IBM United States
Software Announcement 201-314
November 13, 2001

IBM DCE V3.2 for AIX and IBM DCE V3.2 for Solaris Enables DCE Security Registry and Lightweight Directory Access Protocol Integration

 ENUS201-314.PDF (78KB)

(Corrected on April 9, 2002)

Price was loaded as $129, should have been $149.

At a Glance

DCE V3.2 for AIX and DCE V3.2 for Solaris offer seamless, integrated, open distributed services for the client/server environment. New features include:

  • DCE Security Registry and LDAP Integration

    Migrate security information stored in the DCE Security Registry to a LDAP directory.

  • Improved Kerberos V5 delegation support in GSSAPI

    Support of DCE GSSAPI delegation with the Kerberos V5 mechanism by implementing support of a DCE initiator to a Kerberos acceptor with delegation.

  • Public Key Certificate Login Support of Entrust V5

    Use of Entrust V5 with DCE certificate-based authentication.

  • Support of Netscape V4 Web Servers

    Use Netscape/iPlanet FastTrack 4.1, Netscape/iPlanet Enterprise 4.0, or Netscape/iPlanet Enterprise 4.1 Web servers.

  • Upgraded Compiler Support (AIX only)

    Supports the use of the AIX VisualAge® C++ V5.0 compiler with DCE applications.

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: YE001).

Overview

Distributed Computing Environment (DCE) V3.2 for AIX® and DCE V3.2 for Solaris enables administrators to integrate their existing Security Registry with a Lightweight Directory Access Protocol (LDAP) directory.

DCE V3.2 extends current Internet standards (introduced in the previous releases of DCE), and protects investment in distributed computing.

DCE V3.2 supports the creation, use, and maintenance of distributed applications in a diverse network computing environment.

DCE programs include DCE services, interfaces, and tools that are based on The Open Group (TOG) — formerly known as the Open Software Foundation (OSF).

The key components of DCE 3.2 are:

DCE Base Services

  • Includes software for client systems and the data encryption standard library
  • Provides support for remote procedure calls (RPC), the client functionality for cell directory service, security, time, messaging, and serviceability
  • Provides support for integrating DCE security services with the operating system security

DCE Security Services

  • Enables secure communications and controlled access to resources
  • Provides a set of the security-related functions including authentication, secure communication, authorization, public key certificate login, and security replication

DCE Cell Directory Services (CDS)

  • Offers a central repository for information about resources in the distributed system, including users, machines, and RPC-based services
  • Provides a directory service, which consists of the CDS and the Global Directory Agent (GDA).

Key Prerequisites

  • RS/6000®, or equivalent systems, that support the AIX Operating System V4.3.3 and the AIX Operating System V5.1 32-bit Power Architecture
  • Sun SPARC systems that support Solaris 7 and Solaris 8
  • The DCE Security Registry and LDAP Integration Feature supports the following LDAP server implementations:
    • SecureWay® Directory 3.2.1
    • Netscape/iPlanet Directory Server 4.13 on Solaris 7
    • Netscape/iPlanet Directory Server 5.0 on Solaris 8

Planned Availability Date

November 30, 2001

Description

Distributed Computing Environment (DCE) V3.2 for AIX and DCE V3.2 for Solaris:

  • Are based on the core services provided in OSF DCE Release 1.2.2
  • Contain the components required for a DCE network that includes AIX and Solaris servers and clients

For information about Windows® DCE clients, refer to Software Announcement 298-422 , dated November 17, 1998 (DCE V2.2 for Windows NT®).

DCE V3.2 Base Services

The DCE Base Services component supports remote procedure calls, the client function for cell directory and security services, time, messaging, and serviceability. It also supports integrated DCE security services with AIX and Solaris base operating system security. DCE administration tools are included for such functions as configuring a cell, adding and deleting users in a cell, and adding servers and clients to a cell.

Client Services include:

  • Remote Procedure Call (RPC) can be used to create and run client and server applications. The RPC runtime service implements the network protocols and maintains the endpoint database by which the client and server sides of an application communicate.
  • DCE Threads Compatibility Library is a programming model for building concurrent applications that perform many operations simultaneously. It supports multithreaded applications (based on POSIX 1003.4a Draft 4) that use the DCE threading model.
  • Multithreaded Programming Environment allows multiple threads to call standard C library functions without interfering with one another.
  • Distributed Time Service (DTS) synchronizes time in the distributed network environment on the computers participating in a DCE cell with coordinated universal time (UTC), an international time standard.
  • CDS client is the interface between the CDS client application and CDS servers.
  • Slim client configuration capabilities require less memory and administration.
  • Data Encryption Standard (DES) Library provides a programming interface that enables RPC application data encryption. This feature utilizes the DES algorithms that are part of the DCE program package and Base Services. Export of DES products is under the jurisdiction of the U.S. Department of Commerce. The DCE 3.2 DES Library has been cleared for export outside the U.S. and Canada, but may still be subject to import regulations in some countries, including France.
  • Security Client allows client applications to interact with security servers and provides authentication, authorization, and secure communications. In addition, the Security services provide the following:
    • AIX and Solaris Security Integration coordinates the AIX and Solaris base operating systems security services with the DCE security services so users can log in to AIX or Solaris and obtain DCE credentials at the same time.
    • GSSAPI Extensions provide non-RPC applications the ability to use the DCE security authentication protocol.

      Enhancements in this release provide the full support of DCE GSSAPI delegation with the Kerberos V5 mechanism by implementing support of a DCE initiator to a Kerberos acceptor with delegation.

    • Audit Service provides the ability to log and record critical events in DCE core servers and DCE application servers based on specific criteria.
    • Password Strength Server maintains control of password characteristics such as length, use of alphanumeric characters, and whether a password can be user-generated. It also allows customized password checking and generation.
  • DCE Web Administration (AIX only) allows you to administer DCE users, groups, organizations, and ACLs from any Web browser. The Web utilities must be installed and configured on a workstation that has Netscape/iPlanet FastTrack 4.1, Netscape/iPlanet Enterprise 4.0, or Netscape/iPlanet Enterprise 4.1 WebServer, and a DCE client. Administration of the DCE cell using a Web browser is possible from a machine that is not configured into the cell.
  • Web Secure provides DCE credentials to CGI programs and authenticated access through Web browsers.
  • System Management Interface Tool (SMIT) (AIX only) for DCE uses interactive menus to guide you through many system management tasks. The DCE Compatibility fileset, "dce.compat," must be installed before you access the SMIT menus for DCE.
  • DCE System Management includes two management tools:
    • Simple Network Management Protocol (SNMP) for network-management support in the TCP/IP environment to monitor DCE resources and services.
    • Event Management Service (EMS) for asynchronous event support for DCE-based applications and management of event services in a DCE cell.

      EMS consists of the EMS server and APIs to access event services through an interface to the suppliers, consumers, and event service administration for use by EMS clients.

  • DCE for Application Developers includes tools for DCE administration and application development support. These tools include a language and its compiler that support development of distributed applications following the client/server model. It automatically generates code that transforms procedure calls into network messages.
  • DCE XDS/XOM provides APIs to the CDS namespace. A library of functions is available for accessing the directory services.
  • DCE Messages provides messages for the DCE components.

DCE V3.2 Security Services

These services enable secure communications and controlled access to resources.

  • Authentication Service enables two processes on different machines to be certain of each other's identity.
  • Secure Communication protects communication by integrating DCE RPC with the Security Service.
  • Authorization controls access to resources by comparing the credentials conferred to a user by the Privilege Server with the rights to resources specified in the ACL.
  • Privilege Server checks which resources are authorized to the user, which permissions are required, and if the user has those permissions.
  • Access Control List (ACL) Facility manages lists of users who are authorized to access a given resource. An ACL API allows programmers to manipulate ACLs. Other commands allow users to modify ACLs associated with resources that they own.
  • Login Facility initializes a user's DCE security environment by authenticating the user to the Security Service through the user's password. It then authenticates the user to the required distributed services.
  • Security Replication replicates the Master Registry Database to one or more Slave Registry Databases. Commands are used to view and manipulate the state of both Master and Slave replicas.
  • Extended Registry Attributes expands the static registry of principal, group, and account to a dynamic set of registry attributes that can be customized to a cell.
  • Security Registry and LDAP Integration adds the capability for migrating security information stored in the DCE Security Registry to a LDAP directory. This allows other applications to share security data with DCE and can eliminate the administrative overhead of maintaining separate databases for DCE and LDAP-based applications. The LDAP schema utilized by this feature is based on The Open Group DCE LDAP Schema (Draft 2001).
  • Public Key Certificate Login allows DCE users to prove their identity to the DCE authentication service using an X.509v3 digital certificate and its associated public key pair rather than a shared-secret key password. Public Key Certificate Login is based on OSF-RFC 68.4 and requires the Entrust Public Key Infrastructure (PKI).

DCE V3.2 Cell Directory Services (CDS)

CDS is a central repository for the names of resources and the associated attributes of the resources in the distributed system. Typical resources are users, machines, and RPC-based services. Typical attributes include a user's home directory or the location of an RPC-based server.

  • The Directory Service consists of the CDS and the Global Directory Agent (GDA). The CDS manages a database of information about the resources in a group of machines called a DCE cell and provides location-independent naming for servers. The GDA enables intercell communications by locating cells registered in the global naming environment.

Accessibility by People with Disabilities

The following features support use by people with disabilities:

  • Operation by keyboard alone
  • Support for system font enlargement and high-contrast display settings

Euro Currency

These programs are not impacted by euro currency.

Product Positioning

DCE provides an integrated approach to security, naming, interprocess communication, and resource management in a multivendor, distributed, heterogeneous networked environment.

OSF DCE V1.2.2, on which these products are based, was adopted as part of the X/Open Common Application Environment (CAE). This distinction helps facilitate the development and deployment of portable, interoperable applications for multivendor, heterogeneous networked environments.

DCE V3.2 can migrate security information stored in the DCE Security Registry to a LDAP directory. It offers support for public key authentication, Web-based system administration, and Kerberos V5 interoperability. In conjunction with these features, this release includes support for newer versions of the Netscape/iPlanet Web servers and Entrust V5.

DCE V3.2 is for three sets of customers:

  • Those who want to upgrade existing DCE environments to obtain continued support of legacy DCE functionality and newer versions of prerequisite software.
  • Those who want to consolidate existing DCE- and LDAP-based environments.
  • Those who want to migrate from an existing DCE environment to one which utilizes LDAP and stand-alone Kerberos V5.

Practical applications for DCE include:

  • Three-tiered insurance application for forms processing with TXSeries™, DCE, and IMS™ on MVS™
  • Load balancing for recording and disseminating critical satellite data
  • Real-time order processing for a large telecommunication company
  • Goods and vehicle tracking system for a large transportation company
  • Government file-sharing applications with appropriate versions of DFS™

Reference Information

For more information about DCE, refer to:

For additional DCE and related product information, refer to the following IBM Software Announcements:

  • Software Announcement 299-290 , dated September 28, 1999, DCE V3.1 for AIX and DCE V3.1 for Solaris
  • Software Announcement 200-400 , dated November 28, 2000, Service Extensions for Selected DCE Programs
  • Software Announcement 298-422 , dated November 17, 1998, DCE V2.2 for Windows NT

Trademarks

 
IMS, MVS, TXSeries, and DFS are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
AIX, RS/6000, SecureWay, and VisualAge are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Windows and Windows NT are registered trademarks of Microsoft Corporation.
 
Other company, product, and service names may be trademarks or service marks of others.

Offering Information

Product information is available through Offering Information (OITOOL) at:

Publications

Each of the program packages in this announcement include printed Release Notes and Quick Beginnings publications. All other publications are available on the product CD-ROM and are viewable online. If you prefer hardcopy documentation, a set of printable PDF files is also included on the product CD-ROM.

Displayable Softcopy Publications: All publications, except Release Notes, are offered in displayable softcopy form. The files are shipped on the same media type as the basic machine-readable CD-ROM.

These displayable manuals can be used with the following:

  • HTML files are viewable from any frame-enabled Web browser, such as Netscape Navigator.
  • PDF files are viewable with a PDF viewer, such as Adobe Acrobat Reader.
  • Plain Text files are viewable with any text editor, such as vi.

Technical Information

Hardware Requirements

The DCE V3.2 for AIX® is intended for use on RS/6000® systems (or equivalent) that run the AIX 4.3.3 or 5.1 Operating Systems. The required disk space and memory may vary, depending on individual network environment, configuration, and applications.

The following chart indicates the currently available disk space requirements. Note that the sizes are approximations and may vary due to specific customer requirements. Contact your IBM representative to discuss your specific situation.

Program                     Installable               Space
Name                        Packages                  in MB
 
DCE for AIX, V3.2
Base Services               See Base Services         91.73
Security Services           dce.security              5.8
Cell Directory Services     dce.cds                   1.4
 Total for Program Pkg                                98.93
 
DCE V3.2 for AIX,           dce.client
  Base Services             dce.msg.en_US             23.1
                            dce.sysmgmt               1.4
                            dce.tools                 6.61
                            dce.xdsxom                5.7
                            dce.priv                  0.9
                            dce.doc: total of all     0.3
                            dce.doc.rte.ascii         53.42
                            dce.doc.en_US.ascii       0.1
                            dce.doc.en_US.html        11.8
                            dce.doc.en_US.pdf         25.1
                            dce.web                   16.42
                            dce.bundles               0.1
                            dce.compat                0.1
                                                      0.1
Total for Program Pkg       91.73

Note: Other non-U.S. languages are available. Exact sizes are provided in the DCE V3.2 for AIX README file.

The DCE V3.2 for SOLARIS program products in this announcement are intended for use on SUN SPARC systems (or equivalent) that run the Solaris 7 or Solaris 8 Operating Systems. The required disk space and memory may vary, depending on individual network environment, configuration, and applications.

The following chart indicates the currently available disk space requirements. Note that the sizes are approximations and may vary due to specific customer requirements. Contact your IBM representative to discuss your specific situation.

.-----------------------+------------------------+-----------.
|Program Name           |Installable Packages    |Space in MB|
|-----------------------+------------------------+-----------|
|DCE V3.2 for Solaris   |                        |           |
|Base Services          |See Base Services       | 89.1      |
|Security Services      |IDCEsecs                |  7.8      |
|Cell Directory Services|IDCEcdss                |  1.9      |
| Total for Program Pkg |------------------------| 98.8      |
|-----------------------+------------------------+-----------|
|DCE V3.2 for Solaris,  |                        |           |
| Base Services         |IDCEclnt                | 28.6      |
|                       |IDCEenUSm (U.S. English)| 0.8       |
|                       |IDCEsmgmt               |  1.0      |
|                       |IDCEtools               |  5.9      |
|                       |IDCEpriv                |  0.3      |
|                       |IDCEenUSd (U.S. English)|52.5       |
|Total for Program Pkg  |------------------------| 89.1      |
'-----------------------+------------------------+-----------'

Note: Other non-U.S. languages are available. Exact sizes are provided in the DCE V3.2 for Solaris README file.

Software Requirements

  • RS/6000, or equivalent systems, that support the AIX Operating System Version 4.3.3 and the AIX Operating System V5.1 32-bit Power Architecture
  • Sun Sparc systems that support Solaris 7 and Solaris 8
  • The DCE Security Registry and LDAP Integration Feature requires one of the following LDAP server implementations:
    • SecureWay® Directory 3.2.1 on AIX, Solaris, and Windows NT®
    • Netscape/iPlanet Directory Server 4.13 on Solaris 7
    • Netscape/iPlanet Directory Server 5.0 on Solaris 8
  • DCE Applications can be compiled using AIX xlC 4.1.3 and AIX VAC 5.0 on the AIX platform or SparcWorks V5.0 on the Solaris platform.

DCE 3.2 is a product built in a 32-bit environment. It runs on the 32-bit kernel, on either 32-bit hardware or 64-bit hardware.

Applications that use DCE cannot be compiled in 64-bit mode, as they are not supported by the DCE product (for example, DCE is not a 64-bit enabled product).

Compatibility: DCE applications developed on DCE V1.1 for Solaris 2.5.X will require recompilation to execute on this release. Applications developed on prior releases of DCE for AIX (V2.1, V2.2, or V3.1) or DCE for Solaris 2.6 (V1.1 or V3.1) should not require any recompilation. There should be no recoding required except as necessary to take advantage of new features.

Previous versions of DCE program packages included the Distributed File System (DFS™) program. Note that DFS is not included with this release.

DCE V3.2 for AIX and DCE V3.2 for Solaris are wire-protocol compatible with previous versions of DCE and can coexist in DCE cells which include these previous versions.

Customers can migrate from the following versions of DCE to DCE V3.2:

  • DCE V2.1 Product Family for AIX Version 4.1
  • DCE for AIX, V2.2, and Related DCE 2.2 Programs
  • DCE V3.1 for AIX and DCE Version 3.1 for Solaris
  • IBM/Transarc DCE for Solaris 2.5 and 2.6, Version 1.1

Limitations

Unsupported OSF DCE Features: The following list represents features that were part of OSF 1.2.2 DCE that are not supported in this release of DCE. The differences are grouped into sections by type. Each section is further subdivided into functional categories, which correspond with specific DCE services (such as configuration, security, and Cell Directory Services).

Unsupported Services:

  • Security
    • Transitive Trust in a cell hierarchy.
    • The Public Key Certificate Management API.
    • The Private Key Storage server.
    • Public key login using the OSF DCE 1.2.2 protocol has been superseded by the public key certificate login protocol.
  • Directory
    • Hierarchical cells and the associated cell (cds) alias commands.
    • Global Directory Services (GDS) are not provided in this release. However, GDS can exist in the same cell and be used for intercell communications, if it is provided by another product.
  • dcecp (DCE Control Program)
    • Host configure — Configures a host into the cell as a client or server.
    • Host unconfigure — Removes the host from the name and security databases.
    • Host start — Starts DCE on the specified host.
    • Host stop — Stops DCE on the specified host.

Unsupported Commands:

  • cdsbrowser, cds_dbdump, cds_diag li.Configuration: The dce_config script has been replaced by other configuration commands and a SMIT (AIX only) interface.
  • Security: The sec_salvage_db, rlogin, rlogind, rsh, and rshd commands supplied by OSF.
  • Distributed Time Service: The dtss-graph command, which converts synch trace to PostScript.

Limitations of Supported Services: There are several limitations for accounts configured to use Public Key Authentication. These include:

  • Public Key accounts cannot use the Password Strength Server.
  • The key management API is for use only by applications using the shared-secret key authentication protocol. Applications using public key accounts must use the user-to-user protocol.
  • When using GSSAPI, the DCE administrator must set up an account in
  • When using GSSAPI, the DCE administrator must set up an account in the DCE registry database for the initiator and the acceptor:
    • The account acceptor must be set up to use a key in a keytab file as the account's password.
    • The account for the acceptor cannot be set up to use the user-to-user protocol.
    • The account for the acceptor cannot be set up to use the public key authentication protocol.

    No restrictions apply to the account for the initiator.

With the exception of storing the security registry in an LDAP directory, LDAP security servers operate similarly to legacy security servers. However, there are a few security functions that are not supported by LDAP security servers. A list of these unsupported features and limitations follows:

  • When you issue the sec_admin -s command on a legacy security server, you can provide the replica's name as it appears on the replica list. LDAP security servers do not support this feature.
  • Some information on the output from sec_admin is not valid in a DCE cell that has been fully migrated to LDAP.
  • Unlike legacy security servers, LDAP security servers do not support container ACLs, unless they are associated with container objects that are directly created through LDAP Administrative tools.
  • LDAP does not support DCE aliases. An alias is an alternate name for a primary name.
  • Legacy DCE allows principals, groups, and orgs to be renamed using either dcecp or rgy_edit or by using the sec_rgy_pgo_rename API. This functionality is not supported after security data is migrated to LDAP.
  • If DCE objects are located in multiple LDAP subtrees, dcecp catalog commands search the default DCE subtree under the realm only.
  • Some LDAP servers (such as SecureWay LDAP) convert any name to single case when processing the name in a DN or an ACL. Use only case-insensitive names for DCE realms, principals, groups, and organizations.
  • DCE does not allow you to change a master key on LDAP enabled security servers.

Performance Considerations: Using the DCE 3.2 feature to migrate DCE security information to the LDAP directory has certain performance considerations. Moving the DCE Security Registry from an in-memory database (the model in legacy DCE) to an on-disk LDAP database will have performance impacts. These impacts will vary depending on the stage of migration a cell is in. Customers will see higher performance impacts in a hybrid DCE/LDAP cell versus a DCE cell that has been fully migrated to LDAP.

Prior to migrating their DCE Environment, customers should review the LDAP tuning documentation and DB/2 tuning documentation. Higher speed machines and additional memory have made significant differences in the testing of this feature. For additional considerations, especially with respect to applications that update registry data and then immediately access that data, please see the description of such issues in the README Addenda available at:

Planning Information

Customer Responsibilities: The customer must provide at least the minimum hardware and software environment outlined in the DCE Security Registry and LDAP Integration Guide, and in the DCE Readme for AIX and the DCE Readme for Solaris.

Direct Customer Support: Installation and technical support is provided by Global Services. For more information call 800-IBM-4YOU (426-4968).

Packaging: In addition to the program package software (one CD-ROM), each package contains:

  • IBM International Program License Agreement (IPLA) in multilanguage booklet and its License Information (LI)
  • Proof of Entitlement (PoE)
  • Hardcopy Release Notes (9 x 7)
  • Hardcopy Quick Beginnings (9 x 7)

    Note: Both hard copy books for the AIX Build to Order program products are included in kit number LK3T-4405-00, feature number 0933 for the DCE V3.2 for AIX program package and in kit number LK3T-4406, feature number 0934 for the DCE V3.2 for AIX Base Services program package.

  • Generic Service Card
  • IPLA Pointer Sheet

Security, Auditability, and Control

The DCE V3.2 for AIX and Solaris program packages in this announcement provide security and auditability features as described in the program product descriptions in this announcement.

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

Ordering Information

  • DCE for AIX is a client server product which has two charge units: 1 install + 1 registered user.
  • DCE Base Services for AIX is a client product which has one charge unit: 1 install.
  • DCE for Solaris is a client server product which has two charge units: 1 install + 1 registered user.
  • DCE Base Services for Solaris is a client product which has one charge unit: 1 install.

Program                                                Part
Name                                                   Number
 
Program Number:  5765-E83
 
AIX Shrinkwrap
 
DCE V3.2 for AIX PPK 1 Install                         29P4453
 + 1 Reg User Int. Eng.
DCE Cell Dir V3.2 for AIX PPK                          29P4467
 1 Install
DCE Sec Serve V3.2 for AIX PPK                         29P4468
 1 Install
DCE Base Services V3.2 for AIX PPK                     29P4459
 1 Install Int. Eng.
 
AIX Passport DOC and Media Packs
 
DCE V3.2 for AIX MEDIA PK ML                           BA00FML
DCE V3.2 for AIX DOC PK Int Eng                        BA00GIE
DCE Base Services V3.2 for AIX MEDIA PK                BA00HML
 ML
 
Solaris Shrinkwrap
 
DCE V3.2 for Solaris PPK 1 Install                     29P4433
 + 1 Reg User Int. Eng.
DCE Cell Dir V3.2 for Solaris PPK                      29P4451
 1 Install
DCE Sec Serv V3.2 for Solaris PPK                      29P4452
 1 Install
DCE Base Services V3.2 for Solaris PPK                 29P4440
 1 Install Int. Eng.
 
Solaris Passport DOC and Media Packs
 
DCE V3.2 for Solaris MEDIA PK                          BA00DML
DCE V3.2 for Solaris DOC PK Int Eng                    BA00DIE
DCE Base Services V3.2 for Solaris                     BA00EML
 DOC PK ML

Passport Advantage Customer Media Pack Entitlement Details: Customers with active subscription on the products listed below are entitled to receive the corresponding DCE V3.2 media pack.

                                        Part
Description                             Number
 
DCE V3.2 for AIX Media Package ML       BA00FML
 
SUB-IDs
(be sure to list all sub-IDs            Corresponding
entitled to media pk)                   SUB-ID description
 
DCEAIXCLSVR                             DCE FOR AIX FOR
                                         CLIENT/SERVER
DCEAIXUSR                               DCE AIX USER
 
                                        Part
Description                             Number
 
DCE Base Services V3.2 for AIX Media    BA00HML
 Package
 
SUB-IDs
(be sure to list all sub-IDs            Corresponding
entitled to media pk)                   SUB-ID description
 
DCEAIXBASE                              DCE FOR AIX FOR
                                         BASE CLIENT
 
                                        Part
Description                             Number
 
DCE V3.2 for Solaris Media Package      BA00DML
 
SUB-IDs
(be sure to list all sub-IDs            Corresponding
entitled to media pk)                   SUB-ID description
 
DCESOLCLISVR                            DCE SOLARIS FOR
                                         CLIENT/SERVER
DCESOLUSR                               DCE SOLARIS USER
 
                                        Part
Description                             Number
 
DCE Base Services V3.2 for Solaris      BA00EML
 Media Pack

                                   SPO                 Billing
Program                            Feature             Feature
Name                               Number              Number
 
Program Number:  5765-E83
 
DCE V3.2 for AIX                   0933
 Per install w/ 1 Yr SW Maint                          0004
 Per User w/ 1 Yr SW Maint                             0005
 Cell Directory Server
  Per Install w/ 1 Yr SW Maint                         0001
 Security Server
  Per Install w/ 1 Yr SW Maint                         0002
DCE V3.2 Base                      0934
 Services for AIX
  Per Install w/ 1 Yr SW Maint                         0007

Software Subscription for AIX 5692-SSO: Customers who purchased protection for V3.1 of DCE (5639-I35) or DCE Base Services (5639-I37) under AIX Software Subscription 5692-SSO, are entitled to receive DCE for AIX at no charge. Eligible customers should add the applicable CD media supply feature number from the table below, to their existing 5692-SSO record.

                                                       CD-ROM
                              Eligible                 Media
                              Billing                  Supply
                              Feature                  Feature
Description                   Numbers(1)               Number
 
DCE V3.1 (5639-I35)
 Server                       4861 6350 6351           0589
 Cell Dir. Svr                4867 6358 6359
 Security Svr Only            4865 6356 6357
 Program Package Only         4862 6352 6353
 Registered User              4863 6354 6355
DCE V3.1 Base Svcs
 (5639-I37)
 Base Services                4851 6440 6441           0590
 Base Services Program        6451 6452 6453
1
Denotes billing features that customer must have previously purchased this upgrade at no charge. The billing features must currently be on a customer's record as proof of eligibility.

Customization Options: Select the appropriate feature numbers to customize your order with delivery options desired. These features can be specified on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. If media is not required for the initial order, specify feature number 3430.

                                                    Feature
Description                                         Number
 
Initial Shipments
 
Ship media only (suppresses initial                 3470
 shipment of documentation)
 
Ship documentation only (suppresses                 3430
 initial shipment of media)
 
Expedite Shipments
 
Local IBM office expedite                           3445
 (for IBM use only)
 
Customer expedite process charge                    3446
 ($30 charge for each product)

Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Delivery and Fulfillment (SDF) receives the order. SDF will then ship the order via overnight air transportation.

Ordering Information for Software Maintenance: The software license for 5765-E83 includes Software Maintenance, previously referred to as Software Subscription and Technical Support (Supportline) for 1 year.

The following matrix includes the Software Maintenance feature numbers. Note the following:

  • The appropriate 1-year registration feature (no charge feature) will automatically transfer to the customer order record.
  • Customers should select the "Renewal Billing Feature" for the 1 year contract renewal.
  • Customers should select the "Maintenance After License" to reenter the program after a contract has lapsed.

Software Maintenance 1-Year

                         Registration   Renewal        After
                         (No Charge)    Billing        License
                         Feature        Feature        Billing
LPP Program Name         Number         Number         Feature
 
1-Year SWM Program Number 5731-DCE
 
DCE V3.2 for AIX
 Per User                0001           0003           0004
 Per Install             0002           0005           0006
DCE V3.2 Cell
Directory Server
 for AIX
 Per Install             0013           0014           0015
DCE V3.2 for AIX
 Security Server
 Per Install             0010           0011           0012
DCE V3.2 for AIX
Base Services
 Per Install             0007           0008           0009

Customers with active Software Maintenance Records (CWASW): CWASW of DCE for AIX V3.1 (5639-I35) that have active software maintenance under 5733-M05 or 5733-M06, are entitled and licensed to receive DCE for AIX V3.2. Order this upgrade via MES.

CWASW of DCE for AIX V3.1 Base Services (5639-I37) that have active software maintenance under 5733-M07 or 5733-M08, are entitled and licensed to receive DCE for AIX V3.2 Base Services. Order this upgrade via MES.

CWSA of 5765-I35 or I37 are encouraged to order MES updates by calling 800-879-2755. Before you call this number, IBM Software Delivery and Fulfillment (SDF) requires all AIX licensed programs installed on any pSeries hardware be installed for the customer's appropriate hardware and software serial numbers on AAS. If these conditions are met, SDF will enter an order for a release and will process the installation of the MES. The hours of operation are Monday through Friday, 7:00 a.m. to 4:00 p.m. mountain time.

SDF will request the following information from the caller:

  • Verification of customer name and number
  • Verification of ship-to address (for a permanent address change, the local IBM office must be contacted)

Examples of changes that SDF will make are:

  • Number of software shipments to be generated
  • pSeries hardware and software systems' serial numbers
  • Expected shipment/receipt date
  • Expedited software delivery requests

The local IBM office is responsible for:

  • Permanent address change
  • New chargeable software order requests
  • Software discontinuance
  • System program order (SPO) consolidations

If SDF is unable to fulfill a request, SDF will refer the customer to an IBM representative.

CWSA that purchased Software Maintenance for 5639-I35 under 5733-M05 or 5733-M06 or for 5639-I37 under 5733-M07 or M08 should add the applicable CD media supply feature number from the table below to their existing Software Maintenance record to receive the upgrade.

                                                       Add
                                                       Supply
Program Name                                           Feature
 
DCE for AIX V3.1 5733-M05 (1YR)                        5809
DCE for AIX V3.1 Base Services 5733-M07                5809
 (1YR)

Customers that do not have active Software Maintenance can either place a new order for 5765-E83 or place an order for the After License billing feature from the table below along with the media supply feature number 5809 to acquire Version 3.2.

                         OTC                      After
                         SWM                      License
                         Program                  Billing
Description              Number                   Feature
 
DCE for AIX V3.1         5733-M05 (1 Year)        2497, 2499
DCE for AIX V3.1         5733-M07 (1 Year)        2485
 Base Services

System Program Order (SPO): A 5692-AIX SPO (for AIX 4.3) or 5692-A5L (for AIX 5.1) is mandatory for shipments of program distribution and publications. The individual licensed program orders (for example, 5765-E61 for AIX 5.1 or 5765-C34 for AIX 4.3) are for registration and billing purposes only. No shipment occurs under these orders.

To receive shipment of machine-readable materials on a CD-ROM requires an SPO. Billing for the media type selected is generated under the SPO. To prevent additional billing expenses, place only one SPO order per machine.

Select one of the following feature numbers for the licensed program hardcopy entitled publications, along with feature number 9001 for asset registration to be shipped on a given date.

                                   Program             Feature
Description                        Number              Number
 
DCE V3.2 for AIX                   5765-E83            0933
DCE V3.2 Base Services for AIX     5765-E83            0934

Under SPO 5692-AIX, feature number 3470 can be used to suppress hardcopy documentation. To order entitled hardcopy documentation only, order feature number 3430.

Terms and Conditions

Licensing: IPLA. Proofs of Entitlement are required for all authorized use. This software license includes Software Maintenance, previously referred to as Software Subscription and Technical Support. The following agreements apply for maintenance and do not require customer signatures:

  • IBM Agreement for Acquisition of Support (Z125-6011)
  • Addendum for Support (Software Maintenance) for select IBM eServer iSeries and IBM eServer pSeries Programs (Z125-6495)

LI Form Number

  • DCE V3.2 for AIX: CTOKHML
  • DCE V3.2 Base Services for AIX: CTOKIML
  • DCE V3.2 for Solaris: CTOKFML
  • DCE V3.2 Base Services for Solaris: CTOKGML

Limited Warranty Applies: Yes

Program Services: Available until December 31, 2003

Money-Back Guarantee: 30-day, money-back guarantee, applicable to the first instance per customer enterprise. The money-back guarantee will commence on the Invoice Date.

Copy and Use on Home/Portable Computer: No

Volume Orders (IVO): Yes, contact your IBM representative.

Passport Advantage Applies: Yes

IBM Operational Support Services — Support Line: No

AIX/UNIX® Upgrade Protection Applies: Yes

Entitled Upgrade for Current AIX/UNIX Upgrade Protection Licensees: Yes

iSeries Software Subscription Applies: No

Variable Charges Apply: No

Educational Allowance Available: Yes, 15% education allowance applies to qualified education institution customers.

Prices

The prices provided in this announcement are suggested retail prices for the U.S. only and are provided for your information only. Dealer prices may vary, and prices may also vary by country. Prices are subject to change without notice. For additional information and current prices, contact your local IBM representative.

Program                            Part
Name                               Number              OTC(2)
 
AIX Shrinkwrap
 
DCE V3.2 for AIX PPK               29P4453            $3,999
 1 Install + 1 Reg User
 Int. Eng.
DCE Cell Dir V3.2 for AIX          29P4467             1,799
  PPK 1 Install
DCE Sec Serve V3.2 for AIX         29P4468             2,199
  PPK 1 Install
DCE Base Services V3.2 for AIX     29P4459               149
  PPK 1 Install Int. Eng.
 
Solaris Shrinkwrap
 
DCE V3.2 for Solaris               29P4433             3,999
 PPK 1 Install + 1 Reg User
 Int. Eng.
DCE Cell Dir V3.2 for              29P4451             1,799
 Solaris PPK 1 Install
DCE Sec Serv V3.2 for              29P4452             2,199
 Solaris PPK 1 Install
DCE Base Services V3.2             29P4440               149
 for Solaris PPK 1 Install
 Int. Eng.
2
One-time charge

Passport Advantage: For Passport Advantage and charges, contact your authorized Lotus® Business Partner. Additional information is also available on the Passport Advantage Web site:

                                        Billing
Program                  Feature        Feature
Name                     Number         Number         OTC
 
Program Number:  5765-E83
 
DCE V3.2 for AIX         0933
 Per install w/ 1 Yr                    0004          $4,073
  SW Maint
 Per User w/ 1 Yr                       0005              30
  SW Maint
 Cell Directory
  Server
  Per Install w/                        0001           1,858
   1 Yr SW Maint
 Security Server
  Per Install w/                        0002           2,271
   1 Yr SW Maint
DCE V3.2 Base            0934
 Services for AIX
  Per Install w/                        0007             127
   1 Yr SW Maint

Software Maintenance 1-Year

                                   Renewal
                                   Billing
                                   Feature
Program Name                       Number              OTC
 
OTC 1-Year SWM Program Number:  5731-DCE
 
DCE V3.2 for AIX
 Per User                          0003               $   2
 Per Install                       0005                 277
DCE V3.2 Cell
Directory Server for AIX
 Per Install                       0014                 125
DCE V3.2
 Security Server
 Per Install                       0011                 154
DCE V3.2
Base Services
 Per Install                       0008                   9
 
                                   After
                                   License
                                   Billing
Program Name                       Feature             OTC
 
DCE V3.2 for AIX
 Per User                          0004              $   20
 Per Install                       0006               2,604
DCE V3.2 Cell
Directory Server for AIX
 Per Install                       0015               1,188
DCE V3.2
 Security Server
  Per Install                      0012               1,452
 DCE V3.2
 Base Services
  Per Install                      0009                  81

Customer Financing: IBM Global Financing offers attractive financing to credit-qualified commercial and government customers and Business Partners in more than 40 countries. IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at:

Order Now

 Use Priority/Reference Code: YE001
 
 Phone:     800-IBM-CALL
 Fax:       800-2IBM-FAX
 Internet:  ibm_direct@vnet.ibm.com
 Mail:      IBM Atlanta Sales Center
            Dept. YE001
            P.O. Box 2690
            Atlanta, GA  30301-2690

You can also contact your local IBM Business Partner or IBM representative. To identify them, call 800-IBM-4YOU.

Note: Shipments will begin after the planned availability date.

Trademarks

 
DFS is a trademark of International Business Machines Corporation in the United States or other countries or both.
 
AIX, RS/6000, and SecureWay are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Windows NT is a registered trademark of Microsoft Corporation.
 
UNIX is a registered trademark is a registered trademark of the Open Company in the United States and other countries.
 
Lotus is a registered trademark of Lotus Development Corporation and/or IBM Corporation.
 
Other company, product, and service names may be trademarks or service marks of others.