Distributed Computing Environment Distributed Computing Environment (DCE)
Distributed Computing Environment History - Creation of DCE DCE was developed by the Open System Foundation (OSF) in early 1990’s, (OSF is now called the Open Group) OSF was an industry group lead by IBM, DEC, and HP Initial goal was to develop and market their own UNIX OS – OFS/1, the industry’s first open operating system The OSF/1 project was in response to joint effort between AT&T and SUN Microsystems to develop and market their UNIX OS The OFS/1 project identified the need for a way to build distributed applications on top of OSF/1 and other UNIX systems Resulted in development of DCE – an integrated package of tools and other software (best-of-breed) needed to build and maintain a distributed system
Distributed Computing Environment Distributed Computing Environment (DCE) Provides a comprehensive Network Operating System (NOS) solution for integrating multi-vendor, distributed in an enterprise client/server environment Spans multiple architectures, protocols, and OS’s Operates as middleware, a layer between the various OS’s and the applications and data DCE was considered the premier NOS solution until the mid to late 1990’s when the focus shifted to the Internet DCE components are used in many operating systems –Elements of DCE can be found in most Unixes –NT 5.0 is built on top of modified DCE’s RPC and security –IBM uses DCE for foundation of its directory and security services
Distributed Computing Environment Goals of DCE Seamless and coherent environment for running distributed applications (using Client/Server model) Integrated set of tools and services to aid in development of distributed applications Run in a heterogeneous environment Many different kinds of computers, operating systems, and networks Easy to produce portable software applications UNIX, VMS, Windows and OS/2 Transparent to user and developer Not necessary to know physical location of data Not necessary to know where the programs are executed Work with existing standards Communication with TCP or the OSI protocols Resources located with DNS or X.500 naming systems
Distributed Computing Environment DCE Facilities and Services Facilities –Threads Allows multiple threads of control to exist in same process at same time –Remote Procedure Call, (RPC) Basis for all client/server communications in DCE Handles locating server, binding, and performing calls Distributed Services –Time service Transparently maintains consistent time throughout distributed system –Directory service Cell Directory Service, (CDS) and Global Directory Service, (GDS) –File system service Distributed file system, X.500 standard, works with local files systems –Security service Kerberos
Distributed Computing Environment DCE Facilities and Services
DCE Services
Distributed Computing Environment DCE Threads DCE threads package is based on Concert Multithread Architecture, (CMA) developed by DEC DCE threads run in user space, and provide user-level library procedures that allow processes to create, delete or manipulate threads Include small wrapper routines to translate calls into native kernel- based thread package (if exists) DCE threads are used by the other DCE components Supports multi-processor environments using shared memory DCE provides a semaphore service that helps threads synchronize their access to shared memory Scheduling algorithms for thread queues/processes, Three options –FIFO – utilizing different priority queues, each proc runs to completion –Round Robin – runs each thread process for fixed quantum –Time-sliced Round Robin - Default, quantum value based on priority
Distributed Computing Environment DCE RPC, Remote Procedure Call Goals –Access transparency - Make it possible for a client to access a remote service by simply calling a local procedure –Simplify programming of client server applications Features –RPC runtime library is responsible for: Locating a server in the distributed system and binding to it Performing message exchanges Packing and unpacking message parameters Handling data type conversions between different clients and servers Processing errors –The RPC mechanism provides protocol independence and network independence –DCE provides an Interface Definition Language (IDL) and compiler that facilitate creation of client and server code using RPC
Distributed Computing Environment DCE RPC, Remote Procedure Call Creating client and server code
Distributed Computing Environment DCE RPC, Remote Procedure Call Client to server binding with RPC –Server Each server machine runs an RPC daemon process that maintains a registry table of server endpoints Server registers its endpoint with the RPC daemon Server registers its service/host with a separate directory server – Client Contacts directory server to look up desired server host Contacts RPC daemon on server host to determine endpoint Performs RPC, binding to correct end point on server host
Distributed Computing Environment DCE RPC, Remote Procedure Call Client to server binding with RPC
The Domain of the Distributed Environment DCE can provide scalable computing environment - Small environment * two network hosts * typically consists of a single group of users who share common goals - large environment * a network (or internetworks) of thousands of hosts * typically consists of a diverse groups of users, each group having its own goals and pool of shared resources A cell is the basic unit of operation and administration A cell is a group of users, hosts, and resources that share common DCE services
Distributed Operation in a DCE Cell
A Simple DCE Cell
Cell with DFS and Multiple DCE Clients
Distributed Computing Environment Directory Service Goals –Make all resources accessible to any process in the system without regard for location users, machines, cells, servers, services, files, security data –Location transparency - hide resource locations Components –Cell Directory Service (CDS) CDS server maintains names for one cell CDS clerk (daemon process) does client caching –Global Directory Service (GDS) Service for locating cells X.500 naming standard, provides unique name to each resource /C=US/O-CNU/TITLE=PROF/TELE=7563/OFFICE=217/NAME=ZHANG/ –Global Directory Agent (GDA) Local agent (daemon process) contacts external GDS and DNS servers
Distributed Computing Environment Directory Service Features –Hides actual paths/machine names –Provides proxies on local machines to intercept calls for devices/resources and redirect them to correct servers –Client caching increases availability and performance –Supports DNS naming –X.500 standard naming uses object-oriented information model
Directory Service GDA Cell Directory Service Cell Directory Service Global Directory Service
Distributed Computing Environment Directory Service Relationship between directory service components
Overview of a Simple CDS Lookup CDS Client CDS Server Client Application CDS Clerk CDS Clearing house Cache
Steps – Name Resolution 1.A Client Application sends a lookup request to its local CDS clerk. 2.The CDS clerk checks its cache for the name. If it is found in the cache, the CDS clerk returns a reply to the client and the name resolution operation completes. 3.If the name is not found in the cache, the CDS clerk does and RPC with CDS server that knows about it. 4.With the directories available in its local clearing house, the CDS server tries to resolve as many components of the name as possible. 5.If the name can be completely resolved, the CDS server returns the result of name resolution to the CDS clerk. 6.The CDS clerk caches this information in its cache for future use. 7.The CDS clerk finally returns a reply to the client and the name resolution operation completes.
Intercell Name Resolution CDS Clerk Client Application Name Cache Client Machine DNS Server CDS Server GDS Server CDS Server GDA GDA Machine CDS Machine DNS Machine GDS Machine CDS Machine of the remote cell to which the named object belongs. DB of GDS DB of DNS
Distributed File Service DCE Distributed File Service (DFS) is a high- performance, scalable, secure method for sharing remote files DFS appears to the user as a local file systems, providing access to files form anywhere in the network for any user, with the same filename used by all (uniform file access) DFS includes many advanced features not found in traditional distributed file systems, including caching, security, and scalability over wide-area networks
Distributed Computing Environment Distributed File Service Goals –Provide a seamless wide-area (potentially worldwide) file system spanning the heterogeneous distributed network of computers –Provide namespace transparency so users only Components –File units Files and directories Files sets –File sets are groups of directories –Base file units that are manipulated, replicated and backed up –Can be moved by admin to underutilized machines for load balancing Aggregates –Unit of disk storage –Contains one or more filesets. –Client side – cache manager –Server side – File set database machine-keeps track of filesets File server machine
DFS Lookup CDS Server Cache Manager Cache DFS Client Fileset Location Server Fileset Location Database DFS File Server Files and Directories Fileset Database Machine File Server Machine 1 2 3
Distributed Computing Environment Mounting Remote Directory
Distributed Computing Environment Distributed Security Service Login facility Registry service Authentication Service Privilege Service Access Control Lists (ACL)
Distributed Computing Environment Distributed Security Service
Distributed Computing Environment Distributed Security Service Definition of key terms –Privilege Access Certificates (PAC’s) Encrypted messages that contain the client’s identity, group and organization membership such that servers can be instantly convinced of the client’s identity. Contains the user’s identity and the list of groups to which he belongs. Access Control List (ACL) –List of users and groups that are allowed to access a resource –Maintained for every distributed resource
Distributed Computing Environment Distributed Security Service Major Components of Kerberos –Registry Server - Manages the security database, the “registry” Account information - names of users, groups, resources, and organizations Policy information – length, format, lifetime of passwords, etc. –Authentication Server Verifies identity of client –Ticket Granting Server Issue “ticket” to allow subsequent authorization without need for sending password across the network (actually same process as Auth. Server) –Privilege Server Issues Privilege Access Certificates (PAC’s) to authenticated users for access to distributed services –Login Facility Provides login sequence to get user logged in and collect necessary tickets and PAC’s for them
Distributed Computing Environment Distributed Time Service Goals –Maintaining Time Transparency –Keeping all clocks throughout distributed system mutually consistent, to within an acceptable accuracy (for timed events, comparisons, etc) –Keeping the clocks in touch with reality, external trusted source Challenges –Synchronizing time across all distributed computers –Compensating for unequal drift rates between synchronizations Time, in DTS (64 bit binary num)
Distributed Computing Environment Distributed Time Service DTS Components –Global Time Servers The distributed system has multiple Global Time Servers throughout. Global Servers keep Local Time Servers in in different cells synchronized –Local Time Servers Each local cell has a Local Time Server that keeps track of its local time Requests synchronizations from Global Time Servers Definition of key terms –Clock drift rate Measure of the rate of increase of inaccuracy in the local clock time –Universal Coordinated Time (UCT) A universally (worldwide) accepted form of time, expressed as the elapsed time since October 15, 1582, the beginning of the Gregorian calendar. Worldwide UCT servers provide the UCT time service (via satellite, radio, or telephone connection)
Distributed Computing Environment Distributed Time Service How DTS works –Local Time Server knows limits of hardware clock (clock drift rate) –LTS keeps track of inaccuracy that builds over time –LTS requests synchronization from Global Time Servers (GTS) after reaching an established inaccuracy threshold –All GTS responses include the corresponding inaccuracies, thereby representing time as a probable range, not a finite value –LTS calculates a probable correct time based on the multiple time responses that were received –Local time adjustments
Distributed Computing Environment Distributed Time Service How DTS works (cont) –Max range of time overlap from all sources is computed –Data outside of range is rejected as untrustworthy –Midpoint of range is computed as accurate time
Distributed Computing Environment Distributed Time Service DTS Library Procedures (calls) –There are 33 total calls supported by DTS –There are 6 groups of time-related calls, calls for: Retrieving times – Get the current time Converting times – Binary-ASCII conversion Manipulating times – Interval arithmetic Comparing times – Compare two times Calculating times - Arithmetic operations on times Using time zones – Time zone management
Distributed Computing Environment Using DCE Programmers –DCE implements the client/server model –access services and applications via RPC calls to remote servers –make use of standard programming interface with RPC calls –don’t have to worry about where the programs actually run or where the data is actually located Users –Single system login –Transparent access to distributed resources and services
Distributed Computing Environment Summary DCE was a leader in supporting the extension of small autonomous departmental networks to true distributed enterprise networks DCE supports the distributed Enterprise network OS by providing cross-platform services and resource access, all transparent to the user Does not extend well to Internet –Kerberos security not scalable, encryption requires too much overhead processing –Directory service is too bulky and complicated for Internet use
Distributed Computing Environment Summary * DCE and evolution of Network Operating Systems