|
|
NetWare, Novell's network operating system, provides shared file servers, printers, and other resources to personal computers in the workplace, using applications that run over Novell's Internetwork Packet Exchange (IPX) protocol. Popular Internet applications, such as FTP, Gopher, Mosaic, and Netscape, however, run over the Transmission Control Protocol/Internet Protocol (TCP/IP) network protocol, not IPX.
Cisco IPeXchange Internet Gateway software brings TCP/IP-based Internet applications to NetWare clients that use Microsoft Windows, without the overhead of running TCP/IP on every PC. A Novell network is not even a prerequisite, provided you can install and run IPX drivers at PC clients.
To enable users to access the Internet, you can either run a TCP/IP stack on every PC, or you can implement a TCP/IP gateway at a central location.
Running TCP/IP at every PC provides access to Internet applications, but has several disadvantages. These disadvantages include the cost of configuring and administering dual protocol stacks, the dwindling supply of IP addresses, and lack of security.
In contrast, IPeXchange IPX-to-IP gateway needs only one IP address for all PC clients in the network.
Cisco IPeXchange Internet Gateway is a client/server product. The client software runs on a Windows-based PC over IPX. The server (IPeXchange gateway) software is on a PC running NetWare server or Windows NT (workstation or server). The IPeXchange gateway runs over both IPX and TCP/IP.
The IPeXchange client interacts with the Internet through the IPeXchange gateway, as shown in Figure 1-1.
If your site has TCP/IP-based resources, such as UNIX databases, the IPeXchange gateway acts as a protocol bridge that enables you to run client-side applications (such as Oracle SQL*Net or the SAP R3 client). Figure 1-2 shows the IPeXchange gateway used as an internal protocol bridge.
Use of the Internet may involve transferring text, sound, graphical images, and animation. The IPeXchange gateway uses a streaming protocol to take advantage of all the available bandwidth to perform these tasks. Packet size is negotiated between the client and gateway and can range from 512 to 1,500 bytes. This variable packet length provides for better throughput and higher performance than a fixed-packet-length protocol such as the Novell Sequenced Packet Exchange (SPX), which is used by most other IPX-to-IP gateways.
For Windows 3.1, the IPeXchange client has these files:
For Windows 95, the IPeXchange client has these files:
The IPeXchange client components are shown in Figure 1-3.
Windows Sockets (WinSock) is the application programming interface (API) generally used for writing Microsoft Windows applications over TCP/IP. WinSock is implemented as a dynamic link library (DLL), which is a set of executable functions that links with an application at runtime. The WINSOCK.DLL and WSOCK32.DLL provided with the IPeXchange client is an implementation of the WinSock 1.1 specifications that has been customized to run over IPX.
The ipexclnt.exe executable file encapsulates WinSock application requests into outgoing IPX packets and decapsulates incoming IPX packets to pass WinSock responses to applications. The client is resource-efficient: when Internet applications are not in use, the client releases memory by disconnecting from the gateway.
ipexclnt.exe uses approximately 180 kilobytes and WINSOCK.DLL approximately 90 kilobytes of high memory only. WSOCK32.DLL and WS16.DLL together use about 10 kilobytes of high memory.
IPeXchange client software supports the following Windows versions:
There are two types of IPeXchange gateways that are described in this publication: the NLM version and the NT version.
For best performance and security, the IPeXchange gateway should be on a dedicated PC. If you cannot set aside a PC for this purpose, you can run the gateway software concurrently on a PC or your NetWare or NT server. You should make certain that the PC is always available.
The IPeXchange NLM version includes the following files:
Figure 1-4 shows the IPeXchange NLM version components.
The IPeXchange NT version is made of several executable files:
In addition, there are GIF graphics files that are used by the web daemon, mostly for page titles.
Figure 1-5 shows the network components of the IPeXchange NT version.
Internet access provides valuable information and opportunities, but it also involves some risks. To eliminate the risk of intrusion on the Internet, every Internet site should exercise care in running Internet services and should have a security firewall.
Internet services, or daemons, are designed to permit users on the Internet specific types of access to the PCs on which the daemons run. These services include file transfer daemon (ftpd), remote login daemon (telnetd), and World Wide Web publishing daemon (httpd).
We strongly suggest that you run all Internet services at the IPeXchange gateway. Because only one instance of each service can be run for the single IP address, running the services at the IPeXchange gateway prevents IPeXchange clients from running them at their PCs, intentionally or unintentionally.
Services running on the gateway are available to IPeXchange clients and to legitimate external users. The services do not threaten network security, because external users cannot penetrate beyond the IPeXchange gateway to the NetWare network.
In a homogeneous IPX/SPX network, IPeXchange gateway software acts as a firewall, preventing Internet intruders from accessing the NetWare network.
In a heterogeneous network, the IPeXchange gateway protects only IPX-based PCs. Consult with your Internet service provider about setting up an external firewall to protect other PCs running TCP/IP services.
To protect a NetWare file server, do one of the following:
In summary, we recommend the following policies to secure your network:
Although only one IPeXchange gateway is required, some sites may benefit from additional gateways. Multiple gateways provide load sharing, better performance, and fault tolerance. IPeXchange licenses of 100 or more users may be distributed on multiple PCs. Figure 1-6 shows a network containing multiple IPeXchange gateways.
A bottleneck at the IPeXchange gateway connection to the Internet, or excessive load on the gateway PC, can affect performance at the PC. To determine whether the gateway is overloaded, monitor its CPU with a tool such as the Windows NT Performance Monitor or MONITOR.NLM for NetWare. Heavy CPU usage may indicate a need for additional IPeXchange gateways.
If you want to explicitly assign users to a certain gateway, you can specify a preferred gateway for each IPeXchange client, as described in the chapter "Installing the IPeXchange Client Software." If no preferred gateway is specified or the preferred gateway is not available, the IPeXchange client chooses between gateways at random.
Service can be interrupted by failure at the IPeXchange gateway PC or at the Internet connection. To provide uninterrupted service, consider adding redundancy. A fault-tolerant environment includes multiple IPeXchange gateways, multiple Internet connections, or both.
If an IPeXchange gateway PC fails, applications at IPeXchange clients connected to that gateway also fail. If you have additional IPeXchange gateways, IPeXchange client software automatically connects to the IPeXchange gateways that are running when PC users restart their applications.
To ensure against failure of the network link to the Internet service provider, consider adding a backup link.
You can upgrade your user license or your software version. See the appendix "Getting Upgrades" for more information.
|
|