PreviousNext

Connected DCE Cell

An organization may wish its DCE cell to communicate with other DCE cells, or with systems outside of DCE. One way to accomplish this is through one of the global directory services that DCE supports:

· The DCE Global Directory Service (GDS), which is an implementation of the X.500 directory service standard provided as a DCE component

· The Domain Name Service (DNS), which is a global directory service that DCE supports, but does not provide as a DCE component

A DCE cell is connected to a global directory service when its name is registered in the global directory service's namespace. The cell then establishes a trust relationship between its authentication service and the authentication services of cells that it wants to contact (this step is not necessary for contacting systems without DCE security); this process is called cross-cell authentication. The trust relationship established through cross-cell authentication gives DCE users (and other principals) in the trusted foreign cell authenticated access to resources in the local cell, and vice-versa.

A cell's CDS communicates with CDS servers in foreign cells with the help of an intermediary, the Global Directory Agent (GDA). When a GDA machine is added to a DCE cell, the machines in the cell will be able to contact DCE cells and other systems using X.500 or DNS. The following figure shows the simple DCE cell with a GDA added to it.


Cell Connected via Global Directory Agent

Another way to connect DCE cells is by establishing a cell hierarchy. A hierarchical cell configuration consists of a parent cell, which is registered in one of the global directory services, and one or more child cells, which are registered in the parent cell's Cell Directory Service. The GDA again acts as the intermediary for cells in the hierarchy to contact each other, but the child cells do not have to register with the global directory service to communicate with each other. A hierarchical cell configuration also provides for more extensive, transitive trust relationships between cells. For more information about hierarchical cells, see DCE Directory Service.

If a cell contains a Global Directory Server, not only can it access the X.500 namespace through the GDA, but it can also own and administer a portion of that namespace in the GDS. For more information on the GDS, see DCE Global Directory Service, for more information on CDS, see DCE Cell Directory Service.