Distributed Time Service

Download Report

Transcript Distributed Time Service

Distributed Computing Environment
(DCE)
Distributed Computing Environment
History - Creation of DCE
• DCE was developed by the Open System Foundation (OSF)
in early 1990’s, (OSF is now called the Open Group)
• OSF was an industry group lead by IBM, DEC, and HP
• Initial goal was to develop and market their own UNIX OS
– OFS/1, the industry’s first open operating system
• The OSF/1 project was in response to joint effort between
AT&T and SUN Microsystems to develop and market their
UNIX OS
• The OFS/1 project identified the need for a way to build
distributed applications on top of OSF/1 and other UNIX
systems
• Resulted in development of DCE – an integrated package of
tools and other software (best-of-breed) needed to build and
maintain a distributed system
Distributed Computing Environment
Distributed Computing Environment (DCE)
• Provides a comprehensive Network Operating System
(NOS) solution for integrating multi-vendor, distributed in
an enterprise client/server environment
• Spans multiple architectures, protocols, and OS’s
• Operates as middleware, a layer between the various OS’s
and the applications and data
• DCE was considered the premier NOS solution until the
mid to late 1990’s when the focus shifted to the Internet
• DCE components are used in many operating systems
– Elements of DCE can be found in most Unixes
– NT 5.0 is built on top of modified DCE’s RPC and security
– IBM uses DCE for foundation of its directory and security services
Distributed Computing Environment
Goals of DCE
• Seamless and coherent environment
for running distributed applications (using Client/Server model)
• Integrated set of tools and services
to aid in development of distributed applications
• Run in a heterogeneous environment
Many different kinds of computers, operating systems, and networks
•
Easy to produce portable software applications
UNIX, VMS, Windows and OS/2
• Transparent to user and developer
Not necessary to know physical location of data
Not necessary to know where the programs are executed
• Work with existing standards
Communication with TCP or the OSI protocols
Resources located with DNS or X.500 naming systems
Distributed Computing Environment
DCE Facilities and Services
• Facilities
– Threads
• Allows multiple threads of control to exist in same process at same time
– Remote Procedure Call, (RPC)
• Basis for all client/server communications in DCE
• Handles locating server, binding, and performing calls
• Distributed Services
– Time service
• Transparently maintains consistent time throughout distributed system
– Directory service
• Cell Directory Service, (CDS) and Global Directory Service, (GDS)
– File system service
• Distributed file system, X.500 standard, works with local files systems
– Security service
• Kerberos
Distributed Computing Environment
DCE Facilities and Services
Distributed Computing Environment
DCE Services
DCE Threads
• DCE threads package is based on Concert Multithread Architecture,
(CMA) developed by DEC
• DCE threads run in user space, and provide user-level library
procedures that allow processes to create, delete or manipulate threads
• Include small wrapper routines to translate calls into native kernelbased thread package (if exists)
• DCE threads are used by the other DCE components
• Supports multi-processor environments using shared memory
• DCE provides a semaphore service that helps threads synchronize their
access to shared memory
• Scheduling algorithms for thread queues/processes, Three options
– FIFO – utilizing different priority queues, each proc runs to completion
– Round Robin – runs each thread process for fixed quantum
– Time-sliced Round Robin - Default, quantum value based on priority
Distributed Computing Environment
DCE RPC, Remote Procedure Call
• Goals
– Access transparency - Make it possible for a client to access a
remote service by simply calling a local procedure
– Simplify programming of client server applications
• Features
– RPC runtime library is responsible for:
•
•
•
•
•
Locating a server in the distributed system and binding to it
Performing message exchanges
Packing and unpacking message parameters
Handling data type conversions between different clients and servers
Processing errors
– The RPC mechanism provides protocol independence and network
independence
– DCE provides an Interface Definition Language (IDL) and
compiler that facilitate creation of client and server code using RPC
Distributed Computing Environment
DCE RPC, Remote Procedure Call
• Creating client and server code
Distributed Computing Environment
DCE RPC, Remote Procedure Call
• Client to server binding with RPC
– Server
• Each server machine runs an RPC daemon process that
maintains a registry table of server endpoints
• Server registers its endpoint with the RPC daemon
• Server registers its service/host with a separate directory server
– Client
• Contacts directory server to look up desired server host
• Contacts RPC daemon on server host to determine endpoint
• Performs RPC, binding to correct end point on server host
Distributed Computing Environment
DCE RPC, Remote Procedure Call
• Client to server binding with RPC
Distributed Computing Environment
The Domain of the Distributed
Environment
• DCE can provide scalable computing environment
- Small environment
* two network hosts
* typically consists of a single group of users who
share common goals
- large environment
* a network (or internetworks) of thousands of hosts
* typically consists of a diverse groups of users,
each group having its own goals and pool of shared
resources
• A cell is the basic unit of operation and administration
• A cell is a group of users, hosts, and resources that share
common DCE services
Distributed Operation in a DCE Cell
A Simple DCE Cell
Cell with DFS and Multiple DCE Clients
Directory Service
• Goals
– Make all resources accessible to any process in the system without
regard for location
• users, machines, cells, servers, services, files, security data
– Location transparency - hide resource locations
• Components
– Cell Directory Service (CDS)
• CDS server maintains names for one cell
• CDS clerk (daemon process) does client caching
– Global Directory Service (GDS)
• Service for locating cells
• X.500 naming standard, provides unique name to each resource
/C=US/O-CNU/TITLE=PROF/TELE=7563/OFFICE=217/NAME=ZHANG/
– Global Directory Agent (GDA)
• Local agent (daemon process) contacts external GDS and DNS servers
Distributed Computing Environment
Directory Service
• Features
– Hides actual paths/machine names
– Provides proxies on local machines to intercept calls for
devices/resources and redirect them to correct servers
– Client caching increases availability and performance
– Supports DNS naming
– X.500 standard naming uses object-oriented information
model
Distributed Computing Environment
Directory Service
Global Directory
Service
GDA
Cell Directory
Service
GDA
Cell Directory
Service
Directory Service
• Relationship between directory service components
Distributed Computing Environment
Overview of a Simple CDS Lookup
Client
Application
1
6
CDS
Clerk
2
Cache
CDS Client
5
3 Clearing
house
CDS
CDS Server
4
Steps – Name Resolution
1.
2.
3.
4.
5.
6.
7.
A Client Application sends a lookup request to its local
CDS clerk.
The CDS clerk checks its cache for the name. If it is
found in the cache, the CDS clerk returns a reply to the
client and the name resolution operation completes.
If the name is not found in the cache, the CDS clerk does
and RPC with CDS server that knows about it.
With the directories available in its local clearing house,
the CDS server tries to resolve as many components of
the name as possible.
If the name can be completely resolved, the CDS server
returns the result of name resolution to the CDS clerk.
The CDS clerk caches this information in its cache for
future use.
The CDS clerk finally returns a reply to the client and
the name resolution operation completes.
Intercell Name Resolution
DB of GDS
GDS
Machine
DB of DNS
7
7
GDS
Server
DNS
Server
6
6
DNS
Machine
8
8
CDS
Machine
CDS
Server
GDA
9
4
5
3
Client
Machine
Name
Cache
2
GDA
Machine
1
CDS
Clerk
13
12
10
CDS
Server
Client
Application
11
CDS Machine of the remote cell to
which the named object belongs.
Distributed File Service
• DCE Distributed File Service (DFS) is a highperformance, scalable, secure method for
sharing remote files
• DFS appears to the user as a local file
systems, providing access to files form
anywhere in the network for any user, with
the same filename used by all (uniform file
access)
• DFS includes many advanced features not
found in traditional distributed file systems,
including caching, security, and scalability
over wide-area networks
Distributed File Service
• Goals
– Provide a seamless wide-area (potentially worldwide) file system spanning
the heterogeneous distributed network of computers
– Provide namespace transparency so users only
• Components
– File units
• Files and directories
• Files sets
– File sets are groups of directories
– Base file units that are manipulated, replicated and backed up
– Can be moved by admin to underutilized machines for load balancing
• Aggregates
– Unit of disk storage
– Contains one or more filesets.
– Client side – cache manager
– Server side –
• File set database machine-keeps track of filesets
• File server machine
Distributed Computing Environment
DFS Lookup
Fileset Database Machine
Fileset
Location
Server
Fileset
Location
Database
DFS File
Server
Files and
Directories
CDS Server
2
DFS Client
1
3
Cache
Cache
Manager
File Server Machine
Mounting Remote Directory
Distributed Computing Environment
Mounting Remote Directory
Distributed Security Service
•
•
•
•
•
Login facility
Registry service
Authentication Service
Privilege Service
Access Control Lists (ACL)
Distributed Computing Environment
Distributed Security Service
Distributed Computing Environment
Distributed Security Service
• Definition of key terms
– Privilege Access Certificates (PAC’s)
• Encrypted messages that contain the client’s identity,
group and organization membership such that servers
can be instantly convinced of the client’s identity.
Contains the user’s identity and the list of groups to
which he belongs.
• Access Control List (ACL)
– List of users and groups that are allowed to access a
resource
– Maintained for every distributed resource
Distributed Computing Environment
Distributed Security Service
• Major Components of Kerberos
– Registry Server - Manages the security database, the “registry”
• Account information - names of users, groups, resources, and organizations
• Policy information – length, format, lifetime of passwords, etc.
– Authentication Server
• Verifies identity of client
– Ticket Granting Server
• Issue “ticket” to allow subsequent authorization without need for sending
password across the network (actually same process as Auth. Server)
– Privilege Server
• Issues Privilege Access Certificates (PAC’s) to authenticated users for access to
distributed services
– Login Facility
• Provides login sequence to get user logged in and collect necessary tickets and
PAC’s for them
Distributed Computing Environment
Distributed Time Service
• Goals
– Maintaining Time Transparency
– Keeping all clocks throughout distributed system mutually consistent, to
within an acceptable accuracy (for timed events, comparisons, etc)
– Keeping the clocks in touch with reality, external trusted source
• Challenges
– Synchronizing time across all distributed computers
– Compensating for unequal drift rates between synchronizations
Time, in DTS
(64 bit binary num)
Distributed Computing Environment
Distributed Time Service
• DTS Components
– Global Time Servers
• The distributed system has multiple Global Time Servers throughout.
• Global Servers keep Local Time Servers in in different cells
synchronized
– Local Time Servers
• Each local cell has a Local Time Server that keeps track of its
local time
• Requests synchronizations from Global Time Servers
• Definition of key terms
– Clock drift rate
• Measure of the rate of increase of inaccuracy in the local clock time
– Universal Coordinated Time (UCT)
• A universally (worldwide) accepted form of time, expressed as the
elapsed time since October 15, 1582, the beginning of the Gregorian
calendar. Worldwide UCT servers provide the UCT time service (via
satellite, radio, or telephone connection)
Distributed Computing Environment
Distributed Time Service
• How DTS works
– Local Time Server knows limits of hardware clock (clock drift rate)
– LTS keeps track of inaccuracy that builds over time
– LTS requests synchronization from Global Time Servers (GTS)
after reaching an established inaccuracy threshold
– All GTS responses include the corresponding inaccuracies, thereby
representing time as a probable range, not a finite value
– LTS calculates a probable correct time based on the multiple time
responses that were received
– Local time adjustments
Distributed Computing Environment
Distributed Time Service
• How DTS works (cont)
– Max range of time overlap from all sources is computed
– Data outside of range is rejected as untrustworthy
– Midpoint of range is computed as accurate time
Distributed Computing Environment
Distributed Time Service
• DTS Library Procedures (calls)
– There are 33 total calls supported by DTS
– There are 6 groups of time-related calls, calls for:
•
•
•
•
•
•
Retrieving times – Get the current time
Converting times – Binary-ASCII conversion
Manipulating times – Interval arithmetic
Comparing times – Compare two times
Calculating times - Arithmetic operations on times
Using time zones – Time zone management
Distributed Computing Environment
Using DCE
• Programmers
– DCE implements the client/server model
– access services and applications via RPC calls to
remote servers
– make use of standard programming interface with RPC
calls
– don’t have to worry about where the programs actually
run or where the data is actually located
• Users
– Single system login
– Transparent access to distributed resources and services
Distributed Computing Environment
Summary
• DCE was a leader in supporting the extension of
small autonomous departmental networks to true
distributed enterprise networks
• DCE supports the distributed Enterprise network
OS by providing cross-platform services and
resource access, all transparent to the user
• Does not extend well to Internet
– Kerberos security not scalable, encryption requires too
much overhead processing
– Directory service is too bulky and complicated for
Internet use
Distributed Computing Environment
Summary
* DCE and evolution of Network Operating Systems
Distributed Computing Environment