The network information service (NIS), which is part of the SunOS release 4 environment, is gradually being replaced with the network information service plus (NIS+). NIS+, introduced with the SunOS 5.0 system, is a completely redesigned name service that takes into account changes in customer client/server environments. DNS ( domain name system) is an existing, complementary name service used for intercompany Internet communication. This chapter discusses NIS+ and compares it to NIS and DNS.
For more information about planning an NIS+ upgrade and installing NIS+, see NIS+ Transition Guide and Solaris Naming Setup and Configuration Guide.
The system administration documentation set for the Solaris 7 operating environment emphasizes a system that is using NIS+.
The Solaris 7 operating environment uses standard naming interfaces (for example, gethostbyname) to support multiple naming services (such as NIS, NIS+, and DNS, among others), thereby allowing applications to access data transparently from different services. One instance of this is the Name Service Switch capability in the Solaris 7 operating environment, which allows applications to use a UNIX standard naming interface (for example, getxxbyyy interfaces). See the nsswitch.conf(4) man page for more information.
NIS+ is a name service built on top of the ONC transport-independent remote procedure call (TI-RPC) interface. NIS+ has significant advantages over NIS in the areas of security, performance, scalability, and administration.
DNS supports the model of a hierarchical name space with autonomously administered name servers. Although NIS+ uses a similar hierarchical naming model, it focuses on supporting changing system administration data and other requirements of enterprise networks.
DNS and NIS+, therefore, are complementary name services:
DNS is used for intercompany communication
NIS+ supports administration of enterprise networks
Table 13-1 shows the features and benefits of DNS compared to NIS+.
Table 13-1 DNS and NIS+ Features and Benefits Compared
Feature |
DNS |
NIS+ |
---|---|---|
Security |
Unrestricted access to data |
All operations can be authenticated |
|
|
Administrator designates access rights for objects and entries |
API and human interface |
Allows read-only access to name service |
Allows read-write access to name service. Provides: - Efficient support of changing network environment - API support of administrative operations - Support of administrative and other distributed applications |
Updating |
By transfer of zone master files |
By incremental data transfer - Fast support of changing network environments - Stronger consistency |
Compatibility with NIS |
Not applicable |
Existing NIS applications can migrate smoothly |
Data support |
ASCII data only with packet size restriction |
Binary and ASCII data. Provides: - Support of variable information - Support of larger objects |
The main strength of DNS is in supporting hierarchical database partitions and replicas containing entries of relatively static information (such as host name and IP address). DNS enables you to access the Internet.
NIS+, in contrast, is a secure repository of changing administrative information (such as email aliases, Ethernet addresses, RPC program numbers) for enterprise networks.
Table 13-2 summarizes several major enhancements in NIS+ compared to NIS.
Table 13-2 NIS and NIS+ Features Compared
Feature |
NIS |
NIS+ |
---|---|---|
Name space |
Has a flat on-hierarchical organization; centralized flat file database for each independent network domain |
Has a hierarchical organization; partitioned into directories to support each network subset or autonomous domain |
Data Storage Scheme |
Multiple bicolumn "maps" (files) having key-value pairs |
Multicolumn database with multiple, searchable columns |
Resource Access Across Domains |
Not supported |
Permitted for authorized users |
Privileges for Updating |
Updates require superuser privileges on master server |
Updates can be performed remotely by authorized users |
Update Process |
Updates require using make files on master servers |
Updates are performed easily through command-line interface |
Update Propagation |
Is administrator initiated and requires transfer of whole maps |
Automatic and high-performance updating via incremental transfer |
Security |
Database not secure |
Fine-grained access control to NIS+ directories, table column, and entries |
Commands and Functions Prefixes |
Prefixed by the letters yp, as in ypmatch(1) and ypcat(1) |
Prefixed by the letters nis, as in nismatch(1) and nischown(1) |
NIS+ includes features that enable NIS sites to migrate to the new name service in a smooth, phased manner. NIS sites that migrate to NIS+ will gain the following benefits:
Distributed and remote administration of network domains by authorized users
Support for hierarchical domains
Fast and automatic propagation of updates from master to replica servers
Fine-grained access to tables and network resources
Easier and more consistent administrative operations
Increased naming service reliability and availability
NIS+ supports the following combinations of operating environments:
SunOS release 5.7 software installed on all servers and clients
SunOS release 5.7 software installed on one server, but combined with some SunOS release 4 servers
For a network, there are three main migration paths from NIS to the NIS+ name service:
Upgrade all servers and clients to NIS+
Upgrade all servers at once to NIS+ and enable its compatibility mode to support SunOS release 4 clients
Use different domain names so NIS and NIS+ can coexist
The first step to upgrading your network is to decide which servers to upgrade to the NIS+ name service and which servers can continue to run NIS. See NIS+ Transition Guide for more information.