. Authentication keys are identified based on this source domain and destination domain relationship.

A DSNlink node name identifies a system within a DSNlink domain. This relationship allows multiple nodes running DSNlink to use the same domain name. A DSNlink node may exist in more than one DSNlink domain, which allows one DSNlink node to choose among multiple access numbers. Usually the DSNlink node name is the IP host name or DECnet node name of the system.

Protocols

The Application, DsnSession, and DsnGateway layers each use their own protocols to provide the necessary services. The DsnTransport layer does not add any protocol to the underlying raw transport.

The DsnGateway protocol performs redirecting and forwarding functions, which provide connection failover and hopping from one network protocol to another.
The DsnSession protocol provides a session context with source and destination identities. Each identity consists of a domain, node, and user tuple.
Each application has its own protocol that includes an authorization check. Because the identities have been validated by the DsnSession layer, the application server uses the client's domain, node, and user DsnSession attributes.

Configuring Firewalls to Use TCP/IP with DSNlink Applications

Customers must configure their firewalls to permit communications between their systems and Compaq. DSNlink uses a single TCP/IP port, 2370, for the Name Services Directory application.

SOFTWARE LICENSING INFORMATION

This service tool software is furnished under the licensing provisions of Compaq Computer Corporation's Proprietary Service Tool Software license. For more information about licensing terms and policies, contact your local Compaq office.

ORDERING INFORMATION

Contact your Compaq Account Support Representative or call your local Customer Support Center. The part numbers to order DSNlink on CD-ROM are as follows:

QA-6FRAA-H8 --- DSNlink Version 3.0 (with encryption)
QA-YLRAA-H8 --- DSNlink NE Version 3.0 (without encryption)

DISTRIBUTION SOURCES

Once customers have been authorized to use DSNlink and have an access number, the location of their Customer Support Center, and an authentication key, they can prepare to install DSNlink by copying the compressed Alpha and VAX kits from these sources:

This Compaq DSNlink Web site:
http://www.support.compaq.com/dsnlink/kit_vms_v30.htm
This FTP directory:
ftp.support.compaq.com
Set default to public/DSNlink/ovms-alpha to get the kit to install on an Alpha system or public/DSNlink/vax to install on a VAX system.

Compaq, DECnet, VAX, and the Compaq logo Registered in U.S. Patent and Trademark Office.

OpenVMS and Alpha are trademarks of Compaq Information Technologies Group, L.P. Motif is a trademark of The Open Group.

All other product names mentioned herein may be trademarks or registered trademarks of their respective companies.

The MD5 software contained in this product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

Confidential computer software. Valid license from Compaq required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statement accompanying such products. Nothing herein should be construed as constituting an additional warranty.

Exports of this product are subject to U.S. Export Administration. Regulations pertaining to encryption items and may require that the exporter obtain individual export authorization from the U.S. Department of Commerce.