Distributed Computing Environment: Difference between revisions

Content deleted Content added
No edit summary
rewrite
Line 1:
The '''Distributed Computing Environment (DCE)''' is a software system developed in the early 1990s by a consortium that included [[Apollo Computer]] (later part of [[Hewlett-Packard]]), [[IBM]], [[Digital Equipment Corporation]], and others. The DCE supplies a framework and toolkit for developing [[client/server]] applications. The framework includes a [[remote procedure call]] (RPC) mechanism known as [[DCE/RPC]], a naming (directory) service, a time service, an [[authentication]] service (based on [[Kerberos]]), an authorization service and a [[distributed file system]] (DFS) known as [[DCE_Distributed_File_System|DCE/DFS]]. [[DCE/RPC]] was derived from an earlier RPC system called the [[Network Computing System]] (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE DFS was based on the [[Andrew file system]] (AFS), originally developed at [[Carnegie Mellon University]], and later extended by Transarc Corporation (which was later merged into IBM). DCE 1.2.2 was released on [[12 January]] [[2005]] under a [[free software license]] (the [[GNU Lesser General Public License|LGPL]]) by [[The Open Group]]. DCE 1.1 was available much earlier under the OSF BSD license, and resulted in FreeDCE [http://freedce.sf.net] being available since 2000. FreeDCE contains an implementation of DCOM.
 
==History==
To understand why DCE is useful, one must look at its closest competitor - [[Kerberos (protocol)|Kerberos]]. Like DCE, Kerberos is a distributed computing application. It provides an authentication system for a network of machines - much like Sun's [[Network Information Service]] or [[Lightweight Directory Access Protocol|LDAP]]. Kerberos is an authentication system only - it can identify the entity requesting resources to the server, but it cannot do authorization. That has to be implemented at each individual server. If for example, in a system that uses Kerberos authentication, a user A authenticates himself and requests resource R on machine M1, then M1 has to be set up to authorize A to access R on M1. If R is a shared resource that's available on machine M2 also, then M2 has to explicitly authorize A to access resource R. Kerberos does not provide a way to allow one to share authorization settings across its ___domain. DCE can. It does this by supporting [[Access Control List]]s (ACLs).
DCE came about to a large degree as part of the [[Unix wars]] of the 1980s. After [[Sun Microsystems]] and [[AT&T]] worked together to produce [[UNIX System V|UNIX System V Release 4]] (SVR4), many of the other Unix vendors felt their market was unduely disadvantaged. They quickly formed the [[Open Software Foundation]] (OSF) to compete with a [[BSD]]-based Unix that more closely matched their own offerings. OSF ended up introducing [[OSF/1]], which was based on the [[Mach kernel]] and had relatively poor performance compared to SVR4, and was little used except by DEC.
 
As a side effect of the formation of OSF, the various members also contributed many of their ongoing research projects. At the time, network computing was "all the rage", and many of the companies involved were working on similar RPC-based systems. By re-building these various utilities on a single "official" RPC mechanism, OSF could offer a major advantage over SVR4, allowing any DCE-supporting system (namely OSF/1) to interoperate in a larger network.
The largest unit of management in DCE is a cell. The highest privileges within a cell are assigned to a role called cell administrator. Typically this privileges are held by a DCE principal called cell_admin. Note that this need not be a real OS-level user. The cell_admin has all privileges over all DCE resources within the cell. Privileges can be awarded to or removed from the following categories : user_obj, group_obj, other_obj, any_other for any given DCE resource. The first three correspond to the owner, group member, and any other DCE principal respectively. The last group contains any non-DCE principal. Multiple cells can be configured to communicate and share resources with each other. All principals from external cells are treated as "foreign" users and privileges can be awarded / removed accordingly. In addition to this, specific users or groups can be assigned privileges on any DCE resource - something which is not possible with the traditional UNIX filesystem.
 
The DCE system was, to a large degree, based on independant developments made by each of the partners. DCE/RPC was derived from the [[Network Computing System]] (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE/DFS was based on the [[Andrew file system]] (AFS) originally developed at [[Carnegie Mellon University]]. The authentication system was based on [[Kerberos]], and the authorization system based on [[Access Control List]]s (ACL's). By combining these features, DCE offers a fairly complete [[C programming language|C]]-based system for network computing. Any machine on the network can authenticate its users, gain access to resources, and then call them remotely using a single integrated [[API]].
 
Distributed computing never really "caught on" as it had been hoped in the late-80s and early '90s. The rise of the [[internet]], [[Java programming language|Java]] and [[web services]] stole much of its [[mindshare]] through the mid-to-late 1990s, and competing systems such as [[CORBA]] muddied the waters as well. Perhaps ironically, one of the major uses of DCE/RPC today is [[Microsoft]]'s [[DCOM]] and [[ODBC]] systems, which use DCE/RPC as their network transport layer.
 
The Open Group released DCE 1.2.2 under a [[free software license]] (the [[GNU Lesser General Public License|LGPL]]) on [[12 January]] [[2005]]. DCE 1.1 was available much earlier under the OSF BSD license, and resulted in FreeDCE[http://freedce.sf.net] being available since 2000. FreeDCE contains an implementation of DCOM.
 
==Description==
The largest unit of management in DCE is a '''cell'''. The highest privileges within a cell are assigned to a role called ''cell administrator.'', Typicallynormally thisassigned privilegesto arethe held by a DCE principal called"user" ''cell_admin''. Note that this need not be a real OS-level user. The cell_admin has all privileges over all DCE resources within the cell. Privileges can be awarded to or removed from the following categories : user_obj, group_obj, other_obj, any_other for any given DCE resource. The first three correspond to the owner, group member, and any other DCE principal respectively. The last group contains any non-DCE principal. Multiple cells can be configured to communicate and share resources with each other. All principals from external cells are treated as "foreign" users and privileges can be awarded /or removed accordingly. In addition to this, specific users or groups can be assigned privileges on any DCE resource -, something which is not possible with the traditional UNIX filesystem, which lacks ACLs.
 
There are three major components of DCE within every cell: (1) the security server (which is responsible for authentication) (2) The Cell Directory Server (CDS) (which is the respository of resources and ACLs) and (3) The Distributed Time Server which provides an accurate clock for proper functioning of the entire cell. Modern DCE implementations such as IBM's are fully capable of interoperating with Kerberos as the security server, LDAP for the CDS and the [[Network Time Protocol]] implementations for the time server.
 
While it is possible to implement a distributed file system using plain oldthe DCE underpinnings by definingadding filesfilenames to the CDS and defining the appropriate ACLs on them, this is not user-friendly. DCE/DFS (Distributed Filesystem - not to be confused with the Microsoft product called [[Distributed File System (Microsoft)|DFS]] which is NOT interoperable with DCE) is a DCE based application which provides a distributed filesystem on DCE. DCE/DFS can support replicas of a fileset (the DCE/DFS equivalent of a filesystem) on multiple DFS servers - there is one read-write copy and zero or more read only copies. Replication is supported between the read-write and the read-only copies. In addition, DCE/DFS also supports what are called "backup" filesets, which if defined for a fileset are capable of storing a version of the fileset as it was prior to the last replication.
 
DCE/DFS is believed to be the world's only distributed filesystem that correctly implements the full POSIX filesystem semantics -, including byte range locking. DCE/DFS was sufficiently reliable and stable to be utilised by [[IBM]] to run the back-end filesystem for the 1996 Olympics web site, seamlessly and automatically distributed (and edited!) worldwide in different timezones.
 
==External links==