Netutil (Net Management Utility)

The forms-based Net Management Utility, netutil, is used to define the connection and authorization data used by the Communications Server to access remote instances.

System administrators (or any user with the appropriate Ingres privileges) can use netutil to perform the following tasks:

• Add, change, or delete global remote user authorizations or connection data entries.

  These tasks require the GCA privilege NET_ADMIN.

• Add, change, or delete any user's private remote user authorizations or connection data entries using the -u command flag.

  These tasks require the NET_ADMIN privilege. For more information about the -u flag, which allows a user to perform operations on behalf of other users, see Command Line Flags in Netutil Non-interactive Mode.

• Stop the Communications Server.

  This task requires the GCA privilege SERVER_CONTROL. For instructions on stopping the Communications Server using the forms-based netutil, see the chapter "Maintenance Procedures."

End users can use netutil to:

• Add, change, or delete their private connection data entries.
• Add, change, or delete their private remote user authorizations.

Netutil Startup Screen

The netutil user interface consists of four tables and a menu of operations that can be performed on entries in these tables.

The four tables on the netutil startup screen are:

• Virtual Node Name (vnode) table
• Login/password data table
• Connection data table
• Other attribute data table. On the Startup screen, choose Attributes.

Virtual Node Name Table in Netutil

The Virtual Node Name table on the netutil startup screen determines what information is displayed in the Connection data and Login/password tables. These tables display information about the vnode highlighted in the Virtual Node Name table.

Naming Rules for Vnodes

Valid vnode names cannot include:

• Double colons (::)
• Slashes (/)
• Commas (,)

Vnode names are not case-sensitive, except on Star Server installations.

Login and Password Data Table in Netutil

The Login and password data table on the netutil startup screen is used for the following tasks:

• To record a remote user authorization using a login account and password on the remote instance's host machine
• To record a remote user authorization using the Installation Password defined on the remote instance
• To define an Installation Password for the local instance

The information you enter into the fields in the Login/password data table depends on which of the above tasks you are performing. For more information, see Task-Specific Values for the Login/Password Data Fields.

The Login/password data columns are as follows:

• Type

  Is the type of definition, either Global or Private. For details, see Global and Private Definitions.

• Scope

  Is a read-only message, supplied automatically, that briefly describes the scope of the connection. The message depends on the value that you enter in the Type field.

  If you enter Private, netutil displays the following message:

  User user_id only

  If you enter Global, netutil displays the following message:

  Any user on node_name

• Login

  Specifies the name of the account to be used on the remote instance's host machine.

  Note: If you are authorizing access to a remote instance using an Installation Password or defining an Installation Password for the local instance, enter an asterisk (*) into this field.

  After you fill in this field, netutil prompts you for a password.

Task-Specific Values for the Login/Password Data Fields

The following table shows the required values for the Type, Login, and Password fields according to the kind of record you are entering:

Note: When creating a local installation password, the vnode name used must be identical to the name that has been configured as LOCAL_VNODE on the Configure Name Server screen of the Configuration-By-Forms (cbf) utility and is generally the same as the local machine name.

Connection Data Table in Netutil

The Connection data table on the netutil startup screen specifies the network address of the remote node, the listen address of the remote instance's Communications Server, and the network protocol that is used to make the connection.

The Connection data table has the following columns:

• Type

  Specifies type of connection, either global or private.

• Net Address

  Identifies the network address or name of the remote node.

  Your network administrator specifies this address or name when the network software is installed. Normally, the node name as defined at the remote node is sufficient for the node address.

  The format of the net address depends on the type of network software used by the node. For protocol-specific information, see the appendixes in this guide.

• Protocol

  Specifies the Ingres keyword for the protocol used by the local node to connect to the remote node.

  Protocol availability varies by platform. For a list of protocols and their associated Ingres keywords, see Network Protocol Keywords.

• Listen Address

  Identifies the unique identifier used by the remote Communications Server for interprocess communication.

  Just as the vnode name identifies an instance on the network, the listen address identifies a process (the Communications Server) in the remote instance.

  The format of a remote node listen address depends on the type of network software that the node is using. For protocol-specific information, see the appendixes in this guide.

Network Protocol Keywords

When entering connection data for a remote instance, you are prompted for the name of the network protocol that is used to make the connection. You must respond with one of the following keywords:

• wintcp

  TCP/IP Internet protocol for Windows (using WinSock 1.1 API).

  Note: This keyword is obsolete. It is provided for backward compatibility and will be removed in the future. Use tcp_ip instead.

• lanman

  Microsoft NetBIOS protocol for Windows (using WinSock 1.1 API)

• nvlspx

  Novell Netware SPX/IPX protocol for Windows (using WinSock 1.1 API)

• decnet

  DECnet protocol for VMS

• tcp_ip

  TCP/IP Internet protocol for UNIX and Windows (using WinSock 2.2 API)

• sna_lu0

  SNA LU0 protocol for MVS and VMS

• sna_lu62

  SNA LU62 protocol for RS/6000, HP/UX, Solaris, and MVS

• tcp_dec

  TCP/IP Services for OpenVMS and Multinet TCP/IP when running in TCP/IP Services emulation

• tcp_ibm

  IBM TCP/IP for MVS

• tcp_knet

  KNET TCP/IP for MVS

• tcp_sns

  TCP/IP protocol for SNS TCP/IP

• tcp_wol

  Wollongong TCI/IP Internet protocol for VMS and Multinet TCP/IP when running in Wollongong emulation

• spx

  Novell Netware SPX/IPX for UNIX and VMS

For additional information on the protocols supported for your environment, see the Ingres Readme file for your operating system.

Other Attribute Data Table in Netutil

The Other attribute data table in netutil specifies additional connection, encryption and authentication attributes for a vnode. For a description of each attribute and its associated values, see Configure Vnode Attributes.

The Other attribute data columns are as follows:

• Type

  Is the type of connection, either Global or Private.

• Attr_Name

  Is the name of the attribute.

• Attr_Value

  Is the value of the attribute.

Netutil Operations

The following operations are available from the netutil startup screen:

• Create

  Creates a new record in the highlighted table.

  In the vnode table, this operation allows you to create a new vnode name and define its user authorization and connection data.

  In the Connection data table or Login/password data table, this operation allows you to create an additional entry for an existing vnode.

• Destroy

  Deletes the highlighted record.

  Note: Deleting a record in the Virtual Node Name (vnode) table automatically deletes the Login/password and Connection data table records associated with that vnode.

• Attributes/Login

  Toggles the display to show attribute or login information for the highlighted node. The initial display shows login information, and the Attributes menu option appears on the menu. Choosing Attributes displays attribute information, and the Attributes menu option is replaced by the Login menu option. Choosing Login brings back the original display.

• Edit

  Modifies the highlighted record.

• Control

  Stops or quiesces the local Communications Server. This menu item takes you to the Network Server Control screen.

• Test

  Tests a vnode after all of the user authorization and connection data has been defined.

  Netutil tests to see if a connection can be made to the remote instance using any of the connection data entries and remote user authorizations defined for the vnode. Note that individual connection data entries and remote user authorizations cannot be tested.

• Help

  Displays help screens.

• End

  Exits netutil.

Prerequisites to Establish and Test a Remote Connection

To establish and test a remote connection, the following information is required:

• The network address or name of the node on which the remote instance resides.
• The listen address of the remote instance's Communications Server.
• The keyword for the network protocol that is used to make the connection. For more information, see Network Protocol Keywords.
• The name of the login account that is used to access the remote instance.

  (This information is not applicable when using an Installation Password to authorize access.)

• The password of the remote login account or the remote instance's Installation Password.

Establish and Test a Remote Connection Using Netutil

You use netutil to establish and maintain access to remote instances. Defining a virtual node name is the first step in the process of establishing a connection.

To define a virtual node (vnode) and use it to test a connection to a remote instance

1. Enter the following command at the operating system prompt:

   netutil

   The netutil startup screen appears.

2. Make sure that the cursor is in the Virtual Node Name table; then choose Create from the menu.

   A pop-up window appears, displaying the following prompt:

   Enter new virtual node name.

3. Enter a virtual node name of your choosing and select OK from the menu.

   A pop-up window appears, displaying the following prompt:

   Choose type of login to be created

   Global—Any user on [local node]

   Private—User [user name] only

4. Use the arrow keys to highlight Global or Private; then choose Select from the menu.

   The Enter new login/password pop-up window appears. It displays prompts for the login of the account that is used on the remote node, the password of that account, and verification of the password.

   

5. Enter the login and the password, then re-enter the password as prompted. (Notice that for security purposes neither the password nor the verification appears on screen.) When you have entered the login and password information, choose Save from the menu.

   Note: If you are using an Installation Password to authorize access, enter an asterisk (*) in the Login field, and then enter the remote instance's Installation Password in the Password field.

   The Enter new connection pop-up window appears. It displays prompts for the connection type (private or global), the network address, the network protocol to be used, and the Listen address of the remote instance. For your convenience, netutil supplies default values for the first three fields. To enter a new value, simply type over the default value.

   

6. Enter the connection data, and then choose Save from the menu.

   Netutil returns to the startup screen. The data you entered in this and the previous steps is displayed in the Vnode, Login/password data, and Connection data tables.

7. Choose Test from the menu.

   Netutil attempts to establish a connection to the remote instance using authorization and connection data you have entered.

   A message is displayed in a pop-up window indicating whether the test is successful.

   If the connection is not successful, the error message indicates the nature of the error or where to look for further information.

8. Press Return.

   You are returned to the startup screen.

Configure Vnode Attributes

In addition to defining login and connection data, you can use netutil to configure vnode attributes. Attributes define additional connection, encryption, and authentication information for the vnode.

To configure one or more attributes for a vnode

1. From the netutil startup screen, select the Attributes menu option.

   Attribute information for the first vnode in the Virtual Node Name table is displayed.

2. Use the arrow keys to select the vnode for which you want to configure an attribute. Tab to the Other attribute data for vnode table and select the Create menu option.

   The Enter new attribute pop-up window appears.

   

3. Enter an attribute name and value, as follows:
   • connection_type

     Indicates the connection type. The only valid value is direct, which indicates that a direct connection with the remote instance must be established without using Net. This attribute improves performance because data goes directly from the application process on the client machine to the Ingres DBMS process on the server machine, thus bypassing Name Server processing.

     For direct access to occur, the following conditions must be met:

     • The client and server machines must be the same platform type (for example, both Windows, or both Solaris) and the environment variable II_CHARSET must be identical on both the client and server machines.
     • On Windows, the client and server machines must be logged into the same Windows network domain.
     • Ingres II 2.5 or higher must be installed on both the client and server machines.
     • On any platform which uses the IPC protocol for local and network connections, the environment variable, II_GC_REMOTE must be set (for the DBMS Server instance) to ON or ENABLE to allow direct connections. For important information on network security and II_GC_REMOTE, see the System Administrator Guide.
   • encryption_mode

     Determines the encryption mode for the connection. If set, this value overrides the Communications Server's ob_encrypt_mode parameter value configured using Configuration Manager or the Configuration-By-Forms utility. The local and remote Communications Servers must be able to negotiate a common mechanism to perform the encryption. Valid values are:

     • off – No encryption. The connection fails if the remote Communications Server has an encryption mode of required.
     • optional – Encryption occurs if the remote Communications Server has an encryption mode of on or required.
     • on – Encryption occurs if the remote Communications Server has an encryption mode other than off.
     • required – Encryption occurs if the remote Communications Server has an encryption mode other than off. If off, the connection fails.
   • encryption_mechanism

     Determines the mechanism to be used to encrypt the remote connection. If set, this value overrides the Communications Server's ob_encrypt_mech parameter value configured using Configuration Manager or the Configuration-By-Forms utility. Valid values are:

     • none – Disables encryption
     • * – Allows all encryption mechanisms to be considered during Communications Server negotiations
     • mechanism_name – Indicates a specific mechanism to be considered during Communications Server negotiations
   • authentication_mechanism

     Specifies the mechanism to be used for remote authentication in a distributed security environment. This setting replaces the need for a user ID and password. If set, this value overrides the Communications Server's remote_mechanism parameter value configured using Configuration Manager or the Configuration-By-Forms utility. The only valid value is kerberos.

4. Select the Save menu option.

   Netutil returns to the startup screen. The attribute you configured is now displayed in the Other attribute data for vnode table.

Create an Additional Connection Data Entry

If a remote instance has more than one Communications Server or can be accessed by more than one network protocol, include that information in your vnode definition by adding extra entries to the Connection Data table. This allows you to distribute the load of communications processing and increase fault tolerance.

Note: When more than one Communications Server listen address is defined for a given vnode, Ingres Net automatically tries each server, in random order, until it finds one that is available. Similarly, when a connection fails over one network protocol, Ingres Net automatically attempts the connection over any other protocol that has been defined.

End users can create private connection data for an existing vnode by adding an entry to the Connection data table. For the user who creates it, a private connection data entry overrides a global connection data entry defined to the same vnode. In other words, Ingres Net uses the private connection data entry whenever the user who created the entry uses the vnode.

Know the following information before beginning this procedure:

• The network address of the node on which the remote instance resides
• The listen address of the remote instance's Communications Server. (For the correct listen address format for your network protocol, see the appropriate appendix or check the Configure Net Server Protocols screen in the Configuration-By-Forms utility on the remote instance.)
• The keyword for the network protocol that is used to make the connection. For more information, see Network Protocol Keywords.

To define an additional connection data entry

1. Select the desired vnode in the Virtual Node Name table.

   The connection data for the highlighted vnode appears in the Connection Data table.

2. Move the cursor to the Connection Data table, and then choose Create from the menu.

   The Enter new connection pop-up window appears displaying prompts for the connection type (private or global), the network address, the network protocol to be used, and the Listen address of the remote instance. For your convenience, netutil supplies default values for the first three fields; to enter a new value, simply type over the default value.

3. Enter the connection data; then choose Save from the menu.

   Netutil returns to the startup screen. The data you entered is now displayed in the Connection Data table.

Create an Additional Remote User Authorization

End users can create a private remote user authorization for an existing vnode by adding an entry to the Login/password data table.

For the user who sets it up, a private authorization overrides a global authorization defined to the same vnode. In other words, Ingres Net uses the private authorization whenever the user who created it uses the vnode.

Know the following information before beginning this procedure:

• The name of the remote account that is used to access the remote instance

  (This information is not applicable when using an Installation Password to authorize access.)

• The password of the remote login account or the remote instance's Installation Password

To define and test a new remote user authorization

1. Select the desired vnode in the Virtual Node Name table.

   The remote user authorization for the highlighted vnode appears in the "Login/password data" table.

2. Move the cursor to the "Login/password data" table, and then choose Create from the menu.

   The Enter New Login/Password pop-up window appears. It displays prompts for the login of the account that is used on the remote node, the password of that account, and verification of the password.

3. Enter the login and the password, and then re-enter the password as prompted. (Notice that for security purposes neither the password nor the verification appears on screen.)

   Note: If you are using an Installation Password to authorize access, enter an asterisk (*) in the Login field, and then enter the remote instance's Installation Password in the Password field.

   Choose Save from the menu.

   Netutil returns to the startup screen. The data you entered is now displayed in the Login/password data table.

Delete an Entry

To delete a virtual node entry or one of its connection data entries, remote user authorizations or attributes, place the cursor on the desired record and choose Destroy from the menu.

Delete All Vnode Information

To delete all information for a specific vnode

1. Highlight the desired entry in the Virtual Node Name table and choose Destroy from the menu.

   A pop-up window appears with the following prompt:

   Really destroy all data for vnode [vnode name]?
   No—Do not destroy all data for vnode
   Yes—Destroy all data for vnode

2. Use the arrow keys to highlight No or Yes (No is the default); then choose Select from the menu.

   Netutil removes the vnode from the Virtual Node Name table and all associated information from the Login/password data and Connection data tables.

Delete a Connection Entry for a vnode

To delete one of the connection data entries associated with a particular vnode

1. Highlight the desired entry in the Connection Data table and choose Destroy from the menu.

   A pop-up window appears with the following prompt:

   Really destroy connection entry?

   No—Do not destroy connection entry
   Yes—Destroy connection entry

2. Use the arrow keys to highlight No or Yes (No is the default), and then choose Select from the menu.

   Netutil removes the entry from the Connection Data table.

Delete a Remote User Authorization for a vnode

To delete one of the remote user authorizations associated with a particular vnode

1. Highlight the desired entry in the Login/password data table and choose Destroy from the menu.

   A pop-up window appears with the following prompt:

   Really destroy [private/global] login/password entry '[Login name]'?
   No—Do not destroy [private/global] login/password entry
   Yes—Destroy [private/global] login/password entry

2. Use the arrow keys to highlight No or Yes (No is the default); then choose Select from the menu.

   Netutil removes the entry from the Login/password data table.

Delete an Attribute Associated with a vnode

To delete an attribute associated with a particular vnode

1. From the netutil startup screen, select the Attributes menu option.

   The "Other attribute data" table is displayed.

2. Select the desired vnode from the Virtual Node Name table. Tab to the Other attribute data for vnode table, highlight the attribute that you want to delete, and choose Destroy from the menu.

   A pop-up window appears with the following prompt:

   Really destroy attribute entry?
   No—Do not destroy attribute entry
   Yes—Destroy attribute entry

3. Use the arrow keys to highlight No or Yes (No is the default); then choose Select from the menu.

   Netutil removes the attribute from the Other attribute data for vnode table.

Change an Entry

To modify a virtual node entry or one of its Connection data entries, remote user authorizations, or attributes, place the cursor on the desired record and select Edit from the menu.

Modify a Vnode Name

To modify a vnode name

1. Select the desired entry in the Virtual Node Name (vnode) table ,and then choose Edit from the menu.

   A pop-up window appears, displaying the following prompt:

   Enter the new name for ['vnode name']
   New name:

2. Enter the new virtual node name and choose OK from the menu.

   The Enter Global/Private Password pop-up window appears and prompts you to re-enter the remote account password or Installation Password associated with this vnode. For security reasons, any time a vnode name is modified, you must re-enter the associated passwords.

3. Enter the password, re-enter the password as prompted, and then choose Save from the menu.

   If there is a second remote user authorization associated with this vnode, a second pop-up window appears. Repeat this step with the password of the second authorization.

   After you have saved all password information, netutil returns to the startup screen. The edited vnode name is displayed in the Virtual Node Name (vnode) table.

Edit a Remote User Authorization

To edit a remote user authorization

1. Select the desired entry in the Login/password data table, and choose Edit from the menu.

   The Edit login and password pop-up window appears and prompts you to enter new login and password data.

   

2. Enter the login and password for the remote account; then re-enter the password as prompted.

   Note: If you are using an Installation Password to authorize access, enter an asterisk (*) in the Login field, and then enter the remote instance's Installation Password in the Password field.

3. Choose Save from the menu.

   Netutil returns to the startup screen. The edited remote user authorization is displayed in the Login/password data table.

Edit a Connection Data Entry

To edit a connection data entry

1. Select the desired entry in the Connection Data table, and choose Edit from the menu.

   The Edit connection entry pop-up window appears, which displays the connection type, network address, protocol, and listen address for the selected entry.

   

2. Tab to the fields to be changed and enter the new values. Choose Save from the menu.

   Netutil returns to the startup screen. The edited connection data entry is displayed in the Connection Data table.

Edit Vnode Attribute

To edit attribute data for a particular vnode

1. From the netutil startup screen, select the Attribute menu option from the netutil startup screen.

   The "Network connection and other attribute information screen" appears.

2. Select the desired vnode from the vnode list. Tab to the Other attribute data for vnode table and select the attribute that you want to edit. Choose Edit from the menu.

   The Edit attribute entry pop-up window appears.

   

3. Edit the attribute by typing over the displayed data with the desired changes. For a list of valid attribute names and values, see Configure Vnode Attributes. Choose Save from the menu.

   Netutil returns to the startup screen. The attribute you edited is now displayed in the Other attribute data for vnode table.

Define an Installation Password for the Local Instance

To define an Installation Password for the local instance

1. Enter the following command at the operating system prompt:

   netutil

   The netutil startup screen appears.

2. Make sure that the cursor is in the Virtual Node Name table, and then choose Create from the menu.

   A pop-up window appears, displaying the following prompt:

   Enter new virtual node name:

3. Enter the virtual node name for the local instance and choose OK from the menu.

   Note: The virtual node name must be identical to the name that has been configured as LOCAL_VNODE on the Configure Name Server screen of the Configuration-By-Forms (cbf) utility and is typically the same as the local machine name.

   A pop-up window appears, displaying the following prompt:

   Choose type of login to be created
   Global—Any user on [local node]
   Private—User [user name] only

4. Highlight Global by using the arrow keys, and then choose Select from the menu.

   The Enter new login/password pop-up window appears. It displays prompts for the global login, the password, and verification of the password.

5. Enter an asterisk in the Global Login field, enter an Installation Password in the Password field, and finally re-enter the password as prompted. (Notice that for security purposes neither the password nor the verification appears on screen.) When you have entered this information, choose Save from the menu.

   The Enter new connection pop-up window appears. It displays prompts for the connection type (private or global), the network address, the network protocol to be used, and the Listen address of the instance.

6. Choose Cancel from the menu. (It is not necessary to enter connection data for the local instance.)

   Netutil returns to the startup screen. The data you entered in the previous steps is displayed in the vnode and Login/password data tables.