HPE Community
Operating System - OpenVMS
1783193 Members
1759 Online
109144 Solutions
New Discussion юеВ

FTP - OpenVMS 7.3-2

 
SOLVED
Go to solution
Jorge Cocomess
Super Advisor

тАО01-12-2006 05:22 PM

тАО01-12-2006 05:22 PM

FTP - OpenVMS 7.3-2

Greetings,

Currently, we have about 10 different FTP transmissions between out Alpha servers. Each one of these FTP transmissions are going to a specific directory on the Alpha server. I was looking for a way to setup like an aliase such as "Server_name-ftp_folder" and add this aliase to my DNS server with the server IP address. In this case, if I ever need swap out the server, all I would have to do is to update my DNS server with a new IP address. I am open for sugesstions or feedback.

Thank you in advance.

J.
0 Kudos
Reply
10 REPLIES 10
Joseph Huber_1
Honored Contributor

тАО01-12-2006 07:28 PM

тАО01-12-2006 07:28 PM

Re: FTP - OpenVMS 7.3-2


O.K. to do it, except:
You don't want to name the aliases with
Server_name-ftp_folder
but something containing ONLY ftp_folder, because You want to name it independently of the server, so people can still use the same name whenever the server for the folder moves.
http://www.mpp.mpg.de/~huber
Reply
Jan van den Ende
Honored Contributor

тАО01-12-2006 09:02 PM

тАО01-12-2006 09:02 PM

Solution

Re: FTP - OpenVMS 7.3-2

Jorge,

we do essentially the same:
EVERY application and
EVERY regular ftp connectivity
has ITS OWN name.
Users accessing an application via telnet connect to the APPLICATION NAME, ftp-ing to a certain connect point (especially for automated procedures) is to a separate, dedicated name.
It requires more work in setup, but if offers SO much fexibility and ease of management!

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
Robert Gezelter
Honored Contributor

тАО01-12-2006 11:34 PM

тАО01-12-2006 11:34 PM

Re: FTP - OpenVMS 7.3-2

Jorge,

I concur with Jan.

In the DNS entries, create one entry for each "SERVICE" Remember, a single machine may have more than one DNS entry, (e.g., APP1.x.COM and APP2.x.COM may both point to IP address a.b.c.d).

Then create an account for each application in the SYSUAF, with each account defaulted to a different directory (these may be at the root level, or they may subdirectories under a master directory). Here to, it is important to note that the user need not (and if the access is intended to be read-only, SHOULD NOT) have Write access to the directory or the files therein. Admittedly, this is a simple-minded security measure, but it is quite effective at preventing accidents and malicious mis-use.

Then each client application connects to a specific FTP server through DNS, and does its GET operations, e.g.:

FTP APP1.x.COM/USER=/PASS=
GET
...

I hope that the above is helpful. If I have been unclear, please let ne know

- Bob Gezelter, http://www.rlgsc.com
Reply
Jorge Cocomess
Super Advisor

тАО01-13-2006 01:00 AM

тАО01-13-2006 01:00 AM

Re: FTP - OpenVMS 7.3-2

Hello Experts:

If I create numerous entry points on the DNS server point to the same IP address should be okay? I was thinking of creating something like "A1_batchloc", "A1ftploc" - "A1" would be the production environment and "_batchloc" would be the folder/directory name on that server. Does this make sense?

I would like to know more on "best pratices" on this subject. I know this is will give us more flexibility and all, but I can't seem to see the full picture at the moment. Maybe I just need more examples on how I would proceed?

Thanks everyone for your time.

J
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО01-13-2006 01:36 AM

тАО01-13-2006 01:36 AM

Re: FTP - OpenVMS 7.3-2

Jorge,

our DNS litterally has DOZENS of CNAMEs that point to the CNAME for our cluster (or one node, or all-but-one nodes of the cluster) which is a round-robin CNAME over the nodenames which are roundrobin names for the various network devices of each node.

So, yes, by all means, create another name for each use. If many point to the same network device, that is ok.
If you want easy management, use the CNAME construct, and only have ONE IP-nr entry per physical network device.

hth,

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
Robert Gezelter
Honored Contributor

тАО01-13-2006 01:47 AM

тАО01-13-2006 01:47 AM

Re: FTP - OpenVMS 7.3-2

Jorge,

Ok, for example:

PAYROLL.XYX.COM - server for payroll data
BILLING.XYZ.COM - server for billing data
DIRECTORY.XYZ.COM - server for directory data

Each of these would have either:
- a DNS A-record pointing to an address
- a DNS CNAME-record pointing to an A-record with the actual node name

The logins could, for example be:
XFERPAYROLL
XFERBILLING
XFERDIRECTORY

The above accounts could point to different default directories (thus no need for the applications to issue a CD command from within the FTP stream; the directory is implied from the username used for the login).

- Bob Gezelter, http://www.rlgsc.com

Reply
Jorge Cocomess
Super Advisor

тАО01-13-2006 02:18 AM

тАО01-13-2006 02:18 AM

Re: FTP - OpenVMS 7.3-2

Okay, all I have to do is to setup all the entry points within the DNS server, right? Do I have to add any of these entry points on the Alpha's host table?

Thank you.

J
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО01-13-2006 04:52 AM

тАО01-13-2006 04:52 AM

Re: FTP - OpenVMS 7.3-2

Jorge,


Okay, all I have to do is to setup all the entry points within the DNS server, right?

No

Do I have to add any of these entry points on the Alpha's host table?

No

In your DNS you define the NAMES you will connect to (preferably, but not necessarily, via CNAME
The DNS only points (directly or indirectly) to an IP address.

The various CONNECTs to it are done with a dedicated, very restricted username. The "entry point" for that username is defined by specifying it as the Default Directory for that username.
Normally you want to prevent that username from accessing any other directories.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
Robert Gezelter
Honored Contributor

тАО01-13-2006 06:07 AM

тАО01-13-2006 06:07 AM

Re: FTP - OpenVMS 7.3-2

Jorge,

While in this instance, you are creating DNS names and usernames in parallel, this is not the general case.

The DNS names (CNAME or A records) in the DNS provide the translation from a name to an IP address (there is no reason to work with the hosttables, this is why DNS was developed; the host tables for the entire Internet quickly became a maintenance nightmare).

The accounts on the system are created using AUTHORIZE on OpenVMS. The accounts that are embedded in the application should be extremely limited--if the goal is to retrieve files, they should only be allowed the access needed to do FTP GET operations, nothing else.

I hope that the above is helpful.

- Bob Gezelter, http://www.rlgsc.com
Reply
Jorge Cocomess
Super Advisor

тАО01-13-2006 07:01 AM

тАО01-13-2006 07:01 AM

Re: FTP - OpenVMS 7.3-2

Got it!! Thank you very much!

J
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.