Overview of DCE Technology ComponentsThis section gives a short description of each of the DCE technology components. A more in-depth description of each of these components is given in DCE Technology Components . DCE Threads supports the creation, management, and synchronization of multiple threads of control within a single process. This component is conceptually a part of the operating system layer, the layer below DCE. If the host operating system already supports threads, DCE can use that software and DCE Threads is not necessary. However, not all operating systems provide a threads facility, and DCE components require that threads be present, so this user-level threads package is included in DCE. The DCE Remote Procedure Call (RPC) facility consists of both a development tool and a runtime service. The development tool consists of a language (and its compiler) that supports the development of distributed applications following the client/server model. It automatically generates code that transforms procedure calls into network messages. The runtime service implements the network protocols by which the client and server sides of an application communicate. DCE RPC also includes software for generating unique identifiers, which are useful in identifying service interfaces and other resources. The DCE Directory Service is a central repository for information about resources in the distributed system. Typical resources are users, machines, and RPC-based services. The information consists of the name of the resource and its associated attributes. Typical attributes could include a user's home directory, or the location of an RPC-based server. The DCE Directory Service comprises several parts: the Cell Directory Service (CDS), the Global Directory Service (GDS), the Global Directory Agent (GDA), and a directory service programming interface. The Cell Directory Service manages a database of information about the resources in a group of machines called a DCE cell. (Cells are described in the next section.) The Global Directory Service implements an international standard directory service, and provides a global namespace that connects the local DCE cells into one worldwide hierarchy. The Global Directory Agent (GDA) acts as a go-between for cell and global directory services. Both CDS and GDS are accessed using a single directory service application programming interface, the X/Open Directory Service (XDS) API. The DCE Distributed Time Service (DTS) provides synchronized time on the computers participating in a Distributed Computing Environment. DTS synchronizes a DCE host's time with Coordinated Universal Time (UTC), an international time standard. The DCE Security Service provides secure communications and controlled access to resources in the distributed system. There are four aspects to DCE security: authentication, secure communications, authorization, and auditing. These aspects are implemented by several services and facilities that together comprise the DCE Security Service, including the registry service, the authentication service, the privilege service, the access control list (ACL) facility, the login facility, and the audit service. The identity of a DCE user or service is verified, or authenticated, by the authentication service. Communications are protected by the integration of DCE RPC with the security service; communication over the network can be checked for tampering or encrypted for privacy. Access to resources is controlled by comparing the credentials conferred to a user by the privilege service with the rights to the resource, which are specified in the resource's access control list. The login facility initializes a user's security environment, and the registry service manages the information (such as user accounts) in the DCE security database. Security-relevant events can be monitored through the audit service. Code points can be set in DCE servers to record events that are deemed to be important to the integrity of the system. For example, the login facility uses the audit service to record logins by DCE users and services. The DCE Distributed File Service (DFS) allows users to access and share files stored on a file server anywhere on the network, without having to know the physical location of the file. Files are part of a single, global namespace, so no matter where in the network a user is, the file can be found using the same name. The Distributed File Service achieves high performance, particularly through caching of file system data, so that many users can access files that are located on a given file server without prohibitive amounts of network traffic and resulting delays. DCE DFS includes a physical file system, the DCE local file system (LFS), which supports special features that are useful in a distributed environment. They include the ability to replicate data; log file system data, enabling quick recovery after a crash; simplify administration by dividing the file system into easily managed units called filesets; and associate ACLs with files and directories. DCE/File-Access allows users of personal computers running in a Novell NetWare network environment to read and write directories and files on a DCE DFS file server. Users and DCE/File-Access software have DCE identities so DFS file usage is subject to the DCE Security Service's authentication and authorization controls. The Management block shown in the figure entitled DCE Architecture is actually not a single component, but a cross section of the other components. Each DCE service contains an administrative component so it can be managed over the network. In addition, some of the DCE services themselves provide for management of the distributed system as a whole. For example, users are registered in the security service, and servers' network addresses are registered in the directory service.
|