DCE 1.1 New Features

OSF's Distributed Computing Environment (DCE) is a comprehensive set of services that support the development, use and maintenance of distributed applications. DCE allows diverse systems to work together cooperatively and masks the technical complexities of the network. Because DCE is independent of the operating system and network, it is compatible with many diverse environments currently in place by users.

There have been three updates to DCE 1.0 since it was announced in 1991. Due for release in November 1994, DCE 1.1 offers major enhancements to DCE 1.0.x concentrating on the important areas of administration, security, and internationalization, as well as many performance improvements.

System vendors have either announced or are currently shipping DCE on all major computer platforms, including Unix, MVS, Windows, Windows NT, MacOS, VMS, and OS/2. DCE 1.1 will help developers in building DCE applications, and users in administering and working with applications, resulting in accelerated adoption of DCE-based technologies.

Improved Administration Functions

• Single Administrative DCE Control Program (dcecp) -- provides a consolidated user interface across DCE. It unites core DCE administrative functions into one tool and allows remote administration of DCE components. The control program includes a powerful scripting language allowing portable dcecp scripts to be written to customize and simplify administrative tasks.
• DCE Daemon (dced) -- enables complete remote administration of DCE services and other applications, as well as their configuration parameters. This includes startup, shutdown and status queries, as well as secure remote management of per-host security data and cell configuration information. It also provides secure administration of endpoints to keep unauthorized users from removing access to servers.
• Serviceability Improvements -- enhances the diagnostic messaging capabilities of DCE 1.0 by instrumenting services to capture more information, and unifying the message format across all DCE components. The DCE Control Program provides remote administrative commands to control the generation and routing of messages based upon component and severity. A new document, the DCE Problem Determination Guide, provides an explanation and administrative action to be taken for every error code DCE generates.
• Cell Aliasing -- enables cell names to be changed and allows cells to have multiple names to reflect changes in an organization.
• Hierarchical Cells -- enables cells to be organized to match the hierarchical structure of an organization. The key feature is that cell names can now be registered in the Cell Directory Service (CDS) as well as the DCE Global Directory Service (GDS) and Domain Name Service (DNS). This feature paves the way for future support of transitive trust, which will reduce the burden of security management between cells.

Improved Security

• Security Delegation -- allows intermediary servers to operate on behalf of the initating client while preserving both the client's and servers' identities and access control attributes across chained RPC operations.
• Auditing -- allows administrators to track security-related events within DCEUs trusted computing base. New DCE 1.1 features also provide interfaces for incorporating auditing functionality into programs.
• Extended Generic Security Service Application Program Interface (GSSAPI) -- allows message passing applications to use DCE security features. DCE 1.1 also extends GDS to use DCE security via the GSSAPI.
• Extended Registry Attributes (ERA) -- enables single sign-on across non-Unix platforms and legacy applications by providing a secure way of associating additional security information with users and groups.
• Extended Login Capabilities -- includes pre-authentication, password management (strength-testing, password re-use, machine generation), and allows applications to require access only from trusted machines.
• ACL Manager Library -- eases development of servers by providing server writers with an ACL manager for use with all servers.
• Group Override -- customizes the group name mapping from host to host to allow DCE to adopt to various operating system conventions.

Internationalization

• Internationalized Interfaces -- allows use of message catalogs for all user-visible messages. It is now possible to supply message catalogs to "localize" DCE programs by supplying DCE messages in other languages. This work uses interfaces as defined in ISO C POSIX 1003.1, 1003.2, and XPG4, including a range of items such as support for multibyte characters, collation, and date and time formatting.
• Character Code Set Interoperability -- allows development of RPC applications which automatically convert character data from one code set to another.

Performance Enhancements

• IDL Compiler -- generates smaller, cleaner RPC stub code and supports a number of new IDL constructs such as unique pointers, user exceptions, and node deletions. It also supports flattening of complex data structures, making them suitable for storage and transmission. The IDL compiler is a key component for internationalization support.
• RPC Enhancements -- allows improved RPC throughput by providing access to additional client sockets for times of peak usage, and optimizes RPC runtime packets for transmission and fast transport (e.g., FDDI, satellite).

Other New Features

• GDS Enhancements -- provides modifications to various GDS components to improve ease of programming and administration.
• DFS/NFS Gateway -- allows Network File Server (NFS) access to DCEUs Distributed File Server (DFS).
• DFS Delegation -- allows a file to be passed with the initiatorUs privileges intact.
• Subtree Operations -- allows large-scale administrative name changes within cells.
• Distributed Time Server (DTS) Enhancements -- provides for Remote administration of DTS.

Reference Platforms

Permission is granted to reproduce any portion of the text or graphic images of the documents listed above, provided that you prominently display both the copyright notice and the following acknowledgment:

Portions of this document have been reproduced with the permission of the copyright owner, The Open Group