Download ppt - Distributed Computing Environment Distributed Computing Environment (DCE)

Distributed Computing Environment

Distributed Computing Environment (DCE)


History - Creation of DCE• DCE was developed by the Open System Foundation (OSF)

in early 1990’s, (OSF is now called the Open Group)• OSF was an industry group lead by IBM, DEC, and HP• Initial goal was to develop and market their own UNIX OS –

OFS/1, the industry’s first open operating system• The OSF/1 project was in response to joint effort between

AT&T and SUN Microsystems to develop and market their UNIX OS

• The OFS/1 project identified the need for a way to build distributed applications on top of OSF/1 and other UNIX systems

• Resulted in development of DCE – an integrated package of tools and other software (best-of-breed) needed to build and maintain a distributed system


Distributed Computing Environment (DCE)

• Provides a comprehensive Network Operating System (NOS) solution for integrating multi-vendor, distributed in an enterprise client/server environment

• Spans multiple architectures, protocols, and OS’s• Operates as middleware, a layer between the various OS’s

and the applications and data• DCE was considered the premier NOS solution until the

mid to late 1990’s when the focus shifted to the Internet• DCE components are used in many operating systems

– Elements of DCE can be found in most Unixes– NT 5.0 is built on top of modified DCE’s RPC and security– IBM uses DCE for foundation of its directory and security services


Goals of DCE• Seamless and coherent environment

for running distributed applications (using Client/Server model)• Integrated set of tools and services

to aid in development of distributed applications• Run in a heterogeneous environment

Many different kinds of computers, operating systems, and networks • Easy to produce portable software applications

UNIX, VMS, Windows and OS/2• Transparent to user and developer

Not necessary to know physical location of dataNot necessary to know where the programs are executed

• Work with existing standardsCommunication with TCP or the OSI protocolsResources located with DNS or X.500 naming systems


DCE Facilities and Services• Facilities

– Threads• Allows multiple threads of control to exist in same process at same time

– Remote Procedure Call, (RPC)• Basis for all client/server communications in DCE• Handles locating server, binding, and performing calls

• Distributed Services – Time service

• Transparently maintains consistent time throughout distributed system– Directory service

• Cell Directory Service, (CDS) and Global Directory Service, (GDS)– File system service

• Distributed file system, X.500 standard, works with local files systems– Security service

• Kerberos


DCE Facilities and Services

DCE Services


DCE Threads• DCE threads package is based on Concert Multithread Architecture,

(CMA) developed by DEC• DCE threads run in user space, and provide user-level library

procedures that allow processes to create, delete or manipulate threads• Include small wrapper routines to translate calls into native kernel-based

thread package (if exists)• DCE threads are used by the other DCE components• Supports multi-processor environments using shared memory• DCE provides a semaphore service that helps threads synchronize their

access to shared memory • Scheduling algorithms for thread queues/processes, Three options

– FIFO – utilizing different priority queues, each proc runs to completion– Round Robin – runs each thread process for fixed quantum– Time-sliced Round Robin - Default, quantum value based on priority


DCE RPC, Remote Procedure Call• Goals

– Access transparency - Make it possible for a client to access a remote service by simply calling a local procedure

– Simplify programming of client server applications• Features

– RPC runtime library is responsible for:• Locating a server in the distributed system and binding to it• Performing message exchanges• Packing and unpacking message parameters• Handling data type conversions between different clients and servers• Processing errors

– The RPC mechanism provides protocol independence and network independence

– DCE provides an Interface Definition Language (IDL) and compiler that facilitate creation of client and server code using RPC


DCE RPC, Remote Procedure Call• Creating client and server code


DCE RPC, Remote Procedure Call• Client to server binding with RPC

– Server• Each server machine runs an RPC daemon process that

maintains a registry table of server endpoints• Server registers its endpoint with the RPC daemon• Server registers its service/host with a separate directory server

– Client• Contacts directory server to look up desired server host• Contacts RPC daemon on server host to determine endpoint• Performs RPC, binding to correct end point on server host


DCE RPC, Remote Procedure Call• Client to server binding with RPC

The Domain of the Distributed Environment

• DCE can provide scalable computing environment - Small environment

* two network hosts * typically consists of a single group of users who share common goals

- large environment* a network (or internetworks) of thousands of

hosts * typically consists of a diverse groups of users, each group having its own goals and pool of

shared resources• A cell is the basic unit of operation and administration• A cell is a group of users, hosts, and resources that share

common DCE services

Distributed Operation in a DCE Cell

A Simple DCE Cell

Cell with DFS and Multiple DCE Clients


Directory Service• Goals

– Make all resources accessible to any process in the system without regard for location

• users, machines, cells, servers, services, files, security data– Location transparency - hide resource locations

• Components– Cell Directory Service (CDS)

• CDS server maintains names for one cell • CDS clerk (daemon process) does client caching

– Global Directory Service (GDS)• Service for locating cells• X.500 naming standard, provides unique name to each resource

/C=US/O-CNU/TITLE=PROF/TELE=7563/OFFICE=217/NAME=ZHANG/

– Global Directory Agent (GDA)• Local agent (daemon process) contacts external GDS and DNS servers


Directory Service• Features

– Hides actual paths/machine names– Provides proxies on local machines to intercept calls for

devices/resources and redirect them to correct servers– Client caching increases availability and performance– Supports DNS naming– X.500 standard naming uses object-oriented information

model

Directory Service

GDA GDA

Cell DirectoryService

Cell DirectoryService

Global DirectoryService


Directory Service• Relationship between directory service components

Overview of a Simple CDS Lookup

CDS Client

CDS Server

ClientApplication

CDS Clerk

CDS

Clearinghouse

1 6

2 53

4

Cache

Steps – Name Resolution1. A Client Application sends a lookup request to its local

CDS clerk.2. The CDS clerk checks its cache for the name. If it is found

in the cache, the CDS clerk returns a reply to the client and the name resolution operation completes.

3. If the name is not found in the cache, the CDS clerk does and RPC with CDS server that knows about it.

4. With the directories available in its local clearing house, the CDS server tries to resolve as many components of the name as possible.

5. If the name can be completely resolved, the CDS server returns the result of name resolution to the CDS clerk.

6. The CDS clerk caches this information in its cache for future use.

7. The CDS clerk finally returns a reply to the client and the name resolution operation completes.

Intercell Name Resolution

CDS Clerk

Client Application

Name Cache

Client Machine

DNS Server

CDS Server

GDS Server

CDS Server

GDAGDA MachineCDS

Machine

DNS Machine

GDS Machine

CDS Machine of the remote cell to which the named object belongs.

DB of GDS DB of DNS

1

13

2

121110

95

43

868

6

77

Distributed File Service• DCE Distributed File Service (DFS) is a high-

performance, scalable, secure method for sharing remote files

• DFS appears to the user as a local file systems, providing access to files form anywhere in the network for any user, with the same filename used by all (uniform file access)

• DFS includes many advanced features not found in traditional distributed file systems, including caching, security, and scalability over wide-area networks


Distributed File Service• Goals

– Provide a seamless wide-area (potentially worldwide) file system spanning the heterogeneous distributed network of computers

– Provide namespace transparency so users only • Components

– File units• Files and directories• Files sets

– File sets are groups of directories– Base file units that are manipulated, replicated and backed up– Can be moved by admin to underutilized machines for load balancing

• Aggregates – Unit of disk storage– Contains one or more filesets.

– Client side – cache manager– Server side –

• File set database machine-keeps track of filesets• File server machine

DFS Lookup

CDS Server

Cache Manager

Cache

DFS Client

Fileset Location Server

Fileset Location Database

DFS File Server

Files and Directories

Fileset Database Machine

File Server Machine

12

3


Mounting Remote Directory

Mounting Remote Directory


Distributed Security Service• Login facility• Registry service• Authentication Service• Privilege Service• Access Control Lists (ACL)


Distributed Security Service


Distributed Security Service• Definition of key terms

– Privilege Access Certificates (PAC’s) • Encrypted messages that contain the client’s identity,

group and organization membership such that servers can be instantly convinced of the client’s identity. Contains the user’s identity and the list of groups to which he belongs.

• Access Control List (ACL)– List of users and groups that are allowed to access a

resource– Maintained for every distributed resource


Distributed Security Service• Major Components of Kerberos

– Registry Server - Manages the security database, the “registry” • Account information - names of users, groups, resources, and organizations• Policy information – length, format, lifetime of passwords, etc.

– Authentication Server • Verifies identity of client

– Ticket Granting Server • Issue “ticket” to allow subsequent authorization without need for sending

password across the network (actually same process as Auth. Server)

– Privilege Server• Issues Privilege Access Certificates (PAC’s) to authenticated users for access to

distributed services– Login Facility

• Provides login sequence to get user logged in and collect necessary tickets and PAC’s for them


Distributed Time Service• Goals

– Maintaining Time Transparency– Keeping all clocks throughout distributed system mutually consistent, to

within an acceptable accuracy (for timed events, comparisons, etc)– Keeping the clocks in touch with reality, external trusted source

• Challenges– Synchronizing time across all distributed computers– Compensating for unequal drift rates between synchronizations

Time, in DTS (64 bit binary num)


Distributed Time Service• DTS Components

– Global Time Servers• The distributed system has multiple Global Time Servers throughout.• Global Servers keep Local Time Servers in in different cells

synchronized– Local Time Servers

• Each local cell has a Local Time Server that keeps track of its local time

• Requests synchronizations from Global Time Servers

• Definition of key terms– Clock drift rate

• Measure of the rate of increase of inaccuracy in the local clock time– Universal Coordinated Time (UCT)

• A universally (worldwide) accepted form of time, expressed as the elapsed time since October 15, 1582, the beginning of the Gregorian calendar. Worldwide UCT servers provide the UCT time service (via satellite, radio, or telephone connection)


Distributed Time Service• How DTS works

– Local Time Server knows limits of hardware clock (clock drift rate)– LTS keeps track of inaccuracy that builds over time– LTS requests synchronization from Global Time Servers (GTS)

after reaching an established inaccuracy threshold– All GTS responses include the corresponding inaccuracies, thereby

representing time as a probable range, not a finite value– LTS calculates a probable correct time based on the multiple time

responses that were received– Local time adjustments


Distributed Time Service• How DTS works (cont)

– Max range of time overlap from all sources is computed– Data outside of range is rejected as untrustworthy– Midpoint of range is computed as accurate time


Distributed Time Service• DTS Library Procedures (calls)

– There are 33 total calls supported by DTS– There are 6 groups of time-related calls, calls for:

• Retrieving times – Get the current time• Converting times – Binary-ASCII conversion• Manipulating times – Interval arithmetic• Comparing times – Compare two times• Calculating times - Arithmetic operations on times• Using time zones – Time zone management


Using DCE• Programmers

– DCE implements the client/server model– access services and applications via RPC calls to

remote servers– make use of standard programming interface with RPC

calls – don’t have to worry about where the programs actually

run or where the data is actually located• Users

– Single system login– Transparent access to distributed resources and services


Summary• DCE was a leader in supporting the extension of

small autonomous departmental networks to true distributed enterprise networks

• DCE supports the distributed Enterprise network OS by providing cross-platform services and resource access, all transparent to the user

• Does not extend well to Internet– Kerberos security not scalable, encryption requires too

much overhead processing– Directory service is too bulky and complicated for

Internet use


Summary* DCE and evolution of Network Operating Systems