A White Paper from the Business Systems Division

Microsoft® Windows NT™ Server 3.51:
Services for the Macintosh®

A White Paper from the Business Systems Division

m

1

Microsoft Windows NT Server 3.51:
Services for the Macintosh

A White Paper from the Business Systems Division

The Microsoft Business Systems Division series of white papers is designed to educate information technology (IT) professionals about WindowsNT and the Microsoft BackOffice family of products. While current technologies used in Microsoft products are often covered, the real purpose of these papers is to give readers an idea of how major technologies are evolving, how Microsoft is using those technologies, and how this information affects technology planners.

Legal Notice

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

© 1995 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, and Windows are registered trademarks and BackOffice and Windows NT are trademarks of Microsoft Corporation.

PostScript is a registered trademark of Adobe systems, Inc.

AppleShare, AppleTalk, and Macintosh are registered trademarks of Apple Computer Company.

CompuServe is a registered trademark of CompuServe, Inc.

Alpha AXP is a trademark of Digital Equipment Corporation.

Intel and Pentium are registered trademarks of Intel Corporation.

PowerPC is a trademark of International Business Machines Corporation.

MIPS is a registered trademark of MIPS Computer Systems, Inc.

NetWare is a registered trademark of Novell, Inc.

OpenGL is a registered trademark of Silicon Graphics, Inc.

UNIX is a registered trademark of in the U.S. and other countries, licensed exclusively through Novell Company, Inc.

0995

Part No. 098-62915

Table of Contents

Introduction1

Full-featured AppleTalk Routing...... 1

Universal Printing for Macintosh Workstations...... 2

Advanced Security...... 2

High Capacity...... 2

Easy Installation, Configuration, and Management...... 2

Flexible Hardware Options...... 2

Interoperability3

AppleTalk Interoperability...... 3

Scalability4

Windows NT Scalability Overview...... 4

Details of Large-scale Microsoft Testing...... 5

Security6

Windows NT Security...... 6

Authentication...... 6

Access Restrictions...... 6

Security Conclusion...... 7

Specific Roles in Industry8

Publishing and Graphics...... 8

Education...... 8

Government, Manufacturing, and Corporate Networking...... 9

Conclusions10

Introduction

The MicrosoftWindows NT Server 3.51 operating system provides a powerful integration platform for mixed PC and Macintosh networks. Windows NT Server provides an enterprise-strength Macintosh File Server, a universal Print Server, and a complete AppleTalk router.

With Windows NT Server, Macintosh and PC users can collaborate easily and seamlessly. Services for the Macintosh provide the following key features:

• Seamless connectivity with Macintosh workstations.
• High-performance file/print services.
• Full-featured AppleTalk routing.
• Universal printing for Macintosh workstations.
• Advanced security.
• High capacity.
• Easy installation, configuration, and management.
• Flexible Hardware Options (Intel, MIPS, Alpha AXP, PowerPC).

• Symmetric multiprocessor support.

Figure 1: Windows NT Server in a mixed PC-Macintosh Network

Note that Macintosh workstations view the network as a true AppleTalk network. Users make connections with the AppleShare Chooser. As a result, Macintosh and PC users see one, seamless network.

Full-featured AppleTalk Routing

Windows NT Server includes a full-featured AppleTalk router, which means that Windows NT Server understands the AppleTalk transport protocol and can forward data between Macintosh subnetworks. With AppleTalk routing enabled, Windows NT Server can fully participate in an existing AppleTalk internetwork. Customers can also use it to “seed” a new AppleTalk network in your organization.

Universal Printing for Macintosh Workstations

Windows NT Server supports over 1500 printer models worldwide. Macintosh computers can print to any of these printers, whether it supports PostScriptor not. When a Macintosh computer prints to a non-PostScript printer, Windows NT Server converts the data from PostScript formatwhich Macintosh computers useto a format any printer can render. Needless to say, Windows NT Server also supports PostScript printers. For a complete list of printers supported by Windows NT Server, see the Windows NT Hardware Compatibility List (HCL). The HCL ships with Windows NT Server, and can also be found on the Microsoft Download Service (206-936-MSDL) or on CompuServe (GO WINNT).

Advanced Security

Windows NT Server is one of the most secure systems on the market today. In fact, Windows NT Server 3.5 is C2 rated, the U.S. National Security Agency’s set of criteria for operating system security in a Federal Government network. Macintosh networks benefit from Windows NT security, because Windows NT Server provides an extension to the AppleTalk protocol which encrypts Macintosh passwords and makes for a secure logon session between Macintosh clients and a Windows NT Server-based computer.

High Capacity

Windows NT Server 3.51 supports an unlimited number of simultaneous connections from Macintosh computers. Microsoft tested a Windows NT Server-based computer with over 1000 simultaneous connections from Macintosh workstations. There are no software limits that prevent you from connecting even more computers to a single Windows NT Server-based computer.

Later in this paper, details of the configuration, system requirements, and performance will be presented.

Easy Installation, Configuration, and Management

Windows NT Server brings ease of use to a powerful server platform. It is “Power Made Easy.” Installing Services for the Macintosh on a Windows NT Server-based computer is simple—just start the network control panel and click the mouse a few times.

With Windows NT Server, you will spend less time figuring out how to make things work and more time running your business.

Flexible Hardware Options

Windows NT Server 3.51 offers the broadest hardware support of Macintosh servers. It currently supports over 1400 computer models, including Intel 386 and 486, Pentium®, MIPS R4x00, Digital Alpha AXP, and PowerPC single and multiprocessor systems, 100 network adapters, and over 1500 printer models. By selecting a Macintosh server solution with very broad hardware support, customers gain increased flexibility in their system design. The Windows NT Hardware Compatibility List (HCL) provides a complete listing of the hardware devices supported by Microsoft Services for the Macintosh.

Interoperability

Because LANs are evolving quickly from islands of information to fully connected networks of diverse operating systems, protocols, and file systems, Microsoft has defined interoperability as a key feature in Windows NT Server and its Services for the Macintosh. Microsoft understands customers’ needs for interoperability, and has concentrated on the following areas to ensure smooth integration into the heterogeneous networks of both today and tomorrow:

Seamless integration with Macintosh networks

Flexible hardware options

AppleTalk Interoperability

To ensure compatibility with existing AppleTalk-based networks, Windows NT Server has a strict implementation of AppleTalk protocols, including ADSP, ASP, and ATP. To facilitate application services for Macintoshes, Microsoft’s implementation of AppleTalk uses the industry standard Windows Sockets programming interface as the means to access the AppleTalk protocol.

The following diagram illustrates the complete architecture of Services for the Macintosh.

Services for the Macintosh Architecture

Windows NT Server provides a high-performance kernel-mode implementation of the Apple Filing Protocol (AFP) server. The AppleTalk protocol and server have been implemented specifically to take full advantage of the symmetric multiprocessing architecture of Windows NT Server.

The AppleTalk protocol in Windows NT Server complies with the Windows Sockets and Network Driver Interface Specification (NDIS) industry standards, thus ensuring interoperability with a wide range of application server products and network adapters.

Scalability

This section details how Services for the Macintosh can effectively scale from one to well over 1000 users on a single server. It discusses the scalable nature of Windows NT, and provides the details of a 1000-session test of Services for the Macintosh performed by Microsoft before shipping Windows NT.

Windows NT Scalability Overview

Windows NT Server was designed to scale from a departmental server for several users to a symmetric multiprocessing enterprise-wide super server. Windows NT Server scales to 32 CPUs, with 4 gigabytes of RAM. It even scales to the RISC platform, running on machines based on MIPS, Digital Alpha AXP, and the PowerPC processors.

At the high end, Windows NT Server supports a number of fault-tolerant features required for mission-critical operations. For example, disk striping with parity (RAID 5) support allows hardware configurations that support this technology to provide a high level of recoverability from disk failures. Other features, such as multi-threaded asynchronous I/O, Uninterruptable Power Supply support, and disk duplexing, allow customers to deploy high-capacity, highly reliable servers.

The Windows NT Performance Monitor also promotes scalability. As demands on a system increase, bottlenecks typically appear. Because of the complexity of modern PC hardware, there are hundreds of potential server “choke” points. The Performance Monitor allows an administrator to set counters (shown below) on a variety of system resources on a local or distant Windows NT Server, and to receive alerts if performance thresholds are reached. This powerful tool is also open, so that software added to a Windows NT Server-based system (including Services for the Macintosh) can install its own counters in the Performance Monitor object list.

Details of Large-scale Microsoft Testing

The following diagram depicts the Services for the Macintosh configuration tested by Microsoft before the release of Windows NT Server. This test was designed to demonstrate that Windows NT Server can scale to meet customer needs, as well as to provide configuration guidelines to customers deploying Services for the Macintosh on a large scale.

Security

Corporate and government organizations that deploy network solutions throughout an enterprise require varying degrees of security, from virtual public access to total discretionary control. Microsoft Windows NT and Services for the Macintosh provide all of the tools necessary to implement whatever degree of security you need.

Windows NT Server provides security at the operating system and file system layers, in addition to password encryption and event auditing. You can secure every stage of the process, from user authentication, to resource access, to logoff and auditing. This section describes Microsoft Services for the Macintosh security in detail.

Windows NT Security

Windows NT 3.5 meets the requirements for National Security Agency C2 level security, so access to system resources can be discretely controlled, and all access to the system can be recorded and audited. A Windows NT Server-based computer, provided it is physically secured, can be completely locked down from a software perspective, so that any system access requires a password and leaves an audit trail.

Windows NT provides for enterprise-wide security using a trusted domain, single-network logon model. A domain is simply a collection of servers that are administered together. Trusted domains establish relationships whereby the users and groups of one domain can be granted access to resources in a trusting domain. This eliminates the need for duplicate user accounts across a multi-server network. Under the single network logon model, each Macintosh user has one user name and password for access to all Windows NT Server-based computers in the enterprise.

For auditing purposes, Windows NT provides the Event Viewer. It records all system, application, and security events in a secure central database that can be viewed, with proper privileges, from anywhere on the network. Any attempt to violate system security, to start or stop services without authorization, or to gain access to protected resources, is recorded in the Event Log and can be viewed by the Administrator. Microsoft Services for the Macintosh makes full use of the Windows NT Event Viewer.

Authentication

Authentication is one of the major security concerns among corporate customers. The single most important question with regard to local area network security is “How secure is user authentication?”

Windows NT Server provides a challenge handshake authentication mechanism that uses the DES encryption standard, a U.S. Government approved non-reversible encryption algorithm. Macintosh users can use this encrypted authentication when installing the Microsoft User Authentication Module (UAM), an extension to the AppleTalk protocol which encrypts Macintosh passwords and makes for a secure logon session between Macintosh clients and a Windows NT Server-based computer. Users install the Microsoft UAM by dragging and dropping the UAM from a Windows NT Server-based computer to the local system folder.

Access Restrictions

The system administrator has complete control over access to resources on a Windows NT Server-based computer, including the ability to restrict access to file server resources to specific users and groups.

The procedure to restrict access (illustrated below) is an easy process that helps protect the network from unauthorized access.

1. Start the Windows NT File Manager by double-clicking the File Manager icon.

2. From the Security menu, Choose Permissions.

Security Conclusion

Corporate customers and other users who are implementing enterprise network solutions are justifiably concerned about security. Windows NT Server provides a highly functional and secure Macintosh server platform because Macintosh users can take advantage of the C2 level security of Windows NT Server 3.5.

Specific Roles in Industry

With built-in Macintosh services, Windows NT Server enables organizations to share data between Macintoshes and PCs. The following section provides examples of specific industries in which Macintosh/PC integration is especially important.

Publishing and Graphics

The Macintosh computer has seen wide use in the desktop publishing and graphics industries because of its easy-to-use graphical interface. Today, however, many people are evaluating Windows NT Workstation for use in publishing and high-end graphics. For these customers, the ability to share data between their new Windows NT Workstations-based computers and existing Macintosh systems is very important. Windows NT Server is the foundation upon which the new class of graphics workstations running Windows NT Workstation communicate with Macintosh graphics workstations.

You might ask, “Why is anyone evaluating Windows NT Workstation for publishing and graphics?” The answer is, with Windows NT Workstation, a new class of very powerful yet easy-to-use computers are coming to the PC market. These new systems range from Intel Pentium-based computers, to RISC computers, to multiprocessor systems. Windows NT Workstation runs on the most popular RISC systems, including MIPS, Alpha AXP, and PowerPC. Windows NT Workstation even runs on multiprocessor RISC systems with lower starting prices today than yesterday’s high-end publishing and graphics systems.

Windows NT Workstation 3.51 with OpenGL technology brings advanced graphics capabilities to the PC. OpenGL is an advanced 3D imaging technology that until now has only been available on UNIX systems, which are harder to use and more expensive than Windows NT Workstation. OpenGL is the technology that created the dazzling special effects in such movies as Terminator II and Jurassic Park.

It is easy to see why the publishing industry would start using multiprocessor RISC systems running Windows NT Workstation. Windows NT Server provides the easiest, most powerful platform for integrating Windows NT Workstations into existing Macintosh networks.

Education

Because of its easy-to-use interface, the Macintosh computer has seen extensive use in schools, ranging from elementary schools to colleges and universities. With the advent of the Windows operating system, educational institutions are now using PC systems as well.

With the introduction of the newest version of the Windows® operating system, Windows 95, PCs achieve an ease of use not previously seen on the PC platform. Windows 95 provides excellent Internet connectivity capabilities, allowing you to connect to the Internet without purchasing extra software. Furthermore, Windows 95 provides sophisticated multimedia capabilities and multitasking, making it a very interactive, fun platform on which students can explore and learn. All of this makes Windows 95 a very appealing system for educational institutions.

As schools deploy more Windows-based computers, connectivity between Macintosh and PCs is once again very important. Windows NT Server, with its ease of use and power, provides the ideal integration platform for this environment. We encourage school computer administrators to let their students try out Windows NT Server during evaluations of Macintosh file server products.

Government, Manufacturing, and Corporate Networking

PCs running MS-DOSWindows operating systems are prevalent in enterprise network environments, but it is not uncommon to find a few Macintosh computers deployed in these environments as well. Without a server platform that provides file and printer sharing for both PCs and Macintoshes, these networks are segmented into separate PC and AppleTalk networks. With its built-in Windows and Macintosh file and printer services, Windows NT Server greatly facilitates integration of Macintoshes into larger enterprise networks.

Government, manufacturing, and corporate networks require “industrial strength” servers on which to store mission-critical data. Windows NT Server provides one of the most scalable, reliable, and manageable PC-based network servers available today. The reliability, scalability, and manageability of Windows NT have earned it the highest customer satisfaction rating of any product in Microsoft history.

Conclusions

The 1990s has seen an explosive growth in the use of networked computers. The age of information sharing and workgroup computing has arrived, and with it has come an increasing need to interconnect computers of different types, including: MS-DOS, Windows, Windows NT, UNIX, SNA, and others.

With built-in services for the Macintosh, Windows NT Server 3.51 provides a powerful, cost-effective integration platform for mixed PC and Macintosh networks. Windows NT Server makes it easy for Macintosh and PC users to collaborate.

Windows NT Server 3.51: Services for Macintosh1