Interoperability with IBM Host Systems |
When SNA Server receives a request for access to a host resource, such as an LU for a terminal session, the server must have some way to verify the request. User validation is a fundamental security issue that is addressed using one of two methods depending on the type of service being requested: domain authentication or workstation authentication.
A Windows 2000 Active Directory domain is a group of computers that share a common user account database and have a common security policy. An Active Directory domain contains domain controllers that store security information and replicate that information to other domain controllers.
Within a Windows 2000 domain, computers running SNA Server are logically grouped into entities called subdomains, as shown in Figure 10.22. Each SNA Server subdomain can contain up to 15 SNA Server–based computers. A Windows 2000 domain can contain an unlimited number of these subdomains.
Figure 10.22 SNA Server Subdomains Located in Windows 2000 Domains
SNA Server relies on the Windows 2000 domain to provide authentication services to users requesting access to host resources, as shown in Figure 10.23. Only users who have been validated by Windows 2000 security can gain access to resources provided by servers in the SNA Server subdomain.
Domain authentication is used to verify the identity of users who request resources provided by the following services:
Figure 10.23 Domain Authentication Process for 3270 Terminal Access
Each user who needs access to SNA Server resources must have a Windows 2000 domain account. Once enrolled as a Windows 2000 domain user, the user's account is added to the SNA Server subdomain. After a user is added to the SNA Server subdomain, you can allocate specific SNA resources to that user.
Note
Each computer running SNA Server also needs its own Windows 2000 domain account through which SNA Server services are run. SNA Server uses this account to log on to the domain to perform such functions as host printing and data encryption using the Distributed Link Services.