OSF DCE 1.2.2 New Features
Table of Contents
The OSF Distributed Computing Environment (DCE) is a key technology in three of today's most important areas of computing: security, the World Wide Web, and distributed objects. It is the only suite of integrated services from a vendor-neutral source that enables organizations to develop, use, and maintain distributed applications across heterogeneous networks.
DCE comprises services that reside on top of the operating system, forming middleware that allows organizations to distribute processing and data across the enterprise. Middleware such as DCE insulates developers from the complexities of the underlying network and its transport mechanisms, and provides an environment that allows key services (such as security and naming) to be integrated into distributed applications.
Because DCE is independent of the operating system and network, it enables interaction between clients and servers in virtually any type of environment an organization may have in place.
DCE Release 1.2.2 builds on the Release 1.2.1 improvements in ease of programming, integration with other computing environments, distributed file system (DFS), and administration.
The primary goal for DCE Release 1.2.2 is to enhance DCE's widely acclaimed security services and to provide improvements in manageability, fault-tolerance, performance, and scalability for DFS and other services.
DCE is available for virtually all major computer platforms, including UNIX, MVS, Windows, Windows NT, VMS, OS/2, and Macintosh.
The authentication portion of the DCE Security Service is based on Version 5 (V5) of the Massachusetts Institute of Technology (MIT) Kerberos authentication and key distribution service. With previous releases of DCE, Kerberos V5 applications running either on DCE or non-DCE platforms have been able to use the DCE Security Service as a Kerberos server. DCE Release 1.2.2 adds testing and official support for this capability.
In addition, DCE Release 1.2.2 includes implementations of the network utilities rlogin and rsh, which use the DCE Kerberos facilities to avoid exposing passwords on a network.
In DCE Release 1.2.2, the user-to-user authentication facility provides an alternate Ticket Granting Service (TGS) protocol as defined in the Internet Engineering Task Force (IETF)-RFC 1510 (Kerberos V5). It offers server applications the same sort of insulation from a principal's long-term key that is available for client applications. In particular it is possible to direct a protected remote procedure call (RPC) to a program that only has a login context, and no key table (file) or other access to a long-term key.
DCE 1.2.2 will allow principals from a foreign cell to be added to groups in the local cell. For example, suppose a user in a DCE cell (the foreign cell) needs to cooperate with a group of users in a different cell (at the same or a different location). The user in the foreign cell can have his or her identity added to the group in the other cell, automatically allowing the user to assume the same access privileges as the group members with whom the user is working. This new feature should ease enterprise-wide security administration, cell reconfiguration, and other management tasks.
Changes made to the DCE Security Server deliver considerable performance improvements when servicing large cells (those with more than 50,000 principals). These changes include documenting the configurable checkpoint interval and partitioning internal datasets so that the amount of data written to disk during a checkpoint is proportional to the amount of data modified.
In addition, DCE 1.2.2 has addressed bottlenecks and areas of excess resource consumption.
New administrative controls allow administrators to distinguish same-cell communication from inter-cell communication. As a result, a DFS Cache Manager can implement one set of RPC protection rules for intra-cell use (presumably protected behind a network firewall), while using another set for data-sharing outside the cell. Command line arguments and management clients enable administrators to achieve the right balance between protection and computational overhead. All architectural uses of unauthenticated RPCs have been eliminated.
DCE 1.2.2 has enhanced the DFS services to perform better on hosts connected through multiple interfaces to multiple networks ("multi-homed" hosts). This enhancement enables the DFS server to route its responses more efficiently when running on such machines. The DCE 1.2.2 version of DFS also gains fault-tolerance by handling network failures as transparently as possible on a multi-homed host.
DCE DFS 1.2.2 now supports 64-bit files and filesystems while maintaining interoperability with 32-bit machines and systems.
Developers often use third-party packages that are not thread-aware, resulting in applications that cannot take advantage of DCE threads. A thread-free version of DCE RPC increases software reuse by making it substantially easier for non-threaded applications to be adapted to DCE.
SGML is an industry standard for representing documentation that is intended to be viewed in a variety of formats, encompassing printed matter and on-line "hypertext" viewing. In DCE 1.2.2 all documentation is available as SGML source, using the DocBook Document Type Definition.
Interface Definition Language (IDL) Support for C++ -- enables C++ developers to write client and server programs that utilize DCE RPC in a highly transparent manner using natural C++ constructs. The IDL has been extended to support C++ features such as inheritance and object references.
ONC Co-existence -- enhances the secure NFS protocol gateway of DCE Release 1.1 with support for the DFS host-specific (@HOST) and architecture-specific (@SYS) file naming features. With DCE 1.2.1, NFS inherits the DFS benefits of machine-independent file names, making scripts and configuration files more portable.
Netware Co-existence -- provides file sharing services and administrative aids that allow Netware 3.X users to have a single identity and access to the DCE file system, DFS.
Optimized Token Manager -- decreases the memory requirements and improves the performance and reliability of DFS.
DFS Server Preferences -- enables administrators to identify server preferences on a per-fileset basis. Default preferences are based on IP subnet numbers. DFS clients now can make intelligent choices about which servers to use for different filesets enhancing the performance and scalability of DFS in a wide area network (WAN).
Vnode/VM Management -- enables DFS to perform significantly better as the system is subjected to higher levels of stress.
Replication Enhancements -- improve the DFS replication implementation to achieve greater reliability and better performance.
Bulk Status RPC -- supports more efficient directory browsing by fetching the status of up to 32 files in one RPC, as opposed to fetching the status one file per RPC.
Enhanced Backup Utility -- supports unattended backup of large DFS file systems using stackers and jukeboxes.
DCECP (Distributed Computing Environment Control Program) Enhancements -- build on the Release 1.1 dcecp by completing administrative functions and adding useful extensions.
The OSF-supported reference platform for DCE Release 1.2.2 is the
IBM RS/6000 running AIX 3.2.5. Release 1.2.2 development also was performed on Hewlett Packard HP-UX, Digital UNIX, Sun Solaris, and Hitachi Flora (PC compatible with Netware 3.12) platforms.
For more detailed information on the contents of DCE Release 1.2.2 please read the request for comments (RFC) 63.3, available from The Open Group web site at http://www.opengroup.org/tech/rfc/. For more information on membership in The Open Group and DCE or other technologies of The Open Group, contact our sales offices. For detailed DCE information, consult the documentation. You may also obtain DCE and other information from The Open Group's worldwide web site: http://www.opengroup.org
© 1996 The Open Group.
All rights reserved.
OSF/1, OSF/Motif and Motif are registered trademarks, and OSF and the OSF logo are trademarks of The Open Group, Inc. All other trademarks and registered trademarks mentioned herein are the property of their respective owners.
Permission is granted to reproduce any portion of the text or graphic images of this document provided that you prominently display both the copyright notice listed above and the following acknowledgment: Portions of this document have been reproduced with the permission of the copyright owner The Open Group