HPE Community
Operating System - HP-UX
1850364 Members
3047 Online
104054 Solutions
New Discussion

Re: DCE - questions

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

‎09-17-2003 04:14 PM

‎09-17-2003 04:14 PM

DCE - questions

HI - UX 11.00
What id DCE really used for? We have many DCE services running on different ports and I am not sure we really need them all going? Any suggestions on determing real needs for DCE?

Thanks Maria.
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎09-17-2003 04:22 PM

‎09-17-2003 04:22 PM

Solution

Re: DCE - questions

DCE Distributed Comptuter Environment

It provides interoperability between computer systems. There is a security defect triggered by the Blaster virus that has caused recent concern.

With some work you might be able to get rid of it.

Here is a little about DCE

* Remote Procedure Call (RPC) Facility, supporting both connection-oriented (TCP/IP) and connectionless (UDP/IP) transport protocols.


* User-space Threads, based on Draft 4 of POSIX 1003.4a, Threads Extension for Portable Operating Systems.


* Cell Directory Service (CDS), including CDS server replication.


* Access to the CDS name space through the X/Open Directory Service (XDS) and X/Open Object Management (XOM) services. The OSF DCE 1.0.3 versions of the XDS, XOM, and dua libraries are a part of libdce, and the necessary XDS and XOM header files are provided.


* Security Service, including security server replication and additional security server replication functionality, and the Audit Service.


* Distributed Time Service (DTS); this release supports ntp, null, and Spectracom DTS time providers; it also supports global time servers and DCE time zones.


* Global Directory Agent (GDA), using the Berkeley Internet Naming Daemon (BIND).


* 64-bit libraries to support DCE 64-bit application development.


* Kernel-threaded (POSIX 1003.1c) DCE.

from the doc...
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B3190-90074/B3190-90074_top.html&con=/hpux/onlinedocs/B3190-90074/00/00/10-con.html&toc=/hpux/onlinedocs/B3190-90074/00/00/10-toc.html&searchterms=DCE&queryid=20030917-181842

Haven't posted to you in a while, hope you are well.

regards,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Peter Gillis
Super Advisor

‎09-17-2003 07:17 PM

‎09-17-2003 07:17 PM

Re: DCE - questions

Hi SEP, thanks for the info. Yes all going well here, alright maybe 'as well as can be expected' - getting totoally confused with all this unix security STUFF, and port numbers and rpc's.....
I just read DCE not supported after Dec 31, 2003 - not sure if this is just related to Tru64 or if all unix. Do you know anything about this?
It appears to me DCE is used for many things...but havent seen anything yet about the DCE services and where they are actually activated - Is there a simple way to selectively turn dce services off?
Also, You got me thinking... is there an antivirus site for ux op systems?
Hope I havent confused everyone eles here...
Thanks for your help
Maria

0 Kudos
Reply
eran maor
Honored Contributor

‎09-18-2003 02:49 AM

‎09-18-2003 02:49 AM

Re: DCE - questions

Hi Maria

i can tell you on a appliaction that you the DCE , it is ovo-unix ( ito ) .

ovo is a software application to manage computers and applications .

the ovo use the DCE to connect with his agent , this is the reason that there is DCE also for SUN and TUE64 and AIX , because the ovo has also agent on this platform .

another application that your the DCE is SCM - service control manager that also give you the a system admin software to do action on number of computers .

you can config yourself the DCE to work with other computer but i have to say it is a bit diff.

if you dont use this application i you can swremove the DCE if you dont want to use it .


to disable the DCE you will need to edit the file /etc/rc.config.d/dce
and change the DCED=0

another method is to rename the file S570dce in /sbin/rc2.d to nodce570 and the dce will not start


love computers
Reply
Umapathy S
Honored Contributor

‎09-18-2003 03:13 AM

‎09-18-2003 03:13 AM

Re: DCE - questions

Maria,
You can find somemore info here.
http://h71033.www7.hp.com/object/NSTDCEPD.html

I think Tru64-DCE is not supported by HP and was tranferred to Entegrity.

DCE on HPUX is going on well.

I havnt come across any antivirus for unix systems till now.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
Reply
Steven E. Protter
Exalted Contributor

‎09-18-2003 03:33 AM

‎09-18-2003 03:33 AM

Re: DCE - questions

Maria,

Over the long haul, its a good idea to stop using DCE functionality and shut it off. Before doing so, you need to make sure you have stopped using the functions.

Just because support is dropping doesn't mean you have to stop using it. It just means you won't get support and its a good idea to move to new technology.

There are security concerns with DCE, incuding the fault triggered by the Blaster virus. Its going, but you can move away from it in an organized fashion.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Peter Gillis
Super Advisor

‎09-18-2003 05:51 PM

‎09-18-2003 05:51 PM

Re: DCE - questions

Thankyou all. It appears we do not actually have dce starting up. It is skipped in startup, although the DCE RPC Daemon is started. My reason for asking the questions in the first place were because in a network vulnerability report that was run against this system - DCE services were noted (a number of times) to be running on various ports. So I really wanted to know is there a way to stop these services running (safely)?
Maria.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-18-2003 06:33 PM

‎09-18-2003 06:33 PM

Re: DCE - questions

Hi Maria,

There are quite a few applications that use DCE. Do not turn them off until you know it is not going to affect you.

Measureware is the biggest hitter. If you are using Openview VPO, your agents will stop. I believe openview uses it too. DCE provides a framework for intra-system communications where the developers don't have to bother about network protocols, OS etc., Your application itself might be developed on DCE framework. Check with your developers or the vendors.

There are patches released by HP to fix the security issue. I would suggest to install them first. Quantify the impact and then work towards disabling them.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.