Understanding DCE is a technical and conceptual overview of OSF's Distributed Computing Environment (DCE) for programmers, technical managers, and marketing and sales people. Unlike many O'Reilly & Associates books, Understanding DCE has no hands-on programming elements. Instead, the book focuses on how DCE can be used to accomplish typical programming tasks and provides explanations to help the reader understand all the parts of DCE.Contents include:
- Purpose and goals of the Distributed Computing Environment.
- Definition of a cell.
- Distributing applications using RPC.
- Improving program performance using threads.
- Protecting resources using the security service.
- Locating network resources using the directory (name) service.
- Synchronizing network time using the time service.
- Sharing and replicating files through the distributed file system.
- Design and implementation considerations in writing distributed applications.
- Getting started as a DCE administrator.
- Determining your cell's boundaries.
- Initial choices in configuration and administrative responsibilities.
- Scenarios for security policies.
- Considerations for breaking up or replicating services across multiple hosts.
- Sample DCE application.
- Answers to commonly asked DCE questions.
- Finding an external time provider.
- Registering a cell's DNS or X.500 address.
About the Author
Ward Rosenberry is a technical writing consultant and author concentrating on distributed computing and computer networking technologies. Ward has distinguished himself writing about the Open Software Foundation's Distributed Computing Environment since 1989 when he helped write Digital Equipment Corporation's original DCE design documents. He has since co-authored two other O'Reilly books about distributed computing Understanding DCE and Distributing Applications Across DCE and Windows NT. He continues his close DCE involvement designing and developing DCE information both at Digital and at OSF and now operates a consulting firm, Rosenberry Associates, in Chelmsford, Massachusetts. Ward graduated from the University of Lowell in 1979 with a B.A. in English. Ward, his wife Patricia Pestana, and their two children, William and John, live in North Chelmsford, Massachusetts. In addition to his contribution to the technical side of this book, Jim deserves some credit for keeping Ward alive by sending him an infusion of caffeine from Seattle's premier coffee roaster.
David Kenney is an award-winning technical author employed by Digital Equipment Corporation. He currently writes for Digital's Distributed Processing Engineering group, located in Littleton, Massachusetts. Since his arrival at DEC in 1989, David has written user documentation in support of Digital's distributed-naming software products, specifically the Cell Directory Service (CDS) and its progenitor offering, the Digital Distributed Name Service (DECdns). David graduated from Boston College in 1973 with a B.A. in English, specializing in mediaeval literature. David, his wife Lesley, and their two sons, Christopher and George, live in Ashby, Massachusetts. Gerry Fisher is a software technical-writing supervisor for Digital Equipment Corporation, in the distributed-computing area. He has been with Digital for eight years. As a technical writer, he has written documentation on the C, C++, and Pascal languages, and on the GKS and PHIGS graphical run-time libraries. Gerry graduated from Boston University in 1983 with a B.A. in English and a minor in Computer Science. Give him a sport to play or a good film to watch, and he's happy. Gerry currently divides his time between his home in Medford, Massachusetts, and the home of his loving partner, David Froais, in Boston.
Gerry Fisher is a software technical-writing supervisor for Digital Equipment Corporation, in the distributed-computing area. He has been with Digital for eight years. As a technical writer, he has written documentation on the C, C++, and Pascal languages, and on the GKS and PHIGS graphical run-time libraries. Gerry graduated from Boston University in 1983 with a B.A. in English and a minor in Computer Science. Give him a sport to play or a good film to watch, and he's happy. Gerry currently divides his time between his home in Medford, Massachusetts, and the home of his loving partner, David Froais, in Boston.
Table of Contents
Table of Contents Preface Part I: Components Chapter 1: DCE: The Network as Computer 1.1 DCE Addresses Many Distributed Computing Issues 1.1.1 DCE Harnesses Latent Computing Power 1.1.2 DCE Increases Availability 1.1.3 DCE Facilitates Collaborative Work and Minimizes Storage Limitations 1.1.4 DCE Services Track Data and Programs that Move Around 1.1.5 DCE Accommodates Heterogeneous Data 1.1.6 DCE Helps You Maintain Distributed Applications 1.1.7 DCE Helps Synchronize Events 1.1.8 DCE Protects Distributed Resources 1.2 DCE Is Based on the Client/Server Model 1.2.1 A General Nondistributed Computing Model 1.2.2 Distributed Computing Models 1.2.3 The Client/Server Computing Model 1.2.4 Client and Server Are Relative Terms 1.2.5 Client/Server Communications 1.3 DCE: A Model for Distribution 1.4 A Look at DCE Application Programming Interfaces 1.5 DCE Is a Good Start 1.5.1 Component Availability 1.5.2 Administration 1.5.3 Documentation 1.5.4 Performance 1.5.5 Support for Object-oriented Programming 1.5.6 Support for Message Queueing 1.5.7 Support for Transaction Processing Applications 1.5.8 Compatibility with Standards 1.5.9 Internationalization 1.6 Who Will Use DCE? 1.7 What Next? Chapter 2: Cells: The Domain of the Distributed Environment 2.1 What Is a Cell? 2.1.1 Purpose 2.1.2 Administration 2.1.3 Security 2.1.4 Overhead 2.2 Each Cell Has a Set of DCE Services 2.2.1 DCE Services Enable Distributed Operation 2.2.2 DCE Software Configurations for Clients and Servers 2.2.3 Some DCE Cell Examples 2.3 Cells and Naming 2.3.1 How Cells Determine Naming Environments 2.3.2 Names Outside of the DCE Directory Service 2.3.3 Summary of Names 2.4 Cell and LAN Profiles Point to DCE Services Chapter 3: Remote Procedure Call: The Foundation of Distributed Computing 3.1 Distribution Builds on the Concept of a Local Application 3.1.1 Local Procedure Call Behavior 3.1.2 Remote Procedure Call Behavior 3.2 The Development Process Enables Distribution 3.3 Interface Definitions Enable Client and Server Interaction 3.4 Binding: How a Client and Server Find Each Other 3.4.1 The Directory Service Identifies Server Hosts 3.4.2 The Endpoint Map Identifies Servers 3.4.3 Server Initialization Lays a Path for Clients 3.4.4 Clients Follow the Path to Servers 3.5 Executing the Remote Procedure Call 3.6 Using, Administering, and Programming RPC Chapter 4: Threads: Improving Program Performance 4.1 What Is DCE Threads? 4.2 Using Threads 4.3 Why Use Threads in an Application? Chapter 5: DCE Security Service: Protecting Resources 5.1 Authentication and Authorization 5.1.1 Passwords Ensure Authenticity 5.1.2 Privilege Attributes Convey Verifiable Identities 5.1.3 Access Control Lists Protect Resources 5.1.4 Special Accounts Enable Intercell Authentication 5.2 The Security Services Resist Tampering 5.2.1 Life Spans Protect Security Information from Illegitimate Use 5.2.2 Frequent Key Substitution Protects Secret Keys 5.2.3 Encryption Ensures Data Authenticity, Privacy, and Integrity 5.2.4 Secure Hosts Protect Security Servers 5.3 Groups and Organizations Simplify Security Management 5.4 How People Interact with the DCE Security Service 5.4.1 Using the DCE Security Service 5.4.2 Administering DCE Security 5.4.3 Administering Access Rights for Applications 5.5 DCE Security in Action 5.6 Programming the DCE Security Service Chapter 6: DCE Directory Service: Locating Resources 6.1 The Directory Service Controls the Naming Environment 6.2 The Naming Environment Maps Names to Resources 6.2.1 CDS Names Correspond to CDS Directories and Object Entries 6.2.2 Distribution Ensures Access to Directories 6.2.3 Child Pointers Link the Name Environment Together 6.2.4 Soft Links Customize a Name Environment 6.2.5 Object Attributes Define Resources 6.2.6 Putting the Parts Together 6.2.7 Update Operations Keep Name Information Current 6.2.8 DCE Security Protects Directory Service Information 6.3 The DCE Directory Service Uses the Client/Server Model 6.3.1 Caching Improves Performance 6.3.2 Clerks Find CDS Servers in Several Ways 6.4 CDS in Action 6.4.1 A Simple Lookup Example 6.4.2 A Complex Lookup Example 6.4.3 A Deeper Look at CDS 6.5 Communicating with a Foreign Cell 6.6 How People Interact with the DCE Directory Service 6.6.1 Using the DCE Directory Service 6.6.2 Administering the DCE Directory Service 6.6.3 Programming with the DCE Directory Service Chapter 7: DCE Time Service: Synchronizing Network Time 7.1 How Does DTS Work? 7.2 DTS Time Is Cellwide 7.3 Synchronizing Cell Time with External Time Sources 7.4 Using DTS 7.5 Administering DTS 7.6 Programming with DTS Chapter 8: DCE Distributed File Service: Providing Cellwide Access to Files 8.1 Some Good Reasons to Use DFS 8.2 DFS Is a Comprehensive File System 8.2.1 The DCE Local File System can Coexist with a Host's Native File System 8.2.2 DFS Acts on Groups of Files Called Filesets 8.2.3 DFS Tracks Files as They Move 8.2.4 DFS Locates and Backs Up Filesets 8.2.5 DFS Protects Files Using DCE Access Control Lists 8.2.6 DFS Protects Its Servers by Using DFS Distributed Security 8.2.7 DFS Ensures Server Software Consistency 8.2.8 DFS Simplifies Management Using Administrative Domains 8.2.9 DFS Clients Use Caching to Speed Operations 8.2.10 DFS Clients Can Include Diskless Workstations 8.3 How DFS Works 8.4 DFS Files Connect to the Larger World 8.5 How People Interact with the DCE Distributed File Service 8.5.1 Using the DCE Distributed File Service 8.5.2 Administering the DCE Distributed File Service 8.5.3 Writing Programs that Use DFS Programming Interfaces Part II: Configuration and Management Considerations Chapter 9: A Look at Writing DCE Applications 9.1 Designing Your Client/Server Application 9.1.1 Developing a Comprehensive User Model Is Critical 9.1.2 What is the job and how will your application facilitate work flow? 9.1.3 What resources do you require and where are the resources located? 9.1.4 How can you connect groups of people effectively with 9.1.5 A Client/Server Application Is a Series of Related Mini-applications 9.1.6 Take Cell Configuration and Network Topology into Consideration 9.1.7 The Level of Security Is Up to You 9.1.8 A Well-designed Interface Aids Scalability and Maintainability ... 117 9.1.9 Threads Present New Challenges to Application Designers 9.2 Implementing Your Client/Server Application 9.2.1 Coding Your First DCE Client/Server Application 9.2.2 Creating a Production-ready Application 9.2.3 Distributing Existing Code 9.3 DCE Programming-language Considerations 9.4 What Next? Chapter 10: Getting Started with DCE 10.1 Low Impact on Physical Network Components 10.2 Low Impact on Non-DCE Users 10.3 You Can Choose Your Own Pace 10.4 DCE Implementations Permit Planning in Stages 10.5 DCE Is Dynamic 10.6 Where We'll Go from Here Chapter 11: Determining Your Cell's Boundaries 11.1 Factors that Influence the Boundaries of a Cell 11.2 For Whom the Cell Tolls-And Why? 11.3 What Are Your Security Requirements? 11.3.1 Authentication Across Cells 11.3.2 Repairing a Breach of Your Cell's Security 11.4 What Are Your Projected Administrative Requirements? 11.5 How Will DCE Affect Computing and Network Overhead? Chapter 12: Initial Cell Configuration Guidelines 12.1 Choosing a Name for Your Cell 12.1.1 GDS or DNS?-You've Got to Pick One 12.1.2 Cell Names are Difficult to Change 12.1.3 The Cell Name You Choose Must Be Unique Within Your Organization 12.1.4 Get In-House Approval for Your Cell Name Before You Register 12.1.5 Caveats for Naming Isolated Cells 12.2 Configuring DCE Server and Client Systems 12.2.1 Reasons to Configure DCE Core Services on One System 12.2.2 Reasons to Disperse DCE Core Services from the Start 12.2.3 Configuring Client-Only Systems 12.2.4 Configuring DFS 12.2.5 Configuring GDS Chapter 13: Setting Up Security in a New Cell 13.1 Default Access Controls Created by Cell Initialization 13.1.1 The cell_admin Principal Has Unlimited Access to Everything 13.1.2 DCE Authorization Groups Get Control of Specific Services 13.1.3 Initial Access Controls on DCE Core Services 13.1.4 Initial Access Controls on DFS 13.1.5 Initial Access Controls on GDS 13.1.6 Summary 13.2 Modifying Default Security Policies of DCE Services 13.3 Three Example Security Scenarios 13.3.1 Scenario One: Low Security 13.3.2 Scenario Two: Medium Security 13.3.3 Scenario Three: Clamping Your Cell Shut 13.4 A Little Friendly ACL Advice 13.4.1 How Secure is Secure Enough? Chapter 14: Distributing and Replicating Core DCE Services 14.1 Distributing the Cell Directory Service 14.1.1 Where Should You Locate Your CDS Servers? 14.2 Distributing the Security Service 14.3 Distributing the Time Service Part III: Appendices Appendix A: DCE Client/Server Examples A.1 Bare-Bones Client Code A.2 A Simple Threaded Version of the Application A.3 A Bare-Bones Application with Authentication A.4 The Application with Error Checking, Mutexes, and A.5 A Sample Make File Appendix B: Common DCE Questions...and ...Some Answers B.1 I was just wondering... B.2 I'm a system administrator, and I was wondering... B.3 I'm an application programmer, and I have a friend Appendix C: External Time Providers and Services C.1 Sources of Coordinated Universal Time C.1.1 Telephone Services C.1.2 Radio Broadcasts C.1.3 Satellites C.2 Time Source Pricing Appendix D: Registering a Name: GDS and DNS D.1 Obtaining a Unique GDS Cell Name D.2 Obtaining a Unique DNS Cell Name Figures Chapter 1: DCE: The Network as Computer 1-1 Nondistributed computing model 1-2 Simple models of distribution 1-3 Distribution within an application component 1-4 Typical client/server application 1-5 A host can be a client and a server 1-6 DCE application programming interfaces 1-7 A distributed application uses DCE APIs Chapter 2: Cells: The Domain of the Distributed Environment 2-1 Distributed operation in a DCE cell 2-2 DCE client and server software 2-3 A simple DCE cell 2-4 Cell with DCE DFS and multiple DCE client hosts 2-5 Cell and global naming environments 2-6 Interaction of CDS and a GDA Chapter 3: Remote Procedure Call: The Foundation of Distributed Computing 3-1 A nondistributed application conceptual model 3-2 A distributed application conceptual model 3-3 Interface definition development steps 3-4 Distributed application development tasks 3-5 Simplified server initialization 3-6 Finding a server 3-7 Completing a remote procedure call Chapter 4: Threads: Improving Program Performance 4-1 Nonthreaded applications execute serially 4-2 Threaded applications execute concurrently 4-3 Locking shared data Chapter 5: DCE Security Service: Protecting Resources 5-1 Authentication in a foreign cell 5-2 General tasks in a secure environment Chapter 6: DCE Directory Service: Locating Resources 6-1 Parts of a CDS server 6-2 Physical views of a cell's name environment 6-3 A simple CDS lookup 6-4 A complex CDS lookup 6-5 The CDS lookup process Chapter 7: DCE Time Service: Synchronizing Network Time 7-1 Computing time from intersecting time intervals 7-2 A global server helps synchronize a multi-LAN cell Chapter 8: DCE Distributed File Service:Providing Cellwide Access to Files 8-1 Simple DFS file operation 8-2 DFS file names are globally unique Chapter 9: A Look at Writing DCE Applications 9-1 Traditional designs: the application task and geography 9-2 Client/server designs: the user model and threads play 9-3 A simple client/server configuration 9-4 Determine which user groups need which resources 9-5 A user model is the definition of all client/server relationships ... 106 9-6 Consider network topology when distributing code 9-7 A poorly designed interface hampers security performance 9-8 Well-designed interfaces improve security performance 9-9 Client/server implementations and their interface 9-10 A server creates threads to handle client requests 9-11 A client's use of threaded routines 9-12 What the sample application does Examples Appendix A: DCE Client/Server Examples A-1 Client code prototype: fetch_string_basic.c A-2 The interface file: hello_world.idl A-3 Threaded client code: fetch_string.c A-4 Nonreentrant remote procedure: get_hello_world.c A-5 Single-threaded server initialization code: hw_server_init.c A-6 ACF file for Security: hello_world_security.acf A-7 Client code with security: fetch_string_security.c A-8 Authentication in the server initialization code: A-9 Complete client code: get_hello_world_complete A-10 Complete client code: fetch_string_complete.c A-11 Multithreaded server's initialiation file: A-12 Error-checking code: check_status.h A-13 Sample Make File Tables Appendix A: DCE Client/Server Examples A-1 Sample Programs Appendix C: External Time Providers and Services C-1 UTC Radio Stations and Managing Authorities C-2 Radio Receiver Manufacturers C-3 Time-Provider Selection Criteria
INDEX: access control, propagation of, 176 Access Control Manager, use of, 117 ACF (Attribute Configuration Files), 131 ACLs, in DFS, 96 ACTS, external time provider, 221 Ada language, reentrancy support, 138 administration, 17 administrative domains, 96 administrative lists, in DFS, 96 administrators, general questions about, 215-217 ADS, external time provider, 221 advertising servers, 50 application design, (see programming) application developers, (see programmers) application programming interface, 101 applications, 3, 101, 136 arrays, use of, 131 Attribute Configuration Files, 131 authenticated remote procedure call, 65, 116 authentication, code samples, 195 authorization, use of, 116 authorization groups, 170 automatic binding, 130 backing up DFS files, 95 binary distribution machine, in DFS, 96 binding handles, 130 binding information, exporting, 50 bindings, choosing, 130 breakpoints, placement of, 140 buying DCE, 211 C language, 137 C++ language, 139 cache manager, for DFS, 97 caching, 97 CDS (Cell Directory Service), 31 Cell Directory Service, (see CDS) cell names, changing, 160 cell profile, 37 cell-relative names, 34 cells, 84-85 clearinghouse, complex lookup, 81 clerks, 214 clients, application design, 107, 110 client/server, communication, 13 COBOL language, reentrancy support, 138 code distribution, 111-113 communication, 84-85 computing models, configuring DCE, overview, 147-150 context handles, 132 core services, access control, default, 171 couriers, in DTS, 89 daemon, 214 Data Encryption Standard, 119 DCE, application programming interfaces, 15 DCE Diskless Support Service, 97 debugging, 140 decentralization, 14 DFS (Distributed File Service), 93, 93-94 Directory Service, administrators, 86 diskless workstations, accessing DFS files, 97 distributed application, (see applications) Distributed File Service, (see DFS) distributed programming, (see programming) Distributed Security Service, (see Security Service) Distributed Time Service, (see DTS) DNS (Domain Name Service), 31 DNS (Domain Name System), registering cell names, 228 documentation, 17 Domain Name Service, (see DNS) DTS (Distributed Time Service), 87 dynamic endpoints, 49 endpoint map, 50 endpoints, 49 error handling, (see exception handling) exception handling, debugging difficulties, 141-142 explicit binding, 130 exporting binding information, 50 external time providers, 221-225 external time sources, DCE-supported radio receivers, 224 file names, unique, 99 fileset location server, and DFS, 95 filesets, 94-96 filesystem, root of, 36 FORTRAN language, 138-139 full pointers, 131 GDA (Global Directory Agent), 31-32, 84-85 GDS (Global Directory Service), 3, 31 global cell names, registering, 160 Global Directory Agent, (see GDA) Global Directory Service, (see GDS) global names, 33 global servers, in DTS, 89 granularity, 111 hardware requirements, 215 IDL (see Interface Definition Language), implicit binding, 130 initializing servers, 49, 51 installation, privileges required, 216 integrity, data, 117 interface, as documentation, 121 Interface Definition Language, 45, 140 interface definitions, developing, 45 interfaces, designing, 119 internationalization, 20 invariant data, 125 jacket routines, 219 junction, 35 LAN, configuration and code distribution, 111 languages, (see programming languages) LFS, 95 load balancing, 94 Local File System, 95 local names, 34 logging in, 212 lookup, attribute-based, 79 maintaining state, 132 makefiles, code sample, 208 marshalling, 43 memory management, on servers, 133, 141 message queueing, support for, 19 modular programming, 14, 103 module, 103 multithreaded servers, 122 Mutex, 57, 124 mutual authentication, 195 names, 30-37 namespace, physical view, 77 naming, 30-37 network managers, deciding to buy DCE, 20 network overhead, impact of cells, 156 network topology, application design, influence on, 111 NIST, external time provider, 221 object-oriented programming, support for, 18 OSF, 211 out, IDL attribute, 137 Pascal language, reentrancy support, 138 pathnames, 36 performance, 17 permissions, 96 pointers, use of, 131 preserving state, 132 principals, 216 privacy, data, 117 privilege attributes, 116 producer/consumer model, 107 profiles, cell, 37 programmers, general coding questions, 217-219 programming, Access Control Manager, use of, 116 programming languages, 101 programs, (see applications) protocol sequences, registering, 50 radio broadcasts, as external time providers, 222 reentrancy, code samples, 203 reentrant code, designing, 124 reference pointers, 131 registration, RPC interface, undoing, 218 registry, access control, default, 171 registry database, administering, 178 Remote Procedure Call, (see RPC) replicas, maintaining consistency among, 77 replication, 14 rgy_edit command, sample session, 197 RPC (Remote Procedure Call), 101 rpcd daemon, 49 rpc_free routine, 133 rpc_ss_allocate routine, 133 satellites, as external time providers, 225 scaling, client/server programs, 121 schemas, 86 secure binding, 195 security, cell scope and, 25 Security Service, Access Control Manager, programmer's use of, 116 server initialization file, code samples, 194 servers, 101 sharing information, 93 skulk operation, 77 soft links, 74 solicitation and advertisement protocol, 79 standards conformance, 20 state, maintaining, 132 stress testing, 141 string, IDL attribute, 137 string binding, 131 system control machine, in DFS, 96 system performance, and cell configuration, 162-165 telephone time services, 221 threads, 101 thread-safe code, designing, 124 timing out, inaccessible servers, 219 transaction processing, 19 Universal Unique Identifier, (see UUID) UNIX file system, used with DFS, 95 unmarshalling, 43 update propagation, 77 user model, 105-110 users, and DCE, 21 UUID, collision problems, 218 uuidgen utility, 54 WAN, configuration and code distribution, 111 well-known endpoints, 49 work flow, 105 wrapper routines, use of, 134 X.500 Directory Services, 31, 72 XDS, (see X.500 Directory Services)