 |
 |
 |
|
|
March 2005
Boosting your e3000 productivity
FTP: Connecting MPE to the World
By Robert Green
FTP stands for File Transfer Protocol and is the Internet-standard way to move data and programs between systems, even systems that use similar or different operating systems, file structures and character sets.
Starting with MPE/iX 6.0, it has been very easy to enable the FTP server on your HP 3000. Once enabled, the FTP server makes it possible for you to deliver output to your PCs, NT servers, MPE boxes or UNIX boxes, even to servers across the world. These can be your own servers, in other parts of your company, or of your suppliers, or of your customers.
What About Secure FTP?
The new buzzword on the Internet is “secure FTP.” This can mean several things, as explained in this Intranet Journal article: www.intranetjournal.com/articles/200208/se_08_14_02a.html
“FTP was originally defined in the early 1970s to transfer files to and from various ARPANET nodes. However, there are a few problems with ye ol’ standard FTP that we all grew up with in the early days of the Internet. First of all, it doesn’t use strong authentication. It is based on password logins which can be guessed, or discovered by cybercriminals using a sniffer. Even if the password is not guessed or sniffed, with standard FTP none of the files being transferred to and from their destinations are encrypted. FTP sends files in clear plain-text exposing them to the plethora of bad guys out there who have nothing better to do than violate the privacy of others, pilfer confidential information such as credit card information, and attempt to obtain classified information that could compromise national security.”
When considering FTP, there are three areas that can be secured: login (user authentication), the command channel (where you transmit the PUT and GET commands, etc.) and the data channel (where you transfer the files).
For example, there is a free client for secure FTP that uses SSL (it requires Java 2 version 1.3 on your machine):
www.glub.com/products/secureftp/
HP-UX has secure FTP login via the optional “Secure Internet Services,” but I could not find clear documentation about secure command and data channels.
MPE/iX does not have secure FTP. Perhaps someone could configure a wrapper, such as the GLUB Secure FTP Wrapper (again requires Java 2, v 1.3):
www.glub.com/products/ftpswrap
Java 2 version 1.3 is available for MPE; you can download it from: jazz.external.hp.com/src/java/jdks/JDK13/index.shtml
Using FTP on MPE
At Robelle, our development environment includes MPE, HP-UX and Windows, and FTP is available on all boxes and can be used in batch.
FTP on the MPE platform is very similar to FTP on HP-UX, Linux or Windows, but with some interesting MPE-isms. The first is the exitonerror command, which we use in all FTP transfers. It simply means that the FTP script will immediately stop upon any error. Since we do most transfers in batch we know if/when a transfer has failed, as the FTP program aborts with the error number in a variable called ftplasterr.
Below is a typical FTP batch transfer that we use in production. In this case it gets the self-extracting version of the Suprtool Winhelp Installation from our NTDEV server. Note that we echo the commands out to a temporary file and then just run the FTP program with the stdin equated to that file.
We also refer to our machines by variables, this way if we ever need to move a machine we just change the value of the global variable and the files will be picked up from that new machine.
!comment
!comment Get self-extracting Zip file from server and
!comment put onto dev.
!comment
!
!file ftptemp;temp
!purge suprhelp.whelpnew
!
!echo exitonerror >> ftptemp
!echo user username password >> ftptemp
!echo binary >> ftptemp
!echo cd /d/robdev/winhelp/ >> ftptemp
!echo get suprhelp.exe suprhelp.whelpnew >> ftptemp
!echo quit >> ftptemp
!
!setvar ftplasterr 0
!run ftp.arpa.sys;info=”!NTDEV”;stdin=*ftptemp
!if ftplasterr <> 0 then
! showvar ftp@
! setjcw jcw fatal
!endif
!purge ftptemp,temp
!
You may also notice that we check the ftplasterr variable and show all of the values for the other variables.
Finally you may have noticed the cd /d/ command in the FTP portion of the script, the /d/ stands for the drive letter on the NT server which has multiple drives.
MPE File Attributes
When transferring files from one HP 3000 to another there is no longer a need to specify the attributes of the file, such as ;rec=-80,1,f,ascii
MPE now magically keeps track of that for you and has done so since MPE 6.0. When transferring a file to an MPE system from a non-MPE system or transferring through a non-MPE system you will need to specify the file attributes on the target MPE system as in:
put
mympefile myfile;rec=-80,1,f,ascii;disc=3000
The default file attributes can be specified for a file transferred to your MPE system by changing the corresponding line in the file BLDPARMS.ARPA.SYS which is shown below:
;REC=-80,,F,ASCII;DISC=204800
;REC=-256,,V,BINARY;DISC=204800
;REC=,,B;DISC=16384000
Only the first three lines are read; everything after is ignored.
You may modify the first three lines as long as you keep the same syntax, i.e., you may change the numbers, or F to V, but don’t add anything bizarre. Anything after a space is ignored, so don’t insert any spaces. If the file is missing (or any line in it), the old hard-coded defaults will be used as a back up. These are:
;REC=-80,,F,ASCII;DISC=204800 for ASCII mode,
;REC=-256,,V,BINARY;DISC=204800 for binary mode.
;REC=,,B;DISC=16384000 for byte stream mode.
Also, if either the REC= part or the DISC= part of either line has bad syntax, the default for that part will be reverted to.
Users may make local copies of this file and set their own defaults via a file equation:
:file bldparms.arpa.sys=myfile
Host Commands
You can execute commands on your local 3000 by putting a colon in front of your command such as:
ftp> :listf ,2
You can find out what commands you can do remotely with the remotehelp command:
Typically we just stream jobs on the remote system with FTP’s site command by doing the following in the FTP client:
ftp> site stream robelle.job.robelle
200
STREAM command ok.
Site is a standard FTP command, but what host commands the FTP server at the other end supports varies from server to server.
In fact the Qedit for Window Server installation has its own FTP client which FTPs the server and streams the “robelle” job to set the attributes of the Robelle account.
Filenames
On MPE the default namespace for a given file is typically the MPE namespace. For example if you put a file to your MPE system with the following FTP command:
put
myfile mympefile
The file will go to the group you are currently logged into.
If you want to put files into the HFS namespace then you can just specify using the typical Posix notation:
put
myfile /MYACCOUNT/MYGROUP/mydirectory/myhfsfile
Documentation
For more information on the ins and outs of FTP you can read the latest FTP documentation at docs.hp.com/mpeix/pdf/ 36957-90159.pdf
Installation of FTP on MPE
Here are the installation steps on MPE/iX:
1. You need to stream a one-time configuration job, which configures the 3 files SERVICES.NET.SYS, PROTOCOL.NET.SYS & INETDCNF.NET.SYS
2. :STREAM FTPCNFJ.ARPA.SYS
3. Once that is done you need to stream the background job
4. :STREAM JINETD.NET.SYS
This second job needs to be always running for the FTP server to be enabled. So if you want to stop access to your FTP server then simply abort this job.
If you have any problems, there is a short manual titled Installing and Managing HP ARPA File Transfer Protocol Network Manager’s Guide HP 3000 MPE/iX Computer Systems (HP Part Number: 36957-90157) that is accessible via the Web at docs.hp.com. This manual also shows you how to easily set up Anonymous FTP access.
Security concerns: If your HP 3000 is on a network that is connected to the internet, then you’ve just opened it up to whole world. Make sure your accounts are password protected. If you rely on third-party products like VeSoft’s Security/3000 then you may need current versions that support the MPE/iX 6.0 INETD approach. You may also need the BACKG job running with ‘HELLO’ executing and you may need to add a “$CONFIG FTP ...” line to your HELLO.DATA.VESOFT file. Check with your third-party vendor.
Copyright The 3000 NewsWire. All rights reserved.