distributed computing environment distributed computing environment (dce)
DESCRIPTION
Distributed Computing Environment Distributed Computing Environment (DCE) Provides a comprehensive Network Operating System (NOS) solution for integrating multi-vendor, distributed in an enterprise client/server environment Spans multiple architectures, protocols, and OS’s Operates as middleware, a layer between the various OS’s and the applications and data DCE was considered the premier NOS solution until the mid to late 1990’s when the focus shifted to the Internet DCE components are used in many operating systems –Elements of DCE can be found in most Unixes –NT 5.0 is built on top of modified DCE’s RPC and security –IBM uses DCE for foundation of its directory and security servicesTRANSCRIPT
Distributed Computing Environment
Distributed Computing Environment (DCE)
Distributed Computing Environment
History - Creation of DCE• DCE was developed by the Open System Foundation (OSF)
in early 1990’s, (OSF is now called the Open Group)• OSF was an industry group lead by IBM, DEC, and HP• Initial goal was to develop and market their own UNIX OS –
OFS/1, the industry’s first open operating system• The OSF/1 project was in response to joint effort between
AT&T and SUN Microsystems to develop and market their UNIX OS
• The OFS/1 project identified the need for a way to build distributed applications on top of OSF/1 and other UNIX systems
• Resulted in development of DCE – an integrated package of tools and other software (best-of-breed) needed to build and maintain a distributed system
Distributed Computing Environment
Distributed Computing Environment (DCE)
• Provides a comprehensive Network Operating System (NOS) solution for integrating multi-vendor, distributed in an enterprise client/server environment
• Spans multiple architectures, protocols, and OS’s• Operates as middleware, a layer between the various OS’s
and the applications and data• DCE was considered the premier NOS solution until the
mid to late 1990’s when the focus shifted to the Internet• DCE components are used in many operating systems
– Elements of DCE can be found in most Unixes– NT 5.0 is built on top of modified DCE’s RPC and security– IBM uses DCE for foundation of its directory and security services
Distributed Computing Environment
Goals of DCE• Seamless and coherent environment
for running distributed applications (using Client/Server model)• Integrated set of tools and services
to aid in development of distributed applications• Run in a heterogeneous environment
Many different kinds of computers, operating systems, and networks • Easy to produce portable software applications
UNIX, VMS, Windows and OS/2• Transparent to user and developer
Not necessary to know physical location of dataNot necessary to know where the programs are executed
• Work with existing standardsCommunication with TCP or the OSI protocolsResources located with DNS or X.500 naming systems
Distributed Computing Environment
DCE Facilities and Services• Facilities
– Threads• Allows multiple threads of control to exist in same process at same time
– Remote Procedure Call, (RPC)• Basis for all client/server communications in DCE• Handles locating server, binding, and performing calls
• Distributed Services – Time service
• Transparently maintains consistent time throughout distributed system– Directory service
• Cell Directory Service, (CDS) and Global Directory Service, (GDS)– File system service
• Distributed file system, X.500 standard, works with local files systems– Security service
• Kerberos
Distributed Computing Environment
DCE Facilities and Services
DCE Services
Distributed Computing Environment
DCE Threads• DCE threads package is based on Concert Multithread Architecture,
(CMA) developed by DEC• DCE threads run in user space, and provide user-level library
procedures that allow processes to create, delete or manipulate threads• Include small wrapper routines to translate calls into native kernel-based
thread package (if exists)• DCE threads are used by the other DCE components• Supports multi-processor environments using shared memory• DCE provides a semaphore service that helps threads synchronize their
access to shared memory • Scheduling algorithms for thread queues/processes, Three options
– FIFO – utilizing different priority queues, each proc runs to completion– Round Robin – runs each thread process for fixed quantum– Time-sliced Round Robin - Default, quantum value based on priority
Distributed Computing Environment
DCE RPC, Remote Procedure Call• Goals
– Access transparency - Make it possible for a client to access a remote service by simply calling a local procedure
– Simplify programming of client server applications• Features
– RPC runtime library is responsible for:• Locating a server in the distributed system and binding to it• Performing message exchanges• Packing and unpacking message parameters• Handling data type conversions between different clients and servers• Processing errors
– The RPC mechanism provides protocol independence and network independence
– DCE provides an Interface Definition Language (IDL) and compiler that facilitate creation of client and server code using RPC
Distributed Computing Environment
DCE RPC, Remote Procedure Call• Creating client and server code
Distributed Computing Environment
DCE RPC, Remote Procedure Call• Client to server binding with RPC
– Server• Each server machine runs an RPC daemon process that
maintains a registry table of server endpoints• Server registers its endpoint with the RPC daemon• Server registers its service/host with a separate directory server
– Client• Contacts directory server to look up desired server host• Contacts RPC daemon on server host to determine endpoint• Performs RPC, binding to correct end point on server host
Distributed Computing Environment
DCE RPC, Remote Procedure Call• Client to server binding with RPC
The Domain of the Distributed Environment
• DCE can provide scalable computing environment - Small environment
* two network hosts * typically consists of a single group of users who share common goals
- large environment* a network (or internetworks) of thousands of
hosts * typically consists of a diverse groups of users, each group having its own goals and pool of
shared resources• A cell is the basic unit of operation and administration• A cell is a group of users, hosts, and resources that share
common DCE services
Distributed Operation in a DCE Cell
A Simple DCE Cell
Cell with DFS and Multiple DCE Clients
Distributed Computing Environment
Directory Service• Goals
– Make all resources accessible to any process in the system without regard for location
• users, machines, cells, servers, services, files, security data– Location transparency - hide resource locations
• Components– Cell Directory Service (CDS)
• CDS server maintains names for one cell • CDS clerk (daemon process) does client caching
– Global Directory Service (GDS)• Service for locating cells• X.500 naming standard, provides unique name to each resource
/C=US/O-CNU/TITLE=PROF/TELE=7563/OFFICE=217/NAME=ZHANG/
– Global Directory Agent (GDA)• Local agent (daemon process) contacts external GDS and DNS servers
Distributed Computing Environment
Directory Service• Features
– Hides actual paths/machine names– Provides proxies on local machines to intercept calls for
devices/resources and redirect them to correct servers– Client caching increases availability and performance– Supports DNS naming– X.500 standard naming uses object-oriented information
model
Directory Service
GDA GDA
Cell DirectoryService
Cell DirectoryService
Global DirectoryService
Distributed Computing Environment
Directory Service• Relationship between directory service components
Overview of a Simple CDS Lookup
CDS Client
CDS Server
ClientApplication
CDS Clerk
CDS
Clearinghouse
1 6
2 53
4
Cache
Steps – Name Resolution1. A Client Application sends a lookup request to its local
CDS clerk.2. The CDS clerk checks its cache for the name. If it is found
in the cache, the CDS clerk returns a reply to the client and the name resolution operation completes.
3. If the name is not found in the cache, the CDS clerk does and RPC with CDS server that knows about it.
4. With the directories available in its local clearing house, the CDS server tries to resolve as many components of the name as possible.
5. If the name can be completely resolved, the CDS server returns the result of name resolution to the CDS clerk.
6. The CDS clerk caches this information in its cache for future use.
7. The CDS clerk finally returns a reply to the client and the name resolution operation completes.
Intercell Name Resolution
CDS Clerk
Client Application
Name Cache
Client Machine
DNS Server
CDS Server
GDS Server
CDS Server
GDAGDA MachineCDS
Machine
DNS Machine
GDS Machine
CDS Machine of the remote cell to which the named object belongs.
DB of GDS DB of DNS
1
13
2
121110
95
43
868
6
77
Distributed File Service• DCE Distributed File Service (DFS) is a high-
performance, scalable, secure method for sharing remote files
• DFS appears to the user as a local file systems, providing access to files form anywhere in the network for any user, with the same filename used by all (uniform file access)
• DFS includes many advanced features not found in traditional distributed file systems, including caching, security, and scalability over wide-area networks
Distributed Computing Environment
Distributed File Service• Goals
– Provide a seamless wide-area (potentially worldwide) file system spanning the heterogeneous distributed network of computers
– Provide namespace transparency so users only • Components
– File units• Files and directories• Files sets
– File sets are groups of directories– Base file units that are manipulated, replicated and backed up– Can be moved by admin to underutilized machines for load balancing
• Aggregates – Unit of disk storage– Contains one or more filesets.
– Client side – cache manager– Server side –
• File set database machine-keeps track of filesets• File server machine
DFS Lookup
CDS Server
Cache Manager
Cache
DFS Client
Fileset Location Server
Fileset Location Database
DFS File Server
Files and Directories
Fileset Database Machine
File Server Machine
12
3
Distributed Computing Environment
Mounting Remote Directory
Mounting Remote Directory
Distributed Computing Environment
Distributed Security Service• Login facility• Registry service• Authentication Service• Privilege Service• Access Control Lists (ACL)
Distributed Computing Environment
Distributed Security Service
Distributed Computing Environment
Distributed Security Service• Definition of key terms
– Privilege Access Certificates (PAC’s) • Encrypted messages that contain the client’s identity,
group and organization membership such that servers can be instantly convinced of the client’s identity. Contains the user’s identity and the list of groups to which he belongs.
• Access Control List (ACL)– List of users and groups that are allowed to access a
resource– Maintained for every distributed resource
Distributed Computing Environment
Distributed Security Service• Major Components of Kerberos
– Registry Server - Manages the security database, the “registry” • Account information - names of users, groups, resources, and organizations• Policy information – length, format, lifetime of passwords, etc.
– Authentication Server • Verifies identity of client
– Ticket Granting Server • Issue “ticket” to allow subsequent authorization without need for sending
password across the network (actually same process as Auth. Server)
– Privilege Server• Issues Privilege Access Certificates (PAC’s) to authenticated users for access to
distributed services– Login Facility
• Provides login sequence to get user logged in and collect necessary tickets and PAC’s for them
Distributed Computing Environment
Distributed Time Service• Goals
– Maintaining Time Transparency– Keeping all clocks throughout distributed system mutually consistent, to
within an acceptable accuracy (for timed events, comparisons, etc)– Keeping the clocks in touch with reality, external trusted source
• Challenges– Synchronizing time across all distributed computers– Compensating for unequal drift rates between synchronizations
Time, in DTS (64 bit binary num)
Distributed Computing Environment
Distributed Time Service• DTS Components
– Global Time Servers• The distributed system has multiple Global Time Servers throughout.• Global Servers keep Local Time Servers in in different cells
synchronized– Local Time Servers
• Each local cell has a Local Time Server that keeps track of its local time
• Requests synchronizations from Global Time Servers
• Definition of key terms– Clock drift rate
• Measure of the rate of increase of inaccuracy in the local clock time– Universal Coordinated Time (UCT)
• A universally (worldwide) accepted form of time, expressed as the elapsed time since October 15, 1582, the beginning of the Gregorian calendar. Worldwide UCT servers provide the UCT time service (via satellite, radio, or telephone connection)
Distributed Computing Environment
Distributed Time Service• How DTS works
– Local Time Server knows limits of hardware clock (clock drift rate)– LTS keeps track of inaccuracy that builds over time– LTS requests synchronization from Global Time Servers (GTS)
after reaching an established inaccuracy threshold– All GTS responses include the corresponding inaccuracies, thereby
representing time as a probable range, not a finite value– LTS calculates a probable correct time based on the multiple time
responses that were received– Local time adjustments
Distributed Computing Environment
Distributed Time Service• How DTS works (cont)
– Max range of time overlap from all sources is computed– Data outside of range is rejected as untrustworthy– Midpoint of range is computed as accurate time
Distributed Computing Environment
Distributed Time Service• DTS Library Procedures (calls)
– There are 33 total calls supported by DTS– There are 6 groups of time-related calls, calls for:
• Retrieving times – Get the current time• Converting times – Binary-ASCII conversion• Manipulating times – Interval arithmetic• Comparing times – Compare two times• Calculating times - Arithmetic operations on times• Using time zones – Time zone management
Distributed Computing Environment
Using DCE• Programmers
– DCE implements the client/server model– access services and applications via RPC calls to
remote servers– make use of standard programming interface with RPC
calls – don’t have to worry about where the programs actually
run or where the data is actually located• Users
– Single system login– Transparent access to distributed resources and services
Distributed Computing Environment
Summary• DCE was a leader in supporting the extension of
small autonomous departmental networks to true distributed enterprise networks
• DCE supports the distributed Enterprise network OS by providing cross-platform services and resource access, all transparent to the user
• Does not extend well to Internet– Kerberos security not scalable, encryption requires too
much overhead processing– Directory service is too bulky and complicated for
Internet use
Distributed Computing Environment
Summary* DCE and evolution of Network Operating Systems